gnu: libxslt: Replace with 1.1.29 [fixes CVE-2016-{1683,1684}].

* gnu/packages/xml.scm (libxslt)[replacement]: New field.
(libxslt/fixed): New variable.
This commit is contained in:
Mark H Weaver 2016-06-19 13:56:53 -04:00
parent cb1436d8d2
commit 3ebba94d45
No known key found for this signature in database
GPG Key ID: 7CEF29847562C516
1 changed files with 15 additions and 1 deletions

View File

@ -4,7 +4,7 @@
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com> ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
@ -154,6 +154,7 @@ project (but it is usable outside of the Gnome platform).")
(package (package
(name "libxslt") (name "libxslt")
(version "1.1.28") (version "1.1.28")
(replacement libxslt/fixed) ; CVE-2016-1683 and CVE-2016-1684
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
@ -174,6 +175,19 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.") based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11))) (license license:x11)))
(define-public libxslt/fixed
(package
(inherit libxslt)
(source
(let ((version "1.1.29"))
(origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
(sha256
(base32
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")))))))
(define-public perl-xml-parser (define-public perl-xml-parser
(package (package
(name "perl-xml-parser") (name "perl-xml-parser")