Am 2019-12-18 22:44, schrieb Francesco Riosa:
Il giorno mer 18 dic 2019 alle ore 22:03 Sebastian Pipping
<sp...@gentoo.org>
ha scritto:
CMake bundles a (previously outdated and vulnerable) copy of expat so
I'm not sure if re-activating that bundle — say with a new use flag
"system-expat" — would be a good thing to resort to for breaking the
cycle, with regard to security in particular.
Pushing gently upstream to upgrade bundled expat copy would (at least
temporarily) fix the issue and also benefit other use cases. Maybe they
are
Gentoo friendly
they also release quite often, which would fix the problem soon
This is in CMake 3.16.0:
commit 50bc359184472700e9776a0a9d6f7e06ea82b9ce
Author: Brad King <brad.k...@kitware.com>
Date: Mon Nov 11 10:44:17 2019 -0500
expat: Update CMake build for 2.2.9
commit b63a5c88a2089494e53f22f83db1925435161934
Merge: 512fabaa9d 1712885b4f
Author: Brad King <brad.k...@kitware.com>
Date: Mon Nov 11 10:42:32 2019 -0500
Merge branch 'upstream-expat' into update-expat
* upstream-expat:
expat 2019-09-25 (a7bc26b6)
These things _are_ updated regularly, but in case something is missed
just file a bug at gitlab.kitware.com. All these bundled thing bumps are
scripted as far as possible, so the actual overhead is quite small.
Eike
