* Expat: apply a fix for CVE-2009-3560.

svn path=/nixpkgs/branches/x-updates/; revision=25902
13 years ago · 5dcde6d437
parent fc933aaa50
commit 5dcde6d437
2 changed files with 29 additions and 1 deletions
--- a/pkgs/development/libraries/expat/cve-2009-3560.patch
+++ b/pkgs/development/libraries/expat/cve-2009-3560.patch
@ -0,0 +1,18 @@
+From: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/expat/files/expat-2.0.1-CVE-2009-3560-revised.patch?revision=1.1
+
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560
+http://bugs.gentoo.org/show_bug.cgi?id=303727
+http://cvs.fedoraproject.org/viewvc/rpms/expat/devel/
+
+--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
+@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
+         return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+         /* for internal PE NOT referenced between declarations */
--- a/pkgs/development/libraries/expat/default.nix
+++ b/pkgs/development/libraries/expat/default.nix
@ -1,7 +1,17 @@
-{stdenv, fetchurl}: stdenv.mkDerivation {
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation {
  name = "expat-2.0.1";
+  
  src = fetchurl {
    url = mirror://sourceforge/expat/expat-2.0.1.tar.gz;
    sha256 = "14sy5qx9hgjyfs743iq8ywldhp5w4n6cscqf2p4hgrw6vys60xl4";
  };
+
+  patches = [ ./cve-2009-3560.patch ];
+
+  meta = {
+    homepage = http://expat.sourceforge.net/;
+    description = "A stream-oriented XML parser library written in C";
+  };
 }