Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
|
|
We can use use `stdenv.hostPlatform.isStatic` instead, and move the
logic per package. The least opionated benefit of this is that it makes
it much easier to replace packages with modified ones, as there is no
longer any issue of overlay order.
CC @FRidh @matthewbauer
|
|
|
|
Fixes an out-of-bounds read when using xmllint with the --htmlout
parameter.
Fixes: CVE-2020-24977
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
disable python test which was previously failing anyway, but in previous
versions it was being ignored
|
|
1. Gnumeric has unbalanced XML tags in its doc translations.
2. itstool's XML error handler tries to print this error with context.
3. libxml2's context snipper treats the data as bytes, not UTF-8.
4. python3Packages.libxml2 casts the context to a UTF-8 Python string.
5. itstool dereferences a null pointer.
This patch intervenes at #4.
In https://bugzilla.gnome.org/show_bug.cgi?id=789714#c4 , upstream
suggests that intervening at #3 would be better -- that each of the four
copies of xmlParserPrintFileContextInternal() have four additional UTF-8
problems, one of which is that the caret indicator ought to count
"unicode characters" not bytes. But to position a caret correctly, a
character count is not sufficient -- this would need to use icu's BiDi
logic (with fallback to doing something wrong when libxml2 is configured
not to use icu) -- which makes a 'correct' fix a much larger project
than this simple band-aid.
|
|
Changing the default may cause breakage, however, users should have
already switched to `pythonPackages.libxml2` long ago.
|
|
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
|
|
* treewide: remove unused variables
* making ofborg happy
|
|
|
|
The static output should only get created when both enableShared and
enableStatic are set. Otherwise there would be libraries missing from
the main output when enableShared = false & enableStatic = true. This
can cause issues in some packages that don’t know about libxml2’s
static output.
(cherry picked from commit 2bd6bb0a4bf21005d8877c735709cd21d22e05bd)
(cherry picked from commit 1421a39c1e62584d346185ad49484b11b7703dc1)
|
|
|
|
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
|
|
Since the already added patch for CVE-2018-9251 also affects
CVE-2018-14567 I renamed the applied patch accordingly.
|
|
|
|
|
|
|
|
Mingw fixes
|
|
Mingw/Windows support works out of the box.
|
|
|
|
If `enableStatic` is set to true, the output `static` contains the
static library.
|
|
This reverts commit 1897c352f55f5c5e7b63f252456d091d0fbdbcf7 on master.
This is a mass rebuild that should go through staging.
|
|
|
|
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 2.9.8 in filename of file in /nix/store/cjycf1wx5a5l22a9kwhpnnh2h9i7pahk-libxc-4.0.4
|
|
|
|
|
|
|
|
|
|
Because man & info pages won't be going to $doc after the next commit.
Scripted change for the files having one-package-per-file.
|
|
|
|
Turns out a couple of the licenses were wrong, as well as being strings.
|
|
This should solve CVE-2016-5131 and some other bugs, but not what Suse
calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497
The bugzilla discussion seems to indicate that the CVE is referenced
incorrectly and only shows reproducing when using command-line flags
that are considered "unsafe".
CVE-2016-9318 also remains unfixed, as I consider their reasoning OK:
https://lwn.net/Alerts/714411/
/cc #22826.
|
|
|
|
since that is more commonly used in Nixpkgs.
|
|
cc #20078
|
|
|
|
Make either 'bin' or 'out' the first output.
|
|
Apparently they won't work there.
|
|
That wouldn't uncover the problem fixed in parent commit,
but it shouldn't hurt.
|
|
... by reverting an upstream commit
/cc #15697.
I should make some distro pay me for digging into such things :-)
|
|
- CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName
https://bugzilla.redhat.com/show_bug.cgi?id=1338686
- CVE-2016-4448 libxml2: Format string vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1338700
- CVE-2016-4449 libxml2: Inappropriate fetch of entities content
https://bugzilla.redhat.com/show_bug.cgi?id=1338701
and many other fixed issues, available at http://www.xmlsoft.org/news.html
|
|
|
|
After closure-size merge we need to disable python support,
as python upstream doesn't support cross-building linux -> mingw.
|