Changelog:
===========
- extensions: Don't search imports for extension prefixes
- transform: Check maximum depth when processing default templates
- build: Add more missing includes
- python: Don't set deprecated global
- build: Add missing includes
- imports: Limit nesting depth
- extensions: Report top-level elements in xsltDebugDumpExtensions
- Add extern "C" { } block to xsltlocale.h
- python: Make it compatible with python3.12
- date: Fix check for localtime_s
- date: Fix check for gmtime_s
- pkg-config files include cflags for static builds
- Handle NOCONFIG case when setting locations from CMake target properties
- autotools: Make xslt-config executable
- tests: Structured error handler now passes a const xmlError
- python: Fix tests on MinGW
- fuzz: Fix xmlFuzzEntityLoader after recent libxml2 changes
(From OE-Core rev: 48b353f3fb8e5ab1853cba7faa3065d2fe6f36b4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have libxml2 2.9.14 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.
(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Security
[CVE-2021-30560] Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
Fixed regressions
Fix performance regression with predicates in patterns
Fix regression in xsltComputeSortResult
Bug fixes
Fix conflict resolution for templates with same priority
Fix xsl:number generating invalid UTF-8
Support attribute value templates in xsl:sort lang attributes
Don't pass first xsl:sort in xsl:apply-templates twice
Fix quadratic runtime with text and xsl:message
Don't allow empty EXSLT durations
Improvements
Add xsltproc --huge Argument via libxml XML_PARSE_HUGE (William N. Braswell, Jr.)
Tests, code quality, fuzzing
Remove .travis.yml
Fix some misleading indentation (David King)
Use actual types for templates in struct _xsltStylesheet
Add CI for CMake on MSVC (Markus Rickert)
Check for null pointer before calling freelocale
Add CI test for Python 3
Don't set maxDepth in XPath contexts
Transfer XPath limits to XPtr context
Stop using maxParserDepth XPath limit
Make long-to-double cast explicit in date.c
Disable LeakSanitizer
Run clang CI tests with -Wimplicit-int-conversion
Fix implicit-int-conversion warning in exslt/crypto.c
Fix clang -Wimplicit-int-conversion warning (David Kilzer)
Fix clang -Wconditional-uninitialized warning in libxslt/numbers.c (David Kilzer)
Fix -Wshadow warnings in libexslt/dynamic.c (David Kilzer)
Also search parent dir for source XML when fuzzing
Build system, portability
Add CMake build files (Markus Rickert)
Initial support for Python 3 (Suleyman Poyraz)
Call ANSI versions of WinAPI functions explicitly
Remove redundant flags from pkg-config files
Suppress automake warning in tests/XSLTMark
Fix linking libexslt dynamic library when using MinGW (Vadim Zeitlin)
Added platform specific path separators (Dmitriy Korovkin)
win32: allow passing *FLAGS on command line
Fix export of xsltExtMarker on Windows (David Kilzer)
Fix redundant includes already in libexslt.h (David Kilzer)
Minor fixes to configure.js
Fix variable syntax in Python configuration
Add new EXSLT string tests to EXTRA_DIST
Fix xml2-config check in configure script
win32: Add configuration for profiler (Chun-wei Fan)
Check whether 'xml2-config --dynamic' is supported
Documentation
Add Makefile rule to regenerate xsltproc.html
Update links
Remove MAINTAINERS
Upload documentation to GitLab Pages
Add documentation in devhelp format
Add --enable-rebuild-docs configure option
Fix libexslt header summaries
Fix validity of tutorial XML (David King)
Use DocBook URL for tutorial DTD (David King)
Update libxslt.doap
Add missing options to xsltproc man page
(From OE-Core rev: 6b5b1486bbd381b2b657645e91a1712332ddcb94)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
xsltconfig.h is generated and can be different between multilibs
(From OE-Core rev: 966a8d95da1d1bbf59d2d4068c27821e8a54ee5f)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The XML catalogue is now at the canonical path, ${sysconfdir}/xml/catalog.
(From OE-Core rev: 2c91c3ef14269b7b329b3008e5b3a8e65ea4f494)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The version number isn't useful in /usr/share/doc as we can only install one
copy of libxslt, and this reduces noise in buildhistory-diff reports.
(From OE-Core rev: f9290f37b6dcaa18b09929ca3c18a4c8d0876364)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set the context variable to NULL when evaluating EXSLT functions.
Fixes potential use-after-free errors or memory leaks.
Fixes bug 792580
(From OE-Core rev: a997bcd3f985b65141f9b7a497581da2fd7afc10)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was patching -lxslt directly into the pkgconfig file, but XSLT_LIBS already
contains this so the patch is redundant.
(From OE-Core rev: 57b811b61dfbea551e6a4bdd98ec697729f1411b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop upstreamed patches, including pkg-config support patch,
as upstream now does use pkg-config.
configure.in is now configure.ac, adjust recipe accordingly.
(From OE-Core rev: e9d487de8b5c03108c8c25c0365d5bd6b48f03e9)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Libraries must be linked with "-lm", otherwise gold fails to link
binaries with those libraries.
(From OE-Core rev: 9175164380b50852a21a05d4e81294394c5486f4)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The currnet patches in OE-core doesn't have the "CVE:"
tag, now part of the policy of the patches.
This is patch add this tag to several patches. There might
be patches that I miss; the tag can be added in the future.
(From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
(From OE-Core rev: 0f89bbab6588a1171259801fa879516740030acb)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When run <make universe.fetchall>, the make will be broken because
nativesdk-boost and nativesdk-libxslt don't exist.
nativesdk-boost is depended by nativesdk-curlpp.
nativesdk-libxslt is depended by nativesdk-python-lxml.
In condition that meta-openembedded is compiled in.
Add nativesdk building for boost and libxslt.
(From OE-Core rev: 1bb2c58ef7de3a1d52b4a29ca3cc230defe6c21d)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
By default, xsltproc from libxslt would use configuration files under
/etc/xml. To avoid host system contamination, we create a wrapper for
this command to make it use configuration files in the sysroot directory.
(From OE-Core rev: f14ecfa98baf98edf47b6820d3b0b3af376c5623)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds a binconfig-disabled class which can be used by recipes where
a -config file is installed but we wish to disable it and just rely on
the .pc files instead.
Rather than simply deleting it, we make the script "exit 1" so that it
can be found in PATH and raise a build error rather than something
silently falling back to the build system for example.
Rather than randomly finding -config files, this adds in the
specification of a list of binconfig scripts which is more deterministic
and maintainable moving forward.
This patch converts various users in OE-Core to use this, a world build
of OE-Core tests out ok with this change. There will likely be issues in
other layers however, hence this being a RFT.
(From OE-Core rev: 5870bd272b0b077d0826fb900b251884c1c05061)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A lot of our recipes had short one-line DESCRIPTION values and no
SUMMARY value set. In this case it's much better to just set SUMMARY
since DESCRIPTION is defaulted from SUMMARY anyway and then the SUMMARY
is at least useful. I also took the opportunity to fix up a lot of the
new SUMMARY values, making them concisely explain the function of the
recipe / package where possible.
(From OE-Core rev: b8feee3cf21f70ba4ec3b822d2f596d4fc02a292)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove all PR = "r0" from all .bb files in oe-core. This was done
with the command sed -e '/^PR.*=.*r0\"/d' recipes*/*/*.bb -i
We've switching to the PR server, PR bumps are no longer needed and
this saves people either accidentally bumping them or forgetting to
remove the lines (r0 is the default anyway).
(From OE-Core rev: 58ae94f1b06d0e6234413dbf9869bde85f154c85)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The timestamps in libxslt-1.1.28.tar.gz (specifically) are rather hokey, making
the source files for the documentation appear newer than the generated output:
-rw-rw-r-- 500/500 16307 2012-11-21 07:22 libxslt-1.1.28/doc/xsltproc.xml
-rw-rw-r-- 500/500 7082 2012-09-12 07:24 libxslt-1.1.28/doc/xsltproc2.html
-rw-rw-r-- 500/500 9475 2012-09-04 15:26 libxslt-1.1.28/doc/xsltproc.html
-rw-rw-r-- 500/500 8256 2012-11-21 06:03 libxslt-1.1.28/doc/xsltproc.1
This causes make to decide that xsltproc.1 needs to be regenerated during the
installation process. However, this requires a native xsltproc binary which
may not be available, leading to errors like:
| make[2]: /usr/bin/xsltproc: Command not found
| make[2]: [xsltproc.1] Error 127 (ignored)
Adding DEPENDS_class-target = "libxslt-native", or installing xsltproc in the
host environment, fixes the above but the documentation still doesn't build:
| I/O error : Attempt to load network entity http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
| warning: failed to load external entity "http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"
| error
| xsltParseStylesheetFile : cannot parse http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
| compilation error: file ./xsltproc.xml line 10 element refentry
| xsltParseStylesheetProcess : document is not a stylesheet
And in any case, requiring libxslt-native would increase build time for no
real benefit. So, let's just adjust the timestamp on the shipped copy of
xsltproc.1 to make it appear newer than the source files.
(From OE-Core rev: 12074bf5319c1086f86efd00f502c91fed344698)
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't DEPEND on binutils for ansidecl.h so ensure we should never
use the header. This makes builds determinstic and means something like:
bitbake binutils
bitbake libxml2 -c configure
bitbake binutils -c clean
bitbake libxml2
doen't fail to build.
(From OE-Core rev: fe6cabfb0c6f382ef6131e07437b90c2afbf5488)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes the warning:
WARNING: For recipe libxslt, the following files/directories were installed but not shipped in any package:
WARNING: /usr/lib/libxslt-plugins
It makes sense for the package to own the plugins directory.
(From OE-Core rev: 9be4f5f6e0e28429b1a0c04561bfb79b54f0599d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dont use autotools, it really not so autoconf like.
the configure script gets updated with every release of zlib
and we overwrite that. Instead use the upstream provided
configure
copyright year was changed in zlib.h which caused change in
LIC_FILE_CHECKSUM
fix.inverted.LFS.logic.patch is already applied upstream so drop it
Drop the configure.ac and Makefile.am scripts since we do not
autoreconf anymore and do not inherit autotools anymore
Bump PR for depending recipes so a rebuild it ensues so that
they dont depend on .la anymore
and add missing dependencies discovered during incremental
build
(From OE-Core rev: 50ad5230ea9e0982cdfda23fb9fcfccf89d28f29)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* COPYING is replaced by symlink to Copyright during do_configure
(see configure.in), then we end with link to nonexistent file like this:
OE om-gta02@shr ~/shr-core $ ll tmp/deploy/licenses/libxslt/
total 40
drwxr-xr-x 2 bitbake bitbake 4096 Nov 2 00:27 ./
drwxr-xr-x 818 bitbake bitbake 32768 Nov 2 00:27 ../
lrwxrwxrwx 1 bitbake bitbake 9 Nov 2 00:27 COPYING -> Copyright
lrwxrwxrwx 1 bitbake bitbake 52 Nov 2 00:27 generic_MIT -> /OE/shr-core/tmp/deploy/licenses/common-licenses/MIT
(From OE-Core rev: c67130e40018742463e1bd4914eb7c280425f4e8)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some place pnum=1 is used which is removed as well since
striplevel=1 is default
(From OE-Core rev: 4e108857e0d40105f7ecbc55e99bd6c367bb7386)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This prevents warnings about .a files being installed but not shipped.
(From OE-Core rev: 187302dcc1536469a01c6ebd433eda4a4c2c411a)
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxslt provides a binconfig that may be used to cross-compile/-link against the
target library.
(From OE-Core rev: cad05692666fd5355d63718cd9442bcf9abc2a20)
Signed-off-by: Michael Lippautz <michael.lippautz@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
