fix CVE-2009-3720 in libtlen.

Bump PKGREVISION.

3 files changed, 18 insertions, 2 deletions

diff --git a/chat/libtlen/Makefile b/chat/libtlen/Makefile
index c99118f85f1..ed50ef9d83f 100644
--- a/chat/libtlen/Makefile
+++ b/chat/libtlen/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2014/10/09 14:06:02 wiz Exp $
+# $NetBSD: Makefile,v 1.13 2017/08/01 10:41:45 nros Exp $
 
 DISTNAME=	libtlen-20041113
+PKGREVISION=	1
 CATEGORIES=	chat
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libtlen/}
 
diff --git a/chat/libtlen/distinfo b/chat/libtlen/distinfo
index e001e07f1fe..c69b2424cb2 100644
--- a/chat/libtlen/distinfo
+++ b/chat/libtlen/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2015/11/03 01:20:21 agc Exp $
+$NetBSD: distinfo,v 1.10 2017/08/01 10:41:45 nros Exp $
 
 SHA1 (libtlen-20041113.tar.gz) = 5746e82329f7d92256940d36fe77ab63fa239c18
 RMD160 (libtlen-20041113.tar.gz) = b5fe22369e1515d6dc645eb272ea418b60fd734b
@@ -6,3 +6,4 @@ SHA512 (libtlen-20041113.tar.gz) = 9f9b1dfedb2b48871b31351ff9ac9227b175cfa2cb4e7
 Size (libtlen-20041113.tar.gz) = 160834 bytes
 SHA1 (patch-aa) = dd87abe68ab5e9e99598778aed03d2caafab6b8d
 SHA1 (patch-ab) = dd1569e2dee2208b7a5a8d83800d55454f8d9c36
+SHA1 (patch-lib_xmltok__impl.c) = 8571b0f363d05f4ab1ea810501d785fc3c1c8ac1
diff --git a/chat/libtlen/patches/patch-lib_xmltok__impl.c b/chat/libtlen/patches/patch-lib_xmltok__impl.c
new file mode 100644
index 00000000000..af8d9025483
--- /dev/null
+++ b/chat/libtlen/patches/patch-lib_xmltok__impl.c
@@ -0,0 +1,14 @@
+$NetBSD: patch-lib_xmltok__impl.c,v 1.1 2017/08/01 10:41:45 nros Exp $
+* fix CVE-2009-3720
+http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch
+--- lib/xmltok_impl.c.orig	2017-08-01 09:42:50.000000000 +0000
++++ lib/xmltok_impl.c
+@@ -1898,7 +1898,7 @@ static void PREFIX (updatePosition) (con
+ 				     const char *ptr,
+ 				     const char *end, POSITION * pos)
+ {
+-	while (ptr != end)
++	while (ptr < end)
+ 	{
+ 		switch (BYTE_TYPE (enc, ptr))
+ 		{