pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/procmail procmail: Fix CVE-2017-16844
details: https://anonhg.NetBSD.org/pkgsrc/rev/8f2d76fc001e
branches: trunk
changeset: 372054:8f2d76fc001e
user: snj <snj%pkgsrc.org@localhost>
date: Sun Nov 26 20:39:40 2017 +0000
description:
procmail: Fix CVE-2017-16844
Patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
Bump PKGREVISION
diffstat:
mail/procmail/Makefile | 4 ++--
mail/procmail/distinfo | 4 ++--
mail/procmail/patches/patch-bd | 19 ++++++++++++++++---
3 files changed, 20 insertions(+), 7 deletions(-)
diffs (69 lines):
diff -r bb9141a858c2 -r 8f2d76fc001e mail/procmail/Makefile
--- a/mail/procmail/Makefile Sun Nov 26 19:14:34 2017 +0000
+++ b/mail/procmail/Makefile Sun Nov 26 20:39:40 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2014/10/09 14:06:40 wiz Exp $
+# $NetBSD: Makefile,v 1.50 2017/11/26 20:39:40 snj Exp $
DISTNAME= procmail-3.22
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= mail
MASTER_SITES= ftp://ftp.procmail.org/pub/procmail/
diff -r bb9141a858c2 -r 8f2d76fc001e mail/procmail/distinfo
--- a/mail/procmail/distinfo Sun Nov 26 19:14:34 2017 +0000
+++ b/mail/procmail/distinfo Sun Nov 26 20:39:40 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2015/11/03 23:27:17 agc Exp $
+$NetBSD: distinfo,v 1.17 2017/11/26 20:39:40 snj Exp $
SHA1 (procmail-3.22.tar.gz) = cd4e44c15559816453fd60349e5a32289f6f2965
RMD160 (procmail-3.22.tar.gz) = e609ec94ea9ab3b93629c62b3e29add497806483
@@ -14,4 +14,4 @@
SHA1 (patch-ba) = 2ebbd43d2773b147ee6410e37ab3696aeda3c07c
SHA1 (patch-bb) = 5b273bd60d24168794189bb844e39e94bd688ea8
SHA1 (patch-bc) = 7344d3c2fce1bcd3276d8e5014bf9537c6dece5c
-SHA1 (patch-bd) = fb6f2fb4b5fe1ea01682a319b6655b023e5c5fd0
+SHA1 (patch-bd) = 27a7711e400f934bc82937eae68681e0b5c30c4a
diff -r bb9141a858c2 -r 8f2d76fc001e mail/procmail/patches/patch-bd
--- a/mail/procmail/patches/patch-bd Sun Nov 26 19:14:34 2017 +0000
+++ b/mail/procmail/patches/patch-bd Sun Nov 26 20:39:40 2017 +0000
@@ -1,14 +1,18 @@
-$NetBSD: patch-bd,v 1.3 2014/09/04 07:37:44 wiz Exp $
+$NetBSD: patch-bd,v 1.4 2017/11/26 20:39:40 snj Exp $
First chunk:
https://bugzilla.redhat.com/show_bug.cgi?id=1121299
CVE-2014-3618
Second chunk:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
+CVE-2017-16844
+
+Third chunk:
Avoid conflict with existing getline() functions.
---- src/formisc.c.orig 2001-06-29 02:20:45.000000000 +0000
-+++ src/formisc.c
+--- src/formisc.c.orig 2001-06-28 19:20:45.000000000 -0700
++++ src/formisc.c 2017-11-26 12:21:14.260042851 -0800
@@ -84,12 +84,11 @@ normal: *target++= *start++;
case '"':*target++=delim='"';start++;
}
@@ -23,6 +27,15 @@
}
hitspc=2;
}
+@@ -104,7 +103,7 @@ void loadsaved(sp)const struct saved*con
+ }
+ /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen) /* buf can't hold the text */
++{ while(buffilled+len>buflen) /* buf can't hold the text */
+ buf=realloc(buf,buflen+=Bsize);
+ tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
@@ -115,7 +114,7 @@ void loadchar(c)const int c; /* a
buf[buffilled++]=c;
}
Home |
Main Index |
Thread Index |
Old Index