From: Maxime Devos <maximedevos@telenet.be>
To: guix-devel@gnu.org, sebastian@pipping.org
Subject: Re: Expat 2.3.0 has been released
Date: Sun, 09 May 2021 11:12:11 +0200 [thread overview]
Message-ID: <565eaa11163d5bc416387217ca8c6d6718608246.camel@telenet.be> (raw)
In-Reply-To: <20afb227-5e89-e416-4ca4-12bd0ac98a29@pipping.org>
[-- Attachment #1.1: Type: text/plain, Size: 925 bytes --]
Sebastian Pipping schreef op za 08-05-2021 om 18:00 [+0200]:
> Hello everyone,
>
>
> just a quick heads up that there will be a new release of libexpat with
> security fix in a few weeks. Unless I looked in the wrong place, I
> noticed that your distro has not updated to libexpat 2.3.0 as of today.
Correct
> > If you ran into any issues with packaging 2.3.0, please let me know now
> so that I can fix things upstream for you and everyone while there is
> still a window before next releases to do so. Thank you!
According to "guix refresh -l", simply updating expat would entail rebuilding 6031
packages. This can be avoided is v2.4.0 is binary compatible with v2.2.9.
Is this the case? If this is not the case, we
will have to cherry-pick the
security fixes.
I have attached a patch adding a graft for expat, updating from v2.2.9 to
v2.3.0, but it needs some testing.
Greetings,
Maxime.
[-- Attachment #1.2: 0001-gnu-expat-Add-graft-for-2.3.0-security-fixes.patch --]
[-- Type: text/x-patch, Size: 3382 bytes --]
From f87aa1ef0ecfcda27c798ecfd140ce3b33218ddc Mon Sep 17 00:00:00 2001
From: Maxime Devos <maximedevos@telenet.be>
Date: Sun, 9 May 2021 11:05:14 +0200
Subject: [PATCH] gnu: expat: Add graft for 2.3.0 [security fixes]
There will be security fixes in the upcoming 2.4.0 release.
For now, upgrade to 2.3.0. As this would cause 6031 rebuilds,
use the grafting mechanism.
* gnu/packages/xml.scm
(expat-uris): New procedure.
(expat)[source]<uri>: Use new procedure.
(expat)[replacement]: Add graft for 2.3.0.
(expat/fixed): New package.
---
gnu/packages/xml.scm | 43 +++++++++++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 04cb09779b..4412660ae0 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -31,6 +31,7 @@
;;; Copyright © 2021 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2021 Felix Gruber <felgru@posteo.net>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
+;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -116,22 +117,27 @@ the entire document.")
(home-page "https://github.com/hughsie/libxmlb")
(license license:lgpl2.1+)))
+(define (expat-uris version)
+ (define (dot->underscore c)
+ (if (char=? #\. c) #\_ c))
+ (list (string-append "mirror://sourceforge/expat/expat/"
+ version "/expat-" version ".tar.xz")
+ (string-append
+ "https://github.com/libexpat/libexpat/releases/download/R_"
+ (string-map dot->underscore version)
+ "/expat-" version ".tar.xz")))
+
(define-public expat
(package
(name "expat")
(version "2.2.9")
- (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
- (origin
- (method url-fetch)
- (uri (list (string-append "mirror://sourceforge/expat/expat/"
- version "/expat-" version ".tar.xz")
- (string-append
- "https://github.com/libexpat/libexpat/releases/download/R_"
- (string-map dot->underscore version)
- "/expat-" version ".tar.xz")))
- (sha256
- (base32
- "1960mmgbb4cm64n1p0nz3hrs1pw03hkrfcw8prmnn4622mdrd9hy")))))
+ (source (origin
+ (method url-fetch)
+ (uri (expat-uris version))
+ (sha256
+ (base32
+ "1960mmgbb4cm64n1p0nz3hrs1pw03hkrfcw8prmnn4622mdrd9hy"))))
+ (replacement expat/fixed)
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--disable-static")))
@@ -143,6 +149,19 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
+;; There will be a new release with security fixes soon.
+(define-public expat/fixed
+ (package
+ (inherit expat)
+ (version "2.3.0")
+ (source
+ (origin
+ (inherit (package-source expat))
+ (uri (expat-uris version))
+ (sha256
+ (base32
+ "1ab7fkab4wbj53xqsx2a4h5m310ak9abczjh0a2ymg73nsclz8ya"))))))
+
(define-public libebml
(package
(name "libebml")
--
2.31.1
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
next prev parent reply other threads:[~2021-05-09 9:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-25 20:27 Expat 2.3.0 has been released Sebastian Pipping
2021-05-08 16:00 ` Sebastian Pipping
2021-05-09 9:12 ` Maxime Devos [this message]
2021-05-09 9:17 ` Maxime Devos
2021-05-09 12:53 ` Sebastian Pipping
2021-05-09 14:07 ` Leo Famulari
2021-05-09 14:23 ` Sebastian Pipping
2021-05-09 14:32 ` Leo Famulari
2021-05-09 14:25 ` Maxime Devos
2021-05-09 22:07 ` Marius Bakke
2021-05-09 22:23 ` Sebastian Pipping
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565eaa11163d5bc416387217ca8c6d6718608246.camel@telenet.be \
--to=maximedevos@telenet.be \
--cc=guix-devel@gnu.org \
--cc=sebastian@pipping.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.