gnu: expat: Replace with 2.1.1 [fixes CVE-2015-1283].

* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat-2.1.1): New variable.
This commit is contained in:
Mark H Weaver 2016-03-25 17:01:52 -04:00
parent 7adbe85e60
commit 6458876597
1 changed files with 16 additions and 1 deletions

View File

@ -4,7 +4,7 @@
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com> ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
;;; ;;;
@ -43,6 +43,7 @@
(define-public expat (define-public expat
(package (package
(replacement expat-2.1.1)
(name "expat") (name "expat")
(version "2.1.0") (version "2.1.0")
(source (origin (source (origin
@ -62,6 +63,20 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).") things the parser might find in the XML document (like start tags).")
(license license:expat))) (license license:expat)))
(define expat-2.1.1
(package
(inherit expat)
(replacement #f)
(source
(let ((version "2.1.1"))
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
version "/expat-" version ".tar.bz2"))
(sha256
(base32
"0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg")))))))
(define-public libxml2 (define-public libxml2
(package (package
(name "libxml2") (name "libxml2")