From patchwork Fri Jun 28 19:57:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jack Hill X-Patchwork-Id: 14422 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1764217179; Fri, 28 Jun 2019 20:59:19 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id B157B17174 for ; Fri, 28 Jun 2019 20:59:18 +0100 (BST) Received: from localhost ([::1]:36050 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgx1i-0002BA-Cd for patchwork@mira.cbaines.net; Fri, 28 Jun 2019 15:59:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37786) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hgx1a-00028f-UW for guix-patches@gnu.org; Fri, 28 Jun 2019 15:59:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hgx1U-0001ky-IN for guix-patches@gnu.org; Fri, 28 Jun 2019 15:59:07 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57766) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hgx1S-0001jJ-24 for guix-patches@gnu.org; Fri, 28 Jun 2019 15:59:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hgx1R-0008Q7-V9 for guix-patches@gnu.org; Fri, 28 Jun 2019 15:59:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36424] gnu: expat: Replace with 2.2.7 [security fixes] References: In-Reply-To: Resent-From: Jack Hill Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 28 Jun 2019 19:59:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36424 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 36424@debbugs.gnu.org Received: via spool by 36424-submit@debbugs.gnu.org id=B36424.156175188632282 (code B ref 36424); Fri, 28 Jun 2019 19:59:01 +0000 Received: (at 36424) by debbugs.gnu.org; 28 Jun 2019 19:58:06 +0000 Received: from localhost ([127.0.0.1]:43075 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hgx0Y-0008Oa-0r for submit@debbugs.gnu.org; Fri, 28 Jun 2019 15:58:06 -0400 Received: from minsky.hcoop.net ([104.248.1.95]:38390) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hgx0W-0008O5-3X for 36424@debbugs.gnu.org; Fri, 28 Jun 2019 15:58:04 -0400 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hgx0Q-0003XP-Rh for 36424@debbugs.gnu.org; Fri, 28 Jun 2019 15:57:58 -0400 Date: Fri, 28 Jun 2019 15:57:58 -0400 (EDT) From: Jack Hill X-X-Sender: jackhill@marsh.hcoop.net Message-ID: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches From 6db23c61704686016a57fb9557240dd83a79bea6 Mon Sep 17 00:00:00 2001 From: Jack Hill Date: Fri, 28 Jun 2019 15:47:35 -0400 This fixes CVE-2018-20843. * gnu/packages/xml.scm (expat)[replacement]: New field. (expat-2.2.7): New public variable. --- gnu/packages/xml.scm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index fc60758724..1be2a58d2e 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -20,6 +20,7 @@ ;;; Copyright © 2017 Petter ;;; Copyright © 2017 Stefan Reichör ;;; Copyright © 2018 Pierre Neidhardt +;;; Copyright © 2019 Jack Hill ;;; ;;; This file is part of GNU Guix. ;;; @@ -65,6 +66,7 @@ (define-public expat (package (name "expat") + (replacement expat-2.2.7) (version "2.2.6") (source (origin (method url-fetch) @@ -82,6 +84,21 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) +(define-public expat-2.2.7 + (let ((dot->underscore (lambda (c) (if (equal? #\. c) #\_ c)))) + (package + (inherit expat) + (version "2.2.7") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/libexpat/libexpat/releases/download/R_" + (string-map dot->underscore version) + "/expat-" version ".tar.xz")) + (sha256 + (base32 + "1y5yax6bq8p9xk49zqkd62pxk8bq266wrgbrqgaxp3wsrw5g9qrh"))))))) + (define-public libebml (package (name "libebml")