[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: expat: Fix regression caused by fix for CVE-2016-0718.
|
From: |
Leo Famulari |
|
Subject: |
01/01: gnu: expat: Fix regression caused by fix for CVE-2016-0718. |
|
Date: |
Tue, 27 Sep 2016 17:49:54 +0000 (UTC) |
lfam pushed a commit to branch master
in repository guix.
commit b9bc6e842066b066ebdf9eaf75d41753598d75b5
Author: Leo Famulari <address@hidden>
Date: Mon Sep 12 16:54:45 2016 -0400
gnu: expat: Fix regression caused by fix for CVE-2016-0718.
* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat/fixed): New variable.
* gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Signed-off-by: Leo Famulari <address@hidden>
---
gnu/local.mk | 1 +
.../expat-CVE-2016-0718-fix-regression.patch | 35 ++++++++++++++++++++
gnu/packages/xml.scm | 12 +++++++
3 files changed, 48 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index a690b6e..e8bae66 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -506,6 +506,7 @@ dist_patch_DATA =
\
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \
%D%/packages/patches/expat-CVE-2016-0718.patch \
+ %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
%D%/packages/patches/fastcap-mulSetup.patch \
%D%/packages/patches/fasthenry-spAllocate.patch \
diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
new file mode 100644
index 0000000..b489401
--- /dev/null
+++ b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
@@ -0,0 +1,35 @@
+Fix regression caused by fix for CVE-2016-0718 when building with
-DXML_UNICODE.
+
+Discussion:
+
+https://sourceforge.net/p/expat/bugs/539/
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
+
+From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <address@hidden>
+Date: Sun, 17 Jul 2016 20:22:29 +0200
+Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
+
+Thanks to Andy Wang and Karl Waclawek!
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index b308e67..0d5dd7b 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
+ &fromPtr, rawNameEnd,
+ (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
+ convLen = (int)(toPtr - (XML_Char *)tag->buf);
+- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res ==
XML_CONVERT_INPUT_INCOMPLETE)) {
++ if ((fromPtr >= rawNameEnd) || (convert_res ==
XML_CONVERT_INPUT_INCOMPLETE)) {
+ tag->name.strLen = convLen;
+ break;
+ }
+--
+2.10.0
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index cd3426b..879b37a 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -52,6 +52,7 @@
(define-public expat
(package
(name "expat")
+ (replacement expat/fixed)
(version "2.1.1")
(source (origin
(method url-fetch)
@@ -72,6 +73,17 @@ stream-oriented parser in which an application registers
handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
+(define expat/fixed
+ (package
+ (inherit expat)
+ (source (origin
+ (inherit (package-source expat))
+ (patches (search-patches
+ "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
+ "expat-CVE-2015-1283-refix.patch"
+ "expat-CVE-2016-0718.patch"
+ "expat-CVE-2016-0718-fix-regression.patch"))))))
+
(define-public libxml2
(package
(name "libxml2")