Hello community, here is the log from the commit of package pyxml for openSUSE:Factory checked in at Mon Nov 2 12:42:48 CET 2009. -------- --- pyxml/pyxml.changes 2008-08-19 13:05:33.000000000 +0200 +++ /mounts/work_src_done/STABLE/pyxml/pyxml.changes 2009-10-28 15:29:48.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Oct 28 15:26:20 CET 2009 - ke@suse.de + +- Apply patch to fix an expat DoS (CVE-2009-3720). Reported by Ludwig + Nussel (bnc#550666). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- bug-550664_expat-2.0.1-fix_bug_1990430.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pyxml.spec ++++++ --- /var/tmp/diff_new_pack.ZjUpvU/_old 2009-11-02 12:42:41.000000000 +0100 +++ /var/tmp/diff_new_pack.ZjUpvU/_new 2009-11-02 12:42:41.000000000 +0100 @@ -22,11 +22,12 @@ BuildRequires: python-devel python-xml Summary: XML Tools in Python Version: 0.8.4 -Release: 198 +Release: 199 # Source0: http://switch.dl.sourceforge.net/sourceforge/pyxml/PyXML-%{version}.tar.gz Source0: http://ftp1.sourceforge.net/sourceforge/pyxml/PyXML-%{version}.tar.gz Patch0: pyxml-distutils.diff Patch1: pyxml-keyword_as.diff +Patch2: bug-550664_expat-2.0.1-fix_bug_1990430.patch License: X11, BeOpen, Python License, Public Domain, Zope Public License Group: Development/Libraries/Python %define pyver %(python -c 'import sys; print sys.version[:3]') @@ -84,13 +85,17 @@ Andrew M. Kuchling <akuchlin@cnri.reston.va.us> Stefane Fermigier <fermigie@math.jussieu.fr> Fred L. Drake <fdrake@cnri.reston.va.us> - Geir Ove Gr�nmo - Martin von L�wis + Geir Ove Grønmo + Martin von Löwis %prep %setup -q -n PyXML-%{version} %patch -P 0 -p 1 %patch1 +cd extensions/expat +%patch -p 0 -P 2 +# patch -p 0 < %{P:2} +cd ../.. %build env CFLAGS="$RPM_OPT_FLAGS" python setup.py build ++++++ bug-550664_expat-2.0.1-fix_bug_1990430.patch ++++++ http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=l... (1.13 -> 1.15) http://svn.python.org/view?view=rev&revision=74429 --- lib/xmltok_impl.c +++ lib/xmltok_impl.c @@ -1744,7 +1744,7 @@ const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org