With rss, moving these around was having an increasing overhead and we don't
need them in the native case so remove them.
(From OE-Core rev: 3b8dcd210a494baecead7dd1e568fb60ac93ed9b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
(From OE-Core rev: 7c552996597faaee2fbee185b250c0ee30ea3b5f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.
(From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
(From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
xpath:
- Check for errors after evaluating first operand.
- Add sanity check for empty stack.
- Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
(From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through
2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to the XPointer range-to function.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131
Patch from:
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
(From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The XML W3C conformance test suite contains thousands of xml files all
marked executable. We dutifully try to strip all these files of debug
info in do_package.
"chmod -x" improves build time by ~40 seconds.
(From OE-Core rev: eb9cdf6b9277d23d1696233fccc4689e6030644c)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
(From OE-Core rev: 1a505037e9a6dc86b523b378d6446baae71f1a2c)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We patch Python's distutils modules to access STAGING_INCDIR/LIBDIR, so when
they are not set, scripts that utilize distutils (e.g. python-config) fail.
Several recipes need to export those manually to prevent such failures,
so let's do that in the class instead.
PYTHON variable is exported because otherwise autotools' python.m4
macro will pick up its own internal default, which may not be the version
that we want.
glib recipe in particular was previously using Python 2.x during build due to python.m4
defaulting to it - now it's using Python 3.x, and so needs a small fix in
deletion of *.pyc files.
(From OE-Core rev: c1e0eb62f2d89b10b187016200018830b1c77945)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Drop configure.ac-fix-cross-compiling-warning.patch,
libxml2 2.9.4 has fixed it
(From OE-Core rev: 323c7cec65603476994dde196f4c2c151d0e0d31)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code that utilized them was superseded by the code (in the same patch!)
that is utilizing STAGING_LIBDIR/STAGING_INCDIR, and wasn't correct in the
first place as HOST_SYS is not necessarily the same as the sysroot directory
name.
(From OE-Core rev: 8834e81a38c24a066bb4fefa93da61011d0db244)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix the following QA warnings:
WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2 rdepends on
libiconv, but it isn't a build dependency, missing libiconv in DEPENDS
or PACKAGECONFIG? [build-deps]
WARNING: libxml2-2.9.3-r0 do_package_qa: QA Issue: libxml2-python
rdepends on libiconv, but it isn't a build dependency, missing libiconv
in DEPENDS or PACKAGECONFIG? [build-deps]
(From OE-Core rev: 3d97a40cffb780cda4d4acf6d87371427912228b)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code: suppose $1 == 2.7:
verdep=ifelse([$1], [], [], [>= $1])
results in:
verdep=>= 2.7
This is wrong in shell:
bash: 2.7: command not found
Use quotation marks to fix the problem.
(From OE-Core rev: 190b57a5f130f8a48d417ad472c0131c49302ee1)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In some recipes overly-split -dbg packages were merged into PN-dbg. Unless
there's a very good reason, recipes should have a single -dev and -dbg package.
(From OE-Core rev: a3b000643898d7402b9e57c02e8d10e677cc9722)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Drop all the upstreamed patches
- Rework the ansidecl removal so it's contained in a single patch
(From OE-Core rev: 88e68f25e1756988692108d4c15dfa8efc94e5e5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2 is able to find libdl.so on its own.
(From OE-Core rev: 148a2d80ea4b095a77e5d4edc1ca964708c3f4d1)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled
[YOCTO #8641]
(From OE-Core rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
for CVE-2015-1819 Enforce the reader to run in constant memory
(From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have libxml2-python for native and nativesdk, but don't have it for
target, and can't find the reason from the git log, libxml2-python is
widely used, after looked into it's configure.in, we can add it
by PACKAGECONFIG.
The previous --with-python=${STAGING_BINDIR}/python is incorrect, it
acted as work becase it's conigure can check automatically, python is in
${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN}, as known as
${PYTHON}.
Add python to PACKAGECONFIG, since createrepo rdepends on
libxml2-python, otherwise the target createrepo can't work.
(From OE-Core rev: ed72e123724599e70eb4d283f06fca3e56a8b50a)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is a backport patch, and verified that the patch is in the source.
(From OE-Core rev: 9a3178b4d3c454e76a0af59afc7b326589c4c666)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Makes it more portable
Change-Id: I7bbc4cc0ebc26d54248b8433dab94db207615445
(From OE-Core rev: 0dfe553d58a76cc0d2592cf5746a1f24a3cd6ee4)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.
[YOCTO #7134]
(From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Rebase python-sitepackages-dir.patch to 2.9.2
- Drop libxml2-CVE-2014-3660.patch which has been merged to 2.9.2.
- Add configure.ac-fix-cross-compiling-warning.patch to fix cross
compilation failure.
- Tweak do_configure_prepend, use configure.ac to instead of configure.in
- Add cmake files to ${PN}-dev
(From OE-Core rev: 06f555fa5a36dbf63b26c3734dbbd0b5af16dc33)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete. It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature. This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.
References:
http://www.openwall.com/lists/oss-security/2014/10/17/7https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
(From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f)
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
change use of eglibc related variabled to glibc equivalents
(From OE-Core rev: fd15d6e0c8da75951a91d4467eda23c229b1026d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add bash, python or perl to the ptest pkgs to fix the RDEPENDS issues.
(From OE-Core rev: d081a85fc76e2b7a469c6c70175ecf7aed9de053)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The zlib support is a must if you are using RPM backend. So this
explicitly enable it and adds a comment in the recipe to avoid its
removal by mistake.
(From OE-Core rev: 7d056397ab9912316064db850aae05aacabc726c)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream AM_PATH_XML2 uses xml2-config which we disable, so port this macro to
use pkg-config.
(From OE-Core rev: 3ea77e69a839572a948ff6f1e51d3ca789ad8eed)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It let the environment variable XML_CATALOG_FILES could work
which was required by xmlto.
[YOCTO #2416]
(From OE-Core rev: 1ea74a265b3c8f36e07c3cf2c26d8e60518da5a7)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
(From OE-Core rev: 5870bd272b0b077d0826fb900b251884c1c05061)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We enable the python module in nativesdk-libxml2, but the python binary
used is in the native sysroot and thus you get the module installed in
the wrong path. Even with that fixed the python files are still
unpackaged, so create an ${PN}-python package and add them to it. (This
does not affect the libxml target build at all since python is disabled
for that.)
(From OE-Core rev: e3d06aa104065748367e1479138f824da5d9951f)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors.
Reference: https://access.redhat.com/security/cve/CVE-2014-0191
(From OE-Core rev: 674bd59d5e357a4aba18c472ac21712a660a84af)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This CVE patch is actually against Chromium as they ship an internal fork of
libxml2 and breaks ABI. The real issue has been resolved in libxslt 1.1.27, and
we're shipping 1.1.28.
(From OE-Core rev: e6c60252ab4ba6842f63c6b8a519a85f2ff238fb)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Install libxml2 test suite and run it as ptest.
(From OE-Core rev: 22cf4cc85fbe21a53ca4684b0b06b9af20b2ecc5)
Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is necessary since libxml2 has python dependency.
This patch will fix this error:
...
/path/to/build/system/4.7.2/ld: cannot find -lpython2.7
...
ERROR: Task 4152 (virtual:nativesdk:meta/recipes-core/libxml/libxml2_2.9.0.bb, do_compile) failed with exit code '1'
(From OE-Core rev: 4f2b3e3831bdc5707eacdab571ab207d8b09953e)
Signed-off-by: Felipe F. Tonello <eu@felipetonello.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
the patch come from:
http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
/include/libxml/tree.h?r1=56276&r2=149930
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
does not properly support a cast of an unspecified variable during handling
of XSL transforms, which allows remote attackers to cause a denial of service
or possibly have unknown other impact via a crafted document, related to the
_xmlNs data structure in include/libxml/tree.h.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
[YOCTO #3580]
[ CQID: WIND00376779 ]
Upstream-Status: Pending
(From OE-Core rev: bc601f96f34ad17a87f599b58e502ec1b2c13fa3)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Without this flag, the library has a problem with C++ programs using exception handling.
(From OE-Core rev: ff5552a8432298c32aec2ace72656b0d7059dad3)
Signed-off-by: Zhenhua Luo <b19537@freescale.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The overrides virtclass-native and virtclass-nativesdk are deprecated,
which should be replaced by class-native and class-nativesdk.
[YOCTO #3297]
(From OE-Core rev: 5193485a42dfb3396d0f12aaa7732c5db29d7338)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add pythonnative to the inherits list
(From OE-Core rev: fae8b8e3f172a7523c0d5cc416031f3d571b9f81)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cmake looks at all include statements, even if they're not used. To make
builds deterministic and avoid needing to add binutils as a dependency
for libzypp, completely remove the include from the header file, even if
it is never used.
This avoids issues where you'd build binutils, then libzypp, then remove
binutils (and hence ansidecl.h) and then recompile libzypp which would
still have the dependency and hence fail.
(From OE-Core rev: bfaaeb44c5023e2d2a9414c07694c75fa527283b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
removed 2 patches that are now fixed upstream
updated hash.c LIC_FILES_CHKSUM due to updating the date to 2012
(From OE-Core rev: b13b2894217ba085931b2a0410b7715d7fa13868)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Kjellerstedt
Richard Purdie
Joshua Lock
Andrej Valek
Yi Zhao
Jussi Kukkonen
Jackie Huang
Alexander Kanavin
Hongxu Jia
Maxin B. John
Robert Yang
Ross Burton
Andre McCurdy
Armin Kuster
Yue Tao
Khem Raj
Joe MacDonald
Otavio Salvador
Paul Eggleton
Maxin B. John
Saul Wold
Mihaela Sendrea
Felipe F. Tonello
Li Wang
Zhenhua Luo
Morgan Little
Marcin Juszkiewicz