[MacPorts] #72223: p5.34-alien-libxml2 @0.20 fails to build: mytest.c: error: libxml/xmlversion.h: No such file or directory

Sat Mar 22 08:41:16 UTC 2025

#72223: p5.34-alien-libxml2 @0.20 fails to build: mytest.c: error:
libxml/xmlversion.h: No such file or directory
----------------------------------+----------------------
  Reporter:  barracuda156         |      Owner:  dbevans
      Type:  defect               |     Status:  assigned
  Priority:  Normal               |  Milestone:
 Component:  ports                |    Version:  2.10.5
Resolution:                       |   Keywords:
      Port:  p5.34-alien-libxml2  |
----------------------------------+----------------------
Changes (by ryandesign):

 * cc: dbevans (removed)
 * owner:  (none) => dbevans
 * status:  new => assigned

Comment:

 Ok, the latest Alien::Libxml2 is complaining about the libxml2 version
 because its `alienfile` build system contains this:

 {{{#!perl
 my %bad_versions = map { $_ => 1 } (
   # known bad versions
   # may have some extras, and may be incomplete.
   # but probably sufficient.
   # computed using maint/tags-to-versions.pl and the git repository
   # for libxml2.
   '2.0.0',
   '2.1.0','2.1.1',
   '2.2.0','2.2.1','2.2.2','2.2.3','2.2.4','2.2.5','2.2.6','2.2.7','2.2.8',
 '2.3.0','2.3.1','2.3.2','2.3.3','2.3.4','2.3.5','2.3.6','2.3.7','2.3.8','2.3.9','2.3.10','2.3.11','2.3.12','2.3.13','2.3.14',
 '2.4.0','2.4.1','2.4.2','2.4.3','2.4.4','2.4.5','2.4.6','2.4.7','2.4.8','2.4.9','2.4.10','2.4.11','2.4.12','2.4.13','2.4.14','2.4.15','2.4.16','2.4.17','2.4.18','2.4.19','2.4.20','2.4.21','2.4.22','2.4.23','2.4.24','2.4.25','2.4.26','2.4.27','2.4.28','2.4.29','2.4.30',
 '2.5.0','2.5.1','2.5.2','2.5.3','2.5.4','2.5.5','2.5.6','2.5.7','2.5.8','2.5.9','2.5.10','2.5.11',
 '2.6.0','2.6.1','2.6.2','2.6.3','2.6.4','2.6.5','2.6.6','2.6.7','2.6.8','2.6.9','2.6.10','2.6.11','2.6.12','2.6.13','2.6.14','2.6.15','2.6.19','2.6.20','2.6.25',
   '2.7.0','2.7.1',
   '2.9.4',
   #  The next set have reported CVEs
   (map {'2.11.' . $_} (0 .. 9)),
   (map {'2.12.' . $_} (0 .. 9)),
   (map {'2.13.' . $_} (0 .. 6)),
 );
 }}}

 Pretty rude of them to refuse to use the current version of libxml2. I
 don't know what CVE they think it has. The port needs to be instructed to
 tell the build system to shut up about that nonsense, to always build
 against MacPorts libxml2, and to never try to download something itself.
 On my macOS 12 x86_64 system, it succeeds building the older libxml2 it
 downloaded. On yours it failed... on what OS version and architecture was
 that? Can you attach the main.log file?

 I have no familiarity with Alien::Libxml2 but if what it installs varies
 depending on the version of libxml2 it was built against, then that's news
 to me, and the p5-alien-libxml2 port should be revbumped any time the
 libxml2 port is updated, and a comment should be added to the libxml2 port
 to remind its maintainer to do that when updating. And if it does not vary
 based on build version, but merely dynamically links with whatever version
 is currently installed, then it makes no difference what the version is.
 If it has a vulnerability, we will eventually update it and then it won't
 be vulnerable anymore. On the other hand, if Alien::Libxml2 statically
 links with an older version because it believes the current version is
 vulnerable, and that old version is later determined to have a
 vulnerability, the user will continue using that old vulnerable version
 indefinitely. See also https://github.com/PerlAlien/Alien-
 Libxml2/issues/44 where this concept seems to be going completely over the
 developers' heads.

-- 
Ticket URL: <https://trac.macports.org/ticket/72223#comment:1>
MacPorts <https://www.macports.org/>
Ports system for macOS