Hello community, here is the log from the commit of package expat for openSUSE:11.4 checked in at Tue Mar 13 15:15:15 CET 2012.
-------- --- old-versions/11.4/UPDATES/all/expat/expat.changes 2012-03-08 12:47:44.000000000 +0100 +++ 11.4/expat/expat.changes 2012-03-12 14:48:33.000000000 +0100 @@ -1 +1,13 @@ -Thu Mar 8 11:43:37 UTC 2012 - [email protected] +------------------------------------------------------------------- +Mon Mar 12 13:46:28 UTC 2012 - [email protected] + +-Fixed VUL0: CVE-2012-1147 - Resource leak in readfilemap.c. (bnc#751464) +-Fixed VUL0: CVE-2012-1148 - Memory leak in poolGrow. (bnc#751465) +- + +------------------------------------------------------------------- +Fri Mar 9 14:53:13 UTC 2012 - [email protected] + + +------------------------------------------------------------------- +Thu Mar 8 11:34:58 UTC 2012 - [email protected] @@ -5 +17,15 @@ ------------------------------------------------------------------- + +------------------------------------------------------------------- +Sun Sep 18 17:17:12 UTC 2011 - [email protected] + +- Remove redundant/obsolete tags/sections from specfile + (cf. packaging guidelines) +- Use %_smp_mflags for parallel build +- Add libexpat-devel to baselibs + +------------------------------------------------------------------- +Fri Feb 25 16:01:01 UTC 2011 - [email protected] + +- fix license (MIT) in spec file + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- expat-CVE-2012-1147.patch expat-CVE-2012-1148.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ expat.spec ++++++ --- /var/tmp/diff_new_pack.cV1ABR/_old 2012-03-13 15:15:03.000000000 +0100 +++ /var/tmp/diff_new_pack.cV1ABR/_new 2012-03-13 15:15:03.000000000 +0100 @@ -19,7 +19,7 @@ Name: expat Version: 2.0.1 -Release: 102.<RELEASE103> +Release: 102.<RELEASE105> Url: http://expat.sourceforge.net/ # bug437293 %ifarch ppc64 @@ -35,6 +35,9 @@ Patch0: %{name}-CVE-2009-2625.patch Patch1: %{name}-CVE-2009-3560.patch Patch2: %{name}-CVE-2012-0876.patch +Patch3: %{name}-CVE-2012-1147.patch +Patch4: %{name}-CVE-2012-1148.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gcc-c++ @@ -47,7 +50,7 @@ xmltok/xmltok.h. The directory xmlparse contains an XML parser library that is built on top of the xmltok library. The interface is documented in xmlparse/xmlparse.h. The directory sample contains a simple example -program using this interface. The directory sample/build.bat is a batch +program using this interface. The file sample/build.bat is a batch file to build the example using Visual C++. The directory xmlwf contains the xmlwf application, which uses the xmlparse library. The arguments to xmlwf are one or more files to check for well-formedness. @@ -61,15 +64,9 @@ internal subset or it is declared as stand-alone in the XML declaration). - - -Authors: --------- - James Clark <[email protected]> - %package -n libexpat1 + Summary: XML Parser Toolkit -License: MPL .. Group: Development/Libraries/C and C++ # bug437293 %ifarch ppc64 @@ -86,7 +83,7 @@ xmltok/xmltok.h. The directory xmlparse contains an XML parser library that is built on top of the xmltok library. The interface is documented in xmlparse/xmlparse.h. The directory sample contains a simple example -program using this interface. The directory sample/build.bat is a batch +program using this interface. The file sample/build.bat is a batch file to build the example using Visual C++. The directory xmlwf contains the xmlwf application, which uses the xmlparse library. The arguments to xmlwf are one or more files to check for well-formedness. @@ -100,15 +97,9 @@ internal subset or it is declared as stand-alone in the XML declaration). - - -Authors: --------- - James Clark <[email protected]> - %package -n libexpat-devel + Summary: XML Parser Toolkit -License: MPL .. Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libexpat1 = %{version} @@ -122,7 +113,7 @@ xmltok/xmltok.h. The directory xmlparse contains an XML parser library that is built on top of the xmltok library. The interface is documented in xmlparse/xmlparse.h. The directory sample contains a simple example -program using this interface. The directory sample/build.bat is a batch +program using this interface. The file sample/build.bat is a batch file to build the example using Visual C++. The directory xmlwf contains the xmlwf application, which uses the xmlparse library. The arguments to xmlwf are one or more files to check for well-formedness. @@ -136,23 +127,19 @@ internal subset or it is declared as stand-alone in the XML declaration). - - -Authors: --------- - James Clark <[email protected]> - %prep %setup -q %patch0 %patch1 -%patch2 +%patch2 -p0 +%patch3 +%patch4 cp %{S:1} . rm -f examples/*.dsp %build %configure --disable-static --with-pic --libdir=/%{_lib} -%{__make} %{?jobs:-j%jobs} +make %{?_smp_mflags} %install make DESTDIR=$RPM_BUILD_ROOT install @@ -167,9 +154,6 @@ %check make check -%clean -rm -rf $RPM_BUILD_ROOT - %post -n libexpat1 -p /sbin/ldconfig %postun -n libexpat1 -p /sbin/ldconfig ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.cV1ABR/_old 2012-03-13 15:15:03.000000000 +0100 +++ /var/tmp/diff_new_pack.cV1ABR/_new 2012-03-13 15:15:03.000000000 +0100 @@ -2,3 +2,6 @@ libexpat1 obsoletes "expat-<targettype>" provides "expat-<targettype>" +libexpat-devel + requires -libexpat-<targettype> + requires "libexpat1-<targettype> = <version>" ++++++ expat-CVE-2012-1147.patch ++++++ Index: xmlwf/readfilemap.c =================================================================== --- xmlwf/readfilemap.c.orig +++ xmlwf/readfilemap.c @@ -58,10 +58,12 @@ filemap(const char *name, } if (fstat(fd, &sb) < 0) { perror(name); + close(fd); return 0; } if (!S_ISREG(sb.st_mode)) { fprintf(stderr, "%s: not a regular file\n", name); + close(fd); return 0; } nbytes = sb.st_size; ++++++ expat-CVE-2012-1148.patch ++++++ --- lib/xmlparse.c 2009/12/29 18:42:05 1.166 +++ lib/xmlparse.c 2010/02/25 18:35:36 1.167 @@ -6122,12 +6122,13 @@ } if (pool->blocks && pool->start == pool->blocks->s) { int blockSize = (int)(pool->end - pool->start)*2; - pool->blocks = (BLOCK *) + BLOCK *temp = (BLOCK *) pool->mem->realloc_fcn(pool->blocks, (offsetof(BLOCK, s) + blockSize * sizeof(XML_Char))); - if (pool->blocks == NULL) + if (temp == NULL) return XML_FALSE; + pool->blocks = temp; pool->blocks->size = blockSize; pool->ptr = pool->blocks->s + (pool->ptr - pool->start); pool->start = pool->blocks->s; continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
