[arch-commits] Commit in xerces-c/trunk (PKGBUILD xerces-c-cve-2016-2099.patch)

Sat Jun 25 11:51:19 UTC 2016

Date: Saturday, June 25, 2016 @ 11:51:19
  Author: lfleischer
Revision: 270636

upgpkg: xerces-c 3.1.3-2

Add a patch for CVE-2016-2099 (fixes FS#49353).

Added:
  xerces-c/trunk/xerces-c-cve-2016-2099.patch
Modified:
  xerces-c/trunk/PKGBUILD

------------------------------+
 PKGBUILD                     |   17 ++++++++++++-----
 xerces-c-cve-2016-2099.patch |   19 +++++++++++++++++++
 2 files changed, 31 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2016-06-25 09:22:25 UTC (rev 270635)
+++ PKGBUILD	2016-06-25 11:51:19 UTC (rev 270636)
@@ -5,17 +5,24 @@
 
 pkgname=xerces-c
 pkgver=3.1.3
-pkgrel=1
+pkgrel=2
 pkgdesc="A validating XML parser written in a portable subset of C++"
 arch=('i686' 'x86_64')
 url="http://xerces.apache.org/xerces-c/"
 license=('APACHE')
 depends=('gcc-libs' 'curl')
-source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz")
-md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d')
+source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz"
+        xerces-c-cve-2016-2099.patch)
+md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d'
+         '382aa993dc070be469e2ff2b2a9bad09')
 
+prepare() {
+  cd "${pkgname}-${pkgver}"
+  patch -p1 -i ../xerces-c-cve-2016-2099.patch
+}
+
 build() {
-  cd ${pkgname}-${pkgver}
+  cd "${pkgname}-${pkgver}"
 
   [[ "${CARCH}" = "i686" ]] && SSE2="--disable-sse2"
   ./configure --prefix=/usr --sysconfdir=/etc ${SSE2}
@@ -23,6 +30,6 @@
 }
 
 package() {
-  cd ${pkgname}-${pkgver}
+  cd "${pkgname}-${pkgver}"
   make DESTDIR="${pkgdir}/" install
 }

Added: xerces-c-cve-2016-2099.patch
===================================================================
--- xerces-c-cve-2016-2099.patch	                        (rev 0)
+++ xerces-c-cve-2016-2099.patch	2016-06-25 11:51:19 UTC (rev 270636)
@@ -0,0 +1,19 @@
+--- a/src/xercesc/validators/DTD/DTDScanner.cpp
++++ b/src/xercesc/validators/DTD/DTDScanner.cpp
+@@ -2509,7 +2509,15 @@ void DTDScanner::scanExtSubsetDecl(const
+         {
+             while (true)
+             {
+-                const XMLCh nextCh = fReaderMgr->peekNextChar();
++                XMLCh nextCh;
++
++                try {
++                    nextCh = fReaderMgr->peekNextChar();
++                }
++                catch (XMLException& ex) {
++                    fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL);
++                    nextCh = chNull;
++                }
+ 
+                 if (!nextCh)
+                 {

