me/guix
Archived
1
0
Fork 0
Code Activity

gnu: expat: Replace with 2.4.1 [fixes CVE-2013-0340].

Browse source 
* gnu/packages/xml.scm (expat-2.4.1): New variable.
(expat)[replacement]: New field.

Co-authored-by: Leo Famulari <leo@famulari.name>
This commit is contained in:
Marius Bakke 2021-05-23 14:22:16 +02:00 committed by Leo Famulari
parent f32e6e1e2c
commit 6d71f6a73c
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
1 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
gnu/packages/xml.scm
View file

@ -13,7 +13,7 @@
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2016, 2017 Nikita <nikita@n0.is> ;;; Copyright © 2016, 2017 Nikita <nikita@n0.is>
;;; Copyright © 20162021 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 20162021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017, 2018, 2019, 2020 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2016, 2017, 2018, 2019, 2020, 2021 Marius Bakke <marius@gnu.org>
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com> ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com> ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
@ -121,6 +121,7 @@ the entire document.")
(package (package
(name "expat") (name "expat")
(version "2.2.9") (version "2.2.9")
(replacement expat-2.4.1)
(source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
(origin (origin
(method url-fetch) (method url-fetch)
@ -144,6 +145,24 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).") things the parser might find in the XML document (like start tags).")
(license license:expat))) (license license:expat)))
;; Replacement package to fix CVE-2013-0340.
(define expat-2.4.1
(package
(inherit expat)
(version "2.4.1")
(source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
(origin
(method url-fetch)
(uri (list (string-append "mirror://sourceforge/expat/expat/"
version "/expat-" version ".tar.xz")
(string-append
"https://github.com/libexpat/libexpat/releases/download/R_"
(string-map dot->underscore version)
"/expat-" version ".tar.xz")))
(sha256
(base32
"0spvyb9d3hijs4ys3x64cfmilsynl8kv6clfahv8d4lvp86js0yg")))))))
(define-public libebml (define-public libebml
(package (package
(name "libebml") (name "libebml")