[arch-commits] Commit in xerces-c/trunk (PKGBUILD xerces-c-cve-2016-2099.patch)
Lukas Fleischer
lfleischer at archlinux.org
Sat Jun 25 11:51:19 UTC 2016
Date: Saturday, June 25, 2016 @ 11:51:19
Author: lfleischer
Revision: 270636
upgpkg: xerces-c 3.1.3-2
Add a patch for CVE-2016-2099 (fixes FS#49353).
Added:
xerces-c/trunk/xerces-c-cve-2016-2099.patch
Modified:
xerces-c/trunk/PKGBUILD
------------------------------+
PKGBUILD | 17 ++++++++++++-----
xerces-c-cve-2016-2099.patch | 19 +++++++++++++++++++
2 files changed, 31 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-06-25 09:22:25 UTC (rev 270635)
+++ PKGBUILD 2016-06-25 11:51:19 UTC (rev 270636)
@@ -5,17 +5,24 @@
pkgname=xerces-c
pkgver=3.1.3
-pkgrel=1
+pkgrel=2
pkgdesc="A validating XML parser written in a portable subset of C++"
arch=('i686' 'x86_64')
url="http://xerces.apache.org/xerces-c/"
license=('APACHE')
depends=('gcc-libs' 'curl')
-source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz")
-md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d')
+source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz"
+ xerces-c-cve-2016-2099.patch)
+md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d'
+ '382aa993dc070be469e2ff2b2a9bad09')
+prepare() {
+ cd "${pkgname}-${pkgver}"
+ patch -p1 -i ../xerces-c-cve-2016-2099.patch
+}
+
build() {
- cd ${pkgname}-${pkgver}
+ cd "${pkgname}-${pkgver}"
[[ "${CARCH}" = "i686" ]] && SSE2="--disable-sse2"
./configure --prefix=/usr --sysconfdir=/etc ${SSE2}
@@ -23,6 +30,6 @@
}
package() {
- cd ${pkgname}-${pkgver}
+ cd "${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}/" install
}
Added: xerces-c-cve-2016-2099.patch
===================================================================
--- xerces-c-cve-2016-2099.patch (rev 0)
+++ xerces-c-cve-2016-2099.patch 2016-06-25 11:51:19 UTC (rev 270636)
@@ -0,0 +1,19 @@
+--- a/src/xercesc/validators/DTD/DTDScanner.cpp
++++ b/src/xercesc/validators/DTD/DTDScanner.cpp
+@@ -2509,7 +2509,15 @@ void DTDScanner::scanExtSubsetDecl(const
+ {
+ while (true)
+ {
+- const XMLCh nextCh = fReaderMgr->peekNextChar();
++ XMLCh nextCh;
++
++ try {
++ nextCh = fReaderMgr->peekNextChar();
++ }
++ catch (XMLException& ex) {
++ fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL);
++ nextCh = chNull;
++ }
+
+ if (!nextCh)
+ {
More information about the arch-commits
mailing list