nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: expat: Fix regression caused by fix for CVE-2016-0718. 

* gnu/packages/xml.scm (expat)[replacement]: New field.
(expat/fixed): New variable.
* gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

Signed-off-by: Leo Famulari <leo@famulari.name>
master
Leo Famulari 2016-09-12 16:54:45 -04:00
parent 32f70e1f86
commit b9bc6e8420
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
3 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -506,6 +506,7 @@ dist_patch_DATA = \
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \ %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \ %D%/packages/patches/expat-CVE-2015-1283-refix.patch \
%D%/packages/patches/expat-CVE-2016-0718.patch \ %D%/packages/patches/expat-CVE-2016-0718.patch \
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \
%D%/packages/patches/fastcap-mulSetup.patch \ %D%/packages/patches/fastcap-mulSetup.patch \
%D%/packages/patches/fasthenry-spAllocate.patch \ %D%/packages/patches/fasthenry-spAllocate.patch \

35
gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch Normal file
View File

@ -0,0 +1,35 @@
Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.
Discussion:
https://sourceforge.net/p/expat/bugs/539/
Patch copied from upstream source repository:
https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/
From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 17 Jul 2016 20:22:29 +0200
Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)
Thanks to Andy Wang and Karl Waclawek!
---
expat/lib/xmlparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index b308e67..0d5dd7b 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
&fromPtr, rawNameEnd,
(ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
convLen = (int)(toPtr - (XML_Char *)tag->buf);
- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
+ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
tag->name.strLen = convLen;
break;
}
--
2.10.0

12
gnu/packages/xml.scm
View File

@ -52,6 +52,7 @@
(define-public expat (define-public expat
(package (package
(name "expat") (name "expat")
(replacement expat/fixed)
(version "2.1.1") (version "2.1.1")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
@ -72,6 +73,17 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).") things the parser might find in the XML document (like start tags).")
(license license:expat))) (license license:expat)))
(define expat/fixed
(package
(inherit expat)
(source (origin
(inherit (package-source expat))
(patches (search-patches
"expat-CVE-2012-6702-and-CVE-2016-5300.patch"
"expat-CVE-2015-1283-refix.patch"
"expat-CVE-2016-0718.patch"
"expat-CVE-2016-0718-fix-regression.patch"))))))
(define-public libxml2 (define-public libxml2
(package (package
(name "libxml2") (name "libxml2")