From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: Expat regression fix for master branch
Date: Sun, 25 Sep 2016 19:18:11 -0400
Message-ID: <20160925231811.GA1722@jasmine>
References: <20160912213515.GA15911@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37834)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1boIgm-0001LD-7E
	for guix-devel@gnu.org; Sun, 25 Sep 2016 19:18:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1boIgg-0007x6-4c
	for guix-devel@gnu.org; Sun, 25 Sep 2016 19:18:27 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:59395)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1boIge-0007vG-Rb
	for guix-devel@gnu.org; Sun, 25 Sep 2016 19:18:22 -0400
Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148])
	by mail.messagingengine.com (Postfix) with ESMTPA id A5308CCE7E
	for <guix-devel@gnu.org>; Sun, 25 Sep 2016 19:18:12 -0400 (EDT)
Content-Disposition: inline
In-Reply-To: <20160912213515.GA15911@jasmine>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org


--/9DWx/yDrRhgMJTb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 12, 2016 at 05:35:15PM -0400, Leo Famulari wrote:
> This patch applies an upstream patch for a regression caused by the fix=
=20
> for CVE-2016-0718.
>=20
> Apparently, the bug only manifests when building with -DXML_UNICODE,
> which I don't think our package does.

Sebastian Pipping (the Expat maintainer) contacted me to recommend that
we apply the patch on the master branch.

He says that the faulty code path can be reached even when XML_UNICODE
is not defined. Apparently, building with -DXML_UNICODE merely makes it
easier to reach the faulty code.

I think we should take Sebastian's advice. What does everyone think?

--/9DWx/yDrRhgMJTb
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX6FszAAoJECZG+jC6yn8IAfgQALYz14mLM3eS5oJ0NouBQlSC
TGtwnf49+6Qg9PkpR+GL9A9gpGRNEFh5w8eMCkQc1diq7jdj6RJpX9mk8+Pio5nS
4PBJzHylI3gu4hmecWoaZGY5msfJWEQiyzrvt9cznVrh+YcOoH/zNWdG/3G6wrOY
+9IeMl/CFxGaiSyD1pdTofo20pexai7eGKNJa7C7Q2Eu74w9vX+SQTQRPhVGOfdw
n7ehT+8gE1wfe1jKrgaV49OU3EJkEg+yHT+13paBg5EP2UlwkQoIKwKBe/B7/Xpl
v+ujpCA7UDAQ+Y9IQE2RljVlws3+UCcfjzNZvKwl3o9wxQavt0wafJ6TJbzbiUy8
t9eH4gCKkFTUSmn5Cl1vixjx5dAC73dHb8U/NrBbVdzXsJe6zm63e2IX3x8eWwij
JCv27/84h3ILfbs8/MrLYl60LA5fERFIv7eYCwFGzqyxa++FP4H2QXiFzEAQmOuh
fbeCAH50hgf5CfvS3gSyt2hp4Cwf7JrPq6gbQJ5GWmtG0aWOWE5hIX573Xh3lk/E
FFSWQDDvbNqQq2wv5dOdqm/0BWeVcrKe43Ki7D0xZLrYeXvoNCOu2tZs1+Wv45Q9
LUGXQHWDAvIi8CezPpy/ocAPubS/9bk2wjp779o1+lpto4cmvC6Yi3BpBuu+Ijlz
W/FJ3mjBuFr6F0RLusQL
=W7XA
-----END PGP SIGNATURE-----

--/9DWx/yDrRhgMJTb--