libxml2-2.14.4

[Bruce Dubbs]

New point version.

[Joe Locash]

Bumping this because it includes a fix for CVE-2025-6021. Commit is ​https://gitlab.gnome.org/GNOME/libxml2/-/commit/acbbeef9f5dcdcc901c

There are 5 more CVE's that have not yet been resolved but have been made publicly available. More details can be found at ​https://www.openwall.com/lists/oss-security/2025/06/16/6

[Bruce Dubbs]

v2.14.4: Jun 16 2025

### Regressions

• parser: Fix parsing of PublicIds and VersionNums
• parser: Fix custom SAX parsers without cdataBlock handler
• error: Fix initGenericErrorDefaultFunc compatibility macro again
• io: Make xmlOutputBufferCreate* not free encoder on error
• reader: Fix null deref on malloc failure
• Revert "meson: Install libxml2.py"

### Security

• tree: Fix integer overflow in xmlBuildQName

### Improvements

• parser: Use parser context as default in resource loader
• parser: Only validate EnumerationTypes when requested
• parser: Undeprecate some parser context members

### Build systems

• cmake: Avoid overlinking with non-CMake libxml2-config.cmake
• cmake: Make iconv a private dependency

[Bruce Dubbs]

Fixed at commits

754a79530a Update to libxml2-2.14.4 (security update).
73faab1f08 Update URL and instructions for ntfs-3g-2022.10.3.

[Douglas R. Reno]

Just a quick update here before I file SAs later - "tree: Fix integer overflow in xmlBuildQName" has been assigned CVE-2025-6021. libxml2-2.13.x is impacted by this problem, but a new release hasn't been cut for that so I backported the patch for it for BLFS 12.3 users.

[Douglas R. Reno]

SA-12.3-060 issued.