[pkgsrc/trunk]: pkgsrc/chat/jabberd Add patches for CVE-2011-1754. Bump PKGR...

[obache <obache%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7ebeb1215557
branches:  trunk
changeset: 590109:7ebeb1215557
user:      obache <obache%pkgsrc.org@localhost>
date:      Sun Jul 03 08:26:55 2011 +0000

description:
Add patches for CVE-2011-1754.  Bump PKGREVISION.

diffstat:

 chat/jabberd/Makefile                            |   4 ++--
 chat/jabberd/distinfo                            |   4 +++-
 chat/jabberd/patches/patch-jabberd_lib_xstream.c |  14 ++++++++++++++
 chat/jabberd/patches/patch-jabberd_mio__xml.c    |  14 ++++++++++++++
 4 files changed, 33 insertions(+), 3 deletions(-)

diffs (66 lines):

diff -r 939a4ff33785 -r 7ebeb1215557 chat/jabberd/Makefile
--- a/chat/jabberd/Makefile     Sun Jul 03 08:22:12 2011 +0000
+++ b/chat/jabberd/Makefile     Sun Jul 03 08:26:55 2011 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.33 2010/05/04 18:33:35 gdt Exp $
+# $NetBSD: Makefile,v 1.34 2011/07/03 08:26:55 obache Exp $
 #
 
 DISTNAME=              jabber-1.4.2
 PKGNAME=               jabberd-1.4.2
-PKGREVISION=           8
+PKGREVISION=           9
 CATEGORIES=            chat
 MASTER_SITES=          http://download.jabberd.org/jabberd14/
 
diff -r 939a4ff33785 -r 7ebeb1215557 chat/jabberd/distinfo
--- a/chat/jabberd/distinfo     Sun Jul 03 08:22:12 2011 +0000
+++ b/chat/jabberd/distinfo     Sun Jul 03 08:26:55 2011 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.8 2010/05/04 18:33:35 gdt Exp $
+$NetBSD: distinfo,v 1.9 2011/07/03 08:26:55 obache Exp $
 
 SHA1 (jabber-1.4.2.tar.gz) = aa0bc2e9815e4fa4a1ca8ba7f320bfd3c85ba11f
 RMD160 (jabber-1.4.2.tar.gz) = bff5a02d3b76243ce59ddb66873ca1c51ef4bb5f
@@ -7,3 +7,5 @@
 SHA1 (patch-ab) = 8722b0db3870e14eaf3e40f5493544db8a813fc1
 SHA1 (patch-ac) = 3b17761c9ea2d1e17f3194ac8cf54fbca4c80367
 SHA1 (patch-ad) = 1eb45d4433731867bc23afebefb54b7e18217a8d
+SHA1 (patch-jabberd_lib_xstream.c) = 7a6eb4012057abb0478ca07d0deb38109ab255cf
+SHA1 (patch-jabberd_mio__xml.c) = 45c57d481bfa7b84dbe5fa73f2b2c9127490d683
diff -r 939a4ff33785 -r 7ebeb1215557 chat/jabberd/patches/patch-jabberd_lib_xstream.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/jabberd/patches/patch-jabberd_lib_xstream.c  Sun Jul 03 08:26:55 2011 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-jabberd_lib_xstream.c,v 1.1 2011/07/03 08:26:55 obache Exp $
+
+* fix CVE-2011-1754
+
+--- jabberd/lib/xstream.c.orig 2002-02-08 07:39:24.000000000 +0000
++++ jabberd/lib/xstream.c
+@@ -142,6 +142,7 @@ xstream xstream_new(pool p, xstream_onNo
+ 
+     /* create expat parser and ensure cleanup */
+     newx->parser = XML_ParserCreate(NULL);
++    XML_SetDefaultHandler(newx->parser, NULL);
+     XML_SetUserData(newx->parser, (void *)newx);
+     XML_SetElementHandler(newx->parser, (void *)_xstream_startElement, (void *)_xstream_endElement);
+     XML_SetCharacterDataHandler(newx->parser, (void *)_xstream_charData);
diff -r 939a4ff33785 -r 7ebeb1215557 chat/jabberd/patches/patch-jabberd_mio__xml.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/chat/jabberd/patches/patch-jabberd_mio__xml.c     Sun Jul 03 08:26:55 2011 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-jabberd_mio__xml.c,v 1.1 2011/07/03 08:26:55 obache Exp $
+
+* fix CVE-2011-1754
+
+--- jabberd/mio_xml.c.orig     2002-02-08 07:39:27.000000000 +0000
++++ jabberd/mio_xml.c
+@@ -118,6 +118,7 @@ void _mio_xstream_init(mio m)
+           /* Initialize the parser */
+           m->parser = XML_ParserCreate(NULL);
+           XML_SetUserData(m->parser, m);
++          XML_SetDefaultHandler(m->parser, NULL);
+           XML_SetElementHandler(m->parser, (void*)_mio_xstream_startElement, (void*)_mio_xstream_endElement);
+           XML_SetCharacterDataHandler(m->parser, (void*)_mio_xstream_CDATA);
+           /* Setup a cleanup routine to release the parser when everything is done */