rpms/expat/F-12 expat-2.0.1-CVE-2009-3560-revised.patch, NONE, 1.1 expat.spec, 1.35, 1.36 expat-1.95.8-CVE-2009-3560.patch, 1.1, NONE expat-2.0.1-fix3560.patch, 1.1, NONE
jorton
jorton at fedoraproject.org
Mon Feb 8 21:00:23 UTC 2010
Author: jorton
Update of /cvs/extras/rpms/expat/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25682
Modified Files:
expat.spec
Added Files:
expat-2.0.1-CVE-2009-3560-revised.patch
Removed Files:
expat-1.95.8-CVE-2009-3560.patch expat-2.0.1-fix3560.patch
Log Message:
* Mon Feb 8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-8.2
- revised fix for CVE-2009-3560 (#544996)
expat-2.0.1-CVE-2009-3560-revised.patch:
xmlparse.c | 3 +++
1 file changed, 3 insertions(+)
--- NEW FILE expat-2.0.1-CVE-2009-3560-revised.patch ---
--- expat-2.0.1/lib/xmlparse.c.newcve3560
+++ expat-2.0.1/lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
return XML_ERROR_UNCLOSED_TOKEN;
case XML_TOK_PARTIAL_CHAR:
return XML_ERROR_PARTIAL_CHAR;
+ case -XML_TOK_PROLOG_S:
+ tok = -tok;
+ break;
case XML_TOK_NONE:
#ifdef XML_DTD
/* for internal PE NOT referenced between declarations */
Index: expat.spec
===================================================================
RCS file: /cvs/extras/rpms/expat/F-12/expat.spec,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -p -r1.35 -r1.36
--- expat.spec 31 Jan 2010 17:10:30 -0000 1.35
+++ expat.spec 8 Feb 2010 21:00:22 -0000 1.36
@@ -1,13 +1,12 @@
Summary: An XML parser library
Name: expat
Version: 2.0.1
-Release: 8.1%{?dist}
+Release: 8.2%{?dist}
Group: System Environment/Libraries
-Source: http://download.sourceforge.net/expat/expat-%{version}.tar.gz
+Source: http://downloads.sourceforge.net/expat/expat-%{version}.tar.gz
Patch1: expat-2.0.1-confcxx.patch
-Patch2: expat-1.95.8-CVE-2009-3560.patch
+Patch2: expat-2.0.1-CVE-2009-3560-revised.patch
Patch3: expat-1.95.8-CVE-2009-3720.patch
-Patch4: expat-2.0.1-fix3560.patch
URL: http://www.libexpat.org/
License: MIT
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -33,9 +32,8 @@ to develop XML applications with expat.
%prep
%setup -q
%patch1 -p1 -b .confcxx
-%patch2 -p1 -b .cve3560
+%patch2 -p1 -b .newcve3560
%patch3 -p1 -b .cve3720
-%patch4 -p1 -b .fix3560
%build
rm -rf autom4te*.cache
@@ -85,6 +83,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_includedir}/*.h
%changelog
+* Mon Feb 8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-8.2
+- revised fix for CVE-2009-3560 (#544996)
+
* Sun Jan 31 2010 Joe Orton <jorton at redhat.com> - 2.0.1-8.1
- fix regression in patch for CVE-2009-3560 (#544996)
--- expat-1.95.8-CVE-2009-3560.patch DELETED ---
--- expat-2.0.1-fix3560.patch DELETED ---
More information about the scm-commits
mailing list