Merge branch 'master' into core-updates

Conflicts: gnu/local.mk gnu/packages/python-xyz.scm gnu/packages/xml.scm guix/gexp.scm po/guix/POTFILES.in
author: Marius Bakke <mbakke@fastmail.com> 2019-07-12 01:03:53 +0200
committer: Marius Bakke <mbakke@fastmail.com> 2019-07-12 01:03:53 +0200
commit: fb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd (patch)
tree: afbd3f4f33771c61254b0c3d977092542fbe8009 /gnu/packages/patches/expat-CVE-2018-20843.patch
parent: 1c4b72cb34640638e40c5190676e5c8c352d292d (diff)
parent: 5a836ce38c9c29e9c2bd306007347486b90c5064 (diff)
download: guix-fb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch
new file mode 100644
index 0000000000..216fbe9667
--- /dev/null
+++ b/gnu/packages/patches/expat-CVE-2018-20843.patch
@@ -0,0 +1,21 @@
+Fix extraction of namespace prefix from XML name.
+Fixes CVE-2018-20843
+
+This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
+
+CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5..737d7cd 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
+       else
+         poolDiscard(&dtd->pool);
+       elementType->prefix = prefix;
+-
++      break;
+     }
+   }
+   return 1;
author	Marius Bakke <mbakke@fastmail.com>	2019-07-12 01:03:53 +0200
committer	Marius Bakke <mbakke@fastmail.com>	2019-07-12 01:03:53 +0200
commit	fb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd (patch)
tree	afbd3f4f33771c61254b0c3d977092542fbe8009 /gnu/packages/patches/expat-CVE-2018-20843.patch
parent	1c4b72cb34640638e40c5190676e5c8c352d292d (diff)
parent	5a836ce38c9c29e9c2bd306007347486b90c5064 (diff)
download	guix-fb9a23a3f3ad3d7b5b7f03b2007baf27684d6bbd.tar.gz