main/expat: security fix for CVE-2016-4472

author: Natanael Copa <ncopa@alpinelinux.org> 2016-09-26 19:38:39 +0200
committer: Natanael Copa <ncopa@alpinelinux.org> 2016-09-26 19:38:39 +0200
commit: 61684c5b8c0524c2a4a18513bf15e976df5d0e87 (patch)
tree: ce48f19db09dbdaa1e09f291cb92afba863eba6c
parent: 36f9862fb40e73f92dc937acfc1037494e7b585e (diff)
download: alpine_aports-61684c5b8c0524c2a4a18513bf15e976df5d0e87.tar.bz2
alpine_aports-61684c5b8c0524c2a4a18513bf15e976df5d0e87.tar.xz
alpine_aports-61684c5b8c0524c2a4a18513bf15e976df5d0e87.zip
2 files changed, 46 insertions, 3 deletions
diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
index 4df3dbf67a..6ace041e43 100644
--- a/main/expat/APKBUILD
+++ b/main/expat/APKBUILD
@@ -10,10 +10,13 @@ depends=
 makedepends=
 source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
        CVE-2016-0718.patch
+        CVE-2016-4472.patch
        "
 # secfixes:
 #   2.1.1-r1:
 #     - CVE-2016-0718
+#   2.1.1-r2:
+#     - CVE-2016-4472
 subpackages="$pkgname-dev $pkgname-doc"
@@ -35,8 +38,11 @@ package() {
        make DESTDIR="$pkgdir/" install || return 1
 }
 md5sums="7380a64a8e3a9d66a9887b01d0d7ea81  expat-2.1.1.tar.bz2
-1b44aacd01618cf14ceed11f77eccd69  CVE-2016-0718.patch"
+1b44aacd01618cf14ceed11f77eccd69  CVE-2016-0718.patch
+38dad12c39eb47603e880603208a71a5  CVE-2016-4472.patch"
 sha256sums="aff584e5a2f759dcfc6d48671e9529f6afe1e30b0cd6a4cec200cbe3f793de67  expat-2.1.1.tar.bz2
-665c3bbd46dc7e65696b3f6b7f3ba23d1427eb95686ceb4e305b19e534036403  CVE-2016-0718.patch"
+665c3bbd46dc7e65696b3f6b7f3ba23d1427eb95686ceb4e305b19e534036403  CVE-2016-0718.patch
+38bd0e061aba9cffae29d30640545c1e8dc96d6edec74abd7805b57b5d6d9908  CVE-2016-4472.patch"
 sha512sums="088e2ef3434f2affd4fc79fe46f0e9826b9b4c3931ddc780cd18892f1cd1e11365169c6807f45916a56bb6abcc627dcd17a23f970be0bf464f048f5be2713628  expat-2.1.1.tar.bz2
-6ab9227c70e210fd6970281103f433ca0d51c56f185a6c516cd239a1b69e20dbd523ef8d55260dac4a13503a44c3f5de050a04946a683da11ef18998a199fac0  CVE-2016-0718.patch"
+6ab9227c70e210fd6970281103f433ca0d51c56f185a6c516cd239a1b69e20dbd523ef8d55260dac4a13503a44c3f5de050a04946a683da11ef18998a199fac0  CVE-2016-0718.patch
+c72b78a6342abc3f1d774c4e640cbf5827bcf9d1f8949f4e1875722d9f15b579cf845373878abd46a3db305f95f0d156e82cd5a2b155aeaf8dac7f5ddf74fffd  CVE-2016-4472.patch"
diff --git a/main/expat/CVE-2016-4472.patch b/main/expat/CVE-2016-4472.patch
new file mode 100644
index 0000000000..ea6e7f5fe8
--- /dev/null
+++ b/main/expat/CVE-2016-4472.patch
@@ -0,0 +1,37 @@
+From 35197760a63ec5adc1049008354c2a627c097188 Mon Sep 17 00:00:00 2001
+From: Pascal Cuoq <cuoq@trust-in-soft.com>
+Date: Sun, 15 May 2016 09:05:46 +0200
+Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It
+ does not really work: https://godbolt.org/g/Zl8gdF
+---
+ expat/lib/xmlparse.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index e308c79..bd88c3a 100644
+--- a/expat/lib/xmlparse.c
+++ b/lib/xmlparse.c
+@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+   }
+ 
+   if (len > bufferLim - bufferEnd) {
+-    int neededSize = len + (int)(bufferEnd - bufferPtr);
+    /* Do not invoke signed arithmetic overflow: */
+    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
+     if (neededSize < 0) {
+       errorCode = XML_ERROR_NO_MEMORY;
+       return NULL;
+@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len)
+       if (bufferSize == 0)
+         bufferSize = INIT_BUFFER_SIZE;
+       do {
+-        bufferSize *= 2;
+        /* Do not invoke signed arithmetic overflow: */
+        bufferSize = (int) (2U * (unsigned) bufferSize);
+       } while (bufferSize < neededSize && bufferSize > 0);
+       if (bufferSize <= 0) {
+         errorCode = XML_ERROR_NO_MEMORY;
+-- 
+2.10.0
author	Natanael Copa <ncopa@alpinelinux.org>	2016-09-26 19:38:39 +0200
committer	Natanael Copa <ncopa@alpinelinux.org>	2016-09-26 19:38:39 +0200
commit	61684c5b8c0524c2a4a18513bf15e976df5d0e87 (patch)
tree	ce48f19db09dbdaa1e09f291cb92afba863eba6c
parent	36f9862fb40e73f92dc937acfc1037494e7b585e (diff)
download	alpine_aports-61684c5b8c0524c2a4a18513bf15e976df5d0e87.tar.bz2 alpine_aports-61684c5b8c0524c2a4a18513bf15e976df5d0e87.tar.xz alpine_aports-61684c5b8c0524c2a4a18513bf15e976df5d0e87.zip

diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD index 4df3dbf67a..6ace041e43 100644 --- a/main/expat/APKBUILD +++ b/main/expat/APKBUILD
@@ -10,10 +10,13 @@ depends=
10	makedepends=	10	makedepends=
11	source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2	11	source="http://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2
12	CVE-2016-0718.patch	12	CVE-2016-0718.patch
		13	CVE-2016-4472.patch
13	"	14	"
14	# secfixes:	15	# secfixes:
15	# 2.1.1-r1:	16	# 2.1.1-r1:
16	# - CVE-2016-0718	17	# - CVE-2016-0718
		18	# 2.1.1-r2:
		19	# - CVE-2016-4472
17		20
18	subpackages="$pkgname-dev $pkgname-doc"	21	subpackages="$pkgname-dev $pkgname-doc"
19		22
@@ -35,8 +38,11 @@ package() {
35	make DESTDIR="$pkgdir/" install \|\| return 1	38	make DESTDIR="$pkgdir/" install \|\| return 1
36	}	39	}
37	md5sums="7380a64a8e3a9d66a9887b01d0d7ea81 expat-2.1.1.tar.bz2	40	md5sums="7380a64a8e3a9d66a9887b01d0d7ea81 expat-2.1.1.tar.bz2
38	1b44aacd01618cf14ceed11f77eccd69 CVE-2016-0718.patch"	41	1b44aacd01618cf14ceed11f77eccd69 CVE-2016-0718.patch
		42	38dad12c39eb47603e880603208a71a5 CVE-2016-4472.patch"
39	sha256sums="aff584e5a2f759dcfc6d48671e9529f6afe1e30b0cd6a4cec200cbe3f793de67 expat-2.1.1.tar.bz2	43	sha256sums="aff584e5a2f759dcfc6d48671e9529f6afe1e30b0cd6a4cec200cbe3f793de67 expat-2.1.1.tar.bz2
40	665c3bbd46dc7e65696b3f6b7f3ba23d1427eb95686ceb4e305b19e534036403 CVE-2016-0718.patch"	44	665c3bbd46dc7e65696b3f6b7f3ba23d1427eb95686ceb4e305b19e534036403 CVE-2016-0718.patch
		45	38bd0e061aba9cffae29d30640545c1e8dc96d6edec74abd7805b57b5d6d9908 CVE-2016-4472.patch"
41	sha512sums="088e2ef3434f2affd4fc79fe46f0e9826b9b4c3931ddc780cd18892f1cd1e11365169c6807f45916a56bb6abcc627dcd17a23f970be0bf464f048f5be2713628 expat-2.1.1.tar.bz2	46	sha512sums="088e2ef3434f2affd4fc79fe46f0e9826b9b4c3931ddc780cd18892f1cd1e11365169c6807f45916a56bb6abcc627dcd17a23f970be0bf464f048f5be2713628 expat-2.1.1.tar.bz2
42	6ab9227c70e210fd6970281103f433ca0d51c56f185a6c516cd239a1b69e20dbd523ef8d55260dac4a13503a44c3f5de050a04946a683da11ef18998a199fac0 CVE-2016-0718.patch"	47	6ab9227c70e210fd6970281103f433ca0d51c56f185a6c516cd239a1b69e20dbd523ef8d55260dac4a13503a44c3f5de050a04946a683da11ef18998a199fac0 CVE-2016-0718.patch
		48	c72b78a6342abc3f1d774c4e640cbf5827bcf9d1f8949f4e1875722d9f15b579cf845373878abd46a3db305f95f0d156e82cd5a2b155aeaf8dac7f5ddf74fffd CVE-2016-4472.patch"


diff --git a/main/expat/CVE-2016-4472.patch b/main/expat/CVE-2016-4472.patch new file mode 100644 index 0000000000..ea6e7f5fe8 --- /dev/null +++ b/main/expat/CVE-2016-4472.patch
@@ -0,0 +1,37 @@
		1	From 35197760a63ec5adc1049008354c2a627c097188 Mon Sep 17 00:00:00 2001
		2	From: Pascal Cuoq <cuoq@trust-in-soft.com>
		3	Date: Sun, 15 May 2016 09:05:46 +0200
		4	Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It
		5	does not really work: https://godbolt.org/g/Zl8gdF
		6
		7	---
		8	expat/lib/xmlparse.c \| 6 ++++--
		9	1 file changed, 4 insertions(+), 2 deletions(-)
		10
		11	diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
		12	index e308c79..bd88c3a 100644
		13	--- a/expat/lib/xmlparse.c
		14	+++ b/lib/xmlparse.c
		15	@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len)
		16	}
		17
		18	if (len > bufferLim - bufferEnd) {
		19	- int neededSize = len + (int)(bufferEnd - bufferPtr);
		20	+ /* Do not invoke signed arithmetic overflow: */
		21	+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
		22	if (neededSize < 0) {
		23	errorCode = XML_ERROR_NO_MEMORY;
		24	return NULL;
		25	@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len)
		26	if (bufferSize == 0)
		27	bufferSize = INIT_BUFFER_SIZE;
		28	do {
		29	- bufferSize *= 2;
		30	+ /* Do not invoke signed arithmetic overflow: */
		31	+ bufferSize = (int) (2U * (unsigned) bufferSize);
		32	} while (bufferSize < neededSize && bufferSize > 0);
		33	if (bufferSize <= 0) {
		34	errorCode = XML_ERROR_NO_MEMORY;
		35	--
		36	2.10.0
		37