From patchwork Tue Jul 1 16:20:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 65956 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82F5CC83F1D for ; Tue, 1 Jul 2025 16:20:12 +0000 (UTC) Received: from a27-33.smtp-out.us-west-2.amazonses.com (a27-33.smtp-out.us-west-2.amazonses.com [54.240.27.33]) by mx.groups.io with SMTP id smtpd.web10.1429.1751386808085277878 for ; Tue, 01 Jul 2025 09:20:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=j46ser6a2yusdzubpv7m7ewqgesde2ie header.b=wv26Ndca; dkim=pass header.i=@amazonses.com header.s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx header.b=dckxPput; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.33, mailfrom: 01010197c6c9dd1f-2f10d7e9-1aa4-4884-b687-04f4de9e01a6-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=j46ser6a2yusdzubpv7m7ewqgesde2ie; d=yoctoproject.org; t=1751386807; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=zwPbnC7MyMPuDoXfh4nVWCLDm2FDNObKZDzmy5/QyDY=; b=wv26Ndca0feKLKWT9iKOaw1UYDm18j9HIEdHiFrfLsyz/hCQdzO7Z/FCYGdorD8L iUvJgHTvQF0Z5qRarRhQlaVS2oKtHAdAyuILpckTj0pWOa3WgLnLf6DXqhGYKhLYpXQ jAQbhY/MhmxVxDUrflLMGUH0NjNYHuTSYQ/fZ/o4= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1751386807; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=zwPbnC7MyMPuDoXfh4nVWCLDm2FDNObKZDzmy5/QyDY=; b=dckxPputZ4AjKOUbyZuPXViTd5itnSr+gCquKe94P5ampbShMaCupO0wKfNmQ3WQ fQ6QwNwrwg4ZK4wQDQmj9o8sZ8DtFU/MSDR1Rq9POQMUhZpBZ/5V7r8F7vOoRyUj8F9 8dyliW2PHtyKUUX2K1NXlue2Ukb9NmDkixNQJve8= MIME-Version: 1.0 From: auh@yoctoproject.org To: Hongxu Jia Cc: openembedded-core@lists.openembedded.org Subject: [AUH] libxml2: upgrading to 2.14.4 SUCCEEDED Message-ID: <01010197c6c9dd1f-2f10d7e9-1aa4-4884-b687-04f4de9e01a6-000000@us-west-2.amazonses.com> Date: Tue, 1 Jul 2025 16:20:07 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2025.07.01-54.240.27.33 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 16:20:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219614 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *libxml2* to *2.14.4* has Succeeded. Next steps: - apply the patch: git am 0001-libxml2-upgrade-2.14.3-2.14.4.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 5860d166288e84961d01dd24d48de9d80f789749 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Tue, 1 Jul 2025 07:50:14 +0000 Subject: [PATCH] libxml2: upgrade 2.14.3 -> 2.14.4 --- ...-installation-directories-in-libxml2.patch | 14 ++++---- .../libxml/libxml2/CVE-2025-6021.patch | 36 +++---------------- .../libxml/libxml2/install-tests.patch | 4 +-- .../{libxml2_2.14.3.bb => libxml2_2.14.4.bb} | 2 +- 4 files changed, 14 insertions(+), 42 deletions(-) rename meta/recipes-core/libxml/{libxml2_2.14.3.bb => libxml2_2.14.4.bb} (97%) diff --git a/meta/recipes-core/libxml/libxml2/0001-Revert-cmake-Fix-installation-directories-in-libxml2.patch b/meta/recipes-core/libxml/libxml2/0001-Revert-cmake-Fix-installation-directories-in-libxml2.patch index 6ea5adafa2..6e84a3c85a 100644 --- a/meta/recipes-core/libxml/libxml2/0001-Revert-cmake-Fix-installation-directories-in-libxml2.patch +++ b/meta/recipes-core/libxml/libxml2/0001-Revert-cmake-Fix-installation-directories-in-libxml2.patch @@ -1,4 +1,4 @@ -From 55ed199fdb55a1a600616ba14ad0feedcf828d86 Mon Sep 17 00:00:00 2001 +From 2a7b8bc68c11e2251b439c4148e5a8709741ebdc Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Mon, 26 May 2025 21:11:14 +0200 Subject: [PATCH] Revert "cmake: Fix installation directories in @@ -15,10 +15,10 @@ Signed-off-by: Peter Marko 3 files changed, 7 insertions(+), 18 deletions(-) diff --git a/configure.ac b/configure.ac -index 40e75151..d21ebfe5 100644 +index aaa02e3..fb241bb 100644 --- a/configure.ac +++ b/configure.ac -@@ -1061,17 +1061,6 @@ AC_SUBST(XML_PRIVATE_LIBS) +@@ -1065,17 +1065,6 @@ AC_SUBST(XML_PRIVATE_LIBS) AC_SUBST(XML_PRIVATE_CFLAGS) AC_SUBST(XML_INCLUDEDIR) @@ -37,7 +37,7 @@ index 40e75151..d21ebfe5 100644 AC_DEFINE_UNQUOTED([XML_SYSCONFDIR], ["$XML_SYSCONFDIR"], [System configuration directory (/etc)]) diff --git a/libxml2-config.cmake.in b/libxml2-config.cmake.in -index 4945dda4..31036805 100644 +index e040a75..dc0d6b8 100644 --- a/libxml2-config.cmake.in +++ b/libxml2-config.cmake.in @@ -24,17 +24,20 @@ @@ -66,7 +66,7 @@ index 4945dda4..31036805 100644 set(LIBXML2_LIBRARIES ${LIBXML2_LIBRARY}) set(LIBXML2_INCLUDE_DIRS ${LIBXML2_INCLUDE_DIR}) diff --git a/meson.build b/meson.build -index 4c59211d..3e5f25d3 100644 +index 98bc6e3..3ef0bd0 100644 --- a/meson.build +++ b/meson.build @@ -599,9 +599,6 @@ config_cmake = configuration_data() @@ -77,5 +77,5 @@ index 4c59211d..3e5f25d3 100644 -config_cmake.set('INSTALL_INCLUDEDIR', dir_include) -config_cmake.set('INSTALL_LIBDIR', dir_lib) config_cmake.set('VERSION', meson.project_version()) - config_cmake.set('WITH_HTTP', want_http.to_int().to_string()) - config_cmake.set('WITH_ICONV', want_iconv.to_int().to_string()) + config_cmake.set10('BUILD_SHARED_LIBS', + get_option('default_library') != 'static') diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch index 157486848b..74f03864cc 100644 --- a/meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch @@ -1,4 +1,4 @@ -From 33d7969baf541326a35e2fbe31943c46af8c71db Mon Sep 17 00:00:00 2001 +From d0949832da040e092701f14497710c1f38986cbd Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Tue, 27 May 2025 12:53:17 +0200 Subject: [PATCH] tree: Fix integer overflow in xmlBuildQName @@ -14,11 +14,11 @@ CVE: CVE-2025-6021 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/acbbeef9f5dcdcc901c5f3fa14d583ef8cfd22f0] Signed-off-by: Hongxu Jia --- - tree.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) + tree.c | 1 + + 1 file changed, 1 insertion(+) diff --git a/tree.c b/tree.c -index 7454b07..22ec11c 100644 +index e14bc62..22ec11c 100644 --- a/tree.c +++ b/tree.c @@ -23,6 +23,7 @@ @@ -29,31 +29,3 @@ index 7454b07..22ec11c 100644 #ifdef LIBXML_ZLIB_ENABLED #include -@@ -168,10 +169,10 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) { - xmlChar * - xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, - xmlChar *memory, int len) { -- int lenn, lenp; -+ size_t lenn, lenp; - xmlChar *ret; - -- if (ncname == NULL) return(NULL); -+ if ((ncname == NULL) || (len < 0)) return(NULL); - if (prefix == NULL) return((xmlChar *) ncname); - - #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -@@ -182,8 +183,10 @@ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix, - - lenn = strlen((char *) ncname); - lenp = strlen((char *) prefix); -+ if (lenn >= SIZE_MAX - lenp - 1) -+ return(NULL); - -- if ((memory == NULL) || (len < lenn + lenp + 2)) { -+ if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) { - ret = xmlMalloc(lenn + lenp + 2); - if (ret == NULL) - return(NULL); --- -2.34.1 - diff --git a/meta/recipes-core/libxml/libxml2/install-tests.patch b/meta/recipes-core/libxml/libxml2/install-tests.patch index 789aeca119..741ce2886f 100644 --- a/meta/recipes-core/libxml/libxml2/install-tests.patch +++ b/meta/recipes-core/libxml/libxml2/install-tests.patch @@ -1,4 +1,4 @@ -From 8c1054eacb430472068f21e4840749c384e8e866 Mon Sep 17 00:00:00 2001 +From 0b7c43a81b7acf50a9a3cdd109bec2d829fd1aac Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Mon, 5 Dec 2022 17:02:32 +0000 Subject: [PATCH] add yocto-specific install-ptest target @@ -12,7 +12,7 @@ Signed-off-by: Ross Burton 1 file changed, 10 insertions(+) diff --git a/Makefile.am b/Makefile.am -index 4cb9a5c..8adcd7e 100644 +index 6f98144..ecb3b54 100644 --- a/Makefile.am +++ b/Makefile.am @@ -26,6 +26,16 @@ check_PROGRAMS = \ diff --git a/meta/recipes-core/libxml/libxml2_2.14.3.bb b/meta/recipes-core/libxml/libxml2_2.14.4.bb similarity index 97% rename from meta/recipes-core/libxml/libxml2_2.14.3.bb rename to meta/recipes-core/libxml/libxml2_2.14.4.bb index 4baab59186..52b2040122 100644 --- a/meta/recipes-core/libxml/libxml2_2.14.3.bb +++ b/meta/recipes-core/libxml/libxml2_2.14.4.bb @@ -21,7 +21,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://CVE-2025-6021.patch \ " -SRC_URI[archive.sha256sum] = "6de55cacc8c2bc758f2ef6f93c313cb30e4dd5d84ac5d3c7ccbd9344d8cc6833" +SRC_URI[archive.sha256sum] = "24175ec30a97cfa86bdf9befb7ccf4613f8f4b2713c5103e0dd0bc9c711a2773" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" # Disputed as a security issue, but fixed in d39f780