On Fri, 2024-02-23 at 19:18 +0000, Simone Weiß wrote: > From: Simone Weiß <[email protected]> > > Upgraded to address CVE-2024-25062 > > License-Update: hash.c was rewritten and now also has MIT license, > trio was totally removed, hence remove license checksum as well. > Files are not mentioned as exception in overall license any more, > therefore, checksum changed there as well. > > Previous upgrades of libxml2 caused issues when building libsoup, > this in the meantime has been adressed via commit "9f57bfb74e280827" > ("libsoup-2.4: Fix build with clang-17 and libxml2-2.12") already. > > Changes: > - [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking > - parser: Fix crash in xmlParseInNodeContext with HTML documents > > Signed-off-by: Simone Weiß <[email protected]> > --- > meta/recipes-core/libxml/libxml2/install-tests.patch | 8 ++++---- > .../libxml/{libxml2_2.11.5.bb => libxml2_2.12.5.bb} | 8 +++----- > 2 files changed, 7 insertions(+), 9 deletions(-) > rename meta/recipes-core/libxml/{libxml2_2.11.5.bb => libxml2_2.12.5.bb} > (91%) > > diff --git a/meta/recipes-core/libxml/libxml2/install-tests.patch > b/meta/recipes-core/libxml/libxml2/install-tests.patch > index 14ccce5873..4bddf9f05e 100644 > --- a/meta/recipes-core/libxml/libxml2/install-tests.patch > +++ b/meta/recipes-core/libxml/libxml2/install-tests.patch > @@ -1,4 +1,4 @@ > -From 3fc716357ce1372d9418dc86f24315b34d9808de Mon Sep 17 00:00:00 2001 > +From 582af12c9e89cd3d7c93c63756acb6e8180a776c Mon Sep 17 00:00:00 2001 > From: Ross Burton <[email protected]> > Date: Mon, 5 Dec 2022 17:02:32 +0000 > Subject: [PATCH] add yocto-specific install-ptest target > @@ -13,11 +13,11 @@ Signed-off-by: Ross Burton <[email protected]> > 1 file changed, 10 insertions(+) > > diff --git a/Makefile.am b/Makefile.am > -index 5bc4018..57d27af 100644 > +index 0a49d37..1097c63 100644 > --- a/Makefile.am > +++ b/Makefile.am > -@@ -26,6 +26,16 @@ check_PROGRAMS = \ > - testlimits \ > +@@ -27,6 +27,16 @@ check_PROGRAMS = \ > + testparser \ > testrecurse > > +ptestdir=$(libexecdir) > diff --git a/meta/recipes-core/libxml/libxml2_2.11.5.bb > b/meta/recipes-core/libxml/libxml2_2.12.5.bb > similarity index 91% > rename from meta/recipes-core/libxml/libxml2_2.11.5.bb > rename to meta/recipes-core/libxml/libxml2_2.12.5.bb > index 44336c25e1..01e23b21cc 100644 > --- a/meta/recipes-core/libxml/libxml2_2.11.5.bb > +++ b/meta/recipes-core/libxml/libxml2_2.12.5.bb > @@ -4,10 +4,8 @@ HOMEPAGE = "https://gitlab.gnome.org/GNOME/libxml2"; > BUGTRACKER = "http://bugzilla.gnome.org/buglist.cgi?product=libxml2"; > SECTION = "libs" > LICENSE = "MIT" > -LIC_FILES_CHKSUM = "file://Copyright;md5=2044417e2e5006b65a8b9067b683fcf1 \ > - > file://hash.c;beginline=6;endline=15;md5=e77f77b12cb69e203d8b4090a0eee879 \ > - > file://list.c;beginline=4;endline=13;md5=b9c25b021ccaf287e50060602d20f3a7 \ > - > file://trio.c;beginline=5;endline=14;md5=cd4f61e27f88c1d43df112966b1cd28f" > +LIC_FILES_CHKSUM = "file://Copyright;md5=fec7ecfe714722b2bb0aaff7d200c701 \ > + > file://list.c;beginline=4;endline=13;md5=b9c25b021ccaf287e50060602d20f3a7" > > DEPENDS = "zlib virtual/libiconv" > > @@ -19,7 +17,7 @@ SRC_URI += > "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt > file://install-tests.patch \ > " > > -SRC_URI[archive.sha256sum] = > "3727b078c360ec69fa869de14bd6f75d7ee8d36987b071e6928d4720a28df3a6" > +SRC_URI[archive.sha256sum] = > "a972796696afd38073e0f59c283c3a2f5a560b5268b4babc391b286166526b21" > SRC_URI[testtar.sha256sum] = > "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" > > # Disputed as a security issue, but fixed in d39f780 >
Unfortunately this upgrade breaks webkitgtk: https://autobuilder.yoctoproject.org/typhoon/#/builders/52/builds/8480/steps/11/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/117/builds/4416/steps/12/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/45/builds/8643/steps/11/logs/stdio and so on. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#196120): https://lists.openembedded.org/g/openembedded-core/message/196120 Mute This Topic: https://lists.openembedded.org/mt/104534962/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
