mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-26 11:29:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2abfdcfd1c2f8d450f482fbf6922c5d2371d0aef
poky/meta/recipes-core/libxml/libxml2.inc
Joe MacDonald b05755c6ef libxml2: fix CVE-2014-3660 
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete.  It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature.  This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.

References:
    http://www.openwall.com/lists/oss-security/2014/10/17/7
    https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html

(From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f)

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-10-24 17:36:16 +01:00

78 lines
3.3 KiB
PHP
Raw Blame History

SUMMARY = "XML C Parser Library and Toolkit"
DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat."
HOMEPAGE = "http://www.xmlsoft.org/"
BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \
file://hash.c;beginline=6;endline=15;md5=96f7296605eae807670fb08947829969 \
file://list.c;beginline=4;endline=13;md5=cdbfa3dee51c099edb04e39f762ee907 \
file://trio.c;beginline=5;endline=14;md5=6c025753c86d958722ec76e94cae932e"
DEPENDS_class-nativesdk = "nativesdk-python"
DEPENDS_class-native = "python-native"
DEPENDS =+ "zlib"
SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://libxml-64bit.patch \
file://ansidecl.patch \
file://runtest.patch \
file://run-ptest \
file://libxml2-CVE-2014-0191-fix.patch \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
file://libxml2-CVE-2014-3660.patch \
"
BINCONFIG = "${bindir}/xml2-config"
inherit autotools pkgconfig binconfig-disabled pythonnative ptest
RDEPENDS_${PN}-ptest += "python-core"
RDEPENDS_${PN}-ptest_append_libc-glibc += "glibc-gconv-ebcdic-us glibc-gconv-ibm1141"
# We don't DEPEND on binutils for ansidecl.h so ensure we don't use the header
do_configure_prepend () {
sed -i -e '/.*ansidecl.h.*/d' ${S}/configure.in
}
do_configure_prepend_class-nativesdk () {
# Ensure we get the correct site-packages path
export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}"
}
# WARNING: zlib is require for RPM use
EXTRA_OECONF = "--without-python --without-debug --without-legacy --with-catalog --without-docbook --with-c14n --without-lzma --with-fexceptions"
EXTRA_OECONF_class-native = "--with-python=${STAGING_BINDIR}/python --without-legacy --without-docbook --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF_class-nativesdk = "--with-python=${STAGING_BINDIR}/python --without-legacy --without-docbook --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF_linuxstdbase = "--without-python --with-debug --with-legacy --with-docbook --with-c14n --without-lzma --with-zlib"
# required for pythong binding
export HOST_SYS
export BUILD_SYS
export STAGING_LIBDIR
export STAGING_INCDIR
export LDFLAGS += "-ldl"
python populate_packages_prepend () {
# autonamer would call this libxml2-2, but we don't want that
if d.getVar('DEBIAN_NAMES', True):
d.setVar('PKG_libxml2', '${MLPREFIX}libxml2')
}
PACKAGES += "${PN}-utils ${PN}-python"
FILES_${PN}-dbg += "${PYTHON_SITEPACKAGES_DIR}/.debug"
FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a"
FILES_${PN}-dev += "${libdir}/xml2Conf.sh"
FILES_${PN}-utils += "${bindir}/*"
FILES_${PN}-python += "${PYTHON_SITEPACKAGES_DIR}"
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
}
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink