[bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].
@ 2017-10-25 16:25 Tobias Geerinckx-Rice
  2017-10-25 16:32 ` Tobias Geerinckx-Rice
  2017-10-25 17:12 ` Leo Famulari
  0 siblings, 2 replies; 4+ messages in thread
From: Tobias Geerinckx-Rice @ 2017-10-25 16:25 UTC (permalink / raw)
  To: 28996

See 'Changes' in the source distribution for more information about the
fixed security issues.

* gnu/packages/xml.scm (expat)[replacement]: Update to 2.2.4.
(expat-2.2.2): Replace with ...
(expat-2.2.4): ... new variable.
---

Commit message shamelessly lifted from Leo's previous graft.

 gnu/packages/xml.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 163743c07..2cdf4faa5 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -58,7 +58,7 @@
   (package
     (name "expat")
     (version "2.2.1")
-    (replacement expat-2.2.2)
+    (replacement expat-2.2.4)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
@@ -75,17 +75,17 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
-(define expat-2.2.2  ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues.
+(define expat-2.2.4  ; Fix CVE-{2016-9063,2017-9233,2017-11742} & other issues.
   (package
     (inherit expat)
-    (version "2.2.2")
+    (version "2.2.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
              (sha256
               (base32
-               "0ik0r39ala9c6hj4kxrk933klgwkzlkbrfhvhaykx8l1rwgr2xj3"))))))
+               "17h1fb9zvqvf0sr78j211bngc6jpql5wzar8fg9b52jzjvdqbb83"))))))
 
 (define-public libebml
   (package
-- 
2.13.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].
  2017-10-25 16:25 [bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes] Tobias Geerinckx-Rice
@ 2017-10-25 16:32 ` Tobias Geerinckx-Rice
  2017-10-25 17:12 ` Leo Famulari
  1 sibling, 0 replies; 4+ messages in thread
From: Tobias Geerinckx-Rice @ 2017-10-25 16:32 UTC (permalink / raw)
  To: 28996

Tobias Geerinckx-Rice wrote on 25/10/17 at 18:25:
> [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

The corresponding core-update is implicitly included for free.

Kind regards,

T G-R

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].
  2017-10-25 16:25 [bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes] Tobias Geerinckx-Rice
  2017-10-25 16:32 ` Tobias Geerinckx-Rice
@ 2017-10-25 17:12 ` Leo Famulari
  2017-10-25 20:25   ` bug#28996: " Tobias Geerinckx-Rice
  1 sibling, 1 reply; 4+ messages in thread
From: Leo Famulari @ 2017-10-25 17:12 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 28996

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

On Wed, Oct 25, 2017 at 06:25:37PM +0200, Tobias Geerinckx-Rice wrote:
> See 'Changes' in the source distribution for more information about the
> fixed security issues.
> 
> * gnu/packages/xml.scm (expat)[replacement]: Update to 2.2.4.
> (expat-2.2.2): Replace with ...
> (expat-2.2.4): ... new variable.

Okay, LGTM!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#28996: [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].
  2017-10-25 17:12 ` Leo Famulari
@ 2017-10-25 20:25   ` Tobias Geerinckx-Rice
  0 siblings, 0 replies; 4+ messages in thread
From: Tobias Geerinckx-Rice @ 2017-10-25 20:25 UTC (permalink / raw)
  To: 28996-done


[-- Attachment #1.1: Type: text/plain, Size: 184 bytes --]

I wrote:
> * gnu/packages/xml.scm (expat)[replacement]: Update to 2.2.4.
> (expat-2.2.2): Replace with ...
> (expat-2.2.4): ... new variable.

Pushed to master & core-updates.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 248 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-10-25 20:23 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-25 16:25 [bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes] Tobias Geerinckx-Rice
2017-10-25 16:32 ` Tobias Geerinckx-Rice
2017-10-25 17:12 ` Leo Famulari
2017-10-25 20:25   ` bug#28996: " Tobias Geerinckx-Rice

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).