[Erp5-report] r28736 - /spec/mandriva/python2.4-celementtree/

nobody at svn.erp5.org nobody at svn.erp5.org
Tue Sep 1 21:22:50 CEST 2009


Author: kazuhiko
Date: Tue Sep  1 21:22:50 2009
New Revision: 28736

URL: http://svn.erp5.org?rev=28736&view=rev
Log:
- P0: security fix related to CVE-2009-2625

Added:
    spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff
Modified:
    spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec

Added: spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff
URL: http://svn.erp5.org/spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff?rev=28736&view=auto
==============================================================================
--- spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff (added)
+++ spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff [utf8] Tue Sep  1 21:22:50 2009
@@ -1,0 +1,15 @@
+
+ https://bugs.gentoo.org/show_bug.cgi?id=280615
+ http://svn.python.org/view?view=rev&revision=74429
+
+--- expat/xmltok_impl.c	2005-12-16 22:57:47.000000000 +0100
++++ expat/xmltok_impl.c.oden	2009-08-21 23:55:41.000000000 +0200
+@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \

Modified: spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec
URL: http://svn.erp5.org/spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec?rev=28736&r1=28735&r2=28736&view=diff
==============================================================================
--- spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec [utf8] (original)
+++ spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec [utf8] Tue Sep  1 21:22:50 2009
@@ -2,17 +2,18 @@
 %define name		python2.4-celementtree
 %define version		1.0.5
 %define date_version	20051216
-%define rel 1
 %define __python	/usr/bin/python2.4
 
 Name: 		%{name}
 Version: 	%{version}
-Release: 	%mkrel %rel
+%define subrel 1
+Release: 	%mkrel 3
 Summary:        Add-on to the standard ElementTree package
 Group: 		Development/Python
 License:	Python license
 URL:            http://effbot.org/zone/element-index.htm
 Source0:        http://effbot.org/downloads/%{module}-%{version}-%{date_version}.tar.bz2
+Patch0:		cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff
 Requires:	python2.4-elementtree
 BuildRequires:	python2.4 >= 2.2
 BuildRoot:      %{_tmppath}/%{name}-%{version}
@@ -23,6 +24,7 @@
 
 %prep
 %setup -q -n %{module}-%{version}-%{date_version}
+%patch0 -p0 -b .CVE-2009-XXXX
 
 
 %build
@@ -42,16 +44,6 @@
 %doc samples README* CHANGES*
 
 
-
 %changelog
-* Fri Jan 05 2007 Michael Scherer <misc at mandriva.org> 1.0.5-1mdv2007.0
-+ Revision: 104360
-- update to 1.0.5
-- use %%rel for mkrel
-
-* Thu Dec 14 2006 Nicolas Lécureuil <neoclust at mandriva.org> 1.0.2-4mdv2007.1
-+ Revision: 96892
-- Rebuild against new python
-- Rebuild for new python
-- import python-celementtree-1.0.2-1mdk
-
+* Tue Sep  1 2009 Kazuhiko Shiozaki <kazuhiko at nexedi.com> 1.0.5-3.1nxd2009.1
+- P0: security fix related to CVE-2009-2625




More information about the Erp5-report mailing list