amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: libxml2: Fix CVE-2016-3627 and CVE-2016-3705.

Browse source 
* gnu/packages/patches/libxml2-CVE-2016-3627.patch,
gnu/packages/patches/libxml2-CVE-2016-3705.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xml.scm (libxml2)[replacement]: New field.
(libxml2/fixed): New variable.
This commit is contained in:
Ludovic Courtès 2016-05-24 14:11:52 +02:00
parent c0d2e7b197
commit 493e9a5a8f
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
4 changed files with 141 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
gnu/packages/xml.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
@ -77,6 +77,7 @@ things the parser might find in the XML document (like start tags).")
(package
(name "libxml2")
(version "2.9.3")
(replacement libxml2/fixed) ;multiple CVEs
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
@ -103,6 +104,14 @@ things the parser might find in the XML document (like start tags).")
project (but it is usable outside of the Gnome platform).")
(license license:x11)))
(define libxml2/fixed
(package
(inherit libxml2)
(source (origin
(inherit (package-source libxml2))
(patches (search-patches "libxml2-CVE-2016-3627.patch"
"libxml2-CVE-2016-3705.patch"))))))
(define-public python-libxml2
(package (inherit libxml2)
(name "python-libxml2")