[arch-commits] Commit in expat/trunk (CVE-2009-3720.patch PKGBUILD)
Allan McRae
allan at archlinux.org
Tue Dec 15 02:51:10 UTC 2009
Date: Monday, December 14, 2009 @ 21:51:10
Author: allan
Revision: 61274
upgpkg: expat 2.0.1-4
fix CVE-2009-3720
Added:
expat/trunk/CVE-2009-3720.patch
Modified:
expat/trunk/PKGBUILD
---------------------+
CVE-2009-3720.patch | 12 ++++++++++++
PKGBUILD | 9 ++++++---
2 files changed, 18 insertions(+), 3 deletions(-)
Added: CVE-2009-3720.patch
===================================================================
--- CVE-2009-3720.patch (rev 0)
+++ CVE-2009-3720.patch 2009-12-15 02:51:10 UTC (rev 61274)
@@ -0,0 +1,12 @@
+diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
+--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100
++++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200
+@@ -1744,7 +1744,7 @@
+ const char *end,
+ POSITION *pos)
+ {
+- while (ptr != end) {
++ while (ptr < end) {
+ switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+ case BT_LEAD ## n: \
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2009-12-14 23:02:08 UTC (rev 61273)
+++ PKGBUILD 2009-12-15 02:51:10 UTC (rev 61274)
@@ -4,7 +4,7 @@
pkgname=expat
pkgver=2.0.1
-pkgrel=3
+pkgrel=4
pkgdesc="An XML Parser library written in C"
arch=('i686' 'x86_64')
url="http://expat.sourceforge.net/"
@@ -12,13 +12,16 @@
depends=('glibc')
options=('!libtool')
source=(http://downloads.sourceforge.net/sourceforge/expat/${pkgname}-${pkgver}.tar.gz
- CVE-2009-3560.patch)
+ CVE-2009-3560.patch
+ CVE-2009-3720.patch)
md5sums=('ee8b492592568805593f81f8cdf2a04c'
- '50aa6f7693fda07f4720a0495d12e695')
+ '50aa6f7693fda07f4720a0495d12e695'
+ 'f3eeb796f28945899216b815e5901996')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
patch -Np1 -i $srcdir/CVE-2009-3560.patch
+ patch -Np1 -i $srcdir/CVE-2009-3720.patch
./configure --prefix=/usr --mandir=/usr/share/man || return 1
make || return 1
make DESTDIR="${pkgdir}" install || return 1
More information about the arch-commits
mailing list