[pkgsrc/trunk]: pkgsrc/www/lighttpd add patch from upstream to fix sign exten...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/12b2c4354afa
branches:  trunk
changeset: 596136:12b2c4354afa
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Nov 30 11:13:59 2011 +0000

description:
add patch from upstream to fix sign extension bug which can lead
to out-of-bounds array read
(possible DOS, CVE-2011-4362)
bump PKGREV

diffstat:

 www/lighttpd/Makefile         |   4 ++--
 www/lighttpd/distinfo         |   3 ++-
 www/lighttpd/patches/patch-aa |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)

diffs (43 lines):

diff -r b2d7847a257c -r 12b2c4354afa www/lighttpd/Makefile
--- a/www/lighttpd/Makefile     Wed Nov 30 11:10:16 2011 +0000
+++ b/www/lighttpd/Makefile     Wed Nov 30 11:13:59 2011 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.28 2011/08/23 13:06:54 obache Exp $
+# $NetBSD: Makefile,v 1.29 2011/11/30 11:13:59 drochner Exp $
 
 DISTNAME=      lighttpd-1.4.29
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    www
 MASTER_SITES=  http://download.lighttpd.net/lighttpd/releases-1.4.x/
 EXTRACT_SUFX=  .tar.bz2
diff -r b2d7847a257c -r 12b2c4354afa www/lighttpd/distinfo
--- a/www/lighttpd/distinfo     Wed Nov 30 11:10:16 2011 +0000
+++ b/www/lighttpd/distinfo     Wed Nov 30 11:13:59 2011 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.20 2011/07/14 19:59:45 adam Exp $
+$NetBSD: distinfo,v 1.21 2011/11/30 11:13:59 drochner Exp $
 
 SHA1 (lighttpd-1.4.29.tar.bz2) = fe8ee6dc5f5302bffef905fcdf0b35f255e59b32
 RMD160 (lighttpd-1.4.29.tar.bz2) = d4369e8970001d2ebe4e49767053c341c4bd2f27
 Size (lighttpd-1.4.29.tar.bz2) = 659974 bytes
+SHA1 (patch-aa) = 12969ff0e488494e83188ba8130466c8d7e0275e
diff -r b2d7847a257c -r 12b2c4354afa www/lighttpd/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lighttpd/patches/patch-aa     Wed Nov 30 11:13:59 2011 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-aa,v 1.11 2011/11/30 11:13:59 drochner Exp $
+
+CVE-2011-4362
+
+--- src/http_auth.c.orig       2011-04-24 15:44:59.000000000 +0000
++++ src/http_auth.c
+@@ -95,7 +95,7 @@ static unsigned char * base64_decode(buf
+       ch = in[0];
+       /* run through the whole string, converting as we go */
+       for (i = 0; i < in_len; i++) {
+-              ch = in[i];
++              ch = (unsigned char) in[i];
+ 
+               if (ch == '\0') break;
+