gnu: expat: Fix regression caused by fix for CVE-2016-0718.
* gnu/packages/xml.scm (expat)[replacement]: New field. (expat/fixed): New variable. * gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Leo Famulari <leo@famulari.name>
This commit is contained in:
parent
32f70e1f86
commit
b9bc6e8420
|
@ -506,6 +506,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
|
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
|
||||||
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \
|
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \
|
||||||
%D%/packages/patches/expat-CVE-2016-0718.patch \
|
%D%/packages/patches/expat-CVE-2016-0718.patch \
|
||||||
|
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
|
||||||
%D%/packages/patches/fastcap-mulGlobal.patch \
|
%D%/packages/patches/fastcap-mulGlobal.patch \
|
||||||
%D%/packages/patches/fastcap-mulSetup.patch \
|
%D%/packages/patches/fastcap-mulSetup.patch \
|
||||||
%D%/packages/patches/fasthenry-spAllocate.patch \
|
%D%/packages/patches/fasthenry-spAllocate.patch \
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.
|
||||||
|
|
||||||
|
Discussion:
|
||||||
|
|
||||||
|
https://sourceforge.net/p/expat/bugs/539/
|
||||||
|
|
||||||
|
Patch copied from upstream source repository:
|
||||||
|
|
||||||
|
https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
|
||||||
|
|
||||||
|
From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sebastian Pipping <sebastian@pipping.org>
|
||||||
|
Date: Sun, 17 Jul 2016 20:22:29 +0200
|
||||||
|
Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
|
||||||
|
|
||||||
|
Thanks to Andy Wang and Karl Waclawek!
|
||||||
|
---
|
||||||
|
expat/lib/xmlparse.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
|
||||||
|
index b308e67..0d5dd7b 100644
|
||||||
|
--- a/lib/xmlparse.c
|
||||||
|
+++ b/lib/xmlparse.c
|
||||||
|
@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
|
||||||
|
&fromPtr, rawNameEnd,
|
||||||
|
(ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
|
||||||
|
convLen = (int)(toPtr - (XML_Char *)tag->buf);
|
||||||
|
- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
|
||||||
|
+ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
|
||||||
|
tag->name.strLen = convLen;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.10.0
|
|
@ -52,6 +52,7 @@
|
||||||
(define-public expat
|
(define-public expat
|
||||||
(package
|
(package
|
||||||
(name "expat")
|
(name "expat")
|
||||||
|
(replacement expat/fixed)
|
||||||
(version "2.1.1")
|
(version "2.1.1")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
|
@ -72,6 +73,17 @@ stream-oriented parser in which an application registers handlers for
|
||||||
things the parser might find in the XML document (like start tags).")
|
things the parser might find in the XML document (like start tags).")
|
||||||
(license license:expat)))
|
(license license:expat)))
|
||||||
|
|
||||||
|
(define expat/fixed
|
||||||
|
(package
|
||||||
|
(inherit expat)
|
||||||
|
(source (origin
|
||||||
|
(inherit (package-source expat))
|
||||||
|
(patches (search-patches
|
||||||
|
"expat-CVE-2012-6702-and-CVE-2016-5300.patch"
|
||||||
|
"expat-CVE-2015-1283-refix.patch"
|
||||||
|
"expat-CVE-2016-0718.patch"
|
||||||
|
"expat-CVE-2016-0718-fix-regression.patch"))))))
|
||||||
|
|
||||||
(define-public libxml2
|
(define-public libxml2
|
||||||
(package
|
(package
|
||||||
(name "libxml2")
|
(name "libxml2")
|
||||||
|
|
Loading…
Reference in New Issue