Hello community, here is the log from the commit of package expat for openSUSE:Factory checked in at Fri Oct 30 17:29:05 CET 2009. -------- --- expat/expat.changes 2009-04-05 15:46:07.000000000 +0200 +++ /mounts/work_src_done/STABLE/expat/expat.changes 2009-10-29 14:22:00.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Oct 29 14:22:47 CET 2009 - prusnak@suse.cz + +- fix DoS (CVE-2009-2625.patch) [bnc#550664] + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- expat-CVE-2009-2625.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ expat.spec ++++++ --- /var/tmp/diff_new_pack.T4lrGl/_old 2009-10-30 17:28:39.000000000 +0100 +++ /var/tmp/diff_new_pack.T4lrGl/_new 2009-10-30 17:28:39.000000000 +0100 @@ -20,9 +20,9 @@ Name: expat Version: 2.0.1 -Release: 90 +Release: 91 Group: Development/Libraries/C and C++ -License: X11/MIT +License: MIT License (or similar) Url: http://expat.sourceforge.net/ # bug437293 %ifarch ppc64 @@ -32,6 +32,7 @@ Summary: XML Parser Toolkit Source0: %{name}-%{version}.tar.bz2 Source1: %{name}faq.html +Patch0: %{name}-CVE-2009-2625.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gcc-c++ @@ -65,7 +66,7 @@ James Clark <jjc@jclark.com> %package -n libexpat1 -License: MOZILLA PUBLIC LICENSE (MPL/NPL) +License: MPL .. Summary: XML Parser Toolkit Group: Development/Libraries/C and C++ # bug437293 @@ -104,7 +105,7 @@ James Clark <jjc@jclark.com> %package -n libexpat-devel -License: MOZILLA PUBLIC LICENSE (MPL/NPL) +License: MPL .. Summary: XML Parser Toolkit Group: Development/Libraries/C and C++ Requires: libexpat1 = %{version} glibc-devel @@ -140,6 +141,7 @@ %prep %setup -q +%patch0 cp %{S:1} . rm -f examples/*.dsp ++++++ expat-CVE-2009-2625.patch ++++++ http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15 --- lib/xmltok_impl.c +++ lib/xmltok_impl.c @@ -1744,7 +1744,7 @@ const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org