From unknown Sun Jun 22 00:31:16 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#53335] [PATCH] gnu: expat: Add replacement for [security fixes]. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 18 Jan 2022 03:10:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 53335 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 53335@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16424754023422 (code B ref -1); Tue, 18 Jan 2022 03:10:03 +0000 Received: (at submit) by debbugs.gnu.org; 18 Jan 2022 03:10:02 +0000 Received: from localhost ([127.0.0.1]:48532 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9esj-0000t0-Ew for submit@debbugs.gnu.org; Mon, 17 Jan 2022 22:10:01 -0500 Received: from lists.gnu.org ([209.51.188.17]:40440) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9esi-0000ss-1O for submit@debbugs.gnu.org; Mon, 17 Jan 2022 22:10:00 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34050) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9esh-00079s-Tw for guix-patches@gnu.org; Mon, 17 Jan 2022 22:09:59 -0500 Received: from [2a02:c205:2020:6054::1] (port=41924 helo=tobias.gr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9esf-0001uT-Ic for guix-patches@gnu.org; Mon, 17 Jan 2022 22:09:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=AVe6HEDxvLDtP +X5HmC5JWfI5Wty0nZA10tb/jTnJjA=; h=date:subject:to:from; d=tobias.gr; b=Oy6tzLN75BZzmdZdEhKVrf6m+08JO9QRHoGwq/pXTHckb4MnfFL2TXfpkyL+14fPf0Lp +4Hjty9jCrCJZFGavOCehXA/ophQEDOoXRlCrSSpAdjqcmccbS31BR5/uYHUQbyhXbnB8Y thy9ibTrmyad9S9ro7KY3/r1L3EoREAjJpyvqyKdcdEmlcQJox1mw9jlsaDOSkv8G7UvpI iB3VSfHycrbZjr7rbCQOrXPhp3h9h0PUm40FMlAYyDbo2pQJq/iZWf7+bnRm8lSKr22YF9 vBlWRxBgPOnrfZMBa/PDo6nuL9i4REa02xiOyDBvUtIyseoFuatWbIaC0Z/72o/w== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 35475071 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Tue, 18 Jan 2022 03:09:51 +0000 (UTC) From: Tobias Geerinckx-Rice Date: Sun, 16 Jan 2022 01:00:04 +0100 Message-Id: <20220116000004.2398-1-me@tobias.gr> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a02:c205:2020:6054::1 (failed) Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) Fixes CVE-2021-45960, CVE-2021-46143, and CVE-2022-22822…22827. * gnu/packages/xml.scm (expat/fixed): New variable. (expat)[replacement]: Use it. --- gnu/packages/xml.scm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index b89115a051..771c577618 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -119,6 +119,7 @@ (define-public expat (package (name "expat") (version "2.4.1") + (replacement expat/fixed) (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (origin (method url-fetch) @@ -154,6 +155,23 @@ (define-public expat things the parser might find in the XML document (like start tags).") (license license:expat))) +(define expat/fixed + (package + (inherit expat) + (version "2.4.3") + (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) + (origin + (method url-fetch) + (uri (list (string-append "mirror://sourceforge/expat/expat/" + version "/expat-" version ".tar.xz") + (string-append + "https://github.com/libexpat/libexpat/releases/download/R_" + (string-map dot->underscore version) + "/expat-" version ".tar.xz"))) + (sha256 + (base32 + "12kp4h40cpyqqpjqaldag0xq4ig1ljzpkzy9i2marc7blnqz3ydi"))))))) + (define-public libebml (package (name "libebml") -- 2.34.0 From unknown Sun Jun 22 00:31:16 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Tobias Geerinckx-Rice Subject: bug#53335: closed ([PATCH] gnu: expat: Add replacement for [security fixes].) Message-ID: References: <87h79zwq1o.fsf@nckx> <20220116000004.2398-1-me@tobias.gr> X-Gnu-PR-Message: they-closed 53335 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 53335@debbugs.gnu.org Date: Wed, 19 Jan 2022 18:16:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1642616162-21950-1" This is a multi-part message in MIME format... ------------=_1642616162-21950-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #53335: [PATCH] gnu: expat: Add replacement for [security fixes]. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 53335@debbugs.gnu.org. --=20 53335: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D53335 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1642616162-21950-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 53335-done) by debbugs.gnu.org; 19 Jan 2022 18:15:03 +0000 Received: from localhost ([127.0.0.1]:55461 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAFU6-0004ey-M6 for submit@debbugs.gnu.org; Wed, 19 Jan 2022 13:15:03 -0500 Received: from tobias.gr ([80.241.217.52]:34634) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAFU0-0004di-Ue for 53335-done@debbugs.gnu.org; Wed, 19 Jan 2022 13:15:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=IhW5pdXMu7rr/ 2jwGpFNgJC0QOkw1rggBB4s2BTHFMo=; h=date:subject:to:from; d=tobias.gr; b=Ptz2kx1oudwJb5oktflEnle3Rra9nN3Pg0QtjDvonuXUr6gvaVHvjSUSlglHhwZ9Ulmz mYpaTh8yAFf8Z9xKgGm3basb+FUfEf+Kd1ulG2fA4RIk05Q8IyezYS15csCujVZaQldqj7 omCy6sHtzFvuQvGMKcWtEAypzmVumZE19W2mRsgK1PuEjlJASaLdHCjN//MD+P8so7jN7W xq9RWRVqJhVCaEvBgktSALW+y/R7JAC1mYKxPApk6dVNyMcO31HzCcT7hKOaV8k/G/idsu V1fZEXdZSLd+F9J28yRCNFaRf1sTRwO7AAzgE+DrU/ASh9MFgSJMM6DRe1z5UekQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id a5e12c8b (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <53335-done@debbugs.gnu.org>; Wed, 19 Jan 2022 18:14:53 +0000 (UTC) From: Tobias Geerinckx-Rice To: 53335-done@debbugs.gnu.org Subject: [PATCH] gnu: expat: Add replacement for [security fixes]. Date: Wed, 19 Jan 2022 19:08:17 +0100 BIMI-Selector: v=BIMI1; s=default; Message-ID: <87h79zwq1o.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 53335-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; format=flowed Pushed as 2045852b096131a714409aa0cc4fe17938f60b15. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYehVIw0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15mCYBANMljY2iPUdWQ2JNkqfI6WBBtNJuoSSQvrNp1P2W 9nQlAQD8B7OVKS+r+kRuEDab/V7BvFygbki+5PfzpcUXMA41CQ== =BXS7 -----END PGP SIGNATURE----- --=-=-=-- ------------=_1642616162-21950-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 18 Jan 2022 03:10:02 +0000 Received: from localhost ([127.0.0.1]:48532 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9esj-0000t0-Ew for submit@debbugs.gnu.org; Mon, 17 Jan 2022 22:10:01 -0500 Received: from lists.gnu.org ([209.51.188.17]:40440) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n9esi-0000ss-1O for submit@debbugs.gnu.org; Mon, 17 Jan 2022 22:10:00 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34050) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9esh-00079s-Tw for guix-patches@gnu.org; Mon, 17 Jan 2022 22:09:59 -0500 Received: from [2a02:c205:2020:6054::1] (port=41924 helo=tobias.gr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n9esf-0001uT-Ic for guix-patches@gnu.org; Mon, 17 Jan 2022 22:09:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=AVe6HEDxvLDtP +X5HmC5JWfI5Wty0nZA10tb/jTnJjA=; h=date:subject:to:from; d=tobias.gr; b=Oy6tzLN75BZzmdZdEhKVrf6m+08JO9QRHoGwq/pXTHckb4MnfFL2TXfpkyL+14fPf0Lp +4Hjty9jCrCJZFGavOCehXA/ophQEDOoXRlCrSSpAdjqcmccbS31BR5/uYHUQbyhXbnB8Y thy9ibTrmyad9S9ro7KY3/r1L3EoREAjJpyvqyKdcdEmlcQJox1mw9jlsaDOSkv8G7UvpI iB3VSfHycrbZjr7rbCQOrXPhp3h9h0PUm40FMlAYyDbo2pQJq/iZWf7+bnRm8lSKr22YF9 vBlWRxBgPOnrfZMBa/PDo6nuL9i4REa02xiOyDBvUtIyseoFuatWbIaC0Z/72o/w== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 35475071 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Tue, 18 Jan 2022 03:09:51 +0000 (UTC) From: Tobias Geerinckx-Rice To: guix-patches@gnu.org Subject: [PATCH] gnu: expat: Add replacement for [security fixes]. Date: Sun, 16 Jan 2022 01:00:04 +0100 Message-Id: <20220116000004.2398-1-me@tobias.gr> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a02:c205:2020:6054::1 (failed) Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) Fixes CVE-2021-45960, CVE-2021-46143, and CVE-2022-22822…22827. * gnu/packages/xml.scm (expat/fixed): New variable. (expat)[replacement]: Use it. --- gnu/packages/xml.scm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index b89115a051..771c577618 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -119,6 +119,7 @@ (define-public expat (package (name "expat") (version "2.4.1") + (replacement expat/fixed) (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (origin (method url-fetch) @@ -154,6 +155,23 @@ (define-public expat things the parser might find in the XML document (like start tags).") (license license:expat))) +(define expat/fixed + (package + (inherit expat) + (version "2.4.3") + (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) + (origin + (method url-fetch) + (uri (list (string-append "mirror://sourceforge/expat/expat/" + version "/expat-" version ".tar.xz") + (string-append + "https://github.com/libexpat/libexpat/releases/download/R_" + (string-map dot->underscore version) + "/expat-" version ".tar.xz"))) + (sha256 + (base32 + "12kp4h40cpyqqpjqaldag0xq4ig1ljzpkzy9i2marc7blnqz3ydi"))))))) + (define-public libebml (package (name "libebml") -- 2.34.0 ------------=_1642616162-21950-1--