Sebastian Pipping schreef op za 08-05-2021 om 18:00 [+0200]:
> Hello everyone,
> 
> 
> just a quick heads up that there will be a new release of libexpat with
> security fix in a few weeks.  Unless I looked in the wrong place, I
> noticed that your distro has not updated to libexpat 2.3.0 as of today.

Correct

> > If you ran into any issues with packaging 2.3.0, please let me know now
> so that I can fix things upstream for you and everyone while there is
> still a window before next releases to do so.  Thank you!

According to "guix refresh -l", simply updating expat would entail rebuilding 6031
packages. This can be avoided is v2.4.0 is binary compatible with v2.2.9.
Is this the case? If this is not the case, we
will have to cherry-pick the
security fixes.

I have attached a patch adding a graft for expat, updating from v2.2.9 to
v2.3.0, but it needs some testing.

Greetings,
Maxime.