all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#48304] [PATCH] gnu: expat: Update via graft.
@ 2021-05-08 23:27 Leo Prikler
  2021-05-09 14:05 ` Leo Famulari
  0 siblings, 1 reply; 8+ messages in thread
From: Leo Prikler @ 2021-05-08 23:27 UTC (permalink / raw)
  To: 48304; +Cc: sebastian

* gnu/packages/xml.scm (expat-2.3.0): New variable.
(expat)[replacement]: Add it.
---
 gnu/packages/xml.scm | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 931698a575..d8472f5fa3 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -120,6 +120,7 @@ the entire document.")
   (package
     (name "expat")
     (version "2.2.9")
+    (replacement expat-2.3.0)
     (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
               (origin
                 (method url-fetch)
@@ -143,6 +144,23 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+(define-public expat-2.3.0
+  (package
+    (inherit expat)
+    (version "2.3.0")
+    (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
+              (origin
+                (method url-fetch)
+                (uri (list (string-append "mirror://sourceforge/expat/expat/"
+                                          version "/expat-" version ".tar.xz")
+                           (string-append
+                            "https://github.com/libexpat/libexpat/releases/download/R_"
+                            (string-map dot->underscore version)
+                            "/expat-" version ".tar.xz")))
+                (sha256
+                 (base32
+                  "1ab7fkab4wbj53xqsx2a4h5m310ak9abczjh0a2ymg73nsclz8ya")))))))
+
 (define-public libebml
   (package
     (name "libebml")
-- 
2.31.1





^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [bug#48304] [PATCH] gnu: expat: Update via graft.
  2021-05-08 23:27 [bug#48304] [PATCH] gnu: expat: Update via graft Leo Prikler
@ 2021-05-09 14:05 ` Leo Famulari
  2021-05-09 14:27   ` Maxime Devos
  0 siblings, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2021-05-09 14:05 UTC (permalink / raw)
  To: Leo Prikler; +Cc: 48304

On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> * gnu/packages/xml.scm (expat-2.3.0): New variable.
> (expat)[replacement]: Add it.

Nitpick: It should be

(expat)[replacement]: New field.

Otherwise, looks okay assuming ABI compatibility, but we only use grafts
for security updates.




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#48304] [PATCH] gnu: expat: Update via graft.
  2021-05-09 14:05 ` Leo Famulari
@ 2021-05-09 14:27   ` Maxime Devos
  2021-05-09 14:32     ` Leo Famulari
  2021-05-09 14:37     ` Leo Prikler
  0 siblings, 2 replies; 8+ messages in thread
From: Maxime Devos @ 2021-05-09 14:27 UTC (permalink / raw)
  To: Leo Famulari, Leo Prikler; +Cc: 48304

[-- Attachment #1: Type: text/plain, Size: 484 bytes --]

Leo Famulari schreef op zo 09-05-2021 om 10:05 [-0400]:
> On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> > * gnu/packages/xml.scm (expat-2.3.0): New variable.
> > (expat)[replacement]: Add it.
> 
> Nitpick: It should be
> 
> (expat)[replacement]: New field.
> 
> Otherwise, looks okay assuming ABI compatibility, but we only use grafts
> for security updates.

The maintainer of expat will release a 2.4.0 with security fixes soon.

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#48304] [PATCH] gnu: expat: Update via graft.
  2021-05-09 14:27   ` Maxime Devos
@ 2021-05-09 14:32     ` Leo Famulari
  2021-05-09 14:37     ` Leo Prikler
  1 sibling, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2021-05-09 14:32 UTC (permalink / raw)
  To: Maxime Devos; +Cc: Leo Prikler, 48304

[-- Attachment #1: Type: text/plain, Size: 694 bytes --]

On Sun, May 09, 2021 at 04:27:20PM +0200, Maxime Devos wrote:
> Leo Famulari schreef op zo 09-05-2021 om 10:05 [-0400]:
> > On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> > > * gnu/packages/xml.scm (expat-2.3.0): New variable.
> > > (expat)[replacement]: Add it.
> > 
> > Nitpick: It should be
> > 
> > (expat)[replacement]: New field.
> > 
> > Otherwise, looks okay assuming ABI compatibility, but we only use grafts
> > for security updates.
> 
> The maintainer of expat will release a 2.4.0 with security fixes soon.

Yes, I know :) I think we all received the same private email.

We can test the graft with 2.3.0 but wait until 2.4.0 to actually use
it.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#48304] [PATCH] gnu: expat: Update via graft.
  2021-05-09 14:27   ` Maxime Devos
  2021-05-09 14:32     ` Leo Famulari
@ 2021-05-09 14:37     ` Leo Prikler
  2021-05-09 15:22       ` Leo Famulari
  1 sibling, 1 reply; 8+ messages in thread
From: Leo Prikler @ 2021-05-09 14:37 UTC (permalink / raw)
  To: Maxime Devos, Leo Famulari; +Cc: 48304

Am Sonntag, den 09.05.2021, 16:27 +0200 schrieb Maxime Devos:
> Leo Famulari schreef op zo 09-05-2021 om 10:05 [-0400]:
> > On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> > > * gnu/packages/xml.scm (expat-2.3.0): New variable.
> > > (expat)[replacement]: Add it.
> > 
> > Nitpick: It should be
> > 
> > (expat)[replacement]: New field.
> > 
> > Otherwise, looks okay assuming ABI compatibility, but we only use
> > grafts
> > for security updates.
> 
> The maintainer of expat will release a 2.4.0 with security fixes
> soon.
> 
> Greetings,
> Maxime.
Indeed, the mail they dropped over at guix-devel made it seem as though
not being on 2.3.0 was a security risk already.  The ChangeLog does
mention some items worth fuzzing over.

That said, I simply wanted to claim a bug ID for this and let people
check whether the update really breaks nothing.  The list of dependants
is far too big for me to handle.

Regards,
Leo





^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#48304] [PATCH] gnu: expat: Update via graft.
  2021-05-09 14:37     ` Leo Prikler
@ 2021-05-09 15:22       ` Leo Famulari
  2021-05-23 15:33         ` Marius Bakke
  0 siblings, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2021-05-09 15:22 UTC (permalink / raw)
  To: Leo Prikler; +Cc: 48304, Maxime Devos

On Sun, May 09, 2021 at 04:37:39PM +0200, Leo Prikler wrote:
> Indeed, the mail they dropped over at guix-devel made it seem as though
> not being on 2.3.0 was a security risk already.  The ChangeLog does
> mention some items worth fuzzing over.

In general, all updates are security updates. But we shouldn't / can't
update all core packages with grafts just because. Grafting is a kludge
that doesn't always work as expected (and the problems are hidden), and
it has a high I/O performance cost.

So, let's wait for a security advisory.




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#48304] [PATCH] gnu: expat: Update via graft.
  2021-05-09 15:22       ` Leo Famulari
@ 2021-05-23 15:33         ` Marius Bakke
  2021-06-03  3:17           ` bug#48304: " Leo Famulari
  0 siblings, 1 reply; 8+ messages in thread
From: Marius Bakke @ 2021-05-23 15:33 UTC (permalink / raw)
  To: Leo Famulari, Leo Prikler; +Cc: Maxime Devos, 48304

[-- Attachment #1: Type: text/plain, Size: 795 bytes --]

merge 48304 48612
thanks

Leo Famulari <leo@famulari.name> skriver:

> On Sun, May 09, 2021 at 04:37:39PM +0200, Leo Prikler wrote:
>> Indeed, the mail they dropped over at guix-devel made it seem as though
>> not being on 2.3.0 was a security risk already.  The ChangeLog does
>> mention some items worth fuzzing over.
>
> In general, all updates are security updates. But we shouldn't / can't
> update all core packages with grafts just because. Grafting is a kludge
> that doesn't always work as expected (and the problems are hidden), and
> it has a high I/O performance cost.
>
> So, let's wait for a security advisory.

I opened a similar discussion about the security fix in Expat 2.4.0
recently and am merging with this issue (which I had not seen):

  https://issues.guix.gnu.org/48612

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#48304: [PATCH] gnu: expat: Update via graft.
  2021-05-23 15:33         ` Marius Bakke
@ 2021-06-03  3:17           ` Leo Famulari
  0 siblings, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2021-06-03  3:17 UTC (permalink / raw)
  To: Marius Bakke; +Cc: Maxime Devos, Leo Prikler, 48304-done

[-- Attachment #1: Type: text/plain, Size: 224 bytes --]

On Sun, May 23, 2021 at 05:33:05PM +0200, Marius Bakke wrote:
> merge 48304 48612

The merge didn't work (one bug was for 'guix', and one for
'guix-patches'), but I pushed a graft as
6d71f6a73cd27d61d3302b9658893428af6314d2

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2021-06-03  3:18 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-08 23:27 [bug#48304] [PATCH] gnu: expat: Update via graft Leo Prikler
2021-05-09 14:05 ` Leo Famulari
2021-05-09 14:27   ` Maxime Devos
2021-05-09 14:32     ` Leo Famulari
2021-05-09 14:37     ` Leo Prikler
2021-05-09 15:22       ` Leo Famulari
2021-05-23 15:33         ` Marius Bakke
2021-06-03  3:17           ` bug#48304: " Leo Famulari

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.