Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
646
Issues
646
List
Boards
Labels
Service Desk
Milestones
Merge Requests
173
Merge Requests
173
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
1b5e6df3
Commit
1b5e6df3
authored
Jan 17, 2010
by
Natanael Copa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/expat: security fixes
CVE-2009-3560 CVE-2009-3720
parent
026984a0
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
51 additions
and
7 deletions
+51
-7
main/expat/APKBUILD
main/expat/APKBUILD
+26
-7
main/expat/CVE-2009-3560.patch
main/expat/CVE-2009-3560.patch
+13
-0
main/expat/CVE-2009-3720.patch
main/expat/CVE-2009-3720.patch
+12
-0
No files found.
main/expat/APKBUILD
View file @
1b5e6df3
# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
pkgname
=
expat
pkgver
=
2.0.1
pkgrel
=
0
pkgrel
=
1
pkgdesc
=
"An XML Parser library written in C"
url
=
"http://www.libexpat.org/"
license
=
'AS IS'
depends
=
"uclibc"
makedepends
=
""
source
=
"http://surfnet.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz"
depends
=
makedepends
=
source
=
"http://surfnet.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz
CVE-2009-3560.patch
CVE-2009-3720.patch
"
subpackages
=
"
$pkgname
-dev
$pkgname
-doc"
build
()
{
cd
"
$srcdir
/
$pkgname
-
$pkgver
"
_builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
"
prepare
()
{
cd
"
$_builddir
"
for
i
in
"
$srcdir
"
/
*
.patch
;
do
[
-f
"
$i
"
]
||
continue
msg
"Applying
$i
"
patch
-p1
-i
"
$i
"
||
return
1
done
}
build
()
{
cd
"
$_builddir
"
./configure
--prefix
=
/usr
\
--mandir
=
/usr/share/man
make
||
return
1
}
package
()
{
cd
"
$_builddir
"
make
DESTDIR
=
"
$pkgdir
/"
install
}
md5sums
=
"ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz"
md5sums
=
"ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz
50603cac0f03aabc7087415251f592be CVE-2009-3560.patch
f3eeb796f28945899216b815e5901996 CVE-2009-3720.patch"
main/expat/CVE-2009-3560.patch
0 → 100644
View file @
1b5e6df3
diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c
--- trunk~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
+++ trunk/lib/xmlparse.c 2009-12-29 21:57:22.141732904 +0100
@@ -3703,6 +3703,9 @@
return XML_ERROR_UNCLOSED_TOKEN;
case XML_TOK_PARTIAL_CHAR:
return XML_ERROR_PARTIAL_CHAR;
+ case -XML_TOK_PROLOG_S:
+ tok = -tok;
+ break;
case XML_TOK_NONE:
#ifdef XML_DTD
/* for internal PE NOT referenced between declarations */
main/expat/CVE-2009-3720.patch
0 → 100644
View file @
1b5e6df3
diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100
+++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200
@@ -1744,7 +1744,7 @@
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment