diff options
author | spz <spz> | 2015-07-26 15:58:53 +0000 |
---|---|---|
committer | spz <spz> | 2015-07-26 15:58:53 +0000 |
commit | aa4f9d1eab8953ec8bc73cc752397ea7ddc13fbc (patch) | |
tree | ab79c558f45a5908ca2f9b53c22d2ace2f7fc8d7 | |
parent | 7604839644e96c7c97bab3fa9466d06fbe207547 (diff) | |
download | pkgsrc-aa4f9d1eab8953ec8bc73cc752397ea7ddc13fbc.tar.gz |
add fix for CVE-2015-5522 and CVE-2015-5523 from
https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f9
40d
-rw-r--r-- | www/tidy/Makefile | 4 | ||||
-rw-r--r-- | www/tidy/distinfo | 5 | ||||
-rw-r--r-- | www/tidy/patches/patch-aa | 6 | ||||
-rw-r--r-- | www/tidy/patches/patch-src_lexer.c | 27 |
4 files changed, 35 insertions, 7 deletions
diff --git a/www/tidy/Makefile b/www/tidy/Makefile index 3498dc6d9f9..9fe71e7c44c 100644 --- a/www/tidy/Makefile +++ b/www/tidy/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.43 2015/01/28 07:13:55 wiz Exp $ +# $NetBSD: Makefile,v 1.44 2015/07/26 15:58:53 spz Exp $ DISTNAME= tidy-20091027 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= www MASTER_SITES= # manually created tarballs on ftp.NetBSD.org only diff --git a/www/tidy/distinfo b/www/tidy/distinfo index a54b7aa2fd9..91fb4434a94 100644 --- a/www/tidy/distinfo +++ b/www/tidy/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.19 2011/01/21 21:18:12 wiz Exp $ +$NetBSD: distinfo,v 1.20 2015/07/26 15:58:53 spz Exp $ SHA1 (tidy-20091027.tar.gz) = f77203b481430fef66382dc32ae5152004dabe78 RMD160 (tidy-20091027.tar.gz) = b1e1aa3178b2e16095e1e6a532644462640b3f7f Size (tidy-20091027.tar.gz) = 492052 bytes -SHA1 (patch-aa) = fc86695745a6711d74d4f07f93a53d396f98e308 +SHA1 (patch-aa) = 1c9f52f2713bdab8662dd71ccecadbfe3806bda0 +SHA1 (patch-src_lexer.c) = abb93b322452607e552c3c76871acf5de93c9cf5 diff --git a/www/tidy/patches/patch-aa b/www/tidy/patches/patch-aa index 9503351a9f2..c46370d97d3 100644 --- a/www/tidy/patches/patch-aa +++ b/www/tidy/patches/patch-aa @@ -1,9 +1,9 @@ -$NetBSD: patch-aa,v 1.8 2011/01/21 21:18:12 wiz Exp $ +$NetBSD: patch-aa,v 1.9 2015/07/26 15:58:53 spz Exp $ Use subdirectory for include files. ---- build/gnuauto/include/Makefile.am.orig 2005-07-03 14:59:55.000000000 +0200 -+++ build/gnuauto/include/Makefile.am 2005-07-03 15:00:07.000000000 +0200 +--- build/gnuauto/include/Makefile.am.orig 2006-10-06 09:25:13.000000000 +0000 ++++ build/gnuauto/include/Makefile.am @@ -53,8 +53,8 @@ # acknowledgment is not required but would be appreciated. # diff --git a/www/tidy/patches/patch-src_lexer.c b/www/tidy/patches/patch-src_lexer.c new file mode 100644 index 00000000000..f10c99f7167 --- /dev/null +++ b/www/tidy/patches/patch-src_lexer.c @@ -0,0 +1,27 @@ +$NetBSD: patch-src_lexer.c,v 1.1 2015/07/26 15:58:53 spz Exp $ + +Fix for CVE-2015-5522 and CVE-2015-5523 from +https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d + +--- src/lexer.c.orig 2008-03-22 21:06:55.000000000 +0000 ++++ src/lexer.c +@@ -3467,16 +3467,16 @@ static tmbstr ParseValue( TidyDocImpl* d + /* and prompts attributes unless --literal-attributes is set to yes */ + /* #994841 - Whitespace is removed from value attributes */ + +- if (munge && ++ if ((len > 0) && munge && + TY_(tmbstrcasecmp)(name, "alt") && + TY_(tmbstrcasecmp)(name, "title") && + TY_(tmbstrcasecmp)(name, "value") && + TY_(tmbstrcasecmp)(name, "prompt")) + { +- while (TY_(IsWhite)(lexer->lexbuf[start+len-1])) ++ while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0)) + --len; + +- while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len) ++ while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0)) + { + ++start; + --len; |