From 0c83c6bf2669367e81012391b5bc4ab0406ffbf3 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 24 Dec 2016 19:09:03 -0500
Subject: gnu: libxml2: Fix CVE-2016-4658.

* gnu/packages/xml.scm (libxml2)[replacement]: New field.
(libxml2/fixed): New variable.
* gnu/packages/patches/libxml2-CVE-2016-4658.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/packages/xml.scm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'gnu/packages/xml.scm')

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 594a1a471c..d821338b52 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -74,6 +74,7 @@ things the parser might find in the XML document (like start tags).")
 (define-public libxml2
   (package
     (name "libxml2")
+    (replacement libxml2/fixed)
     (version "2.9.4")
     (source (origin
              (method url-fetch)
@@ -101,6 +102,14 @@ things the parser might find in the XML document (like start tags).")
 project (but it is usable outside of the Gnome platform).")
     (license license:x11)))
 
+(define libxml2/fixed
+  (package
+    (inherit libxml2)
+    (source
+      (origin
+        (inherit (package-source libxml2))
+        (patches (search-patches "libxml2-CVE-2016-4658.patch"))))))
+
 (define-public python-libxml2
   (package (inherit libxml2)
     (name "python-libxml2")
-- 
cgit v1.2.3