fix SA36425: possible DoS due to an error when parsing certain

UTF-8 sequences
(patch from Python CVS)
bump PKGREVISION

3 files changed, 17 insertions, 2 deletions

diff --git a/textproc/expat/Makefile b/textproc/expat/Makefile
index 7d3d9c801f3..a741f6389f1 100644
--- a/textproc/expat/Makefile
+++ b/textproc/expat/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.23 2007/06/08 13:14:04 wiz Exp $
+# $NetBSD: Makefile,v 1.24 2009/09/10 09:59:20 drochner Exp $
 #
 
 DISTNAME=	expat-2.0.1
+PKGREVISION=	1
 CATEGORIES=	textproc
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=expat/}
 
diff --git a/textproc/expat/distinfo b/textproc/expat/distinfo
index 7b3445dd200..a66cb7b5a37 100644
--- a/textproc/expat/distinfo
+++ b/textproc/expat/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.16 2007/06/08 13:14:04 wiz Exp $
+$NetBSD: distinfo,v 1.17 2009/09/10 09:59:21 drochner Exp $
 
 SHA1 (expat-2.0.1.tar.gz) = 663548c37b996082db1f2f2c32af060d7aa15c2d
 RMD160 (expat-2.0.1.tar.gz) = d31bcb152adaff9e358968be1ea901e1b4ed3b2f
 Size (expat-2.0.1.tar.gz) = 446456 bytes
+SHA1 (patch-aa) = 55cb997bf87e982f1d7008af63a1b40962d09c74
diff --git a/textproc/expat/patches/patch-aa b/textproc/expat/patches/patch-aa
new file mode 100644
index 00000000000..b581a7e8f33
--- /dev/null
+++ b/textproc/expat/patches/patch-aa
@@ -0,0 +1,13 @@
+$NetBSD: patch-aa,v 1.7 2009/09/10 09:59:21 drochner Exp $
+
+--- lib/xmltok_impl.c.orig	2009-09-10 11:37:45.000000000 +0200
++++ lib/xmltok_impl.c
+@@ -1744,7 +1744,7 @@ PREFIX(updatePosition)(const ENCODING *e
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \