Add a fix for CVE 2011-4357, taken from

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
2011-12-01 20:50:48 +00:00 · 2011-12-01 20:50:48 +00:00 · 987e5e7d49
commit 987e5e7d49
parent d21a93449f
3 changed files with 20 additions and 2 deletions
--- a/www/clearsilver/distinfo
+++ b/www/clearsilver/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2010/09/13 03:05:24 taca Exp $
+$NetBSD: distinfo,v 1.16 2011/12/01 20:50:48 gls Exp $

 SHA1 (clearsilver-0.10.5.tar.gz) = 138865dc91e27328fe29fcaaac1bc6558f19dd75
 RMD160 (clearsilver-0.10.5.tar.gz) = bd5c616f326b544df8a74eec71a98a474b408249
@ -6,3 +6,4 @@ Size (clearsilver-0.10.5.tar.gz) = 439190 bytes
 SHA1 (patch-aa) = cf8708c4bee271d39eca2b1833302fa13aee2b6d
 SHA1 (patch-ae) = 58326210ecef3936579a19f3cbcb9b9374bc3541
 SHA1 (patch-af) = e88106bb0c57d632c348bc16ff673e0ef7487847
+SHA1 (patch-python_neo__cgi.c) = 0baf7f06bdf7c5686131b1b1abbd4fb0fef11c85
--- a/www/clearsilver/patches/patch-python_neo__cgi.c
+++ b/www/clearsilver/patches/patch-python_neo__cgi.c
@ -0,0 +1,16 @@
+$NetBSD: patch-python_neo__cgi.c,v 1.1 2011/12/01 20:50:49 gls Exp $
+
+Fix for 2011-4357
+Taken from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
+
+--- python/neo_cgi.c.orig	2007-07-12 03:07:43.000000000 +0000
+++ python/neo_cgi.c
+@@ -178,7 +178,7 @@ static PyObject * p_cgi_error (PyObject 
+   if (!PyArg_ParseTuple(args, "s:error(str)", &s))
+     return NULL;
+ 
+-  cgi_error (cgi, s);
+  cgi_error (cgi, "%s", s);
+   rv = Py_None;
+   Py_INCREF(rv);
+   return rv;
--- a/www/py-clearsilver/Makefile
+++ b/www/py-clearsilver/Makefile
@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.14 2009/03/05 18:51:33 joerg Exp $
+# $NetBSD: Makefile,v 1.15 2011/12/01 20:53:54 gls Exp $

 PKGNAME=			${PYPKGPREFIX}-${DISTNAME}
+PKGREVISION=			1

 PKG_DESTDIR_SUPPORT=	user-destdir