[arch-commits] Commit in expat/trunk (2 files)

Mon Jul 4 19:46:18 UTC 2016

Date: Monday, July 4, 2016 @ 19:46:18
  Author: bpiotrowski
Revision: 270943

upgpkg: expat 2.2.0-1

There is a possibility that fix for CVE-2015-1283 could have been
optimized by gcc. Applied patch fixes that. (CVE-2016-4472)

Added:
  expat/trunk/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283
Modified:
  expat/trunk/PKGBUILD

------------------------------------------------------------------+
 PKGBUILD                                                         |    6 +
 expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283 |   37 ++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2016-07-04 19:20:37 UTC (rev 270942)
+++ PKGBUILD	2016-07-04 19:46:18 UTC (rev 270943)
@@ -11,8 +11,10 @@
 url='http://expat.sourceforge.net/'
 license=('custom')
 depends=('glibc')
-source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2)
-md5sums=('2f47841c829facb346eb6e3fab5212e2')
+source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2
+        expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)
+md5sums=('2f47841c829facb346eb6e3fab5212e2'
+         '216b1b11e155b11a84f11149bc476d30')
 
 build() {
   cd $pkgname-$pkgver

Added: expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283
===================================================================
--- expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283	                        (rev 0)
+++ expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283	2016-07-04 19:46:18 UTC (rev 270943)
@@ -0,0 +1,37 @@
+From f0bec73b018caa07d3e75ec8dd967f3785d71bde Mon Sep 17 00:00:00 2001
+From: Pascal Cuoq <cuoq at trust-in-soft.com>
+Date: Sun, 15 May 2016 09:05:46 +0200
+Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It
+ does not really work: https://godbolt.org/g/Zl8gdF
+
+---
+ expat/lib/xmlparse.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 7586b24..620a820 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -1730,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+ #ifdef XML_CONTEXT_BYTES
+     int keep;
+ #endif  /* defined XML_CONTEXT_BYTES */
+-    int neededSize = len + (int)(bufferEnd - bufferPtr);
++    /* Do not invoke signed arithmetic overflow: */
++    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
+     if (neededSize < 0) {
+       errorCode = XML_ERROR_NO_MEMORY;
+       return NULL;
+@@ -1761,7 +1762,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+       if (bufferSize == 0)
+         bufferSize = INIT_BUFFER_SIZE;
+       do {
+-        bufferSize *= 2;
++        /* Do not invoke signed arithmetic overflow: */
++        bufferSize = (int) (2U * (unsigned) bufferSize);
+       } while (bufferSize < neededSize && bufferSize > 0);
+       if (bufferSize <= 0) {
+         errorCode = XML_ERROR_NO_MEMORY;
+-- 
+2.9.0
+

