[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/20: gnu: expat: Add replacement for [security fixes].
From: |
guix-commits |
Subject: |
02/20: gnu: expat: Add replacement for [security fixes]. |
Date: |
Wed, 19 Jan 2022 13:14:07 -0500 (EST) |
nckx pushed a commit to branch master
in repository guix.
commit 2045852b096131a714409aa0cc4fe17938f60b15
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Sun Jan 16 01:00:00 2022 +0100
gnu: expat: Add replacement for [security fixes].
Fixes CVE-2021-45960, CVE-2021-46143, and CVE-2022-22822…22827.
* gnu/packages/xml.scm (expat/fixed): New variable.
(expat)[replacement]: Use it.
---
gnu/packages/xml.scm | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index b89115a051..771c577618 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -119,6 +119,7 @@ the entire document.")
(package
(name "expat")
(version "2.4.1")
+ (replacement expat/fixed)
(source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
(origin
(method url-fetch)
@@ -154,6 +155,23 @@ stream-oriented parser in which an application registers
handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
+(define expat/fixed
+ (package
+ (inherit expat)
+ (version "2.4.3")
+ (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "mirror://sourceforge/expat/expat/"
+ version "/expat-" version ".tar.xz")
+ (string-append
+
"https://github.com/libexpat/libexpat/releases/download/R_"
+ (string-map dot->underscore version)
+ "/expat-" version ".tar.xz")))
+ (sha256
+ (base32
+ "12kp4h40cpyqqpjqaldag0xq4ig1ljzpkzy9i2marc7blnqz3ydi")))))))
+
(define-public libebml
(package
(name "libebml")
- 04/20: gnu: hostapd: Use PKG-CONFIG-FOR-TARGET., (continued)
- 04/20: gnu: hostapd: Use PKG-CONFIG-FOR-TARGET., guix-commits, 2022/01/19
- 05/20: gnu: hostapd: Use G-expressions., guix-commits, 2022/01/19
- 08/20: gnu: scanbd: Fix build., guix-commits, 2022/01/19
- 06/20: gnu: chromaprint: Update to 1.5.1., guix-commits, 2022/01/19
- 07/20: gnu: scanbd: Use G-expressions., guix-commits, 2022/01/19
- 11/20: gnu: acpi-call-linux-module: Use G-expressions., guix-commits, 2022/01/19
- 10/20: build-system/linux-module: Use G-expressions., guix-commits, 2022/01/19
- 12/20: gnu: librem-ec-acpi-linux-module: Unquote arguments., guix-commits, 2022/01/19
- 15/20: gnu: vhba-module: Unquote arguments., guix-commits, 2022/01/19
- 16/20: gnu: bbswitch-module: Unquote arguments., guix-commits, 2022/01/19
- 02/20: gnu: expat: Add replacement for [security fixes].,
guix-commits <=
- 03/20: gnu: hostapd: Update to 2.10., guix-commits, 2022/01/19
- 13/20: gnu: rtl8821ce-linux-module: Use G-expressions., guix-commits, 2022/01/19
- 14/20: gnu: rtl8812au-aircrack-ng-linux-module: Use G-expressions., guix-commits, 2022/01/19
- 17/20: gnu: ddcci-driver-linux: Update to 0.4.2., guix-commits, 2022/01/19
- 18/20: gnu: ddcci-driver-linux: Use G-expressions., guix-commits, 2022/01/19
- 19/20: gnu: v4l2loopback-linux-module: Unquote arguments., guix-commits, 2022/01/19
- 20/20: gnu: xpadneo: Use G-expressions., guix-commits, 2022/01/19