mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-04-29 00:32:14 +02:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
hongxu	134890aca0	libxml2: fix CVE-2025-6021 According to [1] A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Refer debian [2], backport a fix [3] from upstream [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6021 [2] https://security-tracker.debian.org/tracker/CVE-2025-6021 [3] `acbbeef9f5` (From OE-Core rev: e3a6bf785656243b5adc0775f7480a1eb0e4ae4c) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2025-06-16 17:57:30 +01:00
Peter Marko	2b2d5930ea	libxml2: revert commit breaking patchs in cmake file Make a revert of commit which breaks cross-compilation of depending components. This commit changes path calculation from relative to cmake file to absolute from includedir, which points then the host /usr/include. Submitted upstream ticket [1] to clarify how this should be fixed in libxml2 upstream. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/898#note_2452864 (From OE-Core rev: bc93853c8d2e1da10c000a477093e293fa637761) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2025-05-27 09:01:17 +01:00
Peter Marko	383df93c6f	libxml2: upgrade 2.13.6 -> 2.14.3 Handle CVE-2025-32414 and CVE-2025-32415. * rebased install-tests.patch * removed testsuite testThreads (merged into runtest.c) * `481fd6bbee` * removed IPv6 option (as part of with ftp support removal) * `dba1ed85a3` * added testsuites testlimits testparser (already present before but not executed) License-Update: Mention contributors in Copyright `4bd66d4549` (From OE-Core rev: 6585649fdd2ab9e83dfd60eb77ff7821a1363d50) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2025-05-27 09:01:17 +01:00

hongxu

134890aca0

libxml2: fix CVE-2025-6021

According to [1]

A flaw was found in libxml2's xmlBuildQName function, where integer overflows
in buffer size calculations can lead to a stack-based buffer overflow. This
issue can result in memory corruption or a denial of service when processing
crafted input.

Refer debian [2], backport a fix [3] from upstream

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-6021
[2] https://security-tracker.debian.org/tracker/CVE-2025-6021
[3] acbbeef9f5

(From OE-Core rev: e3a6bf785656243b5adc0775f7480a1eb0e4ae4c)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2025-06-16 17:57:30 +01:00

Peter Marko

2b2d5930ea

libxml2: revert commit breaking patchs in cmake file

Make a revert of commit which breaks cross-compilation of depending
components.
This commit changes path calculation from relative to cmake file to
absolute from includedir, which points then the host /usr/include.
Submitted upstream ticket [1] to clarify how this should be fixed in
libxml2 upstream.

[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/898#note_2452864

(From OE-Core rev: bc93853c8d2e1da10c000a477093e293fa637761)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2025-05-27 09:01:17 +01:00

Peter Marko

383df93c6f

libxml2: upgrade 2.13.6 -> 2.14.3

Handle CVE-2025-32414 and CVE-2025-32415.

* rebased install-tests.patch
* removed testsuite testThreads (merged into runtest.c)
  * 481fd6bbee
* removed IPv6 option (as part of with ftp support removal)
  * dba1ed85a3
* added testsuites testlimits testparser (already present before but not executed)

License-Update: Mention contributors in Copyright
4bd66d4549

(From OE-Core rev: 6585649fdd2ab9e83dfd60eb77ff7821a1363d50)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2025-05-27 09:01:17 +01:00

3 Commits