From 119b83989dd9edd1e8ba6cd379d159d024cbc61d Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Wed, 18 May 2016 13:26:17 -0400
Subject: gnu: expat: Fix CVE-2016-0718. Improve fix for CVE-2015-1283.

* gnu/packages/patches/expat-CVE-2015-1283-refix.patch,
gnu/packages/patches/expat-CVE-2016-0718.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat/fixed): New variable.
[source]: Use new patches.
---
 gnu/packages/xml.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'gnu/packages/xml.scm')

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index e1f111e329..9eaf71aefa 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,6 +45,7 @@
 (define-public expat
   (package
     (name "expat")
+    (replacement expat/fixed)
     (version "2.1.0")
     (source (origin
              (method url-fetch)
@@ -62,6 +64,15 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+(define expat/fixed
+  (package
+    (inherit expat)
+    (source (origin
+              (inherit (package-source expat))
+              (patches (search-patches "expat-CVE-2015-1283.patch"
+                                       "expat-CVE-2015-1283-refix.patch"
+                                       "expat-CVE-2016-0718.patch"))))))
+
 (define-public libxml2
   (package
     (name "libxml2")
-- 
cgit 1.4.1