[bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

[bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

[Tobias Geerinckx-Rice]

See 'Changes' in the source distribution for more information about the
fixed security issues.

* gnu/packages/xml.scm (expat)[replacement]: Update to 2.2.4.
(expat-2.2.2): Replace with ...
(expat-2.2.4): ... new variable.
---

Commit message shamelessly lifted from Leo's previous graft.

 gnu/packages/xml.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 163743c07..2cdf4faa5 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -58,7 +58,7 @@
   (package
     (name "expat")
     (version "2.2.1")
-    (replacement expat-2.2.2)
+    (replacement expat-2.2.4)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
@@ -75,17 +75,17 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
-(define expat-2.2.2  ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues.
+(define expat-2.2.4  ; Fix CVE-{2016-9063,2017-9233,2017-11742} & other issues.
   (package
     (inherit expat)
-    (version "2.2.2")
+    (version "2.2.4")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
              (sha256
               (base32
-               "0ik0r39ala9c6hj4kxrk933klgwkzlkbrfhvhaykx8l1rwgr2xj3"))))))
+               "17h1fb9zvqvf0sr78j211bngc6jpql5wzar8fg9b52jzjvdqbb83"))))))
 
 (define-public libebml
   (package
-- 
2.13.1

[bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

[Tobias Geerinckx-Rice]

Tobias Geerinckx-Rice wrote on 25/10/17 at 18:25:
> [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

The corresponding core-update is implicitly included for free.

Kind regards,

T G-R

[bug#28996] [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

On Wed, Oct 25, 2017 at 06:25:37PM +0200, Tobias Geerinckx-Rice wrote:
> See 'Changes' in the source distribution for more information about the
> fixed security issues.
> 
> * gnu/packages/xml.scm (expat)[replacement]: Update to 2.2.4.
> (expat-2.2.2): Replace with ...
> (expat-2.2.4): ... new variable.

Okay, LGTM!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#28996: [PATCH] gnu: expat: Update replacement to 2.2.4 [security fixes].

[Tobias Geerinckx-Rice]

[-- Attachment #1.1: Type: text/plain, Size: 184 bytes --]

I wrote:
> * gnu/packages/xml.scm (expat)[replacement]: Update to 2.2.4.
> (expat-2.2.2): Replace with ...
> (expat-2.2.4): ... new variable.

Pushed to master & core-updates.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 248 bytes --]