summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml/libxml2
Commit message (Collapse)AuthorAgeFilesLines
* libxml2: add missing Upstream-Status tagAlexander Kanavin2021-11-211-0/+1
| | | | | | | (From OE-Core rev: 9b79981f3c9a677121a46f4d6d8c899100fee753) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: mark patch as non-upstreamableAlexander Kanavin2021-11-071-1/+5
| | | | | | | (From OE-Core rev: be5be9e36dc76215f8563d87f5a6b09c1ac7190b) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: submit patch upstreamAlexander Kanavin2021-11-031-1/+1
| | | | | | | | (From OE-Core rev: 62d0992ae831caa4b6bda5a300db5e8068480a7b) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Update to 2.9.12Tony Tascioglu2021-05-217-243/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop CVE patches which are fixed by the new upstream version. Modify conflicting patches to apply to the new versions: libxml2/libxml-m4-use-pkgconfig.patch libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch Drop fix-python39, which is merged upstream. Removed hunk for tstLastError.py from libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch since it has been fixed upstream by: 8c3e52e: Updated python/tests/tstLastError.py libxml2.registerErrorHandler(None,None): None is not acceptable as first argument failUnlessEqual replaced by assertEqual The checksums for the licence file changed because a typo was fixed across the files. The licence remains the same. The obsolete MD5 checksums for the tar files have been dropped in favor of SHA256. The new release also adds fuzz tests, which are removed from the makefile to allow the ptests to run. Fuzz testing is done upstream and there is no need to run them as part of ptests which are intended for functionality testing. (From OE-Core rev: c7c429d05ca51b0404f09981f6c9bcad7dc33222) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Reformat runtest.patchTony Tascioglu2021-05-181-20/+25
| | | | | | | | | | | | | | | Reformatted runtest.patch to allow it to be applied using git am. This makes it easier to apply the series of patches to the original git repo. There are no changes to the code of the patch other than the reformat. Previously, the patch claimed to be a backport, but I have not found an upstream commit so I've changed the Upstream-Status to pending. (From OE-Core rev: 0361d625e1573e846a2f03ed90a8b897bc405160) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: add a patch to fix python 3.9 supportAlexander Kanavin2020-10-301-0/+94
| | | | | | | (From OE-Core rev: 0d0acc5fefc96ee0f0a856f7fa34caf92e03138f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2020-24977Ovidiu Panait2020-09-101-0/+41
| | | | | | | | | | | | | | | | | GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). Reference: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 (From OE-Core rev: 92dc02b8f03f3586de0a2ec1463b189a3918e303) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Update patch upstream statusRichard Purdie2020-02-151-1/+1
| | | | | | | (From OE-Core rev: aca3900b9302e619fa6cd3b8a7b3fcae3b2ffe8d) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2019-20388Lee Chee Yang2020-02-151-0/+37
| | | | | | | | | | see: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 (From OE-Core rev: 12a5eb0ea6f530ad7be2e58d4091b4edadbf461b) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2020-7595Anuj Mittal2020-02-051-0/+36
| | | | | | | (From OE-Core rev: f2f7aa9a495774fe5a2e3947584cb3503bd1eaf1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: update to 2.9.10Alexander Kanavin2019-12-161-30/+32
| | | | | | | (From OE-Core rev: de72e0440bc36fab09a7e3c13d3967c97dcda66b) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade 2.9.8 -> 2.9.9Hongxu Jia2019-05-128-276/+170
| | | | | | | | | | | - Drop backported fix-CVE-2017-8872.patch, fix-CVE-2018-14404.patch and 0001-Fix-infinite-loop-in-LZMA-decompression.patch (From OE-Core rev: dc51f92b2a6f2439fa93b9b0c1d8c4c13e884813) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: refresh CVE-2017-8872Ross Burton2018-10-041-23/+50
| | | | | | | | | | | The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. (From OE-Core rev: 512869aea6dde1bb2374601f7c4d793ac9edaa42) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2018-9251 and CVE-2018-14567Hongxu Jia2018-08-201-0/+55
| | | | | | | (From OE-Core rev: b91b276696fb5e0b633b73be408bd750ac4e28ce) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2018-14404Andrej Valek2018-08-141-0/+45
| | | | | | | | | | | | | | | Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. CVE: CVE-2018-14404 (From OE-Core rev: 69315177732a1d260a3315fe8c4c4c44653ae0c8) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2017-8872Hongxu Jia2018-07-051-0/+38
| | | | | | | | | | | | | | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 (From OE-Core rev: dac867dc63af70ae992c50697d2be95c3e7b58bb) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: 2.9.7 -> 2.9.8Andrej Valek2018-05-042-100/+76
| | | | | | | | (From OE-Core rev: de24ead63802523daa19ce8528ac95d9e041eaf8) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml: refresh patchesRoss Burton2018-03-071-23/+20
| | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: d71d6854fadc96fc3c75617af3beba02952fdef6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix makefile for ptestsAnuj Mittal2018-01-141-0/+21
| | | | | | | | | | | | | | | | | Changes to Makefile in latest version mean when "make -k runtests" is executed, it leads to errors like: | make: *** No rule to make target 'runtest.c', needed by 'runtest.o'. | make: *** No rule to make target 'SAX.c', needed by 'SAX.lo'. | make: *** No rule to make target 'entities.c', needed by 'entities.lo'. | make: *** No rule to make target 'encoding.c', needed by 'encoding.lo'. Make sure that we don't try to check and compile the tests again on the target. (From OE-Core rev: 5cf92ca436e1a1ba60fec8b30b6cb3cfd4842bc8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: 2.9.4 -> 2.9.5Andrej Valek2017-11-0512-1711/+9
| | | | | | | | (From OE-Core rev: a0d2427bb86668215d7c9e1be07cb9a2d86f6755) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2-ptest: set LC_ALL=en_US.UTF-8Juro Bystricky2017-10-071-0/+1
| | | | | | | | | | | | | We need to specify UTF-8 in the environment to avoid an error such as: UnicodeEncodeError: 'ascii' codec can't encode character '\xe4' (From OE-Core rev: d7f1fe6c8419b8c59e601c56245373d094cae298) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-8872Hongxu Jia2017-08-271-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403) https://bugzilla.gnome.org/show_bug.cgi?id=775200 Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address" ... export CC="clang" export CFLAGS="-fsanitize=address" ./configure --disable-shared make clean all -j wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc ./xmllint --html --push poc ==2785==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08 READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8) ... (From OE-Core rev: a615b0825927a09a0aa8312d131c9acbaef8956d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix malformed Upstream-Status tagsRoss Burton2017-06-273-5/+4
| | | | | | | | | | Fix a variety of spelling and format mistakes to improve the ease of reading the tags programatically. (From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading ↵Andrej Valek2017-06-231-207/+0
| | | | | | | | | | | even local" The new flag doesn't work and the change even broke the XML_PARSE_NONET option. (From OE-Core rev: 8b586f60778579ee2c9adae429128a07e8437553) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-0663Andrej Valek2017-06-231-0/+40
| | | | | | | | | | | | | | | Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 (From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-5969Andrej Valek2017-06-231-0/+62
| | | | | | | | | | | | | | Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 (From OE-Core rev: 0cae039cbe513b7998e067f4f3958af2ec65ed1a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-9049 and CVE-2017-9050Andrej Valek2017-06-231-0/+291
| | | | | | | | | | | | | | | | Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Fixes bug 781205 and bug 781361 CVE: CVE-2017-9049 CVE-2017-9050 (From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-9047 and CVE-2017-9048Andrej Valek2017-06-231-0/+103
| | | | | | | | | | | | | xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 (From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2Andrej Valek2017-06-231-0/+590
| | | | | | | (From OE-Core rev: 4651afdd457eca06da07331186bf28b98df2eeff) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Disable LeakSanitizer when running API testsAndrej Valek2017-06-231-5/+20
| | | | | | | | | | | | Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] (From OE-Core rev: e3985be0ddb40e8db44422092c875a4e373a6da3) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Make ptest run the Python tests if Python support is enabledPeter Kjellerstedt2017-06-121-0/+99
| | | | | | | | | | | | | | | | | Since we go through the trouble of copying the Python tests, we may as well actually run them... This also avoids the following QA issue: ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue: /usr/lib/libxml2/ptest/python/tests/push.py contained in package libxml2-ptest requires /usr/bin/python, but no providers found in RDEPENDS_libxml2-ptest? [file-rdeps] (From OE-Core rev: 65bc9fac6dc6ba5252bf105659724c768d65f9d9) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: CVE-2016-9318Catalin Enache2017-04-291-0/+207
| | | | | | | | | | | | | | | | | | | | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix more NULL pointer derefsAndrej Valek2016-12-161-0/+46
| | | | | | | | | | | | | The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ↵Andrej Valek2016-12-161-0/+269
| | | | | | | | | | | | | | | ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. (From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Necessary changes before fixing CVE-2016-5131Andrej Valek2016-12-161-0/+67
| | | | | | | | | | | | | | xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes (From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Security fix CVE-2016-5131Yi Zhao2016-11-301-0/+180
| | | | | | | | | | | | | | | | | | | CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e (From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade to 2.9.4Hongxu Jia2016-06-151-45/+0
| | | | | | | | | | - Drop configure.ac-fix-cross-compiling-warning.patch, libxml2 2.9.4 has fixed it (From OE-Core rev: 323c7cec65603476994dde196f4c2c151d0e0d31) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix AM_PATH_XML2Robert Yang2016-04-091-1/+1
| | | | | | | | | | | | | | | | The code: suppose $1 == 2.7: verdep=ifelse([$1], [], [], [>= $1]) results in: verdep=>= 2.7 This is wrong in shell: bash: 2.7: command not found Use quotation marks to fix the problem. (From OE-Core rev: 190b57a5f130f8a48d417ad472c0131c49302ee1) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade to 2.9.3Ross Burton2015-12-017-387/+11
| | | | | | | | | | - Drop all the upstreamed patches - Rework the ansidecl removal so it's contained in a single patch (From OE-Core rev: 88e68f25e1756988692108d4c15dfa8efc94e5e5) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2015-7942 and CVE-2015-8035Armin Kuster2015-11-252-0/+96
| | | | | | | | | | | | | CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] (From OE-Core rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Security Advisory - libxml2 - CVE-2015-1819Yue Tao2015-06-181-0/+181
| | | | | | | | | | | for CVE-2015-1819 Enforce the reader to run in constant memory (From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: remove libxml2-CVE-2014-3660.patchRobert Yang2015-04-301-147/+0
| | | | | | | | | It is a backport patch, and verified that the patch is in the source. (From OE-Core rev: 9a3178b4d3c454e76a0af59afc7b326589c4c666) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Contain glibc-extentions under __GLIBC__Khem Raj2015-04-081-0/+32
| | | | | | | | | | Makes it more portable Change-Id: I7bbc4cc0ebc26d54248b8433dab94db207615445 (From OE-Core rev: 0dfe553d58a76cc0d2592cf5746a1f24a3cd6ee4) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Backport fix for CVE introduced entity issuesRichard Purdie2015-01-151-0/+30
| | | | | | | | | | | | The CVE fix introduced problems with entity issues, we observed this when building the Yocto Docs in particular. Backport the fix from upstream so we can build our docs correctly. [YOCTO #7134] (From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: upgrade to 2.9.2Hongxu Jia2014-12-252-4/+58
| | | | | | | | | | | | | | | | | | - Rebase python-sitepackages-dir.patch to 2.9.2 - Drop libxml2-CVE-2014-3660.patch which has been merged to 2.9.2. - Add configure.ac-fix-cross-compiling-warning.patch to fix cross compilation failure. - Tweak do_configure_prepend, use configure.ac to instead of configure.in - Add cmake files to ${PN}-dev (From OE-Core rev: 06f555fa5a36dbf63b26c3734dbbd0b5af16dc33) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2014-3660Joe MacDonald2014-10-241-0/+147
| | | | | | | | | | | | | | | | | | It was discovered that the patch for CVE-2014-0191 for libxml2 is incomplete. It is still possible to have libxml2 incorrectly perform entity substituton even when the application using libxml2 explicitly disables the feature. This can allow a remote denial-of-service attack on systems with libxml2 prior to 2.9.2. References: http://www.openwall.com/lists/oss-security/2014/10/17/7 https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html (From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f) Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: port AM_PATH_XML2 to use pkg-configRoss Burton2014-08-151-0/+204
| | | | | | | | | | Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to use pkg-config. (From OE-Core rev: 3ea77e69a839572a948ff6f1e51d3ca789ad8eed) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix python packaging for nativesdkPaul Eggleton2014-06-061-0/+21
| | | | | | | | | | | | | | | We enable the python module in nativesdk-libxml2, but the python binary used is in the native sysroot and thus you get the module installed in the wrong path. Even with that fixed the python files are still unpackaged, so create an ${PN}-python package and add them to it. (This does not affect the libxml target build at all since python is disabled for that.) (From OE-Core rev: e3d06aa104065748367e1479138f824da5d9951f) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2014-0191Maxin B. John2014-05-081-0/+37
| | | | | | | | | | | | | | | | | It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. Reference: https://access.redhat.com/security/cve/CVE-2014-0191 (From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: remove patch for CVE-2012-2871Ross Burton2013-09-171-34/+0
| | | | | | | | | | | This CVE patch is actually against Chromium as they ship an internal fork of libxml2 and breaks ABI. The real issue has been resolved in libxslt 1.1.27, and we're shipping 1.1.28. (From OE-Core rev: e6c60252ab4ba6842f63c6b8a519a85f2ff238fb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>