fix CVE-2009-3720 in libtlen.

Bump PKGREVISION.
2017-08-01 10:41:45 +00:00 · 2017-08-01 10:41:45 +00:00 · 031536052f
commit 031536052f
parent 2c1241b106
3 changed files with 18 additions and 2 deletions
--- a/chat/libtlen/Makefile
+++ b/chat/libtlen/Makefile
@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2014/10/09 14:06:02 wiz Exp $
+# $NetBSD: Makefile,v 1.13 2017/08/01 10:41:45 nros Exp $

 DISTNAME=	libtlen-20041113
+PKGREVISION=	1
 CATEGORIES=	chat
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libtlen/}

--- a/chat/libtlen/distinfo
+++ b/chat/libtlen/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2015/11/03 01:20:21 agc Exp $
+$NetBSD: distinfo,v 1.10 2017/08/01 10:41:45 nros Exp $

 SHA1 (libtlen-20041113.tar.gz) = 5746e82329f7d92256940d36fe77ab63fa239c18
 RMD160 (libtlen-20041113.tar.gz) = b5fe22369e1515d6dc645eb272ea418b60fd734b
@ -6,3 +6,4 @@ SHA512 (libtlen-20041113.tar.gz) = 9f9b1dfedb2b48871b31351ff9ac9227b175cfa2cb4e7
 Size (libtlen-20041113.tar.gz) = 160834 bytes
 SHA1 (patch-aa) = dd87abe68ab5e9e99598778aed03d2caafab6b8d
 SHA1 (patch-ab) = dd1569e2dee2208b7a5a8d83800d55454f8d9c36
+SHA1 (patch-lib_xmltok__impl.c) = 8571b0f363d05f4ab1ea810501d785fc3c1c8ac1
--- a/chat/libtlen/patches/patch-lib_xmltok__impl.c
+++ b/chat/libtlen/patches/patch-lib_xmltok__impl.c
@ -0,0 +1,14 @@
+$NetBSD: patch-lib_xmltok__impl.c,v 1.1 2017/08/01 10:41:45 nros Exp $
+* fix CVE-2009-3720
+http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch
+--- lib/xmltok_impl.c.orig	2017-08-01 09:42:50.000000000 +0000
+++ lib/xmltok_impl.c
+@@ -1898,7 +1898,7 @@ static void PREFIX (updatePosition) (con
+ 				     const char *ptr,
+ 				     const char *end, POSITION * pos)
+ {
+-	while (ptr != end)
+	while (ptr < end)
+ 	{
+ 		switch (BYTE_TYPE (enc, ptr))
+ 		{