From unknown Sun Jun 22 07:40:28 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#32957: Python uses a bundled expat
Resent-From: Marius Bakke <mbakke@fastmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Sat, 06 Oct 2018 14:59:01 +0000
Resent-Message-ID: <handler.32957.B.153883791320448@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 32957
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 32957@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.153883791320448
          (code B ref -1); Sat, 06 Oct 2018 14:59:01 +0000
Received: (at submit) by debbugs.gnu.org; 6 Oct 2018 14:58:33 +0000
Received: from localhost ([127.0.0.1]:38755 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1g8o2L-0005Jj-I6
	for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:33 -0400
Received: from eggs.gnu.org ([208.118.235.92]:39926)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1g8o2J-0005JU-2o
 for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1g8o2C-0002AP-UO
 for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:25 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:49636)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1g8o2C-00029Y-5B
 for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:24 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49510)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1g8o2B-0007uJ-Fv
 for bug-guix@gnu.org; Sat, 06 Oct 2018 10:58:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1g8o27-00026X-4s
 for bug-guix@gnu.org; Sat, 06 Oct 2018 10:58:22 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:56795)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1g8o26-00024z-0J
 for bug-guix@gnu.org; Sat, 06 Oct 2018 10:58:18 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id E01D821175
 for <bug-guix@gnu.org>; Sat,  6 Oct 2018 10:58:15 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Sat, 06 Oct 2018 10:58:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 from:to:subject:date:message-id:mime-version:content-type; s=
 fm1; bh=ZqEcX46pMlbNfVJhtip8n7/q2hqLWq9pbQPHYTZMfpw=; b=BGeoMd6z
 EMF91dhURrb/xFxFRikDxJwqCNpuS8E0MT6dUS4h3DkEGzDx1HvTMsFTQK5FW3zh
 HFQBTcKpbE9mXbWQoJTwrMaOIHBgRbdJfbnjt6Pe8MakNIzx8oAo59TOw01hZFw6
 NUelrlOj/0I/vCB8ft4/LA9eXYg+Xrnt/PuI9rtqSY4tMtAaf3lGGEkF+7N0IgQT
 1nSaZuDduvWyVJ11FB6fGuX4vWW7nBlq2aMvEzwN3BEdukCZ1VUbPFcI37bhRkP9
 /ZID4/E2Txwb35xsYY4Ss7AEsRxug18U28tIpzplG1G9frkc5rnMei2GXqzFSprH
 6dt7GEx5gVZGmg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; bh=ZqEcX46pMlbNfVJhtip8n7/q2hqLW
 q9pbQPHYTZMfpw=; b=atjxAuC2KRAFgRcFV+dbV7wSacdJ9xvPPerxQ7xmTyygW
 6wW+u5xZVjaFFzAsH0TmP5mk8yXAElhlhQFyBfhd1nBk7gv7K8PojP6EmBbwL3VM
 c0nI2DvnPwj+Ga1gRAFnr6hhWx/RnbsYPip+qn3peYFIKfuWDg8X6xR2PQupbO/z
 0cKVL1mvOHEhrlEL0xHdw5TsZOs87oVG5TVP0vSWEJcudLTwuHc2uurZ8R4GD9Xk
 ga7gFpUEjJ3JfsAR/x41+mu2BdDwiehJ5zg+kPO2VbFxoG/fJTIH0c7rdPEUFT1l
 0R0Ky7QWhqCUJibgIo6RYZCacCjLHR1MfkmeT4NBw==
X-ME-Sender: <xms:h824W4w2g-r11IMHuaz0zI1UOR5k7vJXabceA1HWawnX5hovLZFaTA>
X-ME-Proxy: <xmx:h824W0B0oIDakyVrWkx1CFfqQiICictDZufswx3MLeB7AU_LHmstXQ>
 <xmx:h824Ww9OA8tzLs_wxFbXK22UjSeItyosrz42pZ_X9PmRU9-MFtCzeQ>
 <xmx:h824W4DkhoE4fh53Je2B670CKOD-HGtj9Lj3MnDTnHx45EnYCMm3Wg>
 <xmx:h824W88EAzJr8t1qQxkEVhXHt1XrAIMnhyZHc4bhJClNeeTeUoq-Rw>
 <xmx:h824W7zLExKDHd8fN6Fue4aBp8CokA_druD_du4jh9p7cz5Oa9zmAg>
 <xmx:h824W1YksQ6YAxGFHqPtOjgU-HcgetAwIkEwJb01PYtzTjux5QoXVg>
Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140])
 by mail.messagingengine.com (Postfix) with ESMTPA id 449AA102E8
 for <bug-guix@gnu.org>; Sat,  6 Oct 2018 10:58:15 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
User-Agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1
 (x86_64-pc-linux-gnu)
Date: Sat, 06 Oct 2018 16:58:13 +0200
Message-ID: <87o9c7i0l6.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.3 (----)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.3 (-----)

--=-=-=
Content-Type: text/plain

Python 2 and 3 are using a bundled Expat (residing under Modules/).

This has been the cause of security vulnerabilities in the past and
should be changed to use Expat from Guix.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlu4zYUACgkQoqBt8qM6
VPo2UAgAzKQ8+SbMxzNFx4YEEOM/Mm0XKo+20DMBZHlqI+Gg0Q+9VVCNfwttbAzw
zdEYr5Zw5FEWIe30/97Dw0BdmaK+17rREcSrc6b4UZESgIPF9R1NHzcxwZWjRWj7
PuOI6pHdADHzraMN1afgyGg2jVVc8zPmLCimNcHUpJIvJH+kFVPauEetl/ONcC7G
mOtNL1d3pHmpSAgCEHQ+iC7KoPJDDJBM0aKLtDNTYK69VaOY8L3K2b/5DgHW+jCE
RcA6tlE37Cjen+L64fPmvlMqPSD5GT5nAwn5/PwPaXWJG6FaVW5FVo6OGdn/EKI7
5kHqiuLZm2yr/fBY7xWlOhqPajHEyg==
=dmT8
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 08 09:27:29 2018
Received: (at control) by debbugs.gnu.org; 8 Oct 2018 13:27:29 +0000
Received: from localhost ([127.0.0.1]:40010 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1g9VZH-0006s9-8k
	for submit@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:29 -0400
Received: from eggs.gnu.org ([208.118.235.92]:52276)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1g9VZG-0006rv-6f
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1g9VZ7-0003Re-7d
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:20 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34707)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1g9VZ6-0003RU-Vb
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:17 -0400
Received: from [193.50.110.78] (port=57028 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1g9VZ3-0001SF-Hs
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:16 -0400
Date: Mon, 08 Oct 2018 15:27:12 +0200
Message-Id: <87efd0zhzj.fsf@gnu.org>
To: control@debbugs.gnu.org
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: control message for bug #32957
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -6.0 (------)

tags 32957 security




From debbugs-submit-bounces@debbugs.gnu.org Mon Oct 08 09:27:31 2018
Received: (at control) by debbugs.gnu.org; 8 Oct 2018 13:27:31 +0000
Received: from localhost ([127.0.0.1]:40013 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1g9VZL-0006sS-9a
	for submit@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:31 -0400
Received: from eggs.gnu.org ([208.118.235.92]:52298)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1g9VZK-0006s1-4g
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1g9VZD-0003TT-6y
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:25 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34710)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1g9VZD-0003T6-1W
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:23 -0400
Received: from [193.50.110.78] (port=57030 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1g9VZC-0001aU-A3
 for control@debbugs.gnu.org; Mon, 08 Oct 2018 09:27:22 -0400
Date: Mon, 08 Oct 2018 15:27:18 +0200
Message-Id: <87d0skzhzd.fsf@gnu.org>
To: control@debbugs.gnu.org
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: control message for bug #32957
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -6.0 (------)

severity 32957 important




From unknown Sun Jun 22 07:40:28 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#32957: Python uses a bundled expat
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 10 Oct 2018 19:28:02 +0000
Resent-Message-ID: <handler.32957.B32957.15391996404890@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 32957
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: Marius Bakke <mbakke@fastmail.com>
Cc: 32957@debbugs.gnu.org
Received: via spool by 32957-submit@debbugs.gnu.org id=B32957.15391996404890
          (code B ref 32957); Wed, 10 Oct 2018 19:28:02 +0000
Received: (at 32957) by debbugs.gnu.org; 10 Oct 2018 19:27:20 +0000
Received: from localhost ([127.0.0.1]:43871 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1gAK8e-0001Go-AB
	for submit@debbugs.gnu.org; Wed, 10 Oct 2018 15:27:20 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:37235)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1gAK8c-0001Gg-NG
 for 32957@debbugs.gnu.org; Wed, 10 Oct 2018 15:27:18 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 8A59121D26;
 Wed, 10 Oct 2018 15:27:18 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Wed, 10 Oct 2018 15:27:18 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=7yafLitxo+EldNuMVPG0UPU0
 TsYxDCdIyKxtjIZrKCw=; b=besMsMWEfaPvAvV2vhU24easofQa0S0rldX6KiDD
 NveyYeLMFJd4PPgI7mrIh7AO9MMGCwC4SAr/nsC29GmHsVx4FaE9GttoDqZiFuc4
 JAITjrJg412CMJF2y2nXXZtwug/FFxKAnd9h6pnzHRGoh7ayuYxljxdJRA10tbug
 5io=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=7yafLi
 txo+EldNuMVPG0UPU0TsYxDCdIyKxtjIZrKCw=; b=qK/zyLYTz/OwJxFZQ6pzs+
 svJTkXvbyf35Ae4GA25lOHZOhPkHmYOHVgAmu5m3PQbLuc0PbNbJ6y9oVqA7eKSG
 uTbyEa/goiIf57QKgrvPHzN0JQED+TxXS9h4f9zNkQFl4zUGtV0l+EW7P8ZhE+pJ
 KsSal40rpFRZFBd4nrVN5R1dWF9NGgtpS9HCQzQFYNXJuvVS/J2E73xDxe3dmtGs
 YCN94TBajbW4BtCzXGePdjb/i5HxijlUfkP1G3pcyGhIYm0h3jBQcwExnnaTi6V1
 yw9Z5I8UIG/zoC57iwVx75Xv04GwUdhwS07h5VYaJ2Z8owouvWL8JZfQuuQPWVZQ
 ==
X-ME-Sender: <xms:lFK-WyPpXNtwWE5hjHmp9ZVRxshDdAbILaCtIUfX5WCPLOYoba6_GA>
X-ME-Proxy: <xmx:lFK-WzguMC3VMMlBfrjwj2XQHMXJojktx5gOfTXxpL0oeCMtXrMjFA>
 <xmx:lFK-WwP08uYJ6ZBUYKHriOF4vvW6_OTNd2hKeq3lRjaf8e-oE8YXyQ>
 <xmx:lFK-W07gSlHJyQRiAP-cadqyjmOckwZIsov9ADBUR7asF42gcv_Bwg>
 <xmx:lFK-W-0SFjip-zd8r9DEvfpPAlA-_WYVgvdBThVJbuJjdYfsSD59iQ>
 <xmx:lFK-W1boekyH2dbOIRhMF1QjLtUi4RTbwFiHaAlsCNhCWcCd4V8xwQ>
 <xmx:llK-W_Fuk5Ts9WAEqfnpz9d8U5l8ia6Jj7JpXbDiOAaLGp6n_wjDYA>
Received: from localhost (unknown [172.58.201.64])
 by mail.messagingengine.com (Postfix) with ESMTPA id C2577102ED;
 Wed, 10 Oct 2018 15:27:15 -0400 (EDT)
Date: Wed, 10 Oct 2018 15:27:14 -0400
From: Leo Famulari <leo@famulari.name>
Message-ID: <20181010192714.GC22832@jasmine.lan>
References: <87o9c7i0l6.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="uh9ZiVrAOUUm9fzH"
Content-Disposition: inline
In-Reply-To: <87o9c7i0l6.fsf@fastmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--uh9ZiVrAOUUm9fzH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Oct 06, 2018 at 04:58:13PM +0200, Marius Bakke wrote:
> Python 2 and 3 are using a bundled Expat (residing under Modules/).
>=20
> This has been the cause of security vulnerabilities in the past and
> should be changed to use Expat from Guix.

Looks like Debian uses an external Expat to fill the dependency, so it
should be possible:

https://packages.debian.org/stretch/python3.5-minimal

We should look into the difference between the bundled Expat and
upstream Expat.

--uh9ZiVrAOUUm9fzH
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlu+UpIACgkQJkb6MLrK
fwgOaQ/7BWBph+EUCzDA64XayEu4voEnWKB/NWbD4bbVge3wo2bTAjemKg3hQRMt
VxntWISU56rnln9PEq5ZZ+apnC8U91CGuAoum5ydgADJMUPjzmzcw1g/CVivT2ss
5DfMWSC23AtYQQrJ9OuV8ofXERbwAtJzVCGumt0mK9uuVZ4A+I3Kv5SzPzL5eLkk
V384R7uOWFJXP6PFxHFG5ZMTUvOHJNTujQwfTx9lEBccaFHXyy28/nJjZ3t315yz
h4Sy/iCCzGlROnJGjqDWOOpQdYx5N2KuhX14NW5woGLRK8nAej9COgFFRjD+iECu
nQonNS1VaoIDrZpgijdAGAjqhkn9zJuS6fL1IbinJDIeMlVXkvNZyq2dLp5eUE8L
WpJVOnt+pk5w25l1CYu1ZSYL7UEO8jkCkPPcxrukXItKLQOecPDIGWd1ynx5FLqu
YLIa/VTWnmZlHUZep6tvz2rYH6QqZyMSMVUrQZxjTNuNRlEJ5ylgzHRWz80hzs9z
pV/ql+LHRNb3GlJcBpKNAdGxe/QJ6UIsZV7SlwDIuOicqaEtQN8q/fVSNNPr5/XC
TgfmR3n1SbUOwd8vrVf7TDzF58NwjH/BXUX+nv96RPmuyCma7i8VXvVUQgv/ORo2
NKqKHE+q3s7ykIF5GG2Te3WsH9KspqA5fY7E8cxuJly5XQ//of0=
=Jgba
-----END PGP SIGNATURE-----

--uh9ZiVrAOUUm9fzH--




From unknown Sun Jun 22 07:40:28 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Marius Bakke <mbakke@fastmail.com>
Subject: bug#32957: closed (Re: bug#32957: Python uses a bundled expat)
Message-ID: <handler.32957.D32957.1553380453317.notifdone@debbugs.gnu.org>
References: <874l7t1aqt.fsf@fastmail.com> <87o9c7i0l6.fsf@fastmail.com>
X-Gnu-PR-Message: they-closed 32957
X-Gnu-PR-Package: guix
X-Gnu-PR-Keywords: security
Reply-To: 32957@debbugs.gnu.org
Date: Sat, 23 Mar 2019 22:35:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1553380502-387-1"

This is a multi-part message in MIME format...

------------=_1553380502-387-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#32957: Python uses a bundled expat

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 32957@debbugs.gnu.org.

--=20
32957: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D32957
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1553380502-387-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 32957-done) by debbugs.gnu.org; 23 Mar 2019 22:34:13 +0000
Received: from localhost ([127.0.0.1]:55854 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1h7pDR-00004z-2Z
	for submit@debbugs.gnu.org; Sat, 23 Mar 2019 18:34:13 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:42955)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1h7pDP-0008WQ-01
 for 32957-done@debbugs.gnu.org; Sat, 23 Mar 2019 18:34:11 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 75A2321BAD;
 Sat, 23 Mar 2019 18:34:05 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute5.internal (MEProxy); Sat, 23 Mar 2019 18:34:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version:content-type; s=fm2; bh=F7iLOC07PIjMQxre1jELCCAckt
 h9/v7WF6+vLogHoiM=; b=cR3szB7uYAqex2ilGPCU5zhPE414/HjgFsOowsYu6U
 ZTyOreRpqqMVhUkSKYByfaPqGKBhPTM8m+Z78CVyrR26caz3o8Gh1Qpg3o53uORT
 W/hE0Ga9EYcvXma47d6Bwii3uPtPFAdnkYVsZhznfZwh1IyavXmkb0VyNWuFhdzr
 dirDcd1bpmaedY0CfoI0LUQmogQtmTXJk9NPcmzZdr+jjWr44A9n0yPNv7sovQlt
 HVDmYIuAgq0Em4DoLrmpVYWDQTDpCuJMNWrr/VhSm7g8XQqjB3BOF3aLXhxcNUoN
 8lUrnVCwyT0Xt5Knd+27ST7BfkKtZqDZVQOXZMxeGKYA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=F7iLOC
 07PIjMQxre1jELCCAckth9/v7WF6+vLogHoiM=; b=4ZyMyr3LxP4h8Rxv2Ddmcs
 DJMNYAxLpsX+KqLGzO7zoTahd8wggg2ZgRdKSzvrW1iZvzFpX82ZIjjqZ4YuREw4
 hdMj+052RHWMbMNRoQ7HKrfRw1JBtpLM2vM6E46BRvBWQeonGEdwMRkLak95ki4p
 K5AtEioVMmjestTbPUbJJrMDbe4Fs5ZmqFPfLbdatiQTWsMa23BeKTl912yQFRlg
 WAqa3Ttv/NeSFW3/ozKRVxcpqQAdOYwV9dcfB8f8E/0ORW2FpA+DB1p1nNsk0EeK
 8BA+Jc+Ogy8cr7wRAi0aL1yXszn3+ra2/CfMfM6H8DykBdv44u4OwyR+CmNMrUBA
 ==
X-ME-Sender: <xms:XbSWXERq1Zlri-TG5Wma90aX2eKVlfJn2dOloIkBjm2WSVbrxjLJ3A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrjeegucetufdoteggodetrfdotffvucfrrh
 hofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgenuceurghi
 lhhouhhtmecufedttdenucenucfjughrpefhvffujghffgffkfggtgesghdtreertdertd
 enucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhmrghi
 lhdrtghomheqnecuffhomhgrihhnpeguvggsihgrnhdrohhrghenucfkphepiedvrdduie
 drvddviedrudegtdenucfrrghrrghmpehmrghilhhfrhhomhepmhgsrghkkhgvsehfrghs
 thhmrghilhdrtghomhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:XbSWXIGaxQCJNQlSiRLzAATMDkZ8-cArTmcaxH5mVWR7NmCdnQsIlQ>
 <xmx:XbSWXOgFF0B6u0snFd3LaV4zWVRUUT8eIe-5c_9JqEriR0j2USQuSw>
 <xmx:XbSWXGpss5JGFHt4o1-f3HWyp1x9lOzppZmJz6LOUoxnVNAJjz1Rxg>
 <xmx:XbSWXD_NQqt9Db9UdZmUjs68bM7ZdswL8jxUrayfhElZujty_d61wg>
Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140])
 by mail.messagingengine.com (Postfix) with ESMTPA id B8A37E4549;
 Sat, 23 Mar 2019 18:34:04 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#32957: Python uses a bundled expat
In-Reply-To: <20181010192714.GC22832@jasmine.lan>
References: <87o9c7i0l6.fsf@fastmail.com> <20181010192714.GC22832@jasmine.lan>
User-Agent: Notmuch/0.28.2 (https://notmuchmail.org) Emacs/26.1
 (x86_64-pc-linux-gnu)
Date: Sat, 23 Mar 2019 23:34:02 +0100
Message-ID: <874l7t1aqt.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 32957-done
Cc: 32957-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Leo Famulari <leo@famulari.name> writes:

> On Sat, Oct 06, 2018 at 04:58:13PM +0200, Marius Bakke wrote:
>> Python 2 and 3 are using a bundled Expat (residing under Modules/).
>>=20
>> This has been the cause of security vulnerabilities in the past and
>> should be changed to use Expat from Guix.
>
> Looks like Debian uses an external Expat to fill the dependency, so it
> should be possible:
>
> https://packages.debian.org/stretch/python3.5-minimal
>
> We should look into the difference between the bundled Expat and
> upstream Expat.

Looking at the Debian package did help me figure out how to make it use
system Expat.  We needed this patch:
<https://salsa.debian.org/cpython-team/python3/blob/master/debian/patches/s=
etup-modules.diff>.

That patch only works *after* the configure step and requires
regenerating some files (see the rules file around PyExpat), so I took a
simpler approach.

Fixed in d1659c0fb27c4f71c8ddc6a85d3cd9f3a10cca97.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlyWtFoACgkQoqBt8qM6
VPofDgf/WzwcJMChtSroskjXIDJRIqVfOdqv4epmBDIYCCohH0h/BHzmpUoq9A5m
52YfqxTjPKmzsRUbyazd88andVej6AmnosDarkCWH3sDr/MJgHOawk7l6bsjEV8a
dfQSrC57X2I6qQSwvlEHskPhS4vAy4LeVIccGOiSyBrPVZbzNpe70FoILPOiMNIC
opf8xB56KacuNh7ZRsNBmKZHdSassVn5QvdKhGhuJmVhsFqlm7bP9j4npq0/OhGv
Y302hIwh8JoAUkAcWlWj9iaY5uYi7pzwU8TyMj1T+LjuvyjilBc80/k3HBgsXWB8
x8fRP5kFJc69JAYed6rDbHZD/EcxoA==
=zaky
-----END PGP SIGNATURE-----
--=-=-=--


------------=_1553380502-387-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 6 Oct 2018 14:58:33 +0000
Received: from localhost ([127.0.0.1]:38755 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1g8o2L-0005Jj-I6
	for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:33 -0400
Received: from eggs.gnu.org ([208.118.235.92]:39926)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1g8o2J-0005JU-2o
 for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1g8o2C-0002AP-UO
 for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:25 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:49636)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1g8o2C-00029Y-5B
 for submit@debbugs.gnu.org; Sat, 06 Oct 2018 10:58:24 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49510)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1g8o2B-0007uJ-Fv
 for bug-guix@gnu.org; Sat, 06 Oct 2018 10:58:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1g8o27-00026X-4s
 for bug-guix@gnu.org; Sat, 06 Oct 2018 10:58:22 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:56795)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1g8o26-00024z-0J
 for bug-guix@gnu.org; Sat, 06 Oct 2018 10:58:18 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id E01D821175
 for <bug-guix@gnu.org>; Sat,  6 Oct 2018 10:58:15 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Sat, 06 Oct 2018 10:58:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 from:to:subject:date:message-id:mime-version:content-type; s=
 fm1; bh=ZqEcX46pMlbNfVJhtip8n7/q2hqLWq9pbQPHYTZMfpw=; b=BGeoMd6z
 EMF91dhURrb/xFxFRikDxJwqCNpuS8E0MT6dUS4h3DkEGzDx1HvTMsFTQK5FW3zh
 HFQBTcKpbE9mXbWQoJTwrMaOIHBgRbdJfbnjt6Pe8MakNIzx8oAo59TOw01hZFw6
 NUelrlOj/0I/vCB8ft4/LA9eXYg+Xrnt/PuI9rtqSY4tMtAaf3lGGEkF+7N0IgQT
 1nSaZuDduvWyVJ11FB6fGuX4vWW7nBlq2aMvEzwN3BEdukCZ1VUbPFcI37bhRkP9
 /ZID4/E2Txwb35xsYY4Ss7AEsRxug18U28tIpzplG1G9frkc5rnMei2GXqzFSprH
 6dt7GEx5gVZGmg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; bh=ZqEcX46pMlbNfVJhtip8n7/q2hqLW
 q9pbQPHYTZMfpw=; b=atjxAuC2KRAFgRcFV+dbV7wSacdJ9xvPPerxQ7xmTyygW
 6wW+u5xZVjaFFzAsH0TmP5mk8yXAElhlhQFyBfhd1nBk7gv7K8PojP6EmBbwL3VM
 c0nI2DvnPwj+Ga1gRAFnr6hhWx/RnbsYPip+qn3peYFIKfuWDg8X6xR2PQupbO/z
 0cKVL1mvOHEhrlEL0xHdw5TsZOs87oVG5TVP0vSWEJcudLTwuHc2uurZ8R4GD9Xk
 ga7gFpUEjJ3JfsAR/x41+mu2BdDwiehJ5zg+kPO2VbFxoG/fJTIH0c7rdPEUFT1l
 0R0Ky7QWhqCUJibgIo6RYZCacCjLHR1MfkmeT4NBw==
X-ME-Sender: <xms:h824W4w2g-r11IMHuaz0zI1UOR5k7vJXabceA1HWawnX5hovLZFaTA>
X-ME-Proxy: <xmx:h824W0B0oIDakyVrWkx1CFfqQiICictDZufswx3MLeB7AU_LHmstXQ>
 <xmx:h824Ww9OA8tzLs_wxFbXK22UjSeItyosrz42pZ_X9PmRU9-MFtCzeQ>
 <xmx:h824W4DkhoE4fh53Je2B670CKOD-HGtj9Lj3MnDTnHx45EnYCMm3Wg>
 <xmx:h824W88EAzJr8t1qQxkEVhXHt1XrAIMnhyZHc4bhJClNeeTeUoq-Rw>
 <xmx:h824W7zLExKDHd8fN6Fue4aBp8CokA_druD_du4jh9p7cz5Oa9zmAg>
 <xmx:h824W1YksQ6YAxGFHqPtOjgU-HcgetAwIkEwJb01PYtzTjux5QoXVg>
Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140])
 by mail.messagingengine.com (Postfix) with ESMTPA id 449AA102E8
 for <bug-guix@gnu.org>; Sat,  6 Oct 2018 10:58:15 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
To: bug-guix@gnu.org
Subject: Python uses a bundled expat
User-Agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1
 (x86_64-pc-linux-gnu)
Date: Sat, 06 Oct 2018 16:58:13 +0200
Message-ID: <87o9c7i0l6.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.3 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.3 (-----)

--=-=-=
Content-Type: text/plain

Python 2 and 3 are using a bundled Expat (residing under Modules/).

This has been the cause of security vulnerabilities in the past and
should be changed to use Expat from Guix.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlu4zYUACgkQoqBt8qM6
VPo2UAgAzKQ8+SbMxzNFx4YEEOM/Mm0XKo+20DMBZHlqI+Gg0Q+9VVCNfwttbAzw
zdEYr5Zw5FEWIe30/97Dw0BdmaK+17rREcSrc6b4UZESgIPF9R1NHzcxwZWjRWj7
PuOI6pHdADHzraMN1afgyGg2jVVc8zPmLCimNcHUpJIvJH+kFVPauEetl/ONcC7G
mOtNL1d3pHmpSAgCEHQ+iC7KoPJDDJBM0aKLtDNTYK69VaOY8L3K2b/5DgHW+jCE
RcA6tlE37Cjen+L64fPmvlMqPSD5GT5nAwn5/PwPaXWJG6FaVW5FVo6OGdn/EKI7
5kHqiuLZm2yr/fBY7xWlOhqPajHEyg==
=dmT8
-----END PGP SIGNATURE-----
--=-=-=--



------------=_1553380502-387-1--