add patch from upstream to fix possible array underflow, leading

to DOS or possible code injection (CVE-2012-5134)
bump PKGREV

3 files changed, 17 insertions, 2 deletions

diff --git a/textproc/libxml2/Makefile b/textproc/libxml2/Makefile
index b9c917d4b92..2fa24a11816 100644
--- a/textproc/libxml2/Makefile
+++ b/textproc/libxml2/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.121 2012/10/25 06:56:04 asau Exp $
+# $NetBSD: Makefile,v 1.122 2012/12/15 12:39:24 drochner Exp $
 
 DISTNAME=	libxml2-2.9.0
+PKGREVISION=	1
 CATEGORIES=	textproc
 MASTER_SITES=	ftp://xmlsoft.org/libxml2/ \
 		http://xmlsoft.org/sources/
diff --git a/textproc/libxml2/distinfo b/textproc/libxml2/distinfo
index 594ef2771be..ae3b0736c9b 100644
--- a/textproc/libxml2/distinfo
+++ b/textproc/libxml2/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.95 2012/09/15 10:23:38 adam Exp $
+$NetBSD: distinfo,v 1.96 2012/12/15 12:39:24 drochner Exp $
 
 SHA1 (libxml2-2.9.0.tar.gz) = a43d7c0a8e463ac5a7846254f2a732a9af146fab
 RMD160 (libxml2-2.9.0.tar.gz) = d025639320bb34adbc45a43f46354190f6bbb7b5
 Size (libxml2-2.9.0.tar.gz) = 5161069 bytes
+SHA1 (patch-CVE-2012-5134) = 22caaed2b03334d42253b2b1c5a43473e6c8b4dc
 SHA1 (patch-aa) = 6fcfb2e1ac374a7a047ee188a61ef218106ee54a
 SHA1 (patch-ab) = c399ed5bfd429c2bac1de6f500d2ef47ab06f2fd
 SHA1 (patch-ac) = 101cd554fd22e8e9817e21591240eb784b1219b5
diff --git a/textproc/libxml2/patches/patch-CVE-2012-5134 b/textproc/libxml2/patches/patch-CVE-2012-5134
new file mode 100644
index 00000000000..a81f5d908a0
--- /dev/null
+++ b/textproc/libxml2/patches/patch-CVE-2012-5134
@@ -0,0 +1,13 @@
+$NetBSD: patch-CVE-2012-5134,v 1.1 2012/12/15 12:39:24 drochner Exp $
+
+--- parser.c.orig	2012-09-11 04:24:08.000000000 +0000
++++ parser.c
+@@ -4075,7 +4075,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr
+         goto error;
+ 
+     if ((in_space) && (normalize)) {
+-        while (buf[len - 1] == 0x20) len--;
++        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+     }
+     buf[len] = 0;
+     if (RAW == '<') {