summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2010-01-26 18:38:26 +0000
committerdrochner <drochner@pkgsrc.org>2010-01-26 18:38:26 +0000
commite78f4a7eb53212c142fb069c2bd42b5b4c6bfefb (patch)
tree947fa6622e9cb359278cc3384b2b687f8deab522
parent0cd59efa20d5dd468c3f8080dfff4919cf1bbd3a (diff)
downloadpkgsrc-e78f4a7eb53212c142fb069c2bd42b5b4c6bfefb.tar.gz
apply expat patch to bundled version:
add patch from upstream CVS to fix CVE-2009-3560 (possible DOS due to crash on bad input) bump PKGREVISION
Diffstat
-rw-r--r--www/libwww/Makefile4
-rw-r--r--www/libwww/distinfo3
-rw-r--r--www/libwww/patches/patch-as16
3 files changed, 20 insertions, 3 deletions
diff --git a/www/libwww/Makefile b/www/libwww/Makefile
index 2ca1795b62b..063e7e85191 100644
--- a/www/libwww/Makefile
+++ b/www/libwww/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.80 2010/01/17 12:02:49 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2010/01/26 18:38:26 drochner Exp $
DISTNAME= w3c-libwww-5.4.0
PKGNAME= libwww-5.4.0
-PKGREVISION= 8
+PKGREVISION= 9
CATEGORIES= www devel
MASTER_SITES= http://www.w3.org/Library/Distribution/
EXTRACT_SUFX= .tgz
diff --git a/www/libwww/distinfo b/www/libwww/distinfo
index a1a3780a198..893c9baf6b3 100644
--- a/www/libwww/distinfo
+++ b/www/libwww/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2009/11/08 08:38:54 obache Exp $
+$NetBSD: distinfo,v 1.25 2010/01/26 18:38:26 drochner Exp $
SHA1 (libwww-configure-5.4.0nb2.gz) = de3292e2ec4034485b300845e7a0c0ef4ceb0199
RMD160 (libwww-configure-5.4.0nb2.gz) = bead5840a43b85e7de79e1bf5e26fa997cf827e3
@@ -22,3 +22,4 @@ SHA1 (patch-ao) = fa5c98f6c4e873f816e5a5bc48481d1462c946dc
SHA1 (patch-ap) = 506ee8ddd2e627aa6ba84b933ca39a6934b95689
SHA1 (patch-aq) = f44086c50dfe3d5af714b6defcb40ac7a1ed36f1
SHA1 (patch-ar) = ddbe9f7e7add849dcbdf215d0087bb3e314100c3
+SHA1 (patch-as) = cb88580f74998491eb822227af225055b0eeacee
diff --git a/www/libwww/patches/patch-as b/www/libwww/patches/patch-as
new file mode 100644
index 00000000000..dc6baee9c2b
--- /dev/null
+++ b/www/libwww/patches/patch-as
@@ -0,0 +1,16 @@
+$NetBSD: patch-as,v 1.1 2010/01/26 18:38:27 drochner Exp $
+
+CVE-2009-3560
+
+--- modules/expat/xmlparse/xmlparse.c.orig 2000-08-28 08:52:01.000000000 +0000
++++ modules/expat/xmlparse/xmlparse.c
+@@ -2199,6 +2199,9 @@ doProlog(XML_Parser parser,
+ return XML_ERROR_UNCLOSED_TOKEN;
+ case XML_TOK_PARTIAL_CHAR:
+ return XML_ERROR_PARTIAL_CHAR;
++ case -XML_TOK_PROLOG_S:
++ tok = -tok;
++ break;
+ case XML_TOK_NONE:
+ #ifdef XML_DTD
+ if (enc != encoding)
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-11 21:11:46 +0000