Re: [PATCH 0/3] Expat and libxslt changes for core-updates

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/3] Expat and libxslt changes for core-updates

From:	Leo Famulari
Subject:	Re: [PATCH 0/3] Expat and libxslt changes for core-updates
Date:	Thu, 9 Jun 2016 19:19:35 -0400
User-agent:	Mutt/1.6.0 (2016-04-01)

On Thu, Jun 09, 2016 at 12:43:17PM -0400, Leo Famulari wrote:
> On Wed, Jun 08, 2016 at 01:10:16PM +0300, Efraim Flashner wrote:
> > FWIW debian's expat-2.1.1(-3) still has the cve-2015-1283 applied.
> 
> I looked at the expat Git repo and the original fix for CVE-2015-1283
> was part of 2.1.1. The improvement to the fix must be backported. I will
> take the upstream commit that applies the improvement.

We adopt Debian's patch for CVE-2012-6702 and CVE-2016-5300 (already
sent for review for the master branch).

We also adapt the CVE-2015-1283 "re-fix" patch to apply to upstream's
fix for CVE-2015-1283. The Debian "re-fix" patch had some context
(comments) that did not exist in the upstream 2.1.1 release.

And as before, we patch for CVE-2016-0718.

It's not possible for me test this on core-updates (too much to build).
On master, I made a new expat-2.1.1 package that inherited from expat
and built that with the patches.

The merge will probably be messy...

Off-topic: A regular package and a grafted package on master, and an
updated version of the package on core-updates... this is getting very
complicated and we should try our best to avoid such tangled situations
in the future.

0001-gnu-expat-Fix-CVE-2012-6702-CVE-2016-0718-and-CVE-20.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 2/3] gnu: Remove unused patch., (continued)
- [PATCH 2/3] gnu: Remove unused patch., Leo Famulari, 2016/06/07
  - Re: [PATCH 2/3] gnu: Remove unused patch., Ludovic Courtès, 2016/06/08
- [PATCH 3/3] gnu: libxslt: Update to 1.1.29., Leo Famulari, 2016/06/07
  - Re: [PATCH 3/3] gnu: libxslt: Update to 1.1.29., Ludovic Courtès, 2016/06/08
- Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Efraim Flashner, 2016/06/08
  - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Leo Famulari, 2016/06/08
    - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Leo Famulari, 2016/06/08
  - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Ludovic Courtès, 2016/06/08
  - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Leo Famulari, 2016/06/09
  - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Leo Famulari, 2016/06/09
    - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Leo Famulari <=
    - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Ludovic Courtès, 2016/06/10
    - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Leo Famulari, 2016/06/10
    - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Ludovic Courtès, 2016/06/12
    - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Leo Famulari, 2016/06/12
    - Re: [PATCH 0/3] Expat and libxslt changes for core-updates, Ludovic Courtès, 2016/06/13

Prev by Date: Re: [PATCH] Add googletest
Next by Date: [PATCH] gnu: Add python2-jsonrpclib
Previous by thread: Re: [PATCH 0/3] Expat and libxslt changes for core-updates
Next by thread: Re: [PATCH 0/3] Expat and libxslt changes for core-updates
Index(es):
- Date
- Thread