| Age | Commit message (Collapse) | Author |
|---|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects limbxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes a depend fix security issue CVE-2015-7500
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes:
CVE-2015-7499-1
CVE-2015-7499-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes:
CVE-2015-7942
CVE-2015-7942-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes:
CVE-2015-7941-1
CVE-2015-7941-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
for CVE-2015-1819 Enforce the reader to run in constant memory
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We have libxml2-python for native and nativesdk, but don't have it for
target, and can't find the reason from the git log, libxml2-python is
widely used, after looked into it's configure.in, we can add it
by PACKAGECONFIG.
The previous --with-python=${STAGING_BINDIR}/python is incorrect, it
acted as work becase it's conigure can check automatically, python is in
${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN}, as known as
${PYTHON}.
Add python to PACKAGECONFIG, since createrepo rdepends on
libxml2-python, otherwise the target createrepo can't work.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
It is a backport patch, and verified that the patch is in the source.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Makes it more portable
Change-Id: I7bbc4cc0ebc26d54248b8433dab94db207615445
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.
[YOCTO #7134]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Rebase python-sitepackages-dir.patch to 2.9.2
- Drop libxml2-CVE-2014-3660.patch which has been merged to 2.9.2.
- Add configure.ac-fix-cross-compiling-warning.patch to fix cross
compilation failure.
- Tweak do_configure_prepend, use configure.ac to instead of configure.in
- Add cmake files to ${PN}-dev
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete. It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature. This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.
References:
http://www.openwall.com/lists/oss-security/2014/10/17/7
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
change use of eglibc related variabled to glibc equivalents
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Add bash, python or perl to the ptest pkgs to fix the RDEPENDS issues.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The zlib support is a must if you are using RPM backend. So this
explicitly enable it and adds a comment in the recipe to avoid its
removal by mistake.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to
use pkg-config.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It let the environment variable XML_CATALOG_FILES could work
which was required by xmlto.
[YOCTO #2416]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We enable the python module in nativesdk-libxml2, but the python binary
used is in the native sysroot and thus you get the module installed in
the wrong path. Even with that fixed the python files are still
unpackaged, so create an ${PN}-python package and add them to it. (This
does not affect the libxml target build at all since python is disabled
for that.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors.
Reference: https://access.redhat.com/security/cve/CVE-2014-0191
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This CVE patch is actually against Chromium as they ship an internal fork of
libxml2 and breaks ABI. The real issue has been resolved in libxslt 1.1.27, and
we're shipping 1.1.28.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install libxml2 test suite and run it as ptest.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This is necessary since libxml2 has python dependency.
This patch will fix this error:
...
/path/to/build/system/4.7.2/ld: cannot find -lpython2.7
...
ERROR: Task 4152 (virtual:nativesdk:meta/recipes-core/libxml/libxml2_2.9.0.bb, do_compile) failed with exit code '1'
Signed-off-by: Felipe F. Tonello <eu@felipetonello.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Copyright date and generalize authors clause
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
the patch come from:
http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
/include/libxml/tree.h?r1=56276&r2=149930
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
does not properly support a cast of an unspecified variable during handling
of XSL transforms, which allows remote attackers to cause a denial of service
or possibly have unknown other impact via a crafted document, related to the
_xmlNs data structure in include/libxml/tree.h.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
[YOCTO #3580]
[ CQID: WIND00376779 ]
Upstream-Status: Pending
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Zhenhua Luo <b19537@freescale.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
handling in C++ programs
Without this flag, the library has a problem with C++ programs using exception handling.
Signed-off-by: Zhenhua Luo <b19537@freescale.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The overrides virtclass-native and virtclass-nativesdk are deprecated,
which should be replaced by class-native and class-nativesdk.
[YOCTO #3297]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Add pythonnative to the inherits list
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Armin Kuster
Yue Tao
Robert Yang
Khem Raj
Richard Purdie
Hongxu Jia
Joe MacDonald
Otavio Salvador
Ross Burton
Paul Eggleton
Maxin B. John
Saul Wold
Mihaela Sendrea
Felipe F. Tonello
Li Wang
Zhenhua Luo
Morgan Little