[pkgsrc/trunk]: pkgsrc/www/libwww apply expat patch to bundled version:

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/libwww apply expat patch to bundled version:
From: drochner <drochner%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 08:53:42 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b23a9f93c300
branches:  trunk
changeset: 570211:b23a9f93c300
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Tue Jan 26 18:38:26 2010 +0000

description:
apply expat patch to bundled version:
add patch from upstream CVS to fix CVE-2009-3560
(possible DOS due to crash on bad input)
bump PKGREVISION

diffstat:

 www/libwww/Makefile         |   4 ++--
 www/libwww/distinfo         |   3 ++-
 www/libwww/patches/patch-as |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r b3f5b2f14328 -r b23a9f93c300 www/libwww/Makefile
--- a/www/libwww/Makefile       Tue Jan 26 18:37:01 2010 +0000
+++ b/www/libwww/Makefile       Tue Jan 26 18:38:26 2010 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.80 2010/01/17 12:02:49 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2010/01/26 18:38:26 drochner Exp $
 
 DISTNAME=              w3c-libwww-5.4.0
 PKGNAME=               libwww-5.4.0
-PKGREVISION=           8
+PKGREVISION=           9
 CATEGORIES=            www devel
 MASTER_SITES=          http://www.w3.org/Library/Distribution/
 EXTRACT_SUFX=          .tgz
diff -r b3f5b2f14328 -r b23a9f93c300 www/libwww/distinfo
--- a/www/libwww/distinfo       Tue Jan 26 18:37:01 2010 +0000
+++ b/www/libwww/distinfo       Tue Jan 26 18:38:26 2010 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2009/11/08 08:38:54 obache Exp $
+$NetBSD: distinfo,v 1.25 2010/01/26 18:38:26 drochner Exp $
 
 SHA1 (libwww-configure-5.4.0nb2.gz) = de3292e2ec4034485b300845e7a0c0ef4ceb0199
 RMD160 (libwww-configure-5.4.0nb2.gz) = bead5840a43b85e7de79e1bf5e26fa997cf827e3
@@ -22,3 +22,4 @@
 SHA1 (patch-ap) = 506ee8ddd2e627aa6ba84b933ca39a6934b95689
 SHA1 (patch-aq) = f44086c50dfe3d5af714b6defcb40ac7a1ed36f1
 SHA1 (patch-ar) = ddbe9f7e7add849dcbdf215d0087bb3e314100c3
+SHA1 (patch-as) = cb88580f74998491eb822227af225055b0eeacee
diff -r b3f5b2f14328 -r b23a9f93c300 www/libwww/patches/patch-as
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/libwww/patches/patch-as       Tue Jan 26 18:38:26 2010 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-as,v 1.1 2010/01/26 18:38:27 drochner Exp $
+
+CVE-2009-3560
+
+--- modules/expat/xmlparse/xmlparse.c.orig     2000-08-28 08:52:01.000000000 +0000
++++ modules/expat/xmlparse/xmlparse.c
+@@ -2199,6 +2199,9 @@ doProlog(XML_Parser parser,
+       return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+       return XML_ERROR_PARTIAL_CHAR;
++      case -XML_TOK_PROLOG_S:
++      tok = -tok;
++      break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+       if (enc != encoding)

Prev by Date: [pkgsrc/trunk]: pkgsrc/sysutils + iat.
Next by Date: [pkgsrc/trunk]: pkgsrc Added www/p5-Task-Catalyst-Tutorial version 0.06
Previous by Thread: [pkgsrc/trunk]: pkgsrc/sysutils + iat.
Next by Thread: [pkgsrc/trunk]: pkgsrc Added www/p5-Task-Catalyst-Tutorial version 0.06
Indexes:

Home | Main Index | Thread Index | Old Index