summaryrefslogtreecommitdiff
path: root/mail/fetchmail
diff options
context:
space:
mode:
authortez <tez@pkgsrc.org>2012-08-21 15:49:54 +0000
committertez <tez@pkgsrc.org>2012-08-21 15:49:54 +0000
commit8a042046385fb7540bf91654979508af9dfdb8d4 (patch)
tree6ee09397e257c217e7d8fe7b5f03285bfa07ac7d /mail/fetchmail
parente4516dabee28ae8d66c569f14c060de0ef1285d3 (diff)
downloadpkgsrc-8a042046385fb7540bf91654979508af9dfdb8d4.tar.gz
Fix CVE-2012-3482
patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs
Diffstat (limited to 'mail/fetchmail')
-rw-r--r--mail/fetchmail/Makefile3
-rw-r--r--mail/fetchmail/distinfo3
-rw-r--r--mail/fetchmail/patches/patch-ntlmsubr.c22
3 files changed, 26 insertions, 2 deletions
diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile
index 42b17d59366..e883eae5e33 100644
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.177 2011/08/26 07:19:25 tron Exp $
+# $NetBSD: Makefile,v 1.178 2012/08/21 15:49:54 tez Exp $
# Note to updaters: mail/fetchmailconf reaches over here, make sure it builds.
DISTNAME= fetchmail-6.3.21
+PKGREVISION= 1
CATEGORIES= mail
MASTER_SITES= http://download.berlios.de/fetchmail/
EXTRACT_SUFX= .tar.bz2
diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo
index c0e9b2ac113..7573b5742de 100644
--- a/mail/fetchmail/distinfo
+++ b/mail/fetchmail/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.45 2011/08/26 07:19:25 tron Exp $
+$NetBSD: distinfo,v 1.46 2012/08/21 15:49:54 tez Exp $
SHA1 (fetchmail-6.3.21.tar.bz2) = e32a0d40ec133d651782543ecd7bc9bbee52dff7
RMD160 (fetchmail-6.3.21.tar.bz2) = 981084b384eb8f6f424af64ceb5922a030271519
Size (fetchmail-6.3.21.tar.bz2) = 1724445 bytes
+SHA1 (patch-ntlmsubr.c) = 0f84d835f0bd49365706290b5bc1f27177ae6c5a
diff --git a/mail/fetchmail/patches/patch-ntlmsubr.c b/mail/fetchmail/patches/patch-ntlmsubr.c
new file mode 100644
index 00000000000..8281fce6c84
--- /dev/null
+++ b/mail/fetchmail/patches/patch-ntlmsubr.c
@@ -0,0 +1,22 @@
+$NetBSD: patch-ntlmsubr.c,v 1.1 2012/08/21 15:49:54 tez Exp $
+
+Fix CVE-2012-3482
+patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs
+
+--- ntlmsubr.c.orig 2012-08-21 15:19:44.585694400 +0000
++++ ntlmsubr.c
+@@ -55,7 +55,13 @@ int ntlm_helper(int sock, struct query *
+ if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ goto cancelfail;
+
+- (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0) {
++ report (stderr, GT_("could not decode BASE64 challenge\n"));
++ /* We do not goto cancelfail; the server has already sent the
++ * tagged reply, so the protocol exchange has ended, no need
++ * for us to send the asterisk. */
++ return PS_AUTHFAIL;
++ }
+
+ if (outlevel >= O_DEBUG)
+ dumpSmbNtlmAuthChallenge(stdout, &challenge);