On 09/17/2013 01:09 AM, Khem Raj wrote:
On Sep 16, 2013, at 4:14 AM, Hongxu Jia <[email protected]> wrote:
The commit
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=8780c5ddf2916bbd42fc67b79c286652aebb1546
add a patch to fix a security issue. It modify include file 'tree.h'
to add 'const char *dummy_children' on 'struct _xmlNs'.
But lsb test suites didn't do this in his own include file, so the LSB
desktop-xml tests failed.
IMO the testcase should be fixed. This is security patch that you are
disabling. I don't think LSB compliance
should mean less secure
The upstream of libxml2 has not fixed this issue:
git clone git://git.gnome.org/libxml2
And I have filed a bug to them
https://bugzilla.gnome.org/show_bug.cgi?id=708205
After this is fixed and released, also need to report another
bug to LSB to update their libxml2 source code.
The time cycle is long, should we mark this bug as "Waiting For Upstream"
or accept this patch to workaround for LSB test.
Thanks,
Hongxu
Disable this patch for linuxstdbase could fix this issue.
[YOCTO #5151]
Signed-off-by: Hongxu Jia <[email protected]>
---
meta/recipes-core/libxml/libxml2_2.9.1.bb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/libxml/libxml2_2.9.1.bb
b/meta/recipes-core/libxml/libxml2_2.9.1.bb
index fa9c657..3b031a1 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.1.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.1.bb
@@ -1,6 +1,9 @@
require libxml2.inc
-SRC_URI += "file://libxml2-CVE-2012-2871.patch \
+LIBXML2_CVE = "file://libxml2-CVE-2012-2871.patch"
+LIBXML2_CVE_linuxstdbase = ""
+
+SRC_URI += "${LIBXML2_CVE} \
http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
"
--
1.8.1.2
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
