aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/xml.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-05-24 14:11:52 +0200
committerLudovic Courtès <ludo@gnu.org>2016-05-24 14:15:18 +0200
commit493e9a5a8f613764cfa396c33ee6cb381b0dbbef (patch)
tree5ea6d5c7d117cb1f905ef8dfff710db9ab8f618c /gnu/packages/xml.scm
parentc0d2e7b197a3c511eb1bf60b61ee6fdc673e36f4 (diff)
downloadguix-493e9a5a8f613764cfa396c33ee6cb381b0dbbef.tar
guix-493e9a5a8f613764cfa396c33ee6cb381b0dbbef.tar.gz
gnu: libxml2: Fix CVE-2016-3627 and CVE-2016-3705.
* gnu/packages/patches/libxml2-CVE-2016-3627.patch, gnu/packages/patches/libxml2-CVE-2016-3705.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable.
Diffstat (limited to 'gnu/packages/xml.scm')
-rw-r--r--gnu/packages/xml.scm11
1 files changed, 10 insertions, 1 deletions
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 9eaf71aefa..96bb8b76c6 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
@@ -77,6 +77,7 @@ things the parser might find in the XML document (like start tags).")
(package
(name "libxml2")
(version "2.9.3")
+ (replacement libxml2/fixed) ;multiple CVEs
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
@@ -103,6 +104,14 @@ things the parser might find in the XML document (like start tags).")
project (but it is usable outside of the Gnome platform).")
(license license:x11)))
+(define libxml2/fixed
+ (package
+ (inherit libxml2)
+ (source (origin
+ (inherit (package-source libxml2))
+ (patches (search-patches "libxml2-CVE-2016-3627.patch"
+ "libxml2-CVE-2016-3705.patch"))))))
+
(define-public python-libxml2
(package (inherit libxml2)
(name "python-libxml2")