gnu: libxml2: Fix CVE-2016-4658.

* gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. * gnu/packages/patches/libxml2-CVE-2016-4658.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
2025-10-02 02:15:12 +00:00 · 2016-12-24 19:09:03 -05:00 · 2016-12-24 19:09:03 -05:00 · 0c83c6bf26
commit 0c83c6bf26
parent daa481f59a
3 changed files with 267 additions and 0 deletions
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@ -74,6 +74,7 @@ things the parser might find in the XML document (like start tags).")
 (define-public libxml2
  (package
    (name "libxml2")
+    (replacement libxml2/fixed)
    (version "2.9.4")
    (source (origin
             (method url-fetch)
@ -101,6 +102,14 @@ things the parser might find in the XML document (like start tags).")
 project (but it is usable outside of the Gnome platform).")
    (license license:x11)))

+(define libxml2/fixed
+  (package
+    (inherit libxml2)
+    (source
+      (origin
+        (inherit (package-source libxml2))
+        (patches (search-patches "libxml2-CVE-2016-4658.patch"))))))
+
 (define-public python-libxml2
  (package (inherit libxml2)
    (name "python-libxml2")