From 493e9a5a8f613764cfa396c33ee6cb381b0dbbef Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 24 May 2016 14:11:52 +0200 Subject: gnu: libxml2: Fix CVE-2016-3627 and CVE-2016-3705. * gnu/packages/patches/libxml2-CVE-2016-3627.patch, gnu/packages/patches/libxml2-CVE-2016-3705.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. --- gnu/packages/xml.scm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'gnu/packages/xml.scm') diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 9eaf71aefa..96bb8b76c6 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2015 Sou Bunnbu @@ -77,6 +77,7 @@ things the parser might find in the XML document (like start tags).") (package (name "libxml2") (version "2.9.3") + (replacement libxml2/fixed) ;multiple CVEs (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" @@ -103,6 +104,14 @@ things the parser might find in the XML document (like start tags).") project (but it is usable outside of the Gnome platform).") (license license:x11))) +(define libxml2/fixed + (package + (inherit libxml2) + (source (origin + (inherit (package-source libxml2)) + (patches (search-patches "libxml2-CVE-2016-3627.patch" + "libxml2-CVE-2016-3705.patch")))))) + (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") -- cgit 1.4.1