[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: expat: Replace with 2.2.1 [fixes CVE-2017-9233, CVE-2016-906
From: |
Mark H. Weaver |
Subject: |
01/01: gnu: expat: Replace with 2.2.1 [fixes CVE-2017-9233, CVE-2016-9063]. |
Date: |
Sun, 18 Jun 2017 02:21:47 -0400 (EDT) |
mhw pushed a commit to branch master
in repository guix.
commit 96fd87c96bd6987a967575aaa931c5a7b1c84e21
Author: Mark H Weaver <address@hidden>
Date: Sun Jun 18 02:08:00 2017 -0400
gnu: expat: Replace with 2.2.1 [fixes CVE-2017-9233, CVE-2016-9063].
* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat-2.2.1): New variable.
---
gnu/packages/xml.scm | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 9635413..a6bea35 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -4,7 +4,7 @@
;;; Copyright © 2015 Eric Bavier <address@hidden>
;;; Copyright © 2015 Sou Bunnbu <address@hidden>
;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <address@hidden>
-;;; Copyright © 2015, 2016 Mark H Weaver <address@hidden>
+;;; Copyright © 2015, 2016, 2017 Mark H Weaver <address@hidden>
;;; Copyright © 2015, 2016 Efraim Flashner <address@hidden>
;;; Copyright © 2015 Raimon Grau <address@hidden>
;;; Copyright © 2016 Mathieu Lirzin <address@hidden>
@@ -56,6 +56,7 @@
(package
(name "expat")
(version "2.2.0")
+ (replacement expat-2.2.1)
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
@@ -74,6 +75,19 @@ stream-oriented parser in which an application registers
handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
+(define expat-2.2.1 ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues.
+ (package
+ (inherit expat)
+ (version "2.2.1")
+ (replacement #f)
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/expat/expat/"
+ version "/expat-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))))
+
(define-public libxml2
(package
(name "libxml2")