diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-10-10 22:36:42 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2017-10-10 22:36:42 +0200 |
| commit | c09629520b4fa93abed09429d512fa4aee35128c (patch) | |
| tree | e80391499221689d7a7d24706d30ed4aca1f75bd /gnu/packages/patches/libxml2-CVE-2017-0663.patch | |
| parent | 1e28118d8d599277d77ee6858a1e37e9791ba445 (diff) | |
| download | guix-c09629520b4fa93abed09429d512fa4aee35128c.tar guix-c09629520b4fa93abed09429d512fa4aee35128c.tar.gz | |
gnu: libxml2: Update to 2.9.6.
While at it, remove leftover patches since libxml2/fixed went missing
without conflict in c01ef97594a8b06e884906a5efbdfacf8ba33dc3.
* gnu/packages/patches/libxml2-CVE-2017-0663.patch,
gnu/packages/patches/libxml2-CVE-2017-7375.patch,
gnu/packages/patches/libxml2-CVE-2017-7376.patch,
gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch,
gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/xml.scm (libxml2): Update to 2.9.6.
Diffstat (limited to 'gnu/packages/patches/libxml2-CVE-2017-0663.patch')
| -rw-r--r-- | gnu/packages/patches/libxml2-CVE-2017-0663.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/gnu/packages/patches/libxml2-CVE-2017-0663.patch b/gnu/packages/patches/libxml2-CVE-2017-0663.patch deleted file mode 100644 index b0277a2d23..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-0663.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2017-0663: - -https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663 -https://security-tracker.debian.org/tracker/CVE-2017-0663 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66 - -From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 6 Jun 2017 12:56:28 +0200 -Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace - -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on -namespace declarations make no practical sense anyway. - -Fixes bug 780228. - -Found with libFuzzer and ASan. ---- - valid.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/valid.c b/valid.c -index 8075d3a0..c51ea290 100644 ---- a/valid.c -+++ b/valid.c -@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - } - } - -+ /* -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes -+ * no practical sense to use ID types anyway. -+ */ -+#if 0 - /* Validity Constraint: ID uniqueness */ - if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) -@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) - ret = 0; - } -+#endif - - /* Validity Constraint: Notation Attributes */ - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { --- -2.14.1 - |