From 96fd87c96bd6987a967575aaa931c5a7b1c84e21 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 18 Jun 2017 02:08:00 -0400 Subject: gnu: expat: Replace with 2.2.1 [fixes CVE-2017-9233, CVE-2016-9063]. * gnu/packages/xml.scm (expat)[replacement]: New field. (expat-2.2.1): New variable. --- gnu/packages/xml.scm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'gnu') diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 9635413b8f..a6bea3588f 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus -;;; Copyright © 2015, 2016 Mark H Weaver +;;; Copyright © 2015, 2016, 2017 Mark H Weaver ;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2015 Raimon Grau ;;; Copyright © 2016 Mathieu Lirzin @@ -56,6 +56,7 @@ (package (name "expat") (version "2.2.0") + (replacement expat-2.2.1) (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" @@ -74,6 +75,19 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) +(define expat-2.2.1 ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues. + (package + (inherit expat) + (version "2.2.1") + (replacement #f) + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/expat/expat/" + version "/expat-" version ".tar.bz2")) + (sha256 + (base32 + "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q")))))) + (define-public libxml2 (package (name "libxml2") -- cgit v1.2.3