From 1b5e6df3780f0db6124afb1b3d114dbfecf7627c Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Sun, 17 Jan 2010 12:07:11 +0000 Subject: main/expat: security fixes CVE-2009-3560 CVE-2009-3720 --- main/expat/APKBUILD | 33 ++++++++++++++++++++++++++------- main/expat/CVE-2009-3560.patch | 13 +++++++++++++ main/expat/CVE-2009-3720.patch | 12 ++++++++++++ 3 files changed, 51 insertions(+), 7 deletions(-) create mode 100644 main/expat/CVE-2009-3560.patch create mode 100644 main/expat/CVE-2009-3720.patch (limited to 'main') diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD index 3f81d32565..e49d990744 100644 --- a/main/expat/APKBUILD +++ b/main/expat/APKBUILD @@ -1,22 +1,41 @@ # Maintainer: Carlo Landmeter pkgname=expat pkgver=2.0.1 -pkgrel=0 +pkgrel=1 pkgdesc="An XML Parser library written in C" url="http://www.libexpat.org/" license='AS IS' -depends="uclibc" -makedepends="" -source="http://surfnet.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz" +depends= +makedepends= +source="http://surfnet.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz + CVE-2009-3560.patch + CVE-2009-3720.patch + " subpackages="$pkgname-dev $pkgname-doc" -build() { - cd "$srcdir/$pkgname-$pkgver" +_builddir="$srcdir/$pkgname-$pkgver" +prepare() { + cd "$_builddir" + for i in "$srcdir"/*.patch; do + [ -f "$i" ] || continue + msg "Applying $i" + patch -p1 -i "$i" || return 1 + done + +} +build() { + cd "$_builddir" ./configure --prefix=/usr \ --mandir=/usr/share/man make || return 1 +} + +package() { + cd "$_builddir" make DESTDIR="$pkgdir/" install } -md5sums="ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz" +md5sums="ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz +50603cac0f03aabc7087415251f592be CVE-2009-3560.patch +f3eeb796f28945899216b815e5901996 CVE-2009-3720.patch" diff --git a/main/expat/CVE-2009-3560.patch b/main/expat/CVE-2009-3560.patch new file mode 100644 index 0000000000..5fe9c36c82 --- /dev/null +++ b/main/expat/CVE-2009-3560.patch @@ -0,0 +1,13 @@ +diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c +--- trunk~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200 ++++ trunk/lib/xmlparse.c 2009-12-29 21:57:22.141732904 +0100 +@@ -3703,6 +3703,9 @@ + return XML_ERROR_UNCLOSED_TOKEN; + case XML_TOK_PARTIAL_CHAR: + return XML_ERROR_PARTIAL_CHAR; ++ case -XML_TOK_PROLOG_S: ++ tok = -tok; ++ break; + case XML_TOK_NONE: + #ifdef XML_DTD + /* for internal PE NOT referenced between declarations */ diff --git a/main/expat/CVE-2009-3720.patch b/main/expat/CVE-2009-3720.patch new file mode 100644 index 0000000000..65d16431f4 --- /dev/null +++ b/main/expat/CVE-2009-3720.patch @@ -0,0 +1,12 @@ +diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c +--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100 ++++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200 +@@ -1744,7 +1744,7 @@ + const char *end, + POSITION *pos) + { +- while (ptr != end) { ++ while (ptr < end) { + switch (BYTE_TYPE(enc, ptr)) { + #define LEAD_CASE(n) \ + case BT_LEAD ## n: \ -- cgit v1.2.3