From 8379b5fb455736e503de2ad8746f3874429db731 Mon Sep 17 00:00:00 2001 From: obache Date: Sun, 3 Jul 2011 08:26:55 +0000 Subject: Add patches for CVE-2011-1754. Bump PKGREVISION. --- chat/jabberd/Makefile | 4 ++-- chat/jabberd/distinfo | 4 +++- chat/jabberd/patches/patch-jabberd_lib_xstream.c | 14 ++++++++++++++ chat/jabberd/patches/patch-jabberd_mio__xml.c | 14 ++++++++++++++ 4 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 chat/jabberd/patches/patch-jabberd_lib_xstream.c create mode 100644 chat/jabberd/patches/patch-jabberd_mio__xml.c (limited to 'chat') diff --git a/chat/jabberd/Makefile b/chat/jabberd/Makefile index ca08a2a688b..5c3c6634082 100644 --- a/chat/jabberd/Makefile +++ b/chat/jabberd/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.33 2010/05/04 18:33:35 gdt Exp $ +# $NetBSD: Makefile,v 1.34 2011/07/03 08:26:55 obache Exp $ # DISTNAME= jabber-1.4.2 PKGNAME= jabberd-1.4.2 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= chat MASTER_SITES= http://download.jabberd.org/jabberd14/ diff --git a/chat/jabberd/distinfo b/chat/jabberd/distinfo index a0b97ac91e7..03044d7f26d 100644 --- a/chat/jabberd/distinfo +++ b/chat/jabberd/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2010/05/04 18:33:35 gdt Exp $ +$NetBSD: distinfo,v 1.9 2011/07/03 08:26:55 obache Exp $ SHA1 (jabber-1.4.2.tar.gz) = aa0bc2e9815e4fa4a1ca8ba7f320bfd3c85ba11f RMD160 (jabber-1.4.2.tar.gz) = bff5a02d3b76243ce59ddb66873ca1c51ef4bb5f @@ -7,3 +7,5 @@ SHA1 (patch-aa) = 5e62a744f35697961fc6708c2be2c374a9782505 SHA1 (patch-ab) = 8722b0db3870e14eaf3e40f5493544db8a813fc1 SHA1 (patch-ac) = 3b17761c9ea2d1e17f3194ac8cf54fbca4c80367 SHA1 (patch-ad) = 1eb45d4433731867bc23afebefb54b7e18217a8d +SHA1 (patch-jabberd_lib_xstream.c) = 7a6eb4012057abb0478ca07d0deb38109ab255cf +SHA1 (patch-jabberd_mio__xml.c) = 45c57d481bfa7b84dbe5fa73f2b2c9127490d683 diff --git a/chat/jabberd/patches/patch-jabberd_lib_xstream.c b/chat/jabberd/patches/patch-jabberd_lib_xstream.c new file mode 100644 index 00000000000..b9a49f7761a --- /dev/null +++ b/chat/jabberd/patches/patch-jabberd_lib_xstream.c @@ -0,0 +1,14 @@ +$NetBSD: patch-jabberd_lib_xstream.c,v 1.1 2011/07/03 08:26:55 obache Exp $ + +* fix CVE-2011-1754 + +--- jabberd/lib/xstream.c.orig 2002-02-08 07:39:24.000000000 +0000 ++++ jabberd/lib/xstream.c +@@ -142,6 +142,7 @@ xstream xstream_new(pool p, xstream_onNo + + /* create expat parser and ensure cleanup */ + newx->parser = XML_ParserCreate(NULL); ++ XML_SetDefaultHandler(newx->parser, NULL); + XML_SetUserData(newx->parser, (void *)newx); + XML_SetElementHandler(newx->parser, (void *)_xstream_startElement, (void *)_xstream_endElement); + XML_SetCharacterDataHandler(newx->parser, (void *)_xstream_charData); diff --git a/chat/jabberd/patches/patch-jabberd_mio__xml.c b/chat/jabberd/patches/patch-jabberd_mio__xml.c new file mode 100644 index 00000000000..d3e022ed856 --- /dev/null +++ b/chat/jabberd/patches/patch-jabberd_mio__xml.c @@ -0,0 +1,14 @@ +$NetBSD: patch-jabberd_mio__xml.c,v 1.1 2011/07/03 08:26:55 obache Exp $ + +* fix CVE-2011-1754 + +--- jabberd/mio_xml.c.orig 2002-02-08 07:39:27.000000000 +0000 ++++ jabberd/mio_xml.c +@@ -118,6 +118,7 @@ void _mio_xstream_init(mio m) + /* Initialize the parser */ + m->parser = XML_ParserCreate(NULL); + XML_SetUserData(m->parser, m); ++ XML_SetDefaultHandler(m->parser, NULL); + XML_SetElementHandler(m->parser, (void*)_mio_xstream_startElement, (void*)_mio_xstream_endElement); + XML_SetCharacterDataHandler(m->parser, (void*)_mio_xstream_CDATA); + /* Setup a cleanup routine to release the parser when everything is done */ -- cgit v1.2.3