Date: Tue, 31 May 2011 17:49:21 GMT From: Todd Rinaldo <toddr@cpanel.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/157469: textproc/expat2 provides the incorrect upstream patch for CVE-2009-3560 Message-ID: <201105311749.p4VHnLb0091010@red.freebsd.org> Resent-Message-ID: <201105311750.p4VHo8Eh078457@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 157469 >Category: ports >Synopsis: textproc/expat2 provides the incorrect upstream patch for CVE-2009-3560 >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 31 17:50:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Todd Rinaldo >Release: 8.2 >Organization: cPanel, Inc. >Environment: FreeBSD free82x64 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: textproc/expat2/files/patch-xmlparse.c is incomplete. It does not match the upstream patch provided for this at: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.165&r2=1.166&view=patch As a result, the test suite for perl's XML::Parser is universally failing on Free BSD: http://www.cpantesters.org/distro/X/XML-Parser.html#XML-Parser-2.40_01?grade=1&perlmat=1&patches=1&oncpan=2&distmat=3&perlver=ALL&osname=ALL&version=2.40_01 This is being tracked in RT for XML::Parser via https://rt.cpan.org/Ticket/Display.html?id=55729 I plan to TODO these tests for Free BSD, referencing this PR until the problem is fixed. >How-To-Repeat: 1. install textproc/expat2 2. wget/unzip http://search.cpan.org/CPAN/authors/id/C/CH/CHORNY/XML-Parser-2.40.tar.gz 3. perl Makefile.PL 4. gmake test >Fix: Change textproc/expat2/files/patch-xmlparse.c to match upstream: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.165&r2=1.166&view=patch >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105311749.p4VHnLb0091010>