mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-27 08:01:14 +00:00
libxml2: bugfix updates from git upstream
This should solve CVE-2016-5131 and some other bugs, but not what Suse calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497 The bugzilla discussion seems to indicate that the CVE is referenced incorrectly and only shows reproducing when using command-line flags that are considered "unsafe". CVE-2016-9318 also remains unfixed, as I consider their reasoning OK: https://lwn.net/Alerts/714411/ /cc #22826.
This commit is contained in:
parent
524de86db0
commit
5ad81ab09c
|
@ -17,19 +17,13 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2016-4658.patch";
|
||||
url = "https://git.gnome.org/browse/libxml2/patch/?id=c1d1f7121194036608bf555f08d3062a36fd344b";
|
||||
sha256 = "0q7i5qgwgzp2x4r820mqq3nx69bgkd7n0v00j28wa6hndbfaaxmb";
|
||||
# Contains fixes for CVE-2016-{4658,5131} and other bugs.
|
||||
name = "misc.patch";
|
||||
url = "https://git.gnome.org/browse/libxml2/patch/?id=e905f081&id2=v2.9.4";
|
||||
sha256 = "14rnzilspmh92bcpwbd6kqikj36gx78al42ilgpqgl1609krb5m5";
|
||||
})
|
||||
];
|
||||
|
||||
# https://bugzilla.gnome.org/show_bug.cgi?id=766834#c5
|
||||
postPatch = "patch -R < " + fetchpatch {
|
||||
name = "schemas-validity.patch";
|
||||
url = "https://git.gnome.org/browse/libxml2/patch/?id=f6599c5164";
|
||||
sha256 = "0i7a0nhxwkxx6dkm8917qn0bsfn1av6ghg2f4dxanxi4bn4b1jjn";
|
||||
};
|
||||
|
||||
outputs = [ "bin" "dev" "out" "doc" ]
|
||||
++ lib.optional pythonSupport "py";
|
||||
propagatedBuildOutputs = "out bin" + lib.optionalString pythonSupport " py";
|
||||
|
|
Loading…
Reference in a new issue