From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: hongxu.jia@eng.windriver.com, openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH 4/4] libxml2: upgrade 2.14.3 -> 2.14.5
Date: Tue, 22 Jul 2025 14:18:16 +0100 [thread overview]
Message-ID: <65edbfaaa12089b5483042867d663fb46e488b82.camel@linuxfoundation.org> (raw)
In-Reply-To: <20250721082103.2262095-4-hongxu.jia@windriver.com>
On Mon, 2025-07-21 at 16:21 +0800, hongxu via lists.openembedded.org wrote:
> diff --git a/meta/recipes-core/libxml/libxml2_2.14.3.bb b/meta/recipes-core/libxml/libxml2_2.14.5.bb
> similarity index 97%
> rename from meta/recipes-core/libxml/libxml2_2.14.3.bb
> rename to meta/recipes-core/libxml/libxml2_2.14.5.bb
> index 4baab59186e..52b2040122b 100644
> --- a/meta/recipes-core/libxml/libxml2_2.14.3.bb
> +++ b/meta/recipes-core/libxml/libxml2_2.14.5.bb
> @@ -21,7 +21,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
> file://CVE-2025-6021.patch \
> "
>
> -SRC_URI[archive.sha256sum] = "6de55cacc8c2bc758f2ef6f93c313cb30e4dd5d84ac5d3c7ccbd9344d8cc6833"
> +SRC_URI[archive.sha256sum] = "24175ec30a97cfa86bdf9befb7ccf4613f8f4b2713c5103e0dd0bc9c711a2773"
> SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273"
>
> # Disputed as a security issue, but fixed in d39f780
>
$ wget https://download.gnome.org/sources//libxml2/2.14/libxml2-2.14.5.tar.xz
$ sha256sum libxml2-2.14.5.tar.xz
03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44b libxml2-2.14.5.tar.xz
which would match the failure on:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/2060
Any idea what happened here?
Cheers,
Richard
next prev parent reply other threads:[~2025-07-22 13:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-21 8:21 [PATCH 1/4] gpgme: upgrade 1.24.3 -> 2.0.0 Hongxu Jia
2025-07-21 8:21 ` [PATCH 2/4] bash: upgrade 5.2.37 -> 5.3 Hongxu Jia
2025-07-23 5:35 ` [OE-core] " Mathieu Dubois-Briand
2025-07-28 3:09 ` Hongxu Jia
2025-07-30 2:32 ` Hongxu Jia
2025-07-21 8:21 ` [PATCH 3/4] readline: 8.2.13 -> 8.3 Hongxu Jia
2025-07-22 1:07 ` [OE-core] " Khem Raj
2025-07-21 8:21 ` [PATCH 4/4] libxml2: upgrade 2.14.3 -> 2.14.5 Hongxu Jia
2025-07-22 13:18 ` Richard Purdie [this message]
2025-07-22 13:45 ` [OE-core] " Mathieu Dubois-Briand
2025-07-22 14:17 ` Richard Purdie
2025-07-23 2:16 ` [PATCH V2] " Hongxu Jia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65edbfaaa12089b5483042867d663fb46e488b82.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=hongxu.jia@eng.windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox