apply a patch from evution CVS:

2005-01-20 Not Zed <NotZed@Ximian.com> * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a valid pointer, validate the length of the path before using it. set maximum path to 65000 characters. Spotted by Max Vozeler <max@hinterhof.net> This fixes the security vulnerability refered to as CAN-2005-0102. bump PKGREVISION
author: drochner <drochner@pkgsrc.org> 2005-01-25 15:23:46 +0000
committer: drochner <drochner@pkgsrc.org> 2005-01-25 15:23:46 +0000
commit: ba22a7f04559ba8d01608814d2baef15621e02d8 (patch)
tree: 940224fb727b1e8ea5a44132960feb95b44a0445 /mail
parent: 82d92104e3208bafa8bf3633ea77f688b64bf0a4 (diff)
download: pkgsrc-ba22a7f04559ba8d01608814d2baef15621e02d8.tar.gz
3 files changed, 20 insertions, 2 deletions
diff --git a/mail/evolution/Makefile b/mail/evolution/Makefile
index 8af70d5df80..46488e9c313 100644
--- a/mail/evolution/Makefile
+++ b/mail/evolution/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.72 2004/12/28 22:01:25 jmmv Exp $
+# $NetBSD: Makefile,v 1.73 2005/01/25 15:23:46 drochner Exp $
 
 DISTNAME=		evolution-2.0.3
+PKGREVISION=		1
 CATEGORIES=		mail time gnome
 MASTER_SITES=		${MASTER_SITE_GNOME:=sources/evolution/2.0/}
 EXTRACT_SUFX=		.tar.bz2
diff --git a/mail/evolution/distinfo b/mail/evolution/distinfo
index 06b498fabea..3b9cb73d6e5 100644
--- a/mail/evolution/distinfo
+++ b/mail/evolution/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.32 2005/01/17 08:46:34 jmmv Exp $
+$NetBSD: distinfo,v 1.33 2005/01/25 15:23:46 drochner Exp $
 
 SHA1 (evolution-2.0.3.tar.bz2) = 059253acd24648b841c6fc24e376c475b2598b6d
 Size (evolution-2.0.3.tar.bz2) = 15381448 bytes
 SHA1 (patch-aa) = a89da54c40813c07af76dd98f876dd2e979c2554
 SHA1 (patch-ab) = 871a322eefd1a42e7197da764d49cd1d24f6535d
 SHA1 (patch-ac) = 5150f3163e7307e03ed82757e1d31a54310feae3
+SHA1 (patch-ad) = 32b3b688033518602cd91888e5239b78558f1558
diff --git a/mail/evolution/patches/patch-ad b/mail/evolution/patches/patch-ad
new file mode 100644
index 00000000000..e58c27566cf
--- /dev/null
+++ b/mail/evolution/patches/patch-ad
@@ -0,0 +1,16 @@
+$NetBSD: patch-ad,v 1.6 2005/01/25 15:23:46 drochner Exp $
+
+--- camel/camel-lock-helper.c.orig	2005-01-25 15:34:38.000000000 +0100
++++ camel/camel-lock-helper.c
+@@ -360,8 +360,9 @@ int main(int argc, char **argv)
+ 			switch(msg.id) {
+ 			case CAMEL_LOCK_HELPER_LOCK:
+ 				res = CAMEL_LOCK_HELPER_STATUS_NOMEM;
+-				path = malloc(msg.data+1);
+-				if (path != NULL) {
++				if (msg.data > 0xffff) {
++					res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL;
++				} else if ((path = malloc(msg.data+1)) != NULL) {
+ 					res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL;
+ 					len = read_n(STDIN_FILENO, path, msg.data);
+ 					if (len == msg.data) {
author	drochner <drochner@pkgsrc.org>	2005-01-25 15:23:46 +0000
committer	drochner <drochner@pkgsrc.org>	2005-01-25 15:23:46 +0000
commit	ba22a7f04559ba8d01608814d2baef15621e02d8 (patch)
tree	940224fb727b1e8ea5a44132960feb95b44a0445 /mail
parent	82d92104e3208bafa8bf3633ea77f688b64bf0a4 (diff)
download	pkgsrc-ba22a7f04559ba8d01608814d2baef15621e02d8.tar.gz