From: Divya Chellam Date: Tue, 29 Apr 2025 11:33:59 +0000 (+0000) Subject: libxml2: upgrade 2.13.6 -> 2.13.8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7680e9a11a63ab8bfbc915e4cf6a385f0970c4a5;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git libxml2: upgrade 2.13.6 -> 2.13.8 This includes CVE-fix for CVE-2025-32414 and CVE-2025-32415. Changelog: =========== https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8 Regressions * tree: Fix xmlTextMerge with NULL args * io: Fix compressed flag for uncompressed stdin * parser: Fix parsing of DTD content Security * [CVE-2025-32415] schemas: Fix heap buffer overflow inxmlSchemaIDCFillNodeTables * [CVE-2025-32414] python: Read at most len/4 characters. (Maks Verver) Signed-off-by: Divya Chellam Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 0b24113405ab0bbb3200bb47fa8ed6abeaa7481b) Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-core/libxml/libxml2_2.13.6.bb b/meta/recipes-core/libxml/libxml2_2.13.8.bb similarity index 97% rename from meta/recipes-core/libxml/libxml2_2.13.6.bb rename to meta/recipes-core/libxml/libxml2_2.13.8.bb index 3b3ca87e96..e82e0e8ec3 100644 --- a/meta/recipes-core/libxml/libxml2_2.13.6.bb +++ b/meta/recipes-core/libxml/libxml2_2.13.8.bb @@ -19,7 +19,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://install-tests.patch \ " -SRC_URI[archive.sha256sum] = "f453480307524968f7a04ec65e64f2a83a825973bcd260a2e7691be82ae70c96" +SRC_URI[archive.sha256sum] = "277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a" SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be4722379f08702ea7273" # Disputed as a security issue, but fixed in d39f780