* Expat: apply a fix for CVE-2009-3560.

svn path=/nixpkgs/branches/x-updates/; revision=25902

2 files changed, 29 insertions, 1 deletions

diff --git a/pkgs/development/libraries/expat/cve-2009-3560.patch b/pkgs/development/libraries/expat/cve-2009-3560.patch
new file mode 100644
index 00000000000..71da9e39351
--- /dev/null
+++ b/pkgs/development/libraries/expat/cve-2009-3560.patch
@@ -0,0 +1,18 @@
+From: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/expat/files/expat-2.0.1-CVE-2009-3560-revised.patch?revision=1.1
+
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560
+http://bugs.gentoo.org/show_bug.cgi?id=303727
+http://cvs.fedoraproject.org/viewvc/rpms/expat/devel/
+
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
+         return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+         return XML_ERROR_PARTIAL_CHAR;
++      case -XML_TOK_PROLOG_S:
++        tok = -tok;
++        break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+         /* for internal PE NOT referenced between declarations */
diff --git a/pkgs/development/libraries/expat/default.nix b/pkgs/development/libraries/expat/default.nix
index cd546a58169..35a2945207b 100644
--- a/pkgs/development/libraries/expat/default.nix
+++ b/pkgs/development/libraries/expat/default.nix
@@ -1,7 +1,17 @@
-{stdenv, fetchurl}: stdenv.mkDerivation {
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation {
   name = "expat-2.0.1";
+  
   src = fetchurl {
     url = mirror://sourceforge/expat/expat-2.0.1.tar.gz;
     sha256 = "14sy5qx9hgjyfs743iq8ywldhp5w4n6cscqf2p4hgrw6vys60xl4";
   };
+
+  patches = [ ./cve-2009-3560.patch ];
+
+  meta = {
+    homepage = http://expat.sourceforge.net/;
+    description = "A stream-oriented XML parser library written in C";
+  };
 }