-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
more JDK deps, libxml2, perl-test-pod, perl-yaml-syck, libxslt, xmlto… #43
Conversation
…, libxau, xtrans Signed-off-by: James Rawlings <jrawlings@chainguard.dev>
secfixes: | ||
2.10.3-r0: | ||
- CVE-2022-40303 | ||
- CVE-2022-40304 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this correct? If we add a new package with a secfix for the same version we are publishing, should we include these here?
Also I've not included secfixes for previous versions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, that seems fine
Sorry for the larger review. There was a few related to each other so figured it best to push together. I can push smaller or larger groups if preferred. |
hmm CI just failed with an error I've not seen when testing
|
specifically the error I'm not sure if that's the result of something I've missed from this PR or if it's a valid problem? |
tried a change but it didn't help so reverted back to the original commit + issue |
It's because libxml2 build system has decided it wants to staticly link zlib in. I split out the zlib static library into its own package, to help give the libxml2 build system an attitude adjustment. |
GNOME appears to have recut the libxslt release since you wrote libxslt.yaml: Sigh. |
Signed-off-by: James Rawlings <jrawlings@chainguard.dev>
thank you! |
…, libxau, xtrans
Signed-off-by: James Rawlings jrawlings@chainguard.dev