head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.1.0.18
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.16
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.14
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.12
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.10
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.8
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.6
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.4
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2012.04.01.08.52.43;	author obache;	state dead;
branches;
next	1.1;

1.1
date	2010.01.26.18.37.01;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.01.26.18.37.01;	author spz;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.01.28.15.57.25;	author spz;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update expat to 2.1.0, contains security fixes.

Release 2.1.0 Sat March 24 2012
        - Bug Fixes:
          #1742315: Harmful XML_ParserCreateNS suggestion.
          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c.
          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3.
          #1983953, 2517952, 2517962, 2649838:
                Build modifications using autoreconf instead of buildconf.sh.
          #2815947, #2884086: OBJEXT and EXEEXT support while building.
          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences.
          #2517938: xmlwf should return non-zero exit status if not well-formed.
          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml.
          #2855609: Dangling positionPtr after error.
          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8().
          #2958794: CVE-2012-1148 - Memory leak in poolGrow.
          #2990652: CMake support.
          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value.
          #3206497: Unitialized memory returned from XML_Parse.
          #3287849: make check fails on mingw-w64.
          #3496608: CVE-2012-0876 - Hash DOS attack.
        - Patches:
          #1749198: pkg-config support.
          #3010222: Fix for bug #3010819.
          #3312568: CMake support.
          #3446384: Report byte offsets for attr names and values.
        - New Features / API changes:
          Added new API member XML_SetHashSalt() that allows setting an intial
                value (salt) for hash calculations. This is part of the fix for
                bug #3496608 to randomize hash parameters.
          When compiled with XML_ATTR_INFO defined, adds new API member
                XML_GetAttributeInfo() that allows retrieving the byte
                offsets for attribute names and values (patch #3446384).
          Added CMake build system.
                See bug #2990652 and patch #3312568.
          Added run-benchmark target to Makefile.in - relies on testdata module
                present in the same relative location as in the repository.
@
text
@$NetBSD: patch-ab,v 1.1 2010/01/26 18:37:01 drochner Exp $

CVE-2009-3560

--- lib/xmlparse.c.orig	2007-05-08 02:25:35.000000000 +0000
+++ lib/xmlparse.c
@@@@ -3703,6 +3703,9 @@@@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+	tok = -tok;
+	break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */
@


1.1
log
@add patch from upstream CVS to fix CVE-2009-3560
(possible DOS due to crash on bad input)
bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ab was added on branch pkgsrc-2009Q4 on 2010-01-28 15:57:25 +0000
@
text
@d1 16
@


1.1.2.2
log
@Pullup ticket 2978 - requested by tron
security patch

Revisions pulled up:
- pkgsrc/textproc/expat/Makefile	1.25
- pkgsrc/textproc/expat/distinfo	1.19

Files added:
- pkgsrc/textproc/expat/patches/patch-ab

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Tue Jan 26 18:37:02 UTC 2010

   Modified Files:
           pkgsrc/textproc/expat: Makefile distinfo
   Added Files:
           pkgsrc/textproc/expat/patches: patch-ab

   Log Message:
   add patch from upstream CVS to fix CVE-2009-3560
   (possible DOS due to crash on bad input)
   bump PKGREVISION


   To generate a diff of this commit:
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/textproc/expat/Makefile
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/expat/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/expat/patches/patch-ab
@
text
@a0 16
$NetBSD: patch-ab,v 1.1 2010/01/26 18:37:01 drochner Exp $

CVE-2009-3560

--- lib/xmlparse.c.orig	2007-05-08 02:25:35.000000000 +0000
+++ lib/xmlparse.c
@@@@ -3703,6 +3703,9 @@@@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+	tok = -tok;
+	break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */
@