Hello community,
here is the log from the commit of package expat for openSUSE:11.4
checked in at Tue Mar 13 15:15:15 CET 2012.
--------
--- old-versions/11.4/UPDATES/all/expat/expat.changes 2012-03-08 12:47:44.000000000 +0100
+++ 11.4/expat/expat.changes 2012-03-12 14:48:33.000000000 +0100
@@ -1 +1,13 @@
-Thu Mar 8 11:43:37 UTC 2012 - vdziewiecki@suse.com
+-------------------------------------------------------------------
+Mon Mar 12 13:46:28 UTC 2012 - vdziewiecki@suse.com
+
+-Fixed VUL0: CVE-2012-1147 - Resource leak in readfilemap.c. (bnc#751464)
+-Fixed VUL0: CVE-2012-1148 - Memory leak in poolGrow. (bnc#751465)
+-
+
+-------------------------------------------------------------------
+Fri Mar 9 14:53:13 UTC 2012 - vdziewiecki@suse.com
+
+
+-------------------------------------------------------------------
+Thu Mar 8 11:34:58 UTC 2012 - vdziewiecki@suse.com
@@ -5 +17,15 @@
-------------------------------------------------------------------
+
+-------------------------------------------------------------------
+Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant/obsolete tags/sections from specfile
+ (cf. packaging guidelines)
+- Use %_smp_mflags for parallel build
+- Add libexpat-devel to baselibs
+
+-------------------------------------------------------------------
+Fri Feb 25 16:01:01 UTC 2011 - prusnak@opensuse.org
+
+- fix license (MIT) in spec file
+
+-------------------------------------------------------------------
calling whatdependson for 11.4-i586
New:
----
expat-CVE-2012-1147.patch
expat-CVE-2012-1148.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ expat.spec ++++++
--- /var/tmp/diff_new_pack.cV1ABR/_old 2012-03-13 15:15:03.000000000 +0100
+++ /var/tmp/diff_new_pack.cV1ABR/_new 2012-03-13 15:15:03.000000000 +0100
@@ -19,7 +19,7 @@
Name: expat
Version: 2.0.1
-Release: 102.<RELEASE103>
+Release: 102.<RELEASE105>
Url: http://expat.sourceforge.net/
# bug437293
%ifarch ppc64
@@ -35,6 +35,9 @@
Patch0: %{name}-CVE-2009-2625.patch
Patch1: %{name}-CVE-2009-3560.patch
Patch2: %{name}-CVE-2012-0876.patch
+Patch3: %{name}-CVE-2012-1147.patch
+Patch4: %{name}-CVE-2012-1148.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gcc-c++
@@ -47,7 +50,7 @@
xmltok/xmltok.h. The directory xmlparse contains an XML parser library
that is built on top of the xmltok library. The interface is documented
in xmlparse/xmlparse.h. The directory sample contains a simple example
-program using this interface. The directory sample/build.bat is a batch
+program using this interface. The file sample/build.bat is a batch
file to build the example using Visual C++. The directory xmlwf
contains the xmlwf application, which uses the xmlparse library. The
arguments to xmlwf are one or more files to check for well-formedness.
@@ -61,15 +64,9 @@
internal subset or it is declared as stand-alone in the XML
declaration).
-
-
-Authors:
---------
- James Clark
-
%package -n libexpat1
+
Summary: XML Parser Toolkit
-License: MPL ..
Group: Development/Libraries/C and C++
# bug437293
%ifarch ppc64
@@ -86,7 +83,7 @@
xmltok/xmltok.h. The directory xmlparse contains an XML parser library
that is built on top of the xmltok library. The interface is documented
in xmlparse/xmlparse.h. The directory sample contains a simple example
-program using this interface. The directory sample/build.bat is a batch
+program using this interface. The file sample/build.bat is a batch
file to build the example using Visual C++. The directory xmlwf
contains the xmlwf application, which uses the xmlparse library. The
arguments to xmlwf are one or more files to check for well-formedness.
@@ -100,15 +97,9 @@
internal subset or it is declared as stand-alone in the XML
declaration).
-
-
-Authors:
---------
- James Clark
-
%package -n libexpat-devel
+
Summary: XML Parser Toolkit
-License: MPL ..
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libexpat1 = %{version}
@@ -122,7 +113,7 @@
xmltok/xmltok.h. The directory xmlparse contains an XML parser library
that is built on top of the xmltok library. The interface is documented
in xmlparse/xmlparse.h. The directory sample contains a simple example
-program using this interface. The directory sample/build.bat is a batch
+program using this interface. The file sample/build.bat is a batch
file to build the example using Visual C++. The directory xmlwf
contains the xmlwf application, which uses the xmlparse library. The
arguments to xmlwf are one or more files to check for well-formedness.
@@ -136,23 +127,19 @@
internal subset or it is declared as stand-alone in the XML
declaration).
-
-
-Authors:
---------
- James Clark
-
%prep
%setup -q
%patch0
%patch1
-%patch2
+%patch2 -p0
+%patch3
+%patch4
cp %{S:1} .
rm -f examples/*.dsp
%build
%configure --disable-static --with-pic --libdir=/%{_lib}
-%{__make} %{?jobs:-j%jobs}
+make %{?_smp_mflags}
%install
make DESTDIR=$RPM_BUILD_ROOT install
@@ -167,9 +154,6 @@
%check
make check
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%post -n libexpat1 -p /sbin/ldconfig
%postun -n libexpat1 -p /sbin/ldconfig
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.cV1ABR/_old 2012-03-13 15:15:03.000000000 +0100
+++ /var/tmp/diff_new_pack.cV1ABR/_new 2012-03-13 15:15:03.000000000 +0100
@@ -2,3 +2,6 @@
libexpat1
obsoletes "expat-<targettype>"
provides "expat-<targettype>"
+libexpat-devel
+ requires -libexpat-<targettype>
+ requires "libexpat1-<targettype> = <version>"
++++++ expat-CVE-2012-1147.patch ++++++
Index: xmlwf/readfilemap.c
===================================================================
--- xmlwf/readfilemap.c.orig
+++ xmlwf/readfilemap.c
@@ -58,10 +58,12 @@ filemap(const char *name,
}
if (fstat(fd, &sb) < 0) {
perror(name);
+ close(fd);
return 0;
}
if (!S_ISREG(sb.st_mode)) {
fprintf(stderr, "%s: not a regular file\n", name);
+ close(fd);
return 0;
}
nbytes = sb.st_size;
++++++ expat-CVE-2012-1148.patch ++++++
--- lib/xmlparse.c 2009/12/29 18:42:05 1.166
+++ lib/xmlparse.c 2010/02/25 18:35:36 1.167
@@ -6122,12 +6122,13 @@
}
if (pool->blocks && pool->start == pool->blocks->s) {
int blockSize = (int)(pool->end - pool->start)*2;
- pool->blocks = (BLOCK *)
+ BLOCK *temp = (BLOCK *)
pool->mem->realloc_fcn(pool->blocks,
(offsetof(BLOCK, s)
+ blockSize * sizeof(XML_Char)));
- if (pool->blocks == NULL)
+ if (temp == NULL)
return XML_FALSE;
+ pool->blocks = temp;
pool->blocks->size = blockSize;
pool->ptr = pool->blocks->s + (pool->ptr - pool->start);
pool->start = pool->blocks->s;
continue with "q"...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org