From 76fed2b3c4e3703d1ad81c4330edd94d551b6334 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Wed, 30 Aug 2017 21:21:21 +0800 Subject: gnu: libxml2: Fix CVE-2017-{0663,7375,7376,9047,9048,9049,9050}. * gnu/packages/patches/libxml2-CVE-2017-0663.patch, gnu/packages/patches/libxml2-CVE-2017-7375.patch, gnu/packages/patches/libxml2-CVE-2017-7376.patch, gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch, gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xml.scm (libxml2)[replacement]: New field. (libxml2/fixed): New variable. Signed-off-by: Marius Bakke --- gnu/packages/xml.scm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'gnu/packages/xml.scm') diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index dd229ba73b..b4aa89e881 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2016, 2017 Marius Bakke ;;; Copyright © 2017 Adriano Peluso ;;; Copyright © 2017 Gregor Giesen +;;; Copyright © 2017 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -110,6 +111,7 @@ (define-public libxml2 (package (name "libxml2") (version "2.9.4") + (replacement libxml2/fixed) (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" @@ -138,6 +140,19 @@ (define-public libxml2 project (but it is usable outside of the Gnome platform).") (license license:x11))) +(define libxml2/fixed + (package + (inherit libxml2) + (source + (origin + (inherit (package-source libxml2)) + (patches + (search-patches "libxml2-CVE-2017-0663.patch" + "libxml2-CVE-2017-7375.patch" + "libxml2-CVE-2017-7376.patch" + "libxml2-CVE-2017-9047+CVE-2017-9048.patch" + "libxml2-CVE-2017-9049+CVE-2017-9050.patch")))))) + (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") -- cgit v1.2.3