Opened 8 months ago

Closed 8 months ago

Last modified 6 months ago

#14271 closed enhancement (fixed)

libxml2 upstream fixes.

Reported by: ken@… Owned by: ken@…
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

In this week's security fixes mentioned at lwn, my first item is libxml2. Fedora re-fixed CVE-2020-24977 (their first patch was incorrect). Looking at what they have, there are 5 upstream fixes (relaxed approach to nested documents, CVE-2019-20388, CVE-2020-7595, integer overflow, CVE-2020-24977). AFAICS the CVEs are only DOS.

Looking at fedora, they also have a fix to build with python-3.10 which only changes generator.py. They do not hack python/types.c. AFAICS, our sed is a better fix for a patch we used to carry which was apparently for a segfault in itstool.

My initial opinion (after only doing a DESTDIR install) is that we don't need this. I have not yet looked at running the tests to see if that sed is needed (fedora don't use anything, but perhaps do not download the extra file).

Sed for ICU-68.1 still needed (fedora were still building with 67 when I first looked at this a few days ago).

Change History (6)

comment:1 by ken@…, 8 months ago

Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 8 months ago

Tests appear to run to completion without unexpected errors:

Total 3175 tests, no errors Total 9 tests, no errors Total: 1163 functions, 280911 tests, 0 errors Total 2273 tests, 15 errors, 0 leaks 15 errors were expected

But before that there was a python error. Will retry with the sed.

Yeah, I misinterpreted 'disable one test that prevents the tests from completing'. The sed is necessary to suppress that.

Pended until I've installed this and some other fixes, and done run-time testing.

comment:3 by ken@…, 8 months ago

I rebuilt itstool after updating this, and then used that to rebuild gucharmap, no problems.

comment:4 by ken@…, 8 months ago

Resolution: fixed
Status: assignedclosed

comment:5 by ken@…, 8 months ago

It transpired that I'd been testing on an older system. On python-3.9 the first sed is needed. Reinstated in r23922.

comment:6 by ken@…, 6 months ago

Priority: normalhigh

Belatedly marking as High to group with other security items.

Note: See TracTickets for help on using tickets.