[arch-commits] Commit in expat/trunk (2 files)

Bartłomiej Piotrowski bpiotrowski at archlinux.org
Fri Aug 5 21:29:38 UTC 2016 

    Date: Friday, August 5, 2016 @ 21:29:38
  Author: bpiotrowski
Revision: 273350

upgpkg: expat 2.2.0-2

Fix for CVE-2016-0718 introduced a regression where tag names could be served
truncated to the dependent applications, unlike before. It has no security
implications; it just nice to have fixed.

Added:
  expat/trunk/expat-2.2.0-CVE-2016-0718-regression.patch
Modified:
  expat/trunk/PKGBUILD

--------------------------------------------+
 PKGBUILD                                   |   13 ++++++++++---
 expat-2.2.0-CVE-2016-0718-regression.patch |   27 +++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-08-05 21:11:25 UTC (rev 273349)
+++ PKGBUILD	2016-08-05 21:29:38 UTC (rev 273350)
@@ -5,15 +5,22 @@
 
 pkgname=expat
 pkgver=2.2.0
-pkgrel=1
+pkgrel=2
 pkgdesc='An XML parser library'
 arch=('i686' 'x86_64')
 url='http://expat.sourceforge.net/'
 license=('custom')
 depends=('glibc')
-source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2)
-md5sums=('2f47841c829facb346eb6e3fab5212e2')
+source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2
+        expat-2.2.0-CVE-2016-0718-regression.patch)
+md5sums=('2f47841c829facb346eb6e3fab5212e2'
+         'dda0b42ed32491577d0b5fb6bf0963be')
 
+prepare() {
+  cd $pkgname-$pkgver
+  patch -p2 -i "$srcdir"/expat-2.2.0-CVE-2016-0718-regression.patch
+}
+
 build() {
   cd $pkgname-$pkgver
   ./configure --prefix=/usr

Added: expat-2.2.0-CVE-2016-0718-regression.patch
===================================================================
--- expat-2.2.0-CVE-2016-0718-regression.patch	                        (rev 0)
+++ expat-2.2.0-CVE-2016-0718-regression.patch	2016-08-05 21:29:38 UTC (rev 273350)
@@ -0,0 +1,27 @@
+From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian at pipping.org>
+Date: Sun, 17 Jul 2016 20:22:29 +0200
+Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug
+ #539)
+
+Tag names were cut off in some cases; reported by Andy Wang
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 13e080d..2630310 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser,
+                        &fromPtr, rawNameEnd,
+                        (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
+             convLen = (int)(toPtr - (XML_Char *)tag->buf);
+-            if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
++            if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
+               tag->name.strLen = convLen;
+               break;
+             }
+-- 
+2.9.2
+

More information about the arch-commits mailing list