Merge pull request #73178 from risicle/ris-libxml2-2.9.10

libxml2: 2.9.9 -> 2.9.10, libxslt: 1.1.33 -> 1.1.34, addressing CVE-2019-18197
2019-11-13 22:09:36 +01:00 · 2019-11-13 22:09:36 +01:00 · abdc1eaed2
commit abdc1eaed2
parent 556df88612 4fec9d582b
2 changed files with 10 additions and 22 deletions
--- a/pkgs/development/libraries/libxml2/default.nix
+++ b/pkgs/development/libraries/libxml2/default.nix
@ -8,11 +8,11 @@
 stdenv.mkDerivation rec {
  pname = "libxml2";
-  version = "2.9.9";
+  version = "2.9.10";
  src = fetchurl {
    url = "http://xmlsoft.org/sources/${pname}-${version}.tar.gz";
-    sha256 = "0wd881jzvqayx0ihzba29jl80k06xj9ywp16kxacdqs3064p1ywl";
+    sha256 = "07xynh8hcxb2yb1fs051xrgszjvj37wnxvxgsj10rzmqzy9y3zma";
  };
  patches = [
    # Upstream bugs:
@ -53,6 +53,12 @@ stdenv.mkDerivation rec {
  enableParallelBuilding = true;
  # disable test that's problematic with newer pythons: see
  # https://mail.gnome.org/archives/xml/2017-August/msg00014.html
  preCheck = lib.optionalString (pythonSupport && !(python?pythonOlder && python.pythonOlder "3.5")) ''
    echo "" > python/tests/tstLastError.py
  '';
  doCheck = (stdenv.hostPlatform == stdenv.buildPlatform) && !stdenv.isDarwin &&
    stdenv.hostPlatform.libc != "musl";
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@ -10,31 +10,13 @@ with stdenv.lib;
 stdenv.mkDerivation rec {
  pname = "libxslt";
-  version = "1.1.33";
+  version = "1.1.34";
  src = fetchurl {
    url = "http://xmlsoft.org/sources/${pname}-${version}.tar.gz";
-    sha256 = "1j1q1swnsy8jgi9x7mclvkrqhfgn09886gdlr9wzk7a08i8n0dlf";
+    sha256 = "0zrzz6kjdyavspzik6fbkpvfpbd25r2qg6py5nnjaabrsr3bvccq";
  };
  patches = [
    (fetchpatch {
      name = "CVE-2019-11068.patch";
      url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
      sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
    })
    (fetchpatch {
      url = "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1.patch";
      name = "CVE-2019-13117.patch";
      sha256 = "0ynfq8y5h623cypj1426iiz7796n3mqbjqa24ndvh2am6rl5lw15";
    })
    (fetchpatch {
      url = "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b.patch";
      name = "CVE-2019-13118.patch";
      sha256 = "0bglz9m9sh2vi50qxcm06iqrazw3h45ycgxnp15iankq95z283iq";
    })
  ];
  outputs = [ "bin" "dev" "out" "man" "doc" ] ++ stdenv.lib.optional pythonSupport "py";
  buildInputs = [ libxml2.dev ]