From 415856bdd4f48ab4f2732996f0bae58595092bbe Mon Sep 17 00:00:00 2001
From: Parabola <dev@list.parabolagnulinux.org>
Date: Tue, 5 Apr 2011 14:26:38 +0000
Subject: Tue Apr  5 14:26:38 UTC 2011

---
 multilib/lib32-expat/CVE-2009-3560.patch | 13 +++++++++++
 multilib/lib32-expat/CVE-2009-3720.patch | 12 ++++++++++
 multilib/lib32-expat/PKGBUILD            | 39 ++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 multilib/lib32-expat/CVE-2009-3560.patch
 create mode 100644 multilib/lib32-expat/CVE-2009-3720.patch
 create mode 100644 multilib/lib32-expat/PKGBUILD

(limited to 'multilib/lib32-expat')

diff --git a/multilib/lib32-expat/CVE-2009-3560.patch b/multilib/lib32-expat/CVE-2009-3560.patch
new file mode 100644
index 000000000..5fe9c36c8
--- /dev/null
+++ b/multilib/lib32-expat/CVE-2009-3560.patch
@@ -0,0 +1,13 @@
+diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c
+--- trunk~/lib/xmlparse.c	2007-05-08 04:25:35.000000000 +0200
++++ trunk/lib/xmlparse.c	2009-12-29 21:57:22.141732904 +0100
+@@ -3703,6 +3703,9 @@
+         return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+         return XML_ERROR_PARTIAL_CHAR;
++      case -XML_TOK_PROLOG_S:
++        tok = -tok;
++        break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+         /* for internal PE NOT referenced between declarations */
diff --git a/multilib/lib32-expat/CVE-2009-3720.patch b/multilib/lib32-expat/CVE-2009-3720.patch
new file mode 100644
index 000000000..65d16431f
--- /dev/null
+++ b/multilib/lib32-expat/CVE-2009-3720.patch
@@ -0,0 +1,12 @@
+diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
+--- trunk~/lib/xmltok_impl.c	2006-11-26 18:34:46.000000000 +0100
++++ trunk/lib/xmltok_impl.c	2009-10-22 21:42:41.000000000 +0200
+@@ -1744,7 +1744,7 @@
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \
diff --git a/multilib/lib32-expat/PKGBUILD b/multilib/lib32-expat/PKGBUILD
new file mode 100644
index 000000000..c50cb9c79
--- /dev/null
+++ b/multilib/lib32-expat/PKGBUILD
@@ -0,0 +1,39 @@
+# $Id: PKGBUILD 26535 2010-09-15 22:31:07Z bluewind $
+
+_pkgbasename=expat
+pkgname=lib32-${_pkgbasename}
+pkgver=2.0.1
+pkgrel=7
+pkgdesc="An XML Parser library written in C (32 bit)"
+arch=('x86_64')
+url="http://expat.sourceforge.net/"
+license=('custom')
+makedepends=('gcc-multilib')
+depends=('lib32-glibc' "${_pkgbasename}")
+options=('!libtool')
+source=(http://downloads.sourceforge.net/sourceforge/expat/${_pkgbasename}-${pkgver}.tar.gz
+        CVE-2009-3560.patch
+        CVE-2009-3720.patch)
+md5sums=('ee8b492592568805593f81f8cdf2a04c'
+         '50603cac0f03aabc7087415251f592be'
+         'f3eeb796f28945899216b815e5901996')
+
+build() {
+  cd "${srcdir}/${_pkgbasename}-${pkgver}"
+  patch -Np1 -i $srcdir/CVE-2009-3560.patch
+  patch -Np1 -i $srcdir/CVE-2009-3720.patch
+  export CC='gcc -m32'
+  export PKG_CONFIG_PATH=/usr/lib32/pkgconfig
+  ./configure --prefix=/usr --libdir=/usr/lib32 --mandir=/usr/share/man 
+  make
+}
+
+package() {
+  cd "${srcdir}/${_pkgbasename}-${pkgver}"
+  make DESTDIR="${pkgdir}" install
+  install -d -m755 "${pkgdir}/usr/share/licenses/"
+  ln -s ${_pkgbasename} "${pkgdir}/usr/share/licenses/${pkgname}"
+
+  # Clean up lib32 package
+  rm -rf "${pkgdir}"/usr/{bin,include,share/man}
+}
-- 
cgit v1.2.3-54-g00ecf