From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id qC/eDS3SBGd4xwAA62LTzQ:P1 (envelope-from ) for ; Tue, 08 Oct 2024 06:33:17 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id qC/eDS3SBGd4xwAA62LTzQ (envelope-from ) for ; Tue, 08 Oct 2024 08:33:17 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b="li/kr1WC"; dkim=fail ("headers rsa verify failed") header.d=ngraves.fr header.s=ovhmo4487190-selector1 header.b=uplQAsW4; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1728369196; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=0p8/TsfCmIGGWTYoGdmbvnS7ci7ohXhK0U6xSvPXDTU=; b=h79MKJ9WmXxjooOVKzkMfUf1o1RL+YqlbQxknQ7smw3sU4MFy+sHEQA//v5QSpFu/SN67r Dmud3RZc/Nr95IR1PzhmbN7Wlz5a5uENJdE2/Z8O9+T6143v8YbzFQE12bi/MZIvZHwy4O LjXbHw80NpRvh+7SQPWEM2a53AWIqVfxm7xGtlxwGNMpwH/RWyMcMnuhQL49fwfIUR1mBF nhBHb2IpN/YjvIyqxLoueQOKMS+pQZIhBM07255xxVvHdTEYjhJIoMWLExUz4SCxn+VZBL snLQZ+xQrgnMyC8+8lCF8IdyI31fsv42RzwkH5z+siiDK8HT9mJ4kclfL8V0FQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b="li/kr1WC"; dkim=fail ("headers rsa verify failed") header.d=ngraves.fr header.s=ovhmo4487190-selector1 header.b=uplQAsW4; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1728369196; a=rsa-sha256; cv=none; b=Eyq6/X/BxcVp/OcElOoBRb2fcY4uPj1eSTydx6ZZWNFpM8Lsrb3Z6vzDwXST7ljcqFa9C+ fHf6XbCOJ1ShE1/JV7nGXY3KFpD31HFpWvZKXxGPbvpB7c54S1ul+qTwLhYKjrMpW6fPXB DtpG4dnFN1bKL0Gb6yLNoeYfrc4NErxg2+t4fI7Oiv4uor73bZDMxHkOAqO2b2k1k562f+ 8ibOsWnQKeYLnq7CXDq9/KtwKERkAWZ45WUVuFnlHLzVryYsrkeFLKO0D2VazYlTsZGF9Q N4fsaexd3qUwUoFmqfRp+re2UG06smqJ/uQCn2aIDXrXUcI5CzYOf5FPp+MH0A== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C686D8F27A for ; Tue, 08 Oct 2024 08:33:16 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sy3mG-00038i-BO; Tue, 08 Oct 2024 02:33:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sy3mA-00038D-Ae for guix-patches@gnu.org; Tue, 08 Oct 2024 02:32:54 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sy3mA-0004W9-0H for guix-patches@gnu.org; Tue, 08 Oct 2024 02:32:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=0p8/TsfCmIGGWTYoGdmbvnS7ci7ohXhK0U6xSvPXDTU=; b=li/kr1WCV5MEND6WzJC0JLq+HPiImalZVXDM6dPshyFK604hU+FCejcXJS/BHS4dgKbGTy05Jt1mliuz+Ck86V+EcjAxP9LI0mhn+HOoY1pajmNTysf8ovKP5G7JYUL47Llre4nG/HNq/e217sgRXOGz7GFvh0cpFW1Pr6fZARFw8fK6HyYioxD+zJk9hmCh5K97zyqr2i225Q2zNEb5Ta8Y65Z1b11eV2rJug6Noj7o2NCS7SPpxUjNgjwx29QCehZ74Oeid7xZpZr53fl41NXp4Ih2PfYWxhof5REMPU+kJqaYIv1r6IETh9LW+0ASdc7BDLDdtiy6sTplC6wUBw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sy3mI-0001Th-4W for guix-patches@gnu.org; Tue, 08 Oct 2024 02:33:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#73691] [PATCH 1/2] gnu: java-xerces: Update to 2.12.2. [security fixes] References: <20241008062550.23917-1-ngraves@ngraves.fr> In-Reply-To: <20241008062550.23917-1-ngraves@ngraves.fr> Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 08 Oct 2024 06:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 73691 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 73691@debbugs.gnu.org Cc: Nicolas Graves Received: via spool by 73691-submit@debbugs.gnu.org id=B73691.17283691595640 (code B ref 73691); Tue, 08 Oct 2024 06:33:02 +0000 Received: (at 73691) by debbugs.gnu.org; 8 Oct 2024 06:32:39 +0000 Received: from localhost ([127.0.0.1]:50456 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sy3lu-0001St-Rm for submit@debbugs.gnu.org; Tue, 08 Oct 2024 02:32:39 -0400 Received: from 20.mo561.mail-out.ovh.net ([178.33.47.94]:40837) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sy3lr-0001Si-Eh for 73691@debbugs.gnu.org; Tue, 08 Oct 2024 02:32:37 -0400 Received: from director8.ghost.mail-out.ovh.net (unknown [10.109.140.5]) by mo561.mail-out.ovh.net (Postfix) with ESMTP id 4XN5m93jyBz1JFH for <73691@debbugs.gnu.org>; Tue, 8 Oct 2024 06:32:25 +0000 (UTC) Received: from ghost-submission-55b549bf7b-4hwgj (unknown [10.108.42.70]) by director8.ghost.mail-out.ovh.net (Postfix) with ESMTPS id 3A7881FE24; Tue, 8 Oct 2024 06:32:25 +0000 (UTC) Received: from ngraves.fr ([37.59.142.101]) by ghost-submission-55b549bf7b-4hwgj with ESMTPSA id tafON/jRBGfVBQAAMqHyjg (envelope-from ); Tue, 08 Oct 2024 06:32:25 +0000 X-OVh-ClientIp: 86.246.19.221 Date: Tue, 8 Oct 2024 08:32:13 +0200 Message-ID: <20241008063221.26144-1-ngraves@ngraves.fr> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Ovh-Tracer-Id: 15130124426826277602 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeeftddrvdeftddguddutdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecunecujfgurhephffvvefufffkofgggfestdekredtredttdenucfhrhhomheppfhitgholhgrshcuifhrrghvvghsuceonhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrqeenucggtffrrghtthgvrhhnpeekffegteffgfffjeegjedvfffgtddvueeutefgfeeuvdejgedvgeejjeevueeuveenucfkphepuddvjedrtddrtddruddpkeeirddvgeeirdduledrvddvuddpfeejrdehledrudegvddruddtudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeduvdejrddtrddtrddupdhmrghilhhfrhhomhepnhhgrhgrvhgvshesnhhgrhgrvhgvshdrfhhrpdhnsggprhgtphhtthhopedupdhrtghpthhtohepjeefieeludesuggvsggsuhhgshdrghhnuhdrohhrghdpoffvtefjohhsthepmhhoheeiuddpmhhouggvpehsmhhtphhouhht DKIM-Signature: a=rsa-sha256; bh=0p8/TsfCmIGGWTYoGdmbvnS7ci7ohXhK0U6xSvPXDTU=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1728369145; v=1; b=uplQAsW4vsX6/YwH5psPR29vNX1QBTAxArmnF25z8k2187ioslc7KpGhmPcDlF1SB4c1WxFC QO3asrmEUERGDF38fW/T4gGwKSaWJNLGzLhgkjaE5DR45Jacg3c/psptbJTwhrUNx5K0O1GTY1W dcBBOdrolbhTA00qgk90D719LiJSU2G53N/kyj/+ctRd8SYuy2LfQsiEN345Zcn5+ENr+FaJnax A9tREeMmp5LxYkklY+2yGOqSBV8IG/qX58F37iwbZ/M1IalRfJGPw+16ZZ2VdDI5O8lZNlMggVJ yR4W024gsrfPVrll+bbSo8wt/Qk5tpplXe3CGhHvdWALg== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches From: Nicolas Graves via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: 0.45 X-Spam-Score: 0.45 X-Migadu-Queue-Id: C686D8F27A X-TUID: FDulLWhzEQvu This fixes CVE-2022-23437. * gnu/packages/java.scm (java-xerces): Update to 2.12.2. --- gnu/packages/java.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index b43b57754b..fec741f5f2 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -12599,14 +12599,14 @@ (define-public java-joda-time (define-public java-xerces (package (name "java-xerces") - (version "2.12.1") + (version "2.12.2") (source (origin (method url-fetch) (uri (string-append "mirror://apache/xerces/j/source/" "Xerces-J-src." version ".tar.gz")) (sha256 - (base32 "0494kq36gw3nah19ifb720vwxbpg4ww0k6m3zq6wyanw6a083p6s")) + (base32 "1s2fnfx5flmhs3q30bxdsa6vs52m6vbnqd3m4cc5r4wfr3afplbd")) (patches (search-patches "java-xerces-xjavac_taskdef.patch" "java-xerces-build_dont_unzip.patch" -- 2.46.0