diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-05-24 14:11:52 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-05-24 14:15:18 +0200 |
commit | 493e9a5a8f613764cfa396c33ee6cb381b0dbbef (patch) | |
tree | 5ea6d5c7d117cb1f905ef8dfff710db9ab8f618c /gnu/packages/xml.scm | |
parent | c0d2e7b197a3c511eb1bf60b61ee6fdc673e36f4 (diff) | |
download | guix-493e9a5a8f613764cfa396c33ee6cb381b0dbbef.tar guix-493e9a5a8f613764cfa396c33ee6cb381b0dbbef.tar.gz |
gnu: libxml2: Fix CVE-2016-3627 and CVE-2016-3705.
* gnu/packages/patches/libxml2-CVE-2016-3627.patch,
gnu/packages/patches/libxml2-CVE-2016-3705.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xml.scm (libxml2)[replacement]: New field.
(libxml2/fixed): New variable.
Diffstat (limited to 'gnu/packages/xml.scm')
-rw-r--r-- | gnu/packages/xml.scm | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 9eaf71aefa..96bb8b76c6 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> @@ -77,6 +77,7 @@ things the parser might find in the XML document (like start tags).") (package (name "libxml2") (version "2.9.3") + (replacement libxml2/fixed) ;multiple CVEs (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" @@ -103,6 +104,14 @@ things the parser might find in the XML document (like start tags).") project (but it is usable outside of the Gnome platform).") (license license:x11))) +(define libxml2/fixed + (package + (inherit libxml2) + (source (origin + (inherit (package-source libxml2)) + (patches (search-patches "libxml2-CVE-2016-3627.patch" + "libxml2-CVE-2016-3705.patch")))))) + (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") |