[pkgsrc/trunk]: pkgsrc/textproc/expat add patch from upstream CVS to fix CVE-...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b3f5b2f14328
branches:  trunk
changeset: 570210:b3f5b2f14328
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Tue Jan 26 18:37:01 2010 +0000

description:
add patch from upstream CVS to fix CVE-2009-3560
(possible DOS due to crash on bad input)
bump PKGREVISION

diffstat:

 textproc/expat/Makefile         |   4 ++--
 textproc/expat/distinfo         |   3 ++-
 textproc/expat/patches/patch-ab |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diffs (46 lines):

diff -r d1514e2df94e -r b3f5b2f14328 textproc/expat/Makefile
--- a/textproc/expat/Makefile   Tue Jan 26 17:43:14 2010 +0000
+++ b/textproc/expat/Makefile   Tue Jan 26 18:37:01 2010 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.24 2009/09/10 09:59:20 drochner Exp $
+# $NetBSD: Makefile,v 1.25 2010/01/26 18:37:01 drochner Exp $
 #
 
 DISTNAME=      expat-2.0.1
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    textproc
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=expat/}
 
diff -r d1514e2df94e -r b3f5b2f14328 textproc/expat/distinfo
--- a/textproc/expat/distinfo   Tue Jan 26 17:43:14 2010 +0000
+++ b/textproc/expat/distinfo   Tue Jan 26 18:37:01 2010 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.18 2009/11/08 08:34:32 obache Exp $
+$NetBSD: distinfo,v 1.19 2010/01/26 18:37:01 drochner Exp $
 
 SHA1 (expat-2.0.1.tar.gz) = 663548c37b996082db1f2f2c32af060d7aa15c2d
 RMD160 (expat-2.0.1.tar.gz) = d31bcb152adaff9e358968be1ea901e1b4ed3b2f
 Size (expat-2.0.1.tar.gz) = 446456 bytes
 SHA1 (patch-aa) = 79b4caee7c1be8cecb1590b19c220d39e4723a26
+SHA1 (patch-ab) = bdca769ae40099e2e0e0f04c96b9ce7a97b4d66b
diff -r d1514e2df94e -r b3f5b2f14328 textproc/expat/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/expat/patches/patch-ab   Tue Jan 26 18:37:01 2010 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ab,v 1.1 2010/01/26 18:37:01 drochner Exp $
+
+CVE-2009-3560
+
+--- lib/xmlparse.c.orig        2007-05-08 02:25:35.000000000 +0000
++++ lib/xmlparse.c
+@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
+         return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+         return XML_ERROR_PARTIAL_CHAR;
++      case -XML_TOK_PROLOG_S:
++      tok = -tok;
++      break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+         /* for internal PE NOT referenced between declarations */