SECURITY UPDATE to textproc/luaexpat 1.2.0; Fix for SA44866

LuaExpat XML Processing Denial of Service Vulnerability.

tweaks/ok sthen@ jolan@
ok jasper@

"MAINTAINER was notified a couple days ago about this. Since it is security-related,
you have my ok to commit it now." jolan@

textproc/luaexpat/Makefile

@@ -1,12 +1,12 @@
-# $OpenBSD: Makefile,v 1.2 2010/11/20 19:56:49 espie Exp $
+# $OpenBSD: Makefile,v 1.3 2011/06/08 14:23:11 gsoares Exp $
 
 SHARED_ONLY =		Yes
 
 COMMENT =		lua library for the expat XML parser
-DISTNAME =		luaexpat-1.1
+DISTNAME =		luaexpat-1.2.0
 
 CATEGORIES =		textproc
-HOMEPAGE =		http://www.keplerproject.org/luaexpat/
+HOMEPAGE =		http://matthewwild.co.uk/projects/luaexpat/
 MAINTAINER =		Scott Vokes <vokes.s@gmail.com>
 
 # MIT
@@ -16,7 +16,7 @@ PERMIT_DISTFILES_CDROM =Yes
 PERMIT_DISTFILES_FTP =	Yes
 
 WANTLIB =		expat
-MASTER_SITES =		http://luaforge.net/frs/download.php/2469/
+MASTER_SITES =		${HOMEPAGE}
 
 MODULES =		lang/lua
 REGRESS_DEPENDS =	textproc/luaexpat
@@ -29,12 +29,12 @@ ALL_TARGET =		lib
 LUA = 			${LOCALBASE}/bin/lua
 
 do-install:
-	${INSTALL_DATA_DIR} ${PREFIX}/lib/lua/5.1
-	${INSTALL_DATA_DIR} ${PREFIX}/lib/lua/5.1/lxp
-	${INSTALL_DATA_DIR} ${PREFIX}/share/lua/5.1
+	${INSTALL_DATA_DIR} ${MODLUA_LIBDIR}
+	${INSTALL_DATA_DIR} ${MODLUA_DATADIR}
+	${INSTALL_DATA_DIR} ${MODLUA_DATADIR}/lxp
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/luaexpat
-	${INSTALL_DATA} ${WRKSRC}/src/lxp.so ${PREFIX}/lib/lua/5.1
-	${INSTALL_DATA} ${WRKSRC}/src/lxp/lom.lua ${PREFIX}/lib/lua/5.1/lxp
+	${INSTALL_DATA} ${WRKSRC}/src/lxp.so ${MODLUA_LIBDIR}
+	${INSTALL_DATA} ${WRKSRC}/src/lxp/lom.lua ${MODLUA_DATADIR}/lxp
 	${INSTALL_DATA} ${WRKSRC}/doc/us/{examples,index,license,lom,manual}.html \
 		${PREFIX}/share/doc/luaexpat
 	${INSTALL_DATA} ${WRKSRC}/doc/us/luaexpat.png ${PREFIX}/share/doc/luaexpat

textproc/luaexpat/distinfo

@@ -1,5 +1,5 @@
-MD5 (luaexpat-1.1.tar.gz) = bsuJXM9c/x5/L6zUOLH40A==
-RMD160 (luaexpat-1.1.tar.gz) = 9mHA5/IjY/UYYhh+ljBkmK3eqdk=
-SHA1 (luaexpat-1.1.tar.gz) = 6jWb29NG7jeMRxeaF6w+5BC+XJ0=
-SHA256 (luaexpat-1.1.tar.gz) = nXCd3GBmMPm53D86r8sqfB/LJnUADAmXjYo3l0507/0=
-SIZE (luaexpat-1.1.tar.gz) = 27907
+MD5 (luaexpat-1.2.0.tar.gz) = A+/lDH8wo0WAcB5lJ9e/7g==
+RMD160 (luaexpat-1.2.0.tar.gz) = 6S+zRHs80XvdA+v9rwAKHwAcWfI=
+SHA1 (luaexpat-1.2.0.tar.gz) = dvA25vuSij5fPDuhuFTl/vjhso8=
+SHA256 (luaexpat-1.2.0.tar.gz) = KnFA6cGSNRBjnoe2DoXX3dDNTidWFmO9nUAx75C65e8=
+SIZE (luaexpat-1.2.0.tar.gz) = 28621

textproc/luaexpat/patches/patch-config

@@ -1,6 +1,6 @@
-$OpenBSD: patch-config,v 1.1.1.1 2009/08/15 18:19:02 jolan Exp $
---- config.orig	Thu Jun  8 15:41:48 2006
-+++ config	Sat Aug 15 13:02:52 2009
+$OpenBSD: patch-config,v 1.2 2011/06/08 14:23:11 gsoares Exp $
+--- config.orig	Fri Jun  3 11:17:04 2011
++++ config	Tue Jun  7 11:48:34 2011
 @@ -6,18 +6,18 @@ LUA_DIR= /usr/local/share/lua/5.0
  # Lua includes directory
  LUA_INC= /usr/local/include
@@ -24,10 +24,13 @@ $OpenBSD: patch-config,v 1.1.1.1 2009/08/15 18:19:02 jolan Exp $
  COMPAT_DIR= ../compat/src
  
  # Compilation parameters
-@@ -32,5 +32,5 @@ CWARNS = -Wall -pedantic \
+@@ -31,6 +31,6 @@ CWARNS = -Wall -pedantic \
+         -Wshadow \
          -Wwrite-strings
  
- CFLAGS = $(CWARNS) -ansi -O2 -I$(LUA_INC) \
+-CFLAGS = $(CWARNS) -ansi -O2 -I$(LUA_INC) \
 -   -I$(COMPAT_DIR) -I$(EXPAT_INC)
+-CC = gcc
++CFLAGS += $(CWARNS) -ansi -I$(LUA_INC) \
 +   -I$(COMPAT_DIR) -I$(EXPAT_INC) -shared -fPIC
- CC = gcc
++CC ?= gcc

textproc/luaexpat/pkg/PLIST

@@ -1,7 +1,5 @@
-@comment $OpenBSD: PLIST,v 1.1.1.1 2009/08/15 18:19:02 jolan Exp $
+@comment $OpenBSD: PLIST,v 1.2 2011/06/08 14:23:11 gsoares Exp $
 lib/lua/5.1/lxp.so
-lib/lua/5.1/lxp/
-lib/lua/5.1/lxp/lom.lua
 share/doc/luaexpat/
 share/doc/luaexpat/examples.html
 share/doc/luaexpat/index.html
@@ -9,3 +7,5 @@ share/doc/luaexpat/license.html
 share/doc/luaexpat/lom.html
 share/doc/luaexpat/luaexpat.png
 share/doc/luaexpat/manual.html
+share/lua/5.1/lxp/
+share/lua/5.1/lxp/lom.lua