| Age | Commit message (Collapse) | Author |
|---|
|
CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
(From OE-Core rev: 03d481070ebc6f9af799aec5d038871f9c73901c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar
(From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes a depend fix security issue CVE-2015-7500
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes:
CVE-2015-7499-1
CVE-2015-7499-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes:
CVE-2015-7942
CVE-2015-7942-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes:
CVE-2015-7941-1
CVE-2015-7941-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Drop a couple of CVE fixes for easy cherry-picking from jethro.
The same fixes will be pack-ported from jethro in a following
patch.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled
[YOCTO #8641]
(From OE-Core master rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
for CVE-2015-1819 Enforce the reader to run in constant memory
(From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Rebase python-sitepackages-dir.patch to 2.9.2
- Drop libxml2-CVE-2014-3660.patch which has been merged to 2.9.2.
- Add configure.ac-fix-cross-compiling-warning.patch to fix cross
compilation failure.
- Tweak do_configure_prepend, use configure.ac to instead of configure.in
- Add cmake files to ${PN}-dev
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete. It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature. This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.
References:
http://www.openwall.com/lists/oss-security/2014/10/17/7
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
change use of eglibc related variabled to glibc equivalents
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Add bash, python or perl to the ptest pkgs to fix the RDEPENDS issues.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The zlib support is a must if you are using RPM backend. So this
explicitly enable it and adds a comment in the recipe to avoid its
removal by mistake.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to
use pkg-config.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It let the environment variable XML_CATALOG_FILES could work
which was required by xmlto.
[YOCTO #2416]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We enable the python module in nativesdk-libxml2, but the python binary
used is in the native sysroot and thus you get the module installed in
the wrong path. Even with that fixed the python files are still
unpackaged, so create an ${PN}-python package and add them to it. (This
does not affect the libxml target build at all since python is disabled
for that.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors.
Reference: https://access.redhat.com/security/cve/CVE-2014-0191
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Install libxml2 test suite and run it as ptest.
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This is necessary since libxml2 has python dependency.
This patch will fix this error:
...
/path/to/build/system/4.7.2/ld: cannot find -lpython2.7
...
ERROR: Task 4152 (virtual:nativesdk:meta/recipes-core/libxml/libxml2_2.9.0.bb, do_compile) failed with exit code '1'
Signed-off-by: Felipe F. Tonello <eu@felipetonello.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Copyright date and generalize authors clause
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
handling in C++ programs
Without this flag, the library has a problem with C++ programs using exception handling.
Signed-off-by: Zhenhua Luo <b19537@freescale.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The overrides virtclass-native and virtclass-nativesdk are deprecated,
which should be replaced by class-native and class-nativesdk.
[YOCTO #3297]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Add pythonnative to the inherits list
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
cmake looks at all include statements, even if they're not used. To make
builds deterministic and avoid needing to add binutils as a dependency
for libzypp, completely remove the include from the header file, even if
it is never used.
This avoids issues where you'd build binutils, then libzypp, then remove
binutils (and hence ansidecl.h) and then recompile libzypp which would
still have the dependency and hence fail.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
On my system libxml-native got linked with host copy of liblzma and as a
result libxslt-native was not linkable:
| x86_64-linux-libtool: link: gcc -isystem/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/include -O2 -pipe -Wall -Wl,-rpath-link -Wl,/home/hrw
/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath-link -Wl,/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-
linux/lib -Wl,-rpath -Wl,/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath -Wl,/home/hrw/HDD/devel/canonical/ci-linaro/oecore/buil
d/tmp-eglibc/sysroots/x86_64-linux/lib -Wl,-O1 -o .libs/xsltproc xsltproc.o -L/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib -L/home/hrw/
HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/lib ../libxslt/.libs/libxslt.so ../libexslt/.libs/libexslt.so /home/hrw/HDD/devel/canonical/ci-linaro/oecore/
build/tmp-eglibc/work/x86_64-linux/libxslt-native-1.1.26-r8/libxslt-1.1.26/libxslt/.libs/libxslt.so /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux
/usr/lib/libxml2.so -ldl /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/liblzma.so -lrt -lz -lm -pthread -Wl,-rpath -Wl,/home/hrw/HDD/deve
l/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_code@XZ_5.0'
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_auto_decoder@XZ_5.0'
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_end@XZ_5.0'
| /home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/sysroots/x86_64-linux/usr/lib/libxml2.so: undefined reference to `lzma_properties_decode@XZ_5.0'
| collect2: error: ld returned 1 exit status
| make[2]: *** [xsltproc] Error 1
| make[2]: Leaving directory `/home/hrw/HDD/devel/canonical/ci-linaro/oecore/build/tmp-eglibc/work/x86_64-linux/libxslt-native-1.1.26-r8/libxslt-1.1.26/xsltproc'
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
|
|
removed 2 patches that are now fixed upstream
updated hash.c LIC_FILES_CHKSUM due to updating the date to 2012
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
We don't DEPEND on binutils for ansidecl.h so ensure we should never
use the header. This makes builds determinstic and means something like:
bitbake binutils
bitbake libxml2 -c configure
bitbake binutils -c clean
bitbake libxml2
doen't fail to build.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Using "1" with getVar is bad coding style and "True" is preferred.
This patch is a sed over the meta directory of the form:
sed \
-e 's:\(\.getVar([^,()]*, \)1 *):\1True):g' \
-e 's:\(\.getVarFlag([^,()]*, [^,()]*, \)1 *):\1True):g' \
-i `grep -ril getVar *`
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* COPYING is replaced by symlink to Copyright during do_configure
(see configure.in), then we end with link to nonexistent file
* same issue as libxslt had http://patchwork.openembedded.org/patch/14195/
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This is the result of running the following over the metadata:
sed \
-e 's:bb.data.\(setVar([^,()]*,[^,()]*\), *\([^ )]*\) *):\2.\1):g' \
-e 's:bb.data.\(setVarFlag([^,()]*,[^,()]*,[^,()]*\), *\([^) ]*\) *):\2.\1):g' \
-e 's:bb.data.\(getVar([^,()]*\), *\([^(), ]*\) *,\([^)]*\)):\2.\1,\3):g' \
-e 's:bb.data.\(getVarFlag([^,()]*,[^,()]*\), *\([^(), ]*\) *,\([^)]*\)):\2.\1,\3):g' \
-e 's:bb.data.\(getVarFlag([^,()]*,[^,()]*\), *\([^() ]*\) *):\2.\1):g' \
-e 's:bb.data.\(getVar([^,()]*\), *\([^) ]*\) *):\2.\1):g' \
-i `grep -ril bb.data *`
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libxml2 provides a libxml2.a library, which wasn't included in any of
the packages. Usually static libs are included into a -staticdev
package, but this package wasn't generated for libxml2, due to
libxml2.inc redeclaring PACKAGES variable (to include libxml2-utils).
Replace PACKAGES setting with expansion to include all default packages
(and so -staticdev package with libxml2.a).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #1486]
Added MLPREFIX to the final package names of library packages in case of
DEBIAN_NAMES.
Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
|
|
As discussed on the mailing list, this variable isn't useful and if wanted
would be better implemented by distros using pn-X overrides.
This patch executes:
find . -regex ".*\.\(bb\|inc\)$" | xargs sed -i '/^PRIORITY = ".*"$/d'
against the tree removing the referenced. Thanks to Phil Blundell for
the command.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable "--with-legacy" in order to pass library check of LSB.
Signed-off-by: Jingdong Lu <jingdong.lu@windriver.com>
|
|
Enable options "--with-doc --with-debug --with-catalog" in order to pass LSB test.
Signed-off-by: Jingdong Lu<jingdong.lu@windriver.com>
|
|
mesa 7.9 build script es_generator.py use libxml2 API xmlLsCountNode,
which only available in debug module, so remove the --without-debug
option for mesa 7.9
Signed-off-by: Yu Ke <ke.yu@intel.com>
|
|
[BUGID #281]
Evaluate and update each package in recipes-core to ensure they have a
consistent summary and description.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Having one monolithic packages directory makes it hard to find things
and is generally overwhelming. This commit splits it into several
logical sections roughly based on function, recipes.txt gives more
information about the classifications used.
The opportunity is also used to switch from "packages" to "recipes"
as used in OpenEmbedded as the term "packages" can be confusing to
people and has many different meanings.
Not all recipes have been classified yet, this is just a first pass
at separating things out. Some packages are moved to meta-extras as
they're no longer actively used or maintained.
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
|
Armin Kuster
Joshua Lock
Yue Tao
Hongxu Jia
Joe MacDonald
Khem Raj
Robert Yang
Otavio Salvador
Ross Burton
Richard Purdie
Paul Eggleton
Maxin B. John
Mihaela Sendrea
Felipe F. Tonello
Saul Wold
Zhenhua Luo
Morgan Little
Marcin Juszkiewicz
Martin Jansa
Dmitry Eremin-Solenikov
Lianhao Lu
Jingdong Lu
Yu Ke
Mark Hatle
Richard Purdie