diff options
| author | drochner <drochner@pkgsrc.org> | 2005-01-25 19:08:55 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2005-01-25 19:08:55 +0000 |
| commit | b09545b8efa81f21db908c720f8244de99bc3d21 (patch) | |
| tree | ffc04505222b7ec67cedbae6c20e9ec5e39449ec | |
| parent | 77947df121fa1cb10c6e4f3e050ede5059936632 (diff) | |
| download | pkgsrc-b09545b8efa81f21db908c720f8244de99bc3d21.tar.gz | |
as with 2.0.3:
> apply a patch from evution CVS:
> 2005-01-20 Not Zed <NotZed@Ximian.com>
> * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a
> valid pointer, validate the length of the path before using it.
> set maximum path to 65000 characters. Spotted by Max Vozeler
> <max@hinterhof.net>
>
> This fixes the security vulnerability refered to as CAN-2005-0102.
> bump PKGREVISION
| -rw-r--r-- | mail/evolution14/Makefile | 4 | ||||
| -rw-r--r-- | mail/evolution14/distinfo | 3 | ||||
| -rw-r--r-- | mail/evolution14/patches/patch-ak | 16 |
3 files changed, 20 insertions, 3 deletions
diff --git a/mail/evolution14/Makefile b/mail/evolution14/Makefile index 4fd10704626..97b7e9d50f0 100644 --- a/mail/evolution14/Makefile +++ b/mail/evolution14/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.7 2004/10/15 00:32:36 grant Exp $ +# $NetBSD: Makefile,v 1.8 2005/01/25 19:08:55 drochner Exp $ DISTNAME= evolution-1.4.6 PKGNAME= ${DISTNAME:S/evolution/evolution14/} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= mail time gnome MASTER_SITES= ftp://ftp.ximian.com/pub/source/evolution/ \ ${MASTER_SITE_GNOME:=sources/evolution/1.4/} diff --git a/mail/evolution14/distinfo b/mail/evolution14/distinfo index 7538f3e36b4..886c8b8e52a 100644 --- a/mail/evolution14/distinfo +++ b/mail/evolution14/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.1.1.1 2004/09/21 17:17:43 jmmv Exp $ +$NetBSD: distinfo,v 1.2 2005/01/25 19:08:55 drochner Exp $ SHA1 (evolution-1.4.6.tar.bz2) = 35d7273762b1f17fb8ad845af593a1ee07f94115 Size (evolution-1.4.6.tar.bz2) = 13927597 bytes @@ -11,3 +11,4 @@ SHA1 (patch-ag) = 8e63e147266368044463667228a4fd0d1faf98eb SHA1 (patch-ah) = a4b15e3405e4f6a432392a30bf489abd4e94a181 SHA1 (patch-ai) = 0f49dc487d5cc697521bb59a45e9c8e2eda10491 SHA1 (patch-aj) = 9b098568fd94c0597a216b8b9cf89eaef3307a4b +SHA1 (patch-ak) = faeb4e0b3943ed8aeb2bc91e1d7cac8722918b4d diff --git a/mail/evolution14/patches/patch-ak b/mail/evolution14/patches/patch-ak new file mode 100644 index 00000000000..35d4621b4a0 --- /dev/null +++ b/mail/evolution14/patches/patch-ak @@ -0,0 +1,16 @@ +$NetBSD: patch-ak,v 1.1 2005/01/25 19:08:55 drochner Exp $ + +--- camel/camel-lock-helper.c.orig 2001-10-27 18:59:27.000000000 +0200 ++++ camel/camel-lock-helper.c +@@ -360,8 +360,9 @@ int main(int argc, char **argv) + switch(msg.id) { + case CAMEL_LOCK_HELPER_LOCK: + res = CAMEL_LOCK_HELPER_STATUS_NOMEM; +- path = malloc(msg.data+1); +- if (path != NULL) { ++ if (msg.data > 0xffff) { ++ res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL; ++ } else if ((path = malloc(msg.data+1)) != NULL) { + res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL; + len = read_n(STDIN_FILENO, path, msg.data); + if (len == msg.data) { |