openembedded-core.git/meta/recipes-core/libxml, branch thud Mirror of openembedded-core libxml2: Make it compatible with externalsrc 2018-10-10T13:33:34+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2018-09-24T19:03:13+00:00 d0d55add6cb01252a46d829ade75666920b676fa Fetch the test tar ball to a subdirectory in ${S}. This avoids the following error after having done `devtool modify libxml2`: | DEBUG: Executing shell function do_configure | find: ‘.../build/tmp/work/mips32r2el-nf-poky-linux/libxml2/2.9.4-r0/xmlconf/’: No such file or directory Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Fetch the test tar ball to a subdirectory in ${S}. This avoids the
following error after having done `devtool modify libxml2`:

| DEBUG: Executing shell function do_configure
| find: ‘.../build/tmp/work/mips32r2el-nf-poky-linux/libxml2/2.9.4-r0/xmlconf/’: No such file or directory

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: move xmlcatalog and xmllint back into libxml2-utils 2018-10-10T11:42:40+00:00 Andre McCurdy armccurdy@gmail.com 2018-10-10T01:04:18+00:00 6f49e72dbb36d0a42993e7c788c17ff03571ece7 Packaging of libxml2-utils has been broken since 2011: http://git.openembedded.org/openembedded-core/commit/?id=76052861cc95fd4ad4c4b9eb6ce4cd1065ad4dc9 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Packaging of libxml2-utils has been broken since 2011:

  http://git.openembedded.org/openembedded-core/commit/?id=76052861cc95fd4ad4c4b9eb6ce4cd1065ad4dc9

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: refresh CVE-2017-8872 2018-10-04T13:30:40+00:00 Ross Burton ross.burton@intel.com 2018-10-04T09:20:20+00:00 512869aea6dde1bb2374601f7c4d793ac9edaa42 The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. Signed-off-by: Ross Burton <ross.burton@intel.com> 
The patch associated with the CVE-2017-8872 report was never merged into
libxml2, but a slightly different patch for the same problem was.  Cherry-pick
that as a backport, which also fixes the failing test suite.

Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: fix CVE-2018-9251 and CVE-2018-14567 2018-08-20T10:59:44+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-08-17T07:22:41+00:00 b91b276696fb5e0b633b73be408bd750ac4e28ce Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: Fix CVE-2018-14404 2018-08-14T10:36:22+00:00 Andrej Valek andrej.valek@siemens.com 2018-08-09T08:06:37+00:00 69315177732a1d260a3315fe8c4c4c44653ae0c8 Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. CVE: CVE-2018-14404 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Fix nullptr deref with XPath logic ops

If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.

CVE: CVE-2018-14404
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: fix libxml2 ptest fails 2018-08-02T08:30:06+00:00 Changqing Li changqing.li@windriver.com 2018-08-01T05:57:01+00:00 848031cf0b89b752c6fedcb63fc6938642a87fd8 for core-image-minimal image, missing these two dependency will cause below warning and error: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) ./test/icu_parse_test.xml generated an error Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
for core-image-minimal image,  missing these two dependency
will cause below warning and error:

warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
./test/icu_parse_test.xml generated an error

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2: fix CVE-2017-8872 2018-07-04T23:24:14+00:00 Hongxu Jia hongxu.jia@windriver.com 2018-07-04T01:39:14+00:00 dac867dc63af70ae992c50697d2be95c3e7b58bb The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4
allows attackers to cause a denial of service (buffer over-read) or
information disclosure.

https://bugzilla.gnome.org/show_bug.cgi?id=775200

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: 2.9.7 -> 2.9.8 2018-05-04T08:54:49+00:00 Andrej Valek andrej.valek@siemens.com 2018-03-20T09:47:15+00:00 de24ead63802523daa19ce8528ac95d9e041eaf8 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml: refresh patches 2018-03-07T14:33:55+00:00 Ross Burton ross.burton@intel.com 2017-11-15T16:47:41+00:00 d71d6854fadc96fc3c75617af3beba02952fdef6 The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. Signed-off-by: Ross Burton <ross.burton@intel.com> 
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

Signed-off-by: Ross Burton <ross.burton@intel.com>
python: fix RDEPENDS on several recipes, due to non-existent packages 2018-01-20T22:31:13+00:00 Alejandro Hernandez alejandro.hernandez@linux.intel.com 2017-08-04T21:14:02+00:00 3328211afdef8ffb00dd4dff1143959d5412b075 The packaging has been altered slightly so ensure the dependencies are all still valid. Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The packaging has been altered slightly so ensure the dependencies are all still
valid.

Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>