<pre style='margin:0'>
Ryan Schmidt (ryandesign) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/d40c2ba48e522294569acfcb026c6b7c6fae7f55">https://github.com/macports/macports-ports/commit/d40c2ba48e522294569acfcb026c6b7c6fae7f55</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new d40c2ba48e5 expat: Fix CVE-2022-23852, CVE-2022-23990
</span>d40c2ba48e5 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit d40c2ba48e522294569acfcb026c6b7c6fae7f55
</span>Author: Clemens Lang <cal@macports.org>
AuthorDate: Fri Jan 28 14:22:16 2022 +0100
<span style='display:block; white-space:pre;color:#404040;'> expat: Fix CVE-2022-23852, CVE-2022-23990
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> CVE: CVE-2022-23852, CVE-2022-23990
</span>---
textproc/expat/Portfile | 6 ++-
.../847a645152f5ebc10ac63b74b604d0c1a79fae40.patch | 27 ++++++++++++++
.../ede41d1e186ed2aba88a06e84cac839b770af3a1.patch | 43 ++++++++++++++++++++++
3 files changed, 75 insertions(+), 1 deletion(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/textproc/expat/Portfile b/textproc/expat/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index e2260639b17..86210814175 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/textproc/expat/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/textproc/expat/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -7,7 +7,7 @@ PortGroup muniversal 1.0
</span>
name expat
version 2.4.3
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 1
</span> checksums rmd160 c313bd1e965fdf6325e395412cfecd7b7a5051f0 \
sha256 6f262e216a494fbf42d8c22bc841b3e117c21f2467a19dc4c27c991b5622f986 \
size 559674
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -31,6 +31,10 @@ master_sites sourceforge:project/${name}/${name}/${version}
</span> # e.g. clang-3.4 depends on python27-bootstrap which depends on expat.
use_bzip2 yes
<span style='display:block; white-space:pre;background:#e0ffe0;'>+patch.pre_args -p2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+patchfiles 847a645152f5ebc10ac63b74b604d0c1a79fae40.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ede41d1e186ed2aba88a06e84cac839b770af3a1.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> if {${os.platform} eq "darwin" && ${os.major} < 11} {
# Having the stdlib set to libc++ on 10.6 causes a dependency on a
# macports-clang compiler to be added, which would be a dep cycle.
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/textproc/expat/files/847a645152f5ebc10ac63b74b604d0c1a79fae40.patch b/textproc/expat/files/847a645152f5ebc10ac63b74b604d0c1a79fae40.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..aab1e763fbf
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/textproc/expat/files/847a645152f5ebc10ac63b74b604d0c1a79fae40.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,27 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From: Samanta Navarro <ferivoz@riseup.net>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Date: Sat, 22 Jan 2022 17:48:00 +0100
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ (CVE-2022-23852)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+---
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ expat/lib/xmlparse.c | 5 +++++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1 file changed, 5 insertions(+)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index d54af683..5ce31402 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (keep > XML_CONTEXT_BYTES)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ keep = XML_CONTEXT_BYTES;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /* Detect and prevent integer overflow */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (keep > INT_MAX - neededSize) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ parser->m_errorCode = XML_ERROR_NO_MEMORY;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return NULL;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ neededSize += keep;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #endif /* defined XML_CONTEXT_BYTES */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (neededSize
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/textproc/expat/files/ede41d1e186ed2aba88a06e84cac839b770af3a1.patch b/textproc/expat/files/ede41d1e186ed2aba88a06e84cac839b770af3a1.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..3806a1ce22a
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/textproc/expat/files/ede41d1e186ed2aba88a06e84cac839b770af3a1.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,43 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From ede41d1e186ed2aba88a06e84cac839b770af3a1 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From: Sebastian Pipping <sebastian@pipping.org>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Date: Wed, 26 Jan 2022 02:36:43 +0100
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Subject: [PATCH] lib: Prevent integer overflow in doProlog (CVE-2022-23990)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+The change from "int nameLen" to "size_t nameLen"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+addresses the overflow on "nameLen++" in code
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"for (; name[nameLen++];)" right above the second
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+change in the patch.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Upstream-Status: Backport [https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+---
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ expat/lib/xmlparse.c | 10 ++++++++--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1 file changed, 8 insertions(+), 2 deletions(-)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 5ce31402..d1d17005 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./expat/lib/xmlparse.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5372,7 +5372,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (dtd->in_eldecl) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ELEMENT_TYPE *el;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const XML_Char *name;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- int nameLen;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ size_t nameLen;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ const char *nxt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ = (quant == XML_CQUANT_NONE ? next : next - enc->minBytesPerChar);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int myindex = nextScaffoldPart(parser);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -5388,7 +5388,13 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ nameLen = 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ for (; name[nameLen++];)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- dtd->contentStringLen += nameLen;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /* Detect and prevent integer overflow */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (nameLen > UINT_MAX - dtd->contentStringLen) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return XML_ERROR_NO_MEMORY;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ dtd->contentStringLen += (unsigned)nameLen;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (parser->m_elementDeclHandler)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ handleDefault = XML_FALSE;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span></pre><pre style='margin:0'>
</pre>