[pkgsrc/trunk]: pkgsrc/mail/fetchmail Add patch for CVE-2008-2711.

[obache <obache%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/66025a2f8d64
branches:  trunk
changeset: 543465:66025a2f8d64
user:      obache <obache%pkgsrc.org@localhost>
date:      Thu Jun 19 11:29:49 2008 +0000

description:
Add patch for CVE-2008-2711.
Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt

Bump PKGREVISION.

diffstat:

 mail/fetchmail/Makefile         |   4 ++--
 mail/fetchmail/distinfo         |   3 ++-
 mail/fetchmail/patches/patch-ab |  34 ++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 3 deletions(-)

diffs (63 lines):

diff -r 3ec27e1d4a68 -r 66025a2f8d64 mail/fetchmail/Makefile
--- a/mail/fetchmail/Makefile   Thu Jun 19 08:16:22 2008 +0000
+++ b/mail/fetchmail/Makefile   Thu Jun 19 11:29:49 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.166 2008/04/27 18:14:03 frueauf Exp $
+# $NetBSD: Makefile,v 1.167 2008/06/19 11:29:49 obache Exp $
 
 DISTNAME=      fetchmail-6.3.8
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    mail
 MASTER_SITES=  http://download.berlios.de/fetchmail/   \
                http://download2.berlios.de/fetchmail/
diff -r 3ec27e1d4a68 -r 66025a2f8d64 mail/fetchmail/distinfo
--- a/mail/fetchmail/distinfo   Thu Jun 19 08:16:22 2008 +0000
+++ b/mail/fetchmail/distinfo   Thu Jun 19 11:29:49 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.38 2007/09/23 12:48:46 tron Exp $
+$NetBSD: distinfo,v 1.39 2008/06/19 11:29:49 obache Exp $
 
 SHA1 (fetchmail-6.3.8.tar.bz2) = b8e8c51ed6cf53fc398c821fdb29d166c6713bb0
 RMD160 (fetchmail-6.3.8.tar.bz2) = 34034f9ae9fe44ba35f0a16d3128d4a9b0001df2
 Size (fetchmail-6.3.8.tar.bz2) = 1323515 bytes
 SHA1 (patch-aa) = d8234f2bbe91003c4cb5c9896dfe33c8226a74de
+SHA1 (patch-ab) = 7439c2a09a913fa4cd3d89ff86b4618e81c1185e
diff -r 3ec27e1d4a68 -r 66025a2f8d64 mail/fetchmail/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/fetchmail/patches/patch-ab   Thu Jun 19 11:29:49 2008 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-ab,v 1.18 2008/06/19 11:29:49 obache Exp $
+
+CVE-2008-2711
+http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt
+
+--- report.c.orig      2006-03-14 08:53:31.000000000 +0000
++++ report.c
+@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_a
+     rep_ensuresize();
+ 
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++      /*
++       * args has to be initialized before every call of vsnprintf(),
++       * because vsnprintf() invokes va_arg macro and thus args is
++       * undefined after the call.
++       */
++      VA_START(args, message);
+       n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+                      message, args);
++      va_end (args);
+ 
+       if (n >= 0
+           && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_a
+       partial_message_size += 2048;
+       partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {