Commit a4cdbe61 authored by A. Klitzing's avatar A. Klitzing Committed by Sören Tempel

main/expat: upgrade to 2.2.3 and add check

parent 48f362c6
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=expat
pkgver=2.2.2
pkgver=2.2.3
pkgrel=0
pkgdesc="An XML Parser library written in C"
url="http://www.libexpat.org/"
arch="all"
license='MIT'
depends=
makedepends=
checkdepends="bash"
source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2"
subpackages="$pkgname-dev $pkgname-doc"
builddir="$srcdir/$pkgname-$pkgver"
......@@ -26,8 +25,13 @@ build() {
make
}
check() {
cd "$builddir"
make check
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir/" install
}
sha512sums="05383244f345b1c6a7290f3bb58bfab4da9546bfe880de644e784bcc48bd4317f2beb3fdb6120a5f396e06bb269f7e80713db211346d2d17bc7de3353d556575 expat-2.2.2.tar.bz2"
sha512sums="d42ca209da7f50eb4ac108ea0ef85dc6626d63fe48144a4e6f2d8b44b1f9276f711cbac85f6813c4725a3c4933b7054b74dde2c43a0f2febaed4afa0a6f5ac88 expat-2.2.3.tar.bz2"
From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001
From: Rhodri James <rhodri@kynesim.co.uk>
Date: Wed, 14 Jun 2017 23:45:07 +0200
Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug
(CVE-2017-9233)
---
expat/lib/xmlparse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 7818f8d..2114596 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser,
*nextPtr = next;
return XML_ERROR_NONE;
}
+ /* If we get this token, we have the start of what might be a
+ normal tag, but not a declaration (i.e. it doesn't begin with
+ "<!"). In a DTD context, that isn't legal.
+ */
+ else if (tok == XML_TOK_INSTANCE_START) {
+ *nextPtr = next;
+ return XML_ERROR_SYNTAX;
+ }
start = next;
eventPtr = start;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment