From 4ef1299b1a4a3a5ca834862f7a55bed1bc81712e Mon Sep 17 00:00:00 2001
From: Victor Martinez <pitillo@ono.com>
Date: Mon, 18 Jan 2010 12:08:54 +0000
Subject: [PATCH] expat: CVE-2009-3560 and 3720

---
 expat/.md5sum                   |  2 ++
 expat/Pkgfile                   | 19 +++++++++++--------
 expat/expat-CVE-2009-3560.patch | 15 +++++++++++++++
 expat/expat-CVE-2009-3720.patch | 14 ++++++++++++++
 4 files changed, 42 insertions(+), 8 deletions(-)
 create mode 100644 expat/expat-CVE-2009-3560.patch
 create mode 100644 expat/expat-CVE-2009-3720.patch

diff --git a/expat/.md5sum b/expat/.md5sum
index 9d051ba..0818fba 100644
--- a/expat/.md5sum
+++ b/expat/.md5sum
@@ -1 +1,3 @@
 ee8b492592568805593f81f8cdf2a04c  expat-2.0.1.tar.gz
+5ea67d4d96b7debe0eaafe2bf39a43b3  expat-CVE-2009-3560.patch
+6e5ccf683c5df15d74711b2719bd7351  expat-CVE-2009-3720.patch
diff --git a/expat/Pkgfile b/expat/Pkgfile
index 1e6f822..13531ab 100644
--- a/expat/Pkgfile
+++ b/expat/Pkgfile
@@ -6,14 +6,17 @@
 
 name=expat
 version=2.0.1
-release=1
-source=(http://dl.sourceforge.net/$name/$name-$version.tar.gz)
+release=2
+source=(http://dl.sourceforge.net/$name/$name-$version.tar.gz \
+        expat-CVE-2009-3560.patch expat-CVE-2009-3720.patch)
 
 build() { 
-    cd $name-$version
-    ./configure --build=$CHOST \
-                --host=$CTARGET \
-                --prefix=/usr
-    make
-    make prefix=$PKG/usr install
+  cd $name-$version
+  patch -p0 -d lib -i $SRC/expat-CVE-2009-3560.patch
+  patch -p0 -d lib -i $SRC/expat-CVE-2009-3720.patch
+  ./configure --build=$CHOST \
+              --host=$CTARGET \
+              --prefix=/usr
+  make
+  make prefix=$PKG/usr install
 }
diff --git a/expat/expat-CVE-2009-3560.patch b/expat/expat-CVE-2009-3560.patch
new file mode 100644
index 0000000..8abdece
--- /dev/null
+++ b/expat/expat-CVE-2009-3560.patch
@@ -0,0 +1,15 @@
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
+# http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=patch&r1=1.166&r2=1.164
+
+--- xmlparse.c	2009/09/29 02:49:16	1.164
++++ xmlparse.c	2009/12/29 18:42:05	1.166
+@@ -3701,6 +3701,9 @@
+         return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+         return XML_ERROR_PARTIAL_CHAR;
++      case -XML_TOK_PROLOG_S:
++        tok = -tok;
++        break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+         /* for internal PE NOT referenced between declarations */
diff --git a/expat/expat-CVE-2009-3720.patch b/expat/expat-CVE-2009-3720.patch
new file mode 100644
index 0000000..994d5ad
--- /dev/null
+++ b/expat/expat-CVE-2009-3720.patch
@@ -0,0 +1,14 @@
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
+# http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch
+
+--- xmltok_impl.c	2006/11/26 17:34:46	1.13
++++ xmltok_impl.c	2008/06/13 13:18:44	1.15
+@@ -1744,7 +1744,7 @@
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \
-- 
2.26.2