Skip to content

libxml2: 2.13.6 -> 2.13.8 #399595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thiagokokada merged 1 commit into from
Apr 18, 2025
Merged

libxml2: 2.13.6 -> 2.13.8 #399595

thiagokokada merged 1 commit into from
Apr 18, 2025

Conversation

@LordGrimmauld
Copy link
Contributor

@LordGrimmauld LordGrimmauld commented Apr 17, 2025
edited
Loading

Fixes CVE-2025-32415 [1] and CVE-2025-32414 [2]

Release notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8

[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
[2] https://gitlab.gnome.org/GNOME/libxml2/-/issues/889

versions 2.14.x exist since we last updated libxml2. However, there is some deprecation and function removal in that upgrade. I am not too keen on pushing a potentially breaking update in freeze month to a mass rebuild. Especially not considering i am not even the listed maintainer of this package. Hence, cc @jtojnar you might want to check version 2.14.2.

Both 2.14.2 and 2.13.8 have these vulnerabilities fixed, so i chose the version that is non-breaking.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@LordGrimmauld LordGrimmauld requested a review from jtojnar April 17, 2025 21:23
@LordGrimmauld LordGrimmauld added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Apr 17, 2025
@LordGrimmauld LordGrimmauld mentioned this pull request Apr 17, 2025
Merged
13 tasks
@github-actions github-actions bot added 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. labels Apr 17, 2025
@LordGrimmauld
Copy link
Contributor Author

LordGrimmauld commented Apr 18, 2025

With #396195 updated to 2.14.2, that too has the vulnerabilities fixed. Either one is fine. The 2.14.x versions will have longer support, so it makes sense to switch to those for 25.05. If that ends up our approach, then i am happy to close this PR. I'll leave this open until 2.14.x is properly tested and the decision is made.

@vcunat
Copy link
Member

vcunat commented Apr 18, 2025

We still want this for staging-24.11, though.

@LordGrimmauld
Copy link
Contributor Author

LordGrimmauld commented Apr 18, 2025

Yes, that for sure!

jtojnar
jtojnar reviewed Apr 18, 2025
View reviewed changes
Copy link
Member

@jtojnar jtojnar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

@wegank wegank added the 12.approvals: 1 This PR was reviewed and approved by one person. label Apr 18, 2025
@bobby285271 bobby285271 mentioned this pull request Apr 18, 2025
Merged
13 tasks
@wegank wegank added 12.approvals: 2 This PR was reviewed and approved by two persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Apr 18, 2025
@thiagokokada thiagokokada merged commit 51df8d5 into NixOS:staging Apr 18, 2025
43 of 47 checks passed
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented Apr 18, 2025

Successfully created backport PR for staging-24.11:

@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Apr 18, 2025
Merged
1 task
@LordGrimmauld LordGrimmauld mentioned this pull request Jun 18, 2025
Merged
13 tasks
@gepbird gepbird mentioned this pull request Jun 20, 2025
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jtojnar jtojnar jtojnar approved these changes

@thiagokokada thiagokokada thiagokokada approved these changes

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 12.approvals: 2 This PR was reviewed and approved by two persons.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@LordGrimmauld @vcunat @jtojnar @thiagokokada @LeSuisse @wegank