diff options
-rw-r--r-- | abs/core-testing/expat/CVE-2009-3560.patch | 13 | ||||
-rw-r--r-- | abs/core-testing/expat/CVE-2009-3720.patch | 12 | ||||
-rw-r--r-- | abs/core-testing/expat/PKGBUILD | 26 |
3 files changed, 41 insertions, 10 deletions
diff --git a/abs/core-testing/expat/CVE-2009-3560.patch b/abs/core-testing/expat/CVE-2009-3560.patch new file mode 100644 index 0000000..5fe9c36 --- /dev/null +++ b/abs/core-testing/expat/CVE-2009-3560.patch @@ -0,0 +1,13 @@ +diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c +--- trunk~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200 ++++ trunk/lib/xmlparse.c 2009-12-29 21:57:22.141732904 +0100 +@@ -3703,6 +3703,9 @@ + return XML_ERROR_UNCLOSED_TOKEN; + case XML_TOK_PARTIAL_CHAR: + return XML_ERROR_PARTIAL_CHAR; ++ case -XML_TOK_PROLOG_S: ++ tok = -tok; ++ break; + case XML_TOK_NONE: + #ifdef XML_DTD + /* for internal PE NOT referenced between declarations */ diff --git a/abs/core-testing/expat/CVE-2009-3720.patch b/abs/core-testing/expat/CVE-2009-3720.patch new file mode 100644 index 0000000..65d1643 --- /dev/null +++ b/abs/core-testing/expat/CVE-2009-3720.patch @@ -0,0 +1,12 @@ +diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c +--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100 ++++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200 +@@ -1744,7 +1744,7 @@ + const char *end, + POSITION *pos) + { +- while (ptr != end) { ++ while (ptr < end) { + switch (BYTE_TYPE(enc, ptr)) { + #define LEAD_CASE(n) \ + case BT_LEAD ## n: \ diff --git a/abs/core-testing/expat/PKGBUILD b/abs/core-testing/expat/PKGBUILD index 0d63ac7..e2f1038 100644 --- a/abs/core-testing/expat/PKGBUILD +++ b/abs/core-testing/expat/PKGBUILD @@ -1,23 +1,29 @@ -# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $ +# $Id: PKGBUILD 62836 2010-01-12 23:27:10Z allan $ # Maintainer: dorphell <dorphell@archlinux.org> # Committer: Judd Vinet <jvinet@zeroflux.org> pkgname=expat pkgver=2.0.1 -pkgrel=1 +pkgrel=5 pkgdesc="An XML Parser library written in C" -arch=(i686 x86_64) +arch=('i686' 'x86_64') +url="http://expat.sourceforge.net/" license=('custom') depends=('glibc') options=('!libtool') -source=(http://heanet.dl.sourceforge.net/sourceforge/expat/${pkgname}-${pkgver}.tar.gz) -url="http://expat.sourceforge.net/" -md5sums=('ee8b492592568805593f81f8cdf2a04c') +source=(http://downloads.sourceforge.net/sourceforge/expat/${pkgname}-${pkgver}.tar.gz + CVE-2009-3560.patch + CVE-2009-3720.patch) +md5sums=('ee8b492592568805593f81f8cdf2a04c' + '50603cac0f03aabc7087415251f592be' + 'f3eeb796f28945899216b815e5901996') build() { - cd ${startdir}/src/${pkgname}-${pkgver} - ./configure --prefix=/usr + cd "${srcdir}/${pkgname}-${pkgver}" + patch -Np1 -i $srcdir/CVE-2009-3560.patch + patch -Np1 -i $srcdir/CVE-2009-3720.patch + ./configure --prefix=/usr --mandir=/usr/share/man || return 1 make || return 1 - make DESTDIR=${startdir}/pkg install - install -m644 -D COPYING ${startdir}/pkg/usr/share/licenses/${pkgname}/COPYING + make DESTDIR="${pkgdir}" install || return 1 + install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" || return 1 } |