[xml/sgml-commit] r1654 - in /packages/expat/trunk/debian: changelog patches/560901_CVE_2009_3560.dpatch
dleidert-guest at users.alioth.debian.org
dleidert-guest at users.alioth.debian.org
Tue Dec 29 21:03:31 UTC 2009
Author: dleidert-guest
Date: Tue Dec 29 21:03:20 2009
New Revision: 1654
URL: http://svn.debian.org/wsvn/debian-xml-sgml/?sc=1&rev=1654
Log:
* debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
- lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
regressions have been detected (closes: #561658). Many thanks to
Niko Tyni and Karl Waclawek for their help and the fix.
Modified:
packages/expat/trunk/debian/changelog
packages/expat/trunk/debian/patches/560901_CVE_2009_3560.dpatch
Modified: packages/expat/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/changelog?rev=1654&op=diff
==============================================================================
--- packages/expat/trunk/debian/changelog (original)
+++ packages/expat/trunk/debian/changelog Tue Dec 29 21:03:20 2009
@@ -1,6 +1,10 @@
expat (2.0.1-7) UNRELEASED; urgency=low
* NOT RELEASED YET
+ * debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
+ - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
+ regressions have been detected (closes: #561658). Many thanks to
+ Niko Tyni and Karl Waclawek for their help and the fix.
-- Daniel Leidert (dale) <daniel.leidert at wgdd.de> Sun, 13 Dec 2009 12:41:46 +0100
Modified: packages/expat/trunk/debian/patches/560901_CVE_2009_3560.dpatch
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/patches/560901_CVE_2009_3560.dpatch?rev=1654&op=diff
==============================================================================
--- packages/expat/trunk/debian/patches/560901_CVE_2009_3560.dpatch (original)
+++ packages/expat/trunk/debian/patches/560901_CVE_2009_3560.dpatch Tue Dec 29 21:03:20 2009
@@ -9,20 +9,26 @@
## DP: to the doProlog function in lib/xmlparse.c, a different vulnerability
## DP: than CVE-2009-2625 and CVE-2009-3720.
## DP:
+## DP: This is the revised patch.
+## DP:
## DP: <URL:http://bugs.debian.org/560901>
+## DP: <URL:http://bugs.debian.org/561658>
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560>
-## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165>
+## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166>
+## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165>
@DPATCH@
-diff -urNad lenny~/lib/xmlparse.c lenny/lib/xmlparse.c
---- lenny~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
-+++ lenny/lib/xmlparse.c 2009-12-13 11:39:18.671629559 +0100
-@@ -3725,7 +3725,6 @@
- return XML_ERROR_NO_ELEMENTS;
- default:
- tok = -tok;
-- next = end;
- break;
- }
- }
+diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c
+--- trunk~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
++++ trunk/lib/xmlparse.c 2009-12-29 21:57:22.141732904 +0100
+@@ -3703,6 +3703,9 @@
+ return XML_ERROR_UNCLOSED_TOKEN;
+ case XML_TOK_PARTIAL_CHAR:
+ return XML_ERROR_PARTIAL_CHAR;
++ case -XML_TOK_PROLOG_S:
++ tok = -tok;
++ break;
+ case XML_TOK_NONE:
+ #ifdef XML_DTD
+ /* for internal PE NOT referenced between declarations */
More information about the debian-xml-sgml-commit
mailing list