diff mbox

[1/3] gnu: expat: Fix CVE-2016-0718.

Message ID 81e60fcd24fbb26d6d4e6fc4b5cdafe7fe1e2bc5.1465347219.git.leo@famulari.name
State New
Headers show

Commit Message

Leo Famulari June 8, 2016, 12:54 a.m. UTC
This "cherry-picks" part of 119b83989dd9edd1e8ba6cd379d159d024cbc61d
from the master branch to core-updates.

* gnu/packages/xml.scm (expat)[source]: Use patch.
---
 gnu/packages/xml.scm | 1 +
 1 file changed, 1 insertion(+)

Comments

Ludovic Courtès June 8, 2016, 1:25 p.m. UTC | #1
Leo Famulari <leo@famulari.name> skribis:

> This "cherry-picks" part of 119b83989dd9edd1e8ba6cd379d159d024cbc61d
> from the master branch to core-updates.
>
> * gnu/packages/xml.scm (expat)[source]: Use patch.

LGTM, but is expat-CVE-2016-0718.patch still in core-updates?

Did I mess things up when I merged master into core-updates yesterday?

Thank you for paying attention.  :-)

Ludo’.
Leo Famulari June 9, 2016, 4:20 p.m. UTC | #2
On Wed, Jun 08, 2016 at 03:25:39PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > This "cherry-picks" part of 119b83989dd9edd1e8ba6cd379d159d024cbc61d
> > from the master branch to core-updates.
> >
> > * gnu/packages/xml.scm (expat)[source]: Use patch.
> 
> LGTM, but is expat-CVE-2016-0718.patch still in core-updates?

Yes and...

> Did I mess things up when I merged master into core-updates yesterday?

... I've only merged master into core-updates once, but when I did I
noticed some strange behavior re: patches and spent a lot of time making
sure the merge did the "right thing".

Next time I will take notes on the surprising things and send them to
the list. If I am inspired, I might go back in time and re-do the merge
I did before and take notes on that.
diff mbox

Patch

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index a860f98..9400930 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -51,6 +51,7 @@ 
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
                                  version "/expat-" version ".tar.bz2"))
+             (patches (search-patches "expat-CVE-2016-0718.patch"))
              (sha256
               (base32
                "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))