From f87aa1ef0ecfcda27c798ecfd140ce3b33218ddc Mon Sep 17 00:00:00 2001
From: Maxime Devos <maximedevos@telenet.be>
Date: Sun, 9 May 2021 11:05:14 +0200
Subject: [PATCH] gnu: expat: Add graft for 2.3.0 [security fixes]

There will be security fixes in the upcoming 2.4.0 release.
For now, upgrade to 2.3.0. As this would cause 6031 rebuilds,
use the grafting mechanism.

* gnu/packages/xml.scm
  (expat-uris): New procedure.
  (expat)[source]<uri>: Use new procedure.
  (expat)[replacement]: Add graft for 2.3.0.
  (expat/fixed): New package.
---
 gnu/packages/xml.scm | 43 +++++++++++++++++++++++++++++++------------
 1 file changed, 31 insertions(+), 12 deletions(-)

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 04cb09779b..4412660ae0 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -31,6 +31,7 @@
 ;;; Copyright © 2021 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2021 Felix Gruber <felgru@posteo.net>
 ;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
+;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -116,22 +117,27 @@ the entire document.")
     (home-page "https://github.com/hughsie/libxmlb")
     (license license:lgpl2.1+)))
 
+(define (expat-uris version)
+  (define (dot->underscore c)
+    (if (char=? #\. c) #\_ c))
+  (list (string-append "mirror://sourceforge/expat/expat/"
+                       version "/expat-" version ".tar.xz")
+        (string-append
+         "https://github.com/libexpat/libexpat/releases/download/R_"
+         (string-map dot->underscore version)
+         "/expat-" version ".tar.xz")))
+
 (define-public expat
   (package
     (name "expat")
     (version "2.2.9")
-    (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
-              (origin
-                (method url-fetch)
-                (uri (list (string-append "mirror://sourceforge/expat/expat/"
-                                          version "/expat-" version ".tar.xz")
-                           (string-append
-                            "https://github.com/libexpat/libexpat/releases/download/R_"
-                            (string-map dot->underscore version)
-                            "/expat-" version ".tar.xz")))
-                (sha256
-                 (base32
-                  "1960mmgbb4cm64n1p0nz3hrs1pw03hkrfcw8prmnn4622mdrd9hy")))))
+    (source (origin
+              (method url-fetch)
+              (uri (expat-uris version))
+              (sha256
+               (base32
+                "1960mmgbb4cm64n1p0nz3hrs1pw03hkrfcw8prmnn4622mdrd9hy"))))
+    (replacement expat/fixed)
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--disable-static")))
@@ -143,6 +149,19 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+;; There will be a new release with security fixes soon.
+(define-public expat/fixed
+  (package
+    (inherit expat)
+    (version "2.3.0")
+    (source
+     (origin
+       (inherit (package-source expat))
+       (uri (expat-uris version))
+       (sha256
+        (base32
+         "1ab7fkab4wbj53xqsx2a4h5m310ak9abczjh0a2ymg73nsclz8ya"))))))
+
 (define-public libebml
   (package
     (name "libebml")
-- 
2.31.1