Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3eeb0c19a73410a3a1f26233506b5ca8a43d76a
rpi-buildroot/package/libxml2/libxml2.mk
Thomas Perale c68a14d73a package/libxml2: add patch for CVE-2025-6170 
This fixes the following vulnerability:

- CVE-2025-6170

    A flaw was found in the interactive shell of the xmllint command-line
    tool, used for parsing XML files. When a user inputs an overly long
    command, the program does not check the input size properly, which can
    cause it to crash. This issue might allow attackers to run harmful
    code in rare configurations without modern protections.

For more information, see:
  - https://www.cve.org/CVERecord?id=CVE-2025-6170
  - c340e41950

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-08-03 16:46:31 +02:00

95 lines
2.5 KiB
Makefile
Raw Blame History

################################################################################
#
# libxml2
#
################################################################################
LIBXML2_VERSION_MAJOR = 2.13
LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).8
LIBXML2_SOURCE = libxml2-$(LIBXML2_VERSION).tar.xz
LIBXML2_SITE = \
https://download.gnome.org/sources/libxml2/$(LIBXML2_VERSION_MAJOR)
LIBXML2_INSTALL_STAGING = YES
LIBXML2_LICENSE = MIT
LIBXML2_LICENSE_FILES = Copyright
LIBXML2_CPE_ID_VENDOR = xmlsoft
LIBXML2_CONFIG_SCRIPTS = xml2-config
#0001-tree-Fix-integer-overflow-in-xmlBuildQName.patch
LIBXML2_IGNORE_CVES += CVE-2025-6021
#0002-schematron-Fix-memory-safety-issues-in-xmlSchematron.patch
LIBXML2_IGNORE_CVES += CVE-2025-49794 CVE-2025-49796
#0003-Schematron-Fix-null-pointer-dereference-leading-to-D.patch
LIBXML2_IGNORE_CVES += CVE-2025-49795
# 0004-fix-potential-buffer-overflows-of-interactive-shell.patch
LIBXML2_IGNORE_CVES += CVE-2025-6170
# relocation truncated to fit: R_68K_GOT16O
ifeq ($(BR2_m68k_cf),y)
LIBXML2_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -mxgot"
endif
LIBXML2_CONF_OPTS = --with-http --with-gnu-ld --without-debug
HOST_LIBXML2_DEPENDENCIES = host-pkgconf
LIBXML2_DEPENDENCIES = host-pkgconf
HOST_LIBXML2_CONF_OPTS = --without-zlib --without-lzma
ifeq ($(BR2_PACKAGE_PYTHON3),y)
LIBXML2_DEPENDENCIES += python3
LIBXML2_CONF_OPTS += --with-python
else
LIBXML2_CONF_OPTS += --without-python
endif
ifeq ($(BR2_PACKAGE_HOST_PYTHON3),y)
HOST_LIBXML2_DEPENDENCIES += host-python3
HOST_LIBXML2_CONF_OPTS += --with-python
else
HOST_LIBXML2_CONF_OPTS += --without-python
endif
ifeq ($(BR2_PACKAGE_ICU),y)
LIBXML2_DEPENDENCIES += icu
LIBXML2_CONF_OPTS += --with-icu
else
LIBXML2_CONF_OPTS += --without-icu
endif
ifeq ($(BR2_PACKAGE_ZLIB),y)
LIBXML2_DEPENDENCIES += zlib
LIBXML2_CONF_OPTS += --with-zlib=$(STAGING_DIR)/usr
else
LIBXML2_CONF_OPTS += --without-zlib
endif
ifeq ($(BR2_PACKAGE_XZ),y)
LIBXML2_DEPENDENCIES += xz
LIBXML2_CONF_OPTS += --with-lzma
else
LIBXML2_CONF_OPTS += --without-lzma
endif
LIBXML2_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBICONV),libiconv)
ifeq ($(BR2_ENABLE_LOCALE)$(BR2_PACKAGE_LIBICONV),y)
LIBXML2_CONF_OPTS += --with-iconv
else
LIBXML2_CONF_OPTS += --without-iconv
endif
define LIBXML2_CLEANUP_XML2CONF
rm -f $(TARGET_DIR)/usr/lib/xml2Conf.sh
endef
LIBXML2_POST_INSTALL_TARGET_HOOKS += LIBXML2_CLEANUP_XML2CONF
$(eval $(autotools-package))
$(eval $(host-autotools-package))
# libxml2 for the host
LIBXML2_HOST_BINARY = $(HOST_DIR)/bin/xmllint
Reference in New Issue View Git Blame Copy Permalink