Accepting request 25590 from devel:libraries:c_c++

Copy from devel:libraries:c_c++/expat based on submit request 25590 from user prusnak OBS-URL: https://build.opensuse.org/request/show/25590 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/expat?expand=0&rev=14
2009-12-08 09:11:30 +00:00 · 2009-12-08 09:11:30 +00:00 · 125a5dbf08
commit 125a5dbf08
parent 0a4962c436
4 changed files with 26 additions and 3 deletions
--- a/expat-CVE-2009-2625.patch
+++ b/expat-CVE-2009-2625.patch
@ -1,8 +1,10 @@
 http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15

--- lib/xmltok_impl.c
+Index: lib/xmltok_impl.c
+===================================================================
+--- lib/xmltok_impl.c.orig
 +++ lib/xmltok_impl.c
-@@ -1744,7 +1744,7 @@
+@@ -1744,7 +1744,7 @@ PREFIX(updatePosition)(const ENCODING *e
                        const char *end,
                        POSITION *pos)
 {
--- a/expat-CVE-2009-3560.patch
+++ b/expat-CVE-2009-3560.patch
@ -0,0 +1,14 @@
+http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
+
+Index: lib/xmlparse.c
+===================================================================
+--- lib/xmlparse.c.orig
+++ lib/xmlparse.c
+@@ -3725,7 +3725,6 @@ doProlog(XML_Parser parser,
+         return XML_ERROR_NO_ELEMENTS;
+       default:
+         tok = -tok;
+-        next = end;
+         break;
+       }
+     }
--- a/expat.changes
+++ b/expat.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Dec  4 15:43:29 CET 2009 - prusnak@suse.cz
+
+- fix DoS (CVE-2009-3560.patch) [bnc#558892]
+
 -------------------------------------------------------------------
 Thu Oct 29 14:22:47 CET 2009 - prusnak@suse.cz

--- a/expat.spec
+++ b/expat.spec
@ -20,7 +20,7 @@

 Name:           expat
 Version:        2.0.1
-Release:        91
+Release:        92
 Group:          Development/Libraries/C and C++
 License:        MIT License (or similar)
 Url:            http://expat.sourceforge.net/
@ -33,6 +33,7 @@ Summary:        XML Parser Toolkit
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        %{name}faq.html
 Patch0:         %{name}-CVE-2009-2625.patch
+Patch1:         %{name}-CVE-2009-3560.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  gcc-c++

@ -142,6 +143,7 @@ Authors:
 %prep
 %setup -q
 %patch0
+%patch1
 cp %{S:1} .
 rm -f examples/*.dsp