Date: Friday, August 5, 2016 @ 21:29:46 Author: bpiotrowski Revision: 273351
archrelease: copy trunk to testing-i686, testing-x86_64 Added: expat/repos/testing-i686/ expat/repos/testing-i686/PKGBUILD (from rev 273350, expat/trunk/PKGBUILD) expat/repos/testing-i686/expat-2.2.0-CVE-2016-0718-regression.patch (from rev 273350, expat/trunk/expat-2.2.0-CVE-2016-0718-regression.patch) expat/repos/testing-x86_64/ expat/repos/testing-x86_64/PKGBUILD (from rev 273350, expat/trunk/PKGBUILD) expat/repos/testing-x86_64/expat-2.2.0-CVE-2016-0718-regression.patch (from rev 273350, expat/trunk/expat-2.2.0-CVE-2016-0718-regression.patch) -----------------------------------------------------------+ testing-i686/PKGBUILD | 38 ++++++++++++ testing-i686/expat-2.2.0-CVE-2016-0718-regression.patch | 27 ++++++++ testing-x86_64/PKGBUILD | 38 ++++++++++++ testing-x86_64/expat-2.2.0-CVE-2016-0718-regression.patch | 27 ++++++++ 4 files changed, 130 insertions(+) Copied: expat/repos/testing-i686/PKGBUILD (from rev 273350, expat/trunk/PKGBUILD) =================================================================== --- testing-i686/PKGBUILD (rev 0) +++ testing-i686/PKGBUILD 2016-08-05 21:29:46 UTC (rev 273351) @@ -0,0 +1,38 @@ +# $Id$ +# Maintainer: Bartłomiej Piotrowski <bpiotrow...@archlinux.org> +# Contributor: Allan McRae <al...@archlinux.org> +# Contributor: Judd Vinet <jvi...@zeroflux.org> + +pkgname=expat +pkgver=2.2.0 +pkgrel=2 +pkgdesc='An XML parser library' +arch=('i686' 'x86_64') +url='http://expat.sourceforge.net/' +license=('custom') +depends=('glibc') +source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2 + expat-2.2.0-CVE-2016-0718-regression.patch) +md5sums=('2f47841c829facb346eb6e3fab5212e2' + 'dda0b42ed32491577d0b5fb6bf0963be') + +prepare() { + cd $pkgname-$pkgver + patch -p2 -i "$srcdir"/expat-2.2.0-CVE-2016-0718-regression.patch +} + +build() { + cd $pkgname-$pkgver + ./configure --prefix=/usr + make +} + +check() { + make -C $pkgname-$pkgver check +} + +package() { + cd $pkgname-$pkgver + make DESTDIR="$pkgdir" install + install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING +} Copied: expat/repos/testing-i686/expat-2.2.0-CVE-2016-0718-regression.patch (from rev 273350, expat/trunk/expat-2.2.0-CVE-2016-0718-regression.patch) =================================================================== --- testing-i686/expat-2.2.0-CVE-2016-0718-regression.patch (rev 0) +++ testing-i686/expat-2.2.0-CVE-2016-0718-regression.patch 2016-08-05 21:29:46 UTC (rev 273351) @@ -0,0 +1,27 @@ +From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebast...@pipping.org> +Date: Sun, 17 Jul 2016 20:22:29 +0200 +Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug + #539) + +Tag names were cut off in some cases; reported by Andy Wang +--- + expat/lib/xmlparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 13e080d..2630310 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser, + &fromPtr, rawNameEnd, + (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); + convLen = (int)(toPtr - (XML_Char *)tag->buf); +- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { ++ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { + tag->name.strLen = convLen; + break; + } +-- +2.9.2 + Copied: expat/repos/testing-x86_64/PKGBUILD (from rev 273350, expat/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2016-08-05 21:29:46 UTC (rev 273351) @@ -0,0 +1,38 @@ +# $Id$ +# Maintainer: Bartłomiej Piotrowski <bpiotrow...@archlinux.org> +# Contributor: Allan McRae <al...@archlinux.org> +# Contributor: Judd Vinet <jvi...@zeroflux.org> + +pkgname=expat +pkgver=2.2.0 +pkgrel=2 +pkgdesc='An XML parser library' +arch=('i686' 'x86_64') +url='http://expat.sourceforge.net/' +license=('custom') +depends=('glibc') +source=(http://downloads.sourceforge.net/sourceforge/expat/$pkgname-$pkgver.tar.bz2 + expat-2.2.0-CVE-2016-0718-regression.patch) +md5sums=('2f47841c829facb346eb6e3fab5212e2' + 'dda0b42ed32491577d0b5fb6bf0963be') + +prepare() { + cd $pkgname-$pkgver + patch -p2 -i "$srcdir"/expat-2.2.0-CVE-2016-0718-regression.patch +} + +build() { + cd $pkgname-$pkgver + ./configure --prefix=/usr + make +} + +check() { + make -C $pkgname-$pkgver check +} + +package() { + cd $pkgname-$pkgver + make DESTDIR="$pkgdir" install + install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING +} Copied: expat/repos/testing-x86_64/expat-2.2.0-CVE-2016-0718-regression.patch (from rev 273350, expat/trunk/expat-2.2.0-CVE-2016-0718-regression.patch) =================================================================== --- testing-x86_64/expat-2.2.0-CVE-2016-0718-regression.patch (rev 0) +++ testing-x86_64/expat-2.2.0-CVE-2016-0718-regression.patch 2016-08-05 21:29:46 UTC (rev 273351) @@ -0,0 +1,27 @@ +From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebast...@pipping.org> +Date: Sun, 17 Jul 2016 20:22:29 +0200 +Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug + #539) + +Tag names were cut off in some cases; reported by Andy Wang +--- + expat/lib/xmlparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 13e080d..2630310 100644 +--- a/expat/lib/xmlparse.c ++++ b/expat/lib/xmlparse.c +@@ -2430,7 +2430,7 @@ doContent(XML_Parser parser, + &fromPtr, rawNameEnd, + (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); + convLen = (int)(toPtr - (XML_Char *)tag->buf); +- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { ++ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { + tag->name.strLen = convLen; + break; + } +-- +2.9.2 +