me/guix
Archived
1
0
Fork 0
Code Activity

gnu: expat: Add replacement for [security fixes].

Browse source 
Fixes CVE-2021-45960, CVE-2021-46143, and CVE-2022-22822…22827.

* gnu/packages/xml.scm (expat/fixed): New variable.
(expat)[replacement]: Use it.
This commit is contained in:
Tobias Geerinckx-Rice 2022-01-16 01:00:00 +01:00
parent bd19671f8a
commit 2045852b09
No known key found for this signature in database
GPG key ID: 0DB0FF884F556D79
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
gnu/packages/xml.scm
View file

@ -119,6 +119,7 @@ the entire document.")
(package (package
(name "expat") (name "expat")
(version "2.4.1") (version "2.4.1")
(replacement expat/fixed)
(source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
(origin (origin
(method url-fetch) (method url-fetch)
@ -154,6 +155,23 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).") things the parser might find in the XML document (like start tags).")
(license license:expat))) (license license:expat)))
(define expat/fixed
(package
(inherit expat)
(version "2.4.3")
(source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
(origin
(method url-fetch)
(uri (list (string-append "mirror://sourceforge/expat/expat/"
version "/expat-" version ".tar.xz")
(string-append
"https://github.com/libexpat/libexpat/releases/download/R_"
(string-map dot->underscore version)
"/expat-" version ".tar.xz")))
(sha256
(base32
"12kp4h40cpyqqpjqaldag0xq4ig1ljzpkzy9i2marc7blnqz3ydi")))))))
(define-public libebml (define-public libebml
(package (package
(name "libebml") (name "libebml")