On Mon, Jul 19, 2021 at 2:15 AM Tim Orling <[email protected]> wrote:
> Cherry-pick/back port commit from master. > > Since 2.9.10, upstream libxml2 has enabled fuzz testing and MANY > commits have been added with fixes and security patches. > > Of the 239 commits since 2.9.10, 94 have "Fix" in the shortlog. > A quick scan of the rest of the commits (see below) shows that the > vast majority are bug fixes or security related. > > While we have been patching individual CVEs in the past, it seems > like 2.9.12 contains enough significant value from a security > perspective to warrant the version update in dunfell. > Does it have compatible ABI with 2.9.10 currently in dunfell? Unfortunately https://abi-laboratory.pro/index.php?view=timeline&l=libxml2 ends with 2.9.10 version, but previous patchfix releases were also often incompatible, so if 2.9.12 changes are even bigger, it might cause issues for people with prebuilt binaries on dunfell.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#153984): https://lists.openembedded.org/g/openembedded-core/message/153984 Mute This Topic: https://lists.openembedded.org/mt/84298357/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
