mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-10 02:33:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ad6333911c8dfb399a94dea37a5188fbf35a2d4
poky/meta/recipes-core/libxml/libxml2_2.9.4.bb
Hongxu Jia 2f84fb232f libxml2: Fix CVE-2017-8872 
fix global-buffer-overflow in htmlParseTryOrFinish (HTMLparser.c:5403)

https://bugzilla.gnome.org/show_bug.cgi?id=775200

Here is the reproduce steps on ubuntu 16.04, use clang with "-fsanitize=address"
...
export CC="clang"
export CFLAGS="-fsanitize=address"

./configure --disable-shared

make clean all -j

wget https://bugzilla.gnome.org/attachment.cgi?id=340871 -O poc

./xmllint --html --push poc
==2785==ERROR: AddressSanitizer: global-buffer-overflow on address
0x000000a0de21 at pc 0x0000006a7f6e bp 0x7ffdfe940c10 sp 0x7ffdfe940c08
READ of size 1 at 0x000000a0de21 thread T0    #0 0x6a7f6d
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7f6d)    #1 0x6a7356
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x6a7356)    #2 0x4f4504
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f4504)    #3 0x4f045e
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x4f045e)    #4 0x7f81977d682f
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)    #5 0x419ad8
(/home/jiahongxu/Downloads/libxml2-2.9.4/xmllint+0x419ad8)
...

(From OE-Core rev: a615b0825927a09a0aa8312d131c9acbaef8956d)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-27 22:30:06 +01:00

100 lines
4.7 KiB
BlitzBasic
Raw Blame History

SUMMARY = "XML C Parser Library and Toolkit"
DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat."
HOMEPAGE = "http://www.xmlsoft.org/"
BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \
file://hash.c;beginline=6;endline=15;md5=96f7296605eae807670fb08947829969 \
file://list.c;beginline=4;endline=13;md5=cdbfa3dee51c099edb04e39f762ee907 \
file://trio.c;beginline=5;endline=14;md5=6c025753c86d958722ec76e94cae932e"
DEPENDS = "zlib virtual/libiconv"
SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
file://libxml-64bit.patch \
file://ansidecl.patch \
file://runtest.patch \
file://run-ptest \
file://python-sitepackages-dir.patch \
file://libxml-m4-use-pkgconfig.patch \
file://libxml2-fix_node_comparison.patch \
file://libxml2-CVE-2016-5131.patch \
file://libxml2-CVE-2016-4658.patch \
file://libxml2-fix_NULL_pointer_derefs.patch \
file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
file://libxml2-CVE-2017-5969.patch \
file://libxml2-CVE-2017-0663.patch \
file://libxml2-CVE-2017-8872.patch \
file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
"
SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
BINCONFIG = "${bindir}/xml2-config"
PACKAGECONFIG ??= "python \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
"
PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
inherit autotools pkgconfig binconfig-disabled ptest
inherit ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3native', '', d)}
RDEPENDS_${PN}-ptest += "make ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-argparse python3-logging python3-shell python3-signal python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
RDEPENDS_${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}"
RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-ebcdic-us glibc-gconv-ibm1141"
export PYTHON_SITE_PACKAGES="${PYTHON_SITEPACKAGES_DIR}"
# WARNING: zlib is require for RPM use
EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --without-docbook --with-c14n --without-lzma --with-fexceptions"
EXTRA_OECONF_class-native = "--without-legacy --without-docbook --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF_class-nativesdk = "--without-legacy --without-docbook --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF_linuxstdbase = "--with-debug --with-legacy --with-docbook --with-c14n --without-lzma --with-zlib"
python populate_packages_prepend () {
# autonamer would call this libxml2-2, but we don't want that
if d.getVar('DEBIAN_NAMES'):
d.setVar('PKG_libxml2', '${MLPREFIX}libxml2')
}
PACKAGES += "${PN}-utils ${PN}-python"
FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a"
FILES_${PN}-dev += "${libdir}/xml2Conf.sh ${libdir}/cmake/*"
FILES_${PN}-utils += "${bindir}/*"
FILES_${PN}-python += "${PYTHON_SITEPACKAGES_DIR}"
do_configure_prepend () {
# executables take longer to package: these should not be executable
find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
}
do_install_ptest () {
cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
sed -i -e 's|^\(PYTHON = \).*|\1${USRBINPATH}/${PYTHON_PN}|' \
${D}${PTEST_PATH}/python/tests/Makefile
grep -lrZ '#!/usr/bin/python' ${D}${PTEST_PATH}/python |
xargs -0 sed -i -e 's|/usr/bin/python|${USRBINPATH}/${PYTHON_PN}|'
fi
}
do_install_append_class-native () {
# Docs are not needed in the native case
rm ${D}${datadir}/gtk-doc -rf
}
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink