microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

libxml2 and python-lxml: fix CVE-2022-2309 (#3583) 

* libxml2 and python-lxml: fix CVE-2022-2309

* libxml2 and python-lxml: fix CVE-2022-2309

* address PR comments

Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
This commit is contained in:
nicolas guibourge 2022-08-24 10:06:43 +02:00 коммит произвёл GitHub
Родитель 9e71ad45c8
Коммит 72240a461b
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
9 изменённых файлов: 30 добавлений и 26 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
SPECS/libxml2/libxml2.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{ {
"Signatures": { "Signatures": {
"libxml2-v2.9.14.tar.gz": "80efe9e6b48f8aa7b9b0c47be427e2ef2dbfb2999124220ffbc0f43ca6adb98c" "libxml2-v2.10.0.tar.gz": "03365d9d4a6e086c213ed52a917f057838d70d54d080c12390084603c40dbb3d"
} }
} }

11
SPECS/libxml2/libxml2.spec
Просмотреть файл

@ -1,12 +1,12 @@
Summary: Libxml2 Summary: Libxml2
Name: libxml2 Name: libxml2
Version: 2.9.14 Version: 2.10.0
Release: 1%{?dist} Release: 1%{?dist}
License: MIT License: MIT
Vendor: Microsoft Corporation Vendor: Microsoft Corporation
Distribution: Mariner Distribution: Mariner
Group: System Environment/General Libraries Group: System Environment/General Libraries
URL: https://www.xmlsoft.org/ URL: https://gitlab.gnome.org/GNOME/libxml2/-/wikis/home
Source0: https://gitlab.gnome.org/GNOME/%{name}/-/archive/v%{version}/%{name}-v%{version}.tar.gz Source0: https://gitlab.gnome.org/GNOME/%{name}/-/archive/v%{version}/%{name}-v%{version}.tar.gz
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: python3-xml BuildRequires: python3-xml
@ -59,10 +59,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%license COPYING %license Copyright
%{_docdir}/* %{_docdir}/*
%{_libdir}/libxml* %{_libdir}/libxml*
%{_libdir}/xml2Conf.sh
%{_bindir}/* %{_bindir}/*
%{_datadir}/aclocal/* %{_datadir}/aclocal/*
%{_datadir}/gtk-doc/* %{_datadir}/gtk-doc/*
@ -75,11 +74,13 @@ find %{buildroot} -type f -name "*.la" -delete -print
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
%{_includedir}/* %{_includedir}/*
%{_mandir}/man3/*
%{_libdir}/pkgconfig/libxml-2.0.pc %{_libdir}/pkgconfig/libxml-2.0.pc
%{_libdir}/cmake/libxml2/libxml2-config.cmake %{_libdir}/cmake/libxml2/libxml2-config.cmake
%changelog %changelog
* Mon Aug 22 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 2.10.0-1
- Updating to version 2.10.0 to fix CVE-2022-2309.
* Mon May 23 2022 Cameron Baird <cameronbaird@microsoft.com> - 2.9.14-1 * Mon May 23 2022 Cameron Baird <cameronbaird@microsoft.com> - 2.9.14-1
- Updating to version 2.9.14 to fix CVE-2022-29824. - Updating to version 2.9.14 to fix CVE-2022-29824.

2
SPECS/python-lxml/python-lxml.signatures.json
Просмотреть файл

@ -1,5 +1,5 @@
{ {
"Signatures": { "Signatures": {
"lxml-4.8.0.tar.gz": "f63f62fc60e6228a4ca9abae28228f35e1bd3ce675013d1dfb828688d50c6e23" "lxml-4.9.1.tar.gz": "fe749b052bb7233fe5d072fcb549221a8cb1a16725c47c37e42b0b9cb3ff2c3f"
} }
} }

5
SPECS/python-lxml/python-lxml.spec
Просмотреть файл

@ -2,7 +2,7 @@
Summary: XML and HTML with Python Summary: XML and HTML with Python
Name: python-lxml Name: python-lxml
Version: 4.8.0 Version: 4.9.1
Release: 1%{?dist} Release: 1%{?dist}
# Test suite (and only the test suite) is GPLv2+ # Test suite (and only the test suite) is GPLv2+
License: BSD and GPLv2+ License: BSD and GPLv2+
@ -53,6 +53,9 @@ make test
%{python3_sitelib}/* %{python3_sitelib}/*
%changelog %changelog
* Mon Aug 22 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 4.9.1-1
- Upgrade to to fix CVE-2022-2309
* Wed Apr 20 2022 Olivia Crain <oliviacrain@microsoft.com> - 4.8.0-1 * Wed Apr 20 2022 Olivia Crain <oliviacrain@microsoft.com> - 4.8.0-1
- Upgrade to latest upstream version - Upgrade to latest upstream version
- Fixes CVE-2018-19787, CVE-2020-27783, CVE-2021-28957, CVE-2021-43818 - Fixes CVE-2018-19787, CVE-2020-27783, CVE-2021-28957, CVE-2021-43818

8
cgmanifest.json
Просмотреть файл

@ -10581,8 +10581,8 @@
"type": "other", "type": "other",
"other": { "other": {
"name": "libxml2", "name": "libxml2",
"version": "2.9.14", "version": "2.10.0",
"downloadUrl": "https://gitlab.gnome.org/GNOME/libxml2/-/archive/v2.9.14/libxml2-v2.9.14.tar.gz" "downloadUrl": "https://gitlab.gnome.org/GNOME/libxml2/-/archive/v2.10.0/libxml2-v2.10.0.tar.gz"
} }
} }
}, },
@ -20984,8 +20984,8 @@
"type": "other", "type": "other",
"other": { "other": {
"name": "python-lxml", "name": "python-lxml",
"version": "4.8.0", "version": "4.9.1",
"downloadUrl": "https://github.com/lxml/lxml/releases/download/lxml-4.8.0/lxml-4.8.0.tar.gz" "downloadUrl": "https://github.com/lxml/lxml/releases/download/lxml-4.9.1/lxml-4.9.1.tar.gz"
} }
} }
}, },

4
toolkit/resources/manifests/package/pkggen_core_aarch64.txt
Просмотреть файл

@ -197,8 +197,8 @@ tdnf-cli-libs-3.2.2-4.cm2.aarch64.rpm
tdnf-devel-3.2.2-4.cm2.aarch64.rpm tdnf-devel-3.2.2-4.cm2.aarch64.rpm
tdnf-plugin-repogpgcheck-3.2.2-4.cm2.aarch64.rpm tdnf-plugin-repogpgcheck-3.2.2-4.cm2.aarch64.rpm
createrepo_c-0.17.5-1.cm2.aarch64.rpm createrepo_c-0.17.5-1.cm2.aarch64.rpm
libxml2-2.9.14-1.cm2.aarch64.rpm libxml2-2.10.0-1.cm2.aarch64.rpm
libxml2-devel-2.9.14-1.cm2.aarch64.rpm libxml2-devel-2.10.0-1.cm2.aarch64.rpm
libsepol-3.2-2.cm2.aarch64.rpm libsepol-3.2-2.cm2.aarch64.rpm
glib-2.71.0-1.cm2.aarch64.rpm glib-2.71.0-1.cm2.aarch64.rpm
libltdl-2.4.6-8.cm2.aarch64.rpm libltdl-2.4.6-8.cm2.aarch64.rpm

4
toolkit/resources/manifests/package/pkggen_core_x86_64.txt
Просмотреть файл

@ -197,8 +197,8 @@ tdnf-cli-libs-3.2.2-4.cm2.x86_64.rpm
tdnf-devel-3.2.2-4.cm2.x86_64.rpm tdnf-devel-3.2.2-4.cm2.x86_64.rpm
tdnf-plugin-repogpgcheck-3.2.2-4.cm2.x86_64.rpm tdnf-plugin-repogpgcheck-3.2.2-4.cm2.x86_64.rpm
createrepo_c-0.17.5-1.cm2.x86_64.rpm createrepo_c-0.17.5-1.cm2.x86_64.rpm
libxml2-2.9.14-1.cm2.x86_64.rpm libxml2-2.10.0-1.cm2.x86_64.rpm
libxml2-devel-2.9.14-1.cm2.x86_64.rpm libxml2-devel-2.10.0-1.cm2.x86_64.rpm
libsepol-3.2-2.cm2.x86_64.rpm libsepol-3.2-2.cm2.x86_64.rpm
glib-2.71.0-1.cm2.x86_64.rpm glib-2.71.0-1.cm2.x86_64.rpm
libltdl-2.4.6-8.cm2.x86_64.rpm libltdl-2.4.6-8.cm2.x86_64.rpm

10
toolkit/resources/manifests/package/toolchain_aarch64.txt
Просмотреть файл

@ -203,9 +203,9 @@ libtasn1-debuginfo-4.18.0-2.cm2.aarch64.rpm
libtasn1-devel-4.18.0-2.cm2.aarch64.rpm libtasn1-devel-4.18.0-2.cm2.aarch64.rpm
libtool-2.4.6-8.cm2.aarch64.rpm libtool-2.4.6-8.cm2.aarch64.rpm
libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm
libxml2-2.9.14-1.cm2.aarch64.rpm libxml2-2.10.0-1.cm2.aarch64.rpm
libxml2-debuginfo-2.9.14-1.cm2.aarch64.rpm libxml2-debuginfo-2.10.0-1.cm2.aarch64.rpm
libxml2-devel-2.9.14-1.cm2.aarch64.rpm libxml2-devel-2.10.0-1.cm2.aarch64.rpm
libxslt-1.1.34-7.cm2.aarch64.rpm libxslt-1.1.34-7.cm2.aarch64.rpm
libxslt-debuginfo-1.1.34-7.cm2.aarch64.rpm libxslt-debuginfo-1.1.34-7.cm2.aarch64.rpm
libxslt-devel-1.1.34-7.cm2.aarch64.rpm libxslt-devel-1.1.34-7.cm2.aarch64.rpm
@ -510,8 +510,8 @@ python3-gpg-1.16.0-1.cm2.aarch64.rpm
python3-jinja2-3.0.3-2.cm2.noarch.rpm python3-jinja2-3.0.3-2.cm2.noarch.rpm
python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm
python3-libs-3.9.13-3.cm2.aarch64.rpm python3-libs-3.9.13-3.cm2.aarch64.rpm
python3-libxml2-2.9.14-1.cm2.aarch64.rpm python3-libxml2-2.10.0-1.cm2.aarch64.rpm
python3-lxml-4.8.0-1.cm2.aarch64.rpm python3-lxml-4.9.1-1.cm2.aarch64.rpm
python3-magic-5.40-2.cm2.noarch.rpm python3-magic-5.40-2.cm2.noarch.rpm
python3-markupsafe-2.1.0-1.cm2.aarch64.rpm python3-markupsafe-2.1.0-1.cm2.aarch64.rpm
python3-newt-0.52.21-4.cm2.aarch64.rpm python3-newt-0.52.21-4.cm2.aarch64.rpm

10
toolkit/resources/manifests/package/toolchain_x86_64.txt
Просмотреть файл

@ -203,9 +203,9 @@ libtasn1-debuginfo-4.18.0-2.cm2.x86_64.rpm
libtasn1-devel-4.18.0-2.cm2.x86_64.rpm libtasn1-devel-4.18.0-2.cm2.x86_64.rpm
libtool-2.4.6-8.cm2.x86_64.rpm libtool-2.4.6-8.cm2.x86_64.rpm
libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm
libxml2-2.9.14-1.cm2.x86_64.rpm libxml2-2.10.0-1.cm2.x86_64.rpm
libxml2-debuginfo-2.9.14-1.cm2.x86_64.rpm libxml2-debuginfo-2.10.0-1.cm2.x86_64.rpm
libxml2-devel-2.9.14-1.cm2.x86_64.rpm libxml2-devel-2.10.0-1.cm2.x86_64.rpm
libxslt-1.1.34-7.cm2.x86_64.rpm libxslt-1.1.34-7.cm2.x86_64.rpm
libxslt-debuginfo-1.1.34-7.cm2.x86_64.rpm libxslt-debuginfo-1.1.34-7.cm2.x86_64.rpm
libxslt-devel-1.1.34-7.cm2.x86_64.rpm libxslt-devel-1.1.34-7.cm2.x86_64.rpm
@ -510,8 +510,8 @@ python3-gpg-1.16.0-1.cm2.x86_64.rpm
python3-jinja2-3.0.3-2.cm2.noarch.rpm python3-jinja2-3.0.3-2.cm2.noarch.rpm
python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm
python3-libs-3.9.13-3.cm2.x86_64.rpm python3-libs-3.9.13-3.cm2.x86_64.rpm
python3-libxml2-2.9.14-1.cm2.x86_64.rpm python3-libxml2-2.10.0-1.cm2.x86_64.rpm
python3-lxml-4.8.0-1.cm2.x86_64.rpm python3-lxml-4.9.1-1.cm2.x86_64.rpm
python3-magic-5.40-2.cm2.noarch.rpm python3-magic-5.40-2.cm2.noarch.rpm
python3-markupsafe-2.1.0-1.cm2.x86_64.rpm python3-markupsafe-2.1.0-1.cm2.x86_64.rpm
python3-newt-0.52.21-4.cm2.x86_64.rpm python3-newt-0.52.21-4.cm2.x86_64.rpm