Conversation
This comment was marked as resolved.
This comment was marked as resolved.
513e6fc to
4008d9c
Compare
|
So, to clarify my plans regarding
cc @vcunat who chimed in about libxml2 things in the staging matrix chat |
|
Thanks for the reminder, I see there are 2 new CVEs that probably need backporting to I'll leave the libxml >=2.14 up to you, I don't have capacity to take new bigger responsibilities in the near future. |
There is a 2.13.9 release which fixes most (if not all) of the CVEs, maybe you don't need manual backports this time |
|
Things tested:
This is basically all of the things that complained in the However, |
631c45c to
536bf96
Compare
536bf96 to
5ccd353
Compare
|
librsvg test fails reported upstream, time to wait for what they say. |
5ccd353 to
00f68d1
Compare
|
Okay, i have dug through libxml2 and librsvg, and conclude: the |
libxml 2.15 no longer updates the element count before throwing an error in case of too many elements. This makes librsvg unable to report `TooManyLoadedElements`, instead failing with a generic error.
00f68d1 to
521c833
Compare
|
As mentioned by @wolfgangwalther, there's a regression in 2.15.0 (affecting PostgreSQL) which is described here: https://www.postgresql.org/message-id/flat/0756AC61-FBA3-46E2-B3C2-19B58B65EBDC%40yesql.se#9dcf38aa46f38a215648f75bd471567b Both upstreams already have unreleased fixes: |
Their patch has already been applied for us in #448817 |
|
So the libxml2 patch isn't urgent anymore? |
|
We should still do the patch - from experience, there is a LOT of things that will run into random build failures due to libxml2 changes, postgres isprobably not the only one |
Rel notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.15.0
closes #444172
Very much untested, here be dragons! These things build, but i expect there to be significant fallout and breakage.Testing done (see #444599 (comment)),but there is a potential security regression. DO NOT MERGE YET!Things done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.Add a 👍 reaction to pull requests you find important.