rpms/expat/devel expat-2.0.1-CVE-2009-3560-revised.patch, NONE, 1.1 expat.spec, 1.36, 1.37 expat-1.95.8-CVE-2009-3560.patch, 1.1, NONE expat-2.0.1-fix3560.patch, 1.1, NONE

Mon Feb 8 21:10:29 UTC 2010

Author: jorton

Update of /cvs/extras/rpms/expat/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27690

Modified Files:
	expat.spec 
Added Files:
	expat-2.0.1-CVE-2009-3560-revised.patch 
Removed Files:
	expat-1.95.8-CVE-2009-3560.patch expat-2.0.1-fix3560.patch 
Log Message:
* Mon Feb  8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-10
- revised fix for CVE-2009-3560 regression (#544996)


expat-2.0.1-CVE-2009-3560-revised.patch:
 xmlparse.c |    3 +++
 1 file changed, 3 insertions(+)

--- NEW FILE expat-2.0.1-CVE-2009-3560-revised.patch ---
--- expat-2.0.1/lib/xmlparse.c.newcve3560
+++ expat-2.0.1/lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */


Index: expat.spec
===================================================================
RCS file: /cvs/extras/rpms/expat/devel/expat.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -p -r1.36 -r1.37
--- expat.spec	31 Jan 2010 17:06:05 -0000	1.36
+++ expat.spec	8 Feb 2010 21:10:29 -0000	1.37
@@ -5,9 +5,8 @@ Release: 9%{?dist}
 Group: System Environment/Libraries
 Source: http://downloads.sourceforge.net/expat/expat-%{version}.tar.gz
 Patch1: expat-2.0.1-confcxx.patch
-Patch2: expat-1.95.8-CVE-2009-3560.patch
+Patch2: expat-2.0.1-CVE-2009-3560-revised.patch
 Patch3: expat-1.95.8-CVE-2009-3720.patch
-Patch4: expat-2.0.1-fix3560.patch
 URL: http://www.libexpat.org/
 License: MIT
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -33,9 +32,8 @@ to develop XML applications with expat.
 %prep
 %setup -q
 %patch1 -p1 -b .confcxx
-%patch2 -p1 -b .cve3560
+%patch2 -p1 -b .newcve3560
 %patch3 -p1 -b .cve3720
-%patch4 -p1 -b .fix3560
 
 %build
 rm -rf autom4te*.cache
@@ -84,6 +82,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_includedir}/*.h
 
 %changelog
+* Mon Feb  8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-10
+- revised fix for CVE-2009-3560 regression (#544996)
+
 * Sun Jan 31 2010 Joe Orton <jorton at redhat.com> - 2.0.1-9
 - drop static libraries (#556046)
 - add fix for regression in CVE-2009-3560 patch (#544996)


--- expat-1.95.8-CVE-2009-3560.patch DELETED ---


--- expat-2.0.1-fix3560.patch DELETED ---

