openembedded-core.git/meta/recipes-core/libxml/libxml2, branch daisy Mirror of openembedded-core libxml2: fix python packaging for nativesdk 2014-10-09T20:16:32+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-06-05T09:46:17+00:00 360fc811ff843c63f796e958517a5152f07e851d We enable the python module in nativesdk-libxml2, but the python binary used is in the native sysroot and thus you get the module installed in the wrong path. Even with that fixed the python files are still unpackaged, so create an ${PN}-python package and add them to it. (This does not affect the libxml target build at all since python is disabled for that.) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
We enable the python module in nativesdk-libxml2, but the python binary
used is in the native sysroot and thus you get the module installed in
the wrong path. Even with that fixed the python files are still
unpackaged, so create an ${PN}-python package and add them to it. (This
does not affect the libxml target build at all since python is disabled
for that.)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: fix CVE-2014-0191 2014-05-29T12:42:07+00:00 Maxin B. John maxin.john@enea.com 2014-05-07T12:24:15+00:00 51f674ab1f7dac049060c58f89e84c5d1275a87b It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. Reference: https://access.redhat.com/security/cve/CVE-2014-0191 (From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors.

Reference: https://access.redhat.com/security/cve/CVE-2014-0191

(From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af)

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: remove patch for CVE-2012-2871 2013-09-17T13:13:04+00:00 Ross Burton ross.burton@intel.com 2013-09-17T09:22:17+00:00 e6c60252ab4ba6842f63c6b8a519a85f2ff238fb This CVE patch is actually against Chromium as they ship an internal fork of libxml2 and breaks ABI. The real issue has been resolved in libxslt 1.1.27, and we're shipping 1.1.28. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This CVE patch is actually against Chromium as they ship an internal fork of
libxml2 and breaks ABI.  The real issue has been resolved in libxslt 1.1.27, and
we're shipping 1.1.28.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream-Status: Correct capitalization 2013-07-18T14:14:40+00:00 Saul Wold sgw@linux.intel.com 2013-07-15T23:44:42+00:00 2d5c457bf888771891e9c29e82ec5a5cecace528 Signed-off-by: Saul Wold <sgw@linux.intel.com> 
Signed-off-by: Saul Wold <sgw@linux.intel.com>
libxml2: Add ptest 2013-07-09T14:56:14+00:00 Mihaela Sendrea mihaela.sendrea@enea.com 2013-07-04T14:23:43+00:00 22cf4cc85fbe21a53ca4684b0b06b9af20b2ecc5 Install libxml2 test suite and run it as ptest. Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
Install libxml2 test suite and run it as ptest.

Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
libxml2 CVE-2012-2871 2012-12-14T23:17:21+00:00 Li Wang li.wang@windriver.com 2012-12-13T05:54:21+00:00 bc601f96f34ad17a87f599b58e502ec1b2c13fa3 the patch come from: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \ /include/libxml/tree.h?r1=56276&r2=149930 libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 [YOCTO #3580] [ CQID: WIND00376779 ] Upstream-Status: Pending Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
the patch come from:
http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
/include/libxml/tree.h?r1=56276&r2=149930

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
does not properly support a cast of an unspecified variable during handling
of XSL transforms, which allows remote attackers to cause a denial of service
or possibly have unknown other impact via a crafted document, related to the
_xmlNs data structure in include/libxml/tree.h.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871

[YOCTO #3580]
[ CQID: WIND00376779 ]
Upstream-Status: Pending

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
libxml2: Fix libzypp ansidecl related build failures 2012-07-10T13:24:44+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2012-07-10T12:04:31+00:00 bfaaeb44c5023e2d2a9414c07694c75fa527283b cmake looks at all include statements, even if they're not used. To make builds deterministic and avoid needing to add binutils as a dependency for libzypp, completely remove the include from the header file, even if it is never used. This avoids issues where you'd build binutils, then libzypp, then remove binutils (and hence ansidecl.h) and then recompile libzypp which would still have the dependency and hence fail. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
cmake looks at all include statements, even if they're not used. To make
builds deterministic and avoid needing to add binutils as a dependency
for libzypp, completely remove the include from the header file, even if
it is never used.

This avoids issues where you'd build binutils, then libzypp, then remove
binutils (and hence ansidecl.h) and then recompile libzypp which would
still have the dependency and hence fail.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: Update to 2.8.0 2012-06-25T15:32:16+00:00 Saul Wold sgw@linux.intel.com 2012-06-23T06:01:06+00:00 b13b2894217ba085931b2a0410b7715d7fa13868 removed 2 patches that are now fixed upstream updated hash.c LIC_FILES_CHKSUM due to updating the date to 2012 Signed-off-by: Saul Wold <sgw@linux.intel.com> 
removed 2 patches that are now fixed upstream
updated hash.c LIC_FILES_CHKSUM due to updating the date to 2012

Signed-off-by: Saul Wold <sgw@linux.intel.com>
libxml2: fix build with automake 1.12 2012-05-25T10:17:36+00:00 Nitin A Kamble nitin.a.kamble@intel.com 2012-05-03T00:08:26+00:00 b126d638b7da9cc9e3c7f164e6dca3a1fce5c4ce Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
libxml2: add shared library version info to libxml shared libraries 2012-01-10T05:51:50+00:00 Matthew McClintock msm@freescale.com 2012-01-02T22:05:16+00:00 d1f1fec5c6fe980aaf2c1f1dc2a0e737f4adf2dd This fixes an issue with RPM where it checks version imformation for binaries linked against libxml and fails because it's missing info | error: Failed dependencies: | libxml2.so.2(LIBXML2_2.6.0) is needed by fmc-0.9.7+2-r2.1.ppce500mc | libxml2.so.2(LIBXML2_2.4.30) is needed by fmc-0.9.7+2-r2.1.ppce500mc | ERROR: Function 'do_rootfs' failed (see Note: fmc is just an example recipe/name Signed-off-by: Matthew McClintock <msm@freescale.com> 
This fixes an issue with RPM where it checks version imformation for
binaries linked against libxml and fails because it's missing info

| error: Failed dependencies:
|              libxml2.so.2(LIBXML2_2.6.0) is needed by fmc-0.9.7+2-r2.1.ppce500mc
|              libxml2.so.2(LIBXML2_2.4.30) is needed by fmc-0.9.7+2-r2.1.ppce500mc
| ERROR: Function 'do_rootfs' failed (see

Note: fmc is just an example recipe/name

Signed-off-by: Matthew McClintock <msm@freescale.com>