From 5b4f320c4465dc1cb221ebad7b55d3786f699824 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Fri, 28 Feb 2025 18:29:49 +0100 Subject: libxml2: upgrade 2.13.3 -> 2.13.6 Handle CVE-2025-24928, CVE-2024-56171 and CVE-2025-27113. (From OE-Core rev: 13929d3126572d3024afd58a914592e8e6ea8457) Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libxml/libxml2/install-tests.patch | 4 +- meta/recipes-core/libxml/libxml2_2.13.3.bb | 100 --------------------- meta/recipes-core/libxml/libxml2_2.13.6.bb | 100 +++++++++++++++++++++ 3 files changed, 102 insertions(+), 102 deletions(-) delete mode 100644 meta/recipes-core/libxml/libxml2_2.13.3.bb create mode 100644 meta/recipes-core/libxml/libxml2_2.13.6.bb diff --git a/meta/recipes-core/libxml/libxml2/install-tests.patch b/meta/recipes-core/libxml/libxml2/install-tests.patch index 478eeea81b..1c8c13ab5c 100644 --- a/meta/recipes-core/libxml/libxml2/install-tests.patch +++ b/meta/recipes-core/libxml/libxml2/install-tests.patch @@ -1,4 +1,4 @@ -From 0779511838a8cbd1e0f431c22f28f286a2a37b1b Mon Sep 17 00:00:00 2001 +From 8c1054eacb430472068f21e4840749c384e8e866 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Mon, 5 Dec 2022 17:02:32 +0000 Subject: [PATCH] add yocto-specific install-ptest target @@ -12,7 +12,7 @@ Signed-off-by: Ross Burton 1 file changed, 10 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 0a49d37..1097c63 100644 +index 4cb9a5c..8adcd7e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -27,6 +27,16 @@ check_PROGRAMS = \ diff --git a/meta/recipes-core/libxml/libxml2_2.13.3.bb b/meta/recipes-core/libxml/libxml2_2.13.3.bb deleted file mode 100644 index df24f3031c..0000000000 --- a/meta/recipes-core/libxml/libxml2_2.13.3.bb +++ /dev/null @@ -1,100 +0,0 @@ -SUMMARY = "XML C Parser Library and Toolkit" -DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat." -HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2" -BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2" -SECTION = "libs" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://Copyright;md5=f437ed9058e8e5135e47c01e973376ba \ - file://dict.c;beginline=6;endline=15;md5=2b4b7b827d2d8b080372433c4c9c85b6 \ - file://list.c;beginline=4;endline=13;md5=b9c25b021ccaf287e50060602d20f3a7 \ - " - -DEPENDS = "zlib virtual/libiconv" - -GNOMEBASEBUILDCLASS = "autotools" -inherit gnomebase - -SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \ - file://run-ptest \ - file://install-tests.patch \ - " - -SRC_URI[archive.sha256sum] = "0805d7c180cf09caad71666c7a458a74f041561a532902454da5047d83948138" -SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" - -# Disputed as a security issue, but fixed in d39f780 -CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail" - -BINCONFIG = "${bindir}/xml2-config" - -PACKAGECONFIG ??= "python \ - ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ -" -PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3" -PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," - -inherit autotools pkgconfig binconfig-disabled ptest - -inherit_defer ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)} - -LDFLAGS:append:riscv64 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld ptest', ' -fuse-ld=bfd', '', d)}" - -RDEPENDS:${PN}-ptest += "bash make locale-base-en-us ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}" - -RDEPENDS:${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}" - -RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales" -RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-ebcdic-us \ - glibc-gconv-ibm1141 \ - glibc-gconv-iso8859-5 \ - glibc-gconv-euc-jp \ - " - -# WARNING: zlib is required for RPM use -EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --with-c14n --without-lzma" -EXTRA_OECONF:class-native = "--without-legacy --with-c14n --without-lzma --with-zlib" -EXTRA_OECONF:class-nativesdk = "--without-legacy --with-c14n --without-lzma --with-zlib" -EXTRA_OECONF:linuxstdbase = "--with-debug --with-legacy --with-c14n --without-lzma --with-zlib" - -python populate_packages:prepend () { - # autonamer would call this libxml2-2, but we don't want that - if d.getVar('DEBIAN_NAMES'): - d.setVar('PKG:libxml2', '${MLPREFIX}libxml2') -} - -PACKAGE_BEFORE_PN += "${PN}-utils" -PACKAGES += "${PN}-python" - -FILES:${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a" -FILES:${PN}-utils = "${bindir}/*" -FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" - -do_configure:prepend () { - # executables take longer to package: these should not be executable - find ${S}/xmlconf/ -type f -exec chmod -x {} \+ -} - -do_install_ptest () { - oe_runmake DESTDIR=${D} ptestdir=${PTEST_PATH} install-test-data - - cp -r ${S}/xmlconf ${D}${PTEST_PATH} - - if ! ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then - rm -rf ${D}${PTEST_DIR}/python - fi -} - -# with musl we need to enable icu support explicitly for these tests -do_install_ptest:append:libc-musl () { - rm -rf ${D}/${PTEST_PATH}/test/icu_parse_test.xml -} - -do_install:append:class-native () { - # Docs are not needed in the native case - rm ${D}${datadir}/gtk-doc -rf - - create_wrapper ${D}${bindir}/xmllint 'XML_CATALOG_FILES=${XML_CATALOG_FILES:-${sysconfdir}/xml/catalog}' -} -do_install[vardepsexclude] += "XML_CATALOG_FILES:-${sysconfdir}/xml/catalog" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-core/libxml/libxml2_2.13.6.bb b/meta/recipes-core/libxml/libxml2_2.13.6.bb new file mode 100644 index 0000000000..3b3ca87e96 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2_2.13.6.bb @@ -0,0 +1,100 @@ +SUMMARY = "XML C Parser Library and Toolkit" +DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat." +HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2" +BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2" +SECTION = "libs" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://Copyright;md5=f437ed9058e8e5135e47c01e973376ba \ + file://dict.c;beginline=6;endline=15;md5=2b4b7b827d2d8b080372433c4c9c85b6 \ + file://list.c;beginline=4;endline=13;md5=b9c25b021ccaf287e50060602d20f3a7 \ + " + +DEPENDS = "zlib virtual/libiconv" + +GNOMEBASEBUILDCLASS = "autotools" +inherit gnomebase + +SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \ + file://run-ptest \ + file://install-tests.patch \ + " + +SRC_URI[archive.sha256sum] = "f453480307524968f7a04ec65e64f2a83a825973bcd260a2e7691be82ae70c96" +SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" + +# Disputed as a security issue, but fixed in d39f780 +CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail" + +BINCONFIG = "${bindir}/xml2-config" + +PACKAGECONFIG ??= "python \ + ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ +" +PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3" +PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," + +inherit autotools pkgconfig binconfig-disabled ptest + +inherit_defer ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)} + +LDFLAGS:append:riscv64 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld ptest', ' -fuse-ld=bfd', '', d)}" + +RDEPENDS:${PN}-ptest += "bash make locale-base-en-us ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}" + +RDEPENDS:${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}" + +RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-ebcdic-us \ + glibc-gconv-ibm1141 \ + glibc-gconv-iso8859-5 \ + glibc-gconv-euc-jp \ + " + +# WARNING: zlib is required for RPM use +EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --with-c14n --without-lzma" +EXTRA_OECONF:class-native = "--without-legacy --with-c14n --without-lzma --with-zlib" +EXTRA_OECONF:class-nativesdk = "--without-legacy --with-c14n --without-lzma --with-zlib" +EXTRA_OECONF:linuxstdbase = "--with-debug --with-legacy --with-c14n --without-lzma --with-zlib" + +python populate_packages:prepend () { + # autonamer would call this libxml2-2, but we don't want that + if d.getVar('DEBIAN_NAMES'): + d.setVar('PKG:libxml2', '${MLPREFIX}libxml2') +} + +PACKAGE_BEFORE_PN += "${PN}-utils" +PACKAGES += "${PN}-python" + +FILES:${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a" +FILES:${PN}-utils = "${bindir}/*" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" + +do_configure:prepend () { + # executables take longer to package: these should not be executable + find ${S}/xmlconf/ -type f -exec chmod -x {} \+ +} + +do_install_ptest () { + oe_runmake DESTDIR=${D} ptestdir=${PTEST_PATH} install-test-data + + cp -r ${S}/xmlconf ${D}${PTEST_PATH} + + if ! ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + rm -rf ${D}${PTEST_DIR}/python + fi +} + +# with musl we need to enable icu support explicitly for these tests +do_install_ptest:append:libc-musl () { + rm -rf ${D}/${PTEST_PATH}/test/icu_parse_test.xml +} + +do_install:append:class-native () { + # Docs are not needed in the native case + rm ${D}${datadir}/gtk-doc -rf + + create_wrapper ${D}${bindir}/xmllint 'XML_CATALOG_FILES=${XML_CATALOG_FILES:-${sysconfdir}/xml/catalog}' +} +do_install[vardepsexclude] += "XML_CATALOG_FILES:-${sysconfdir}/xml/catalog" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf