[arch-commits] Commit in expat/trunk (CVE-2009-3720.patch PKGBUILD)

Allan McRae allan at archlinux.org
Tue Dec 15 02:51:10 UTC 2009 

    Date: Monday, December 14, 2009 @ 21:51:10
  Author: allan
Revision: 61274

upgpkg: expat 2.0.1-4
    fix CVE-2009-3720

Added:
  expat/trunk/CVE-2009-3720.patch
Modified:
  expat/trunk/PKGBUILD

---------------------+
 CVE-2009-3720.patch |   12 ++++++++++++
 PKGBUILD            |    9 ++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

Added: CVE-2009-3720.patch
===================================================================
--- CVE-2009-3720.patch	                        (rev 0)
+++ CVE-2009-3720.patch	2009-12-15 02:51:10 UTC (rev 61274)
@@ -0,0 +1,12 @@
+diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
+--- trunk~/lib/xmltok_impl.c	2006-11-26 18:34:46.000000000 +0100
++++ trunk/lib/xmltok_impl.c	2009-10-22 21:42:41.000000000 +0200
+@@ -1744,7 +1744,7 @@
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2009-12-14 23:02:08 UTC (rev 61273)
+++ PKGBUILD	2009-12-15 02:51:10 UTC (rev 61274)
@@ -4,7 +4,7 @@
 
 pkgname=expat
 pkgver=2.0.1
-pkgrel=3
+pkgrel=4
 pkgdesc="An XML Parser library written in C"
 arch=('i686' 'x86_64')
 url="http://expat.sourceforge.net/"
@@ -12,13 +12,16 @@
 depends=('glibc')
 options=('!libtool')
 source=(http://downloads.sourceforge.net/sourceforge/expat/${pkgname}-${pkgver}.tar.gz
-        CVE-2009-3560.patch)
+        CVE-2009-3560.patch
+        CVE-2009-3720.patch)
 md5sums=('ee8b492592568805593f81f8cdf2a04c'
-         '50aa6f7693fda07f4720a0495d12e695')
+         '50aa6f7693fda07f4720a0495d12e695'
+         'f3eeb796f28945899216b815e5901996')
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
   patch -Np1 -i $srcdir/CVE-2009-3560.patch
+  patch -Np1 -i $srcdir/CVE-2009-3720.patch
   ./configure --prefix=/usr --mandir=/usr/share/man || return 1
   make || return 1
   make DESTDIR="${pkgdir}" install || return 1

More information about the arch-commits mailing list