Commit 8b7042ff authored by Francesco Colista's avatar Francesco Colista

main/expat: security fixes (CVE-2017-9233)

parent 8f8bc2ac
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=expat
pkgver=2.2.0
pkgrel=0
pkgrel=1
pkgdesc="An XML Parser library written in C"
url="http://www.libexpat.org/"
arch="all"
......@@ -9,7 +9,12 @@ license='MIT'
depends=
makedepends=
source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
CVE-2017-9233.patch
"
# secfixes:
# 2.2.0-r1:
# - CVE-2017-9233
subpackages="$pkgname-dev $pkgname-doc"
builddir="$srcdir/$pkgname-$pkgver"
......@@ -29,7 +34,5 @@ package() {
cd "$builddir"
make DESTDIR="$pkgdir/" install || return 1
}
md5sums="2f47841c829facb346eb6e3fab5212e2 expat-2.2.0.tar.bz2"
sha256sums="d9e50ff2d19b3538bd2127902a89987474e1a4db8e43a66a4d1a712ab9a504ff expat-2.2.0.tar.bz2"
sha512sums="2be1a6eea87b439374bfacb1fbb8e814fd8a085d5dfd3ca3be69d1af29b5dc93d36cbdec5f6843ca6d5910843c7ffbc498adc2a561b9dcece488edf3c6f8c7c8 expat-2.2.0.tar.bz2"
sha512sums="2be1a6eea87b439374bfacb1fbb8e814fd8a085d5dfd3ca3be69d1af29b5dc93d36cbdec5f6843ca6d5910843c7ffbc498adc2a561b9dcece488edf3c6f8c7c8 expat-2.2.0.tar.bz2
0c92dd7dbec845966fc1ff3d1d7b137c17b5045f06d092ff730eb19cfe5e9c6b76b89bf532d20329a0a74fd8eb100f08bbea1083d17e53b2b96e9db1786f1a68 CVE-2017-9233.patch"
From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001
From: Rhodri James <rhodri@kynesim.co.uk>
Date: Wed, 14 Jun 2017 23:45:07 +0200
Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug
(CVE-2017-9233)
---
expat/lib/xmlparse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 7818f8d..2114596 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser,
*nextPtr = next;
return XML_ERROR_NONE;
}
+ /* If we get this token, we have the start of what might be a
+ normal tag, but not a declaration (i.e. it doesn't begin with
+ "<!"). In a DTD context, that isn't legal.
+ */
+ else if (tok == XML_TOK_INSTANCE_START) {
+ *nextPtr = next;
+ return XML_ERROR_SYNTAX;
+ }
start = next;
eventPtr = start;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment