openembedded-core.git/meta/recipes-core/libxml, branch dizzy Mirror of openembedded-core libxml2: CVE-2015-8241 2016-01-30T12:02:02+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-14T12:24:13+00:00 84c6a67baaafee565ac4fad229bd8d07a21da09c Upstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id= ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=
ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: CVE-2015-8035 2016-01-30T12:02:01+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-14T12:24:12+00:00 e40cae30575a227bb0274869f720dffd816d629a Fixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Fixes DoS when parsing specially crafted XML document
if XZ support is enabled.

References:
https://bugzilla.gnome.org/show_bug.cgi?id=757466

Upstream correction:
https://git.gnome.org/browse/libxml2/commit/?id=
f0709e3ca8f8947f2d91ed34e92e38a4c23eae63

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: CVE-2015-7942 2016-01-30T12:01:59+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-14T12:24:09+00:00 a2980f004519a4baeb4c88ad924e15195fe75e32 Fixes heap-based buffer overflow in xmlParseConditionalSections(). Upstream patch: https://git.gnome.org/browse/libxml2/commit/ ?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Fixes heap-based buffer overflow in xmlParseConditionalSections().

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/
?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: Security Advisory - libxml2 - CVE-2015-1819 2015-07-20T19:53:09+00:00 Yue Tao Yue.Tao@windriver.com 2015-06-15T01:18:52+00:00 de6e4114d5285ea0d2a53d19c93ce96430cc9e30 for CVE-2015-1819 Enforce the reader to run in constant memory (From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Conflicts: meta/recipes-core/libxml/libxml2.inc 
for CVE-2015-1819 Enforce the reader to run in constant memory

(From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Conflicts:
	meta/recipes-core/libxml/libxml2.inc
libxml2: Backport fix for CVE introduced entity issues 2015-02-11T17:39:47+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-01-15T09:37:16+00:00 9aa93835d19159ffd7cb212680044fc7f914a68f The CVE fix introduced problems with entity issues, we observed this when building the Yocto Docs in particular. Backport the fix from upstream so we can build our docs correctly. [YOCTO #7134] (From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.

[YOCTO #7134]

(From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: fix CVE-2014-3660 2015-02-11T17:39:47+00:00 Joe MacDonald joe_macdonald@mentor.com 2014-10-20T17:51:21+00:00 de7bc57398aaeb84fc9370d025b87f7711986ada It was discovered that the patch for CVE-2014-0191 for libxml2 is incomplete. It is still possible to have libxml2 incorrectly perform entity substituton even when the application using libxml2 explicitly disables the feature. This can allow a remote denial-of-service attack on systems with libxml2 prior to 2.9.2. References: http://www.openwall.com/lists/oss-security/2014/10/17/7 https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html (From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f) Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete.  It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature.  This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.

References:
    http://www.openwall.com/lists/oss-security/2014/10/17/7
    https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html

(From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f)

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
recipes: Remove references to eglibc 2014-09-01T17:00:31+00:00 Khem Raj raj.khem@gmail.com 2014-08-28T06:13:57+00:00 fd15d6e0c8da75951a91d4467eda23c229b1026d change use of eglibc related variabled to glibc equivalents Signed-off-by: Khem Raj <raj.khem@gmail.com> 
change use of eglibc related variabled to glibc equivalents

Signed-off-by: Khem Raj <raj.khem@gmail.com>
meta: fix RDEPNEDS for the test related pkgs 2014-08-28T14:11:11+00:00 Robert Yang liezhi.yang@windriver.com 2014-08-27T15:57:08+00:00 d081a85fc76e2b7a469c6c70175ecf7aed9de053 Add bash, python or perl to the ptest pkgs to fix the RDEPENDS issues. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Add bash, python or perl to the ptest pkgs to fix the RDEPENDS issues.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: Explicitly enable zlib support 2014-08-25T09:23:27+00:00 Otavio Salvador otavio@ossystems.com.br 2014-08-24T19:39:15+00:00 7d056397ab9912316064db850aae05aacabc726c The zlib support is a must if you are using RPM backend. So this explicitly enable it and adds a comment in the recipe to avoid its removal by mistake. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The zlib support is a must if you are using RPM backend. So this
explicitly enable it and adds a comment in the recipe to avoid its
removal by mistake.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: port AM_PATH_XML2 to use pkg-config 2014-08-15T17:19:56+00:00 Ross Burton ross.burton@intel.com 2014-08-15T12:11:46+00:00 3ea77e69a839572a948ff6f1e51d3ca789ad8eed Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to use pkg-config. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to
use pkg-config.

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>