summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/libxml
AgeCommit message (Collapse)Author
2021-05-18libxml2: Add bash dependency for ptests.Tony Tascioglu
Before, running ptests on core-image-minimal would result in an error due to missing /bin/bash: [ -d test ] || ln -s ../libxml2-2.9.10/test . make: /bin/bash: No such file or directory make: *** [Makefile:2105: runtests] Error 127 Changing the Makefile to use /bin/sh results in some of the tests failing, so I have added the missing dependancy on bash. (From OE-Core rev: d2e81298c446aec8d7fcf61fd5023ac30350f205) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-05-18libxml2: Reformat runtest.patchTony Tascioglu
Reformatted runtest.patch to allow it to be applied using git am. This makes it easier to apply the series of patches to the original git repo. There are no changes to the code of the patch other than the reformat. Previously, the patch claimed to be a backport, but I have not found an upstream commit so I've changed the Upstream-Status to pending. (From OE-Core rev: 0361d625e1573e846a2f03ed90a8b897bc405160) Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-30libxml2: add a patch to fix python 3.9 supportAlexander Kanavin
(From OE-Core rev: 0d0acc5fefc96ee0f0a856f7fa34caf92e03138f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10libxml2: Fix CVE-2020-24977Ovidiu Panait
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1). Reference: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 (From OE-Core rev: 92dc02b8f03f3586de0a2ec1463b189a3918e303) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-06-12meta: Don't inherit 'features_check' in recipes that don't utilize itJacob Kroon
(From OE-Core rev: e5591eb5165b1b7287a12928e2b179ae2b5ce5d6) Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-02-15libxml2: Update patch upstream statusRichard Purdie
(From OE-Core rev: aca3900b9302e619fa6cd3b8a7b3fcae3b2ffe8d) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-02-15libxml2: Fix CVE-2019-20388Lee Chee Yang
see: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 (From OE-Core rev: 12a5eb0ea6f530ad7be2e58d4091b4edadbf461b) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-02-05libxml2: fix CVE-2020-7595Anuj Mittal
(From OE-Core rev: f2f7aa9a495774fe5a2e3947584cb3503bd1eaf1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-16libxml2: update to 2.9.10Alexander Kanavin
(From OE-Core rev: de72e0440bc36fab09a7e3c13d3967c97dcda66b) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-11-21distro_features_check: expand with MACHINE_FEATURES and COMBINED_FEATURES, ↵Denys Dmytriyenko
rename Besides checking DISTRO_FEATURES for required or conflicting features, being able to check MACHINE_FEATURES and/or COMBINED_FEATURES may also be useful at times. Temporarily support the old class name with a warning about future deprecation. (From OE-Core rev: 5f4875b950ce199e91f99c8e945a0c709166dc14) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-05-12libxml2: upgrade 2.9.8 -> 2.9.9Hongxu Jia
- Drop backported fix-CVE-2017-8872.patch, fix-CVE-2018-14404.patch and 0001-Fix-infinite-loop-in-LZMA-decompression.patch (From OE-Core rev: dc51f92b2a6f2439fa93b9b0c1d8c4c13e884813) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-28default-distrovars: Drop DISTRO_FEATURES_LIBCKhem Raj
After eglibc was merged into glibc, Kconfig support was also dropped so these libc features therefore are not effective anymore and can be removed (From OE-Core rev: c62b1cc06613a4cdddf53290e6203559f43fc62d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-12-05packages: respect PACKAGE_NO_GCONVKai Kang
PACKAGE_NO_GCONV is set in libc-package.bbclass if not all of 'libc-charsets libc-locale-code libc-locales' included in DISTRO_FEATURES. And then no packages glibc-gconv-* glibc-charmap-* and glibc-localedata-* is created. Update recipes and conf file which depend on these packages to check required distro features. (From OE-Core rev: 58446992de0f16a345f1f55b66d0d34d31dc341b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-10libxml2: Make it compatible with externalsrcPeter Kjellerstedt
Fetch the test tar ball to a subdirectory in ${S}. This avoids the following error after having done `devtool modify libxml2`: | DEBUG: Executing shell function do_configure | find: ‘.../build/tmp/work/mips32r2el-nf-poky-linux/libxml2/2.9.4-r0/xmlconf/’: No such file or directory (From OE-Core rev: d0d55add6cb01252a46d829ade75666920b676fa) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-10libxml2: move xmlcatalog and xmllint back into libxml2-utilsAndre McCurdy
Packaging of libxml2-utils has been broken since 2011: http://git.openembedded.org/openembedded-core/commit/?id=76052861cc95fd4ad4c4b9eb6ce4cd1065ad4dc9 (From OE-Core rev: 6f49e72dbb36d0a42993e7c788c17ff03571ece7) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-04libxml2: refresh CVE-2017-8872Ross Burton
The patch associated with the CVE-2017-8872 report was never merged into libxml2, but a slightly different patch for the same problem was. Cherry-pick that as a backport, which also fixes the failing test suite. (From OE-Core rev: 512869aea6dde1bb2374601f7c4d793ac9edaa42) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-08-20libxml2: fix CVE-2018-9251 and CVE-2018-14567Hongxu Jia
(From OE-Core rev: b91b276696fb5e0b633b73be408bd750ac4e28ce) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-08-14libxml2: Fix CVE-2018-14404Andrej Valek
Fix nullptr deref with XPath logic ops If the XPath stack is corrupted, for example by a misbehaving extension function, the "and" and "or" XPath operators could dereference NULL pointers. Check that the XPath stack isn't empty and optimize the logic operators slightly. CVE: CVE-2018-14404 (From OE-Core rev: 69315177732a1d260a3315fe8c4c4c44653ae0c8) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-08-02libxml2: fix libxml2 ptest failsChangqing Li
for core-image-minimal image, missing these two dependency will cause below warning and error: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) ./test/icu_parse_test.xml generated an error (From OE-Core rev: 848031cf0b89b752c6fedcb63fc6938642a87fd8) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-05libxml2: fix CVE-2017-8872Hongxu Jia
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. https://bugzilla.gnome.org/show_bug.cgi?id=775200 (From OE-Core rev: dac867dc63af70ae992c50697d2be95c3e7b58bb) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-05-04libxml2: 2.9.7 -> 2.9.8Andrej Valek
(From OE-Core rev: de24ead63802523daa19ce8528ac95d9e041eaf8) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-07libxml: refresh patchesRoss Burton
The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: d71d6854fadc96fc3c75617af3beba02952fdef6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-01-20python: fix RDEPENDS on several recipes, due to non-existent packagesAlejandro Hernandez
The packaging has been altered slightly so ensure the dependencies are all still valid. (From OE-Core rev: 3328211afdef8ffb00dd4dff1143959d5412b075) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-01-14libxml2: fix makefile for ptestsAnuj Mittal
Changes to Makefile in latest version mean when "make -k runtests" is executed, it leads to errors like: | make: *** No rule to make target 'runtest.c', needed by 'runtest.o'. | make: *** No rule to make target 'SAX.c', needed by 'SAX.lo'. | make: *** No rule to make target 'entities.c', needed by 'entities.lo'. | make: *** No rule to make target 'encoding.c', needed by 'encoding.lo'. Make sure that we don't try to check and compile the tests again on the target. (From OE-Core rev: 5cf92ca436e1a1ba60fec8b30b6cb3cfd4842bc8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-08libxml2: 2.9.5 -> 2.9.7Andrej Valek
(From OE-Core rev: 090eeccce74554bd4282b6a0407963037bc761a9) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05libxml2: 2.9.4 -> 2.9.5Andrej Valek
(From OE-Core rev: a0d2427bb86668215d7c9e1be07cb9a2d86f6755) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-10-16libxml2: use HTTP instead of FTP in SRC_URIRoss Burton
HTTP is more reliable in general so use it instead of FTP. (From OE-Core rev: bdc71968923941b0720d34a5ce06d82ab2a63b4f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-10-07libxml2-ptest: set LC_ALL=en_US.UTF-8Juro Bystricky
We need to specify UTF-8 in the environment to avoid an error such as: UnicodeEncodeError: 'ascii' codec can't encode character '\xe4' (From OE-Core rev: d7f1fe6c8419b8c59e601c56245373d094cae298) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-10-07libxml2-ptest: support for encoding ISO-8859-5Juro Bystricky
This fixes the error: ./test/errors/759398.xml:1: parser error : Unsupported encoding ISO-8859-5 <?xml version='1.0' encoding='ISO-8859-5' standalone='no'?> ^ ./test/errors/759398.xml : failed to parse FAIL: Error cases stream regression tests (From OE-Core rev: 01257f43e024b49196cb756501b098193d1f6085) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-10-07libxml2-ptest: improve reproducibilityJuro Bystricky
Remove various build host references from libxml-ptest package. [YOCTO #11997] (From OE-Core rev: c2b53ec8d15b97da73353623c0cfe287f74992bf) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-27libxml2: Fix CVE-2017-8872Hongxu Jia
fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403) https://bugzilla.gnome.org/show_bug.cgi?id=775200 Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address" ... export CC="clang" export CFLAGS="-fsanitize=address" ./configure --disable-shared make clean all -j wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc ./xmllint --html --push poc ==2785==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08 READ of size 1 at 0x000000a0de21 thread T0 #0 0x6a7f6d (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d) #1 0x6a7356 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356) #2 0x4f4504 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504) #3 0x4f045e (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e) #4 0x7f81977d682f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x419ad8 (/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8) ... (From OE-Core rev: a615b0825927a09a0aa8312d131c9acbaef8956d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-27meta: Fix malformed Upstream-Status tagsRoss Burton
Fix a variety of spelling and format mistakes to improve the ease of reading the tags programatically. (From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-23libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading ↵Andrej Valek
even local" The new flag doesn't work and the change even broke the XML_PARSE_NONET option. (From OE-Core rev: 8b586f60778579ee2c9adae429128a07e8437553) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-23libxml2: Fix CVE-2017-0663Andrej Valek
Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 (From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-23libxml2: Fix CVE-2017-5969Andrej Valek
Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 (From OE-Core rev: 0cae039cbe513b7998e067f4f3958af2ec65ed1a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-23libxml2: Fix CVE-2017-9049 and CVE-2017-9050Andrej Valek
Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Fixes bug 781205 and bug 781361 CVE: CVE-2017-9049 CVE-2017-9050 (From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-23libxml2: Fix CVE-2017-9047 and CVE-2017-9048Andrej Valek
xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 (From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-23libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2Andrej Valek
(From OE-Core rev: 4651afdd457eca06da07331186bf28b98df2eeff) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-23libxml2: Disable LeakSanitizer when running API testsAndrej Valek
Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] (From OE-Core rev: e3985be0ddb40e8db44422092c875a4e373a6da3) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-12libxml2: Make ptest run the Python tests if Python support is enabledPeter Kjellerstedt
Since we go through the trouble of copying the Python tests, we may as well actually run them... This also avoids the following QA issue: ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue: /usr/lib/libxml2/ptest/python/tests/push.py contained in package libxml2-ptest requires /usr/bin/python, but no providers found in RDEPENDS_libxml2-ptest? [file-rdeps] (From OE-Core rev: 65bc9fac6dc6ba5252bf105659724c768d65f9d9) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-05-11libxml2: move python module to Python 3Alexander Kanavin
(From OE-Core rev: e73ac0196f031d254969f6c693a0e31071270cab) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-29libxml2: CVE-2016-9318Catalin Enache
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-05libxml2: make dependencies on python conditionalDmitry Rozhkov
The library libxml2 can provide its own bindings for python2 in addition to the third party python-lxml and python3-lxml packages if this functionality is enabled in PACKAGECONFIG. But in case the functionality is disabled there's no need to depend on python2. Make the dependency on python2 enabled only if the python feature is added to PACKAGECONFIG. Also add missing run-time dependency on make to libxml2-ptest. (From OE-Core rev: 3f1be2c3875fc112d9c67af16759091e007e5b99) Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-03-01recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt
(From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-01-28libxml2: Drop docs in native caseRichard Purdie
With rss, moving these around was having an increasing overhead and we don't need them in the native case so remove them. (From OE-Core rev: 3b8dcd210a494baecead7dd1e568fb60ac93ed9b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-12-16meta: remove True option to getVar callsJoshua Lock
getVar() now defaults to expanding by default, thus remove the True option from getVar() calls with a regex search and replace. Search made with the following regex: getVar ?\(( ?[^,()]*), True\) (From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-12-16libxml2: Fix more NULL pointer derefsAndrej Valek
The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-12-16libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ↵Andrej Valek
ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. (From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-12-16libxml2: Necessary changes before fixing CVE-2016-5131Andrej Valek
xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes (From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-11-30libxml2: Security fix CVE-2016-5131Yi Zhao
CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e (From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>