From mboxrd@z Thu Jan 1 00:00:00 1970 From: Efraim Flashner Subject: Re: Expat regression fix for master branch Date: Mon, 26 Sep 2016 11:21:07 +0300 Message-ID: <20160926082107.GD3742@macbook42.flashner.co.il> References: <20160912213515.GA15911@jasmine> <20160925231811.GA1722@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tNQTSEo8WG/FKZ8E" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44415) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boRAA-00064d-Eb for guix-devel@gnu.org; Mon, 26 Sep 2016 04:21:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1boRA4-0001Xr-EF for guix-devel@gnu.org; Mon, 26 Sep 2016 04:21:21 -0400 Received: from flashner.co.il ([178.62.234.194]:40459) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boRA4-0001W4-77 for guix-devel@gnu.org; Mon, 26 Sep 2016 04:21:16 -0400 Content-Disposition: inline In-Reply-To: <20160925231811.GA1722@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org --tNQTSEo8WG/FKZ8E Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 25, 2016 at 07:18:11PM -0400, Leo Famulari wrote: > On Mon, Sep 12, 2016 at 05:35:15PM -0400, Leo Famulari wrote: > > This patch applies an upstream patch for a regression caused by the fix= =20 > > for CVE-2016-0718. > >=20 > > Apparently, the bug only manifests when building with -DXML_UNICODE, > > which I don't think our package does. >=20 > Sebastian Pipping (the Expat maintainer) contacted me to recommend that > we apply the patch on the master branch. >=20 > He says that the faulty code path can be reached even when XML_UNICODE > is not defined. Apparently, building with -DXML_UNICODE merely makes it > easier to reach the faulty code. >=20 > I think we should take Sebastian's advice. What does everyone think? Seems to me that as the Expat maintainer he would know best. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --tNQTSEo8WG/FKZ8E Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJX6NpsAAoJEPTB05F+rO6Ts5QQAJVWuhhYm2wsGxQ0gJ0lQa2Y EHS2CeO7ikT1qSTFyAWXLkapjXl9lhaC+NAIqpKHGmhsWvVWnXUDdpgu/c7sxo/L eH3h2vfrq9jFI+E/bbsltXavUIlwIVsyXB0GEjgSIWGLKilKG10aDKr4Z84KI0GU 0X0VZcd2+akCKSBHOCzzIs8pBHibPEA/2d3GBoP6OMRRlSVoGEOD5gtsbw8qZRvC BrjtXBpuu0DECm4LbZtEFXDlP6Wmc/Du97Y5NwTDKS+Sr0V4Ws3HgF7rw3qMk6r0 /3qt/SzHe4h6KMLwacgO9BmxAFmOL1MoUSHZ2h0k/L77jebThExiiwV0qO1QaQyZ id5vjmwESlrgGB30908FLPdxVMfnCJOPnUqwFuoQPGq27NHo1C/3/n7QDWP6oqW3 dKo/uTWIGFEVsgNSCe/MqWNrIrVjCAo+IXMkPAqxd6Wyaw0x+fvRALPKlIyZOXm0 nE/gWE/2OWnn8W4jwDwL6uTHgx/QkO4lBSqWRQ0ip7gjQK8sO2+CucI3BHNTDJLn dgK0VdoCt0pFzL5GJ4mZrrZM3yaaioeWeleB4nYRj7C6Es/mzo0ocUMObuVMBVsc HWq6jXFNsYMBao1z+EX2Ns+8ym2YcKBq+XIClNYieB9ozvqLyN4RTkriTXaf1UWs WA+gjl4Mn8g0U0gzbyxh =FvT+ -----END PGP SIGNATURE----- --tNQTSEo8WG/FKZ8E--