pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/tidy tidy: Backport a patch from upstream to addre...
details: https://anonhg.NetBSD.org/pkgsrc/rev/83c6840ba574
branches: trunk
changeset: 313896:83c6840ba574
user: leot <leot%pkgsrc.org@localhost>
date: Sat Oct 13 11:14:38 2018 +0000
description:
tidy: Backport a patch from upstream to address CVE-2017-17497
Bump PKGREVISION
diffstat:
www/tidy/Makefile | 3 ++-
www/tidy/distinfo | 3 ++-
www/tidy/patches/patch-src_clean.c | 23 +++++++++++++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
diffs (52 lines):
diff -r a0beb0cdb194 -r 83c6840ba574 www/tidy/Makefile
--- a/www/tidy/Makefile Sat Oct 13 10:54:04 2018 +0000
+++ b/www/tidy/Makefile Sat Oct 13 11:14:38 2018 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.53 2017/11/27 13:01:37 adam Exp $
+# $NetBSD: Makefile,v 1.54 2018/10/13 11:14:38 leot Exp $
DISTNAME= tidy-html5-5.6.0
PKGNAME= ${DISTNAME:S/-html5//}
+PKGREVISION= 1
CATEGORIES= www textproc
MASTER_SITES= ${MASTER_SITE_GITHUB:=htacg/}
diff -r a0beb0cdb194 -r 83c6840ba574 www/tidy/distinfo
--- a/www/tidy/distinfo Sat Oct 13 10:54:04 2018 +0000
+++ b/www/tidy/distinfo Sat Oct 13 11:14:38 2018 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.24 2017/11/27 13:01:37 adam Exp $
+$NetBSD: distinfo,v 1.25 2018/10/13 11:14:38 leot Exp $
SHA1 (tidy-html5-5.6.0.tar.gz) = bd6812f3493095c4ca42be11fe3884d1da11c361
RMD160 (tidy-html5-5.6.0.tar.gz) = 54ffd0e53240ca7e2e619fb527bd1db7cb68e66f
SHA512 (tidy-html5-5.6.0.tar.gz) = 179088a6dbd29bb0e4f0219222f755b186145495f7414f6d0e178803ab67140391283d35352d946f9790c6b1b5b462ee6e24f1cc84f19391cb9b65e73979ffd1
Size (tidy-html5-5.6.0.tar.gz) = 665438 bytes
+SHA1 (patch-src_clean.c) = a846b09ef29b747f71e92669397e55a1e1b3bc8d
diff -r a0beb0cdb194 -r 83c6840ba574 www/tidy/patches/patch-src_clean.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/tidy/patches/patch-src_clean.c Sat Oct 13 11:14:38 2018 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-src_clean.c,v 1.1 2018/10/13 11:14:38 leot Exp $
+
+Backport patch from upstream for CVE-2017-17497, via uptsream commit:
+
+ <https://github.com/htacg/tidy-html5/commit/a111d7a9691953f903ffa1fdbc3762dec22fc215>
+
+Issue #656 - protect against NULL node set in loop
+
+--- src/clean.c.orig 2017-11-25 13:54:41.000000000 +0000
++++ src/clean.c
+@@ -2211,8 +2211,10 @@ Bool TY_(TidyMetaCharset)(TidyDocImpl* d
+ tidyBufAppend(&charsetString, "charset=", 8);
+ tidyBufAppend(&charsetString, (char*)enc, TY_(tmbstrlen)(enc));
+ tidyBufAppend(&charsetString, "\0", 1); /* zero terminate the buffer */
+- /* process the children of the head */
+- for (currentNode = head->content; currentNode; currentNode = currentNode->next)
++ /* process the children of the head */
++ /* Issue #656 - guard against 'currentNode' being set NULL in loop */
++ for (currentNode = head->content; currentNode;
++ currentNode = (currentNode ? currentNode->next : NULL))
+ {
+ if (!nodeIsMETA(currentNode))
+ continue; /* not a meta node */
Home |
Main Index |
Thread Index |
Old Index