From 190b36f9a208145ae20d54cea9575ebd14bbb213 Mon Sep 17 00:00:00 2001
From: Leo <thinkabit.ukim@gmail.com>
Date: Wed, 11 Sep 2019 09:40:07 -0300
Subject: main/expat: fix CVE-2019-15903

ref #10791
---
 main/expat/APKBUILD             | 15 +++++---
 main/expat/CVE-2019-15903.patch | 80 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 5 deletions(-)
 create mode 100644 main/expat/CVE-2019-15903.patch

diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
index 7b053971f7..a8b7893bce 100644
--- a/main/expat/APKBUILD
+++ b/main/expat/APKBUILD
@@ -1,21 +1,25 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=expat
 pkgver=2.2.7
-pkgrel=0
+pkgrel=1
 pkgdesc="An XML Parser library written in C"
 url="http://www.libexpat.org/"
 arch="all"
 license='MIT'
 checkdepends="bash"
-source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2"
+source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
+	CVE-2019-15903.patch
+	"
 subpackages="$pkgname-dev $pkgname-doc"
 builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
+#   2.2.7-r1:
+#     - CVE-2019-15903
 #   2.2.7-r0:
-#   - CVE-2018-20843
+#     - CVE-2018-20843
 #   2.2.0-r1:
-#   - CVE-2017-9233
+#     - CVE-2017-9233
 
 build() {
 	cd "$builddir"
@@ -37,4 +41,5 @@ package() {
 	make DESTDIR="$pkgdir/" install
 }
 
-sha512sums="a078692317b44f14a9acdca4ddc04adac6a48d22ab321bba3e9e32c92131752aa397915d7121c4a95dc1b603d6a6128f7dce3741093d4322944787e0b49b4c00  expat-2.2.7.tar.bz2"
+sha512sums="a078692317b44f14a9acdca4ddc04adac6a48d22ab321bba3e9e32c92131752aa397915d7121c4a95dc1b603d6a6128f7dce3741093d4322944787e0b49b4c00  expat-2.2.7.tar.bz2
+87ed7dc760a1b119cdca6af23b23eab25142a0758f55e5fd64036727ae7c3f4456a25083f3ed3d9810b9f17658b31b95212f8458765a8aec8a314b0729db1a5a  CVE-2019-15903.patch"
diff --git a/main/expat/CVE-2019-15903.patch b/main/expat/CVE-2019-15903.patch
new file mode 100644
index 0000000000..bfba7a87b4
--- /dev/null
+++ b/main/expat/CVE-2019-15903.patch
@@ -0,0 +1,80 @@
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 9c0987f..b8656ca 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -405,7 +405,7 @@ initializeEncoding(XML_Parser parser);
+ static enum XML_Error
+ doProlog(XML_Parser parser, const ENCODING *enc, const char *s,
+          const char *end, int tok, const char *next, const char **nextPtr,
+-         XML_Bool haveMore);
++         XML_Bool haveMore, XML_Bool allowClosingDoctype);
+ static enum XML_Error
+ processInternalEntity(XML_Parser parser, ENTITY *entity,
+                       XML_Bool betweenDecl);
+@@ -4232,7 +4232,7 @@ externalParEntProcessor(XML_Parser parser,
+ 
+   parser->m_processor = prologProcessor;
+   return doProlog(parser, parser->m_encoding, s, end, tok, next,
+-                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
++                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
+ }
+ 
+ static enum XML_Error PTRCALL
+@@ -4282,7 +4282,7 @@ prologProcessor(XML_Parser parser,
+   const char *next = s;
+   int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
+   return doProlog(parser, parser->m_encoding, s, end, tok, next,
+-                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
++                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
+ }
+ 
+ static enum XML_Error
+@@ -4293,7 +4293,7 @@ doProlog(XML_Parser parser,
+          int tok,
+          const char *next,
+          const char **nextPtr,
+-         XML_Bool haveMore)
++         XML_Bool haveMore, XML_Bool allowClosingDoctype)
+ {
+ #ifdef XML_DTD
+   static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' };
+@@ -4472,6 +4472,11 @@ doProlog(XML_Parser parser,
+       }
+       break;
+     case XML_ROLE_DOCTYPE_CLOSE:
++	  if (allowClosingDoctype != XML_TRUE) {
++		/* Must not close doctype from within expanded parameter entities */
++		return XML_ERROR_INVALID_TOKEN;
++	  }
++
+       if (parser->m_doctypeName) {
+         parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName,
+                                 parser->m_doctypeSysid, parser->m_doctypePubid, 0);
+@@ -5409,7 +5414,7 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,
+   if (entity->is_param) {
+     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+     result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
+-                      next, &next, XML_FALSE);
++                      next, &next, XML_FALSE, XML_FALSE);
+   }
+   else
+ #endif /* XML_DTD */
+@@ -5456,7 +5461,7 @@ internalEntityProcessor(XML_Parser parser,
+   if (entity->is_param) {
+     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+     result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
+-                      next, &next, XML_FALSE);
++                      next, &next, XML_FALSE, XML_FALSE);
+   }
+   else
+ #endif /* XML_DTD */
+@@ -5483,7 +5488,7 @@ internalEntityProcessor(XML_Parser parser,
+     parser->m_processor = prologProcessor;
+     tok = XmlPrologTok(parser->m_encoding, s, end, &next);
+     return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
+-                    (XML_Bool)!parser->m_parsingStatus.finalBuffer);
++                    (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
+   }
+   else
+ #endif /* XML_DTD */
+
-- 
cgit v1.2.3