diff options
author | Andrii Davydenko <andrii.davydenko@globallogic.com> | 2022-12-14 12:08:42 +0200 |
---|---|---|
committer | Mykyta Dorokhin <mykyta.dorokhin@globallogic.com> | 2023-01-24 12:41:29 +0200 |
commit | 2eaa3fd064097eb221b56d5df0e7136ba705a0cd (patch) | |
tree | 2ca46c9a625d6f743933b1ea7e2fc6bd2581e6eb /recipes-core | |
parent | 1e52890ac41318d28923787af35541a8f9ee0653 (diff) | |
download | meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.gz meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.tar.bz2 meta-mlinux-2eaa3fd064097eb221b56d5df0e7136ba705a0cd.zip |
CVE Packages Update
Move libfastjson to the rsyslog directory
rsyslog 8.2002.0 -> 8.2206.0
add ntp4.2.8 recipe with fixed CVEs
update cryptsetup to 2.4.3
fix libxml2 CVE-2016-3709
curl 7.75.0 -> 7.86.0
strongswan 5.8.4 -> 5.9.8
libmodbus 3.1.6 -> 3.1.7
libesmtp 1.0.6 -> 1.1.0
cifs-utils 6.1 -> 7.0
update libtirpc to version 1.3.3
update rsync to version 3.2.5
Add zlib 1.2.13
upgrade gnutls to 3.7.8
upgrade openssh to 8.9p1
Add cmake 3.24.2 and cmake-native 3.24.2 to avoid loop dependecies building expat
Add expat 2.5.0 to fix CVE-2022-40674 and CVE-2022-43680
openvpn 2.4.9 -> 2.4.12
hostapd 2.9 -> 2.10
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Openssh 8.9p1 no longer needed, because all necessary CVE fixes, backports and whitelists are present for current Openssh 8.4p1. There are no new CVE's in report.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patches for python3 component. Need to remove after upgrading Yocto to version more than 3.1.21.
[GP-1837] mPower R.6.3.X (Fall'22): CVE Upgrade (after 2022-12-28)
Backported CVE patch for sudo component.
Added 2 CVE's to whitelist for OpenVPN component.
Diffstat (limited to 'recipes-core')
30 files changed, 3777 insertions, 0 deletions
diff --git a/recipes-core/expat/expat_2.5.0.bb b/recipes-core/expat/expat_2.5.0.bb new file mode 100644 index 0000000..47334ed --- /dev/null +++ b/recipes-core/expat/expat_2.5.0.bb @@ -0,0 +1,32 @@ +SUMMARY = "A stream-oriented XML parser library" +DESCRIPTION = "Expat is an XML parser library written in C. It is a stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags)" +HOMEPAGE = "https://github.com/libexpat/libexpat" +SECTION = "libs" +LICENSE = "MIT" + +LIC_FILES_CHKSUM = "file://COPYING;md5=7b3b078238d0901d3b339289117cb7fb" + +VERSION_TAG = "${@d.getVar('PV').replace('.', '_')}" + +SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ + file://run-ptest \ + " + +GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" +UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P<pver>.+)" + +SRC_URI[sha256sum] = "6f0e6e01f7b30025fa05c85fdad1e5d0ec7fd35d9f61b22f34998de11969ff67" + +EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" + +RDEPENDS:${PN}-ptest += "bash" + +inherit cmake lib_package ptest + +do_install_ptest:class-target() { + install -m 755 ${B}/tests/* ${D}${PTEST_PATH} +} + +BBCLASSEXTEND += "native nativesdk" + +CVE_PRODUCT = "expat libexpat" diff --git a/recipes-core/expat/files/run-ptest b/recipes-core/expat/files/run-ptest new file mode 100644 index 0000000..dbf602c --- /dev/null +++ b/recipes-core/expat/files/run-ptest @@ -0,0 +1,9 @@ +#!/bin/bash + +TIME=$(which time) + +echo "runtests" +${TIME} -f 'Execution time: %e s' bash -c "./runtests -v" +echo "runtestspp" +${TIME} -f 'Execution time: %e s' bash -c "./runtestspp -v" +echo diff --git a/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch b/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch new file mode 100644 index 0000000..5e9a0a5 --- /dev/null +++ b/recipes-core/libxml/libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch @@ -0,0 +1,98 @@ +From 2b5fb416aa275fd2a17a0139a2f783998bcb42cc Mon Sep 17 00:00:00 2001 +From: Peter Kjellerstedt <pkj@axis.com> +Date: Fri, 9 Jun 2017 17:50:46 +0200 +Subject: [PATCH] Make ptest run the python tests if python is enabled + +One of the tests (tstLastError.py) needed a minor correction. It might +be due to the fact that the tests are forced to run with Python 3. + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> + +--- + Makefile.am | 2 +- + python/Makefile.am | 9 +++++++++ + python/tests/Makefile.am | 10 ++++++++++ + python/tests/tstLastError.py | 2 +- + 4 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index ae62274..bd1e425 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -203,9 +203,9 @@ install-ptest: + install $(check_PROGRAMS) $(DESTDIR)) + cp -r $(srcdir)/test $(DESTDIR) + cp -r $(srcdir)/result $(DESTDIR) +- cp -r $(srcdir)/python $(DESTDIR) + cp Makefile $(DESTDIR) + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile ++ $(MAKE) -C python install-ptest + + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) +diff --git a/python/Makefile.am b/python/Makefile.am +index 34aed96..ba3ec6a 100644 +--- a/python/Makefile.am ++++ b/python/Makefile.am +@@ -48,7 +48,16 @@ GENERATED = libxml2class.py libxml2class.txt $(BUILT_SOURCES) + + $(GENERATED): $(srcdir)/generator.py $(API_DESC) + $(PYTHON) $(srcdir)/generator.py $(srcdir) ++ ++install-ptest: ++ cp -r $(srcdir) $(DESTDIR) ++ sed -e 's|^Makefile:|_Makefile:|' \ ++ -e 's|^\(tests test:\) all|\1|' Makefile >$(DESTDIR)/python/Makefile ++ $(MAKE) -C tests install-ptest ++else ++install-ptest: + endif + ++.PHONY: tests test + tests test: all + cd tests && $(MAKE) tests +diff --git a/python/tests/Makefile.am b/python/tests/Makefile.am +index 227e24d..021bb29 100644 +--- a/python/tests/Makefile.am ++++ b/python/tests/Makefile.am +@@ -59,6 +59,11 @@ XMLS= \ + CLEANFILES = core tmp.xml *.pyc + + if WITH_PYTHON ++install-ptest: ++ cp -r $(srcdir) $(DESTDIR)/python ++ sed -e 's|^Makefile:|_Makefile:|' \ ++ -e 's|^\(srcdir = \).*|\1.|' Makefile >$(DESTDIR)/python/tests/Makefile ++ + tests: $(PYTESTS) + @for f in $(XMLS) ; do test -f $$f || $(LN_S) $(srcdir)/$$f . ; done + @echo "## running Python regression tests" +@@ -70,9 +75,14 @@ tests: $(PYTESTS) + if [ "$$?" -ne 0 ] ; then \ + echo "-- $$test" ; \ + echo "$$log" ; \ ++ echo "FAIL: $$test"; \ + exit 1 ; \ ++ else \ ++ echo "PASS: $$test"; \ + fi ; \ + done) + else ++install-ptest: ++ + tests: + endif +diff --git a/python/tests/tstLastError.py b/python/tests/tstLastError.py +index 81d0acc..162c8db 100755 +--- a/python/tests/tstLastError.py ++++ b/python/tests/tstLastError.py +@@ -25,7 +25,7 @@ class TestCase(unittest.TestCase): + when the exception is raised, check the libxml2.lastError for + expected values.""" + # disable the default error handler +- libxml2.registerErrorHandler(None,None) ++ libxml2.registerErrorHandler(lambda ctx,str: None,None) + try: + f(*args) + except exc: diff --git a/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch b/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch new file mode 100644 index 0000000..b0d26d1 --- /dev/null +++ b/recipes-core/libxml/libxml2/0001-Port-gentest.py-to-Python-3.patch @@ -0,0 +1,813 @@ +From b5125000917810731bc28055c0445d571121f80e Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 21 Apr 2022 00:45:58 +0200 +Subject: [PATCH] Port gentest.py to Python 3 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/343fc1421cdae097fa6c4cffeb1a065a40be6bbb] + +* fixes: + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 11 + print "libxml2 python bindings not available, skipping testapi.c generation" + ^ +SyntaxError: Missing parentheses in call to 'print'. Did you mean print("libxml2 python bindings not available, skipping testapi.c generation")? +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +make[1]: 'testReader' is up to date. + File "../libxml2-2.9.10/gentest.py", line 271 + return 1 + ^ +TabError: inconsistent use of tabs and spaces in indentation +make[1]: [Makefile:2078: testapi.c] Error 1 (ignored) + +... + +aarch64-oe-linux-gcc: error: testapi.c: No such file or directory +aarch64-oe-linux-gcc: fatal error: no input files +compilation terminated. +make[1]: *** [Makefile:1275: testapi.o] Error 1 + +But there is still a bit mystery why it worked before, because check-am +calls gentest.py with $(PYTHON), so it ignores the shebang in the script +and libxml2 is using python3native (through python3targetconfig.bbclass) +so something like: + +libxml2/2.9.10-r0/recipe-sysroot-native/usr/bin/python3-native/python3 gentest.py + +But that still fails (now without SyntaxError) with: +libxml2 python bindings not available, skipping testapi.c generation + +because we don't have dependency on libxml2-native (to provide libxml2 +python bindings form python3native) and exported PYTHON_SITE_PACKAGES +might be useless (e.g. /usr/lib/python3.8/site-packages on Ubuntu-22.10 +which uses python 3.10 and there is no site-packages with libxml2) + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + gentest.py | 421 ++++++++++++++++++++++++++--------------------------- + 1 file changed, 209 insertions(+), 212 deletions(-) + +diff --git a/gentest.py b/gentest.py +index b763300..0756706 100755 +--- a/gentest.py ++++ b/gentest.py +@@ -8,7 +8,7 @@ import string + try: + import libxml2 + except: +- print "libxml2 python bindings not available, skipping testapi.c generation" ++ print("libxml2 python bindings not available, skipping testapi.c generation") + sys.exit(0) + + if len(sys.argv) > 1: +@@ -227,7 +227,7 @@ extra_post_call = { + if (old != NULL) { + xmlUnlinkNode(old); + xmlFreeNode(old) ; old = NULL ; } +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlTextMerge": + """if ((first != NULL) && (first->type != XML_TEXT_NODE)) { + xmlUnlinkNode(second); +@@ -236,7 +236,7 @@ extra_post_call = { + """if ((ret_val != NULL) && (ret_val != ncname) && + (ret_val != prefix) && (ret_val != memory)) + xmlFree(ret_val); +- ret_val = NULL;""", ++\t ret_val = NULL;""", + "xmlNewDocElementContent": + """xmlFreeDocElementContent(doc, ret_val); ret_val = NULL;""", + "xmlDictReference": "xmlDictFree(dict);", +@@ -268,29 +268,29 @@ modules = [] + def is_skipped_module(name): + for mod in skipped_modules: + if mod == name: +- return 1 ++ return 1 + return 0 + + def is_skipped_function(name): + for fun in skipped_functions: + if fun == name: +- return 1 ++ return 1 + # Do not test destructors +- if string.find(name, 'Free') != -1: ++ if name.find('Free') != -1: + return 1 + return 0 + + def is_skipped_memcheck(name): + for fun in skipped_memcheck: + if fun == name: +- return 1 ++ return 1 + return 0 + + missing_types = {} + def add_missing_type(name, func): + try: + list = missing_types[name] +- list.append(func) ++ list.append(func) + except: + missing_types[name] = [func] + +@@ -310,7 +310,7 @@ def add_missing_functions(name, module): + missing_functions_nr = missing_functions_nr + 1 + try: + list = missing_functions[module] +- list.append(name) ++ list.append(name) + except: + missing_functions[module] = [name] + +@@ -319,45 +319,45 @@ def add_missing_functions(name, module): + # + + def type_convert(str, name, info, module, function, pos): +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +-# res = string.replace(str, " ", " ") +- res = string.replace(str, " *", "_ptr") +-# res = string.replace(str, "*", "_ptr") +- res = string.replace(res, " ", "_") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++# res = str.replace(" ", " ") ++ res = str.replace(" *", "_ptr") ++# res = str.replace("*", "_ptr") ++ res = res.replace(" ", "_") + if res == 'const_char_ptr': +- if string.find(name, "file") != -1 or \ +- string.find(name, "uri") != -1 or \ +- string.find(name, "URI") != -1 or \ +- string.find(info, "filename") != -1 or \ +- string.find(info, "URI") != -1 or \ +- string.find(info, "URL") != -1: +- if string.find(function, "Save") != -1 or \ +- string.find(function, "Create") != -1 or \ +- string.find(function, "Write") != -1 or \ +- string.find(function, "Fetch") != -1: +- return('fileoutput') +- return('filepath') ++ if name.find("file") != -1 or \ ++ name.find("uri") != -1 or \ ++ name.find("URI") != -1 or \ ++ info.find("filename") != -1 or \ ++ info.find("URI") != -1 or \ ++ info.find("URL") != -1: ++ if function.find("Save") != -1 or \ ++ function.find("Create") != -1 or \ ++ function.find("Write") != -1 or \ ++ function.find("Fetch") != -1: ++ return('fileoutput') ++ return('filepath') + if res == 'void_ptr': + if module == 'nanoftp' and name == 'ctx': +- return('xmlNanoFTPCtxtPtr') ++ return('xmlNanoFTPCtxtPtr') + if function == 'xmlNanoFTPNewCtxt' or \ +- function == 'xmlNanoFTPConnectTo' or \ +- function == 'xmlNanoFTPOpen': +- return('xmlNanoFTPCtxtPtr') ++ function == 'xmlNanoFTPConnectTo' or \ ++ function == 'xmlNanoFTPOpen': ++ return('xmlNanoFTPCtxtPtr') + if module == 'nanohttp' and name == 'ctx': +- return('xmlNanoHTTPCtxtPtr') +- if function == 'xmlNanoHTTPMethod' or \ +- function == 'xmlNanoHTTPMethodRedir' or \ +- function == 'xmlNanoHTTPOpen' or \ +- function == 'xmlNanoHTTPOpenRedir': +- return('xmlNanoHTTPCtxtPtr'); ++ return('xmlNanoHTTPCtxtPtr') ++ if function == 'xmlNanoHTTPMethod' or \ ++ function == 'xmlNanoHTTPMethodRedir' or \ ++ function == 'xmlNanoHTTPOpen' or \ ++ function == 'xmlNanoHTTPOpenRedir': ++ return('xmlNanoHTTPCtxtPtr'); + if function == 'xmlIOHTTPOpen': +- return('xmlNanoHTTPCtxtPtr') +- if string.find(name, "data") != -1: +- return('userdata') +- if string.find(name, "user") != -1: +- return('userdata') ++ return('xmlNanoHTTPCtxtPtr') ++ if name.find("data") != -1: ++ return('userdata') ++ if name.find("user") != -1: ++ return('userdata') + if res == 'xmlDoc_ptr': + res = 'xmlDocPtr' + if res == 'xmlNode_ptr': +@@ -366,18 +366,18 @@ def type_convert(str, name, info, module, function, pos): + res = 'xmlDictPtr' + if res == 'xmlNodePtr' and pos != 0: + if (function == 'xmlAddChild' and pos == 2) or \ +- (function == 'xmlAddChildList' and pos == 2) or \ ++ (function == 'xmlAddChildList' and pos == 2) or \ + (function == 'xmlAddNextSibling' and pos == 2) or \ + (function == 'xmlAddSibling' and pos == 2) or \ + (function == 'xmlDocSetRootElement' and pos == 2) or \ + (function == 'xmlReplaceNode' and pos == 2) or \ + (function == 'xmlTextMerge') or \ +- (function == 'xmlAddPrevSibling' and pos == 2): +- return('xmlNodePtr_in'); ++ (function == 'xmlAddPrevSibling' and pos == 2): ++ return('xmlNodePtr_in'); + if res == 'const xmlBufferPtr': + res = 'xmlBufferPtr' + if res == 'xmlChar_ptr' and name == 'name' and \ +- string.find(function, "EatName") != -1: ++ function.find("EatName") != -1: + return('eaten_name') + if res == 'void_ptr*': + res = 'void_ptr_ptr' +@@ -393,7 +393,7 @@ def type_convert(str, name, info, module, function, pos): + res = 'debug_FILE_ptr'; + if res == 'int' and name == 'options': + if module == 'parser' or module == 'xmlreader': +- res = 'parseroptions' ++ res = 'parseroptions' + + return res + +@@ -402,28 +402,28 @@ known_param_types = [] + def is_known_param_type(name): + for type in known_param_types: + if type == name: +- return 1 ++ return 1 + return name[-3:] == 'Ptr' or name[-4:] == '_ptr' + + def generate_param_type(name, rtype): + global test + for type in known_param_types: + if type == name: +- return ++ return + for type in generated_param_types: + if type == name: +- return ++ return + + if name[-3:] == 'Ptr' or name[-4:] == '_ptr': + if rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype ++ crtype = rtype[6:] ++ else: ++ crtype = rtype + + define = 0 +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write(""" + #define gen_nb_%s 1 + static %s gen_%s(int no ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { +@@ -433,7 +433,7 @@ static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTR + } + """ % (name, crtype, name, name, rtype)) + if define == 1: +- test.write("#endif\n\n") ++ test.write("#endif\n\n") + add_generated_param_type(name) + + # +@@ -445,7 +445,7 @@ known_return_types = [] + def is_known_return_type(name): + for type in known_return_types: + if type == name: +- return 1 ++ return 1 + return 0 + + # +@@ -471,7 +471,7 @@ def compare_and_save(): + try: + os.system("rm testapi.c; mv testapi.c.new testapi.c") + except: +- os.system("mv testapi.c.new testapi.c") ++ os.system("mv testapi.c.new testapi.c") + print("Updated testapi.c") + else: + print("Generated testapi.c is identical") +@@ -481,17 +481,17 @@ while line != "": + if line == "/* CUT HERE: everything below that line is generated */\n": + break; + if line[0:15] == "#define gen_nb_": +- type = string.split(line[15:])[0] +- known_param_types.append(type) ++ type = line[15:].split()[0] ++ known_param_types.append(type) + if line[0:19] == "static void desret_": +- type = string.split(line[19:], '(')[0] +- known_return_types.append(type) ++ type = line[19:].split('(')[0] ++ known_return_types.append(type) + test.write(line) + line = input.readline() + input.close() + + if line == "": +- print "Could not find the CUT marker in testapi.c skipping generation" ++ print("Could not find the CUT marker in testapi.c skipping generation") + test.close() + sys.exit(0) + +@@ -505,7 +505,7 @@ test.write("/* CUT HERE: everything below that line is generated */\n") + # + doc = libxml2.readFile(srcPref + 'doc/libxml2-api.xml', None, 0) + if doc == None: +- print "Failed to load doc/libxml2-api.xml" ++ print("Failed to load doc/libxml2-api.xml") + sys.exit(1) + ctxt = doc.xpathNewContext() + +@@ -519,9 +519,9 @@ for arg in args: + mod = arg.xpathEval('string(../@file)') + func = arg.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): +- type = arg.xpathEval('string(@type)') +- if not argtypes.has_key(type): +- argtypes[type] = func ++ type = arg.xpathEval('string(@type)') ++ if type not in argtypes: ++ argtypes[type] = func + + # similarly for return types + rettypes = {} +@@ -531,8 +531,8 @@ for ret in rets: + func = ret.xpathEval('string(../@name)') + if (mod not in skipped_modules) and (func not in skipped_functions): + type = ret.xpathEval('string(@type)') +- if not rettypes.has_key(type): +- rettypes[type] = func ++ if type not in rettypes: ++ rettypes[type] = func + + # + # Generate constructors and return type handling for all enums +@@ -549,49 +549,49 @@ for enum in enums: + continue; + define = 0 + +- if argtypes.has_key(name) and is_known_param_type(name) == 0: +- values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) +- i = 0 +- vals = [] +- for value in values: +- vname = value.xpathEval('string(@name)') +- if vname == None: +- continue; +- i = i + 1 +- if i >= 5: +- break; +- vals.append(vname) +- if vals == []: +- print "Didn't find any value for enum %s" % (name) +- continue +- if modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 +- test.write("#define gen_nb_%s %d\n" % (name, len(vals))) +- test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % +- (name, name)) +- i = 1 +- for value in vals: +- test.write(" if (no == %d) return(%s);\n" % (i, value)) +- i = i + 1 +- test.write(""" return(0); ++ if (name in argtypes) and is_known_param_type(name) == 0: ++ values = ctxt.xpathEval("/api/symbols/enum[@type='%s']" % name) ++ i = 0 ++ vals = [] ++ for value in values: ++ vname = value.xpathEval('string(@name)') ++ if vname == None: ++ continue; ++ i = i + 1 ++ if i >= 5: ++ break; ++ vals.append(vname) ++ if vals == []: ++ print("Didn't find any value for enum %s" % (name)) ++ continue ++ if module in modules_defines: ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 ++ test.write("#define gen_nb_%s %d\n" % (name, len(vals))) ++ test.write("""static %s gen_%s(int no, int nr ATTRIBUTE_UNUSED) {\n""" % ++ (name, name)) ++ i = 1 ++ for value in vals: ++ test.write(" if (no == %d) return(%s);\n" % (i, value)) ++ i = i + 1 ++ test.write(""" return(0); + } + + static void des_%s(int no ATTRIBUTE_UNUSED, %s val ATTRIBUTE_UNUSED, int nr ATTRIBUTE_UNUSED) { + } + + """ % (name, name)); +- known_param_types.append(name) ++ known_param_types.append(name) + + if (is_known_return_type(name) == 0) and (name in rettypes): +- if define == 0 and modules_defines.has_key(module): +- test.write("#ifdef %s\n" % (modules_defines[module])) +- define = 1 ++ if define == 0 and (module in modules_defines): ++ test.write("#ifdef %s\n" % (modules_defines[module])) ++ define = 1 + test.write("""static void desret_%s(%s val ATTRIBUTE_UNUSED) { + } + + """ % (name, name)) +- known_return_types.append(name) ++ known_return_types.append(name) + if define == 1: + test.write("#endif\n\n") + +@@ -615,9 +615,9 @@ for file in headers: + # do not test deprecated APIs + # + desc = file.xpathEval('string(description)') +- if string.find(desc, 'DEPRECATED') != -1: +- print "Skipping deprecated interface %s" % name +- continue; ++ if desc.find('DEPRECATED') != -1: ++ print("Skipping deprecated interface %s" % name) ++ continue; + + test.write("#include <libxml/%s.h>\n" % name) + modules.append(name) +@@ -679,7 +679,7 @@ def generate_test(module, node): + # and store the informations for the generation + # + try: +- args = node.xpathEval("arg") ++ args = node.xpathEval("arg") + except: + args = [] + t_args = [] +@@ -687,37 +687,37 @@ def generate_test(module, node): + for arg in args: + n = n + 1 + rtype = arg.xpathEval("string(@type)") +- if rtype == 'void': +- break; +- info = arg.xpathEval("string(@info)") +- nam = arg.xpathEval("string(@name)") ++ if rtype == 'void': ++ break; ++ info = arg.xpathEval("string(@info)") ++ nam = arg.xpathEval("string(@name)") + type = type_convert(rtype, nam, info, module, name, n) +- if is_known_param_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 ++ if is_known_param_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 + if (type[-3:] == 'Ptr' or type[-4:] == '_ptr') and \ +- rtype[0:6] == 'const ': +- crtype = rtype[6:] +- else: +- crtype = rtype +- t_args.append((nam, type, rtype, crtype, info)) ++ rtype[0:6] == 'const ': ++ crtype = rtype[6:] ++ else: ++ crtype = rtype ++ t_args.append((nam, type, rtype, crtype, info)) + + try: +- rets = node.xpathEval("return") ++ rets = node.xpathEval("return") + except: + rets = [] + t_ret = None + for ret in rets: + rtype = ret.xpathEval("string(@type)") +- info = ret.xpathEval("string(@info)") ++ info = ret.xpathEval("string(@info)") + type = type_convert(rtype, 'return', info, module, name, 0) +- if rtype == 'void': +- break +- if is_known_return_type(type) == 0: +- add_missing_type(type, name); +- no_gen = 1 +- t_ret = (type, rtype, info) +- break ++ if rtype == 'void': ++ break ++ if is_known_return_type(type) == 0: ++ add_missing_type(type, name); ++ no_gen = 1 ++ t_ret = (type, rtype, info) ++ break + + if no_gen == 0: + for t_arg in t_args: +@@ -733,7 +733,7 @@ test_%s(void) { + + if no_gen == 1: + add_missing_functions(name, module) +- test.write(""" ++ test.write(""" + /* missing type support */ + return(test_ret); + } +@@ -742,22 +742,22 @@ test_%s(void) { + return + + try: +- conds = node.xpathEval("cond") +- for cond in conds: +- test.write("#if %s\n" % (cond.get_content())) +- nb_cond = nb_cond + 1 ++ conds = node.xpathEval("cond") ++ for cond in conds: ++ test.write("#if %s\n" % (cond.get_content())) ++ nb_cond = nb_cond + 1 + except: + pass + + define = 0 +- if function_defines.has_key(name): ++ if name in function_defines: + test.write("#ifdef %s\n" % (function_defines[name])) +- define = 1 ++ define = 1 + + # Declare the memory usage counter + no_mem = is_skipped_memcheck(name) + if no_mem == 0: +- test.write(" int mem_base;\n"); ++ test.write(" int mem_base;\n"); + + # Declare the return value + if t_ret != None: +@@ -766,29 +766,29 @@ test_%s(void) { + # Declare the arguments + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # add declaration +- test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) +- test.write(" int n_%s;\n" % (nam)) ++ # add declaration ++ test.write(" %s %s; /* %s */\n" % (crtype, nam, info)) ++ test.write(" int n_%s;\n" % (nam)) + test.write("\n") + + # Cascade loop on of each argument list of values + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( +- nam, nam, type, nam)) ++ # ++ test.write(" for (n_%s = 0;n_%s < gen_nb_%s;n_%s++) {\n" % ( ++ nam, nam, type, nam)) + + # log the memory usage + if no_mem == 0: +- test.write(" mem_base = xmlMemBlocks();\n"); ++ test.write(" mem_base = xmlMemBlocks();\n"); + + # prepare the call + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # +- test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) +- i = i + 1; ++ # ++ test.write(" %s = gen_%s(n_%s, %d);\n" % (nam, type, nam, i)) ++ i = i + 1; + + # add checks to avoid out-of-bounds array access + i = 0; +@@ -797,7 +797,7 @@ test_%s(void) { + # assume that "size", "len", and "start" parameters apply to either + # the nearest preceding or following char pointer + if type == "int" and (nam == "size" or nam == "len" or nam == "start"): +- for j in range(i - 1, -1, -1) + range(i + 1, len(t_args)): ++ for j in (*range(i - 1, -1, -1), *range(i + 1, len(t_args))): + (bnam, btype) = t_args[j][:2] + if btype == "const_char_ptr" or btype == "const_xmlChar_ptr": + test.write( +@@ -806,42 +806,42 @@ test_%s(void) { + " continue;\n" + % (bnam, nam, bnam)) + break +- i = i + 1; ++ i = i + 1; + + # do the call, and clanup the result +- if extra_pre_call.has_key(name): +- test.write(" %s\n"% (extra_pre_call[name])) ++ if name in extra_pre_call: ++ test.write(" %s\n"% (extra_pre_call[name])) + if t_ret != None: +- test.write("\n ret_val = %s(" % (name)) +- need = 0 +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam); +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) +- test.write(" desret_%s(ret_val);\n" % t_ret[0]) ++ test.write("\n ret_val = %s(" % (name)) ++ need = 0 ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam); ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) ++ test.write(" desret_%s(ret_val);\n" % t_ret[0]) + else: +- test.write("\n %s(" % (name)); +- need = 0; +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- if need: +- test.write(", ") +- else: +- need = 1 +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s" % nam) +- test.write(");\n") +- if extra_post_call.has_key(name): +- test.write(" %s\n"% (extra_post_call[name])) ++ test.write("\n %s(" % (name)); ++ need = 0; ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ if need: ++ test.write(", ") ++ else: ++ need = 1 ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s" % nam) ++ test.write(");\n") ++ if name in extra_post_call: ++ test.write(" %s\n"% (extra_post_call[name])) + + test.write(" call_tests++;\n"); + +@@ -849,32 +849,32 @@ test_%s(void) { + i = 0; + for arg in t_args: + (nam, type, rtype, crtype, info) = arg; +- # This is a hack to prevent generating a destructor for the +- # 'input' argument in xmlTextReaderSetup. There should be +- # a better, more generic way to do this! +- if string.find(info, 'destroy') == -1: +- test.write(" des_%s(n_%s, " % (type, nam)) +- if rtype != crtype: +- test.write("(%s)" % rtype) +- test.write("%s, %d);\n" % (nam, i)) +- i = i + 1; ++ # This is a hack to prevent generating a destructor for the ++ # 'input' argument in xmlTextReaderSetup. There should be ++ # a better, more generic way to do this! ++ if info.find('destroy') == -1: ++ test.write(" des_%s(n_%s, " % (type, nam)) ++ if rtype != crtype: ++ test.write("(%s)" % rtype) ++ test.write("%s, %d);\n" % (nam, i)) ++ i = i + 1; + + test.write(" xmlResetLastError();\n"); + # Check the memory usage + if no_mem == 0: +- test.write(""" if (mem_base != xmlMemBlocks()) { ++ test.write(""" if (mem_base != xmlMemBlocks()) { + printf("Leak of %%d blocks found in %s", +- xmlMemBlocks() - mem_base); +- test_ret++; ++\t xmlMemBlocks() - mem_base); ++\t test_ret++; + """ % (name)); +- for arg in t_args: +- (nam, type, rtype, crtype, info) = arg; +- test.write(""" printf(" %%d", n_%s);\n""" % (nam)) +- test.write(""" printf("\\n");\n""") +- test.write(" }\n") ++ for arg in t_args: ++ (nam, type, rtype, crtype, info) = arg; ++ test.write(""" printf(" %%d", n_%s);\n""" % (nam)) ++ test.write(""" printf("\\n");\n""") ++ test.write(" }\n") + + for arg in t_args: +- test.write(" }\n") ++ test.write(" }\n") + + test.write(" function_tests++;\n") + # +@@ -882,7 +882,7 @@ test_%s(void) { + # + while nb_cond > 0: + test.write("#endif\n") +- nb_cond = nb_cond -1 ++ nb_cond = nb_cond -1 + if define == 1: + test.write("#endif\n") + +@@ -900,10 +900,10 @@ test_%s(void) { + for module in modules: + # gather all the functions exported by that module + try: +- functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) ++ functions = ctxt.xpathEval("/api/symbols/function[@file='%s']" % (module)) + except: +- print "Failed to gather functions from module %s" % (module) +- continue; ++ print("Failed to gather functions from module %s" % (module)) ++ continue; + + # iterate over all functions in the module generating the test + i = 0 +@@ -923,14 +923,14 @@ test_%s(void) { + # iterate over all functions in the module generating the call + for function in functions: + name = function.xpathEval('string(@name)') +- if is_skipped_function(name): +- continue +- test.write(" test_ret += test_%s();\n" % (name)) ++ if is_skipped_function(name): ++ continue ++ test.write(" test_ret += test_%s();\n" % (name)) + + # footer + test.write(""" + if (test_ret != 0) +- printf("Module %s: %%d errors\\n", test_ret); ++\tprintf("Module %s: %%d errors\\n", test_ret); + return(test_ret); + } + """ % (module)) +@@ -948,7 +948,7 @@ test.write(""" return(0); + } + """); + +-print "Generated test for %d modules and %d functions" %(len(modules), nb_tests) ++print("Generated test for %d modules and %d functions" %(len(modules), nb_tests)) + + compare_and_save() + +@@ -960,11 +960,8 @@ for missing in missing_types.keys(): + n = len(missing_types[missing]) + missing_list.append((n, missing)) + +-def compare_missing(a, b): +- return b[0] - a[0] +- +-missing_list.sort(compare_missing) +-print "Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list)) ++missing_list.sort(key=lambda a: a[0]) ++print("Missing support for %d functions and %d types see missing.lst" % (missing_functions_nr, len(missing_list))) + lst = open("missing.lst", "w") + lst.write("Missing support for %d types" % (len(missing_list))) + lst.write("\n") +@@ -974,9 +971,9 @@ for miss in missing_list: + for n in missing_types[miss[1]]: + i = i + 1 + if i > 5: +- lst.write(" ...") +- break +- lst.write(" %s" % (n)) ++ lst.write(" ...") ++ break ++ lst.write(" %s" % (n)) + lst.write("\n") + lst.write("\n") + lst.write("\n") diff --git a/recipes-core/libxml/libxml2/CVE-2016-3709.patch b/recipes-core/libxml/libxml2/CVE-2016-3709.patch new file mode 100644 index 0000000..5301d05 --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2016-3709.patch @@ -0,0 +1,89 @@ +From c1ba6f54d32b707ca6d91cb3257ce9de82876b6f Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 15 Aug 2020 18:32:29 +0200 +Subject: [PATCH] Revert "Do not URI escape in server side includes" + +This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588. + +This commit introduced + +- an infinite loop, found by OSS-Fuzz, which could be easily fixed. +- an algorithm with quadratic runtime +- a security issue, see + https://bugzilla.gnome.org/show_bug.cgi?id=769760 + +A better approach is to add an option not to escape URLs at all +which libxml2 should have possibly done in the first place. + +CVE: CVE-2016-3709 +Upstream-Status: Backport [https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f] +Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> +--- + HTMLtree.c | 49 +++++++++++-------------------------------------- + 1 file changed, 11 insertions(+), 38 deletions(-) + +diff --git a/HTMLtree.c b/HTMLtree.c +index 8d236bb35..cdb7f86a6 100644 +--- a/HTMLtree.c ++++ b/HTMLtree.c +@@ -706,49 +706,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur, + (!xmlStrcasecmp(cur->name, BAD_CAST "src")) || + ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) && + (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) { ++ xmlChar *escaped; + xmlChar *tmp = value; +- /* xmlURIEscapeStr() escapes '"' so it can be safely used. */ +- xmlBufCCat(buf->buffer, "\""); + + while (IS_BLANK_CH(*tmp)) tmp++; + +- /* URI Escape everything, except server side includes. */ +- for ( ; ; ) { +- xmlChar *escaped; +- xmlChar endChar; +- xmlChar *end = NULL; +- xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--"); +- if (start != NULL) { +- end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->"); +- if (end != NULL) { +- *start = '\0'; +- } +- } +- +- /* Escape the whole string, or until start (set to '\0'). */ +- escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+"); +- if (escaped != NULL) { +- xmlBufCat(buf->buffer, escaped); +- xmlFree(escaped); +- } else { +- xmlBufCat(buf->buffer, tmp); +- } +- +- if (end == NULL) { /* Everything has been written. */ +- break; +- } +- +- /* Do not escape anything within server side includes. */ +- *start = '<'; /* Restore the first character of "<!--". */ +- end += 3; /* strlen("-->") */ +- endChar = *end; +- *end = '\0'; +- xmlBufCat(buf->buffer, start); +- *end = endChar; +- tmp = end; ++ /* ++ * the < and > have already been escaped at the entity level ++ * And doing so here breaks server side includes ++ */ ++ escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>"); ++ if (escaped != NULL) { ++ xmlBufWriteQuotedString(buf->buffer, escaped); ++ xmlFree(escaped); ++ } else { ++ xmlBufWriteQuotedString(buf->buffer, value); + } +- +- xmlBufCCat(buf->buffer, "\""); + } else { + xmlBufWriteQuotedString(buf->buffer, value); + } diff --git a/recipes-core/libxml/libxml2/CVE-2019-20388.patch b/recipes-core/libxml/libxml2/CVE-2019-20388.patch new file mode 100644 index 0000000..88eb65a --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2019-20388.patch @@ -0,0 +1,37 @@ +From 7ffcd44d7e6c46704f8af0321d9314cd26e0e18a Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Tue, 20 Aug 2019 16:33:06 +0800 +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream + +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize +vctxt->xsiAssemble to 0 again which cause the alloced schema +can not be freed anymore. + +Found with libFuzzer. + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a] +CVE: CVE-2019-20388 + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + xmlschemas.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 301c8449..39d92182 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; +-- +2.24.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2020-24977.patch b/recipes-core/libxml/libxml2/CVE-2020-24977.patch new file mode 100644 index 0000000..8224346 --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2020-24977.patch @@ -0,0 +1,41 @@ +From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 7 Aug 2020 21:54:27 +0200 +Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' + +Make sure that truncated UTF-8 sequences don't cause an out-of-bounds +array access. + +Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for +the report. + +Fixes #178. + +CVE: CVE-2020-24977 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + xmllint.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/xmllint.c b/xmllint.c +index f6a8e463..c647486f 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -528,6 +528,12 @@ static void + xmlHTMLEncodeSend(void) { + char *result; + ++ /* ++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might ++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid ++ * an out-of-bounds read. ++ */ ++ memset(&buffer[sizeof(buffer)-4], 0, 4); + result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); + if (result) { + xmlGenericError(xmlGenericErrorContext, "%s", result); +-- +2.17.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2020-7595.patch b/recipes-core/libxml/libxml2/CVE-2020-7595.patch new file mode 100644 index 0000000..facfefd --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2020-7595.patch @@ -0,0 +1,36 @@ +From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipeng1@huawei.com> +Date: Thu, 12 Dec 2019 17:30:55 +0800 +Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities + +When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef +return NULL which cause a infinite loop in xmlStringLenDecodeEntities + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076] +CVE: CVE-2020-7595 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index d1c31963..a34bb6cd 100644 +--- a/parser.c ++++ b/parser.c +@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + else + c = 0; + while ((c != 0) && (c != end) && /* non input consuming loop */ +- (c != end2) && (c != end3)) { ++ (c != end2) && (c != end3) && ++ (ctxt->instate != XML_PARSER_EOF)) { + + if (c == 0) break; + if ((c == '&') && (str[1] == '#')) { +-- +2.24.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3517.patch b/recipes-core/libxml/libxml2/CVE-2021-3517.patch new file mode 100644 index 0000000..e88a8ae --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3517.patch @@ -0,0 +1,53 @@ +From bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 Mon Sep 17 00:00:00 2001 +From: Joel Hockey <joel.hockey@gmail.com> +Date: Sun, 16 Aug 2020 17:19:35 -0700 +Subject: [PATCH] Validate UTF8 in xmlEncodeEntities + +Code is currently assuming UTF-8 without validating. Truncated UTF-8 +input can cause out-of-bounds array access. + +Adds further checks to partial fix in 50f06b3e. + +Fixes #178 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2] +CVE: CVE-2021-3517 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + entities.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/entities.c b/entities.c +index 37b99a56..1a8f86f0 100644 +--- a/entities.c ++++ b/entities.c +@@ -704,11 +704,25 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) { + } else { + /* + * We assume we have UTF-8 input. ++ * It must match either: ++ * 110xxxxx 10xxxxxx ++ * 1110xxxx 10xxxxxx 10xxxxxx ++ * 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx ++ * That is: ++ * cur[0] is 11xxxxxx ++ * cur[1] is 10xxxxxx ++ * cur[2] is 10xxxxxx if cur[0] is 111xxxxx ++ * cur[3] is 10xxxxxx if cur[0] is 1111xxxx ++ * cur[0] is not 11111xxx + */ + char buf[11], *ptr; + int val = 0, l = 1; + +- if (*cur < 0xC0) { ++ if (((cur[0] & 0xC0) != 0xC0) || ++ ((cur[1] & 0xC0) != 0x80) || ++ (((cur[0] & 0xE0) == 0xE0) && ((cur[2] & 0xC0) != 0x80)) || ++ (((cur[0] & 0xF0) == 0xF0) && ((cur[3] & 0xC0) != 0x80)) || ++ (((cur[0] & 0xF8) == 0xF8))) { + xmlEntitiesErr(XML_CHECK_NOT_UTF8, + "xmlEncodeEntities: input not UTF-8"); + if (doc != NULL) +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3518.patch b/recipes-core/libxml/libxml2/CVE-2021-3518.patch new file mode 100644 index 0000000..40d3deb --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3518.patch @@ -0,0 +1,112 @@ +From ac82a514e16eb81b4506e2cba1a1ee45b9f025b5 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 10 Jun 2020 16:34:52 +0200 +Subject: [PATCH 1/2] Don't recurse into xi:include children in + xmlXIncludeDoProcess + +Otherwise, nested xi:include nodes might result in a use-after-free +if XML_PARSE_NOXINCNODE is specified. + +Found with libFuzzer and ASan. + +Upstream-Status: Backport [from fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1954243] + +The upstream patch 752e5f71d7cea2ca5a7e7c0b8f72ed04ce654be4 has been modified, +as to avoid unnecessary modifications to fallback files. + +CVE: CVE-2021-3518 +Signed-off-by: Jasper Orschulko <Jasper.Orschulko@iris-sensing.com> +--- + xinclude.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +diff --git a/xinclude.c b/xinclude.c +index ba850fa5..f260c1a7 100644 +--- a/xinclude.c ++++ b/xinclude.c +@@ -2392,21 +2392,19 @@ xmlXIncludeDoProcess(xmlXIncludeCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr tree) { + * First phase: lookup the elements in the document + */ + cur = tree; +- if (xmlXIncludeTestNode(ctxt, cur) == 1) +- xmlXIncludePreProcessNode(ctxt, cur); + while ((cur != NULL) && (cur != tree->parent)) { + /* TODO: need to work on entities -> stack */ +- if ((cur->children != NULL) && +- (cur->children->type != XML_ENTITY_DECL) && +- (cur->children->type != XML_XINCLUDE_START) && +- (cur->children->type != XML_XINCLUDE_END)) { +- cur = cur->children; +- if (xmlXIncludeTestNode(ctxt, cur)) +- xmlXIncludePreProcessNode(ctxt, cur); +- } else if (cur->next != NULL) { ++ if (xmlXIncludeTestNode(ctxt, cur) == 1) { ++ xmlXIncludePreProcessNode(ctxt, cur); ++ } else if ((cur->children != NULL) && ++ (cur->children->type != XML_ENTITY_DECL) && ++ (cur->children->type != XML_XINCLUDE_START) && ++ (cur->children->type != XML_XINCLUDE_END)) { ++ cur = cur->children; ++ continue; ++ } ++ if (cur->next != NULL) { + cur = cur->next; +- if (xmlXIncludeTestNode(ctxt, cur)) +- xmlXIncludePreProcessNode(ctxt, cur); + } else { + if (cur == tree) + break; +@@ -2416,8 +2414,6 @@ xmlXIncludeDoProcess(xmlXIncludeCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr tree) { + break; /* do */ + if (cur->next != NULL) { + cur = cur->next; +- if (xmlXIncludeTestNode(ctxt, cur)) +- xmlXIncludePreProcessNode(ctxt, cur); + break; /* do */ + } + } while (cur != NULL); +-- +2.32.0 + + +From 3ad5ac1e39e3cd42f838c1cd27ffd4e9b79e6121 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 22 Apr 2021 19:26:28 +0200 +Subject: [PATCH 2/2] Fix user-after-free with `xmllint --xinclude --dropdtd` + +The --dropdtd option can leave dangling pointers in entity reference +nodes. Make sure to skip these nodes when processing XIncludes. + +This also avoids scanning entity declarations and even modifying +them inadvertently during XInclude processing. + +Move from a block list to an allow list approach to avoid descending +into other node types that can't contain elements. + +Fixes #237. +Upstream-Status: Backport +CVE: CVE-2021-3518 +Signed-off-by: Jasper Orschulko <Jasper.Orschulko@iris-sensing.com> +--- + xinclude.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/xinclude.c b/xinclude.c +index f260c1a7..d7648529 100644 +--- a/xinclude.c ++++ b/xinclude.c +@@ -2397,9 +2397,8 @@ xmlXIncludeDoProcess(xmlXIncludeCtxtPtr ctxt, xmlDocPtr doc, xmlNodePtr tree) { + if (xmlXIncludeTestNode(ctxt, cur) == 1) { + xmlXIncludePreProcessNode(ctxt, cur); + } else if ((cur->children != NULL) && +- (cur->children->type != XML_ENTITY_DECL) && +- (cur->children->type != XML_XINCLUDE_START) && +- (cur->children->type != XML_XINCLUDE_END)) { ++ ((cur->type == XML_DOCUMENT_NODE) || ++ (cur->type == XML_ELEMENT_NODE))) { + cur = cur->children; + continue; + } +-- +2.32.0 + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3537.patch b/recipes-core/libxml/libxml2/CVE-2021-3537.patch new file mode 100644 index 0000000..9e64c2a --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3537.patch @@ -0,0 +1,50 @@ +From babe75030c7f64a37826bb3342317134568bef61 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 1 May 2021 16:53:33 +0200 +Subject: [PATCH] Propagate error in xmlParseElementChildrenContentDeclPriv + +Check return value of recursive calls to +xmlParseElementChildrenContentDeclPriv and return immediately in case +of errors. Otherwise, struct xmlElementContent could contain unexpected +null pointers, leading to a null deref when post-validating documents +which aren't well-formed and parsed in recovery mode. + +Fixes #243. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61] +CVE: CVE-2021-3537 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> + +--- + parser.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/parser.c b/parser.c +index b42e6043..73c27edd 100644 +--- a/parser.c ++++ b/parser.c +@@ -6208,6 +6208,8 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, + SKIP_BLANKS; + cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, + depth + 1); ++ if (cur == NULL) ++ return(NULL); + SKIP_BLANKS; + GROW; + } else { +@@ -6341,6 +6343,11 @@ xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk, + SKIP_BLANKS; + last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, + depth + 1); ++ if (last == NULL) { ++ if (ret != NULL) ++ xmlFreeDocElementContent(ctxt->myDoc, ret); ++ return(NULL); ++ } + SKIP_BLANKS; + } else { + elem = xmlParseName(ctxt); +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/CVE-2021-3541.patch b/recipes-core/libxml/libxml2/CVE-2021-3541.patch new file mode 100644 index 0000000..1f392b4 --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2021-3541.patch @@ -0,0 +1,73 @@ +From 8598060bacada41a0eb09d95c97744ff4e428f8e Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Thu, 13 May 2021 14:55:12 +0200 +Subject: [PATCH] Patch for security issue CVE-2021-3541 + +This is relapted to parameter entities expansion and following +the line of the billion laugh attack. Somehow in that path the +counting of parameters was missed and the normal algorithm based +on entities "density" was useless. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e] +CVE: CVE-2021-3541 +Signed-off-by: Steve Sakoman <steve@sakoman.com> + +--- + parser.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/parser.c b/parser.c +index f5e5e169..c9312fa4 100644 +--- a/parser.c ++++ b/parser.c +@@ -140,6 +140,7 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, + xmlEntityPtr ent, size_t replacement) + { + size_t consumed = 0; ++ int i; + + if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE)) + return (0); +@@ -177,6 +178,28 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, + rep = NULL; + } + } ++ ++ /* ++ * Prevent entity exponential check, not just replacement while ++ * parsing the DTD ++ * The check is potentially costly so do that only once in a thousand ++ */ ++ if ((ctxt->instate == XML_PARSER_DTD) && (ctxt->nbentities > 10000) && ++ (ctxt->nbentities % 1024 == 0)) { ++ for (i = 0;i < ctxt->inputNr;i++) { ++ consumed += ctxt->inputTab[i]->consumed + ++ (ctxt->inputTab[i]->cur - ctxt->inputTab[i]->base); ++ } ++ if (ctxt->nbentities > consumed * XML_PARSER_NON_LINEAR) { ++ xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); ++ ctxt->instate = XML_PARSER_EOF; ++ return (1); ++ } ++ consumed = 0; ++ } ++ ++ ++ + if (replacement != 0) { + if (replacement < XML_MAX_TEXT_LENGTH) + return(0); +@@ -7963,6 +7986,9 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) + xmlChar start[4]; + xmlCharEncoding enc; + ++ if (xmlParserEntityCheck(ctxt, 0, entity, 0)) ++ return; ++ + if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && + ((ctxt->options & XML_PARSE_NOENT) == 0) && + ((ctxt->options & XML_PARSE_DTDVALID) == 0) && +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch b/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch new file mode 100644 index 0000000..7fc243e --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-23308-fix-regression.patch @@ -0,0 +1,98 @@ +From 646fe48d1c8a74310c409ddf81fe7df6700052af Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 22 Feb 2022 11:51:08 +0100 +Subject: [PATCH] Fix --without-valid build + +Regressed in commit 652dd12a. +--- + valid.c | 58 ++++++++++++++++++++++++++++----------------------------- + 1 file changed, 29 insertions(+), 29 deletions(-) +--- + +From https://github.com/GNOME/libxml2.git + commit 646fe48d1c8a74310c409ddf81fe7df6700052af + +CVE: CVE-2022-23308 +Upstream-Status: Backport + +Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> + +diff --git a/valid.c b/valid.c +index 8e596f1d..9684683a 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,35 +479,6 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + +-/** +- * xmlValidNormalizeString: +- * @str: a string +- * +- * Normalize a string in-place. +- */ +-static void +-xmlValidNormalizeString(xmlChar *str) { +- xmlChar *dst; +- const xmlChar *src; +- +- if (str == NULL) +- return; +- src = str; +- dst = str; +- +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; +-} +- + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2636,6 +2607,35 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + static int + xmlIsStreaming(xmlValidCtxtPtr ctxt) { + xmlParserCtxtPtr pctxt; +-- +2.35.1 + diff --git a/recipes-core/libxml/libxml2/CVE-2022-23308.patch b/recipes-core/libxml/libxml2/CVE-2022-23308.patch new file mode 100644 index 0000000..bf5604e --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-23308.patch @@ -0,0 +1,204 @@ +From 8b66850de350f0fcd786ae776a65ba15a5999e50 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 8 Feb 2022 03:29:24 +0100 +Subject: [PATCH] Use-after-free of ID and IDREF attributes + +If a document is parsed with XML_PARSE_DTDVALID and without +XML_PARSE_NOENT, the value of ID attributes has to be normalized after +potentially expanding entities in xmlRemoveID. Otherwise, later calls +to xmlGetID can return a pointer to previously freed memory. + +ID attributes which are empty or contain only whitespace after +entity expansion are affected in a similar way. This is fixed by +not storing such attributes in the ID table. + +The test to detect streaming mode when validating against a DTD was +broken. In connection with the defects above, this could result in a +use-after-free when using the xmlReader interface with validation. +Fix detection of streaming mode to avoid similar issues. (This changes +the expected result of a test case. But as far as I can tell, using the +XML reader with XIncludes referencing the root document never worked +properly, anyway.) + +All of these issues can result in denial of service. Using xmlReader +with validation could result in disclosure of memory via the error +channel, typically stderr. The security impact of xmlGetID returning +a pointer to freed memory depends on the application. The typical use +case of calling xmlGetID on an unmodified document is not affected. + +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e] + +The upstream patch 652dd12a858989b14eed4e84e453059cd3ba340e has been modified +to skip the patch to the testsuite result (result/XInclude/ns1.xml.rdr), as +this particular test does not exist in v2.9.10 (it was added later). + +CVE: CVE-2022-23308 +Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> + +--- + valid.c | 88 +++++++++++++++++++++++++++++++++++---------------------- + 1 file changed, 55 insertions(+), 33 deletions(-) + +diff --git a/valid.c b/valid.c +index 07963e7..ee75311 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,6 +479,35 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2607,6 +2636,24 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++static int ++xmlIsStreaming(xmlValidCtxtPtr ctxt) { ++ xmlParserCtxtPtr pctxt; ++ ++ if (ctxt == NULL) ++ return(0); ++ /* ++ * These magic values are also abused to detect whether we're validating ++ * while parsing a document. In this case, userData points to the parser ++ * context. ++ */ ++ if ((ctxt->finishDtd != XML_CTXT_FINISH_DTD_0) && ++ (ctxt->finishDtd != XML_CTXT_FINISH_DTD_1)) ++ return(0); ++ pctxt = ctxt->userData; ++ return(pctxt->parseMode == XML_PARSE_READER); ++} ++ + /** + * xmlFreeID: + * @not: A id +@@ -2650,7 +2697,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + if (doc == NULL) { + return(NULL); + } +- if (value == NULL) { ++ if ((value == NULL) || (value[0] == 0)) { + return(NULL); + } + if (attr == NULL) { +@@ -2681,7 +2728,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + */ + ret->value = xmlStrdup(value); + ret->doc = doc; +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -2820,6 +2867,7 @@ xmlRemoveID(xmlDocPtr doc, xmlAttrPtr attr) { + ID = xmlNodeListGetString(doc, attr->children, 1); + if (ID == NULL) + return(-1); ++ xmlValidNormalizeString(ID); + + id = xmlHashLookup(table, ID); + if (id == NULL || id->attr != attr) { +@@ -3009,7 +3057,7 @@ xmlAddRef(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + * fill the structure. + */ + ret->value = xmlStrdup(value); +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -4028,8 +4076,7 @@ xmlValidateAttributeValue2(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlNodePtr elem, const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + int extsubset = 0; + +@@ -4070,19 +4117,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + if ((doc->standalone) && (extsubset == 1) && (!xmlStrEqual(value, ret))) { + xmlErrValidNode(ctxt, elem, XML_DTD_NOT_STANDALONE, + "standalone: %s on %s value had to be normalized based on external subset declaration\n", +@@ -4114,8 +4149,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + + if (doc == NULL) return(NULL); +@@ -4145,19 +4179,7 @@ xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + return(ret); + } + diff --git a/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch b/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch new file mode 100644 index 0000000..63d613c --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-29824-dependent.patch @@ -0,0 +1,53 @@ +From b07251215ef48c70c6e56f7351406c47cfca4d5b Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Fri, 10 Jan 2020 15:55:07 +0100 +Subject: [PATCH] Fix integer overflow in xmlBufferResize + +Found by OSS-Fuzz. + +CVE: CVE-2022-29824 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/b07251215ef48c70c6e56f7351406c47cfca4d5b] + +Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> + +--- + tree.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tree.c b/tree.c +index 0d7fc98c..f43f6de1 100644 +--- a/tree.c ++++ b/tree.c +@@ -7424,12 +7424,17 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + if (size < buf->size) + return 1; + ++ if (size > UINT_MAX - 10) { ++ xmlTreeErrMemory("growing buffer"); ++ return 0; ++ } ++ + /* figure out new size */ + switch (buf->alloc){ + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size*2 : size + 10); ++ newSize = (buf->size ? buf->size : size + 10); + while (size > newSize) { + if (newSize > UINT_MAX / 2) { + xmlTreeErrMemory("growing buffer"); +@@ -7445,7 +7450,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + if (buf->use < BASE_BUFFER_SIZE) + newSize = size; + else { +- newSize = buf->size * 2; ++ newSize = buf->size; + while (size > newSize) { + if (newSize > UINT_MAX / 2) { + xmlTreeErrMemory("growing buffer"); +-- +GitLab + + diff --git a/recipes-core/libxml/libxml2/CVE-2022-29824.patch b/recipes-core/libxml/libxml2/CVE-2022-29824.patch new file mode 100644 index 0000000..ad7b87d --- /dev/null +++ b/recipes-core/libxml/libxml2/CVE-2022-29824.patch @@ -0,0 +1,348 @@ +From 2554a2408e09f13652049e5ffb0d26196b02ebab Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 8 Mar 2022 20:10:02 +0100 +Subject: [PATCH] [CVE-2022-29824] Fix integer overflows in xmlBuf and + xmlBuffer + +In several places, the code handling string buffers didn't check for +integer overflow or used wrong types for buffer sizes. This could +result in out-of-bounds writes or other memory errors when working on +large, multi-gigabyte buffers. + +Thanks to Felix Wilhelm for the report. + +CVE: CVE-2022-29824 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab] + +Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> + +--- + buf.c | 86 +++++++++++++++++++++++----------------------------------- + tree.c | 72 ++++++++++++++++++------------------------------ + 2 files changed, 61 insertions(+), 97 deletions(-) + +diff --git a/buf.c b/buf.c +index 24368d37..40a5ee06 100644 +--- a/buf.c ++++ b/buf.c +@@ -30,6 +30,10 @@ + #include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */ + #include "buf.h" + ++#ifndef SIZE_MAX ++#define SIZE_MAX ((size_t) -1) ++#endif ++ + #define WITH_BUFFER_COMPAT + + /** +@@ -156,6 +160,8 @@ xmlBufPtr + xmlBufCreateSize(size_t size) { + xmlBufPtr ret; + ++ if (size == SIZE_MAX) ++ return(NULL); + ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf)); + if (ret == NULL) { + xmlBufMemoryError(NULL, "creating buffer"); +@@ -166,8 +172,8 @@ xmlBufCreateSize(size_t size) { + ret->error = 0; + ret->buffer = NULL; + ret->alloc = xmlBufferAllocScheme; +- ret->size = (size ? size+2 : 0); /* +1 for ending null */ +- ret->compat_size = (int) ret->size; ++ ret->size = (size ? size + 1 : 0); /* +1 for ending null */ ++ ret->compat_size = (ret->size > INT_MAX ? INT_MAX : ret->size); + if (ret->size){ + ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); + if (ret->content == NULL) { +@@ -442,23 +448,17 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) { + CHECK_COMPAT(buf) + + if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); +- if (buf->use + len < buf->size) ++ if (len < buf->size - buf->use) + return(buf->size - buf->use); ++ if (len > SIZE_MAX - buf->use) ++ return(0); + +- /* +- * Windows has a BIG problem on realloc timing, so we try to double +- * the buffer size (if that's enough) (bug 146697) +- * Apparently BSD too, and it's probably best for linux too +- * On an embedded system this may be something to change +- */ +-#if 1 +- if (buf->size > (size_t) len) +- size = buf->size * 2; +- else +- size = buf->use + len + 100; +-#else +- size = buf->use + len + 100; +-#endif ++ if (buf->size > (size_t) len) { ++ size = buf->size > SIZE_MAX / 2 ? SIZE_MAX : buf->size * 2; ++ } else { ++ size = buf->use + len; ++ size = size > SIZE_MAX - 100 ? SIZE_MAX : size + 100; ++ } + + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* +@@ -744,7 +744,7 @@ xmlBufIsEmpty(const xmlBufPtr buf) + int + xmlBufResize(xmlBufPtr buf, size_t size) + { +- unsigned int newSize; ++ size_t newSize; + xmlChar* rebuf = NULL; + size_t start_buf; + +@@ -772,9 +772,13 @@ xmlBufResize(xmlBufPtr buf, size_t size) + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size*2 : size + 10); ++ if (buf->size == 0) { ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); ++ } else { ++ newSize = buf->size; ++ } + while (size > newSize) { +- if (newSize > UINT_MAX / 2) { ++ if (newSize > SIZE_MAX / 2) { + xmlBufMemoryError(buf, "growing buffer"); + return 0; + } +@@ -782,15 +786,15 @@ xmlBufResize(xmlBufPtr buf, size_t size) + } + break; + case XML_BUFFER_ALLOC_EXACT: +- newSize = size+10; ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); + break; + case XML_BUFFER_ALLOC_HYBRID: + if (buf->use < BASE_BUFFER_SIZE) + newSize = size; + else { +- newSize = buf->size * 2; ++ newSize = buf->size; + while (size > newSize) { +- if (newSize > UINT_MAX / 2) { ++ if (newSize > SIZE_MAX / 2) { + xmlBufMemoryError(buf, "growing buffer"); + return 0; + } +@@ -800,7 +804,7 @@ xmlBufResize(xmlBufPtr buf, size_t size) + break; + + default: +- newSize = size+10; ++ newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); + break; + } + +@@ -866,7 +870,7 @@ xmlBufResize(xmlBufPtr buf, size_t size) + */ + int + xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { +- unsigned int needSize; ++ size_t needSize; + + if ((str == NULL) || (buf == NULL) || (buf->error)) + return -1; +@@ -888,8 +892,10 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { + if (len < 0) return -1; + if (len == 0) return 0; + +- needSize = buf->use + len + 2; +- if (needSize > buf->size){ ++ if ((size_t) len >= buf->size - buf->use) { ++ if ((size_t) len >= SIZE_MAX - buf->use) ++ return(-1); ++ needSize = buf->use + len + 1; + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { + /* + * Used to provide parsing limits +@@ -1025,31 +1031,7 @@ xmlBufCat(xmlBufPtr buf, const xmlChar *str) { + */ + int + xmlBufCCat(xmlBufPtr buf, const char *str) { +- const char *cur; +- +- if ((buf == NULL) || (buf->error)) +- return(-1); +- CHECK_COMPAT(buf) +- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; +- if (str == NULL) { +-#ifdef DEBUG_BUFFER +- xmlGenericError(xmlGenericErrorContext, +- "xmlBufCCat: str == NULL\n"); +-#endif +- return -1; +- } +- for (cur = str;*cur != 0;cur++) { +- if (buf->use + 10 >= buf->size) { +- if (!xmlBufResize(buf, buf->use+10)){ +- xmlBufMemoryError(buf, "growing buffer"); +- return XML_ERR_NO_MEMORY; +- } +- } +- buf->content[buf->use++] = *cur; +- } +- buf->content[buf->use] = 0; +- UPDATE_COMPAT(buf) +- return 0; ++ return xmlBufCat(buf, (const xmlChar *) str); + } + + /** +diff --git a/tree.c b/tree.c +index 9d94aa42..86afb7d6 100644 +--- a/tree.c ++++ b/tree.c +@@ -7104,6 +7104,8 @@ xmlBufferPtr + xmlBufferCreateSize(size_t size) { + xmlBufferPtr ret; + ++ if (size >= UINT_MAX) ++ return(NULL); + ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); + if (ret == NULL) { + xmlTreeErrMemory("creating buffer"); +@@ -7111,7 +7113,7 @@ xmlBufferCreateSize(size_t size) { + } + ret->use = 0; + ret->alloc = xmlBufferAllocScheme; +- ret->size = (size ? size+2 : 0); /* +1 for ending null */ ++ ret->size = (size ? size + 1 : 0); /* +1 for ending null */ + if (ret->size){ + ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); + if (ret->content == NULL) { +@@ -7171,6 +7173,8 @@ xmlBufferCreateStatic(void *mem, size_t size) { + + if ((mem == NULL) || (size == 0)) + return(NULL); ++ if (size > UINT_MAX) ++ return(NULL); + + ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); + if (ret == NULL) { +@@ -7318,28 +7322,23 @@ xmlBufferShrink(xmlBufferPtr buf, unsigned int len) { + */ + int + xmlBufferGrow(xmlBufferPtr buf, unsigned int len) { +- int size; ++ unsigned int size; + xmlChar *newbuf; + + if (buf == NULL) return(-1); + + if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); +- if (len + buf->use < buf->size) return(0); ++ if (len < buf->size - buf->use) ++ return(0); ++ if (len > UINT_MAX - buf->use) ++ return(-1); + +- /* +- * Windows has a BIG problem on realloc timing, so we try to double +- * the buffer size (if that's enough) (bug 146697) +- * Apparently BSD too, and it's probably best for linux too +- * On an embedded system this may be something to change +- */ +-#if 1 +- if (buf->size > len) +- size = buf->size * 2; +- else +- size = buf->use + len + 100; +-#else +- size = buf->use + len + 100; +-#endif ++ if (buf->size > (size_t) len) { ++ size = buf->size > UINT_MAX / 2 ? UINT_MAX : buf->size * 2; ++ } else { ++ size = buf->use + len; ++ size = size > UINT_MAX - 100 ? UINT_MAX : size + 100; ++ } + + if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { + size_t start_buf = buf->content - buf->contentIO; +@@ -7466,7 +7465,10 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + case XML_BUFFER_ALLOC_IO: + case XML_BUFFER_ALLOC_DOUBLEIT: + /*take care of empty case*/ +- newSize = (buf->size ? buf->size : size + 10); ++ if (buf->size == 0) ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10); ++ else ++ newSize = buf->size; + while (size > newSize) { + if (newSize > UINT_MAX / 2) { + xmlTreeErrMemory("growing buffer"); +@@ -7476,7 +7478,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + } + break; + case XML_BUFFER_ALLOC_EXACT: +- newSize = size+10; ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; + break; + case XML_BUFFER_ALLOC_HYBRID: + if (buf->use < BASE_BUFFER_SIZE) +@@ -7494,7 +7496,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) + break; + + default: +- newSize = size+10; ++ newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; + break; + } + +@@ -7580,8 +7582,10 @@ xmlBufferAdd(xmlBufferPtr buf, const xmlChar *str, int len) { + if (len < 0) return -1; + if (len == 0) return 0; + +- needSize = buf->use + len + 2; +- if (needSize > buf->size){ ++ if ((unsigned) len >= buf->size - buf->use) { ++ if ((unsigned) len >= UINT_MAX - buf->use) ++ return XML_ERR_NO_MEMORY; ++ needSize = buf->use + len + 1; + if (!xmlBufferResize(buf, needSize)){ + xmlTreeErrMemory("growing buffer"); + return XML_ERR_NO_MEMORY; +@@ -7694,29 +7698,7 @@ xmlBufferCat(xmlBufferPtr buf, const xmlChar *str) { + */ + int + xmlBufferCCat(xmlBufferPtr buf, const char *str) { +- const char *cur; +- +- if (buf == NULL) +- return(-1); +- if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; +- if (str == NULL) { +-#ifdef DEBUG_BUFFER +- xmlGenericError(xmlGenericErrorContext, +- "xmlBufferCCat: str == NULL\n"); +-#endif +- return -1; +- } +- for (cur = str;*cur != 0;cur++) { +- if (buf->use + 10 >= buf->size) { +- if (!xmlBufferResize(buf, buf->use+10)){ +- xmlTreeErrMemory("growing buffer"); +- return XML_ERR_NO_MEMORY; +- } +- } +- buf->content[buf->use++] = *cur; +- } +- buf->content[buf->use] = 0; +- return 0; ++ return xmlBufferCat(buf, (const xmlChar *) str); + } + + /** +-- +GitLab + diff --git a/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch b/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch new file mode 100644 index 0000000..ad719d4 --- /dev/null +++ b/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch @@ -0,0 +1,33 @@ +From 395c0f53ec226aaabedb166e6b3a7f8590b95a5f Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:39:15 +0800 +Subject: [PATCH] Make sure that Makefile doesn't try to compile these tests + again on the target where the source dependencies won't be available. + +Upstream-Status: Inappropriate [cross-compile specific] + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> + +Rebase to 2.9.9 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 8f4e43d..5edb930 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -211,8 +211,7 @@ install-ptest: + sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile + $(MAKE) -C python install-ptest + +-runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ +- testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) ++runtests: + [ -d test ] || $(LN_S) $(srcdir)/test . + [ -d result ] || $(LN_S) $(srcdir)/result . + $(CHECKER) ./runtest$(EXEEXT) && \ +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/libxml-64bit.patch b/recipes-core/libxml/libxml2/libxml-64bit.patch new file mode 100644 index 0000000..fd8e469 --- /dev/null +++ b/recipes-core/libxml/libxml2/libxml-64bit.patch @@ -0,0 +1,28 @@ +From 056b14345b1abd76a761ab14538f1bc21302781a Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:26:51 +0800 +Subject: [PATCH] libxml 64bit + +Upstream-Status: Backport [from debian: bugs.debian.org/439843] +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + libxml.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libxml.h b/libxml.h +index 64e30f7..4e80d90 100644 +--- a/libxml.h ++++ b/libxml.h +@@ -15,6 +15,9 @@ + #ifndef _LARGEFILE_SOURCE + #define _LARGEFILE_SOURCE + #endif ++#ifndef _LARGEFILE64_SOURCE ++#define _LARGEFILE64_SOURCE ++#endif + #ifndef _FILE_OFFSET_BITS + #define _FILE_OFFSET_BITS 64 + #endif +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch new file mode 100644 index 0000000..e6998f6 --- /dev/null +++ b/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch @@ -0,0 +1,216 @@ +From 43edc9a445ed66cceb7533eadeef242940b4592c Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:37:12 +0800 +Subject: [PATCH] AM_PATH_XML2 uses xml-config which we disable through +binconfig-disabled.bbclass, so port it to use pkg-config instead. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +Rebase to 2.9.9 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + libxml.m4 | 186 ++------------------------------------------------------------ + 1 file changed, 5 insertions(+), 181 deletions(-) + +diff --git a/libxml.m4 b/libxml.m4 +index 2d7a6f5..1c53585 100644 +--- a/libxml.m4 ++++ b/libxml.m4 +@@ -1,188 +1,12 @@ +-# Configure paths for LIBXML2 +-# Mike Hommey 2004-06-19 +-# use CPPFLAGS instead of CFLAGS +-# Toshio Kuratomi 2001-04-21 +-# Adapted from: +-# Configure paths for GLIB +-# Owen Taylor 97-11-3 +- + dnl AM_PATH_XML2([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]]) + dnl Test for XML, and define XML_CPPFLAGS and XML_LIBS + dnl +-AC_DEFUN([AM_PATH_XML2],[ +-AC_ARG_WITH(xml-prefix, +- [ --with-xml-prefix=PFX Prefix where libxml is installed (optional)], +- xml_config_prefix="$withval", xml_config_prefix="") +-AC_ARG_WITH(xml-exec-prefix, +- [ --with-xml-exec-prefix=PFX Exec prefix where libxml is installed (optional)], +- xml_config_exec_prefix="$withval", xml_config_exec_prefix="") +-AC_ARG_ENABLE(xmltest, +- [ --disable-xmltest Do not try to compile and run a test LIBXML program],, +- enable_xmltest=yes) +- +- if test x$xml_config_exec_prefix != x ; then +- xml_config_args="$xml_config_args" +- if test x${XML2_CONFIG+set} != xset ; then +- XML2_CONFIG=$xml_config_exec_prefix/bin/xml2-config +- fi +- fi +- if test x$xml_config_prefix != x ; then +- xml_config_args="$xml_config_args --prefix=$xml_config_prefix" +- if test x${XML2_CONFIG+set} != xset ; then +- XML2_CONFIG=$xml_config_prefix/bin/xml2-config +- fi +- fi +- +- AC_PATH_PROG(XML2_CONFIG, xml2-config, no) +- min_xml_version=ifelse([$1], ,2.0.0,[$1]) +- AC_MSG_CHECKING(for libxml - version >= $min_xml_version) +- no_xml="" +- if test "$XML2_CONFIG" = "no" ; then +- no_xml=yes +- else +- XML_CPPFLAGS=`$XML2_CONFIG $xml_config_args --cflags` +- XML_LIBS=`$XML2_CONFIG $xml_config_args --libs` +- xml_config_major_version=`$XML2_CONFIG $xml_config_args --version | \ +- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'` +- xml_config_minor_version=`$XML2_CONFIG $xml_config_args --version | \ +- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'` +- xml_config_micro_version=`$XML2_CONFIG $xml_config_args --version | \ +- sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'` +- if test "x$enable_xmltest" = "xyes" ; then +- ac_save_CPPFLAGS="$CPPFLAGS" +- ac_save_LIBS="$LIBS" +- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" +- LIBS="$XML_LIBS $LIBS" +-dnl +-dnl Now check if the installed libxml is sufficiently new. +-dnl (Also sanity checks the results of xml2-config to some extent) +-dnl +- rm -f conf.xmltest +- AC_TRY_RUN([ +-#include <stdlib.h> +-#include <stdio.h> +-#include <string.h> +-#include <libxml/xmlversion.h> +- +-int +-main() +-{ +- int xml_major_version, xml_minor_version, xml_micro_version; +- int major, minor, micro; +- char *tmp_version; +- +- system("touch conf.xmltest"); +- +- /* Capture xml2-config output via autoconf/configure variables */ +- /* HP/UX 9 (%@#!) writes to sscanf strings */ +- tmp_version = (char *)strdup("$min_xml_version"); +- if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ) != 3) { +- printf("%s, bad version string from xml2-config\n", "$min_xml_version"); +- exit(1); +- } +- free(tmp_version); +- +- /* Capture the version information from the header files */ +- tmp_version = (char *)strdup(LIBXML_DOTTED_VERSION); +- if (sscanf(tmp_version, "%d.%d.%d", &xml_major_version, &xml_minor_version, &xml_micro_version) != 3) { +- printf("%s, bad version string from libxml includes\n", "LIBXML_DOTTED_VERSION"); +- exit(1); +- } +- free(tmp_version); +- +- /* Compare xml2-config output to the libxml headers */ +- if ((xml_major_version != $xml_config_major_version) || +- (xml_minor_version != $xml_config_minor_version) || +- (xml_micro_version != $xml_config_micro_version)) +- { +- printf("*** libxml header files (version %d.%d.%d) do not match\n", +- xml_major_version, xml_minor_version, xml_micro_version); +- printf("*** xml2-config (version %d.%d.%d)\n", +- $xml_config_major_version, $xml_config_minor_version, $xml_config_micro_version); +- return 1; +- } +-/* Compare the headers to the library to make sure we match */ +- /* Less than ideal -- doesn't provide us with return value feedback, +- * only exits if there's a serious mismatch between header and library. +- */ +- LIBXML_TEST_VERSION; +- +- /* Test that the library is greater than our minimum version */ +- if ((xml_major_version > major) || +- ((xml_major_version == major) && (xml_minor_version > minor)) || +- ((xml_major_version == major) && (xml_minor_version == minor) && +- (xml_micro_version >= micro))) +- { +- return 0; +- } +- else +- { +- printf("\n*** An old version of libxml (%d.%d.%d) was found.\n", +- xml_major_version, xml_minor_version, xml_micro_version); +- printf("*** You need a version of libxml newer than %d.%d.%d. The latest version of\n", +- major, minor, micro); +- printf("*** libxml is always available from ftp://ftp.xmlsoft.org.\n"); +- printf("***\n"); +- printf("*** If you have already installed a sufficiently new version, this error\n"); +- printf("*** probably means that the wrong copy of the xml2-config shell script is\n"); +- printf("*** being found. The easiest way to fix this is to remove the old version\n"); +- printf("*** of LIBXML, but you can also set the XML2_CONFIG environment to point to the\n"); +- printf("*** correct copy of xml2-config. (In this case, you will have to\n"); +- printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); +- printf("*** so that the correct libraries are found at run-time))\n"); +- } +- return 1; +-} +-],, no_xml=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) +- CPPFLAGS="$ac_save_CPPFLAGS" +- LIBS="$ac_save_LIBS" +- fi +- fi ++AC_DEFUN([AM_PATH_XML2],[ ++ AC_REQUIRE([PKG_PROG_PKG_CONFIG]) + +- if test "x$no_xml" = x ; then +- AC_MSG_RESULT(yes (version $xml_config_major_version.$xml_config_minor_version.$xml_config_micro_version)) +- ifelse([$2], , :, [$2]) +- else +- AC_MSG_RESULT(no) +- if test "$XML2_CONFIG" = "no" ; then +- echo "*** The xml2-config script installed by LIBXML could not be found" +- echo "*** If libxml was installed in PREFIX, make sure PREFIX/bin is in" +- echo "*** your path, or set the XML2_CONFIG environment variable to the" +- echo "*** full path to xml2-config." +- else +- if test -f conf.xmltest ; then +- : +- else +- echo "*** Could not run libxml test program, checking why..." +- CPPFLAGS="$CPPFLAGS $XML_CPPFLAGS" +- LIBS="$LIBS $XML_LIBS" +- AC_TRY_LINK([ +-#include <libxml/xmlversion.h> +-#include <stdio.h> +-], [ LIBXML_TEST_VERSION; return 0;], +- [ echo "*** The test program compiled, but did not run. This usually means" +- echo "*** that the run-time linker is not finding LIBXML or finding the wrong" +- echo "*** version of LIBXML. If it is not finding LIBXML, you'll need to set your" +- echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" +- echo "*** to the installed location Also, make sure you have run ldconfig if that" +- echo "*** is required on your system" +- echo "***" +- echo "*** If you have an old version installed, it is best to remove it, although" +- echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ], +- [ echo "*** The test program failed to compile or link. See the file config.log for the" +- echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed" +- echo "*** or that you have moved LIBXML since it was installed. In the latter case, you" +- echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ]) +- CPPFLAGS="$ac_save_CPPFLAGS" +- LIBS="$ac_save_LIBS" +- fi +- fi ++ verdep=ifelse([$1], [], [], [">= $1"]) ++ PKG_CHECK_MODULES(XML, [libxml-2.0 $verdep], [$2], [$3]) + +- XML_CPPFLAGS="" +- XML_LIBS="" +- ifelse([$3], , :, [$3]) +- fi ++ XML_CPPFLAGS=$XML_CFLAGS + AC_SUBST(XML_CPPFLAGS) +- AC_SUBST(XML_LIBS) +- rm -f conf.xmltest + ]) +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/python-sitepackages-dir.patch b/recipes-core/libxml/libxml2/python-sitepackages-dir.patch new file mode 100644 index 0000000..956ff3f --- /dev/null +++ b/recipes-core/libxml/libxml2/python-sitepackages-dir.patch @@ -0,0 +1,35 @@ +From b038c3452667ed17ddb0e791cd7bdc7f8774ac29 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 20:35:20 +0800 +Subject: [PATCH] Allow us to pass in PYTHON_SITE_PACKAGES + +The python binary used when building for nativesdk doesn't give us the +correct path here so we need to be able to specify it ourselves. + +Upstream-Status: Inappropriate [config] +Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> + +Rebase to 2.9.9 + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + configure.ac | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index ca911f3..3bbd654 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -808,7 +808,8 @@ dnl + + PYTHON_VERSION= + PYTHON_INCLUDES= +-PYTHON_SITE_PACKAGES= ++# Allow this to be set externally ++#PYTHON_SITE_PACKAGES= + PYTHON_TESTS= + pythondir= + if test "$with_python" != "no" ; then +-- +2.7.4 + diff --git a/recipes-core/libxml/libxml2/run-ptest b/recipes-core/libxml/libxml2/run-ptest new file mode 100644 index 0000000..c313d83 --- /dev/null +++ b/recipes-core/libxml/libxml2/run-ptest @@ -0,0 +1,4 @@ +#!/bin/sh + +export LC_ALL=en_US.UTF-8 +make -k runtests diff --git a/recipes-core/libxml/libxml2/runtest.patch b/recipes-core/libxml/libxml2/runtest.patch new file mode 100644 index 0000000..c7a90cd --- /dev/null +++ b/recipes-core/libxml/libxml2/runtest.patch @@ -0,0 +1,847 @@ +From 6172ccd1e74bc181f5298f19e240234e12876abe Mon Sep 17 00:00:00 2001 +From: Tony Tascioglu <tony.tascioglu@windriver.com> +Date: Tue, 11 May 2021 11:57:46 -0400 +Subject: [PATCH] Add 'install-ptest' rule. + +Print a standard result line for each test. + +Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com> +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> +Upstream-Status: Pending + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> +--- + Makefile.am | 9 +++ + runsuite.c | 1 + + runtest.c | 2 + + runxmlconf.c | 1 + + testapi.c | 122 ++++++++++++++++++++++++++------------- + testchar.c | 156 +++++++++++++++++++++++++++++++++++--------------- + testdict.c | 1 + + testlimits.c | 1 + + testrecurse.c | 2 + + 9 files changed, 210 insertions(+), 85 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 05d1671f..ae622745 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -198,6 +198,15 @@ runxmlconf_LDADD= $(LDADDS) + #testOOM_DEPENDENCIES = $(DEPS) + #testOOM_LDADD= $(LDADDS) + ++install-ptest: ++ @(if [ -d .libs ] ; then cd .libs; fi; \ ++ install $(check_PROGRAMS) $(DESTDIR)) ++ cp -r $(srcdir)/test $(DESTDIR) ++ cp -r $(srcdir)/result $(DESTDIR) ++ cp -r $(srcdir)/python $(DESTDIR) ++ cp Makefile $(DESTDIR) ++ sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile ++ + runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \ + testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT) + [ -d test ] || $(LN_S) $(srcdir)/test . +diff --git a/runsuite.c b/runsuite.c +index d24b5ec3..f7ff2521 100644 +--- a/runsuite.c ++++ b/runsuite.c +@@ -1147,6 +1147,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + + if (logfile != NULL) + fclose(logfile); ++ printf("%s: runsuite\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } + #else /* !SCHEMAS */ +diff --git a/runtest.c b/runtest.c +index ffa98d04..470f95cb 100644 +--- a/runtest.c ++++ b/runtest.c +@@ -4508,6 +4508,7 @@ launchTests(testDescPtr tst) { + xmlCharEncCloseFunc(ebcdicHandler); + xmlCharEncCloseFunc(eucJpHandler); + ++ printf("%s: %s\n", (err == 0) ? "PASS" : "FAIL", tst->desc); + return(err); + } + +@@ -4588,6 +4589,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + xmlCleanupParser(); + xmlMemoryDump(); + ++ printf("%s: runtest\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } + +diff --git a/runxmlconf.c b/runxmlconf.c +index 70f61017..e882b3a1 100644 +--- a/runxmlconf.c ++++ b/runxmlconf.c +@@ -595,6 +595,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + + if (logfile != NULL) + fclose(logfile); ++ printf("%s: runxmlconf\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } + +diff --git a/testapi.c b/testapi.c +index ff8b470d..52b51d78 100644 +--- a/testapi.c ++++ b/testapi.c +@@ -1246,49 +1246,91 @@ static int + testlibxml2(void) + { + int test_ret = 0; +- +- test_ret += test_HTMLparser(); +- test_ret += test_HTMLtree(); +- test_ret += test_SAX2(); +- test_ret += test_c14n(); +- test_ret += test_catalog(); +- test_ret += test_chvalid(); +- test_ret += test_debugXML(); +- test_ret += test_dict(); +- test_ret += test_encoding(); +- test_ret += test_entities(); +- test_ret += test_hash(); +- test_ret += test_list(); +- test_ret += test_nanoftp(); +- test_ret += test_nanohttp(); +- test_ret += test_parser(); +- test_ret += test_parserInternals(); +- test_ret += test_pattern(); +- test_ret += test_relaxng(); +- test_ret += test_schemasInternals(); +- test_ret += test_schematron(); +- test_ret += test_tree(); +- test_ret += test_uri(); +- test_ret += test_valid(); +- test_ret += test_xinclude(); +- test_ret += test_xmlIO(); +- test_ret += test_xmlautomata(); +- test_ret += test_xmlerror(); +- test_ret += test_xmlmodule(); +- test_ret += test_xmlreader(); +- test_ret += test_xmlregexp(); +- test_ret += test_xmlsave(); +- test_ret += test_xmlschemas(); +- test_ret += test_xmlschemastypes(); +- test_ret += test_xmlstring(); +- test_ret += test_xmlunicode(); +- test_ret += test_xmlwriter(); +- test_ret += test_xpath(); +- test_ret += test_xpathInternals(); +- test_ret += test_xpointer(); ++ int ret = 0; ++ ++ test_ret += (ret = test_HTMLparser()); ++ printf("%s: HTMLparser\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_HTMLtree()); ++ printf("%s: HTMLtree\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_SAX2()); ++ printf("%s: SAX2\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_c14n()); ++ printf("%s: c14n\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_catalog()); ++ printf("%s: catalog\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_chvalid()); ++ printf("%s: chvalid\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_debugXML()); ++ printf("%s: debugXML\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_dict()); ++ printf("%s: dict\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_encoding()); ++ printf("%s: encoding\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_entities()); ++ printf("%s: entities\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_hash()); ++ printf("%s: hash\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_list()); ++ printf("%s: list\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_nanoftp()); ++ printf("%s: nanoftp\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_nanohttp()); ++ printf("%s: nanohttp\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_parser()); ++ printf("%s: parser\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_parserInternals()); ++ printf("%s: parserInternals\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_pattern()); ++ printf("%s: pattern\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_relaxng()); ++ printf("%s: relaxng\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_schemasInternals()); ++ printf("%s: schemasInternals\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_schematron()); ++ printf("%s: schematron\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_tree()); ++ printf("%s: tree\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_uri()); ++ printf("%s: uri\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_valid()); ++ printf("%s: valid\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xinclude()); ++ printf("%s: xinclude\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlIO()); ++ printf("%s: xmlIO\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlautomata()); ++ printf("%s: xmlautomata\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlerror()); ++ printf("%s: xmlerror\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlmodule()); ++ printf("%s: xmlmodule\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlreader()); ++ printf("%s: xmlreader\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlregexp()); ++ printf("%s: xmlregexp\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlsave()); ++ printf("%s: xmlsave\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlschemas()); ++ printf("%s: xmlschemas\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlschemastypes()); ++ printf("%s: xmlschemastypes\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlstring()); ++ printf("%s: xmlstring\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlunicode()); ++ printf("%s: xmlunicode\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xmlwriter()); ++ printf("%s: xmlwriter\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xpath()); ++ printf("%s: xpath\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xpathInternals()); ++ printf("%s: xpathInternals\n", (ret == 0) ? "PASS" : "FAIL"); ++ test_ret += (ret = test_xpointer()); ++ printf("%s: xpointer\n", (ret == 0) ? "PASS" : "FAIL"); + + printf("Total: %d functions, %d tests, %d errors\n", + function_tests, call_tests, test_ret); ++ ++ printf("%s: testapi\n\n", (test_ret == 0) ? "PASS" : "FAIL"); + return(test_ret); + } + +diff --git a/testchar.c b/testchar.c +index 6866a175..7bce0132 100644 +--- a/testchar.c ++++ b/testchar.c +@@ -23,7 +23,7 @@ static void errorHandler(void *unused, xmlErrorPtr err) { + char document1[100] = "<doc>XXXX</doc>"; + char document2[100] = "<doc foo='XXXX'/>"; + +-static void testDocumentRangeByte1(xmlParserCtxtPtr ctxt, char *document, ++static int testDocumentRangeByte1(xmlParserCtxtPtr ctxt, char *document, + int len, char *data, int forbid1, int forbid2) { + int i; + xmlDocPtr res; +@@ -37,33 +37,41 @@ static void testDocumentRangeByte1(xmlParserCtxtPtr ctxt, char *document, + res = xmlReadMemory(document, len, "test", NULL, 0); + + if ((i == forbid1) || (i == forbid2)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Byte 0x%02X: %c\n", + i, i); ++ return(1); ++ } + } + + else if ((i == '<') || (i == '&')) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect illegal char %c for Byte 0x%02X\n", i, i); ++ return(1); ++ } + } + else if (((i < 0x20) || (i >= 0x80)) && + (i != 0x9) && (i != 0xA) && (i != 0xD)) { +- if ((lastError != XML_ERR_INVALID_CHAR) && (res != NULL)) ++ if ((lastError != XML_ERR_INVALID_CHAR) && (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Byte 0x%02X\n", i); ++ return(1); ++ } + } + else if (res == NULL) { + fprintf(stderr, + "Failed to parse valid char for Byte 0x%02X : %c\n", i, i); ++ return(1); + } + if (res != NULL) + xmlFreeDoc(res); + } ++ return(0); + } + +-static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, ++static int testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + int len, char *data) { + int i, j; + xmlDocPtr res; +@@ -80,10 +88,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + + /* if first bit of first char is set, then second bit must too */ + if ((i & 0x80) && ((i & 0x40) == 0)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -91,10 +101,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * bits must be 10 + */ + else if ((i & 0x80) && ((j & 0xC0) != 0x80)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -102,10 +114,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * than 0x80, i.e. one of bits 5 to 1 of i must be set + */ + else if ((i & 0x80) && ((i & 0x1E) == 0)) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -113,10 +127,12 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * at least 3 bytes, but we give only 2 ! + */ + else if ((i & 0xE0) == 0xE0) { +- if ((lastError == 0) || (res != NULL)) ++ if ((lastError == 0) || (res != NULL)) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x00\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -125,11 +141,13 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + else if ((lastError != 0) || (res == NULL)) { + fprintf(stderr, + "Failed to parse document for Bytes 0x%02X 0x%02X\n", i, j); ++ return(1); + } + if (res != NULL) + xmlFreeDoc(res); + } + } ++ return(0); + } + + /** +@@ -141,9 +159,10 @@ static void testDocumentRangeByte2(xmlParserCtxtPtr ctxt, char *document, + * CDATA in text or in attribute values. + */ + +-static void testDocumentRanges(void) { ++static int testDocumentRanges(void) { + xmlParserCtxtPtr ctxt; + char *data; ++ int test_ret = 0; + + /* + * Set up a parsing context using the first document as +@@ -152,7 +171,7 @@ static void testDocumentRanges(void) { + ctxt = xmlNewParserCtxt(); + if (ctxt == NULL) { + fprintf(stderr, "Failed to allocate parser context\n"); +- return; ++ return(1); + } + + printf("testing 1 byte char in document: 1"); +@@ -163,7 +182,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at beginning of area */ +- testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), + data, -1, -1); + printf(" 2"); + fflush(stdout); +@@ -172,7 +191,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at end of area */ +- testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte1(ctxt, &document1[0], strlen(document1), + data + 3, -1, -1); + + printf(" 3"); +@@ -183,7 +202,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at beginning of area */ +- testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), + data, '\'', -1); + printf(" 4"); + fflush(stdout); +@@ -192,7 +211,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 1 byte injection at end of area */ +- testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte1(ctxt, &document2[0], strlen(document2), + data + 3, '\'', -1); + printf(" done\n"); + +@@ -204,7 +223,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at beginning of area */ +- testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), + data); + printf(" 2"); + fflush(stdout); +@@ -213,7 +232,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at end of area */ +- testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), ++ test_ret += testDocumentRangeByte2(ctxt, &document1[0], strlen(document1), + data + 2); + + printf(" 3"); +@@ -224,7 +243,7 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at beginning of area */ +- testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), + data); + printf(" 4"); + fflush(stdout); +@@ -233,14 +252,15 @@ static void testDocumentRanges(void) { + data[2] = ' '; + data[3] = ' '; + /* test 2 byte injection at end of area */ +- testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), ++ test_ret += testDocumentRangeByte2(ctxt, &document2[0], strlen(document2), + data + 2); + printf(" done\n"); + + xmlFreeParserCtxt(ctxt); ++ return(test_ret); + } + +-static void testCharRangeByte1(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte1(xmlParserCtxtPtr ctxt, char *data) { + int i = 0; + int len, c; + +@@ -255,19 +275,25 @@ static void testCharRangeByte1(xmlParserCtxtPtr ctxt, char *data) { + c = xmlCurrentChar(ctxt, &len); + if ((i == 0) || (i >= 0x80)) { + /* we must see an error there */ +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Byte 0x%02X\n", i); ++ return(1); ++ } + } else if (i == 0xD) { +- if ((c != 0xA) || (len != 1)) ++ if ((c != 0xA) || (len != 1)) { + fprintf(stderr, "Failed to convert char for Byte 0x%02X\n", i); ++ return(1); ++ } + } else if ((c != i) || (len != 1)) { + fprintf(stderr, "Failed to parse char for Byte 0x%02X\n", i); ++ return(1); + } + } ++ return(0); + } + +-static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + int i, j; + int len, c; + +@@ -284,10 +310,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + + /* if first bit of first char is set, then second bit must too */ + if ((i & 0x80) && ((i & 0x40) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -295,10 +323,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + * bits must be 10 + */ + else if ((i & 0x80) && ((j & 0xC0) != 0x80)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X: %d\n", + i, j, c); ++ return(1); ++ } + } + + /* +@@ -306,10 +336,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + * than 0x80, i.e. one of bits 5 to 1 of i must be set + */ + else if ((i & 0x80) && ((i & 0x1E) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X: %d\n", + i, j, c); ++ return(1); ++ } + } + + /* +@@ -317,10 +349,12 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + * at least 3 bytes, but we give only 2 ! + */ + else if ((i & 0xE0) == 0xE0) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x00\n", + i, j); ++ return(1); ++ } + } + + /* +@@ -329,6 +363,7 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + else if ((lastError != 0) || (len != 2)) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X\n", i, j); ++ return(1); + } + + /* +@@ -338,12 +373,14 @@ static void testCharRangeByte2(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X: expect %d got %d\n", + i, j, ((j & 0x3F) + ((i & 0x1F) << 6)), c); ++ return(1); + } + } + } ++ return(0); + } + +-static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + int i, j, k, K; + int len, c; + unsigned char lows[6] = {0, 0x80, 0x81, 0xC1, 0xFF, 0xBF}; +@@ -368,20 +405,24 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + * at least 4 bytes, but we give only 3 ! + */ + if ((i & 0xF0) == 0xF0) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, data[3]); ++ return(1); ++ } + } + + /* + * The second and the third bytes must start with 10 + */ + else if (((j & 0xC0) != 0x80) || ((K & 0xC0) != 0x80)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); ++ } + } + + /* +@@ -390,10 +431,12 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + * the 6th byte of data[1] must be set + */ + else if (((i & 0xF) == 0) && ((j & 0x20) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); ++ } + } + + /* +@@ -401,10 +444,12 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + */ + else if (((value > 0xD7FF) && (value <0xE000)) || + ((value > 0xFFFD) && (value <0x10000))) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char 0x%04X for Bytes 0x%02X 0x%02X 0x%02X\n", + value, i, j, K); ++ return(1); ++ } + } + + /* +@@ -414,6 +459,7 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); + } + + /* +@@ -423,13 +469,15 @@ static void testCharRangeByte3(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X: expect %d got %d\n", + i, j, data[2], value, c); ++ return(1); + } + } + } + } ++ return(0); + } + +-static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { ++static int testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + int i, j, k, K, l, L; + int len, c; + unsigned char lows[6] = {0, 0x80, 0x81, 0xC1, 0xFF, 0xBF}; +@@ -458,10 +506,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + * at least 5 bytes, but we give only 4 ! + */ + if ((i & 0xF8) == 0xF8) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, data[3]); ++ return(1); ++ } + } + + /* +@@ -469,10 +519,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + */ + else if (((j & 0xC0) != 0x80) || ((K & 0xC0) != 0x80) || + ((L & 0xC0) != 0x80)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, L); ++ return(1); ++ } + } + + /* +@@ -481,10 +533,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + * the 6 or 5th byte of j must be set + */ + else if (((i & 0x7) == 0) && ((j & 0x30) == 0)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + i, j, K, L); ++ return(1); ++ } + } + + /* +@@ -493,10 +547,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + else if (((value > 0xD7FF) && (value <0xE000)) || + ((value > 0xFFFD) && (value <0x10000)) || + (value > 0x10FFFF)) { +- if (lastError != XML_ERR_INVALID_CHAR) ++ if (lastError != XML_ERR_INVALID_CHAR) { + fprintf(stderr, + "Failed to detect invalid char 0x%04X for Bytes 0x%02X 0x%02X 0x%02X 0x%02X\n", + value, i, j, K, L); ++ return(1); ++ } + } + + /* +@@ -506,6 +562,7 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X\n", + i, j, K); ++ return(1); + } + + /* +@@ -515,11 +572,13 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + fprintf(stderr, + "Failed to parse char for Bytes 0x%02X 0x%02X 0x%02X: expect %d got %d\n", + i, j, data[2], value, c); ++ return(1); + } + } + } + } + } ++ return(0); + } + + /** +@@ -530,11 +589,12 @@ static void testCharRangeByte4(xmlParserCtxtPtr ctxt, char *data) { + * cover the full range of UTF-8 chars accepted by XML-1.0 + */ + +-static void testCharRanges(void) { ++static int testCharRanges(void) { + char data[5]; + xmlParserCtxtPtr ctxt; + xmlParserInputBufferPtr buf; + xmlParserInputPtr input; ++ int test_ret = 0; + + memset(data, 0, 5); + +@@ -545,17 +605,19 @@ static void testCharRanges(void) { + ctxt = xmlNewParserCtxt(); + if (ctxt == NULL) { + fprintf(stderr, "Failed to allocate parser context\n"); +- return; ++ return(1); + } + buf = xmlParserInputBufferCreateStatic(data, sizeof(data), + XML_CHAR_ENCODING_NONE); + if (buf == NULL) { + fprintf(stderr, "Failed to allocate input buffer\n"); ++ test_ret = 1; + goto error; + } + input = xmlNewInputStream(ctxt); + if (input == NULL) { + xmlFreeParserInputBuffer(buf); ++ test_ret = 1; + goto error; + } + input->filename = NULL; +@@ -567,25 +629,28 @@ static void testCharRanges(void) { + + printf("testing char range: 1"); + fflush(stdout); +- testCharRangeByte1(ctxt, data); ++ test_ret += testCharRangeByte1(ctxt, data); + printf(" 2"); + fflush(stdout); +- testCharRangeByte2(ctxt, data); ++ test_ret += testCharRangeByte2(ctxt, data); + printf(" 3"); + fflush(stdout); +- testCharRangeByte3(ctxt, data); ++ test_ret += testCharRangeByte3(ctxt, data); + printf(" 4"); + fflush(stdout); +- testCharRangeByte4(ctxt, data); ++ test_ret += testCharRangeByte4(ctxt, data); + printf(" done\n"); + fflush(stdout); + + error: + xmlFreeParserCtxt(ctxt); ++ return(test_ret); + } + + int main(void) { + ++ int ret = 0; ++ + /* + * this initialize the library and check potential ABI mismatches + * between the version it was compiled for and the actual shared +@@ -602,8 +667,9 @@ int main(void) { + /* + * Run the tests + */ +- testCharRanges(); +- testDocumentRanges(); ++ ret += testCharRanges(); ++ ret += testDocumentRanges(); ++ printf("%s: testchar\n\n", (ret == 0) ? "PASS" : "FAIL"); + + /* + * Cleanup function for the XML library. +diff --git a/testdict.c b/testdict.c +index 40bebd05..114b9347 100644 +--- a/testdict.c ++++ b/testdict.c +@@ -440,5 +440,6 @@ int main(void) + clean_strings(); + xmlCleanupParser(); + xmlMemoryDump(); ++ printf("%s: testdict\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } +diff --git a/testlimits.c b/testlimits.c +index 059116a6..f0bee68d 100644 +--- a/testlimits.c ++++ b/testlimits.c +@@ -1634,5 +1634,6 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + xmlCleanupParser(); + xmlMemoryDump(); + ++ printf("%s: testlimits\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } +diff --git a/testrecurse.c b/testrecurse.c +index 0cbe25a6..3ecadb40 100644 +--- a/testrecurse.c ++++ b/testrecurse.c +@@ -892,6 +892,7 @@ launchTests(testDescPtr tst) { + err++; + } + } ++ printf("%s: %s\n", (err == 0) ? "PASS" : "FAIL", tst->desc); + return(err); + } + +@@ -961,5 +962,6 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED) { + xmlCleanupParser(); + xmlMemoryDump(); + ++ printf("%s: testrecurse\n\n", (ret == 0) ? "PASS" : "FAIL"); + return(ret); + } +-- +2.25.1 + diff --git a/recipes-core/libxml/libxml2_2.9.10.bb b/recipes-core/libxml/libxml2_2.9.10.bb new file mode 100644 index 0000000..dc62991 --- /dev/null +++ b/recipes-core/libxml/libxml2_2.9.10.bb @@ -0,0 +1,133 @@ +SUMMARY = "XML C Parser Library and Toolkit" +DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat." +HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2" +BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2" +SECTION = "libs" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \ + file://hash.c;beginline=6;endline=15;md5=96f7296605eae807670fb08947829969 \ + file://list.c;beginline=4;endline=13;md5=cdbfa3dee51c099edb04e39f762ee907 \ + file://trio.c;beginline=5;endline=14;md5=6c025753c86d958722ec76e94cae932e" + +DEPENDS = "zlib virtual/libiconv" + +inherit gnomebase + +SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;subdir=${BP};name=testtar \ + file://libxml-64bit.patch \ + file://runtest.patch \ + file://run-ptest \ + file://python-sitepackages-dir.patch \ + file://libxml-m4-use-pkgconfig.patch \ + file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \ + file://fix-execution-of-ptests.patch \ + file://CVE-2020-7595.patch \ + file://CVE-2019-20388.patch \ + file://CVE-2020-24977.patch \ + file://CVE-2021-3517.patch \ + file://CVE-2021-3537.patch \ + file://CVE-2021-3518.patch \ + file://CVE-2021-3541.patch \ + file://CVE-2022-23308.patch \ + file://CVE-2022-23308-fix-regression.patch \ + file://CVE-2022-29824-dependent.patch \ + file://CVE-2022-29824.patch \ + file://0001-Port-gentest.py-to-Python-3.patch \ + file://CVE-2016-3709.patch \ + " + +SRC_URI[archive.sha256sum] = "593b7b751dd18c2d6abcd0c4bcb29efc203d0b4373a6df98e3a455ea74ae2813" +SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a" +SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7" + +BINCONFIG = "${bindir}/xml2-config" + +PACKAGECONFIG ??= "python \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +inherit autotools pkgconfig binconfig-disabled ptest features_check + +inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)} + +RDEPENDS_${PN}-ptest += "bash make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}" + +RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}" + +RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us \ + glibc-gconv-ibm1141 \ + glibc-gconv-iso8859-5 \ + glibc-gconv-euc-jp \ + locale-base-en-us \ + " + +export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}" + +# WARNING: zlib is required for RPM use +EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --without-docbook --with-c14n --without-lzma --with-fexceptions" +EXTRA_OECONF_class-native = "--without-legacy --without-docbook --with-c14n --without-lzma --with-zlib" +EXTRA_OECONF_class-nativesdk = "--without-legacy --without-docbook --with-c14n --without-lzma --with-zlib" +EXTRA_OECONF_linuxstdbase = "--with-debug --with-legacy --with-docbook --with-c14n --without-lzma --with-zlib" + +python populate_packages_prepend () { + # autonamer would call this libxml2-2, but we don't want that + if d.getVar('DEBIAN_NAMES'): + d.setVar('PKG_libxml2', '${MLPREFIX}libxml2') +} + +PACKAGE_BEFORE_PN += "${PN}-utils" +PACKAGES += "${PN}-python" + +FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a" +FILES_${PN}-dev += "${libdir}/xml2Conf.sh ${libdir}/cmake/*" +FILES_${PN}-utils = "${bindir}/*" +FILES_${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" + +do_configure_prepend () { + # executables take longer to package: these should not be executable + find ${S}/xmlconf/ -type f -exec chmod -x {} \+ +} + +do_compile_ptest() { + # Make sure that testapi.c is newer than gentests.py, because + # with reproducible builds, they will both get e.g. Jan 1 1970 + # modification time from SOURCE_DATE_EPOCH and then check-am + # might try to rebuild_testapi, which will fail even with + # 0001-Port-gentest.py-to-Python-3.patch, because it needs + # libxml2 module (libxml2-native dependency and correctly + # set PYTHON_SITE_PACKAGES), it's easier to + # just rely on pre-generated testapi.c from the release + touch ${S}/testapi.c + + oe_runmake check-am +} + +do_install_ptest () { + cp -r ${S}/xmlconf ${D}${PTEST_PATH} + if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then + sed -i -e 's|^\(PYTHON = \).*|\1${USRBINPATH}/${PYTHON_PN}|' \ + ${D}${PTEST_PATH}/python/tests/Makefile + grep -lrZ '#!/usr/bin/python' ${D}${PTEST_PATH}/python | + xargs -0 sed -i -e 's|/usr/bin/python|${USRBINPATH}/${PYTHON_PN}|' + fi + #Remove build host references from various Makefiles + find "${D}${PTEST_PATH}" -name Makefile -type f -exec \ + sed -i \ + -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \ + -e 's|${DEBUG_PREFIX_MAP}||g' \ + -e 's:${HOSTTOOLS_DIR}/::g' \ + -e 's:${RECIPE_SYSROOT_NATIVE}::g' \ + -e 's:${RECIPE_SYSROOT}::g' \ + -e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \ + -e '/^RELDATE/d' \ + {} + +} + +do_install_append_class-native () { + # Docs are not needed in the native case + rm ${D}${datadir}/gtk-doc -rf +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/recipes-core/openvpn/openvpn/openvpn b/recipes-core/openvpn/openvpn/openvpn new file mode 100755 index 0000000..e5af4b2 --- /dev/null +++ b/recipes-core/openvpn/openvpn/openvpn @@ -0,0 +1,112 @@ +#!/bin/sh -e +# +# Original version by Robert Leslie +# <rob@mars.org>, edited by iwj and cs +# Modified for openvpn by Alberto Gonzalez Iniesta <agi@agi.as> +# Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net> +# Modified for respecting pid file on service start by Fabian Klemp <fabian.klemp@axino-group.com> + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +DAEMON=/usr/sbin/openvpn +CONFIG_DIR=/etc/openvpn +test -x $DAEMON || exit 0 +test -d $CONFIG_DIR || exit 0 + +start_vpn () { + modprobe tun >/dev/null 2>&1 || true + start-stop-daemon --start --quiet --pidfile /var/run/openvpn.$NAME.pid \ + --exec $DAEMON -- \ + --daemon --writepid /var/run/openvpn.$NAME.pid \ + --config $CONFIG_DIR/$NAME.conf --cd $CONFIG_DIR || rc="$?" + case $rc in + 1) echo -n " ALREADY STARTED->";; + 3) echo -n " FAILED->";; + esac + echo -n " $NAME" +} + +stop_vpn () { + kill `cat $PIDFILE` || true + rm $PIDFILE +} + +case "$1" in +start) + echo -n "Starting openvpn:" + + if test -z $2 ; then + for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do + NAME=${CONFIG%%.conf} + start_vpn + done + else + if test -e $CONFIG_DIR/$2.conf ; then + NAME=$2 + start_vpn + else + echo -n " No such VPN: $2" + fi + fi + echo "." + + ;; +stop) + echo -n "Stopping openvpn:" + + if test -z $2 ; then + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + stop_vpn + echo -n " $NAME" + done + else + if test -e /var/run/openvpn.$2.pid ; then + PIDFILE=`ls /var/run/openvpn.$2.pid 2> /dev/null` + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + stop_vpn + echo -n " $NAME" + else + echo -n " No such VPN: $2" + fi + fi + echo "." + ;; +# We only 'reload' for running VPNs. New ones will only start with 'start' or 'restart'. +reload|force-reload) + echo -n "Reloading openvpn:" + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} +# If openvpn if running under a different user than root we'll need to restart + if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then + stop_vpn + sleep 1 + start_vpn + echo -n "(restarted)" + else + kill -HUP `cat $PIDFILE` || true +# start-stop-daemon --stop --signal HUP --quiet --oknodo \ +# --exec $DAEMON --pidfile $PIDFILE + echo -n " $NAME" + fi + done + echo "." + ;; + +restart) + $0 stop $2 + sleep 1 + $0 start $2 + ;; +*) + echo "Usage: $0 {start|stop|reload|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 + +# vim:set ai et sts=2 sw=2 tw=0: diff --git a/recipes-core/openvpn/openvpn/openvpn-volatile.conf b/recipes-core/openvpn/openvpn/openvpn-volatile.conf new file mode 100644 index 0000000..1205806 --- /dev/null +++ b/recipes-core/openvpn/openvpn/openvpn-volatile.conf @@ -0,0 +1 @@ +d @LOCALSTATEDIR@/run/openvpn 0755 root root - diff --git a/recipes-core/openvpn/openvpn/openvpn@.service b/recipes-core/openvpn/openvpn/openvpn@.service new file mode 100644 index 0000000..358dcb7 --- /dev/null +++ b/recipes-core/openvpn/openvpn/openvpn@.service @@ -0,0 +1,12 @@ +[Unit] +Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I +After=syslog.target network.target + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/%i.pid +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf + +[Install] +WantedBy=multi-user.target diff --git a/recipes-core/openvpn/openvpn_2.4.12.bb b/recipes-core/openvpn/openvpn_2.4.12.bb new file mode 100644 index 0000000..55e6603 --- /dev/null +++ b/recipes-core/openvpn/openvpn_2.4.12.bb @@ -0,0 +1,76 @@ +SUMMARY = "A full-featured SSL VPN solution via tun device." +HOMEPAGE = "https://openvpn.net/" +SECTION = "net" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=7aee596ed2deefe3e8a861e24292abba" +DEPENDS = "lzo openssl iproute2 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +inherit autotools systemd update-rc.d + +SRC_URI = "http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \ + file://openvpn \ + file://openvpn@.service \ + file://openvpn-volatile.conf" + +UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads" + +SRC_URI[md5sum] = "e83d430947fb7c9ad1a174987317d1dc" +SRC_URI[sha256sum] = "66952d9c95490e5875f04c9f8fa313b5e816d1b7b4d6cda3fb2ff749ad405dee" + +# CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. +CVE_CHECK_WHITELIST += "CVE-2020-7224 CVE-2020-27569" + +SYSTEMD_SERVICE_${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service" +SYSTEMD_AUTO_ENABLE = "disable" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME_${PN} = "openvpn" +INITSCRIPT_PARAMS_${PN} = "start 10 2 3 4 5 . stop 70 0 1 6 ." + +CFLAGS += "-fno-inline" + +# I want openvpn to be able to read password from file (hrw) +EXTRA_OECONF += "--enable-iproute2" +EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '', '--disable-plugin-auth-pam', d)}" + +# Explicitly specify IPROUTE to bypass the configure-time check for /sbin/ip on the host. +EXTRA_OECONF += "IPROUTE=${base_sbindir}/ip" + +do_install_append() { + install -d ${D}/${sysconfdir}/init.d + install -m 755 ${WORKDIR}/openvpn ${D}/${sysconfdir}/init.d + + install -d ${D}/${sysconfdir}/openvpn + install -d ${D}/${sysconfdir}/openvpn/sample + install -m 755 ${S}/sample/sample-config-files/loopback-server ${D}${sysconfdir}/openvpn/sample/loopback-server.conf + install -m 755 ${S}/sample/sample-config-files/loopback-client ${D}${sysconfdir}/openvpn/sample/loopback-client.conf + install -dm 755 ${D}${sysconfdir}/openvpn/sample/sample-keys + install -m 644 ${S}/sample/sample-keys/* ${D}${sysconfdir}/openvpn/sample/sample-keys + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-server.service + install -m 644 ${WORKDIR}/openvpn@.service ${D}/${systemd_unitdir}/system/openvpn@loopback-client.service + + install -d ${D}/${localstatedir} + install -d ${D}/${localstatedir}/lib + install -d -m 710 ${D}/${localstatedir}/lib/openvpn + + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/openvpn-volatile.conf ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + sed -i -e 's#@LOCALSTATEDIR@#${localstatedir}#g' ${D}${sysconfdir}/tmpfiles.d/openvpn.conf + fi +} + +PACKAGES =+ " ${PN}-sample " + +RRECOMMENDS_${PN} = "kernel-module-tun" + +FILES_${PN}-dbg += "${libdir}/openvpn/plugins/.debug" +FILES_${PN} += "${systemd_unitdir}/system/openvpn@.service \ + ${sysconfdir}/tmpfiles.d \ + " +FILES_${PN}-sample += "${systemd_unitdir}/system/openvpn@loopback-server.service \ + ${systemd_unitdir}/system/openvpn@loopback-client.service \ + ${sysconfdir}/openvpn/sample/" diff --git a/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch b/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch new file mode 100644 index 0000000..e6cc915 --- /dev/null +++ b/recipes-core/zlib/zlib/0001-configure-Pass-LDFLAGS-to-link-tests.patch @@ -0,0 +1,80 @@ +Upstream-Status: Submitted [https://github.com/madler/zlib/pull/599] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From f15584918a7fbbe3cc794ad59100e5e8153ea9f6 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 8 Mar 2022 22:38:47 -0800 +Subject: [PATCH] configure: Pass LDFLAGS to link tests + +LDFLAGS can contain critical flags without which linking wont succeed +therefore ensure that all configure tests involving link time checks are +using LDFLAGS on compiler commandline along with CFLAGS to ensure the +tests perform correctly. Without this some tests may fail resulting in +wrong confgure result, ending in miscompiling the package + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + configure | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/configure b/configure +index 52ff4a0..d04ee59 100755 +--- a/configure ++++ b/configure +@@ -427,7 +427,7 @@ if test $shared -eq 1; then + echo Checking for shared library support... | tee -a configure.log + # we must test in two steps (cc then ld), required at least on SunOS 4.x + if try $CC -w -c $SFLAGS $test.c && +- try $LDSHARED $SFLAGS -o $test$shared_ext $test.o; then ++ try $LDSHARED $SFLAGS $LDFLAGS -o $test$shared_ext $test.o; then + echo Building shared library $SHAREDLIBV with $CC. | tee -a configure.log + elif test -z "$old_cc" -a -z "$old_cflags"; then + echo No shared library support. | tee -a configure.log +@@ -503,7 +503,7 @@ int main(void) { + } + EOF + fi +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + sizet=`./$test` + echo "Checking for a pointer-size integer type..." $sizet"." | tee -a configure.log + CFLAGS="${CFLAGS} -DNO_SIZE_T=${sizet}" +@@ -537,7 +537,7 @@ int main(void) { + return 0; + } + EOF +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for fseeko... Yes." | tee -a configure.log + else + CFLAGS="${CFLAGS} -DNO_FSEEKO" +@@ -554,7 +554,7 @@ cat > $test.c <<EOF + #include <errno.h> + int main() { return strlen(strerror(errno)); } + EOF +-if try $CC $CFLAGS -o $test $test.c; then ++if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for strerror... Yes." | tee -a configure.log + else + CFLAGS="${CFLAGS} -DNO_STRERROR" +@@ -661,7 +661,7 @@ int main() + return (mytest("Hello%d\n", 1)); + } + EOF +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for vsnprintf() in stdio.h... Yes." | tee -a configure.log + + echo >> configure.log +@@ -751,7 +751,7 @@ int main() + } + EOF + +- if try $CC $CFLAGS -o $test $test.c; then ++ if try $CC $CFLAGS $LDFLAGS -o $test $test.c; then + echo "Checking for snprintf() in stdio.h... Yes." | tee -a configure.log + + echo >> configure.log +-- +2.25.1 + diff --git a/recipes-core/zlib/zlib/run-ptest b/recipes-core/zlib/zlib/run-ptest new file mode 100644 index 0000000..065863e --- /dev/null +++ b/recipes-core/zlib/zlib/run-ptest @@ -0,0 +1,7 @@ +#!/bin/sh + +if ./examplesh ; then + echo "PASS: zlib" +else + echo "FAIL: zlib" +fi diff --git a/recipes-core/zlib/zlib_1.2.13.bb b/recipes-core/zlib/zlib_1.2.13.bb new file mode 100644 index 0000000..ec977a3 --- /dev/null +++ b/recipes-core/zlib/zlib_1.2.13.bb @@ -0,0 +1,47 @@ +SUMMARY = "Zlib Compression Library" +DESCRIPTION = "Zlib is a general-purpose, patent-free, lossless data compression \ +library which is used by many different programs." +HOMEPAGE = "http://zlib.net/" +SECTION = "libs" +LICENSE = "Zlib" +LIC_FILES_CHKSUM = "file://zlib.h;beginline=6;endline=23;md5=5377232268e952e9ef63bc555f7aa6c0" + +# The source tarball needs to be .gz as only the .gz ends up in fossils/ +SRC_URI = "https://zlib.net/${BP}.tar.gz \ + file://0001-configure-Pass-LDFLAGS-to-link-tests.patch \ + file://run-ptest \ + " +UPSTREAM_CHECK_URI = "http://zlib.net/" + +SRC_URI[sha256sum] = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30" + +# When a new release is made the previous release is moved to fossils/, so add this +# to PREMIRRORS so it is also searched automatically. +PREMIRRORS:append = " https://zlib.net/ https://zlib.net/fossils/" + +CFLAGS += "-D_REENTRANT" + +RDEPENDS:${PN}-ptest += "make" + +inherit ptest + +B = "${WORKDIR}/build" + +do_configure() { + LDCONFIG=true ${S}/configure --prefix=${prefix} --shared --libdir=${libdir} --uname=GNU +} +do_configure[cleandirs] += "${B}" + +do_compile() { + oe_runmake shared +} + +do_install() { + oe_runmake DESTDIR=${D} install +} + +do_install_ptest() { + install ${B}/examplesh ${D}${PTEST_PATH} +} + +BBCLASSEXTEND = "native nativesdk" |