From patchwork Wed May 20 22:28:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Weber X-Patchwork-Id: 1294808 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=rockwellcollins.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49S6qJ1PL8z9sTH for ; Thu, 21 May 2020 08:29:00 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id CDDCE25343; Wed, 20 May 2020 22:28:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JT7XfSAWjZEa; Wed, 20 May 2020 22:28:55 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 9639D227A3; Wed, 20 May 2020 22:28:55 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 2E3461BF475 for ; Wed, 20 May 2020 22:28:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2AFD086ED1 for ; Wed, 20 May 2020 22:28:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYGdjQYwCWU2 for ; Wed, 20 May 2020 22:28:52 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ch3vs05.rockwellcollins.com (ch3vs05.rockwellcollins.com [205.175.226.130]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 3A20C86EB9 for ; Wed, 20 May 2020 22:28:52 +0000 (UTC) IronPort-SDR: i+SlhoH+uQhwrsi6M3IHkXfqO95zBHTvKKEmOY3RIc57cSm3yVGLVAgdKkiax0hYD7Cko3NpN0 EFUiQNZRKB6r0ClIK45/5xC6K6gNwkUMRa4ajRFyJCw7m5acG/Q+yubUDlXk/9xWu5aCvihKBe 4sRIsPOFhfYjtHMLlvQpmQuyoXsg7kfCBahWHzDLDYB84xVeTwrnLmFaq356bC5cNOcOo85Jjq QlBBWx/IJLlL8wVA6Ufd5+Etg8PADGL6rA5sYi6dCmbENy+jYabKZ575nnvnKKL620RaDwSglJ ZKs= Received: from ofwch3n02.rockwellcollins.com (HELO ciulimr01.rockwellcollins.com) ([205.175.226.14]) by ch3vs05.rockwellcollins.com with ESMTP; 20 May 2020 17:28:51 -0500 X-Received: from biscuits.rockwellcollins.com (biscuits.rockwellcollins.lab [10.148.119.137]) by ciulimr01.rockwellcollins.com (Postfix) with ESMTP id 081FD600D8; Wed, 20 May 2020 17:28:51 -0500 (CDT) From: Matt Weber To: buildroot@buildroot.org Date: Wed, 20 May 2020 17:28:50 -0500 Message-Id: <20200520222850.55150-1-matthew.weber@rockwellcollins.com> X-Mailer: git-send-email 2.17.1 Subject: [Buildroot] [NEXT v3] package/xerces: add enable network option X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matthew Weber , Jared Bents MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: Jared Bents Update to add the option to compile xerces with network enabled by default so it can be unselected to compile without network support. When network support is enabled the Network Accessor feature will decode schema urls and if they don't appear as localhost or local files, it will open a stream (socket) session with the remote server. In an embedded setting having the option to disable this allows: * cleaner audit logging * smaller security attack surface * less library dependencies * no behind the scenes failed session attempts Signed-off-by: Jared Bents Signed-off-by: Matthew Weber --- Changes v2 -> v3 - updated description of what an option like this is needed - dropped the bool syntax for setting the value to off after testing that it isn't required --- package/xerces/Config.in | 10 ++++++++++ package/xerces/xerces.mk | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/package/xerces/Config.in b/package/xerces/Config.in index 2edc4346b5..a9b102bd5e 100644 --- a/package/xerces/Config.in +++ b/package/xerces/Config.in @@ -6,5 +6,15 @@ config BR2_PACKAGE_XERCES http://xerces.apache.org/xerces-c/ +if BR2_PACKAGE_XERCES + +config BR2_PACKAGE_XERCES_ENABLE_NETWORK + bool "Enable network support" + default y + help + Enable network support in xerces + +endif + comment "xerces-c++ needs a toolchain w/ C++, wchar" depends on !(BR2_INSTALL_LIBSTDCPP && BR2_USE_WCHAR) diff --git a/package/xerces/xerces.mk b/package/xerces/xerces.mk index c75a8b0d35..ae42b1e62f 100644 --- a/package/xerces/xerces.mk +++ b/package/xerces/xerces.mk @@ -31,12 +31,16 @@ XERCES_CONF_ENV += LIBS=-liconv XERCES_DEPENDENCIES += libiconv endif +ifeq ($(BR2_PACKAGE_XERCES_ENABLE_NETWORK),y) ifeq ($(BR2_PACKAGE_LIBCURL),y) XERCES_CONF_OPTS += -Dnetwork-accessor=curl XERCES_DEPENDENCIES += libcurl else XERCES_CONF_OPTS += -Dnetwork-accessor=socket endif +else +XERCES_CONF_OPTS += -Dnetwork=OFF +endif ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y) XERCES_CONF_OPTS += -Dthreads=ON