ee8b492592568805593f81f8cdf2a04c expat-2.0.1.tar.gz
+5ea67d4d96b7debe0eaafe2bf39a43b3 expat-CVE-2009-3560.patch
+6e5ccf683c5df15d74711b2719bd7351 expat-CVE-2009-3720.patch
name=expat
version=2.0.1
-release=1
-source=(http://dl.sourceforge.net/$name/$name-$version.tar.gz)
+release=2
+source=(http://dl.sourceforge.net/$name/$name-$version.tar.gz \
+ expat-CVE-2009-3560.patch expat-CVE-2009-3720.patch)
build() {
- cd $name-$version
- ./configure --build=$CHOST \
- --host=$CTARGET \
- --prefix=/usr
- make
- make prefix=$PKG/usr install
+ cd $name-$version
+ patch -p0 -d lib -i $SRC/expat-CVE-2009-3560.patch
+ patch -p0 -d lib -i $SRC/expat-CVE-2009-3720.patch
+ ./configure --build=$CHOST \
+ --host=$CTARGET \
+ --prefix=/usr
+ make
+ make prefix=$PKG/usr install
}
--- /dev/null
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
+# http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=patch&r1=1.166&r2=1.164
+
+--- xmlparse.c 2009/09/29 02:49:16 1.164
++++ xmlparse.c 2009/12/29 18:42:05 1.166
+@@ -3701,6 +3701,9 @@
+ return XML_ERROR_UNCLOSED_TOKEN;
+ case XML_TOK_PARTIAL_CHAR:
+ return XML_ERROR_PARTIAL_CHAR;
++ case -XML_TOK_PROLOG_S:
++ tok = -tok;
++ break;
+ case XML_TOK_NONE:
+ #ifdef XML_DTD
+ /* for internal PE NOT referenced between declarations */
--- /dev/null
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
+# http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch
+
+--- xmltok_impl.c 2006/11/26 17:34:46 1.13
++++ xmltok_impl.c 2008/06/13 13:18:44 1.15
+@@ -1744,7 +1744,7 @@
+ const char *end,
+ POSITION *pos)
+ {
+- while (ptr != end) {
++ while (ptr < end) {
+ switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+ case BT_LEAD ## n: \
development / attic / ports / opt-cross.git / commitdiff