CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
cc239ca412
poky/meta/recipes-core/libxml/libxml2_2.12.10.bb
Hitendra Prajapati cc239ca412 libxml2: Security fix for CVE-2025-7425 
CVE-2025-7425
libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption

Origin: https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.6
Ref : https://security-tracker.debian.org/tracker/CVE-2025-7425

Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

(From OE-Core rev: 315882f25ac3c5e5d210557fd863b3a0fff28850)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-17 08:48:37 -08:00

113 lines
5.1 KiB
BlitzBasic
Raw Blame History

SUMMARY = "XML C Parser Library and Toolkit"
DESCRIPTION = "The XML Parser Library allows for manipulation of XML files. Libxml2 exports Push and Pull type parser interfaces for both XML and HTML. It can do DTD validation at parse time, on a parsed document instance or with an arbitrary DTD. Libxml2 includes complete XPath, XPointer and Xinclude implementations. It also has a SAX like interface, which is designed to be compatible with Expat."
HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2"
BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"
SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://Copyright;md5=fec7ecfe714722b2bb0aaff7d200c701 \
file://dict.c;beginline=6;endline=15;md5=2b4b7b827d2d8b080372433c4c9c85b6 \
file://list.c;beginline=4;endline=13;md5=b9c25b021ccaf287e50060602d20f3a7 \
file://trio.c;beginline=5;endline=14;md5=cd4f61e27f88c1d43df112966b1cd28f \
"
DEPENDS = "zlib virtual/libiconv"
GNOMEBASEBUILDCLASS = "autotools"
inherit gnomebase
SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \
file://run-ptest \
file://install-tests.patch \
file://CVE-2025-32414.patch \
file://CVE-2025-32415.patch \
file://CVE-2025-6021.patch \
file://CVE-2025-49794-CVE-2025-49796.patch \
file://CVE-2025-49795.patch \
file://CVE-2025-6170.patch \
file://CVE-2025-7425.patch \
"
SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995"
SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
# Disputed as a security issue, but fixed in d39f780
CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail"
# Disputed as a security issue, if attempts to process an invalid file, it fails
# https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
CVE_STATUS[CVE-2025-8732] = "disputed: the code maintainer explains, that the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. https://gitlab.gnome.org/GNOME/libxml2/-/issues/958"
BINCONFIG = "${bindir}/xml2-config"
PACKAGECONFIG ??= "python \
${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
"
PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
inherit autotools pkgconfig binconfig-disabled ptest
inherit_defer ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3targetconfig', '', d)}
LDFLAGS:append:riscv64 = "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-lld ptest', ' -fuse-ld=bfd', '', d)}"
RDEPENDS:${PN}-ptest += "bash make locale-base-en-us ${@bb.utils.contains('PACKAGECONFIG', 'python', 'libgcc python3-core python3-logging python3-shell python3-stringold python3-threading python3-unittest ${PN}-python', '', d)}"
RDEPENDS:${PN}-python += "${@bb.utils.contains('PACKAGECONFIG', 'python', 'python3-core', '', d)}"
RDEPENDS:${PN}-ptest:append:libc-musl = " musl-locales"
RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-ebcdic-us \
glibc-gconv-ibm1141 \
glibc-gconv-iso8859-5 \
glibc-gconv-euc-jp \
"
# WARNING: zlib is required for RPM use
EXTRA_OECONF = "--without-debug --without-legacy --with-catalog --with-c14n --without-lzma --with-fexceptions"
EXTRA_OECONF:class-native = "--without-legacy --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF:class-nativesdk = "--without-legacy --with-c14n --without-lzma --with-zlib"
EXTRA_OECONF:linuxstdbase = "--with-debug --with-legacy --with-c14n --without-lzma --with-zlib"
python populate_packages:prepend () {
# autonamer would call this libxml2-2, but we don't want that
if d.getVar('DEBIAN_NAMES'):
d.setVar('PKG:libxml2', '${MLPREFIX}libxml2')
}
PACKAGE_BEFORE_PN += "${PN}-utils"
PACKAGES += "${PN}-python"
FILES:${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/*.a"
FILES:${PN}-utils = "${bindir}/*"
FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}"
do_configure:prepend () {
# executables take longer to package: these should not be executable
find ${S}/xmlconf/ -type f -exec chmod -x {} \+
}
do_install_ptest () {
oe_runmake DESTDIR=${D} ptestdir=${PTEST_PATH} install-test-data
cp -r ${S}/xmlconf ${D}${PTEST_PATH}
if ! ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then
rm -rf ${D}${PTEST_DIR}/python
fi
}
# with musl we need to enable icu support explicitly for these tests
do_install_ptest:append:libc-musl () {
rm -rf ${D}/${PTEST_PATH}/test/icu_parse_test.xml
}
do_install:append:class-native () {
# Docs are not needed in the native case
rm ${D}${datadir}/gtk-doc -rf
create_wrapper ${D}${bindir}/xmllint 'XML_CATALOG_FILES=${XML_CATALOG_FILES:-${sysconfdir}/xml/catalog}'
}
do_install[vardepsexclude] += "XML_CATALOG_FILES:-${sysconfdir}/xml/catalog"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink