openembedded-core.git/meta/recipes-core/libxml, branch morty Mirror of openembedded-core libxml2: Fix more NULL pointer derefs 2017-01-11T11:46:53+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:21+00:00 401d552f9e4ed3341e42864e566dddb2b26019dc The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.

(From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges 2017-01-11T11:46:53+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:20+00:00 cf810d5cc17cb6b9f53d21a404c89afe372accb7 Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. (From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

(From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: Necessary changes before fixing CVE-2016-5131 2017-01-11T11:46:53+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:19+00:00 68b0f3a0bf8dfdf49be4aed1745a7f50662c555d xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes (From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
xpath:
 - Check for errors after evaluating first operand.
 - Add sanity check for empty stack.
 - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes

(From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: Security fix CVE-2016-5131 2017-01-11T11:46:44+00:00 Yi Zhao yi.zhao@windriver.com 2016-11-28T09:55:40+00:00 1e284447b9bf42e1fd6080f5a50fe01c8267a4e6 CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e (From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through
2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to the XPointer range-to function.

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131

Patch from:
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e

(From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libxml2: Make tests non-executable 2016-10-15T08:59:54+00:00 Jussi Kukkonen jussi.kukkonen@intel.com 2016-10-14T18:38:40+00:00 eb9cdf6b9277d23d1696233fccc4689e6030644c The XML W3C conformance test suite contains thousands of xml files all marked executable. We dutifully try to strip all these files of debug info in do_package. "chmod -x" improves build time by ~40 seconds. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The XML W3C conformance test suite contains thousands of xml files all
marked executable. We dutifully try to strip all these files of debug
info in do_package.

"chmod -x" improves build time by ~40 seconds.

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: control ipv6 support based on DISTRO_FEATURES 2016-09-03T22:45:44+00:00 Jackie Huang jackie.huang@windriver.com 2016-08-22T09:05:59+00:00 1a505037e9a6dc86b523b378d6446baae71f1a2c Add PACKAGECONFIG for ipv6 and control it based on DISTRO_FEATURES. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pythonnative.bbclass, python3native.bbclass: export STAGING_INCDIR, STAGING_LIBDIR, PYTHON variables 2016-07-01T15:08:44+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2016-06-22T12:06:35+00:00 c1e0eb62f2d89b10b187016200018830b1c77945 We patch Python's distutils modules to access STAGING_INCDIR/LIBDIR, so when they are not set, scripts that utilize distutils (e.g. python-config) fail. Several recipes need to export those manually to prevent such failures, so let's do that in the class instead. PYTHON variable is exported because otherwise autotools' python.m4 macro will pick up its own internal default, which may not be the version that we want. glib recipe in particular was previously using Python 2.x during build due to python.m4 defaulting to it - now it's using Python 3.x, and so needs a small fix in deletion of *.pyc files. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
We patch Python's distutils modules to access STAGING_INCDIR/LIBDIR, so when
they are not set, scripts that utilize distutils (e.g. python-config) fail.
Several recipes need to export those manually to prevent such failures,
so let's do that in the class instead.

PYTHON variable is exported because otherwise autotools' python.m4
macro will pick up its own internal default, which may not be the version
that we want.

glib recipe in particular was previously using Python 2.x during build due to python.m4
defaulting to it - now it's using Python 3.x, and so needs a small fix in
deletion of *.pyc files.

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: upgrade to 2.9.4 2016-06-14T11:56:33+00:00 Hongxu Jia hongxu.jia@windriver.com 2016-06-13T09:16:32+00:00 323c7cec65603476994dde196f4c2c151d0e0d31 - Drop configure.ac-fix-cross-compiling-warning.patch, libxml2 2.9.4 has fixed it Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
- Drop configure.ac-fix-cross-compiling-warning.patch,
  libxml2 2.9.4 has fixed it

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python-native, python3-native: remove the use of exported HOST_SYS and BUILD_SYS variables 2016-05-30T21:47:14+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2016-04-06T14:58:36+00:00 8834e81a38c24a066bb4fefa93da61011d0db244 The code that utilized them was superseded by the code (in the same patch!) that is utilizing STAGING_LIBDIR/STAGING_INCDIR, and wasn't correct in the first place as HOST_SYS is not necessarily the same as the sysroot directory name. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> 
The code that utilized them was superseded by the code (in the same patch!)
that is utilizing STAGING_LIBDIR/STAGING_INCDIR, and wasn't correct in the
first place as HOST_SYS is not necessarily the same as the sysroot directory
name.

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
libxml2: fix dependencies and QA Issues 2016-05-06T09:30:58+00:00 Maxin B. John maxin.john@intel.com 2016-04-26T08:48:25+00:00 3d97a40cffb780cda4d4acf6d87371427912228b Fix the following QA warnings: WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2 rdepends on libiconv, but it isn't a build dependency, missing libiconv in DEPENDS or PACKAGECONFIG? [build-deps] WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2-python rdepends on libiconv, but it isn't a build dependency, missing libiconv in DEPENDS or PACKAGECONFIG? [build-deps] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Fix the following QA warnings:

WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2 rdepends on
libiconv, but it isn't a build dependency, missing libiconv in DEPENDS
or PACKAGECONFIG? [build-deps]

WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2-python
rdepends on libiconv, but it isn't a build dependency, missing libiconv
in DEPENDS or PACKAGECONFIG? [build-deps]

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>