GNU bug report logs -
#53335
[PATCH] gnu: expat: Add replacement for [security fixes].
Previous Next
Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>
Date: Tue, 18 Jan 2022 03:10:03 UTC
Severity: normal
Tags: patch
Done: Tobias Geerinckx-Rice <me <at> tobias.gr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 53335 in the body.
You can then email your comments to 53335 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#53335; Package
guix-patches.
(Tue, 18 Jan 2022 03:10:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Tobias Geerinckx-Rice <me <at> tobias.gr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 18 Jan 2022 03:10:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2021-45960, CVE-2021-46143, and CVE-2022-22822…22827.
* gnu/packages/xml.scm (expat/fixed): New variable.
(expat)[replacement]: Use it.
---
gnu/packages/xml.scm | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index b89115a051..771c577618 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -119,6 +119,7 @@ (define-public expat
(package
(name "expat")
(version "2.4.1")
+ (replacement expat/fixed)
(source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
(origin
(method url-fetch)
@@ -154,6 +155,23 @@ (define-public expat
things the parser might find in the XML document (like start tags).")
(license license:expat)))
+(define expat/fixed
+ (package
+ (inherit expat)
+ (version "2.4.3")
+ (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "mirror://sourceforge/expat/expat/"
+ version "/expat-" version ".tar.xz")
+ (string-append
+ "https://github.com/libexpat/libexpat/releases/download/R_"
+ (string-map dot->underscore version)
+ "/expat-" version ".tar.xz")))
+ (sha256
+ (base32
+ "12kp4h40cpyqqpjqaldag0xq4ig1ljzpkzy9i2marc7blnqz3ydi")))))))
+
(define-public libebml
(package
(name "libebml")
--
2.34.0
Reply sent
to
Tobias Geerinckx-Rice <me <at> tobias.gr>:
You have taken responsibility.
(Wed, 19 Jan 2022 18:16:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Tobias Geerinckx-Rice <me <at> tobias.gr>:
bug acknowledged by developer.
(Wed, 19 Jan 2022 18:16:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 53335-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Pushed as 2045852b096131a714409aa0cc4fe17938f60b15.
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 17 Feb 2022 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 59 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.