diff options
| author | André Klitzing <aklitzing@gmail.com> | 2017-08-22 21:51:16 +0200 |
|---|---|---|
| committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2017-08-22 22:23:45 +0200 |
| commit | a4cdbe61fa3af398fdd522b49565dfeec4141042 (patch) | |
| tree | 5787b98a5e4e061b1bb3630c77c15e28ce51c608 /main/expat | |
| parent | 48f362c651f16af7fba685dc6ef756fc9fddb056 (diff) | |
| download | aports-a4cdbe61fa3af398fdd522b49565dfeec4141042.tar.bz2 aports-a4cdbe61fa3af398fdd522b49565dfeec4141042.tar.xz | |
main/expat: upgrade to 2.2.3 and add check
Diffstat (limited to 'main/expat')
| -rw-r--r-- | main/expat/APKBUILD | 12 | ||||
| -rw-r--r-- | main/expat/CVE-2017-9233.patch | 29 |
2 files changed, 8 insertions, 33 deletions
diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD index 29182080bc..d1e509cd04 100644 --- a/main/expat/APKBUILD +++ b/main/expat/APKBUILD @@ -1,13 +1,12 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=expat -pkgver=2.2.2 +pkgver=2.2.3 pkgrel=0 pkgdesc="An XML Parser library written in C" url="http://www.libexpat.org/" arch="all" license='MIT' -depends= -makedepends= +checkdepends="bash" source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2" subpackages="$pkgname-dev $pkgname-doc" builddir="$srcdir/$pkgname-$pkgver" @@ -26,8 +25,13 @@ build() { make } +check() { + cd "$builddir" + make check +} + package() { cd "$builddir" make DESTDIR="$pkgdir/" install } -sha512sums="05383244f345b1c6a7290f3bb58bfab4da9546bfe880de644e784bcc48bd4317f2beb3fdb6120a5f396e06bb269f7e80713db211346d2d17bc7de3353d556575 expat-2.2.2.tar.bz2" +sha512sums="d42ca209da7f50eb4ac108ea0ef85dc6626d63fe48144a4e6f2d8b44b1f9276f711cbac85f6813c4725a3c4933b7054b74dde2c43a0f2febaed4afa0a6f5ac88 expat-2.2.3.tar.bz2" diff --git a/main/expat/CVE-2017-9233.patch b/main/expat/CVE-2017-9233.patch deleted file mode 100644 index 1ddbc755d8..0000000000 --- a/main/expat/CVE-2017-9233.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001 -From: Rhodri James <rhodri@kynesim.co.uk> -Date: Wed, 14 Jun 2017 23:45:07 +0200 -Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug - (CVE-2017-9233) - ---- - expat/lib/xmlparse.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 7818f8d..2114596 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser, - *nextPtr = next; - return XML_ERROR_NONE; - } -+ /* If we get this token, we have the start of what might be a -+ normal tag, but not a declaration (i.e. it doesn't begin with -+ "<!"). In a DTD context, that isn't legal. -+ */ -+ else if (tok == XML_TOK_INSTANCE_START) { -+ *nextPtr = next; -+ return XML_ERROR_SYNTAX; -+ } - start = next; - eventPtr = start; - } |