Tue Jan 26 18:37:02 2010 UTC ()

add patch from upstream CVS to fix CVE-2009-3560
(possible DOS due to crash on bad input)
bump PKGREVISION


(drochner)

diff -r1.24 -r1.25 pkgsrc/textproc/expat/Makefile
diff -r1.18 -r1.19 pkgsrc/textproc/expat/distinfo
diff -r0 -r1.1 pkgsrc/textproc/expat/patches/patch-ab

--- pkgsrc/textproc/expat/Makefile 2009/09/10 09:59:20 1.24
+++ pkgsrc/textproc/expat/Makefile 2010/01/26 18:37:01 1.25

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.24 2009/09/10 09:59:20 drochner Exp $
+# $NetBSD: Makefile,v 1.25 2010/01/26 18:37:01 drochner Exp $
+#
 DISTNAME=	expat-2.0.1
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	textproc
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=expat/}
 MAINTAINER=	drochner@NetBSD.org
 HOMEPAGE=	http://expat.sourceforge.net/
 COMMENT=	XML parser library written in C
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 PKG_DESTDIR_SUPPORT=	user-destdir
 GNU_CONFIGURE=		YES
 USE_LIBTOOL=		YES
 USE_TOOLS+=		gmake

--- pkgsrc/textproc/expat/distinfo 2009/11/08 08:34:32 1.18
+++ pkgsrc/textproc/expat/distinfo 2010/01/26 18:37:01 1.19

 @@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.18 2009/11/08 08:34:32 obache Exp $
+$NetBSD: distinfo,v 1.19 2010/01/26 18:37:01 drochner Exp $
 SHA1 (expat-2.0.1.tar.gz) = 663548c37b996082db1f2f2c32af060d7aa15c2d
 RMD160 (expat-2.0.1.tar.gz) = d31bcb152adaff9e358968be1ea901e1b4ed3b2f
 Size (expat-2.0.1.tar.gz) = 446456 bytes
 SHA1 (patch-aa) = 79b4caee7c1be8cecb1590b19c220d39e4723a26
 SHA1 (patch-ab) = bdca769ae40099e2e0e0f04c96b9ce7a97b4d66b

$NetBSD: patch-ab,v 1.1 2010/01/26 18:37:01 drochner Exp $

CVE-2009-3560

--- lib/xmlparse.c.orig	2007-05-08 02:25:35.000000000 +0000
+++ lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+	tok = -tok;
+	break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */