Date: Saturday, June 25, 2016 @ 11:51:19 Author: lfleischer Revision: 270636
upgpkg: xerces-c 3.1.3-2 Add a patch for CVE-2016-2099 (fixes FS#49353). Added: xerces-c/trunk/xerces-c-cve-2016-2099.patch Modified: xerces-c/trunk/PKGBUILD ------------------------------+ PKGBUILD | 17 ++++++++++++----- xerces-c-cve-2016-2099.patch | 19 +++++++++++++++++++ 2 files changed, 31 insertions(+), 5 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2016-06-25 09:22:25 UTC (rev 270635) +++ PKGBUILD 2016-06-25 11:51:19 UTC (rev 270636) @@ -5,17 +5,24 @@ pkgname=xerces-c pkgver=3.1.3 -pkgrel=1 +pkgrel=2 pkgdesc="A validating XML parser written in a portable subset of C++" arch=('i686' 'x86_64') url="http://xerces.apache.org/xerces-c/" license=('APACHE') depends=('gcc-libs' 'curl') -source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz") -md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d') +source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz" + xerces-c-cve-2016-2099.patch) +md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d' + '382aa993dc070be469e2ff2b2a9bad09') +prepare() { + cd "${pkgname}-${pkgver}" + patch -p1 -i ../xerces-c-cve-2016-2099.patch +} + build() { - cd ${pkgname}-${pkgver} + cd "${pkgname}-${pkgver}" [[ "${CARCH}" = "i686" ]] && SSE2="--disable-sse2" ./configure --prefix=/usr --sysconfdir=/etc ${SSE2} @@ -23,6 +30,6 @@ } package() { - cd ${pkgname}-${pkgver} + cd "${pkgname}-${pkgver}" make DESTDIR="${pkgdir}/" install } Added: xerces-c-cve-2016-2099.patch =================================================================== --- xerces-c-cve-2016-2099.patch (rev 0) +++ xerces-c-cve-2016-2099.patch 2016-06-25 11:51:19 UTC (rev 270636) @@ -0,0 +1,19 @@ +--- a/src/xercesc/validators/DTD/DTDScanner.cpp ++++ b/src/xercesc/validators/DTD/DTDScanner.cpp +@@ -2509,7 +2509,15 @@ void DTDScanner::scanExtSubsetDecl(const + { + while (true) + { +- const XMLCh nextCh = fReaderMgr->peekNextChar(); ++ XMLCh nextCh; ++ ++ try { ++ nextCh = fReaderMgr->peekNextChar(); ++ } ++ catch (XMLException& ex) { ++ fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL); ++ nextCh = chNull; ++ } + + if (!nextCh) + {