add patch from upstream CVS to fix CVE-2009-3560 (possible DOS due to crash on bad input) bump PKGREVISIONdiff -r1.24 -r1.25 pkgsrc/textproc/expat/Makefile
(drochner)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.24 2009/09/10 09:59:20 drochner Exp $ | 1 | # $NetBSD: Makefile,v 1.25 2010/01/26 18:37:01 drochner Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= expat-2.0.1 | 4 | DISTNAME= expat-2.0.1 | |
5 | PKGREVISION= 1 | 5 | PKGREVISION= 2 | |
6 | CATEGORIES= textproc | 6 | CATEGORIES= textproc | |
7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=expat/} | 7 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=expat/} | |
8 | 8 | |||
9 | MAINTAINER= drochner@NetBSD.org | 9 | MAINTAINER= drochner@NetBSD.org | |
10 | HOMEPAGE= http://expat.sourceforge.net/ | 10 | HOMEPAGE= http://expat.sourceforge.net/ | |
11 | COMMENT= XML parser library written in C | 11 | COMMENT= XML parser library written in C | |
12 | 12 | |||
13 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 13 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
14 | PKG_DESTDIR_SUPPORT= user-destdir | 14 | PKG_DESTDIR_SUPPORT= user-destdir | |
15 | 15 | |||
16 | GNU_CONFIGURE= YES | 16 | GNU_CONFIGURE= YES | |
17 | USE_LIBTOOL= YES | 17 | USE_LIBTOOL= YES | |
18 | USE_TOOLS+= gmake | 18 | USE_TOOLS+= gmake |
@@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.18 2009/11/08 08:34:32 obache Exp $ | 1 | $NetBSD: distinfo,v 1.19 2010/01/26 18:37:01 drochner Exp $ | |
2 | 2 | |||
3 | SHA1 (expat-2.0.1.tar.gz) = 663548c37b996082db1f2f2c32af060d7aa15c2d | 3 | SHA1 (expat-2.0.1.tar.gz) = 663548c37b996082db1f2f2c32af060d7aa15c2d | |
4 | RMD160 (expat-2.0.1.tar.gz) = d31bcb152adaff9e358968be1ea901e1b4ed3b2f | 4 | RMD160 (expat-2.0.1.tar.gz) = d31bcb152adaff9e358968be1ea901e1b4ed3b2f | |
5 | Size (expat-2.0.1.tar.gz) = 446456 bytes | 5 | Size (expat-2.0.1.tar.gz) = 446456 bytes | |
6 | SHA1 (patch-aa) = 79b4caee7c1be8cecb1590b19c220d39e4723a26 | 6 | SHA1 (patch-aa) = 79b4caee7c1be8cecb1590b19c220d39e4723a26 | |
7 | SHA1 (patch-ab) = bdca769ae40099e2e0e0f04c96b9ce7a97b4d66b |
$NetBSD: patch-ab,v 1.1 2010/01/26 18:37:01 drochner Exp $
CVE-2009-3560
--- lib/xmlparse.c.orig 2007-05-08 02:25:35.000000000 +0000
+++ lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
return XML_ERROR_UNCLOSED_TOKEN;
case XML_TOK_PARTIAL_CHAR:
return XML_ERROR_PARTIAL_CHAR;
+ case -XML_TOK_PROLOG_S:
+ tok = -tok;
+ break;
case XML_TOK_NONE:
#ifdef XML_DTD
/* for internal PE NOT referenced between declarations */