[gentoo-commits] repo/gentoo:master commit in: dev-libs/expat/files/, dev-libs/expat/ - gentoo-commits

From:	Sebastian Pipping <sping@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/expat/files/, dev-libs/expat/
Date:	Tue, 26 Jul 2016 19:25:11
Message-Id:	`1469561012.16a87b549461e49ac8b7915d892d4d8ca187c1b1.sping@gentoo`

1

commit:     16a87b549461e49ac8b7915d892d4d8ca187c1b1

2

Author:     Sebastian Pipping <sping <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jul 26 19:23:09 2016 +0000

4

Commit:     Sebastian Pipping <sping <AT> gentoo <DOT> org>

5

CommitDate: Tue Jul 26 19:23:32 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16a87b54

7

8

dev-libs/expat: CVE-2016-0718 regression fix

9

10

Package-Manager: portage-2.2.28

11

12

 .../{expat-2.2.0.ebuild => expat-2.1.1-r3.ebuild}  | 10 ++++++++

13

 .../{expat-2.2.0.ebuild => expat-2.2.0-r1.ebuild}  |  4 ++++

14

 .../expat-2.1.1-CVE-2016-0718-regression.patch     | 27 ++++++++++++++++++++++

15

 3 files changed, 41 insertions(+)

16

17

diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.1.1-r3.ebuild

18

similarity index 86%

19

copy from dev-libs/expat/expat-2.2.0.ebuild

20

copy to dev-libs/expat/expat-2.1.1-r3.ebuild

21

index e373b86..cd97f7a 100644

22

--- a/dev-libs/expat/expat-2.2.0.ebuild

23

+++ b/dev-libs/expat/expat-2.1.1-r3.ebuild

24

@@ -16,6 +16,16 @@ IUSE="elibc_FreeBSD examples static-libs unicode"

25

 RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6

26

 		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"

27

28

+src_prepare() {

29

+	# https://bugs.gentoo.org/show_bug.cgi?id=583268

30

+	epatch "${FILESDIR}"/${P}-CVE-2015-1283-refix.patch

31

+	epatch "${FILESDIR}"/${P}-CVE-2016-0718-v2-2-1.patch

32

+	epatch "${FILESDIR}"/${P}-CVE-2016-0718-regression.patch

33

+

34

+	# https://bugs.gentoo.org/show_bug.cgi?id=577928

35

+	epatch "${FILESDIR}"/${P}-CVE-2012-6702-plus-CVE-2016-5300-v1.patch

36

+}

37

+

38

 multilib_src_configure() {

39

 	local myconf="$(use_enable static-libs static)"

40

41

42

diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.2.0-r1.ebuild

43

similarity index 96%

44

rename from dev-libs/expat/expat-2.2.0.ebuild

45

rename to dev-libs/expat/expat-2.2.0-r1.ebuild

46

index e373b86..55efcb4 100644

47

--- a/dev-libs/expat/expat-2.2.0.ebuild

48

+++ b/dev-libs/expat/expat-2.2.0-r1.ebuild

49

@@ -16,6 +16,10 @@ IUSE="elibc_FreeBSD examples static-libs unicode"

50

 RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6

51

 		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"

52

53

+src_prepare() {

54

+	epatch "${FILESDIR}"/${PN}-2.1.1-CVE-2016-0718-regression.patch

55

+}

56

+

57

 multilib_src_configure() {

58

 	local myconf="$(use_enable static-libs static)"

59

60

61

diff --git a/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch

62

new file mode 100644

63

index 0000000..03ea42d

64

--- /dev/null

65

+++ b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch

66

@@ -0,0 +1,27 @@

67

+From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001

68

+From: Sebastian Pipping <sebastian@×××××××.org>

69

+Date: Sun, 17 Jul 2016 20:22:29 +0200

70

+Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug

71

+ #539)

72

+

73

+Tag names were cut off in some cases; reported by Andy Wang

74

+---

75

+ expat/lib/xmlparse.c | 2 +-

76

+ 1 file changed, 1 insertion(+), 1 deletion(-)

77

+

78

+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c

79

+index 13e080d..2630310 100644

80

+--- a/expat/lib/xmlparse.c

81

++++ b/expat/lib/xmlparse.c

82

+@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser,

83

+                        &fromPtr, rawNameEnd,

84

+                        (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);

85

+             convLen = (int)(toPtr - (XML_Char *)tag->buf);

86

+-            if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {

87

++            if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {

88

+               tag->name.strLen = convLen;

89

+               break;

90

+             }

91

+--

92

+2.9.2

93

+

1	commit: 16a87b549461e49ac8b7915d892d4d8ca187c1b1
2	Author: Sebastian Pipping <sping <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jul 26 19:23:09 2016 +0000
4	Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org>
5	CommitDate: Tue Jul 26 19:23:32 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16a87b54
7
8	dev-libs/expat: CVE-2016-0718 regression fix
9
10	Package-Manager: portage-2.2.28
11
12	.../{expat-2.2.0.ebuild => expat-2.1.1-r3.ebuild} \| 10 ++++++++
13	.../{expat-2.2.0.ebuild => expat-2.2.0-r1.ebuild} \| 4 ++++
14	.../expat-2.1.1-CVE-2016-0718-regression.patch \| 27 ++++++++++++++++++++++
15	3 files changed, 41 insertions(+)
16
17	diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.1.1-r3.ebuild
18	similarity index 86%
19	copy from dev-libs/expat/expat-2.2.0.ebuild
20	copy to dev-libs/expat/expat-2.1.1-r3.ebuild
21	index e373b86..cd97f7a 100644
22	--- a/dev-libs/expat/expat-2.2.0.ebuild
23	+++ b/dev-libs/expat/expat-2.1.1-r3.ebuild
24	@@ -16,6 +16,16 @@ IUSE="elibc_FreeBSD examples static-libs unicode"
25	RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6
26	!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
27
28	+src_prepare() {
29	+ # https://bugs.gentoo.org/show_bug.cgi?id=583268
30	+ epatch "${FILESDIR}"/${P}-CVE-2015-1283-refix.patch
31	+ epatch "${FILESDIR}"/${P}-CVE-2016-0718-v2-2-1.patch
32	+ epatch "${FILESDIR}"/${P}-CVE-2016-0718-regression.patch
33	+
34	+ # https://bugs.gentoo.org/show_bug.cgi?id=577928
35	+ epatch "${FILESDIR}"/${P}-CVE-2012-6702-plus-CVE-2016-5300-v1.patch
36	+}
37	+
38	multilib_src_configure() {
39	local myconf="$(use_enable static-libs static)"
40
41
42	diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.2.0-r1.ebuild
43	similarity index 96%
44	rename from dev-libs/expat/expat-2.2.0.ebuild
45	rename to dev-libs/expat/expat-2.2.0-r1.ebuild
46	index e373b86..55efcb4 100644
47	--- a/dev-libs/expat/expat-2.2.0.ebuild
48	+++ b/dev-libs/expat/expat-2.2.0-r1.ebuild
49	@@ -16,6 +16,10 @@ IUSE="elibc_FreeBSD examples static-libs unicode"
50	RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6
51	!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )"
52
53	+src_prepare() {
54	+ epatch "${FILESDIR}"/${PN}-2.1.1-CVE-2016-0718-regression.patch
55	+}
56	+
57	multilib_src_configure() {
58	local myconf="$(use_enable static-libs static)"
59
60
61	diff --git a/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch
62	new file mode 100644
63	index 0000000..03ea42d
64	--- /dev/null
65	+++ b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch
66	@@ -0,0 +1,27 @@
67	+From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001
68	+From: Sebastian Pipping <sebastian@×××××××.org>
69	+Date: Sun, 17 Jul 2016 20:22:29 +0200
70	+Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug
71	+ #539)
72	+
73	+Tag names were cut off in some cases; reported by Andy Wang
74	+---
75	+ expat/lib/xmlparse.c \| 2 +-
76	+ 1 file changed, 1 insertion(+), 1 deletion(-)
77	+
78	+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
79	+index 13e080d..2630310 100644
80	+--- a/expat/lib/xmlparse.c
81	++++ b/expat/lib/xmlparse.c
82	+@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser,
83	+ &fromPtr, rawNameEnd,
84	+ (ICHAR *)&toPtr, (ICHAR )tag->bufEnd - 1);
85	+ convLen = (int)(toPtr - (XML_Char *)tag->buf);
86	+- if ((convert_res == XML_CONVERT_COMPLETED) \|\| (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
87	++ if ((fromPtr >= rawNameEnd) \|\| (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
88	+ tag->name.strLen = convLen;
89	+ break;
90	+ }
91	+--
92	+2.9.2
93	+

Gentoo Archives: gentoo-commits