- revised fix for CVE-2009-3560 regression (#544996)

expat-1.95.8-CVE-2009-3560.patch

@@ -1,13 +0,0 @@
-
-http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
-
---- expat-1.95.8/lib/xmlparse.c.cve3560
-+++ expat-1.95.8/lib/xmlparse.c
-@@ -3637,7 +3637,6 @@ doProlog(XML_Parser parser,
-         return XML_ERROR_NO_ELEMENTS;
-       default:
-         tok = -tok;
--        next = end;
-         break;
-       }
-     }

expat-2.0.1-CVE-2009-3560-revised.patch

@@ -1,9 +1,4 @@
-
-Fix regression in the CVE-2009-3560 patch.
-
-http://mail.libexpat.org/pipermail/expat-discuss/2009-December/002646.html
-
---- expat-2.0.1/lib/xmlparse.c.fix3560
+--- expat-2.0.1/lib/xmlparse.c.newcve3560
 +++ expat-2.0.1/lib/xmlparse.c
 @@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
          return XML_ERROR_UNCLOSED_TOKEN;

expat.spec

@@ -5,9 +5,8 @@ Release: 9%{?dist}
 Group: System Environment/Libraries
 Source: http://downloads.sourceforge.net/expat/expat-%{version}.tar.gz
 Patch1: expat-2.0.1-confcxx.patch
-Patch2: expat-1.95.8-CVE-2009-3560.patch
+Patch2: expat-2.0.1-CVE-2009-3560-revised.patch
 Patch3: expat-1.95.8-CVE-2009-3720.patch
-Patch4: expat-2.0.1-fix3560.patch
 URL: http://www.libexpat.org/
 License: MIT
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -33,9 +32,8 @@ to develop XML applications with expat.
 %prep
 %setup -q
 %patch1 -p1 -b .confcxx
-%patch2 -p1 -b .cve3560
+%patch2 -p1 -b .newcve3560
 %patch3 -p1 -b .cve3720
-%patch4 -p1 -b .fix3560
 
 %build
 rm -rf autom4te*.cache
@@ -84,6 +82,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_includedir}/*.h
 
 %changelog
+* Mon Feb  8 2010 Joe Orton <jorton@redhat.com> - 2.0.1-10
+- revised fix for CVE-2009-3560 regression (#544996)
+
 * Sun Jan 31 2010 Joe Orton <jorton@redhat.com> - 2.0.1-9
 - drop static libraries (#556046)
 - add fix for regression in CVE-2009-3560 patch (#544996)