diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-01-30 07:36:51 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-01-30 07:36:51 +0900 |
| commit | 4967394b05bd0ce7a5f43cc138fbb885d54005ee (patch) | |
| tree | c7e769bc530a1780e36144b16a50217ffbe473f4 | |
| parent | 6bd7cd50ca651dfef957e6c19862e54cdf8c0892 (diff) | |
| download | loftix-4967394b05bd0ce7a5f43cc138fbb885d54005ee.tar.gz | |
Add libxml 2.9.4 for CVE-2017-5969
| -rw-r--r-- | README.md | 8 | ||||
| -rw-r--r-- | loftix/bugs.scm | 23 |
2 files changed, 31 insertions, 0 deletions
@@ -51,6 +51,13 @@ Then run `guix pull`. guix shell jasper@1.900.19 -- imginfo -f bugs/cve-2016-9557/reproducer +### CVE-2017-5969 + +[libxml2: null pointer derefence][oss-sec-20161105-3] + + guix shell libxml2@2.9.4 --\ + xmllint --recover bugs/cve-2017-5969/reproducer.xml + ### CVE-2017-14745 [binutils: integer overflow][sourceware-22148] @@ -82,6 +89,7 @@ Then run `guix pull`. [python-pacfix]: https://github.com/hsh814/pacfix-python [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808 [jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c +[oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 diff --git a/loftix/bugs.scm b/loftix/bugs.scm index b435176..ee61288 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -20,6 +20,7 @@ #:use-module (gnu packages base) #:use-module (gnu packages fontutils) #:use-module (gnu packages image) + #:use-module (gnu packages xml) #:use-module (guix build-system gnu) #:use-module (guix download) #:use-module (guix packages)) @@ -66,6 +67,28 @@ (build-system gnu-build-system) (arguments '(#:test-target "test")))) +(define-public libxml2-2.9.4 + (package + (inherit libxml2) + (name "libxml2") + (version "2.9.4") + (source (origin + (method url-fetch) + (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" + version ".tar.gz")) + (sha256 + (base32 + "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))) + ;; $XML_CATALOG_FILES lists 'catalog.xml' files found in under the 'xml' + ;; sub-directory of any given package. + (native-search-paths (list (search-path-specification + (variable "XML_CATALOG_FILES") + (separator " ") + (files '("xml")) + (file-pattern "^catalog\\.xml$") + (file-type 'regular)))) + (search-paths native-search-paths))) + (define-public potrace-1.11 (package (inherit potrace) |