[arch-commits] Commit in expat/trunk (2 files)
Jan de Groot
jgc at archlinux.org
Wed Jul 6 18:24:35 UTC 2016
Date: Wednesday, July 6, 2016 @ 18:24:34
Author: jgc
Revision: 271096
Remove patch, revert pkgrel as -1 is what is in core, -2 was pulled
Modified:
expat/trunk/PKGBUILD
Deleted:
expat/trunk/expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283
------------------------------------------------------------------+
PKGBUILD | 8 --
expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283 | 37 ----------
2 files changed, 3 insertions(+), 42 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-07-06 18:06:57 UTC (rev 271095)
+++ PKGBUILD 2016-07-06 18:24:34 UTC (rev 271096)
@@ -5,16 +5,14 @@
pkgname=expat
pkgver=2.2.0
-pkgrel=2
+pkgrel=1
pkgdesc='An XML parser library'
arch=('i686' 'x86_64')
url='http://expat.sourceforge.net/'
license=('custom')
depends=('glibc')
-source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2
- expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283)
-md5sums=('2f47841c829facb346eb6e3fab5212e2'
- '216b1b11e155b11a84f11149bc476d30')
+source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2)
+md5sums=('2f47841c829facb346eb6e3fab5212e2')
build() {
cd $pkgname-$pkgver
Deleted: expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283
===================================================================
--- expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283 2016-07-06 18:06:57 UTC (rev 271095)
+++ expat-2.2.0-Avoid-relying-on-undefined-behavior-in-CVE-2015-1283 2016-07-06 18:24:34 UTC (rev 271096)
@@ -1,37 +0,0 @@
-From f0bec73b018caa07d3e75ec8dd967f3785d71bde Mon Sep 17 00:00:00 2001
-From: Pascal Cuoq <cuoq at trust-in-soft.com>
-Date: Sun, 15 May 2016 09:05:46 +0200
-Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It
- does not really work: https://godbolt.org/g/Zl8gdF
-
----
- expat/lib/xmlparse.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
-index 7586b24..620a820 100644
---- a/expat/lib/xmlparse.c
-+++ b/expat/lib/xmlparse.c
-@@ -1730,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len)
- #ifdef XML_CONTEXT_BYTES
- int keep;
- #endif /* defined XML_CONTEXT_BYTES */
-- int neededSize = len + (int)(bufferEnd - bufferPtr);
-+ /* Do not invoke signed arithmetic overflow: */
-+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
- if (neededSize < 0) {
- errorCode = XML_ERROR_NO_MEMORY;
- return NULL;
-@@ -1761,7 +1762,8 @@ XML_GetBuffer(XML_Parser parser, int len)
- if (bufferSize == 0)
- bufferSize = INIT_BUFFER_SIZE;
- do {
-- bufferSize *= 2;
-+ /* Do not invoke signed arithmetic overflow: */
-+ bufferSize = (int) (2U * (unsigned) bufferSize);
- } while (bufferSize < neededSize && bufferSize > 0);
- if (bufferSize <= 0) {
- errorCode = XML_ERROR_NO_MEMORY;
---
-2.9.0
-
More information about the arch-commits
mailing list