* [bug#48304] [PATCH] gnu: expat: Update via graft.
@ 2021-05-08 23:27 Leo Prikler
2021-05-09 14:05 ` Leo Famulari
0 siblings, 1 reply; 8+ messages in thread
From: Leo Prikler @ 2021-05-08 23:27 UTC (permalink / raw)
To: 48304; +Cc: sebastian
* gnu/packages/xml.scm (expat-2.3.0): New variable.
(expat)[replacement]: Add it.
---
gnu/packages/xml.scm | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 931698a575..d8472f5fa3 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -120,6 +120,7 @@ the entire document.")
(package
(name "expat")
(version "2.2.9")
+ (replacement expat-2.3.0)
(source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
(origin
(method url-fetch)
@@ -143,6 +144,23 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
+(define-public expat-2.3.0
+ (package
+ (inherit expat)
+ (version "2.3.0")
+ (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "mirror://sourceforge/expat/expat/"
+ version "/expat-" version ".tar.xz")
+ (string-append
+ "https://github.com/libexpat/libexpat/releases/download/R_"
+ (string-map dot->underscore version)
+ "/expat-" version ".tar.xz")))
+ (sha256
+ (base32
+ "1ab7fkab4wbj53xqsx2a4h5m310ak9abczjh0a2ymg73nsclz8ya")))))))
+
(define-public libebml
(package
(name "libebml")
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#48304] [PATCH] gnu: expat: Update via graft.
2021-05-08 23:27 [bug#48304] [PATCH] gnu: expat: Update via graft Leo Prikler
@ 2021-05-09 14:05 ` Leo Famulari
2021-05-09 14:27 ` Maxime Devos
0 siblings, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2021-05-09 14:05 UTC (permalink / raw)
To: Leo Prikler; +Cc: 48304
On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> * gnu/packages/xml.scm (expat-2.3.0): New variable.
> (expat)[replacement]: Add it.
Nitpick: It should be
(expat)[replacement]: New field.
Otherwise, looks okay assuming ABI compatibility, but we only use grafts
for security updates.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#48304] [PATCH] gnu: expat: Update via graft.
2021-05-09 14:05 ` Leo Famulari
@ 2021-05-09 14:27 ` Maxime Devos
2021-05-09 14:32 ` Leo Famulari
2021-05-09 14:37 ` Leo Prikler
0 siblings, 2 replies; 8+ messages in thread
From: Maxime Devos @ 2021-05-09 14:27 UTC (permalink / raw)
To: Leo Famulari, Leo Prikler; +Cc: 48304
[-- Attachment #1: Type: text/plain, Size: 484 bytes --]
Leo Famulari schreef op zo 09-05-2021 om 10:05 [-0400]:
> On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> > * gnu/packages/xml.scm (expat-2.3.0): New variable.
> > (expat)[replacement]: Add it.
>
> Nitpick: It should be
>
> (expat)[replacement]: New field.
>
> Otherwise, looks okay assuming ABI compatibility, but we only use grafts
> for security updates.
The maintainer of expat will release a 2.4.0 with security fixes soon.
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#48304] [PATCH] gnu: expat: Update via graft.
2021-05-09 14:27 ` Maxime Devos
@ 2021-05-09 14:32 ` Leo Famulari
2021-05-09 14:37 ` Leo Prikler
1 sibling, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2021-05-09 14:32 UTC (permalink / raw)
To: Maxime Devos; +Cc: Leo Prikler, 48304
[-- Attachment #1: Type: text/plain, Size: 694 bytes --]
On Sun, May 09, 2021 at 04:27:20PM +0200, Maxime Devos wrote:
> Leo Famulari schreef op zo 09-05-2021 om 10:05 [-0400]:
> > On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> > > * gnu/packages/xml.scm (expat-2.3.0): New variable.
> > > (expat)[replacement]: Add it.
> >
> > Nitpick: It should be
> >
> > (expat)[replacement]: New field.
> >
> > Otherwise, looks okay assuming ABI compatibility, but we only use grafts
> > for security updates.
>
> The maintainer of expat will release a 2.4.0 with security fixes soon.
Yes, I know :) I think we all received the same private email.
We can test the graft with 2.3.0 but wait until 2.4.0 to actually use
it.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#48304] [PATCH] gnu: expat: Update via graft.
2021-05-09 14:27 ` Maxime Devos
2021-05-09 14:32 ` Leo Famulari
@ 2021-05-09 14:37 ` Leo Prikler
2021-05-09 15:22 ` Leo Famulari
1 sibling, 1 reply; 8+ messages in thread
From: Leo Prikler @ 2021-05-09 14:37 UTC (permalink / raw)
To: Maxime Devos, Leo Famulari; +Cc: 48304
Am Sonntag, den 09.05.2021, 16:27 +0200 schrieb Maxime Devos:
> Leo Famulari schreef op zo 09-05-2021 om 10:05 [-0400]:
> > On Sun, May 09, 2021 at 01:27:29AM +0200, Leo Prikler wrote:
> > > * gnu/packages/xml.scm (expat-2.3.0): New variable.
> > > (expat)[replacement]: Add it.
> >
> > Nitpick: It should be
> >
> > (expat)[replacement]: New field.
> >
> > Otherwise, looks okay assuming ABI compatibility, but we only use
> > grafts
> > for security updates.
>
> The maintainer of expat will release a 2.4.0 with security fixes
> soon.
>
> Greetings,
> Maxime.
Indeed, the mail they dropped over at guix-devel made it seem as though
not being on 2.3.0 was a security risk already. The ChangeLog does
mention some items worth fuzzing over.
That said, I simply wanted to claim a bug ID for this and let people
check whether the update really breaks nothing. The list of dependants
is far too big for me to handle.
Regards,
Leo
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#48304] [PATCH] gnu: expat: Update via graft.
2021-05-09 14:37 ` Leo Prikler
@ 2021-05-09 15:22 ` Leo Famulari
2021-05-23 15:33 ` Marius Bakke
0 siblings, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2021-05-09 15:22 UTC (permalink / raw)
To: Leo Prikler; +Cc: 48304, Maxime Devos
On Sun, May 09, 2021 at 04:37:39PM +0200, Leo Prikler wrote:
> Indeed, the mail they dropped over at guix-devel made it seem as though
> not being on 2.3.0 was a security risk already. The ChangeLog does
> mention some items worth fuzzing over.
In general, all updates are security updates. But we shouldn't / can't
update all core packages with grafts just because. Grafting is a kludge
that doesn't always work as expected (and the problems are hidden), and
it has a high I/O performance cost.
So, let's wait for a security advisory.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#48304] [PATCH] gnu: expat: Update via graft.
2021-05-09 15:22 ` Leo Famulari
@ 2021-05-23 15:33 ` Marius Bakke
2021-06-03 3:17 ` bug#48304: " Leo Famulari
0 siblings, 1 reply; 8+ messages in thread
From: Marius Bakke @ 2021-05-23 15:33 UTC (permalink / raw)
To: Leo Famulari, Leo Prikler; +Cc: Maxime Devos, 48304
[-- Attachment #1: Type: text/plain, Size: 795 bytes --]
merge 48304 48612
thanks
Leo Famulari <leo@famulari.name> skriver:
> On Sun, May 09, 2021 at 04:37:39PM +0200, Leo Prikler wrote:
>> Indeed, the mail they dropped over at guix-devel made it seem as though
>> not being on 2.3.0 was a security risk already. The ChangeLog does
>> mention some items worth fuzzing over.
>
> In general, all updates are security updates. But we shouldn't / can't
> update all core packages with grafts just because. Grafting is a kludge
> that doesn't always work as expected (and the problems are hidden), and
> it has a high I/O performance cost.
>
> So, let's wait for a security advisory.
I opened a similar discussion about the security fix in Expat 2.4.0
recently and am merging with this issue (which I had not seen):
https://issues.guix.gnu.org/48612
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* bug#48304: [PATCH] gnu: expat: Update via graft.
2021-05-23 15:33 ` Marius Bakke
@ 2021-06-03 3:17 ` Leo Famulari
0 siblings, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2021-06-03 3:17 UTC (permalink / raw)
To: Marius Bakke; +Cc: Maxime Devos, Leo Prikler, 48304-done
[-- Attachment #1: Type: text/plain, Size: 224 bytes --]
On Sun, May 23, 2021 at 05:33:05PM +0200, Marius Bakke wrote:
> merge 48304 48612
The merge didn't work (one bug was for 'guix', and one for
'guix-patches'), but I pushed a graft as
6d71f6a73cd27d61d3302b9658893428af6314d2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-06-03 3:18 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-08 23:27 [bug#48304] [PATCH] gnu: expat: Update via graft Leo Prikler
2021-05-09 14:05 ` Leo Famulari
2021-05-09 14:27 ` Maxime Devos
2021-05-09 14:32 ` Leo Famulari
2021-05-09 14:37 ` Leo Prikler
2021-05-09 15:22 ` Leo Famulari
2021-05-23 15:33 ` Marius Bakke
2021-06-03 3:17 ` bug#48304: " Leo Famulari
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.