From 7c3f22e9c3311dcb27e9b8bd31c6fa6eb0a549d8 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 13 Jan 2018 09:16:07 -0800 Subject: gnu: libxml2: Fix CVE-2017-15412. * gnu/packages/patches/libxml2-CVE-2017-15412.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xml.scm (libxml2/fixed)[source]: Use it. --- gnu/packages/xml.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/packages/xml.scm') diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 23b447502b..ce0d13a999 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -155,7 +155,8 @@ project (but it is usable outside of the Gnome platform).") "libxml2-CVE-2017-7375.patch" "libxml2-CVE-2017-7376.patch" "libxml2-CVE-2017-9047+CVE-2017-9048.patch" - "libxml2-CVE-2017-9049+CVE-2017-9050.patch"))))))) + "libxml2-CVE-2017-9049+CVE-2017-9050.patch" + "libxml2-CVE-2017-15412.patch"))))))) (define-public python-libxml2 (package (inherit libxml2) -- cgit v1.2.3 From e428b2c026f47ff8f1f3f4db93f8925af7159fad Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 13 Jan 2018 09:55:42 -0800 Subject: gnu: python-libxml2: Inherit the replacement source of libxml2. Previously, python-libxml2 would inherit the ungrafted libxml2, missing several patches on the libxml2 source code. * gnu/packages/xml.scm (python-libxml2, python2-libxml2): Use package/inherit. --- gnu/packages/xml.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/xml.scm') diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index ce0d13a999..01a4353440 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -159,7 +159,7 @@ project (but it is usable outside of the Gnome platform).") "libxml2-CVE-2017-15412.patch"))))))) (define-public python-libxml2 - (package (inherit libxml2) + (package/inherit libxml2 (name "python-libxml2") (build-system python-build-system) (arguments -- cgit v1.2.3 From a040db6d70d021d482a12aa9a91ab4199a99d9af Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 19 Jan 2018 05:18:03 +0100 Subject: gnu: libebml: Update to 1.3.5. * gnu/packages/xml.scm (libebml): Update to 1.3.5. [source, home-page]: Update URI. --- gnu/packages/xml.scm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'gnu/packages/xml.scm') diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 01a4353440..ff26214276 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -12,7 +12,7 @@ ;;; Copyright © 2016 Ben Woodcroft ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2016, 2017 ng0 -;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice +;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2016, 2017 Marius Bakke ;;; Copyright © 2017 Adriano Peluso ;;; Copyright © 2017 Gregor Giesen @@ -92,17 +92,17 @@ things the parser might find in the XML document (like start tags).") (define-public libebml (package (name "libebml") - (version "1.3.4") + (version "1.3.5") (source (origin (method url-fetch) (uri (string-append "https://dl.matroska.org/downloads/" - name "/" name "-" version ".tar.bz2")) + name "/" name "-" version ".tar.xz")) (sha256 (base32 - "11zka6z9ncywyjr1gfm5cnii33ln7y3w6s86kiacchip2g7kw3f5")))) + "005a0ipqnfbsq47zrc61zszi439jw32q5xd6dc1jyb3lc0zl266q")))) (build-system gnu-build-system) - (home-page "https://www.matroska.org") + (home-page "https://matroska-org.github.io/libebml/") (synopsis "C++ libary to parse EBML files") (description "libebml is a C++ library to read and write EBML (Extensible Binary Meta Language) files. EBML was designed to be a simplified binary -- cgit v1.2.3 From b7cbcee552c5bd4e8398fc70a3a45eaa002b2770 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 19 Jan 2018 06:07:14 +0100 Subject: gnu: minixml: Update to 2.11. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/xml.scm (minixml): Update to 2.11. [source]: Use URL-FETCH/TARBOMB method. [arguments]: Add ‘fix-permissions’ phase. --- gnu/packages/xml.scm | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'gnu/packages/xml.scm') diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index ff26214276..eccef0d898 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -973,18 +973,28 @@ Libxml2).") (define-public minixml (package (name "minixml") - (version "2.10") + (version "2.11") (source (origin - (method url-fetch) + (method url-fetch/tarbomb) (uri (string-append "https://github.com/michaelrsweet/mxml/" - "releases/download/release-" version + "releases/download/v" version "/mxml-" version ".tar.gz")) (sha256 (base32 - "14bqfq4lymhb31snz6wsvzhlavy0573v1nki1lbngiyxcj5zazr6")))) + "13xsw8vvkxd10vca42ccdyl9rs64lcvhbfz57aknpl3xcfn8mxma")))) (build-system gnu-build-system) (arguments - `(#:tests? #f)) ;no "check" target + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-permissions + ;; FIXME: url-fetch/tarbomb resets all permissions to 555/444. + (lambda _ + (for-each + (lambda (file) + (chmod file #o644)) + (find-files "doc" "\\.")) + #t))) + #:tests? #f)) ; tests are run during build (home-page "https://michaelrsweet.github.io/mxml") (synopsis "Small XML parsing library") (description -- cgit v1.2.3