diff --git a/sblim-sfcb-1.3.16-escape.patch b/sblim-sfcb-1.3.16-escape.patch
new file mode 100644
index 0000000..ab12c48
--- /dev/null
+++ b/sblim-sfcb-1.3.16-escape.patch
@@ -0,0 +1,49 @@
+diff -up sblim-sfcb-1.3.16/cimXmlGen.c.escape sblim-sfcb-1.3.16/cimXmlGen.c
+--- sblim-sfcb-1.3.16/cimXmlGen.c.escape 2013-04-29 14:29:14.084335007 +0200
++++ sblim-sfcb-1.3.16/cimXmlGen.c 2013-04-29 14:28:44.000000000 +0200
+@@ -70,6 +70,23 @@ const char *opGetClassNameChars(CMPIObje
+ data2xml((data),(obj),(name),(refname),(btag),sizeof(btag)-1,(etag), \
+ sizeof(etag)-1,(sb),(qsb),(inst),(param))
+
++static int add_escaped_instance(UtilStringBuffer *sb, CMPIInstance *inst)
++{
++ UtilStringBuffer *instance;
++
++ _SFCB_ENTER(TRACE_CIMXMLPROC, "add_escaped_instance");
++
++ instance = UtilFactory->newStrinBuffer(1024);
++ if (!instance)
++ _SFCB_RETURN(1);
++
++ instance2xml(inst, instance, 0);
++ char *escaped = XMLEscape((char *) instance->ft->getCharPtr(instance), NULL);
++ sb->ft->appendChars(sb, escaped);
++ free(escaped);
++ instance->ft->release(instance);
++ _SFCB_RETURN(0);
++}
+
+ char *XMLEscape(char *in, int *outlen)
+ {
+@@ -542,9 +559,7 @@ int value2xml(CMPIData d, UtilStringBuff
+ }
+ }
+ else if(d.type == CMPI_instance) {
+- SFCB_APPENDCHARS_BLOCK(sb, "");
++ add_escaped_instance(sb, d.value.inst);
+ splen = 0;
+ }
+ else {
+@@ -754,9 +769,7 @@ void data2xml(CMPIData * data, void *obj
+ else SFCB_APPENDCHARS_BLOCK(sb, "\" TYPE=\"string\">\n");
+ if(data->value.inst) {
+ SFCB_APPENDCHARS_BLOCK(sb, "");
+- SFCB_APPENDCHARS_BLOCK(sb, "value.inst, sb, 0);
+- SFCB_APPENDCHARS_BLOCK(sb, "]]>");
++ add_escaped_instance(sb, data->value.inst);
+ SFCB_APPENDCHARS_BLOCK(sb, "\n");
+ }
+ }
diff --git a/sblim-sfcb.spec b/sblim-sfcb.spec
index 1711345..a0c3909 100644
--- a/sblim-sfcb.spec
+++ b/sblim-sfcb.spec
@@ -27,6 +27,8 @@ Patch4: sblim-sfcb-1.3.15-fix-provider-debugging.patch
Patch5: sblim-sfcb-1.3.16-invalid-read.patch
Patch6: sblim-sfcb-1.3.16-invalid-read2.patch
Patch7: sblim-sfcb-1.3.16-embedded-crash.patch
+# Patch8: already upstream, http://sourceforge.net/p/sblim/sfcb-tix/44/
+Patch8: sblim-sfcb-1.3.16-escape.patch
Source1: sfcb.service
Provides: cim-server
Requires: cim-schema
@@ -59,6 +61,7 @@ Programming Interface (CMPI).
%patch5 -p1 -b .invalid-read
%patch6 -p1 -b .invalid-read2
%patch7 -p1 -b .embedded-crash
+%patch8 -p1 -b .escape
%build
%configure --enable-debug --enable-uds --enable-ssl --enable-pam --enable-ipv6 CFLAGS="$CFLAGS -D_GNU_SOURCE -fPIE -DPIE" LDFLAGS="$LDFLAGS -Wl,-z,now -pie"
@@ -116,6 +119,8 @@ fi;
* Mon May 20 2013 Vitezslav Crhonek - 1.3.16-3
- Fix indCIMXmlHandler crash in IndCIMXMLHandlerInvokeMethod with Embedded Instances
Resolves: #957747
+- Fix sfcb creates invalid XML with embedded object inside embedded object
+ Resolves: #957742
* Tue Jan 29 2013 Vitezslav Crhonek - 1.3.16-2
- Fix URL in the spec file