mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-06 08:48:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dadccd9e67d831cfda17035472c41de484ed1c1
poky/meta/recipes-core/libxml/libxml2_2.13.8.bb
Divya Chellam 9218ec5b00 libxml2: upgrade 2.13.6 -> 2.13.8 
This includes CVE-fix for CVE-2025-32414 and CVE-2025-32415.

Changelog:
===========
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8

Regressions

* tree: Fix xmlTextMerge with NULL args
* io: Fix compressed flag for uncompressed stdin
* parser: Fix parsing of DTD content

Security

* [CVE-2025-32415] schemas: Fix heap buffer overflow inxmlSchemaIDCFillNodeTables
* [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver)

(From OE-Core rev: 0b24113405ab0bbb3200bb47fa8ed6abeaa7481b)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-05-01 14:22:54 +01:00

101 lines
4.3 KiB
BlitzBasic
Raw Blame History

SUMMARY = "XML C Parser Library and Toolkit"
DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat."
HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2"
BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://Copyright;md5=f437ed9058e8e5135e47c01e973376ba \
file://dict.c;beginline=6;endline=15;md5=2b4b7b827d2d8b080372433c4c9c85b6 \
file://list.c;beginline=4;endline=13;md5=b9c25b021ccaf287e50060602d20f3a7 \
"
DEPENDS = "zlib virtual/libiconv"
GNOMEBASEBUILDCLASS = "autotools"
inherit gnomebase
SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \
file://run-ptest \
file://install-tests.patch \
"
SRC_URI[archive.sha256sum] = "277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a"
SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
# Disputed as a security issue, but fixed in d39f780
CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
BINCONFIG = "${bindir}/xml2-config"
PACKAGECONFIG ??= "python \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
"
PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
inherit autotools pkgconfig binconfig-disabled ptest
inherit_defer ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)}
LDFLAGS:append:riscv64 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld ptest', ' -fuse-ld=bfd', '', d)}"
RDEPENDS:${PN}-ptest += "bash make locale-base-en-us ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
RDEPENDS:${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}"
RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales"
RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-ebcdic-us \
glibc-gconv-ibm1141 \
glibc-gconv-iso8859-5 \
glibc-gconv-euc-jp \
"
# WARNING: zlib is required for RPM use
EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --with-c14n --without-lzma"
EXTRA_OECONF:class-native = "--without-legacy --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF:class-nativesdk = "--without-legacy --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF:linuxstdbase = "--with-debug --with-legacy --with-c14n --without-lzma --with-zlib"
python populate_packages:prepend () {
# autonamer would call this libxml2-2, but we don't want that
if d.getVar('DEBIAN_NAMES'):
d.setVar('PKG:libxml2', '${MLPREFIX}libxml2')
}
PACKAGE_BEFORE_PN += "${PN}-utils"
PACKAGES += "${PN}-python"
FILES:${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a"
FILES:${PN}-utils = "${bindir}/*"
FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
do_configure:prepend () {
# executables take longer to package: these should not be executable
find ${S}/xmlconf/ -type f -exec chmod -x {} \+
}
do_install_ptest () {
oe_runmake DESTDIR=${D} ptestdir=${PTEST_PATH} install-test-data
cp -r ${S}/xmlconf ${D}${PTEST_PATH}
if ! ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then
rm -rf ${D}${PTEST_DIR}/python
fi
}
# with musl we need to enable icu support explicitly for these tests
do_install_ptest:append:libc-musl () {
rm -rf ${D}/${PTEST_PATH}/test/icu_parse_test.xml
}
do_install:append:class-native () {
# Docs are not needed in the native case
rm ${D}${datadir}/gtk-doc -rf
create_wrapper ${D}${bindir}/xmllint 'XML_CATALOG_FILES=${XML_CATALOG_FILES:-${sysconfdir}/xml/catalog}'
}
do_install[vardepsexclude] += "XML_CATALOG_FILES:-${sysconfdir}/xml/catalog"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink