From 72931ecffc5e5e8c79d12fba5ff9ab7ffa2d6aca Mon Sep 17 00:00:00 2001
From: obache <obache@pkgsrc.org>
Date: Sun, 8 Nov 2009 08:38:54 +0000
Subject: Add patch-ar for CVE-2009-3720. Bump PKGREVISION.

---
 www/libwww/Makefile         |  4 ++--
 www/libwww/distinfo         |  3 ++-
 www/libwww/patches/patch-ar | 15 +++++++++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)
 create mode 100644 www/libwww/patches/patch-ar

diff --git a/www/libwww/Makefile b/www/libwww/Makefile
index 46e3a27284b..9ec52839bf7 100644
--- a/www/libwww/Makefile
+++ b/www/libwww/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.78 2008/04/12 22:43:13 jlam Exp $
+# $NetBSD: Makefile,v 1.79 2009/11/08 08:38:54 obache Exp $
 
 DISTNAME=		w3c-libwww-5.4.0
 PKGNAME=		libwww-5.4.0
-PKGREVISION=		6
+PKGREVISION=		7
 CATEGORIES=		www devel
 MASTER_SITES=		http://www.w3.org/Library/Distribution/
 EXTRACT_SUFX=		.tgz
diff --git a/www/libwww/distinfo b/www/libwww/distinfo
index 13553a75ac2..a1a3780a198 100644
--- a/www/libwww/distinfo
+++ b/www/libwww/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.23 2007/04/21 11:17:47 obache Exp $
+$NetBSD: distinfo,v 1.24 2009/11/08 08:38:54 obache Exp $
 
 SHA1 (libwww-configure-5.4.0nb2.gz) = de3292e2ec4034485b300845e7a0c0ef4ceb0199
 RMD160 (libwww-configure-5.4.0nb2.gz) = bead5840a43b85e7de79e1bf5e26fa997cf827e3
@@ -21,3 +21,4 @@ SHA1 (patch-an) = e7195c25ce08e13e0c8b64b05b737e9a5f5157a8
 SHA1 (patch-ao) = fa5c98f6c4e873f816e5a5bc48481d1462c946dc
 SHA1 (patch-ap) = 506ee8ddd2e627aa6ba84b933ca39a6934b95689
 SHA1 (patch-aq) = f44086c50dfe3d5af714b6defcb40ac7a1ed36f1
+SHA1 (patch-ar) = ddbe9f7e7add849dcbdf215d0087bb3e314100c3
diff --git a/www/libwww/patches/patch-ar b/www/libwww/patches/patch-ar
new file mode 100644
index 00000000000..50a58bbdca8
--- /dev/null
+++ b/www/libwww/patches/patch-ar
@@ -0,0 +1,15 @@
+$NetBSD: patch-ar,v 1.1 2009/11/08 08:38:54 obache Exp $
+
+CVE-2009-3720
+
+--- modules/expat/xmltok/xmltok_impl.c.orig	2000-08-28 08:52:01.000000000 +0000
++++ modules/expat/xmltok/xmltok_impl.c
+@@ -1753,7 +1753,7 @@ void PREFIX(updatePosition)(const ENCODI
+ 			    const char *end,
+ 			    POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \
-- 
cgit v1.2.3