ports/157469: textproc/expat2 provides the incorrect upstream patch for CVE-2009-3560
Todd Rinaldo
toddr at cpanel.net
Tue May 31 17:50:08 UTC 2011
>Number: 157469
>Category: ports
>Synopsis: textproc/expat2 provides the incorrect upstream patch for CVE-2009-3560
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue May 31 17:50:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Todd Rinaldo
>Release: 8.2
>Organization:
cPanel, Inc.
>Environment:
FreeBSD free82x64 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
textproc/expat2/files/patch-xmlparse.c is incomplete. It does not match the upstream patch provided for this at:
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.165&r2=1.166&view=patch
As a result, the test suite for perl's XML::Parser is universally failing on Free BSD:
http://www.cpantesters.org/distro/X/XML-Parser.html#XML-Parser-2.40_01?grade=1&perlmat=1&patches=1&oncpan=2&distmat=3&perlver=ALL&osname=ALL&version=2.40_01
This is being tracked in RT for XML::Parser via https://rt.cpan.org/Ticket/Display.html?id=55729
I plan to TODO these tests for Free BSD, referencing this PR until the problem is fixed.
>How-To-Repeat:
1. install textproc/expat2
2. wget/unzip http://search.cpan.org/CPAN/authors/id/C/CH/CHORNY/XML-Parser-2.40.tar.gz
3. perl Makefile.PL
4. gmake test
>Fix:
Change textproc/expat2/files/patch-xmlparse.c to match upstream:
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.165&r2=1.166&view=patch
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list