rpms/expat/F-12 expat-1.95.8-CVE-2009-3560.patch, NONE, 1.1 expat-1.95.8-CVE-2009-3720.patch, NONE, 1.1 expat-2.0.1-confcxx.patch, NONE, 1.1 expat.spec, 1.33, 1.34
jorton
jorton at fedoraproject.org
Thu Dec 3 13:34:26 UTC 2009
Author: jorton
Update of /cvs/extras/rpms/expat/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13885
Modified Files:
expat.spec
Added Files:
expat-1.95.8-CVE-2009-3560.patch
expat-1.95.8-CVE-2009-3720.patch expat-2.0.1-confcxx.patch
Log Message:
* Tue Dec 1 2009 Joe Orton <jorton at redhat.com> - 2.0.1-8
- add security fix for CVE-2009-3560 (#533174)
- add security fix for CVE-2009-3720 (#531697)
- run the test suite
expat-1.95.8-CVE-2009-3560.patch:
xmlparse.c | 1 -
1 file changed, 1 deletion(-)
--- NEW FILE expat-1.95.8-CVE-2009-3560.patch ---
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
--- expat-1.95.8/lib/xmlparse.c.cve3560
+++ expat-1.95.8/lib/xmlparse.c
@@ -3637,7 +3637,6 @@ doProlog(XML_Parser parser,
return XML_ERROR_NO_ELEMENTS;
default:
tok = -tok;
- next = end;
break;
}
}
expat-1.95.8-CVE-2009-3720.patch:
xmltok_impl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE expat-1.95.8-CVE-2009-3720.patch ---
--- expat-1.95.8/lib/xmltok_impl.c.cve3720
+++ expat-1.95.8/lib/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
expat-2.0.1-confcxx.patch:
configure.in | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE expat-2.0.1-confcxx.patch ---
Configure for C++ too so the testsuite works.
--- expat-2.0.1/configure.in.confcxx
+++ expat-2.0.1/configure.in
@@ -62,6 +62,7 @@ AC_SUBST(LIBAGE)
dnl Checks for programs.
AC_PROG_CC
+AC_PROG_CXX
AC_PROG_INSTALL
if test "$GCC" = yes ; then
Index: expat.spec
===================================================================
RCS file: /cvs/extras/rpms/expat/F-12/expat.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- expat.spec 24 Jul 2009 22:26:13 -0000 1.33
+++ expat.spec 3 Dec 2009 13:34:26 -0000 1.34
@@ -1,13 +1,16 @@
Summary: An XML parser library
Name: expat
Version: 2.0.1
-Release: 7
+Release: 8%{?dist}
Group: System Environment/Libraries
Source: http://download.sourceforge.net/expat/expat-%{version}.tar.gz
+Patch1: expat-2.0.1-confcxx.patch
+Patch2: expat-1.95.8-CVE-2009-3560.patch
+Patch3: expat-1.95.8-CVE-2009-3720.patch
URL: http://www.libexpat.org/
License: MIT
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: autoconf, automake, libtool
+BuildRequires: autoconf, automake, libtool, check-devel
%description
This is expat, the C library for parsing XML, written by James Clark. Expat
@@ -28,10 +31,13 @@ to develop XML applications with expat.
%prep
%setup -q
+%patch1 -p1 -b .confcxx
+%patch2 -p1 -b .cve3560
+%patch3 -p1 -b .cve3720
%build
rm -rf autom4te*.cache
-cp `aclocal --print-ac-dir`/libtool.m4 conftools || exit 1
+rm conftools/libtool.m4
libtoolize --copy --force --automake && aclocal && autoheader && autoconf
export CFLAGS="$RPM_OPT_FLAGS -fPIC"
%configure --libdir=/%{_lib}
@@ -53,6 +59,9 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/libexpat.l
lib=`echo $RPM_BUILD_ROOT/%{_lib}/libexpat.so.*.*`
ln -sf ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/libexpat.so
+%check
+make check
+
%clean
rm -rf ${RPM_BUILD_ROOT}
@@ -74,6 +83,11 @@ rm -rf ${RPM_BUILD_ROOT}
%{_includedir}/*.h
%changelog
+* Tue Dec 1 2009 Joe Orton <jorton at redhat.com> - 2.0.1-8
+- add security fix for CVE-2009-3560 (#533174)
+- add security fix for CVE-2009-3720 (#531697)
+- run the test suite
+
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
More information about the fedora-extras-commits
mailing list