Hello community, here is the log from the commit of package libxslt for openSUSE:11.4 checked in at Tue Feb 14 18:23:05 CET 2012.
-------- --- old-versions/11.4/all/libxslt/libxslt.changes 2010-07-21 15:24:58.000000000 +0200 +++ 11.4/libxslt/libxslt.changes 2012-02-09 11:48:48.000000000 +0100 @@ -1,0 +2,5 @@ +Thu Feb 9 10:34:59 UTC 2012 - [email protected] + +- fix for CVE-2011-3970 (bnc#746039) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/libxslt Destination is old-versions/11.4/UPDATES/all/libxslt calling whatdependson for 11.4-i586 New: ---- libxslt-CVE-2011-3970.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxslt-python.spec ++++++ --- /var/tmp/diff_new_pack.UcwUDI/_old 2012-02-14 18:18:42.000000000 +0100 +++ /var/tmp/diff_new_pack.UcwUDI/_new 2012-02-14 18:18:42.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package libxslt-python (Version 1.1.26) +# spec file for package libxslt-python # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ BuildRequires: libxml2-python libxslt-devel python-devel Summary: Python Bindings for libxslt Version: 1.1.26 -Release: 1 +Release: 6.<RELEASE2> License: MIT License (or similar) Group: Development/Libraries/Python Source: libxslt-%{version}.tar.bz2 ++++++ libxslt.spec ++++++ --- /var/tmp/diff_new_pack.UcwUDI/_old 2012-02-14 18:18:42.000000000 +0100 +++ /var/tmp/diff_new_pack.UcwUDI/_new 2012-02-14 18:18:42.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package libxslt (Version 1.1.26) +# spec file for package libxslt # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ BuildRequires: libgcrypt libgcrypt-devel libgpg-error libgpg-error-devel libxml2-devel pkg-config Summary: XSL Transformation Library Version: 1.1.26 -Release: 1 +Release: 3.<RELEASE4> License: MIT License (or similar) Group: System/Libraries # bug437293 @@ -33,6 +33,7 @@ Source: %{name}-%{version}.tar.bz2 Source2: baselibs.conf Patch0: %{name}-1.1.24-no-net-autobuild.patch +Patch2: libxslt-CVE-2011-3970.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: libxml2 >= 2.6.27 Url: http://xmlsoft.org/XSLT/ @@ -73,6 +74,7 @@ %prep %setup -q %patch0 +%patch2 -p1 %build autoreconf --force --install ++++++ libxslt-CVE-2011-3970.patch ++++++ Index: libxslt-1.1.26/libxslt/pattern.c =================================================================== --- libxslt-1.1.26.orig/libxslt/pattern.c 2009-09-17 14:58:46.000000000 +0200 +++ libxslt-1.1.26/libxslt/pattern.c 2012-02-09 11:34:35.661740912 +0100 @@ -1864,6 +1864,8 @@ while ((pattern[end] != 0) && (pattern[end] != '"')) end++; } + if (pattern[end] == 0) + break; end++; } if (current == end) { continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
