← Back to branch summary

~ubuntu-branches/ubuntu/trusty/expat/trusty-proposed

~ubuntu-branches/ubuntu/trusty/expat/trusty-proposed

« back to all changes in this revision

Viewing changes to debian/patches/551936_CVE_2009_2625.dpatch

Committer: Package Import Robot
Author(s): Matthias Klose
Date: 2012-03-20 22:37:22 UTC
mfrom: (1.1.4) (5.1.7 precise)
Revision ID: package-import@ubuntu.com-20120320223722-wq8sq4gykhlvc8j9

Tags: 2.1.0~beta3-1

http://bugs.debian.org/663579

http://bugs.debian.org/653526

* QA upload.
* Beta release 2.1.0 beta3. Closes: #663579.
  - CVE-2012-1147 - Resource leak in readfilemap.c.
  - CVE-2012-1148 - Memory leak in poolGrow.
  - CVE-2012-0876 - Hash DOS attack.
  - Remove patches applied upstream.
* Remove Daniel from uploaders (orphaned package).
* Update package format to 3.0.
* Enable hardened build. Closes: #653526.
* Add a symbols file.
* Install expat pkgconfig file.

files added:
.pc

.pc/.version

.pc/302191_install_expat_config_h.diff

.pc/302191_install_expat_config_h.diff/Makefile.in

.pc/412786_xmlwf_man_standard_fix.diff

.pc/412786_xmlwf_man_standard_fix.diff/doc

.pc/412786_xmlwf_man_standard_fix.diff/doc/xmlwf.sgml

.pc/applied-patches

CMake.README

CMakeLists.txt

ConfigureChecks.cmake

aclocal.m4

amiga/expat_68k.c

amiga/expat_68k.h

amiga/expat_68k_handler_stubs.c

amiga/expat_base.h

debian/libexpat1.symbols

debian/patched

debian/patches/302191_install_expat_config_h.diff

debian/patches/412786_xmlwf_man_standard_fix.diff

debian/patches/series

debian/source

debian/source/format

expat.pc.in

expat_config.h.cmake

m4

m4/libtool.m4

m4/ltoptions.m4

m4/ltsugar.m4

m4/ltversion.m4

m4/lt~obsolete.m4

files removed:
amiga/stdlib.c

conftools/libtool.m4

debian/patches/00list

debian/patches/302191_install_expat_config_h.dpatch

debian/patches/342684_libtoolize.dpatch

debian/patches/412786_xmlwf_man_standard_fix.dpatch

debian/patches/485129_fix_underquotation_in_m4.dpatch

debian/patches/551936_CVE_2009_2625.dpatch

debian/patches/560901_CVE_2009_3560.dpatch

debian/patches/82763_xmlwf_error_out_2.dpatch

files modified:
COPYING *

Changes *

MANIFEST *

Makefile.in *

README *

amiga/Makefile *

amiga/README.txt *

amiga/expat.xml *

amiga/expat_lib.c

amiga/expat_vectors.c *

amiga/include/inline4/expat.h *

amiga/include/interfaces/expat.h *

amiga/include/libraries/expat.h *

amiga/include/proto/expat.h *

amiga/launch.c

bcb5/README.txt *

bcb5/all_projects.bpg *

bcb5/elements.bpf *

bcb5/elements.bpr *

bcb5/elements.mak *

bcb5/expat.bpf *

bcb5/expat.bpr *

bcb5/expat.mak *

bcb5/expat_static.bpf *

bcb5/expat_static.bpr *

bcb5/expat_static.mak *

bcb5/expatw.bpf *

bcb5/expatw.bpr *

bcb5/expatw.mak *

bcb5/expatw_static.bpf *

bcb5/expatw_static.bpr *

bcb5/expatw_static.mak *

bcb5/libexpat_mtd.def *

bcb5/libexpatw_mtd.def *

bcb5/makefile.mak *

bcb5/outline.bpf *

bcb5/outline.bpr *

bcb5/outline.mak *

bcb5/setup.bat *

bcb5/xmlwf.bpf *

bcb5/xmlwf.bpr *

bcb5/xmlwf.mak *

configure

configure.in *

conftools/ac_c_bigendian_cross.m4 *

conftools/config.guess

conftools/config.sub

conftools/expat.m4 *

conftools/install-sh

conftools/ltmain.sh

debian/changelog

debian/control

debian/lib64expat1-dev.install

debian/libexpat1-dev.install

debian/rules

doc/expat.png *

doc/reference.html *

doc/style.css *

doc/valid-xhtml10.png *

doc/xmlwf.1 *

doc/xmlwf.sgml *

examples/elements.c *

examples/elements.dsp *

examples/outline.c *

examples/outline.dsp *

expat_config.h.in *

lib/Makefile.MPW *

lib/amigaconfig.h *

lib/ascii.h *

lib/asciitab.h *

lib/expat.dsp *

lib/expat.h *

lib/expat_external.h *

lib/expat_static.dsp *

lib/expatw.dsp *

lib/expatw_static.dsp *

lib/iasciitab.h *

lib/internal.h *

lib/latin1tab.h *

lib/libexpat.def *

lib/libexpatw.def *

lib/macconfig.h *

lib/nametab.h *

lib/utf8tab.h *

lib/winconfig.h *

lib/xmlparse.c *

lib/xmlrole.c *

lib/xmlrole.h *

lib/xmltok.c *

lib/xmltok.h *

lib/xmltok_impl.c *

lib/xmltok_impl.h *

lib/xmltok_ns.c *

tests/README.txt *

tests/benchmark/README.txt *

tests/benchmark/benchmark.c *

tests/benchmark/benchmark.dsp *

tests/benchmark/benchmark.dsw *

tests/chardata.c *

tests/chardata.h *

tests/minicheck.c *

tests/minicheck.h *

tests/runtests.c *

tests/runtestspp.cpp *

tests/xmltest.sh

vms/README.vms *

vms/descrip.mms *

vms/expat_config.h *

win32/MANIFEST.txt *

win32/README.txt *

win32/expat.iss *

xmlwf/readfilemap.c

xmlwf/xmlwf.c

xmlwf/xmlwf.dsp

Show diffs side-by-side

added added

removed removed

debian/patches/551936_CVE_2009_2625.dpatch

1

#! /bin/sh /usr/share/dpatch/dpatch-run

2

## 551936_CVE_2009_2625.dpatch by Daniel Leidert (dale) <daniel.leidert@wgdd.de>

3

##

4

## All lines beginning with `## DP:' are a description of the patch.

5

## DP: A vulnarability allows remote attackers to cause a denial of service

6

## DP: infinite loop and application hang) via malformed XML input.

7

## DP:

8

## DP: <URL:http://bugs.debian.org/551936>

9

## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625>

10

## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13>

11

12

@DPATCH@

13

diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c

14

--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100

15

+++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200

16

@@ -1744,7 +1744,7 @@

17

const char *end,

18

POSITION *pos)

19

{

20

- while (ptr != end) {

21

+ while (ptr < end) {

22

switch (BYTE_TYPE(enc, ptr)) {

23

#define LEAD_CASE(n) \

24

case BT_LEAD ## n: \

Older »