Add patch-ar for CVE-2009-3720.

Bump PKGREVISION.

3 files changed, 19 insertions, 3 deletions

diff --git a/www/libwww/Makefile b/www/libwww/Makefile
index 46e3a27284b..9ec52839bf7 100644
--- a/www/libwww/Makefile
+++ b/www/libwww/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.78 2008/04/12 22:43:13 jlam Exp $
+# $NetBSD: Makefile,v 1.79 2009/11/08 08:38:54 obache Exp $
 
 DISTNAME=		w3c-libwww-5.4.0
 PKGNAME=		libwww-5.4.0
-PKGREVISION=		6
+PKGREVISION=		7
 CATEGORIES=		www devel
 MASTER_SITES=		http://www.w3.org/Library/Distribution/
 EXTRACT_SUFX=		.tgz
diff --git a/www/libwww/distinfo b/www/libwww/distinfo
index 13553a75ac2..a1a3780a198 100644
--- a/www/libwww/distinfo
+++ b/www/libwww/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.23 2007/04/21 11:17:47 obache Exp $
+$NetBSD: distinfo,v 1.24 2009/11/08 08:38:54 obache Exp $
 
 SHA1 (libwww-configure-5.4.0nb2.gz) = de3292e2ec4034485b300845e7a0c0ef4ceb0199
 RMD160 (libwww-configure-5.4.0nb2.gz) = bead5840a43b85e7de79e1bf5e26fa997cf827e3
@@ -21,3 +21,4 @@ SHA1 (patch-an) = e7195c25ce08e13e0c8b64b05b737e9a5f5157a8
 SHA1 (patch-ao) = fa5c98f6c4e873f816e5a5bc48481d1462c946dc
 SHA1 (patch-ap) = 506ee8ddd2e627aa6ba84b933ca39a6934b95689
 SHA1 (patch-aq) = f44086c50dfe3d5af714b6defcb40ac7a1ed36f1
+SHA1 (patch-ar) = ddbe9f7e7add849dcbdf215d0087bb3e314100c3
diff --git a/www/libwww/patches/patch-ar b/www/libwww/patches/patch-ar
new file mode 100644
index 00000000000..50a58bbdca8
--- /dev/null
+++ b/www/libwww/patches/patch-ar
@@ -0,0 +1,15 @@
+$NetBSD: patch-ar,v 1.1 2009/11/08 08:38:54 obache Exp $
+
+CVE-2009-3720
+
+--- modules/expat/xmltok/xmltok_impl.c.orig	2000-08-28 08:52:01.000000000 +0000
++++ modules/expat/xmltok/xmltok_impl.c
+@@ -1753,7 +1753,7 @@ void PREFIX(updatePosition)(const ENCODI
+ 			    const char *end,
+ 			    POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \