openembedded-core.git/meta/recipes-core/libxml/libxml2, branch krogoth Mirror of openembedded-core libxml2: upgrade to 2.9.4 2016-06-29T18:34:45+00:00 Hongxu Jia hongxu.jia@windriver.com 2016-06-13T09:16:32+00:00 1576cb4ac24340cda504ee9807b465f8428138f0 - Drop configure.ac-fix-cross-compiling-warning.patch, libxml2 2.9.4 has fixed it (From OE-Core rev: 323c7cec65603476994dde196f4c2c151d0e0d31) updated stable for these reasons: this includes the following security fixes: CVE-2016-1762 CVE-2016-3705 CVE-2016-1834 CVE-2016-4483 CVE-2016-1840 CVE-2016-1838 CVE-2016-1839 CVE-2016-1836 CVE-2016-4449 CVE-2016-1837 CVE-2016-1835 CVE-2016-1833 CVE-2016-3627 plus many bug fixes. see http://xmlsoft.org/news.html for details. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> 
- Drop configure.ac-fix-cross-compiling-warning.patch,
  libxml2 2.9.4 has fixed it

(From OE-Core rev: 323c7cec65603476994dde196f4c2c151d0e0d31)

updated stable for these reasons:
this includes the following security fixes:
CVE-2016-1762
CVE-2016-3705
CVE-2016-1834
CVE-2016-4483
CVE-2016-1840
CVE-2016-1838
CVE-2016-1839
CVE-2016-1836
CVE-2016-4449
CVE-2016-1837
CVE-2016-1835
CVE-2016-1833
CVE-2016-3627

plus many bug fixes. see http://xmlsoft.org/news.html for details.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
libxml2: fix AM_PATH_XML2 2016-04-09T06:50:25+00:00 Robert Yang liezhi.yang@windriver.com 2016-04-08T10:14:21+00:00 190b57a5f130f8a48d417ad472c0131c49302ee1 The code: suppose $1 == 2.7: verdep=ifelse([$1], [], [], [>= $1]) results in: verdep=>= 2.7 This is wrong in shell: bash: 2.7: command not found Use quotation marks to fix the problem. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The code: suppose $1 == 2.7:
verdep=ifelse([$1], [], [], [>= $1])
results in:
verdep=>= 2.7
This is wrong in shell:
bash: 2.7: command not found

Use quotation marks to fix the problem.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: upgrade to 2.9.3 2015-12-01T21:31:03+00:00 Ross Burton ross.burton@intel.com 2015-11-25T22:44:53+00:00 88e68f25e1756988692108d4c15dfa8efc94e5e5 - Drop all the upstreamed patches - Rework the ansidecl removal so it's contained in a single patch Signed-off-by: Ross Burton <ross.burton@intel.com> 
- Drop all the upstreamed patches
- Rework the ansidecl removal so it's contained in a single patch

Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: fix CVE-2015-7942 and CVE-2015-8035 2015-11-25T07:56:57+00:00 Armin Kuster akuster@mvista.com 2015-11-11T22:21:46+00:00 27de51f4ad21d9b896e7d48041e7cdf20c564a38 CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled

[YOCTO #8641]

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: Security Advisory - libxml2 - CVE-2015-1819 2015-06-18T08:12:02+00:00 Yue Tao Yue.Tao@windriver.com 2015-06-15T01:18:52+00:00 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7 for CVE-2015-1819 Enforce the reader to run in constant memory Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
for CVE-2015-1819 Enforce the reader to run in constant memory

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: remove libxml2-CVE-2014-3660.patch 2015-04-30T22:01:26+00:00 Robert Yang liezhi.yang@windriver.com 2015-04-28T03:43:23+00:00 9a3178b4d3c454e76a0af59afc7b326589c4c666 It is a backport patch, and verified that the patch is in the source. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
It is a backport patch, and verified that the patch is in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: Contain glibc-extentions under __GLIBC__ 2015-04-08T09:45:27+00:00 Khem Raj raj.khem@gmail.com 2015-04-06T17:36:51+00:00 0dfe553d58a76cc0d2592cf5746a1f24a3cd6ee4 Makes it more portable Change-Id: I7bbc4cc0ebc26d54248b8433dab94db207615445 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Makes it more portable

Change-Id: I7bbc4cc0ebc26d54248b8433dab94db207615445
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: Backport fix for CVE introduced entity issues 2015-01-15T16:55:12+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-01-15T09:37:16+00:00 af501bd51f9a86edd34e0405bc32dabe21312229 The CVE fix introduced problems with entity issues, we observed this when building the Yocto Docs in particular. Backport the fix from upstream so we can build our docs correctly. [YOCTO #7134] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.

[YOCTO #7134]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: upgrade to 2.9.2 2014-12-24T17:48:57+00:00 Hongxu Jia hongxu.jia@windriver.com 2014-12-23T05:09:54+00:00 06f555fa5a36dbf63b26c3734dbbd0b5af16dc33 - Rebase python-sitepackages-dir.patch to 2.9.2 - Drop libxml2-CVE-2014-3660.patch which has been merged to 2.9.2. - Add configure.ac-fix-cross-compiling-warning.patch to fix cross compilation failure. - Tweak do_configure_prepend, use configure.ac to instead of configure.in - Add cmake files to ${PN}-dev Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
- Rebase python-sitepackages-dir.patch to 2.9.2

- Drop libxml2-CVE-2014-3660.patch which has been merged to 2.9.2.

- Add configure.ac-fix-cross-compiling-warning.patch to fix cross
  compilation failure.

- Tweak do_configure_prepend, use configure.ac to instead of configure.in

- Add cmake files to ${PN}-dev

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: fix CVE-2014-3660 2014-10-24T16:31:58+00:00 Joe MacDonald joe_macdonald@mentor.com 2014-10-20T17:51:21+00:00 643597a5c432b2e02033d0cefa3ba4da980d078f It was discovered that the patch for CVE-2014-0191 for libxml2 is incomplete. It is still possible to have libxml2 incorrectly perform entity substituton even when the application using libxml2 explicitly disables the feature. This can allow a remote denial-of-service attack on systems with libxml2 prior to 2.9.2. References: http://www.openwall.com/lists/oss-security/2014/10/17/7 https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete.  It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature.  This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.

References:
    http://www.openwall.com/lists/oss-security/2014/10/17/7
    https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>