From 3ebba94d45e4cc9c5242f812b29c826904506b02 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 19 Jun 2016 13:56:53 -0400 Subject: [PATCH] gnu: libxslt: Replace with 1.1.29 [fixes CVE-2016-{1683,1684}]. * gnu/packages/xml.scm (libxslt)[replacement]: New field. (libxslt/fixed): New variable. --- gnu/packages/xml.scm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 81a71bde6c..812539f397 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2015, 2016 Ricardo Wurmus -;;; Copyright © 2015 Mark H Weaver +;;; Copyright © 2015, 2016 Mark H Weaver ;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2015 Raimon Grau ;;; Copyright © 2016 Leo Famulari @@ -154,6 +154,7 @@ project (but it is usable outside of the Gnome platform).") (package (name "libxslt") (version "1.1.28") + (replacement libxslt/fixed) ; CVE-2016-1683 and CVE-2016-1684 (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" @@ -174,6 +175,19 @@ project (but it is usable outside of the Gnome platform).") based on libxml for XML parsing, tree manipulation and XPath support.") (license license:x11))) +(define-public libxslt/fixed + (package + (inherit libxslt) + (source + (let ((version "1.1.29")) + (origin + (method url-fetch) + (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" + version ".tar.gz")) + (sha256 + (base32 + "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))))))) + (define-public perl-xml-parser (package (name "perl-xml-parser")