[pkgsrc/trunk]: pkgsrc/www/tidy tidy: Backport a patch from upstream to addre...

[leot <leot%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e9218527a705
branches:  trunk
changeset: 324267:e9218527a705
user:      leot <leot%pkgsrc.org@localhost>
date:      Sat Oct 13 11:14:38 2018 +0000

description:
tidy: Backport a patch from upstream to address CVE-2017-17497

Bump PKGREVISION

diffstat:

 www/tidy/Makefile                  |   3 ++-
 www/tidy/distinfo                  |   3 ++-
 www/tidy/patches/patch-src_clean.c |  23 +++++++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r 52619183017e -r e9218527a705 www/tidy/Makefile
--- a/www/tidy/Makefile Sat Oct 13 10:54:04 2018 +0000
+++ b/www/tidy/Makefile Sat Oct 13 11:14:38 2018 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.53 2017/11/27 13:01:37 adam Exp $
+# $NetBSD: Makefile,v 1.54 2018/10/13 11:14:38 leot Exp $
 
 DISTNAME=      tidy-html5-5.6.0
 PKGNAME=       ${DISTNAME:S/-html5//}
+PKGREVISION=   1
 CATEGORIES=    www textproc
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=htacg/}
 
diff -r 52619183017e -r e9218527a705 www/tidy/distinfo
--- a/www/tidy/distinfo Sat Oct 13 10:54:04 2018 +0000
+++ b/www/tidy/distinfo Sat Oct 13 11:14:38 2018 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.24 2017/11/27 13:01:37 adam Exp $
+$NetBSD: distinfo,v 1.25 2018/10/13 11:14:38 leot Exp $
 
 SHA1 (tidy-html5-5.6.0.tar.gz) = bd6812f3493095c4ca42be11fe3884d1da11c361
 RMD160 (tidy-html5-5.6.0.tar.gz) = 54ffd0e53240ca7e2e619fb527bd1db7cb68e66f
 SHA512 (tidy-html5-5.6.0.tar.gz) = 179088a6dbd29bb0e4f0219222f755b186145495f7414f6d0e178803ab67140391283d35352d946f9790c6b1b5b462ee6e24f1cc84f19391cb9b65e73979ffd1
 Size (tidy-html5-5.6.0.tar.gz) = 665438 bytes
+SHA1 (patch-src_clean.c) = a846b09ef29b747f71e92669397e55a1e1b3bc8d
diff -r 52619183017e -r e9218527a705 www/tidy/patches/patch-src_clean.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/tidy/patches/patch-src_clean.c        Sat Oct 13 11:14:38 2018 +0000
@@ -0,0 +1,23 @@
+$NetBSD: patch-src_clean.c,v 1.1 2018/10/13 11:14:38 leot Exp $
+
+Backport patch from upstream for CVE-2017-17497, via uptsream commit:
+
+ <https://github.com/htacg/tidy-html5/commit/a111d7a9691953f903ffa1fdbc3762dec22fc215>
+
+Issue #656 - protect against NULL node set in loop
+
+--- src/clean.c.orig   2017-11-25 13:54:41.000000000 +0000
++++ src/clean.c
+@@ -2211,8 +2211,10 @@ Bool TY_(TidyMetaCharset)(TidyDocImpl* d
+     tidyBufAppend(&charsetString, "charset=", 8);
+     tidyBufAppend(&charsetString, (char*)enc, TY_(tmbstrlen)(enc));
+     tidyBufAppend(&charsetString, "\0", 1); /* zero terminate the buffer */
+-                                            /* process the children of the head */
+-    for (currentNode = head->content; currentNode; currentNode = currentNode->next)
++    /* process the children of the head */
++    /* Issue #656 - guard against 'currentNode' being set NULL in loop */
++    for (currentNode = head->content; currentNode; 
++        currentNode = (currentNode ? currentNode->next : NULL))
+     {
+         if (!nodeIsMETA(currentNode))
+             continue;   /* not a meta node */