astlinux-commits

[Astlinux-commits] SF.net SVN: astlinux:[7592] branches/1.0/package/expat

[<abe...@us...>]

Revision: 7592
          http://sourceforge.net/p/astlinux/code/7592
Author:   abelbeck
Date:     2016-03-15 13:59:21 +0000 (Tue, 15 Mar 2016)
Log Message:
-----------
expat, version bump to 2.1.1

Modified Paths:
--------------
    branches/1.0/package/expat/expat.mk

Removed Paths:
-------------
    branches/1.0/package/expat/expat-0001-fix-CVE-2015-1283.patch

Deleted: branches/1.0/package/expat/expat-0001-fix-CVE-2015-1283.patch
===================================================================
--- branches/1.0/package/expat/expat-0001-fix-CVE-2015-1283.patch	2016-03-14 01:56:44 UTC (rev 7591)
+++ branches/1.0/package/expat/expat-0001-fix-CVE-2015-1283.patch	2016-03-15 13:59:21 UTC (rev 7592)
@@ -1,75 +0,0 @@
-
-Signed-off-by: Gustavo Zacarias <gu...@za...>
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l
-   XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
-   positionPtr = bufferPtr;
-   return result;
- }
- 
- void * XMLCALL
- XML_GetBuffer(XML_Parser parser, int len)
- {
-+/* BEGIN MOZILLA CHANGE (sanity check len) */
-+  if (len < 0) {
-+    errorCode = XML_ERROR_NO_MEMORY;
-+    return NULL;
-+  }
-+/* END MOZILLA CHANGE */
-   switch (ps_parsing) {
-   case XML_SUSPENDED:
-     errorCode = XML_ERROR_SUSPENDED;
-     return NULL;
-   case XML_FINISHED:
-     errorCode = XML_ERROR_FINISHED;
-     return NULL;
-   default: ;
-   }
- 
-   if (len > bufferLim - bufferEnd) {
--    /* FIXME avoid integer overflow */
-     int neededSize = len + (int)(bufferEnd - bufferPtr);
-+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
-+    if (neededSize < 0) {
-+      errorCode = XML_ERROR_NO_MEMORY;
-+      return NULL;
-+    }
-+/* END MOZILLA CHANGE */
- #ifdef XML_CONTEXT_BYTES
-     int keep = (int)(bufferPtr - buffer);
- 
-     if (keep > XML_CONTEXT_BYTES)
-       keep = XML_CONTEXT_BYTES;
-     neededSize += keep;
- #endif  /* defined XML_CONTEXT_BYTES */
-     if (neededSize  <= bufferLim - buffer) {
-@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len
-     }
-     else {
-       char *newBuf;
-       int bufferSize = (int)(bufferLim - bufferPtr);
-       if (bufferSize == 0)
-         bufferSize = INIT_BUFFER_SIZE;
-       do {
-         bufferSize *= 2;
--      } while (bufferSize < neededSize);
-+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
-+      } while (bufferSize < neededSize && bufferSize > 0);
-+/* END MOZILLA CHANGE */
-+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
-+      if (bufferSize <= 0) {
-+        errorCode = XML_ERROR_NO_MEMORY;
-+        return NULL;
-+      }
-+/* END MOZILLA CHANGE */
-       newBuf = (char *)MALLOC(bufferSize);
-       if (newBuf == 0) {
-         errorCode = XML_ERROR_NO_MEMORY;
-         return NULL;
-       }
-       bufferLim = newBuf + bufferSize;
- #ifdef XML_CONTEXT_BYTES
-       if (bufferPtr) {

Modified: branches/1.0/package/expat/expat.mk
===================================================================
--- branches/1.0/package/expat/expat.mk	2016-03-14 01:56:44 UTC (rev 7591)
+++ branches/1.0/package/expat/expat.mk	2016-03-15 13:59:21 UTC (rev 7592)
@@ -4,11 +4,10 @@
 #
 #############################################################
 
-EXPAT_VERSION = 2.1.0
-EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.gz
+EXPAT_VERSION = 2.1.1
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
+EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.bz2
 EXPAT_INSTALL_STAGING = YES
-EXPAT_INSTALL_TARGET = YES
 EXPAT_INSTALL_STAGING_OPT = DESTDIR=$(STAGING_DIR) installlib
 EXPAT_INSTALL_TARGET_OPT = DESTDIR=$(TARGET_DIR) installlib
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Astlinux-commits] SF.net SVN: astlinux:[7734] branches/1.0/package/expat

[<abe...@us...>]

Revision: 7734
          http://sourceforge.net/p/astlinux/code/7734
Author:   abelbeck
Date:     2016-06-24 12:33:20 +0000 (Fri, 24 Jun 2016)
Log Message:
-----------
expat, version bump to 2.2.0, security fixes and drop stray file
Fixes:

CVE-2016-4472 - Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1

CVE-2016-5300 - Use more entropy for hash initialization than the
original fix to CVE-2012-0876

CVE-2012-6702 - Resolve troublesome internal call to srand that was
introduced with Expat 2.1.0 when addressing CVE-2012-0876

Modified Paths:
--------------
    branches/1.0/package/expat/expat.mk

Removed Paths:
-------------
    branches/1.0/package/expat/Makefile.in

Deleted: branches/1.0/package/expat/Makefile.in
===================================================================
--- branches/1.0/package/expat/Makefile.in	2016-06-22 20:51:38 UTC (rev 7733)
+++ branches/1.0/package/expat/Makefile.in	2016-06-24 12:33:20 UTC (rev 7734)
@@ -1,3 +0,0 @@
-ifeq ($(BR2_PACKAGE_EXPAT),y)
-TARGETS+=expat
-endif

Modified: branches/1.0/package/expat/expat.mk
===================================================================
--- branches/1.0/package/expat/expat.mk	2016-06-22 20:51:38 UTC (rev 7733)
+++ branches/1.0/package/expat/expat.mk	2016-06-24 12:33:20 UTC (rev 7734)
@@ -4,7 +4,7 @@
 #
 #############################################################
 
-EXPAT_VERSION = 2.1.1
+EXPAT_VERSION = 2.2.0
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.bz2
 EXPAT_INSTALL_STAGING = YES

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.