Commit 898dee74 authored by Natanael Copa's avatar Natanael Copa

main/expat: security fix for CVE-2016-0718

parent a9cd8f91
......@@ -8,21 +8,15 @@ arch="all"
license='MIT'
depends=
makedepends=
source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2"
source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
CVE-2016-0718.patch
"
subpackages="$pkgname-dev $pkgname-doc"
_builddir="$srcdir/$pkgname-$pkgver"
prepare() {
cd "$_builddir"
for i in "$srcdir"/*.patch; do
[ -f "$i" ] || continue
msg "Applying $i"
patch -p1 -i "$i" || return 1
done
}
builddir="$srcdir/$pkgname-$pkgver"
build() {
cd "$_builddir"
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
......@@ -33,9 +27,12 @@ build() {
}
package() {
cd "$_builddir"
cd "$builddir"
make DESTDIR="$pkgdir/" install || return 1
}
md5sums="7380a64a8e3a9d66a9887b01d0d7ea81 expat-2.1.1.tar.bz2"
sha256sums="aff584e5a2f759dcfc6d48671e9529f6afe1e30b0cd6a4cec200cbe3f793de67 expat-2.1.1.tar.bz2"
sha512sums="088e2ef3434f2affd4fc79fe46f0e9826b9b4c3931ddc780cd18892f1cd1e11365169c6807f45916a56bb6abcc627dcd17a23f970be0bf464f048f5be2713628 expat-2.1.1.tar.bz2"
md5sums="7380a64a8e3a9d66a9887b01d0d7ea81 expat-2.1.1.tar.bz2
1b44aacd01618cf14ceed11f77eccd69 CVE-2016-0718.patch"
sha256sums="aff584e5a2f759dcfc6d48671e9529f6afe1e30b0cd6a4cec200cbe3f793de67 expat-2.1.1.tar.bz2
665c3bbd46dc7e65696b3f6b7f3ba23d1427eb95686ceb4e305b19e534036403 CVE-2016-0718.patch"
sha512sums="088e2ef3434f2affd4fc79fe46f0e9826b9b4c3931ddc780cd18892f1cd1e11365169c6807f45916a56bb6abcc627dcd17a23f970be0bf464f048f5be2713628 expat-2.1.1.tar.bz2
6ab9227c70e210fd6970281103f433ca0d51c56f185a6c516cd239a1b69e20dbd523ef8d55260dac4a13503a44c3f5de050a04946a683da11ef18998a199fac0 CVE-2016-0718.patch"
diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c
--- trunk~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
+++ trunk/lib/xmlparse.c 2009-12-29 21:57:22.141732904 +0100
@@ -3703,6 +3703,9 @@
return XML_ERROR_UNCLOSED_TOKEN;
case XML_TOK_PARTIAL_CHAR:
return XML_ERROR_PARTIAL_CHAR;
+ case -XML_TOK_PROLOG_S:
+ tok = -tok;
+ break;
case XML_TOK_NONE:
#ifdef XML_DTD
/* for internal PE NOT referenced between declarations */
diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100
+++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200
@@ -1744,7 +1744,7 @@
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment