#14271: libxml2 upstream fixes.
-------------------------+-----------------------
Reporter: ken@… | Owner: blfs-book
Type: enhancement | Status: new
Priority: normal | Milestone: 10.1
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-----------------------
In this week's security fixes mentioned at lwn, my first item is libxml2.
Fedora re-fixed CVE-2020-24977 (their first patch was incorrect). Looking
at what they have, there are 5 upstream fixes (relaxed approach to nested
documents, CVE-2019-20388, CVE-2020-7595, integer overflow,
CVE-2020-24977). AFAICS the CVEs are only DOS.
Looking at fedora, they also have a fix to build with python-3.10 which
only changes generator.py. They do not hack python/types.c. AFAICS, our
sed is a better fix for a patch we used to carry which was apparently for
a segfault in itstool.
My initial opinion (after only doing a DESTDIR install) is that we don't
need this. I have not yet looked at running the tests to see if that sed
is needed (fedora don't use anything, but perhaps do not download the
extra file).
Sed for ICU-68.1 still needed (fedora were still building with 67 when I
first looked at this a few days ago).
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14271>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
