summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspz <spz>2015-07-26 15:58:53 +0000
committerspz <spz>2015-07-26 15:58:53 +0000
commitaa4f9d1eab8953ec8bc73cc752397ea7ddc13fbc (patch)
treeab79c558f45a5908ca2f9b53c22d2ace2f7fc8d7
parent7604839644e96c7c97bab3fa9466d06fbe207547 (diff)
downloadpkgsrc-aa4f9d1eab8953ec8bc73cc752397ea7ddc13fbc.tar.gz
add fix for CVE-2015-5522 and CVE-2015-5523 from
https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f9 40d
-rw-r--r--www/tidy/Makefile4
-rw-r--r--www/tidy/distinfo5
-rw-r--r--www/tidy/patches/patch-aa6
-rw-r--r--www/tidy/patches/patch-src_lexer.c27
4 files changed, 35 insertions, 7 deletions
diff --git a/www/tidy/Makefile b/www/tidy/Makefile
index 3498dc6d9f9..9fe71e7c44c 100644
--- a/www/tidy/Makefile
+++ b/www/tidy/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.43 2015/01/28 07:13:55 wiz Exp $
+# $NetBSD: Makefile,v 1.44 2015/07/26 15:58:53 spz Exp $
DISTNAME= tidy-20091027
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= www
MASTER_SITES= # manually created tarballs on ftp.NetBSD.org only
diff --git a/www/tidy/distinfo b/www/tidy/distinfo
index a54b7aa2fd9..91fb4434a94 100644
--- a/www/tidy/distinfo
+++ b/www/tidy/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.19 2011/01/21 21:18:12 wiz Exp $
+$NetBSD: distinfo,v 1.20 2015/07/26 15:58:53 spz Exp $
SHA1 (tidy-20091027.tar.gz) = f77203b481430fef66382dc32ae5152004dabe78
RMD160 (tidy-20091027.tar.gz) = b1e1aa3178b2e16095e1e6a532644462640b3f7f
Size (tidy-20091027.tar.gz) = 492052 bytes
-SHA1 (patch-aa) = fc86695745a6711d74d4f07f93a53d396f98e308
+SHA1 (patch-aa) = 1c9f52f2713bdab8662dd71ccecadbfe3806bda0
+SHA1 (patch-src_lexer.c) = abb93b322452607e552c3c76871acf5de93c9cf5
diff --git a/www/tidy/patches/patch-aa b/www/tidy/patches/patch-aa
index 9503351a9f2..c46370d97d3 100644
--- a/www/tidy/patches/patch-aa
+++ b/www/tidy/patches/patch-aa
@@ -1,9 +1,9 @@
-$NetBSD: patch-aa,v 1.8 2011/01/21 21:18:12 wiz Exp $
+$NetBSD: patch-aa,v 1.9 2015/07/26 15:58:53 spz Exp $
Use subdirectory for include files.
---- build/gnuauto/include/Makefile.am.orig 2005-07-03 14:59:55.000000000 +0200
-+++ build/gnuauto/include/Makefile.am 2005-07-03 15:00:07.000000000 +0200
+--- build/gnuauto/include/Makefile.am.orig 2006-10-06 09:25:13.000000000 +0000
++++ build/gnuauto/include/Makefile.am
@@ -53,8 +53,8 @@
# acknowledgment is not required but would be appreciated.
#
diff --git a/www/tidy/patches/patch-src_lexer.c b/www/tidy/patches/patch-src_lexer.c
new file mode 100644
index 00000000000..f10c99f7167
--- /dev/null
+++ b/www/tidy/patches/patch-src_lexer.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-src_lexer.c,v 1.1 2015/07/26 15:58:53 spz Exp $
+
+Fix for CVE-2015-5522 and CVE-2015-5523 from
+https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d
+
+--- src/lexer.c.orig 2008-03-22 21:06:55.000000000 +0000
++++ src/lexer.c
+@@ -3467,16 +3467,16 @@ static tmbstr ParseValue( TidyDocImpl* d
+ /* and prompts attributes unless --literal-attributes is set to yes */
+ /* #994841 - Whitespace is removed from value attributes */
+
+- if (munge &&
++ if ((len > 0) && munge &&
+ TY_(tmbstrcasecmp)(name, "alt") &&
+ TY_(tmbstrcasecmp)(name, "title") &&
+ TY_(tmbstrcasecmp)(name, "value") &&
+ TY_(tmbstrcasecmp)(name, "prompt"))
+ {
+- while (TY_(IsWhite)(lexer->lexbuf[start+len-1]))
++ while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0))
+ --len;
+
+- while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len)
++ while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0))
+ {
+ ++start;
+ --len;