Re: [PATCH 1/1] libxml2: fix LSB desktop-xml tests failure

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Hongxu Jia <hongxu.jia@windriver.com>
To: "Burton, Ross" <ross.burton@intel.com>
Cc: OE-core <openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 1/1] libxml2: fix LSB desktop-xml tests failure
Date: Tue, 17 Sep 2013 19:10:23 +0800	[thread overview]
Message-ID: <5238389F.1080201@windriver.com> (raw)
In-Reply-To: <CAJTo0LaL_rxVQRdd8r1dkG5zV5FFLk5xBnWP34ME4P2oxu=Gnw@mail.gmail.com>

On 09/17/2013 05:15 PM, Burton, Ross wrote:
> On 17 September 2013 03:36, Hongxu Jia <hongxu.jia@windriver.com> wrote:
>> The upstream of libxml2 has not fixed this issue:
>> git clone git://git.gnome.org/libxml2
>>
>> And I have filed a bug to them
>> https://bugzilla.gnome.org/show_bug.cgi?id=708205
>>
>> After this is fixed and released, also need to report another
>> bug to LSB to update their libxml2 source code.
>>
>> The time cycle is long, should we mark this bug as "Waiting For Upstream"
>> or accept this patch to workaround for LSB test.
> Using my amazing ability of talking to the upstream maintainer (DV in
> #xml on irc.gnome.org) I've sorted this out.
>
> The CVE is for *Chromium's fork of libxml*.  Not upstream libxml2.
> The patch changes a public structure by adding fields *in the middle*,
> so that broke the ABI.  That's two good reasons to revert the patch.
> As Daniel has said in the bug, this patch was the quick fix that
> Chromium did as they statically link to libxml2 so the API breakage
> isn't an issue, the proper fix is already in libxslt.  As long as we
> have libxml 2.9.0 and libxslt 1.1.27 onwards (which we do), the issue
> is correctly fixed.
>
> So, NAK to this patch, and a revert incoming.

Great, the libxml2-CVE-2012-2871.patch is obsolete, abandon it could fix the
LSB desktop-xml tests failure. I wll resend the patch to do this.

Thanks,
Hongxu

> Ross

next prev parent reply	other threads:[~2013-09-17 11:10 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-16 11:14 [PATCH 0/1] libxml2: fix LSB desktop-xml tests failure Hongxu Jia
2013-09-16 11:14 ` [PATCH 1/1] " Hongxu Jia
2013-09-16 17:09   ` Khem Raj
2013-09-16 17:15     ` Burton, Ross
2013-09-17  2:36     ` Hongxu Jia
2013-09-17  9:15       ` Burton, Ross
2013-09-17 11:10         ` Hongxu Jia [this message]
2013-09-17 11:13           ` Burton, Ross
2013-09-17 11:18             ` Hongxu Jia
2013-09-17 14:24         ` [PATCH 0/1] " Khem Raj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5238389F.1080201@windriver.com \
    --to=hongxu.jia@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=ross.burton@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.