From 0832787e5c463c713d8f24fdec0f52900ff1c2bd Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Thu, 4 Aug 2016 08:16:38 -0400
Subject: Revert "Merge branch 'core-updates'"

This reverts commit 455859a50f88f625d13fc2f304111f02369b366b.
---
 gnu/packages/xml.scm | 65 +++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 51 insertions(+), 14 deletions(-)

(limited to 'gnu/packages/xml.scm')

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index e97a0b01ea..af597b801a 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -7,7 +7,6 @@
 ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
-;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -47,17 +46,16 @@
 (define-public expat
   (package
     (name "expat")
-    (version "2.1.1")
+    (replacement expat/fixed)
+    (version "2.1.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
-                                 version "/expat-" version ".tar.bz2"))
-             (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
-                                      "expat-CVE-2015-1283-refix.patch"
-                                      "expat-CVE-2016-0718.patch"))
+                                 version "/expat-" version ".tar.gz"))
              (sha256
               (base32
-               "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))
+               "11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2"))
+             (patches (search-patches "expat-CVE-2015-1283.patch"))))
     (build-system gnu-build-system)
     (home-page "http://www.libexpat.org/")
     (synopsis "Stream-oriented XML parser library written in C")
@@ -67,17 +65,28 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+(define expat/fixed
+  (package
+    (inherit expat)
+    (source (origin
+              (inherit (package-source expat))
+              (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
+                                       "expat-CVE-2015-1283.patch"
+                                       "expat-CVE-2015-1283-refix.patch"
+                                       "expat-CVE-2016-0718.patch"))))))
+
 (define-public libxml2
   (package
     (name "libxml2")
-    (version "2.9.4")
+    (version "2.9.3")
+    (replacement libxml2/fixed)                   ;multiple CVEs
     (source (origin
              (method url-fetch)
              (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))
+               "0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad"))))
     (build-system gnu-build-system)
     (home-page "http://www.xmlsoft.org/")
     (synopsis "C parser for XML")
@@ -97,6 +106,20 @@ things the parser might find in the XML document (like start tags).")
 project (but it is usable outside of the Gnome platform).")
     (license license:x11)))
 
+(define libxml2/fixed
+  (package
+    (inherit libxml2)
+    (source
+     (let ((name "libxml2")
+           (version "2.9.4"))
+       (origin
+         (method url-fetch)
+         (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
+                             version ".tar.gz"))
+         (sha256
+          (base32
+           "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))))))
+
 (define-public python-libxml2
   (package (inherit libxml2)
     (name "python-libxml2")
@@ -130,15 +153,16 @@ project (but it is usable outside of the Gnome platform).")
 (define-public libxslt
   (package
     (name "libxslt")
-    (version "1.1.29")
+    (version "1.1.28")
+    (replacement libxslt/fixed)  ; CVE-2016-1683 and CVE-2016-1684
     (source (origin
              (method url-fetch)
              (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
-             (patches (search-patches "libxslt-generated-ids.patch"))))
+               "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))
+             (patches (search-patches "libxslt-CVE-2015-7995.patch"))))
     (build-system gnu-build-system)
     (home-page "http://xmlsoft.org/XSLT/index.html")
     (synopsis "C library for applying XSLT stylesheets to XML documents")
@@ -151,6 +175,19 @@ project (but it is usable outside of the Gnome platform).")
 based on libxml for XML parsing, tree manipulation and XPath support.")
     (license license:x11)))
 
+(define-public libxslt/fixed
+  (package
+    (inherit libxslt)
+    (source
+     (let ((version "1.1.29"))
+       (origin
+         (method url-fetch)
+         (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
+                             version ".tar.gz"))
+         (sha256
+          (base32
+           "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")))))))
+
 (define-public perl-xml-parser
   (package
     (name "perl-xml-parser")
@@ -207,7 +244,7 @@ module.")
 (define-public perl-xml-libxml
   (package
     (name "perl-xml-libxml")
-    (version "2.0128")
+    (version "2.0125")
     (source
      (origin
        (method url-fetch)
@@ -215,7 +252,7 @@ module.")
                            "XML-LibXML-" version ".tar.gz"))
        (sha256
         (base32
-         "0awgd2gjzy7kn38bqblsigikzl81xsi561phkz9f9b9v3x2vmrr6"))))
+         "1mvbv1pwpdqni9ia9b6brg8brnnvfxr8j5x872qsngc92gipyh01"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-xml-namespacesupport" ,perl-xml-namespacesupport)
-- 
cgit v1.2.3