* Expat: apply a fix for CVE-2009-3560.

svn path=/nixpkgs/branches/x-updates/; revision=25902

pkgs/development/libraries/expat/cve-2009-3560.patch

@@ -0,0 +1,18 @@
+From: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/expat/files/expat-2.0.1-CVE-2009-3560-revised.patch?revision=1.1
+
+http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560
+http://bugs.gentoo.org/show_bug.cgi?id=303727
+http://cvs.fedoraproject.org/viewvc/rpms/expat/devel/
+
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
+         return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+         return XML_ERROR_PARTIAL_CHAR;
++      case -XML_TOK_PROLOG_S:
++        tok = -tok;
++        break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+         /* for internal PE NOT referenced between declarations */

pkgs/development/libraries/expat/default.nix

@@ -1,7 +1,17 @@
-{stdenv, fetchurl}: stdenv.mkDerivation {
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation {
   name = "expat-2.0.1";
+  
   src = fetchurl {
     url = mirror://sourceforge/expat/expat-2.0.1.tar.gz;
     sha256 = "14sy5qx9hgjyfs743iq8ywldhp5w4n6cscqf2p4hgrw6vys60xl4";
   };
+
+  patches = [ ./cve-2009-3560.patch ];
+
+  meta = {
+    homepage = http://expat.sourceforge.net/;
+    description = "A stream-oriented XML parser library written in C";
+  };
 }