aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml
Commit message (Collapse)AuthorAgeFilesLines
* packages: respect PACKAGE_NO_GCONVKai Kang2018-12-051-1/+3
| | | | | | | | | | | PACKAGE_NO_GCONV is set in libc-package.bbclass if not all of 'libc-charsets libc-locale-code libc-locales' included in DISTRO_FEATURES. And then no packages glibc-gconv-* glibc-charmap-* and glibc-localedata-* is created. Update recipes and conf file which depend on these packages to check required distro features. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Make it compatible with externalsrcPeter Kjellerstedt2018-10-101-3/+3
| | | | | | | | | | | Fetch the test tar ball to a subdirectory in ${S}. This avoids the following error after having done `devtool modify libxml2`: | DEBUG: Executing shell function do_configure | find: ‘.../build/tmp/work/mips32r2el-nf-poky-linux/libxml2/2.9.4-r0/xmlconf/’: No such file or directory Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: move xmlcatalog and xmllint back into libxml2-utilsAndre McCurdy2018-10-101-3/+4
| | | | | | | | | Packaging of libxml2-utils has been broken since 2011: http://git.openembedded.org/openembedded-core/commit/?id=76052861cc95fd4ad4c4b9eb6ce4cd1065ad4dc9 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: refresh CVE-2017-8872Ross Burton2018-10-041-23/+50
| | | | | | | | The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: fix CVE-2018-9251 and CVE-2018-14567Hongxu Jia2018-08-202-0/+56
| | | | | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2018-14404Andrej Valek2018-08-142-0/+46
| | | | | | | | | | | | | Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. CVE: CVE-2018-14404 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix libxml2 ptest failsChangqing Li2018-08-021-1/+6
| | | | | | | | | | | for core-image-minimal image, missing these two dependency will cause below warning and error: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) ./test/icu_parse_test.xml generated an error Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2017-8872Hongxu Jia2018-07-052-0/+39
| | | | | | | | | | | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: 2.9.7 -> 2.9.8Andrej Valek2018-05-043-103/+78
| | | | | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml: refresh patchesRoss Burton2018-03-071-23/+20
| | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. Signed-off-by: Ross Burton <ross.burton@intel.com>
* python: fix RDEPENDS on several recipes, due to non-existent packagesAlejandro Hernandez2018-01-201-1/+1
| | | | | | | | The packaging has been altered slightly so ensure the dependencies are all still valid. Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: fix makefile for ptestsAnuj Mittal2018-01-132-0/+22
| | | | | | | | | | | | | | | Changes to Makefile in latest version mean when "make -k runtests" is executed, it leads to errors like: | make: *** No rule to make target 'runtest.c', needed by 'runtest.o'. | make: *** No rule to make target 'SAX.c', needed by 'SAX.lo'. | make: *** No rule to make target 'entities.c', needed by 'entities.lo'. | make: *** No rule to make target 'encoding.c', needed by 'encoding.lo'. Make sure that we don't try to check and compile the tests again on the target. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: 2.9.5 -> 2.9.7Andrej Valek2017-11-081-2/+2
| | | | | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: 2.9.4 -> 2.9.5Andrej Valek2017-11-0513-1723/+15
| | | | | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: use HTTP instead of FTP in SRC_URIRoss Burton2017-10-161-1/+1
| | | | | | HTTP is more reliable in general so use it instead of FTP. Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2-ptest: set LC_ALL=en_US.UTF-8Juro Bystricky2017-10-061-0/+1
| | | | | | | | | | We need to specify UTF-8 in the environment to avoid an error such as: UnicodeEncodeError: 'ascii' codec can't encode character '\xe4' Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2-ptest: support for encoding ISO-8859-5Juro Bystricky2017-10-061-2/+2
| | | | | | | | | | | | | This fixes the error: ./test/errors/759398.xml:1: parser error : Unsupported encoding ISO-8859-5 <?xml version='1.0' encoding='ISO-8859-5' standalone='no'?> ^ ./test/errors/759398.xml : failed to parse FAIL: Error cases stream regression tests Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2-ptest: improve reproducibilityJuro Bystricky2017-10-061-0/+11
| | | | | | | | | Remove various build host references from libxml-ptest package. [YOCTO #11997] Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: Fix CVE-2017-8872Hongxu Jia2017-08-272-0/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403) https://bugzilla.gnome.org/show_bug.cgi?id=775200 Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address" ... export CC="clang" export CFLAGS="-fsanitize=address" ./configure --disable-shared make clean all -j wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc ./xmllint --html --push poc ==2785==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08 READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8) ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix malformed Upstream-Status tagsRoss Burton2017-06-273-5/+4
| | | | | | | | Fix a variety of spelling and format mistakes to improve the ease of reading the tags programatically. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading ↵Andrej Valek2017-06-232-208/+0
| | | | | | | | even local" The new flag doesn't work and the change even broke the XML_PARSE_NONET option. Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
* libxml2: Fix CVE-2017-0663Andrej Valek2017-06-232-0/+41
| | | | | | | | | | | | Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
* libxml2: Fix CVE-2017-5969Andrej Valek2017-06-232-0/+63
| | | | | | | | | | | Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
* libxml2: Fix CVE-2017-9049 and CVE-2017-9050Andrej Valek2017-06-232-0/+292
| | | | | | | | | | | | | Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Fixes bug 781205 and bug 781361 CVE: CVE-2017-9049 CVE-2017-9050 Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
* libxml2: Fix CVE-2017-9047 and CVE-2017-9048Andrej Valek2017-06-232-0/+104
| | | | | | | | | | xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
* libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2Andrej Valek2017-06-232-0/+591
| | | | Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
* libxml2: Disable LeakSanitizer when running API testsAndrej Valek2017-06-231-5/+20
| | | | | | | | | Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
* libxml2: Make ptest run the Python tests if Python support is enabledPeter Kjellerstedt2017-06-122-2/+108
| | | | | | | | | | | | | | | Since we go through the trouble of copying the Python tests, we may as well actually run them... This also avoids the following QA issue: ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue: /usr/lib/libxml2/ptest/python/tests/push.py contained in package libxml2-ptest requires /usr/bin/python, but no providers found in RDEPENDS_libxml2-ptest? [file-rdeps] Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: move python module to Python 3Alexander Kanavin2017-05-101-4/+4
| | | | | Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: CVE-2016-9318Catalin Enache2017-04-282-0/+208
| | | | | | | | | | | | | | | | | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: make dependencies on python conditionalDmitry Rozhkov2017-04-051-9/+11
| | | | | | | | | | | | | | | | The library libxml2 can provide its own bindings for python2 in addition to the third party python-lxml and python3-lxml packages if this functionality is enabled in PACKAGECONFIG. But in case the functionality is disabled there's no need to depend on python2. Make the dependency on python2 enabled only if the python feature is added to PACKAGECONFIG. Also add missing run-time dependency on make to libxml2-ptest. Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Drop docs in native caseRichard Purdie2017-01-281-0/+5
| | | | | | | With rss, moving these around was having an increasing overhead and we don't need them in the native case so remove them. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: remove True option to getVar callsJoshua Lock2016-12-161-1/+1
| | | | | | | | | | getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: Fix more NULL pointer derefsAndrej Valek2016-12-162-0/+47
| | | | | | | | | | The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ↵Andrej Valek2016-12-162-0/+270
| | | | | | | | | | | | ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: Necessary changes before fixing CVE-2016-5131Andrej Valek2016-12-162-0/+68
| | | | | | | | | | | xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: Security fix CVE-2016-5131Yi Zhao2016-11-302-0/+181
| | | | | | | | | | | | | | | | CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: Make tests non-executableJussi Kukkonen2016-10-151-0/+5
| | | | | | | | | | | The XML W3C conformance test suite contains thousands of xml files all marked executable. We dutifully try to strip all these files of debug info in do_package. "chmod -x" improves build time by ~40 seconds. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: control ipv6 support based on DISTRO_FEATURESJackie Huang2016-09-031-1/+4
| | | | | | | | Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pythonnative.bbclass, python3native.bbclass: export STAGING_INCDIR, ↵Alexander Kanavin2016-07-011-4/+0
| | | | | | | | | | | | | | | | | | | | STAGING_LIBDIR, PYTHON variables We patch Python's distutils modules to access STAGING_INCDIR/LIBDIR, so when they are not set, scripts that utilize distutils (e.g. python-config) fail. Several recipes need to export those manually to prevent such failures, so let's do that in the class instead. PYTHON variable is exported because otherwise autotools' python.m4 macro will pick up its own internal default, which may not be the version that we want. glib recipe in particular was previously using Python 2.x during build due to python.m4 defaulting to it - now it's using Python 3.x, and so needs a small fix in deletion of *.pyc files. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: upgrade to 2.9.4Hongxu Jia2016-06-142-48/+2
| | | | | | | | - Drop configure.ac-fix-cross-compiling-warning.patch, libxml2 2.9.4 has fixed it Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-native, python3-native: remove the use of exported HOST_SYS and ↵Alexander Kanavin2016-05-301-2/+0
| | | | | | | | | | | BUILD_SYS variables The code that utilized them was superseded by the code (in the same patch!) that is utilizing STAGING_LIBDIR/STAGING_INCDIR, and wasn't correct in the first place as HOST_SYS is not necessarily the same as the sysroot directory name. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
* libxml2: fix dependencies and QA IssuesMaxin B. John2016-05-061-1/+1
| | | | | | | | | | | | | | | Fix the following QA warnings: WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2 rdepends on libiconv, but it isn't a build dependency, missing libiconv in DEPENDS or PACKAGECONFIG? [build-deps] WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2-python rdepends on libiconv, but it isn't a build dependency, missing libiconv in DEPENDS or PACKAGECONFIG? [build-deps] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: fix AM_PATH_XML2Robert Yang2016-04-091-1/+1
| | | | | | | | | | | | | | The code: suppose $1 == 2.7: verdep=ifelse([$1], [], [], [>= $1]) results in: verdep=>= 2.7 This is wrong in shell: bash: 2.7: command not found Use quotation marks to fix the problem. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: more removals of redunant FILES_${PN}-dbgRoss Burton2015-12-161-1/+0
| | | | | | | In some recipes overly-split -dbg packages were merged into PN-dbg. Unless there's a very good reason, recipes should have a single -dev and -dbg package. Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: upgrade to 2.9.3Ross Burton2015-12-018-406/+19
| | | | | | | - Drop all the upstreamed patches - Rework the ansidecl removal so it's contained in a single patch Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: merge pointless bb/inc splitRoss Burton2015-12-012-83/+80
| | | | Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: remove legacy LDFLAGS += "-ldl" workaroundAndre McCurdy2015-12-011-2/+0
| | | | | | | libxml2 is able to find libdl.so on its own. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* libxml2: fix CVE-2015-7942 and CVE-2015-8035Armin Kuster2015-11-253-0/+98
| | | | | | | | | | CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>