gnu: expat: Fix regression caused by fix for CVE-2016-0718.

* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat/fixed): New variable.
* gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

Signed-off-by: Leo Famulari <leo@famulari.name>
This commit is contained in:
Leo Famulari 2016-09-12 16:54:45 -04:00
parent 32f70e1f86
commit b9bc6e8420
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 48 additions and 0 deletions

View File

@ -506,6 +506,7 @@ dist_patch_DATA = \
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \ %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \ %D%/packages/patches/expat-CVE-2015-1283-refix.patch \
%D%/packages/patches/expat-CVE-2016-0718.patch \ %D%/packages/patches/expat-CVE-2016-0718.patch \
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \
%D%/packages/patches/fastcap-mulSetup.patch \ %D%/packages/patches/fastcap-mulSetup.patch \
%D%/packages/patches/fasthenry-spAllocate.patch \ %D%/packages/patches/fasthenry-spAllocate.patch \

View File

@ -0,0 +1,35 @@
Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.
Discussion:
https://sourceforge.net/p/expat/bugs/539/
Patch copied from upstream source repository:
https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 17 Jul 2016 20:22:29 +0200
Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
Thanks to Andy Wang and Karl Waclawek!
---
expat/lib/xmlparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index b308e67..0d5dd7b 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
&fromPtr, rawNameEnd,
(ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
convLen = (int)(toPtr - (XML_Char *)tag->buf);
- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
+ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
tag->name.strLen = convLen;
break;
}
--
2.10.0

View File

@ -52,6 +52,7 @@
(define-public expat (define-public expat
(package (package
(name "expat") (name "expat")
(replacement expat/fixed)
(version "2.1.1") (version "2.1.1")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
@ -72,6 +73,17 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).") things the parser might find in the XML document (like start tags).")
(license license:expat))) (license license:expat)))
(define expat/fixed
(package
(inherit expat)
(source (origin
(inherit (package-source expat))
(patches (search-patches
"expat-CVE-2012-6702-and-CVE-2016-5300.patch"
"expat-CVE-2015-1283-refix.patch"
"expat-CVE-2016-0718.patch"
"expat-CVE-2016-0718-fix-regression.patch"))))))
(define-public libxml2 (define-public libxml2
(package (package
(name "libxml2") (name "libxml2")