apply expat patch to bundled version:

add patch from upstream CVS to fix CVE-2009-3560 (possible DOS due to crash on bad input) bump PKGREVISION
2010-01-26 18:38:26 +00:00 · 2010-01-26 18:38:26 +00:00 · e78f4a7eb5
commit e78f4a7eb5
parent 0cd59efa20
3 changed files with 20 additions and 3 deletions
--- a/www/libwww/Makefile
+++ b/www/libwww/Makefile
@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.80 2010/01/17 12:02:49 wiz Exp $
+# $NetBSD: Makefile,v 1.81 2010/01/26 18:38:26 drochner Exp $

 DISTNAME=		w3c-libwww-5.4.0
 PKGNAME=		libwww-5.4.0
-PKGREVISION=		8
+PKGREVISION=		9
 CATEGORIES=		www devel
 MASTER_SITES=		http://www.w3.org/Library/Distribution/
 EXTRACT_SUFX=		.tgz
--- a/www/libwww/distinfo
+++ b/www/libwww/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2009/11/08 08:38:54 obache Exp $
+$NetBSD: distinfo,v 1.25 2010/01/26 18:38:26 drochner Exp $

 SHA1 (libwww-configure-5.4.0nb2.gz) = de3292e2ec4034485b300845e7a0c0ef4ceb0199
 RMD160 (libwww-configure-5.4.0nb2.gz) = bead5840a43b85e7de79e1bf5e26fa997cf827e3
@ -22,3 +22,4 @@ SHA1 (patch-ao) = fa5c98f6c4e873f816e5a5bc48481d1462c946dc
 SHA1 (patch-ap) = 506ee8ddd2e627aa6ba84b933ca39a6934b95689
 SHA1 (patch-aq) = f44086c50dfe3d5af714b6defcb40ac7a1ed36f1
 SHA1 (patch-ar) = ddbe9f7e7add849dcbdf215d0087bb3e314100c3
+SHA1 (patch-as) = cb88580f74998491eb822227af225055b0eeacee
--- a/www/libwww/patches/patch-as
+++ b/www/libwww/patches/patch-as
@ -0,0 +1,16 @@
+$NetBSD: patch-as,v 1.1 2010/01/26 18:38:27 drochner Exp $
+
+CVE-2009-3560
+
+--- modules/expat/xmlparse/xmlparse.c.orig	2000-08-28 08:52:01.000000000 +0000
+++ modules/expat/xmlparse/xmlparse.c
+@@ -2199,6 +2199,9 @@ doProlog(XML_Parser parser,
+ 	return XML_ERROR_UNCLOSED_TOKEN;
+       case XML_TOK_PARTIAL_CHAR:
+ 	return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+	tok = -tok;
+	break;
+       case XML_TOK_NONE:
+ #ifdef XML_DTD
+ 	if (enc != encoding)