commit: 16a87b549461e49ac8b7915d892d4d8ca187c1b1 Author: Sebastian Pipping <sping <AT> gentoo <DOT> org> AuthorDate: Tue Jul 26 19:23:09 2016 +0000 Commit: Sebastian Pipping <sping <AT> gentoo <DOT> org> CommitDate: Tue Jul 26 19:23:32 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16a87b54
dev-libs/expat: CVE-2016-0718 regression fix Package-Manager: portage-2.2.28 .../{expat-2.2.0.ebuild => expat-2.1.1-r3.ebuild} | 10 ++++++++ .../{expat-2.2.0.ebuild => expat-2.2.0-r1.ebuild} | 4 ++++ .../expat-2.1.1-CVE-2016-0718-regression.patch | 27 ++++++++++++++++++++++ 3 files changed, 41 insertions(+) diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.1.1-r3.ebuild similarity index 86% copy from dev-libs/expat/expat-2.2.0.ebuild copy to dev-libs/expat/expat-2.1.1-r3.ebuild index e373b86..cd97f7a 100644 --- a/dev-libs/expat/expat-2.2.0.ebuild +++ b/dev-libs/expat/expat-2.1.1-r3.ebuild @@ -16,6 +16,16 @@ IUSE="elibc_FreeBSD examples static-libs unicode" RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" +src_prepare() { + # https://bugs.gentoo.org/show_bug.cgi?id=583268 + epatch "${FILESDIR}"/${P}-CVE-2015-1283-refix.patch + epatch "${FILESDIR}"/${P}-CVE-2016-0718-v2-2-1.patch + epatch "${FILESDIR}"/${P}-CVE-2016-0718-regression.patch + + # https://bugs.gentoo.org/show_bug.cgi?id=577928 + epatch "${FILESDIR}"/${P}-CVE-2012-6702-plus-CVE-2016-5300-v1.patch +} + multilib_src_configure() { local myconf="$(use_enable static-libs static)" diff --git a/dev-libs/expat/expat-2.2.0.ebuild b/dev-libs/expat/expat-2.2.0-r1.ebuild similarity index 96% rename from dev-libs/expat/expat-2.2.0.ebuild rename to dev-libs/expat/expat-2.2.0-r1.ebuild index e373b86..55efcb4 100644 --- a/dev-libs/expat/expat-2.2.0.ebuild +++ b/dev-libs/expat/expat-2.2.0-r1.ebuild @@ -16,6 +16,10 @@ IUSE="elibc_FreeBSD examples static-libs unicode" RDEPEND="abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20130224-r6 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] )" +src_prepare() { + epatch "${FILESDIR}"/${PN}-2.1.1-CVE-2016-0718-regression.patch +} + multilib_src_configure() { local myconf="$(use_enable static-libs static)" diff --git a/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch new file mode 100644 index 0000000..03ea42d --- /dev/null +++ b/dev-libs/expat/files/expat-2.1.1-CVE-2016-0718-regression.patch @@ -0,0 +1,27 @@ +From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebast...@pipping.org> +Date: Sun, 17 Jul 2016 20:22:29 +0200 +Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug + #539) + +Tag names were cut off in some cases; reported by Andy Wang +--- + expat/lib/xmlparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 13e080d..2630310 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser, + &fromPtr, rawNameEnd, + (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); + convLen = (int)(toPtr - (XML_Char *)tag->buf); +- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { ++ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { + tag->name.strLen = convLen; + break; + } +-- +2.9.2 +