[OE-core] [PATCH 1/1] libxml2: fix LSB desktop-xml tests failure
Burton, Ross
ross.burton at intel.com
Tue Sep 17 09:15:48 UTC 2013
On 17 September 2013 03:36, Hongxu Jia <hongxu.jia at windriver.com> wrote:
> The upstream of libxml2 has not fixed this issue:
> git clone git://git.gnome.org/libxml2
>
> And I have filed a bug to them
> https://bugzilla.gnome.org/show_bug.cgi?id=708205
>
> After this is fixed and released, also need to report another
> bug to LSB to update their libxml2 source code.
>
> The time cycle is long, should we mark this bug as "Waiting For Upstream"
> or accept this patch to workaround for LSB test.
Using my amazing ability of talking to the upstream maintainer (DV in
#xml on irc.gnome.org) I've sorted this out.
The CVE is for *Chromium's fork of libxml*. Not upstream libxml2.
The patch changes a public structure by adding fields *in the middle*,
so that broke the ABI. That's two good reasons to revert the patch.
As Daniel has said in the bug, this patch was the quick fix that
Chromium did as they statically link to libxml2 so the API breakage
isn't an issue, the proper fix is already in libxslt. As long as we
have libxml 2.9.0 and libxslt 1.1.27 onwards (which we do), the issue
is correctly fixed.
So, NAK to this patch, and a revert incoming.
Ross
More information about the Openembedded-core
mailing list