diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2022-01-16 01:00:00 +0100 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2022-01-16 01:00:00 +0100 |
commit | 2045852b096131a714409aa0cc4fe17938f60b15 (patch) | |
tree | 82dccbd7050a4b472279ad180a2c6e7a2d6f2e43 | |
parent | bd19671f8a500f7bd5d17f8d08e4119a774acb46 (diff) | |
download | guix-2045852b096131a714409aa0cc4fe17938f60b15.tar.gz guix-2045852b096131a714409aa0cc4fe17938f60b15.zip |
gnu: expat: Add replacement for [security fixes].
Fixes CVE-2021-45960, CVE-2021-46143, and CVE-2022-22822…22827.
* gnu/packages/xml.scm (expat/fixed): New variable.
(expat)[replacement]: Use it.
-rw-r--r-- | gnu/packages/xml.scm | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index b89115a051..771c577618 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -119,6 +119,7 @@ the entire document.") (package (name "expat") (version "2.4.1") + (replacement expat/fixed) (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (origin (method url-fetch) @@ -154,6 +155,23 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) +(define expat/fixed + (package + (inherit expat) + (version "2.4.3") + (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) + (origin + (method url-fetch) + (uri (list (string-append "mirror://sourceforge/expat/expat/" + version "/expat-" version ".tar.xz") + (string-append + "https://github.com/libexpat/libexpat/releases/download/R_" + (string-map dot->underscore version) + "/expat-" version ".tar.xz"))) + (sha256 + (base32 + "12kp4h40cpyqqpjqaldag0xq4ig1ljzpkzy9i2marc7blnqz3ydi"))))))) + (define-public libebml (package (name "libebml") |