Commit 1b5e6df3 authored by Natanael Copa's avatar Natanael Copa

main/expat: security fixes

CVE-2009-3560
CVE-2009-3720
parent 026984a0
# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
pkgname=expat
pkgver=2.0.1
pkgrel=0
pkgrel=1
pkgdesc="An XML Parser library written in C"
url="http://www.libexpat.org/"
license='AS IS'
depends="uclibc"
makedepends=""
source="http://surfnet.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz"
depends=
makedepends=
source="http://surfnet.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz
CVE-2009-3560.patch
CVE-2009-3720.patch
"
subpackages="$pkgname-dev $pkgname-doc"
build() {
cd "$srcdir/$pkgname-$pkgver"
_builddir="$srcdir/$pkgname-$pkgver"
prepare() {
cd "$_builddir"
for i in "$srcdir"/*.patch; do
[ -f "$i" ] || continue
msg "Applying $i"
patch -p1 -i "$i" || return 1
done
}
build() {
cd "$_builddir"
./configure --prefix=/usr \
--mandir=/usr/share/man
make || return 1
}
package() {
cd "$_builddir"
make DESTDIR="$pkgdir/" install
}
md5sums="ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz"
md5sums="ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz
50603cac0f03aabc7087415251f592be CVE-2009-3560.patch
f3eeb796f28945899216b815e5901996 CVE-2009-3720.patch"
diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c
--- trunk~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
+++ trunk/lib/xmlparse.c 2009-12-29 21:57:22.141732904 +0100
@@ -3703,6 +3703,9 @@
return XML_ERROR_UNCLOSED_TOKEN;
case XML_TOK_PARTIAL_CHAR:
return XML_ERROR_PARTIAL_CHAR;
+ case -XML_TOK_PROLOG_S:
+ tok = -tok;
+ break;
case XML_TOK_NONE:
#ifdef XML_DTD
/* for internal PE NOT referenced between declarations */
diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100
+++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200
@@ -1744,7 +1744,7 @@
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment