diff options
author | ghen <ghen@pkgsrc.org> | 2008-06-19 16:45:15 +0000 |
---|---|---|
committer | ghen <ghen@pkgsrc.org> | 2008-06-19 16:45:15 +0000 |
commit | 8fc94fb73fa94b54b980f2ad513a416bc12fb50c (patch) | |
tree | 0272593fb6c270c6d7c036b8d3f0cee00c8a8d42 | |
parent | 9ae68e8ade83f82a56cdbf40820d34fcda721aee (diff) | |
download | pkgsrc-8fc94fb73fa94b54b980f2ad513a416bc12fb50c.tar.gz |
Pullup ticket 2431 - requested by obache
security fix for fetchmail
- pkgsrc/mail/fetchmail/Makefile 1.167
- pkgsrc/mail/fetchmail/distinfo 1.39
- pkgsrc/mail/fetchmail/patches/patch-ab 1.18
Module Name: pkgsrc
Committed By: obache
Date: Thu Jun 19 11:29:49 UTC 2008
Modified Files:
pkgsrc/mail/fetchmail: Makefile distinfo
Added Files:
pkgsrc/mail/fetchmail/patches: patch-ab
Log Message:
Add patch for CVE-2008-2711.
Taken from http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt
Bump PKGREVISION.
-rw-r--r-- | mail/fetchmail/Makefile | 4 | ||||
-rw-r--r-- | mail/fetchmail/distinfo | 3 | ||||
-rw-r--r-- | mail/fetchmail/patches/patch-ab | 34 |
3 files changed, 38 insertions, 3 deletions
diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile index 6b4a870b1ca..c2d3c73006c 100644 --- a/mail/fetchmail/Makefile +++ b/mail/fetchmail/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.165 2008/01/18 05:08:24 tnn Exp $ +# $NetBSD: Makefile,v 1.165.2.1 2008/06/19 16:45:15 ghen Exp $ DISTNAME= fetchmail-6.3.8 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= mail MASTER_SITES= http://download.berlios.de/fetchmail/ \ http://download2.berlios.de/fetchmail/ diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo index 943e3a0bbe0..523652ccf70 100644 --- a/mail/fetchmail/distinfo +++ b/mail/fetchmail/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.38 2007/09/23 12:48:46 tron Exp $ +$NetBSD: distinfo,v 1.38.6.1 2008/06/19 16:45:15 ghen Exp $ SHA1 (fetchmail-6.3.8.tar.bz2) = b8e8c51ed6cf53fc398c821fdb29d166c6713bb0 RMD160 (fetchmail-6.3.8.tar.bz2) = 34034f9ae9fe44ba35f0a16d3128d4a9b0001df2 Size (fetchmail-6.3.8.tar.bz2) = 1323515 bytes SHA1 (patch-aa) = d8234f2bbe91003c4cb5c9896dfe33c8226a74de +SHA1 (patch-ab) = 7439c2a09a913fa4cd3d89ff86b4618e81c1185e diff --git a/mail/fetchmail/patches/patch-ab b/mail/fetchmail/patches/patch-ab new file mode 100644 index 00000000000..874be458618 --- /dev/null +++ b/mail/fetchmail/patches/patch-ab @@ -0,0 +1,34 @@ +$NetBSD: patch-ab,v 1.17.10.1 2008/06/19 16:45:15 ghen Exp $ + +CVE-2008-2711 +http://fetchmail.berlios.de/fetchmail-SA-2008-01.txt + +--- report.c.orig 2006-03-14 08:53:31.000000000 +0000 ++++ report.c +@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_a + rep_ensuresize(); + + #if defined(VA_START) +- VA_START (args, message); + for ( ; ; ) + { ++ /* ++ * args has to be initialized before every call of vsnprintf(), ++ * because vsnprintf() invokes va_arg macro and thus args is ++ * undefined after the call. ++ */ ++ VA_START(args, message); + n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used, + message, args); ++ va_end (args); + + if (n >= 0 + && (unsigned)n < partial_message_size - partial_message_size_used) +@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_a + partial_message_size += 2048; + partial_message = REALLOC (partial_message, partial_message_size); + } +- va_end (args); + #else + for ( ; ; ) + { |