Skip to content

patch libxml2 #453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

patch libxml2 #453

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f154b81
patch libxml2
Aug 28, 2025
fe759a5
patch libxml and linux
Sep 2, 2025
06a72e9
libxml2 cve patch
Sep 2, 2025
1152277
build error fix for libxml2
Sep 2, 2025
5d7ee49
fix build error for libxml patch
Sep 2, 2025
42c4653
build error fix libxml2
Sep 2, 2025
948a5c5
build fix
Sep 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 38 additions & 6 deletions docker/1.7-1/base/Dockerfile.cpu
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
ARG UBUNTU_VERSION=20.04
ARG CUDA_VERSION=11.6.1
ARG IMAGE_DIGEST=c2d95c9c6ff77da41cf0f2f9e8c5088f5b4db20c16a7566b808762f05b9032ef
ARG LIBXML2_VERSION=2.9.14

# Build stage for SQLite compilation
FROM ubuntu:${UBUNTU_VERSION} as sqlite-builder
# Build stage for SQLite and libxml2 compilation
FROM ubuntu:${UBUNTU_VERSION} as builder
ARG LIBXML2_VERSION
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
wget \
Expand All @@ -19,6 +21,25 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
ldconfig && \
cd / && \
rm -rf /tmp/sqlite-autoconf-3500200 /tmp/sqlite-autoconf-3500200.tar.gz && \
# Build libxml2 from source to fix CVE-2025-49796
apt-get update && apt-get install -y --no-install-recommends \
automake \
libtool \
autoconf \
pkg-config \
python3-dev \
zlib1g-dev && \
cd /tmp && \
# Use direct tarball download instead of git to avoid branch/tag issues
wget https://download.gnome.org/sources/libxml2/2.9/libxml2-${LIBXML2_VERSION}.tar.xz && \
tar -xf libxml2-${LIBXML2_VERSION}.tar.xz && \
cd libxml2-${LIBXML2_VERSION} && \
./configure --prefix=/usr/local --without-python && \
make -j$(nproc) && \
make install && \
ldconfig && \
cd / && \
rm -rf /tmp/libxml2-${LIBXML2_VERSION} /tmp/libxml2-${LIBXML2_VERSION}.tar.xz && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

Expand Down Expand Up @@ -175,10 +196,15 @@ RUN echo "conda ${CONDA_PKG_VERSION}" >> /miniconda3/conda-meta/pinned && \
ldconfig && \
rm -rf /tmp/mlio

# Copy compiled SQLite from builder stage
COPY --from=sqlite-builder /usr/local/bin/sqlite3 /usr/local/bin/sqlite3
COPY --from=sqlite-builder /usr/local/lib/libsqlite3.* /usr/local/lib/
COPY --from=sqlite-builder /usr/local/include/sqlite3*.h /usr/local/include/
# Copy compiled SQLite and libxml2 from builder stage
COPY --from=builder /usr/local/bin/sqlite3 /usr/local/bin/sqlite3
COPY --from=builder /usr/local/lib/libsqlite3.* /usr/local/lib/
COPY --from=builder /usr/local/include/sqlite3*.h /usr/local/include/

# Copy compiled libxml2 from builder stage to fix CVE-2025-49796
COPY --from=builder /usr/local/lib/libxml2* /usr/local/lib/
COPY --from=builder /usr/local/include/libxml2 /usr/local/include/
COPY --from=builder /usr/local/bin/xml* /usr/local/bin/

# Update library cache and ensure /usr/local/bin is in PATH
RUN ldconfig && \
Expand All @@ -193,5 +219,11 @@ RUN sqlite3 --version

RUN apt list --installed

# Set up library config to ensure our custom-built libxml2 is used instead of system version
RUN echo "/usr/local/lib" > /etc/ld.so.conf.d/libxml2.conf && \
# Verify the libxml2 version that will be used
ldconfig && \
xml2-config --version

# Install latest version of XGBoost
RUN python3 -m pip install --no-cache -I xgboost==${XGBOOST_VERSION}