From 8b7042ffc84b240dbcc0d123473985982256a0f2 Mon Sep 17 00:00:00 2001
From: Francesco Colista <fcolista@alpinelinux.org>
Date: Thu, 22 Jun 2017 09:34:47 +0000
Subject: main/expat: security fixes (CVE-2017-9233)

---
 main/expat/APKBUILD            | 13 ++++++++-----
 main/expat/CVE-2017-9233.patch | 29 +++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 5 deletions(-)
 create mode 100644 main/expat/CVE-2017-9233.patch

(limited to 'main/expat')

diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
index 62023e4afe..c2c4293784 100644
--- a/main/expat/APKBUILD
+++ b/main/expat/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=expat
 pkgver=2.2.0
-pkgrel=0
+pkgrel=1
 pkgdesc="An XML Parser library written in C"
 url="http://www.libexpat.org/"
 arch="all"
@@ -9,7 +9,12 @@ license='MIT'
 depends=
 makedepends=
 source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
+	CVE-2017-9233.patch
 	"
+# secfixes:
+#   2.2.0-r1:
+#     - CVE-2017-9233
+
 subpackages="$pkgname-dev $pkgname-doc"
 
 builddir="$srcdir/$pkgname-$pkgver"
@@ -29,7 +34,5 @@ package() {
 	cd "$builddir"
 	make DESTDIR="$pkgdir/" install || return 1
 }
-
-md5sums="2f47841c829facb346eb6e3fab5212e2  expat-2.2.0.tar.bz2"
-sha256sums="d9e50ff2d19b3538bd2127902a89987474e1a4db8e43a66a4d1a712ab9a504ff  expat-2.2.0.tar.bz2"
-sha512sums="2be1a6eea87b439374bfacb1fbb8e814fd8a085d5dfd3ca3be69d1af29b5dc93d36cbdec5f6843ca6d5910843c7ffbc498adc2a561b9dcece488edf3c6f8c7c8  expat-2.2.0.tar.bz2"
+sha512sums="2be1a6eea87b439374bfacb1fbb8e814fd8a085d5dfd3ca3be69d1af29b5dc93d36cbdec5f6843ca6d5910843c7ffbc498adc2a561b9dcece488edf3c6f8c7c8  expat-2.2.0.tar.bz2
+0c92dd7dbec845966fc1ff3d1d7b137c17b5045f06d092ff730eb19cfe5e9c6b76b89bf532d20329a0a74fd8eb100f08bbea1083d17e53b2b96e9db1786f1a68  CVE-2017-9233.patch"
diff --git a/main/expat/CVE-2017-9233.patch b/main/expat/CVE-2017-9233.patch
new file mode 100644
index 0000000000..1ddbc755d8
--- /dev/null
+++ b/main/expat/CVE-2017-9233.patch
@@ -0,0 +1,29 @@
+From c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f Mon Sep 17 00:00:00 2001
+From: Rhodri James <rhodri@kynesim.co.uk>
+Date: Wed, 14 Jun 2017 23:45:07 +0200
+Subject: [PATCH] xmlparse.c: Fix external entity infinite loop bug
+ (CVE-2017-9233)
+
+---
+ expat/lib/xmlparse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 7818f8d..2114596 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3981,6 +3981,14 @@ entityValueInitProcessor(XML_Parser parser,
+       *nextPtr = next;
+       return XML_ERROR_NONE;
+     }
++    /* If we get this token, we have the start of what might be a
++       normal tag, but not a declaration (i.e. it doesn't begin with
++       "<!").  In a DTD context, that isn't legal.
++    */
++    else if (tok == XML_TOK_INSTANCE_START) {
++      *nextPtr = next;
++      return XML_ERROR_SYNTAX;
++    }
+     start = next;
+     eventPtr = start;
+   }
-- 
cgit v1.2.3