Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/libxml2: security bump version to 2.15.3
@ 2026-04-26  7:19 Bernd Kuhls
  2026-04-26 16:34 ` Julien Olivain via buildroot
  2026-05-04 14:47 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2026-04-26  7:19 UTC (permalink / raw)
  To: buildroot; +Cc: Pierre-Jean Texier

https://download.gnome.org/sources/libxml2/2.15/libxml2-2.15.3.news

- parser: Pass userData to SAX text callbacks in xmlParseReference (type-confusion)
- entities: copy children in xmlCopyEntity
- c14n: Fix Type confusion in xmlC14NProcessAttrsAxis
- python: Do not decref string after adding to the list (double-free / use-after-free)
- c14n: Reuse tmp_str, xmlStrcat reallocates *cur (double-free)

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/libxml2/libxml2.hash | 4 ++--
 package/libxml2/libxml2.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/libxml2/libxml2.hash b/package/libxml2/libxml2.hash
index 35c8810ed9..849d70cbb5 100644
--- a/package/libxml2/libxml2.hash
+++ b/package/libxml2/libxml2.hash
@@ -1,4 +1,4 @@
-# From https://download.gnome.org/sources/libxml2/2.15/libxml2-2.15.2.sha256sum
-sha256  c8b9bc81f8b590c33af8cc6c336dbff2f53409973588a351c95f1c621b13d09d  libxml2-2.15.2.tar.xz
+# From https://download.gnome.org/sources/libxml2/2.15/libxml2-2.15.3.sha256sum
+sha256  78262a6e7ac170d6528ebfe2efccdf220191a5af6a6cd61ea4a9a9a5042c7a07  libxml2-2.15.3.tar.xz
 # License files, locally calculated
 sha256  5d4873884a890122a4b9b20ad56ac6f7da1d796a5bfcf04a427970ac96217626  Copyright
diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk
index 0a365fa689..c1b5c4033c 100644
--- a/package/libxml2/libxml2.mk
+++ b/package/libxml2/libxml2.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 LIBXML2_VERSION_MAJOR = 2.15
-LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).2
+LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).3
 LIBXML2_SOURCE = libxml2-$(LIBXML2_VERSION).tar.xz
 LIBXML2_SITE = \
 	https://download.gnome.org/sources/libxml2/$(LIBXML2_VERSION_MAJOR)
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libxml2: security bump version to 2.15.3
  2026-04-26  7:19 [Buildroot] [PATCH 1/1] package/libxml2: security bump version to 2.15.3 Bernd Kuhls
@ 2026-04-26 16:34 ` Julien Olivain via buildroot
  2026-05-04 14:47 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-04-26 16:34 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot, Pierre-Jean Texier

On 26/04/2026 09:19, Bernd Kuhls wrote:
> https://download.gnome.org/sources/libxml2/2.15/libxml2-2.15.3.news
> 
> - parser: Pass userData to SAX text callbacks in xmlParseReference 
> (type-confusion)
> - entities: copy children in xmlCopyEntity
> - c14n: Fix Type confusion in xmlC14NProcessAttrsAxis
> - python: Do not decref string after adding to the list (double-free / 
> use-after-free)
> - c14n: Reuse tmp_str, xmlStrcat reallocates *cur (double-free)
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libxml2: security bump version to 2.15.3
  2026-04-26  7:19 [Buildroot] [PATCH 1/1] package/libxml2: security bump version to 2.15.3 Bernd Kuhls
  2026-04-26 16:34 ` Julien Olivain via buildroot
@ 2026-05-04 14:47 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-05-04 14:47 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: Thomas Perale, buildroot

In reply of:
> https://download.gnome.org/sources/libxml2/2.15/libxml2-2.15.3.news
> 
> - parser: Pass userData to SAX text callbacks in xmlParseReference (type-confusion)
> - entities: copy children in xmlCopyEntity
> - c14n: Fix Type confusion in xmlC14NProcessAttrsAxis
> - python: Do not decref string after adding to the list (double-free / use-after-free)
> - c14n: Reuse tmp_str, xmlStrcat reallocates *cur (double-free)
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to 2025.02.x & 2026.02.x. Thanks

> ---
>  package/libxml2/libxml2.hash | 4 ++--
>  package/libxml2/libxml2.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/libxml2/libxml2.hash b/package/libxml2/libxml2.hash
> index 35c8810ed9..849d70cbb5 100644
> --- a/package/libxml2/libxml2.hash
> +++ b/package/libxml2/libxml2.hash
> @@ -1,4 +1,4 @@
> -# From https://download.gnome.org/sources/libxml2/2.15/libxml2-2.15.2.sha256sum
> -sha256  c8b9bc81f8b590c33af8cc6c336dbff2f53409973588a351c95f1c621b13d09d  libxml2-2.15.2.tar.xz
> +# From https://download.gnome.org/sources/libxml2/2.15/libxml2-2.15.3.sha256sum
> +sha256  78262a6e7ac170d6528ebfe2efccdf220191a5af6a6cd61ea4a9a9a5042c7a07  libxml2-2.15.3.tar.xz
>  # License files, locally calculated
>  sha256  5d4873884a890122a4b9b20ad56ac6f7da1d796a5bfcf04a427970ac96217626  Copyright
> diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk
> index 0a365fa689..c1b5c4033c 100644
> --- a/package/libxml2/libxml2.mk
> +++ b/package/libxml2/libxml2.mk
> @@ -5,7 +5,7 @@
>  ################################################################################
>  
>  LIBXML2_VERSION_MAJOR = 2.15
> -LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).2
> +LIBXML2_VERSION = $(LIBXML2_VERSION_MAJOR).3
>  LIBXML2_SOURCE = libxml2-$(LIBXML2_VERSION).tar.xz
>  LIBXML2_SITE = \
>  	https://download.gnome.org/sources/libxml2/$(LIBXML2_VERSION_MAJOR)
> -- 
> 2.47.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-04 14:48 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-26  7:19 [Buildroot] [PATCH 1/1] package/libxml2: security bump version to 2.15.3 Bernd Kuhls
2026-04-26 16:34 ` Julien Olivain via buildroot
2026-05-04 14:47 ` Thomas Perale via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox