[pkgsrc/trunk]: pkgsrc/net/ldns Apply fix for CVE-2017-10002, via

[he <he%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/558148768efc
branches:  trunk
changeset: 375516:558148768efc
user:      he <he%pkgsrc.org@localhost>
date:      Tue Feb 13 14:59:14 2018 +0000

description:
Apply fix for CVE-2017-10002, via
https://git.nlnetlabs.nl/ldns/commit/?id=c8391790
Bump PKGREVISION.

diffstat:

 net/ldns/Makefile              |   4 ++--
 net/ldns/distinfo              |   3 ++-
 net/ldns/patches/patch-parse.c |  18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diffs (49 lines):

diff -r e43a8ca19cdf -r 558148768efc net/ldns/Makefile
--- a/net/ldns/Makefile Tue Feb 13 13:49:44 2018 +0000
+++ b/net/ldns/Makefile Tue Feb 13 14:59:14 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.36 2016/07/09 06:38:42 wiz Exp $
+# $NetBSD: Makefile,v 1.37 2018/02/13 14:59:14 he Exp $
 
 DISTNAME=      ldns-1.6.17
-PKGREVISION=   4
+PKGREVISION=   5
 CATEGORIES=    net
 MASTER_SITES=  http://www.nlnetlabs.nl/downloads/ldns/
 
diff -r e43a8ca19cdf -r 558148768efc net/ldns/distinfo
--- a/net/ldns/distinfo Tue Feb 13 13:49:44 2018 +0000
+++ b/net/ldns/distinfo Tue Feb 13 14:59:14 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.20 2015/11/04 00:35:08 agc Exp $
+$NetBSD: distinfo,v 1.21 2018/02/13 14:59:14 he Exp $
 
 SHA1 (ldns-1.6.17.tar.gz) = 4218897b3c002aadfc7280b3f40cda829e05c9a4
 RMD160 (ldns-1.6.17.tar.gz) = 5382cfaafa7ec1fadcf390f804fbf14e04d7c03a
@@ -6,3 +6,4 @@
 Size (ldns-1.6.17.tar.gz) = 1315403 bytes
 SHA1 (patch-doc_doxyparse.pl) = 8d21d6f1c2e5e8d9ecc16a23dc7a462f0c54b5f7
 SHA1 (patch-examples_ldns-keygen.c) = 12ab1cb2c74f09d763969298a21c9470b748d292
+SHA1 (patch-parse.c) = 206e12c806854b652a799e98efd86c5e15f8024d
diff -r e43a8ca19cdf -r 558148768efc net/ldns/patches/patch-parse.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/ldns/patches/patch-parse.c    Tue Feb 13 14:59:14 2018 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-parse.c,v 1.1 2018/02/13 14:59:15 he Exp $
+
+Apply fix for CVE-2017-10002, via
+https://git.nlnetlabs.nl/ldns/commit/?id=c8391790
+
+--- parse.c.orig       2014-01-10 21:04:41.000000000 +0000
++++ parse.c
+@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, 
+                       if (line_nr) {
+                               *line_nr = *line_nr + 1;
+                       }
++                      if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
++                              *t = '\0';
++                              return -1;
++                      }
+                       *t++ = ' ';
+                       prev_c = c;
+                       continue;