1 |
commit: 16a87b549461e49ac8b7915d892d4d8ca187c1b1 |
2 |
Author: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jul 26 19:23:09 2016 +0000 |
4 |
Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jul 26 19:23:32 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16a87b54 |
7 |
|
8 |
dev-libs/expat: CVE-2016-0718 regression fix |
9 |
|
10 |
Package-Manager: portage-2.2.28 |
11 |
|
12 |
.../{expat-2.2.0.ebuild => expat-2.1.1-r3.ebuild} | 10 ++++++++ |
13 |
.../{expat-2.2.0.ebuild => expat-2.2.0-r1.ebuild} | 4 ++++ |
14 |
.../expat-2.1.1-CVE-2016-0718-regression.patch | 27 ++++++++++++++++++++++ |
15 |
3 files changed, 41 insertions(+) |
16 |
|
17 |
diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.1.1-r3.ebuild |
18 |
similarity index 86% |
19 |
copy from dev-libs/expat/expat-2.2.0.ebuild |
20 |
copy to dev-libs/expat/expat-2.1.1-r3.ebuild |
21 |
index e373b86..cd97f7a 100644 |
22 |
--- a/dev-libs/expat/expat-2.2.0.ebuild |
23 |
+++ b/dev-libs/expat/expat-2.1.1-r3.ebuild |
24 |
@@ -16,6 +16,16 @@ IUSE="elibc_FreeBSD examples static-libs unicode" |
25 |
RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6 |
26 |
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" |
27 |
|
28 |
+src_prepare() { |
29 |
+ # https://bugs.gentoo.org/show_bug.cgi?id=583268 |
30 |
+ epatch "${FILESDIR}"/${P}-CVE-2015-1283-refix.patch |
31 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-0718-v2-2-1.patch |
32 |
+ epatch "${FILESDIR}"/${P}-CVE-2016-0718-regression.patch |
33 |
+ |
34 |
+ # https://bugs.gentoo.org/show_bug.cgi?id=577928 |
35 |
+ epatch "${FILESDIR}"/${P}-CVE-2012-6702-plus-CVE-2016-5300-v1.patch |
36 |
+} |
37 |
+ |
38 |
multilib_src_configure() { |
39 |
local myconf="$(use_enable static-libs static)" |
40 |
|
41 |
|
42 |
diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.2.0-r1.ebuild |
43 |
similarity index 96% |
44 |
rename from dev-libs/expat/expat-2.2.0.ebuild |
45 |
rename to dev-libs/expat/expat-2.2.0-r1.ebuild |
46 |
index e373b86..55efcb4 100644 |
47 |
--- a/dev-libs/expat/expat-2.2.0.ebuild |
48 |
+++ b/dev-libs/expat/expat-2.2.0-r1.ebuild |
49 |
@@ -16,6 +16,10 @@ IUSE="elibc_FreeBSD examples static-libs unicode" |
50 |
RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6 |
51 |
!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" |
52 |
|
53 |
+src_prepare() { |
54 |
+ epatch "${FILESDIR}"/${PN}-2.1.1-CVE-2016-0718-regression.patch |
55 |
+} |
56 |
+ |
57 |
multilib_src_configure() { |
58 |
local myconf="$(use_enable static-libs static)" |
59 |
|
60 |
|
61 |
diff --git a/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch |
62 |
new file mode 100644 |
63 |
index 0000000..03ea42d |
64 |
--- /dev/null |
65 |
+++ b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch |
66 |
@@ -0,0 +1,27 @@ |
67 |
+From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001 |
68 |
+From: Sebastian Pipping <sebastian@×××××××.org> |
69 |
+Date: Sun, 17 Jul 2016 20:22:29 +0200 |
70 |
+Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug |
71 |
+ #539) |
72 |
+ |
73 |
+Tag names were cut off in some cases; reported by Andy Wang |
74 |
+--- |
75 |
+ expat/lib/xmlparse.c | 2 +- |
76 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
77 |
+ |
78 |
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c |
79 |
+index 13e080d..2630310 100644 |
80 |
+--- a/expat/lib/xmlparse.c |
81 |
++++ b/expat/lib/xmlparse.c |
82 |
+@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser, |
83 |
+ &fromPtr, rawNameEnd, |
84 |
+ (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); |
85 |
+ convLen = (int)(toPtr - (XML_Char *)tag->buf); |
86 |
+- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { |
87 |
++ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { |
88 |
+ tag->name.strLen = convLen; |
89 |
+ break; |
90 |
+ } |
91 |
+-- |
92 |
+2.9.2 |
93 |
+ |