rpms/expat/F-10 expat-1.95.8-CVE-2009-3720.patch, NONE, 1.1 expat.spec, 1.31, 1.32
jorton
jorton at fedoraproject.org
Mon Nov 2 19:57:42 UTC 2009
Author: jorton
Update of /cvs/extras/rpms/expat/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32373
Modified Files:
expat.spec
Added Files:
expat-1.95.8-CVE-2009-3720.patch
Log Message:
* Fri Oct 30 2009 Joe Orton <jorton at redhat.com> - 2.0.1-5.1
- add security fix for CVE-2009-3720
expat-1.95.8-CVE-2009-3720.patch:
xmltok_impl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE expat-1.95.8-CVE-2009-3720.patch ---
--- expat-1.95.8/lib/xmltok_impl.c.cve3720
+++ expat-1.95.8/lib/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
Index: expat.spec
===================================================================
RCS file: /cvs/extras/rpms/expat/F-10/expat.spec,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -p -r1.31 -r1.32
--- expat.spec 19 Feb 2008 07:04:42 -0000 1.31
+++ expat.spec 2 Nov 2009 19:57:42 -0000 1.32
@@ -1,9 +1,10 @@
Summary: An XML parser library
Name: expat
Version: 2.0.1
-Release: 5
+Release: 5%{?dist}.1
Group: System Environment/Libraries
Source: http://download.sourceforge.net/expat/expat-%{version}.tar.gz
+Patch1: expat-1.95.8-CVE-2009-3720.patch
URL: http://www.libexpat.org/
License: MIT
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -28,6 +29,7 @@ to develop XML applications with expat.
%prep
%setup -q
+%patch1 -p1 -b .cve3720
%build
rm -rf autom4te*.cache
@@ -74,6 +76,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_includedir}/*.h
%changelog
+* Fri Oct 30 2009 Joe Orton <jorton at redhat.com> - 2.0.1-5.1
+- add security fix for CVE-2009-3720
+
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 2.0.1-5
- Autorebuild for GCC 4.3
More information about the fedora-extras-commits
mailing list