aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-09-11 09:40:07 -0300
committerNatanael Copa <ncopa@alpinelinux.org>2019-09-13 07:47:17 +0200
commitf99152b5f555bb218d0f31324ab58d589fc9c68a (patch)
tree709a65aec081e3d84887ee9be2ceb2397d0f81c2
parentad1a1cbb15f972302341478541741ecd37b1e990 (diff)
main/expat: fix CVE-2019-15903
ref #10791
-rw-r--r--main/expat/APKBUILD15
-rw-r--r--main/expat/CVE-2019-15903.patch80
2 files changed, 90 insertions, 5 deletions
diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
index 14438038dd6..a8b7893bce6 100644
--- a/main/expat/APKBUILD
+++ b/main/expat/APKBUILD
@@ -1,21 +1,25 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=expat
pkgver=2.2.7
-pkgrel=0
+pkgrel=1
pkgdesc="An XML Parser library written in C"
url="http://www.libexpat.org/"
arch="all"
license='MIT'
checkdepends="bash"
-source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2"
+source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
+ CVE-2019-15903.patch
+ "
subpackages="$pkgname-dev $pkgname-doc"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 2.2.7-r1:
+# - CVE-2019-15903
# 2.2.7-r0:
-# - CVE-2018-20843
+# - CVE-2018-20843
# 2.2.0-r1:
-# - CVE-2017-9233
+# - CVE-2017-9233
build() {
cd "$builddir"
@@ -37,4 +41,5 @@ package() {
make DESTDIR="$pkgdir/" install
}
-sha512sums="a078692317b44f14a9acdca4ddc04adac6a48d22ab321bba3e9e32c92131752aa397915d7121c4a95dc1b603d6a6128f7dce3741093d4322944787e0b49b4c00 expat-2.2.7.tar.bz2"
+sha512sums="a078692317b44f14a9acdca4ddc04adac6a48d22ab321bba3e9e32c92131752aa397915d7121c4a95dc1b603d6a6128f7dce3741093d4322944787e0b49b4c00 expat-2.2.7.tar.bz2
+87ed7dc760a1b119cdca6af23b23eab25142a0758f55e5fd64036727ae7c3f4456a25083f3ed3d9810b9f17658b31b95212f8458765a8aec8a314b0729db1a5a CVE-2019-15903.patch"
diff --git a/main/expat/CVE-2019-15903.patch b/main/expat/CVE-2019-15903.patch
new file mode 100644
index 00000000000..bfba7a87b4f
--- /dev/null
+++ b/main/expat/CVE-2019-15903.patch
@@ -0,0 +1,80 @@
+diff --git a/lib/xmlparse.c b/lib/xmlparse.c
+index 9c0987f..b8656ca 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -405,7 +405,7 @@ initializeEncoding(XML_Parser parser);
+ static enum XML_Error
+ doProlog(XML_Parser parser, const ENCODING *enc, const char *s,
+ const char *end, int tok, const char *next, const char **nextPtr,
+- XML_Bool haveMore);
++ XML_Bool haveMore, XML_Bool allowClosingDoctype);
+ static enum XML_Error
+ processInternalEntity(XML_Parser parser, ENTITY *entity,
+ XML_Bool betweenDecl);
+@@ -4232,7 +4232,7 @@ externalParEntProcessor(XML_Parser parser,
+
+ parser->m_processor = prologProcessor;
+ return doProlog(parser, parser->m_encoding, s, end, tok, next,
+- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
++ nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
+ }
+
+ static enum XML_Error PTRCALL
+@@ -4282,7 +4282,7 @@ prologProcessor(XML_Parser parser,
+ const char *next = s;
+ int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
+ return doProlog(parser, parser->m_encoding, s, end, tok, next,
+- nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
++ nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
+ }
+
+ static enum XML_Error
+@@ -4293,7 +4293,7 @@ doProlog(XML_Parser parser,
+ int tok,
+ const char *next,
+ const char **nextPtr,
+- XML_Bool haveMore)
++ XML_Bool haveMore, XML_Bool allowClosingDoctype)
+ {
+ #ifdef XML_DTD
+ static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' };
+@@ -4472,6 +4472,11 @@ doProlog(XML_Parser parser,
+ }
+ break;
+ case XML_ROLE_DOCTYPE_CLOSE:
++ if (allowClosingDoctype != XML_TRUE) {
++ /* Must not close doctype from within expanded parameter entities */
++ return XML_ERROR_INVALID_TOKEN;
++ }
++
+ if (parser->m_doctypeName) {
+ parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName,
+ parser->m_doctypeSysid, parser->m_doctypePubid, 0);
+@@ -5409,7 +5414,7 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,
+ if (entity->is_param) {
+ int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+ result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
+- next, &next, XML_FALSE);
++ next, &next, XML_FALSE, XML_FALSE);
+ }
+ else
+ #endif /* XML_DTD */
+@@ -5456,7 +5461,7 @@ internalEntityProcessor(XML_Parser parser,
+ if (entity->is_param) {
+ int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
+ result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
+- next, &next, XML_FALSE);
++ next, &next, XML_FALSE, XML_FALSE);
+ }
+ else
+ #endif /* XML_DTD */
+@@ -5483,7 +5488,7 @@ internalEntityProcessor(XML_Parser parser,
+ parser->m_processor = prologProcessor;
+ tok = XmlPrologTok(parser->m_encoding, s, end, &next);
+ return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
+- (XML_Bool)!parser->m_parsingStatus.finalBuffer);
++ (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
+ }
+ else
+ #endif /* XML_DTD */
+