mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-03-10 09:19:41 +01:00

Author	SHA1	Message	Date
Peter Marko	8d61eb390a	libxml2: add follow-up patch for CVE-2026-0992 References: * https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/377 (From OE-Core rev: 2c8e455148e12e097ff757bcf0a57d7d5bd77c30) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2026-02-16 09:52:35 +00:00
Peter Marko	bd21ac68d0	libxml2: patch CVE-2026-0992 Pick patch which closed [1]. Adapt for missing xmlCatalogPrintDebug per [2]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 [2] `728869809e` (From OE-Core rev: 826dd15a99433c4066d2cd4546515d174d443350) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2026-02-16 09:52:35 +00:00
Peter Marko	57126cdaa7	libxml2: patch CVE-2026-0990 Pick patch which closed [1]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 (From OE-Core rev: f1bb433bbdb0fa19d7d8cbe15d4180c9d18cca5a) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2026-02-16 09:52:34 +00:00
Peter Marko	35fca9ec35	libxml2: patch CVE-2026-0989 Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 [2] https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 (From OE-Core rev: d201a09eee8efca8a889f0b7a60133e850256369) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2026-02-16 09:52:34 +00:00
Hitendra Prajapati	cc239ca412	libxml2: Security fix for CVE-2025-7425 CVE-2025-7425 libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption Origin: https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.6 Ref : https://security-tracker.debian.org/tracker/CVE-2025-7425 Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 (From OE-Core rev: 315882f25ac3c5e5d210557fd863b3a0fff28850) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-12-17 08:48:37 -08:00
Daniel Turull	3318b5eb4d	libxml2: ignore CVE-2025-8732 The code maintainer disputes the CVE as the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. Source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958" (From OE-Core rev: 348ce728af1cea4f909de5c3597801b5612719e4) Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-08-22 05:59:55 -07:00
Peter Marko	2156b7931e	libxml2: patch CVE-2025-6170 Pick commit referencing this CVE from 2.13 branch. (From OE-Core rev: 061610dfca8a72b71e1baca3ad4aa2c9fb64449b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-08-04 07:55:07 -07:00
Roland Kovacs	6269788fef	libxml2: fix CVE-2025-49795 A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. (From OE-Core rev: b144c3ef3ba1797d925ea44d9450a6ec0fe32047) Signed-off-by: Roland Kovacs <roland.kovacs@est.tech> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-07-29 07:59:52 -07:00
Hitendra Prajapati	6d2f2bd3f7	libxml2: fix CVE-2025-49794 & CVE-2025-49796 Upstream-Status: Backport from `71e1e8af5e` (From OE-Core rev: bb20ddc599314161f3bcd6d5479e81478ceaaa3a) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-07-21 09:07:21 -07:00
Hitendra Prajapati	71e9cf4cd9	libxml2: fix CVE-2025-6021 Upstream-Status: Backport from `acbbeef9f5` (From OE-Core rev: 8777f1b344c7f66a7ef4291bb59af2a5fb466b6a) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-07-11 08:11:53 -07:00
Peter Marko	0396fbd2d9	libxml2: patch CVE-2025-32415 Pick commit from 2.13 branch as 2.12 branch is unmaintained now. (From OE-Core rev: 2335d4f0d1826647eaee224c469331980fc84ed2) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-05-02 08:20:11 -07:00
Peter Marko	02c6da2ecf	libxml2: patch CVE-2025-32414 Pick commit which has been backported to 2.12 release branch. (From OE-Core rev: 187052ce4ddd43b46b8335cc955a63ca19ee6994) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-05-02 08:20:11 -07:00
Peter Marko	10948521ec	libxml2: upgrade 2.12.9 -> 2.12.10 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.10 Security * [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements * [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd * pattern: Fix compilation of explicit child axis Regressions * parser: Fix detection of duplicate attributes Bug fixes * xpath: Fix parsing of non-ASCII names Portability * python: Declare init func with PyMODINIT_FUNC * tests: Fix sanitizer version check on old Apple clang Build * autotools: Set AC_CONFIG_AUX_DIR * cmake: Always build Python module as shared library * cmake: Fix compatibility in package version file (From OE-Core rev: 4540dd4bb71e00b7f8c1a3f5a9e10d482e0b2abd) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-02-28 06:45:14 -08:00

13 Commits