diff options
| author | Leo Famulari <leo@famulari.name> | 2016-09-12 13:26:51 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2016-09-13 20:37:33 -0400 |
| commit | b1a782b11aae2fa2bf8450c228638a0fd5cc9c83 (patch) | |
| tree | f0cd5620ccb7a07eddb6a4d607b988869a6f1cf5 /gnu/packages/patches/expat-CVE-2015-1283-refix.patch | |
| parent | 883d0a7d25b59f375b979b67f2a390c220ca53c8 (diff) | |
| download | guix-b1a782b11aae2fa2bf8450c228638a0fd5cc9c83.tar.gz | |
gnu: expat: Update to 2.2.0.
* gnu/packages/xml.scm (expat): Update to 2.2.0. [source]: Use 'expat-CVE-2016-0718-fix-regression.patch'. Remove obsolete patches. * gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch: New file. * gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch, gnu/packages/patches/expat-CVE-2015-1283-refix.patch, gnu/packages/patches/expat-CVE-2016-0718.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Add and remove patches.
Diffstat (limited to 'gnu/packages/patches/expat-CVE-2015-1283-refix.patch')
| -rw-r--r-- | gnu/packages/patches/expat-CVE-2015-1283-refix.patch | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch deleted file mode 100644 index fc8d6291f5..0000000000 --- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch +++ /dev/null @@ -1,39 +0,0 @@ -Follow-up upstream fix for CVE-2015-1283 to not rely on undefined -behavior. - -Adapted from a patch from Debian (found in Debian package version -2.1.0-6+deb8u2) to apply to upstream code: - -https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/ - ---- - lib/xmlparse.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 0f6f4cd..5c70c17 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len) - } - - if (len > bufferLim - bufferEnd) { -- int neededSize = len + (int)(bufferEnd - bufferPtr); -+ /* Do not invoke signed arithmetic overflow: */ -+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); - if (neededSize < 0) { - errorCode = XML_ERROR_NO_MEMORY; - return NULL; -@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len) - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { -- bufferSize *= 2; -+ /* Do not invoke signed arithmetic overflow: */ -+ bufferSize = (int) (2U * (unsigned) bufferSize); - } while (bufferSize < neededSize && bufferSize > 0); - if (bufferSize <= 0) { - errorCode = XML_ERROR_NO_MEMORY; --- -2.8.3 - |