rpms/PyXML/F-11 PyXML-0.8.4-buffer-over-read.patch, NONE, 1.1 PyXML.spec, 1.36, 1.37

Roman Rakus rrakus at fedoraproject.org
Fri Oct 30 15:00:45 UTC 2009 

Author: rrakus

Update of /cvs/extras/rpms/PyXML/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11010

Modified Files:
	PyXML.spec 
Added Files:
	PyXML-0.8.4-buffer-over-read.patch 
Log Message:
Fix buffer over read

PyXML-0.8.4-buffer-over-read.patch:
 xmltok_impl.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE PyXML-0.8.4-buffer-over-read.patch ---
--- PyXML-0.8.4/extensions/expat/lib/xmltok_impl.c.cve3720
+++ PyXML-0.8.4/extensions/expat/lib/xmltok_impl.c
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \


Index: PyXML.spec
===================================================================
RCS file: /cvs/extras/rpms/PyXML/F-11/PyXML.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -p -r1.36 -r1.37
--- PyXML.spec	3 Mar 2009 08:30:07 -0000	1.36
+++ PyXML.spec	30 Oct 2009 15:00:44 -0000	1.37
@@ -1,12 +1,14 @@
 Summary: XML libraries for python
 Name: PyXML
 Version: 0.8.4
-Release: 14
+Release: 15%{?dist}
 Source: http://prdownloads.sourceforge.net/pyxml/PyXML-%{version}.tar.gz
 Patch0: PyXML-0.7.1-intern.patch
 Patch1: PyXML-0.8.4-cvs20041111-python2.4-backport.patch
 Patch2: PyXML-memmove.patch
 Patch3: PyXML-0.8.4-python2.6.patch
+Patch4: PyXML-0.8.4-buffer-over-read.patch
+
 License: MIT and Python and ZPLv1.0 and BSD
 Group: Development/Libraries
 Requires: python
@@ -42,6 +44,7 @@ programming interfaces and an interface 
 %patch1 -p1 -b .python2.4-backport
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1 -b .buffer_over_read
 
 %build
 CFLAGS="$RPM_OPT_FLAGS" %{__python} -c 'import setuptools; execfile("setup.py")' build  --with-xslt
@@ -62,6 +65,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/python?.?/site-packages/_xmlplus
 
 %changelog
+* Fri Oct 30 2009 Roman Rakus <rrakus at redhat.com> - 0.8.4-15
+- Fix buffer over read
+
 * Tue Mar 03 2009 Caolán McNamara <caolanm at redhat.com> - 0.8.4-14
 - Another 'as' hiding in Stylesheet.py -> as_

More information about the fedora-extras-commits mailing list