aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/xml.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-12-21 02:12:55 -0500
committerLeo Famulari <leo@famulari.name>2017-12-21 12:28:47 -0500
commit0c9c9526bb3fb665997b3b054f8b57ffdb559043 (patch)
treee1bae92a8873494f1efe7a42f7e93b6ec2f73eb3 /gnu/packages/xml.scm
parent2a0e3d163581f053138508b0d40a28e07dc37923 (diff)
downloadguix-0c9c9526bb3fb665997b3b054f8b57ffdb559043.tar
guix-0c9c9526bb3fb665997b3b054f8b57ffdb559043.tar.gz
gnu: libxslt: Fix CVE-2017-5029 and re-apply the fix for CVE-2016-4738.
This is a followup to commit 2663c38826cd6c2ef0c5119f8072fac8e89b2e9b. * gnu/packages/xml.scm (libxslt)[replacement]: New field. (libxslt/fixed): New variable. * gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/xml.scm')
-rw-r--r--gnu/packages/xml.scm15
1 files changed, 14 insertions, 1 deletions
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 4f75de344c..344d7c347f 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -188,12 +188,16 @@ project (but it is usable outside of the Gnome platform).")
(define-public libxslt
(package
(name "libxslt")
+ (replacement libxslt/fixed)
(version "1.1.29")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
- (patches (search-patches "libxslt-CVE-2016-4738.patch"))
+ ;; XXX Oops, the patches field is redefined below, which means the
+ ;; patch for CVE-2016-4738 was not used. Fixed in the definition of
+ ;; libxslt/fixed below.
+ ;(patches (search-patches "libxslt-CVE-2016-4738.patch"))
(sha256
(base32
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
@@ -210,6 +214,15 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11)))
+(define libxslt/fixed
+ (package
+ (inherit libxslt)
+ (source (origin
+ (inherit (package-source libxslt))
+ (patches (search-patches "libxslt-CVE-2016-4738.patch"
+ "libxslt-CVE-2017-5029.patch"
+ "libxslt-generated-ids.patch"))))))
+
(define-public perl-graph-readwrite
(package
(name "perl-graph-readwrite")