1 files changed, 13 insertions, 1 deletions

diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 1d54a91130..6fa2183592 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <[email protected]>
 ;;; Copyright © 2015, 2016, 2017, 2018, 2020 Ricardo Wurmus <[email protected]>
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <[email protected]>
-;;; Copyright © 2015-2018, 2020-2022 Efraim Flashner <[email protected]>
+;;; Copyright © 2015-2018, 2020-2022, 2024 Efraim Flashner <[email protected]>
 ;;; Copyright © 2015 Raimon Grau <[email protected]>
 ;;; Copyright © 2016 Mathieu Lirzin <[email protected]>
 ;;; Copyright © 2016, 2017 Leo Famulari <[email protected]>
@@ -125,6 +125,7 @@ the entire document.")
   (package
     (name "expat")
     (version "2.5.0")
+    (replacement expat/fixed)
     (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
               (origin
                 (method url-fetch)
@@ -160,6 +161,17 @@ stream-oriented parser in which an application registers handlers for
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
+(define-public expat/fixed
+ (hidden-package
+  (package
+    (inherit expat)
+    (replacement expat/fixed)
+    (source (origin
+              (inherit (package-source expat))
+              (patches (search-patches "expat-CVE-2024-45490.patch"
+                                       "expat-CVE-2024-45491.patch"
+                                       "expat-CVE-2024-45492.patch")))))))
+
 (define-public libebml
   (package
     (name "libebml")