diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch | 35 | ||||
-rw-r--r-- | gnu/packages/xml.scm | 20 |
3 files changed, 2 insertions, 54 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 20351f3cd0..4acc699753 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -571,7 +571,6 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ - %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/fabric-tests.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch deleted file mode 100644 index b489401fea..0000000000 --- a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch +++ /dev/null @@ -1,35 +0,0 @@ -Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE. - -Discussion: - -https://sourceforge.net/p/expat/bugs/539/ - -Patch copied from upstream source repository: - -https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/ - -From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping <sebastian@pipping.org> -Date: Sun, 17 Jul 2016 20:22:29 +0200 -Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE) - -Thanks to Andy Wang and Karl Waclawek! ---- - expat/lib/xmlparse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c -index b308e67..0d5dd7b 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser, - &fromPtr, rawNameEnd, - (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); - convLen = (int)(toPtr - (XML_Char *)tag->buf); -- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { -+ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { - tag->name.strLen = convLen; - break; - } --- -2.10.0 diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index a6bea3588f..4ed45508fd 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -55,17 +55,14 @@ (define-public expat (package (name "expat") - (version "2.2.0") - (replacement expat-2.2.1) + (version "2.2.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" version "/expat-" version ".tar.bz2")) - (patches - (search-patches "expat-CVE-2016-0718-fix-regression.patch")) (sha256 (base32 - "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr")))) + "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q")))) (build-system gnu-build-system) (home-page "http://www.libexpat.org/") (synopsis "Stream-oriented XML parser library written in C") @@ -75,19 +72,6 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) -(define expat-2.2.1 ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues. - (package - (inherit expat) - (version "2.2.1") - (replacement #f) - (source (origin - (method url-fetch) - (uri (string-append "mirror://sourceforge/expat/expat/" - version "/expat-" version ".tar.bz2")) - (sha256 - (base32 - "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q")))))) - (define-public libxml2 (package (name "libxml2") |