[arch-commits] Commit in expat/trunk (CVE-2009-3560.patch PKGBUILD)

Allan McRae allan at archlinux.org
Sun Dec 13 07:34:45 UTC 2009 

    Date: Sunday, December 13, 2009 @ 02:34:45
  Author: allan
Revision: 61198

upgpkg: expat 2.0.1-3
    fix CVE-2009-3560

Added:
  expat/trunk/CVE-2009-3560.patch
Modified:
  expat/trunk/PKGBUILD

---------------------+
 CVE-2009-3560.patch |   11 +++++++++++
 PKGBUILD            |   16 +++++++++-------
 2 files changed, 20 insertions(+), 7 deletions(-)

Added: CVE-2009-3560.patch
===================================================================
--- CVE-2009-3560.patch	                        (rev 0)
+++ CVE-2009-3560.patch	2009-12-13 07:34:45 UTC (rev 61198)
@@ -0,0 +1,11 @@
+diff -Naur expat-2.0.1-old/lib/xmlparse.c expat-2.0.1/lib/xmlparse.c
+--- expat-2.0.1-old/lib/xmlparse.c	2007-05-08 12:25:35.000000000 +1000
++++ expat-2.0.1/lib/xmlparse.c	2009-12-13 17:26:52.000000000 +1000
+@@ -3725,7 +3725,6 @@
+         return XML_ERROR_NO_ELEMENTS;
+       default:
+         tok = -tok;
+-        next = end;
+         break;
+       }
+     }

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-12-13 07:25:42 UTC (rev 61197)
+++ PKGBUILD	2009-12-13 07:34:45 UTC (rev 61198)
@@ -4,21 +4,23 @@
 
 pkgname=expat
 pkgver=2.0.1
-pkgrel=2
+pkgrel=3
 pkgdesc="An XML Parser library written in C"
-arch=(i686 x86_64)
+arch=('i686' 'x86_64')
+url="http://expat.sourceforge.net/"
 license=('custom')
 depends=('glibc')
 options=('!libtool')
-source=(http://downloads.sourceforge.net/sourceforge/expat/${pkgname}-${pkgver}.tar.gz)
-url="http://expat.sourceforge.net/"
-md5sums=('ee8b492592568805593f81f8cdf2a04c')
+source=(http://downloads.sourceforge.net/sourceforge/expat/${pkgname}-${pkgver}.tar.gz
+        CVE-2009-3560.patch)
+md5sums=('ee8b492592568805593f81f8cdf2a04c'
+         '50aa6f7693fda07f4720a0495d12e695')
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
+  patch -Np1 -i $srcdir/CVE-2009-3560.patch
   ./configure --prefix=/usr --mandir=/usr/share/man || return 1
   make || return 1
   make DESTDIR="${pkgdir}" install || return 1
-  install -m755 -d "${pkgdir}/usr/share/licenses/${pkgname}"
-  install -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/" || return 1
+  install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" || return 1
 }

More information about the arch-commits mailing list