Created
January 19, 2018 21:49
-
-
Save archey/1aa098fca3b4717be2b58e75ef8e404a to your computer and use it in GitHub Desktop.
CVE-2017-14731 libofx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Fixed pkgbuild | |
| # $Id$ | |
| # Maintainer: Jaroslav Lichtblau <[email protected]> | |
| # Contributor: Aaron Griffin <[email protected]> | |
| pkgbase=libofx | |
| pkgname=('libofx' 'libofx-doc') | |
| pkgver=0.9.12 | |
| pkgrel=2 | |
| pkgdesc="API for the OFX banking standard" | |
| arch=('x86_64') | |
| url="https://github.com/libofx" | |
| license=('GPL') | |
| depends=('opensp' 'curl' 'libxml++2.6') | |
| checkdepends=('gnupg') | |
| source=(http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz | |
| CVE-2017-14731.patch::https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd.patch) | |
| sha256sums=('c15fa062fa11e759eb6d8c7842191db2185ee1b221a3f75e9650e2849d7b7373' | |
| '841ef73e2aa7bc975857385c8a2eb2a0b03a13254a362a2744b22bfab657d639') | |
| prepare() { | |
| cd $pkgbase-$pkgver | |
| patch -Np1 -i ${srcdir}/CVE-2017-14731.patch | |
| } | |
| build() { | |
| cd $pkgbase-$pkgver | |
| ./configure --prefix=/usr | |
| sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool | |
| make CXXFLAGS+=-std=c++11 | |
| } | |
| check() { | |
| cd $pkgbase-$pkgver | |
| make check | |
| } | |
| package_libofx() { | |
| options=('!docs') | |
| cd $pkgbase-$pkgver | |
| make DESTDIR="$pkgdir" install | |
| } | |
| package_libofx-doc() { | |
| pkgdesc="Documention of the OFX banking standard API" | |
| depends=() | |
| cd $pkgbase-$pkgver | |
| make DESTDIR="$pkgdir" install-docDATA | |
| make -C doc DESTDIR="$pkgdir" install | |
| } | |
| Test after patch per: https://github.com/libofx/libofx/issues/10 | |
| /usr/bin/ofxdump char_traits-heap-buffer-overflow.ofx | |
| LibOFX INFO: libofx_proc_file(): File format not specified, autodetecting... | |
| (Above message occurred on Line 18446744073709551615, Column 18446744073709551615) | |
| LibOFX INFO: libofx_proc_file(): Detected file format: OFX (Open Financial eXchange (OFX or QFX)) | |
| (Above message occurred on Line 18446744073709551615, Column 18446744073709551615) | |
| LibOFX STATUS: find_dtd():DTD found: /usr/share/libofx/dtd/opensp.dcl | |
| (Above message occurred on Line 18446744073709551615, Column 18446744073709551615) | |
| LibOFX STATUS: find_dtd():DTD found: /usr/share/libofx/dtd/ofx160.dtd | |
| (Above message occurred on Line 18446744073709551615, Column 18446744073709551615) | |
| LibOFX ERROR: OpenSP parser: otherError (misc parse error): | |
| /tmp/libofxtmpqQbGhQ:1:6:E: "OFX" not finished but document ended | |
| (Above message occurred on Line 1, Column 7) | |
| LibOFX ERROR: OpenSP parser: otherError (misc parse error): | |
| /tmp/libofxtmpqQbGhQ:1:6:E: end tag for "OFX" omitted, but its declaration does not permit this | |
| /tmp/libofxtmpqQbGhQ:1:0: start tag was here | |
| (Above message occurred on Line 1, Column 7) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment