expat: fix for CVE-2009-3560 and 3720
This commit is contained in:
parent
bac0f0ff82
commit
bce3aac4b5
@ -1 +1,3 @@
|
|||||||
ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz
|
ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz
|
||||||
|
5ea67d4d96b7debe0eaafe2bf39a43b3 expat-CVE-2009-3560.patch
|
||||||
|
6e5ccf683c5df15d74711b2719bd7351 expat-CVE-2009-3720.patch
|
||||||
|
@ -4,11 +4,14 @@
|
|||||||
|
|
||||||
name=expat
|
name=expat
|
||||||
version=2.0.1
|
version=2.0.1
|
||||||
release=1
|
release=2
|
||||||
source=(http://dl.sourceforge.net/$name/$name-$version.tar.gz)
|
source=(http://dl.sourceforge.net/$name/$name-$version.tar.gz
|
||||||
|
expat-CVE-2009-3560.patch expat-CVE-2009-3720.patch)
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd $name-$version
|
cd $name-$version
|
||||||
|
patch -p0 -d lib -i $SRC/expat-CVE-2009-3560.patch
|
||||||
|
patch -p0 -d lib -i $SRC/expat-CVE-2009-3720.patch
|
||||||
./configure --prefix=/usr
|
./configure --prefix=/usr
|
||||||
make
|
make
|
||||||
make prefix=$PKG/usr install
|
make prefix=$PKG/usr install
|
||||||
|
15
expat/expat-CVE-2009-3560.patch
Normal file
15
expat/expat-CVE-2009-3560.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
|
||||||
|
# http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=patch&r1=1.166&r2=1.164
|
||||||
|
|
||||||
|
--- xmlparse.c 2009/09/29 02:49:16 1.164
|
||||||
|
+++ xmlparse.c 2009/12/29 18:42:05 1.166
|
||||||
|
@@ -3701,6 +3701,9 @@
|
||||||
|
return XML_ERROR_UNCLOSED_TOKEN;
|
||||||
|
case XML_TOK_PARTIAL_CHAR:
|
||||||
|
return XML_ERROR_PARTIAL_CHAR;
|
||||||
|
+ case -XML_TOK_PROLOG_S:
|
||||||
|
+ tok = -tok;
|
||||||
|
+ break;
|
||||||
|
case XML_TOK_NONE:
|
||||||
|
#ifdef XML_DTD
|
||||||
|
/* for internal PE NOT referenced between declarations */
|
14
expat/expat-CVE-2009-3720.patch
Normal file
14
expat/expat-CVE-2009-3720.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
|
||||||
|
# http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch
|
||||||
|
|
||||||
|
--- xmltok_impl.c 2006/11/26 17:34:46 1.13
|
||||||
|
+++ xmltok_impl.c 2008/06/13 13:18:44 1.15
|
||||||
|
@@ -1744,7 +1744,7 @@
|
||||||
|
const char *end,
|
||||||
|
POSITION *pos)
|
||||||
|
{
|
||||||
|
- while (ptr != end) {
|
||||||
|
+ while (ptr < end) {
|
||||||
|
switch (BYTE_TYPE(enc, ptr)) {
|
||||||
|
#define LEAD_CASE(n) \
|
||||||
|
case BT_LEAD ## n: \
|
Loading…
Reference in New Issue
Block a user