[pkgsrc/trunk]: pkgsrc/devel/pwlib Fix overlong string DoS in pwlib's PString...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3aa77e09d2c6
branches:  trunk
changeset: 544143:3aa77e09d2c6
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun Jul 13 14:38:41 2008 +0000

description:
Fix overlong string DoS in pwlib's PString::vsprintf code (CVE-2007-4897).

diffstat:

 devel/pwlib/Makefile         |   4 ++--
 devel/pwlib/distinfo         |   3 ++-
 devel/pwlib/patches/patch-ax |  13 +++++++++++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diffs (48 lines):

diff -r a58bf50a492c -r 3aa77e09d2c6 devel/pwlib/Makefile
--- a/devel/pwlib/Makefile      Sun Jul 13 14:30:21 2008 +0000
+++ b/devel/pwlib/Makefile      Sun Jul 13 14:38:41 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.58 2008/01/18 05:14:38 tnn Exp $
+# $NetBSD: Makefile,v 1.59 2008/07/13 14:38:41 tonnerre Exp $
 
 DISTNAME=      pwlib-v1_8_3-src
 PKGNAME=       pwlib-1.8.3
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    devel
 MASTER_SITES+= http://www.voxgratia.org/releases/
 EXTRACT_SUFX=  -tar.gz
diff -r a58bf50a492c -r 3aa77e09d2c6 devel/pwlib/distinfo
--- a/devel/pwlib/distinfo      Sun Jul 13 14:30:21 2008 +0000
+++ b/devel/pwlib/distinfo      Sun Jul 13 14:38:41 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2007/10/10 15:16:12 rillig Exp $
+$NetBSD: distinfo,v 1.25 2008/07/13 14:38:41 tonnerre Exp $
 
 SHA1 (pwlib-v1_8_3-src-tar.gz) = d3a6eff571ebfd37889e75cbaef75983e6119d2e
 RMD160 (pwlib-v1_8_3-src-tar.gz) = 1ce2544ef631c8344543e62988f97022c998bb05
@@ -26,6 +26,7 @@
 SHA1 (patch-au) = 4947ee29e91c84f39a370ebc128c1e67737234d1
 SHA1 (patch-av) = 2bb533f6a29f10d357aed1b12c0bfc43af8a4f3b
 SHA1 (patch-aw) = 236cb19fc7f0b78055b0634b3821c099318abb9f
+SHA1 (patch-ax) = ef77c8c1f767490eba3400e1d784419e7cbfd335
 SHA1 (patch-ay) = 4a7978e13956172e9190444cb773c950c2e95ace
 SHA1 (patch-az) = b82405bea8da7d93d965457f1090e64149e5f561
 SHA1 (patch-ba) = 5695be7e37677e7d4db84bb997404030e8a8523f
diff -r a58bf50a492c -r 3aa77e09d2c6 devel/pwlib/patches/patch-ax
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/pwlib/patches/patch-ax      Sun Jul 13 14:38:41 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ax,v 1.1 2008/07/13 14:38:41 tonnerre Exp $
+
+--- ptlib/common/contain.cxx.orig      2004-10-21 15:04:21.000000000 +0200
++++ ptlib/common/contain.cxx
+@@ -2454,7 +2454,7 @@ PString & PString::vsprintf(const char *
+   PAssert(SetSize(2000), POutOfMemory);
+   ::vsprintf(theArray+len, fmt, arg);
+ #else
+-  PINDEX size = 0;
++  PINDEX size = len;
+   do {
+     size += 1000;
+     PAssert(SetSize(size), POutOfMemory);