[OE-core] [PATCH 1/1] libxml2: fix LSB desktop-xml tests failure
Hongxu Jia
hongxu.jia at windriver.com
Tue Sep 17 02:36:41 UTC 2013
On 09/17/2013 01:09 AM, Khem Raj wrote:
> On Sep 16, 2013, at 4:14 AM, Hongxu Jia <hongxu.jia at windriver.com> wrote:
>
>> The commit
>> http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=8780c5ddf2916bbd42fc67b79c286652aebb1546
>> add a patch to fix a security issue. It modify include file 'tree.h'
>> to add 'const char *dummy_children' on 'struct _xmlNs'.
>>
>> But lsb test suites didn't do this in his own include file, so the LSB
>> desktop-xml tests failed.
> IMO the testcase should be fixed. This is security patch that you are disabling. I don't think LSB compliance
> should mean less secure
>
The upstream of libxml2 has not fixed this issue:
git clone git://git.gnome.org/libxml2
And I have filed a bug to them
https://bugzilla.gnome.org/show_bug.cgi?id=708205
After this is fixed and released, also need to report another
bug to LSB to update their libxml2 source code.
The time cycle is long, should we mark this bug as "Waiting For Upstream"
or accept this patch to workaround for LSB test.
Thanks,
Hongxu
>> Disable this patch for linuxstdbase could fix this issue.
>>
>> [YOCTO #5151]
>>
>> Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
>> ---
>> meta/recipes-core/libxml/libxml2_2.9.1.bb | 5 ++++-
>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/meta/recipes-core/libxml/libxml2_2.9.1.bb b/meta/recipes-core/libxml/libxml2_2.9.1.bb
>> index fa9c657..3b031a1 100644
>> --- a/meta/recipes-core/libxml/libxml2_2.9.1.bb
>> +++ b/meta/recipes-core/libxml/libxml2_2.9.1.bb
>> @@ -1,6 +1,9 @@
>> require libxml2.inc
>>
>> -SRC_URI += "file://libxml2-CVE-2012-2871.patch \
>> +LIBXML2_CVE = "file://libxml2-CVE-2012-2871.patch"
>> +LIBXML2_CVE_linuxstdbase = ""
>> +
>> +SRC_URI += "${LIBXML2_CVE} \
>> http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
>> "
>>
>> --
>> 1.8.1.2
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20130917/3c640c43/attachment-0002.html>
More information about the Openembedded-core
mailing list