diff options
author | Leo Famulari <leo@famulari.name> | 2017-12-21 02:12:55 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-12-21 12:28:47 -0500 |
commit | 0c9c9526bb3fb665997b3b054f8b57ffdb559043 (patch) | |
tree | e1bae92a8873494f1efe7a42f7e93b6ec2f73eb3 /gnu/packages/xml.scm | |
parent | 2a0e3d163581f053138508b0d40a28e07dc37923 (diff) | |
download | guix-0c9c9526bb3fb665997b3b054f8b57ffdb559043.tar guix-0c9c9526bb3fb665997b3b054f8b57ffdb559043.tar.gz |
gnu: libxslt: Fix CVE-2017-5029 and re-apply the fix for CVE-2016-4738.
This is a followup to commit 2663c38826cd6c2ef0c5119f8072fac8e89b2e9b.
* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
* gnu/packages/patches/libxslt-CVE-2017-5029.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/xml.scm')
-rw-r--r-- | gnu/packages/xml.scm | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 4f75de344c..344d7c347f 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -188,12 +188,16 @@ project (but it is usable outside of the Gnome platform).") (define-public libxslt (package (name "libxslt") + (replacement libxslt/fixed) (version "1.1.29") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) - (patches (search-patches "libxslt-CVE-2016-4738.patch")) + ;; XXX Oops, the patches field is redefined below, which means the + ;; patch for CVE-2016-4738 was not used. Fixed in the definition of + ;; libxslt/fixed below. + ;(patches (search-patches "libxslt-CVE-2016-4738.patch")) (sha256 (base32 "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) @@ -210,6 +214,15 @@ project (but it is usable outside of the Gnome platform).") based on libxml for XML parsing, tree manipulation and XPath support.") (license license:x11))) +(define libxslt/fixed + (package + (inherit libxslt) + (source (origin + (inherit (package-source libxslt)) + (patches (search-patches "libxslt-CVE-2016-4738.patch" + "libxslt-CVE-2017-5029.patch" + "libxslt-generated-ids.patch")))))) + (define-public perl-graph-readwrite (package (name "perl-graph-readwrite") |