Date: Saturday, June 25, 2016 @ 11:51:19
Author: lfleischer
Revision: 270636
upgpkg: xerces-c 3.1.3-2
Add a patch for CVE-2016-2099 (fixes FS#49353).
Added:
xerces-c/trunk/xerces-c-cve-2016-2099.patch
Modified:
xerces-c/trunk/PKGBUILD
--+
PKGBUILD | 17 -
xerces-c-cve-2016-2099.patch | 19 +++
2 files changed, 31 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2016-06-25 09:22:25 UTC (rev 270635)
+++ PKGBUILD2016-06-25 11:51:19 UTC (rev 270636)
@@ -5,17 +5,24 @@
pkgname=xerces-c
pkgver=3.1.3
-pkgrel=1
+pkgrel=2
pkgdesc="A validating XML parser written in a portable subset of C++"
arch=('i686' 'x86_64')
url="http://xerces.apache.org/xerces-c/;
license=('APACHE')
depends=('gcc-libs' 'curl')
-source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz;)
-md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d')
+source=("http://apache.osuosl.org/xerces/c/3/sources/${pkgname}-${pkgver}.tar.gz;
+xerces-c-cve-2016-2099.patch)
+md5sums=('70320ab0e3269e47d978a6ca0c0e1e2d'
+ '382aa993dc070be469e2ff2b2a9bad09')
+prepare() {
+ cd "${pkgname}-${pkgver}"
+ patch -p1 -i ../xerces-c-cve-2016-2099.patch
+}
+
build() {
- cd ${pkgname}-${pkgver}
+ cd "${pkgname}-${pkgver}"
[[ "${CARCH}" = "i686" ]] && SSE2="--disable-sse2"
./configure --prefix=/usr --sysconfdir=/etc ${SSE2}
@@ -23,6 +30,6 @@
}
package() {
- cd ${pkgname}-${pkgver}
+ cd "${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}/" install
}
Added: xerces-c-cve-2016-2099.patch
===
--- xerces-c-cve-2016-2099.patch(rev 0)
+++ xerces-c-cve-2016-2099.patch2016-06-25 11:51:19 UTC (rev 270636)
@@ -0,0 +1,19 @@
+--- a/src/xercesc/validators/DTD/DTDScanner.cpp
b/src/xercesc/validators/DTD/DTDScanner.cpp
+@@ -2509,7 +2509,15 @@ void DTDScanner::scanExtSubsetDecl(const
+ {
+ while (true)
+ {
+-const XMLCh nextCh = fReaderMgr->peekNextChar();
++XMLCh nextCh;
++
++try {
++nextCh = fReaderMgr->peekNextChar();
++}
++catch (XMLException& ex) {
++fScanner->emitError(XMLErrs::XMLException_Fatal,
ex.getCode(), ex.getMessage(), NULL, NULL);
++nextCh = chNull;
++}
+
+ if (!nextCh)
+ {