Update libxml2 from 2.9.10 to 2.9.14
What does this MR do?
Updates libxml2 from 2.9.10 to 2.9.14 to address at least two vulnerabilities CVE-2022-29824 (addressed in 2.9.14) (CVSSv3 6.5) and CVE-2022-23308 (addressed in 2.9.13) (CVSSv3 7.5) and to remove all the patches ported to the mainline in the upstream (#5644 (closed)).
Upstream of the source:
Also:
- Uses source in https://download.gnome.org/ from FTP to HTTPS.
- Updates license notice per the upstream.
- Removes patches for 2.9.10.
- Adds
--with-lzma
flag. - Adds
--with-sax1
flag.
by adapting changes from the upstream (chef/omnibus-software): https://github.com/chef/omnibus-software/blob/a13b492fecf3162edc8e6c230a72bdb95aadf9899/config/software/libxml2.rb
Related issues
Relates to !6249 (merged)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com - [n/a] Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks
-
trigger-package
has a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes - [n/a] Documentation created/updated
- [n/a] Tests added
- [n/a] Integration tests added to GitLab QA
- [n/a] Equivalent MR/issue for the GitLab Chart opened
Edited by Takuya Noguchi