352961 – dev-libs/libxml2-2.7.8 version bump request

Bug 352961 - dev-libs/libxml2-2.7.8 version bump request

Summary: dev-libs/libxml2-2.7.8 version bump request

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] GNOME (show other bugs)
Hardware:	All Linux

Importance:	Highest major (vote)
Assignee:	Gentoo Linux Gnome Desktop Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	306479 CVE-2010-4008 350252
	Show dependency tree

Reported:	2011-01-27 13:25 UTC by Pacho Ramos
Modified:	2011-02-11 18:09 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
libxml2.ebuild.diff (libxml2.ebuild.diff,3.79 KB, patch) 2011-01-27 13:26 UTC, Pacho Ramos	Details \| Diff
libxml2-2.7.8-reactivate-script.patch (libxml2-2.7.8-reactivate-script.patch,628 bytes, patch) 2011-01-27 13:26 UTC, Pacho Ramos	Details \| Diff
libxml2-2.7.8-xpath-freeing.patch (libxml2-2.7.8-xpath-freeing.patch,1.02 KB, patch) 2011-01-27 13:26 UTC, Pacho Ramos	Details \| Diff
libxml2-2.7.8-xpath-freeing2.patch (libxml2-2.7.8-xpath-freeing2.patch,885 bytes, patch) 2011-01-27 13:26 UTC, Pacho Ramos	Details \| Diff
libxml2-2.7.8-xpath-memory.patch (libxml2-2.7.8-xpath-memory.patch,889 bytes, patch) 2011-01-27 13:26 UTC, Pacho Ramos	Details \| Diff
patch (libxml2_2.7.8.dfsg-2.patch,459.82 KB, patch) 2011-01-30 10:25 UTC, megabaks	Details \| Diff
build.log (libxml2-2.7.8:20110204-180825.log,196.57 KB, text/plain) 2011-02-04 18:12 UTC, Pacho Ramos	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pacho Ramos gentoo-dev

2011-01-27 13:25:09 UTC

This has high priority since we are suppling a vulnerable version since a lot of time... but I am unable to bump it :-S

I attach ebuild diff and build.log (some months ago the problem was at runtime, as I was getting warning on every started program depending on it)

Thanks

Reproducible: Always

Comment 1 Pacho Ramos gentoo-dev

2011-01-27 13:26:01 UTC

Created attachment 260860 [details, diff]
libxml2.ebuild.diff

Comment 2 Pacho Ramos gentoo-dev

2011-01-27 13:26:19 UTC

Created attachment 260862 [details, diff]
libxml2-2.7.8-reactivate-script.patch

Comment 3 Pacho Ramos gentoo-dev

2011-01-27 13:26:31 UTC

Created attachment 260863 [details, diff]
libxml2-2.7.8-xpath-freeing.patch

Comment 4 Pacho Ramos gentoo-dev

2011-01-27 13:26:45 UTC

Created attachment 260865 [details, diff]
libxml2-2.7.8-xpath-freeing2.patch

Comment 5 Pacho Ramos gentoo-dev

2011-01-27 13:26:58 UTC

Created attachment 260867 [details, diff]
libxml2-2.7.8-xpath-memory.patch

Comment 6 megabaks 2011-01-30 10:25:03 UTC

Created attachment 261079 [details, diff]
patch

just use this or this(ebuild with subj path) https://github.com/megabaks/stuff/tree/master/dev-libs/libxml2

Comment 7 Daniel Gryniewicz (RETIRED) gentoo-dev

2011-02-04 12:30:01 UTC

libxml2-2.7.8-xpath-freeing.patch appears to have a bug.  It's missing the {} after the added if, so it's always popping.  libxml2-2.7.8-xpath-freeing2.patch appears to be correct.

Comment 8 Pacho Ramos gentoo-dev

2011-02-04 18:02:38 UTC

(In reply to comment #7)
> libxml2-2.7.8-xpath-freeing.patch appears to have a bug.  It's missing the {}
> after the added if, so it's always popping.  libxml2-2.7.8-xpath-freeing2.patch
> appears to be correct.
> 

Yes, but the second patch should fix it and, then, build shouldn't die :-/

Comment 9 Pacho Ramos gentoo-dev

2011-02-04 18:12:02 UTC

Created attachment 261528 [details]
build.log

Comment 10 Pacho Ramos gentoo-dev

2011-02-11 17:30:31 UTC

+*libxml2-2.7.8 (11 Feb 2011)
+
+  11 Feb 2011; Pacho Ramos <pacho@gentoo.org> -libxml2-2.7.6.ebuild,
+  +libxml2-2.7.8.ebuild, +files/libxml2-2.7.8-reactivate-script.patch,
+  +files/libxml2-2.7.8-xpath-freeing.patch,
+  +files/libxml2-2.7.8-xpath-freeing2.patch,
+  +files/libxml2-2.7.8-xpath-memory.patch:
+  Version bump including security fixes, bump to eapi3, remove old.
+