gnu: expat: fix CVE-2018-20843

* gnu/packages/xml.scm (expat)[replacement]: New field. (expat/fixed): New variable. * gnu/packages/patches/expat-CVE-2018-20843.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch file. Signed-off-by: Marius Bakke <mbakke@fastmail.com>
author: Jack Hill <jackhill@jackhill.us> 2019-07-10 16:23:03 -0400
committer: Marius Bakke <mbakke@fastmail.com> 2019-07-12 00:39:01 +0200
commit: 5a836ce38c9c29e9c2bd306007347486b90c5064 (patch)
tree: ebc96aa474b77590be1871d2a75d941513c9b163 /gnu/packages/xml.scm
parent: f85c8dd8aec96869d7b56e2e926d2e2e758da1cf (diff)
download: patches-5a836ce38c9c29e9c2bd306007347486b90c5064.tar
patches-5a836ce38c9c29e9c2bd306007347486b90c5064.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index e3260be103..0cd9319c95 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -66,6 +66,7 @@
 (define-public expat
   (package
     (name "expat")
+    (replacement expat/fixed)
     (version "2.2.6")
     (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
               (origin
@@ -88,6 +89,14 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+(define expat/fixed
+  (package
+    (inherit expat)
+    (source
+     (origin
+       (inherit (package-source expat))
+       (patches (search-patches "expat-CVE-2018-20843.patch"))))))
+
 (define-public libebml
   (package
     (name "libebml")
author	Jack Hill <jackhill@jackhill.us>	2019-07-10 16:23:03 -0400
committer	Marius Bakke <mbakke@fastmail.com>	2019-07-12 00:39:01 +0200
commit	5a836ce38c9c29e9c2bd306007347486b90c5064 (patch)
tree	ebc96aa474b77590be1871d2a75d941513c9b163 /gnu/packages/xml.scm
parent	f85c8dd8aec96869d7b56e2e926d2e2e758da1cf (diff)
download	patches-5a836ce38c9c29e9c2bd306007347486b90c5064.tar patches-5a836ce38c9c29e9c2bd306007347486b90c5064.tar.gz