ports/157469: textproc/expat2 provides the incorrect upstream patch for CVE-2009-3560

Todd Rinaldo toddr at cpanel.net
Tue May 31 17:50:08 UTC 2011


>Number:         157469
>Category:       ports
>Synopsis:       textproc/expat2 provides the incorrect upstream patch for CVE-2009-3560
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 31 17:50:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Todd Rinaldo
>Release:        8.2
>Organization:
cPanel, Inc.
>Environment:
FreeBSD free82x64 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011     root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
textproc/expat2/files/patch-xmlparse.c is incomplete. It does not match the upstream patch provided for this at:
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.165&r2=1.166&view=patch

As a result, the test suite for perl's XML::Parser is universally failing on Free BSD:
http://www.cpantesters.org/distro/X/XML-Parser.html#XML-Parser-2.40_01?grade=1&perlmat=1&patches=1&oncpan=2&distmat=3&perlver=ALL&osname=ALL&version=2.40_01

This is being tracked in RT for XML::Parser via https://rt.cpan.org/Ticket/Display.html?id=55729

I plan to TODO these tests for Free BSD, referencing this PR until the problem is fixed. 
>How-To-Repeat:
1. install textproc/expat2
2. wget/unzip http://search.cpan.org/CPAN/authors/id/C/CH/CHORNY/XML-Parser-2.40.tar.gz
3. perl Makefile.PL 
4. gmake test



>Fix:
Change textproc/expat2/files/patch-xmlparse.c  to match upstream:

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.165&r2=1.166&view=patch

>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list