rpms/expat/F-12 expat-2.0.1-CVE-2009-3560-revised.patch, NONE, 1.1 expat.spec, 1.35, 1.36 expat-1.95.8-CVE-2009-3560.patch, 1.1, NONE expat-2.0.1-fix3560.patch, 1.1, NONE

jorton jorton at fedoraproject.org
Mon Feb 8 21:00:23 UTC 2010 

Author: jorton

Update of /cvs/extras/rpms/expat/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25682

Modified Files:
	expat.spec 
Added Files:
	expat-2.0.1-CVE-2009-3560-revised.patch 
Removed Files:
	expat-1.95.8-CVE-2009-3560.patch expat-2.0.1-fix3560.patch 
Log Message:
* Mon Feb  8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-8.2
- revised fix for CVE-2009-3560 (#544996)


expat-2.0.1-CVE-2009-3560-revised.patch:
 xmlparse.c |    3 +++
 1 file changed, 3 insertions(+)

--- NEW FILE expat-2.0.1-CVE-2009-3560-revised.patch ---
--- expat-2.0.1/lib/xmlparse.c.newcve3560
+++ expat-2.0.1/lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */


Index: expat.spec
===================================================================
RCS file: /cvs/extras/rpms/expat/F-12/expat.spec,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -p -r1.35 -r1.36
--- expat.spec	31 Jan 2010 17:10:30 -0000	1.35
+++ expat.spec	8 Feb 2010 21:00:22 -0000	1.36
@@ -1,13 +1,12 @@
 Summary: An XML parser library
 Name: expat
 Version: 2.0.1
-Release: 8.1%{?dist}
+Release: 8.2%{?dist}
 Group: System Environment/Libraries
-Source: http://download.sourceforge.net/expat/expat-%{version}.tar.gz
+Source: http://downloads.sourceforge.net/expat/expat-%{version}.tar.gz
 Patch1: expat-2.0.1-confcxx.patch
-Patch2: expat-1.95.8-CVE-2009-3560.patch
+Patch2: expat-2.0.1-CVE-2009-3560-revised.patch
 Patch3: expat-1.95.8-CVE-2009-3720.patch
-Patch4: expat-2.0.1-fix3560.patch
 URL: http://www.libexpat.org/
 License: MIT
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -33,9 +32,8 @@ to develop XML applications with expat.
 %prep
 %setup -q
 %patch1 -p1 -b .confcxx
-%patch2 -p1 -b .cve3560
+%patch2 -p1 -b .newcve3560
 %patch3 -p1 -b .cve3720
-%patch4 -p1 -b .fix3560
 
 %build
 rm -rf autom4te*.cache
@@ -85,6 +83,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_includedir}/*.h
 
 %changelog
+* Mon Feb  8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-8.2
+- revised fix for CVE-2009-3560 (#544996)
+
 * Sun Jan 31 2010 Joe Orton <jorton at redhat.com> - 2.0.1-8.1
 - fix regression in patch for CVE-2009-3560 (#544996)
 


--- expat-1.95.8-CVE-2009-3560.patch DELETED ---


--- expat-2.0.1-fix3560.patch DELETED ---

More information about the scm-commits mailing list