CVS commit: pkgsrc/chat/libtlen

["Niclas Rosenvik" <nros%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nros
Date:           Tue Aug  1 10:41:45 UTC 2017

Modified Files:
        pkgsrc/chat/libtlen: Makefile distinfo
Added Files:
        pkgsrc/chat/libtlen/patches: patch-lib_xmltok__impl.c

Log Message:
fix CVE-2009-3720 in libtlen.
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/chat/libtlen/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/chat/libtlen/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/chat/libtlen/patches/patch-lib_xmltok__impl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/chat/libtlen/Makefile
diff -u pkgsrc/chat/libtlen/Makefile:1.12 pkgsrc/chat/libtlen/Makefile:1.13
--- pkgsrc/chat/libtlen/Makefile:1.12   Thu Oct  9 14:06:02 2014
+++ pkgsrc/chat/libtlen/Makefile        Tue Aug  1 10:41:45 2017
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2014/10/09 14:06:02 wiz Exp $
+# $NetBSD: Makefile,v 1.13 2017/08/01 10:41:45 nros Exp $
 
 DISTNAME=      libtlen-20041113
+PKGREVISION=   1
 CATEGORIES=    chat
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libtlen/}
 

Index: pkgsrc/chat/libtlen/distinfo
diff -u pkgsrc/chat/libtlen/distinfo:1.9 pkgsrc/chat/libtlen/distinfo:1.10
--- pkgsrc/chat/libtlen/distinfo:1.9    Tue Nov  3 01:20:21 2015
+++ pkgsrc/chat/libtlen/distinfo        Tue Aug  1 10:41:45 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2015/11/03 01:20:21 agc Exp $
+$NetBSD: distinfo,v 1.10 2017/08/01 10:41:45 nros Exp $
 
 SHA1 (libtlen-20041113.tar.gz) = 5746e82329f7d92256940d36fe77ab63fa239c18
 RMD160 (libtlen-20041113.tar.gz) = b5fe22369e1515d6dc645eb272ea418b60fd734b
@@ -6,3 +6,4 @@ SHA512 (libtlen-20041113.tar.gz) = 9f9b1
 Size (libtlen-20041113.tar.gz) = 160834 bytes
 SHA1 (patch-aa) = dd87abe68ab5e9e99598778aed03d2caafab6b8d
 SHA1 (patch-ab) = dd1569e2dee2208b7a5a8d83800d55454f8d9c36
+SHA1 (patch-lib_xmltok__impl.c) = 8571b0f363d05f4ab1ea810501d785fc3c1c8ac1

Added files:

Index: pkgsrc/chat/libtlen/patches/patch-lib_xmltok__impl.c
diff -u /dev/null pkgsrc/chat/libtlen/patches/patch-lib_xmltok__impl.c:1.1
--- /dev/null   Tue Aug  1 10:41:45 2017
+++ pkgsrc/chat/libtlen/patches/patch-lib_xmltok__impl.c        Tue Aug  1 10:41:45 2017
@@ -0,0 +1,14 @@
+$NetBSD: patch-lib_xmltok__impl.c,v 1.1 2017/08/01 10:41:45 nros Exp $
+* fix CVE-2009-3720
+http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch
+--- lib/xmltok_impl.c.orig     2017-08-01 09:42:50.000000000 +0000
++++ lib/xmltok_impl.c
+@@ -1898,7 +1898,7 @@ static void PREFIX (updatePosition) (con
+                                    const char *ptr,
+                                    const char *end, POSITION * pos)
+ {
+-      while (ptr != end)
++      while (ptr < end)
+       {
+               switch (BYTE_TYPE (enc, ptr))
+               {