rpms/PyXML/F-10 PyXML-0.8.4-buffer-over-read.patch, NONE, 1.1 PyXML.spec, 1.32, 1.33

Roman Rakus rrakus at fedoraproject.org
Fri Oct 30 14:42:40 UTC 2009 

Author: rrakus

Update of /cvs/extras/rpms/PyXML/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3164

Modified Files:
	PyXML.spec 
Added Files:
	PyXML-0.8.4-buffer-over-read.patch 
Log Message:
Fix buffer over read

PyXML-0.8.4-buffer-over-read.patch:
 xmltok_impl.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE PyXML-0.8.4-buffer-over-read.patch ---
--- PyXML-0.8.4/extensions/expat/lib/xmltok_impl.c.cve3720
+++ PyXML-0.8.4/extensions/expat/lib/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \


Index: PyXML.spec
===================================================================
RCS file: /cvs/extras/rpms/PyXML/F-10/PyXML.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -p -r1.32 -r1.33
--- PyXML.spec	14 Jul 2008 15:56:24 -0000	1.32
+++ PyXML.spec	30 Oct 2009 14:42:40 -0000	1.33
@@ -1,11 +1,13 @@
 Summary: XML libraries for python.
 Name: PyXML
 Version: 0.8.4
-Release: 10
+Release: 11%{?dist}
 Source: http://prdownloads.sourceforge.net/pyxml/PyXML-%{version}.tar.gz
 Patch0: PyXML-0.7.1-intern.patch
 Patch1: PyXML-0.8.4-cvs20041111-python2.4-backport.patch
 Patch2: PyXML-memmove.patch
+Patch3: PyXML-0.8.4-buffer-over-read.patch
+
 License: MIT and Python and ZPLv1.0 and BSD
 Group: Development/Libraries
 Requires: python
@@ -40,6 +42,7 @@ programming interfaces and an interface 
 %patch0 -p1 -b .intern
 %patch1 -p1 -b .python2.4-backport
 %patch2 -p1
+%patch3 -p1 -b .buufer_over_read
 
 %build
 CFLAGS="$RPM_OPT_FLAGS" %{__python} -c 'import setuptools; execfile("setup.py")' build  --with-xslt
@@ -60,6 +63,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/python?.?/site-packages/_xmlplus
 
 %changelog
+* Fri Oct 30 2009 Roman Rakus <rrakus at redhat.com> - 0.8.4-11
+- Fix buffer over read
+
 * Mon Jul 14 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 0.8.4-10
 - fix license tag

More information about the fedora-extras-commits mailing list