aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch35
-rw-r--r--gnu/packages/xml.scm20
3 files changed, 2 insertions, 54 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 20351f3cd0..4acc699753 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -571,7 +571,6 @@ dist_patch_DATA = \
%D%/packages/patches/emacs-source-date-epoch.patch \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
- %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/fabric-tests.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
%D%/packages/patches/fastcap-mulSetup.patch \
diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
deleted file mode 100644
index b489401fea..0000000000
--- a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.
-
-Discussion:
-
-https://sourceforge.net/p/expat/bugs/539/
-
-Patch copied from upstream source repository:
-
-https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
-
-From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Sun, 17 Jul 2016 20:22:29 +0200
-Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
-
-Thanks to Andy Wang and Karl Waclawek!
----
- expat/lib/xmlparse.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index b308e67..0d5dd7b 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
- &fromPtr, rawNameEnd,
- (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
- convLen = (int)(toPtr - (XML_Char *)tag->buf);
-- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
-+ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
- tag->name.strLen = convLen;
- break;
- }
---
-2.10.0
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index a6bea3588f..4ed45508fd 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -55,17 +55,14 @@
(define-public expat
(package
(name "expat")
- (version "2.2.0")
- (replacement expat-2.2.1)
+ (version "2.2.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
version "/expat-" version ".tar.bz2"))
- (patches
- (search-patches "expat-CVE-2016-0718-fix-regression.patch"))
(sha256
(base32
- "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr"))))
+ "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))
(build-system gnu-build-system)
(home-page "http://www.libexpat.org/")
(synopsis "Stream-oriented XML parser library written in C")
@@ -75,19 +72,6 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
-(define expat-2.2.1 ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues.
- (package
- (inherit expat)
- (version "2.2.1")
- (replacement #f)
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://sourceforge/expat/expat/"
- version "/expat-" version ".tar.bz2"))
- (sha256
- (base32
- "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))))
-
(define-public libxml2
(package
(name "libxml2")