[arch-commits] Commit in expat/repos (6 files)

Mon Jul 4 19:46:22 UTC 2016

Date: Monday, July 4, 2016 @ 19:46:22
  Author: bpiotrowski
Revision: 270944

archrelease: copy trunk to testing-i686, testing-x86_64

Added:
  expat/repos/testing-i686/
  expat/repos/testing-i686/PKGBUILD
    (from rev 270943, expat/trunk/PKGBUILD)
  expat/repos/testing-i686/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283
    (from rev 270943, expat/trunk/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)
  expat/repos/testing-x86_64/
  expat/repos/testing-x86_64/PKGBUILD
    (from rev 270943, expat/trunk/PKGBUILD)
  expat/repos/testing-x86_64/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283
    (from rev 270943, expat/trunk/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)

---------------------------------------------------------------------------------+
 testing-i686/PKGBUILD                                                           |   33 ++++++++
 testing-i686/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283   |   37 ++++++++++
 testing-x86_64/PKGBUILD                                                         |   33 ++++++++
 testing-x86_64/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283 |   37 ++++++++++
 4 files changed, 140 insertions(+)

Copied: expat/repos/testing-i686/PKGBUILD (from rev 270943, expat/trunk/PKGBUILD)
===================================================================

--- testing-i686/PKGBUILD	                        (rev 0)
+++ testing-i686/PKGBUILD	2016-07-04 19:46:22 UTC (rev 270944)
@@ -0,0 +1,33 @@
+# $Id$
+# Maintainer:  Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=expat
+pkgver=2.2.0
+pkgrel=1
+pkgdesc='An XML parser library'
+arch=('i686' 'x86_64')
+url='http://expat.sourceforge.net/'
+license=('custom')
+depends=('glibc')
+source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2
+        expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)
+md5sums=('2f47841c829facb346eb6e3fab5212e2'
+         '216b1b11e155b11a84f11149bc476d30')
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure --prefix=/usr
+  make
+}
+
+check() {
+  make -C $pkgname-$pkgver check
+}
+
+package() {
+  cd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}

Copied: expat/repos/testing-i686/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283 (from rev 270943, expat/trunk/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)
===================================================================
--- testing-i686/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283	                        (rev 0)
+++ testing-i686/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283	2016-07-04 19:46:22 UTC (rev 270944)
@@ -0,0 +1,37 @@
+From f0bec73b018caa07d3e75ec8dd967f3785d71bde Mon Sep 17 00:00:00 2001
+From: Pascal Cuoq <cuoq at trust-in-soft.com>
+Date: Sun, 15 May 2016 09:05:46 +0200
+Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It
+ does not really work: https://godbolt.org/g/Zl8gdF
+
+---
+ expat/lib/xmlparse.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 7586b24..620a820 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -1730,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+ #ifdef XML_CONTEXT_BYTES
+     int keep;
+ #endif  /* defined XML_CONTEXT_BYTES */
+-    int neededSize = len + (int)(bufferEnd - bufferPtr);
++    /* Do not invoke signed arithmetic overflow: */
++    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
+     if (neededSize < 0) {
+       errorCode = XML_ERROR_NO_MEMORY;
+       return NULL;
+@@ -1761,7 +1762,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+       if (bufferSize == 0)
+         bufferSize = INIT_BUFFER_SIZE;
+       do {
+-        bufferSize *= 2;
++        /* Do not invoke signed arithmetic overflow: */
++        bufferSize = (int) (2U * (unsigned) bufferSize);
+       } while (bufferSize < neededSize && bufferSize > 0);
+       if (bufferSize <= 0) {
+         errorCode = XML_ERROR_NO_MEMORY;
+-- 
+2.9.0
+

Copied: expat/repos/testing-x86_64/PKGBUILD (from rev 270943, expat/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2016-07-04 19:46:22 UTC (rev 270944)
@@ -0,0 +1,33 @@
+# $Id$
+# Maintainer:  Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: Judd Vinet <jvinet at zeroflux.org>
+
+pkgname=expat
+pkgver=2.2.0
+pkgrel=1
+pkgdesc='An XML parser library'
+arch=('i686' 'x86_64')
+url='http://expat.sourceforge.net/'
+license=('custom')
+depends=('glibc')
+source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2
+        expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)
+md5sums=('2f47841c829facb346eb6e3fab5212e2'
+         '216b1b11e155b11a84f11149bc476d30')
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure --prefix=/usr
+  make
+}
+
+check() {
+  make -C $pkgname-$pkgver check
+}
+
+package() {
+  cd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}

Copied: expat/repos/testing-x86_64/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283 (from rev 270943, expat/trunk/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)
===================================================================
--- testing-x86_64/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283	                        (rev 0)
+++ testing-x86_64/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283	2016-07-04 19:46:22 UTC (rev 270944)
@@ -0,0 +1,37 @@
+From f0bec73b018caa07d3e75ec8dd967f3785d71bde Mon Sep 17 00:00:00 2001
+From: Pascal Cuoq <cuoq at trust-in-soft.com>
+Date: Sun, 15 May 2016 09:05:46 +0200
+Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It
+ does not really work: https://godbolt.org/g/Zl8gdF
+
+---
+ expat/lib/xmlparse.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 7586b24..620a820 100644
+--- a/expat/lib/xmlparse.c
++++ b/expat/lib/xmlparse.c
+@@ -1730,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+ #ifdef XML_CONTEXT_BYTES
+     int keep;
+ #endif  /* defined XML_CONTEXT_BYTES */
+-    int neededSize = len + (int)(bufferEnd - bufferPtr);
++    /* Do not invoke signed arithmetic overflow: */
++    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
+     if (neededSize < 0) {
+       errorCode = XML_ERROR_NO_MEMORY;
+       return NULL;
+@@ -1761,7 +1762,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+       if (bufferSize == 0)
+         bufferSize = INIT_BUFFER_SIZE;
+       do {
+-        bufferSize *= 2;
++        /* Do not invoke signed arithmetic overflow: */
++        bufferSize = (int) (2U * (unsigned) bufferSize);
+       } while (bufferSize < neededSize && bufferSize > 0);
+       if (bufferSize <= 0) {
+         errorCode = XML_ERROR_NO_MEMORY;
+-- 
+2.9.0
+

