rpms/expat/devel expat-2.0.1-CVE-2009-3560-revised.patch, NONE, 1.1 expat.spec, 1.36, 1.37 expat-1.95.8-CVE-2009-3560.patch, 1.1, NONE expat-2.0.1-fix3560.patch, 1.1, NONE
jorton
jorton at fedoraproject.org
Mon Feb 8 21:10:29 UTC 2010
Author: jorton
Update of /cvs/extras/rpms/expat/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27690
Modified Files:
expat.spec
Added Files:
expat-2.0.1-CVE-2009-3560-revised.patch
Removed Files:
expat-1.95.8-CVE-2009-3560.patch expat-2.0.1-fix3560.patch
Log Message:
* Mon Feb 8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-10
- revised fix for CVE-2009-3560 regression (#544996)
expat-2.0.1-CVE-2009-3560-revised.patch:
xmlparse.c | 3 +++
1 file changed, 3 insertions(+)
--- NEW FILE expat-2.0.1-CVE-2009-3560-revised.patch ---
--- expat-2.0.1/lib/xmlparse.c.newcve3560
+++ expat-2.0.1/lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
return XML_ERROR_UNCLOSED_TOKEN;
case XML_TOK_PARTIAL_CHAR:
return XML_ERROR_PARTIAL_CHAR;
+ case -XML_TOK_PROLOG_S:
+ tok = -tok;
+ break;
case XML_TOK_NONE:
#ifdef XML_DTD
/* for internal PE NOT referenced between declarations */
Index: expat.spec
===================================================================
RCS file: /cvs/extras/rpms/expat/devel/expat.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -p -r1.36 -r1.37
--- expat.spec 31 Jan 2010 17:06:05 -0000 1.36
+++ expat.spec 8 Feb 2010 21:10:29 -0000 1.37
@@ -5,9 +5,8 @@ Release: 9%{?dist}
Group: System Environment/Libraries
Source: http://downloads.sourceforge.net/expat/expat-%{version}.tar.gz
Patch1: expat-2.0.1-confcxx.patch
-Patch2: expat-1.95.8-CVE-2009-3560.patch
+Patch2: expat-2.0.1-CVE-2009-3560-revised.patch
Patch3: expat-1.95.8-CVE-2009-3720.patch
-Patch4: expat-2.0.1-fix3560.patch
URL: http://www.libexpat.org/
License: MIT
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -33,9 +32,8 @@ to develop XML applications with expat.
%prep
%setup -q
%patch1 -p1 -b .confcxx
-%patch2 -p1 -b .cve3560
+%patch2 -p1 -b .newcve3560
%patch3 -p1 -b .cve3720
-%patch4 -p1 -b .fix3560
%build
rm -rf autom4te*.cache
@@ -84,6 +82,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_includedir}/*.h
%changelog
+* Mon Feb 8 2010 Joe Orton <jorton at redhat.com> - 2.0.1-10
+- revised fix for CVE-2009-3560 regression (#544996)
+
* Sun Jan 31 2010 Joe Orton <jorton at redhat.com> - 2.0.1-9
- drop static libraries (#556046)
- add fix for regression in CVE-2009-3560 patch (#544996)
--- expat-1.95.8-CVE-2009-3560.patch DELETED ---
--- expat-2.0.1-fix3560.patch DELETED ---
More information about the scm-commits
mailing list