From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id eOrrMylQ+2IUXgEAbAwnHQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 16 Aug 2022 10:07:05 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id wNWuMylQ+2IvzAAAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 16 Aug 2022 10:07:05 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 928C31212A
	for <larch@yhetil.org>; Tue, 16 Aug 2022 10:07:05 +0200 (CEST)
Received: from localhost ([::1]:43140 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1oNrbG-00048H-FV
	for larch@yhetil.org; Tue, 16 Aug 2022 04:07:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44090)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>) id 1oNrMh-0002Ev-Bz
 for guix-devel@gnu.org; Tue, 16 Aug 2022 03:51:56 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:50520)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>)
 id 1oNrMg-000762-9Z; Tue, 16 Aug 2022 03:51:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=ekww4FGRK1Ujl6oJEh/iv8fw7uEHNfDDcgGUgBO6LwM=; b=mxwj5XwSi9M72Nv0nXoj
 RV2+CrvEnKMIsUScqoa019aOhMYsutmju6iYLBVCjfhSWgTgLGwIrSiH97cHSJzguDypKcxsSN5gZ
 UtwO1eBIqOKe1YMTnMU2Yxoh88gq8IktpSK8fJv3m/JXr9DId9zOHZ+wbqQgu1ZD5NflmI2amLYSQ
 w3o1M76hEUFCKtM02k8Ev5zZpEYEipHVkWR83ERdVBH3lozu8S4wZlswABU+nr3j9BJfGEr2lEJ7E
 ImllHl2ugEp9W8UzRsBaX6eZoQOUIRa0H9bg2635SxjI2pVCap6Bj5mFYotWJr7wV2EWd9hyRpMCo
 o8RXUXj12JHIrA==;
Received: from [84.214.173.6] (port=40846 helo=localhost)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>)
 id 1oNrMe-0001e3-4l; Tue, 16 Aug 2022 03:51:53 -0400
From: Marius Bakke <marius@gnu.org>
To: Danny Milosavljevic <dannym@scratchpost.org>, Mathieu Othacehe
 <othacehe@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: branch master updated: gnu: python-lxml: Update to 4.6.5.
In-Reply-To: <20220816013639.37e0a562@scratchpost.org>
References: <166056773034.6462.13614226574276489780@vcs2.savannah.gnu.org>
 <878rnpd1q4.fsf@gnu.org> <20220816013639.37e0a562@scratchpost.org>
Date: Tue, 16 Aug 2022 09:51:48 +0200
Message-ID: <87ilmshbhn.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1660637225;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=ekww4FGRK1Ujl6oJEh/iv8fw7uEHNfDDcgGUgBO6LwM=;
	b=JAeoPxp3zUomXZXnsixVE3oN0YzCue/6C8bFas3L5BV34bOzPwY6LjHsCze5RFmMF9J08E
	ECKk/BfywpP1CuTFnPxfT7QxWpwU3dxe2QEMkQGZFb/VG8M4V6oHZBxM+3bUP2iZnpXqbQ
	377WRJYV0ljnfriA72pvhIot0Mq+jTLgB5Mp1QRGxBv/B62jdBv1thj1Lehudu3V4dELbf
	5NxSchyyRbHuRayimEOsOu3lGboXoGOiu052/p7m+DYCt4MQnPRf5PD0QilqP8X/9EsVyu
	T+lqPle+AznWCjEub4Ypw8mi0oMbn7Yw6USTUO84/yedgO4PjBjPndtUdPLBCA==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660637225; a=rsa-sha256; cv=none;
	b=pU3jZe9pTm9+YmhqYBQ4lmaTS6ts6qFW4UvZ8007g6ZWXh3GhrDkQXYKdp9sZkjIQW8Niu
	y/Atxno+XRD+KagbKO2BZ0+t0P3EumV0IWfm1TqiT5V7UPTML43/7h8B0zzMdtcH/kAM5G
	aaz6hALhSjqQpsFapKwWA+ZJ96ar4i/1Xn9SoHeAhVP2q+rteq7wzld/IVdSnIxXi/cYcW
	irMXhCrC1RPIYzb4NS3FK/vw8ei+wJzGbEmpdboHCuVtF4CS0Wk6XFZM9h0tGR2t2tjUfA
	wr7BPpmAKsb8YYCaXRZi1ToYCYk52n9vFhvJh9vHhadwAtTxAxCw8yrVM1PMhg==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=mxwj5XwS;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -6.66
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=mxwj5XwS;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 928C31212A
X-Spam-Score: -6.66
X-Migadu-Scanner: scn1.migadu.com
X-TUID: qXtY+PYFKeFq

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Danny Milosavljevic <dannym@scratchpost.org> skriver:

> Hi Mathieu,
>
> On Mon, 15 Aug 2022 16:24:03 +0200
> Mathieu Othacehe <othacehe@gnu.org> wrote:
>
>> >     * gnu/packages/xml.scm (python-lxml): Update to 4.6.5.=20=20
>>=20
>> I had to revert it as it caused >15k rebuilds. I also cancelled all the
>> triggered builds in the CI.
>
> Thanks for doing it!
>
> But guix refresh -l python-lxml reported one package O_o
>
> Now I see that python-lxml-4.7 shadows it.
>
> Note: This would have fixed two CVEs, CVE-2021-43818 and CVE-2021-43818.

Can you add a "graft" for this version instead of updating in-place?


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIUEARYKAC0WIQRNTknu3zbaMQ2ddzTocYulkRQQdwUCYvtMlA8cbWFyaXVzQGdu
dS5vcmcACgkQ6HGLpZEUEHdQqAD9F/tfaeTuGnsAdSs4ld/6y6/YOTA9z8FxyerA
NP2PilUBAJ1WVcHsbC1K50d7TQfYag9a3Cmu0GlVqqG9rLs4GBcB
=iYhg
-----END PGP SIGNATURE-----
--=-=-=--