[OE-core] [PATCH 0/1] libxml2: fix LSB desktop-xml tests failure
Khem Raj
raj.khem at gmail.com
Tue Sep 17 14:24:44 UTC 2013
On Tuesday, September 17, 2013, Burton, Ross wrote:
> On 17 September 2013 03:36, Hongxu Jia <hongxu.jia at windriver.com<javascript:;>>
> wrote:
> > The upstream of libxml2 has not fixed this issue:
> > git clone git://git.gnome.org/libxml2
> >
> > And I have filed a bug to them
> > https://bugzilla.gnome.org/show_bug.cgi?id=708205
> >
> > After this is fixed and released, also need to report another
> > bug to LSB to update their libxml2 source code.
> >
> > The time cycle is long, should we mark this bug as "Waiting For Upstream"
> > or accept this patch to workaround for LSB test.
>
> Using my amazing ability of talking to the upstream maintainer (DV in
> #xml on irc.gnome.org) I've sorted this out.
>
> The CVE is for *Chromium's fork of libxml*. Not upstream libxml2.
> The patch changes a public structure by adding fields *in the middle*,
> so that broke the ABI. That's two good reasons to revert the patch.
> As Daniel has said in the bug, this patch was the quick fix that
> Chromium did as they statically link to libxml2 so the API breakage
> isn't an issue, the proper fix is already in libxslt. As long as we
> have libxml 2.9.0 and libxslt 1.1.27 onwards (which we do), the issue
> is correctly fixed.
Thanks for sorting this out in real good way
>
> So, NAK to this patch, and a revert incoming.
>
> Ross
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20130917/bee1b27e/attachment-0002.html>
More information about the Openembedded-core
mailing list