diff options
| author | tez <tez> | 2012-08-21 15:49:54 +0000 |
|---|---|---|
| committer | tez <tez> | 2012-08-21 15:49:54 +0000 |
| commit | 97837a82e1fc2b4759cdc4577eaa1dc855448e08 (patch) | |
| tree | 6ee09397e257c217e7d8fe7b5f03285bfa07ac7d /mail | |
| parent | 65f390f6612b5b3ea25bc85dd7592053cfa831d4 (diff) | |
| download | pkgsrc-97837a82e1fc2b4759cdc4577eaa1dc855448e08.tar.gz | |
Fix CVE-2012-3482
patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/fetchmail/Makefile | 3 | ||||
| -rw-r--r-- | mail/fetchmail/distinfo | 3 | ||||
| -rw-r--r-- | mail/fetchmail/patches/patch-ntlmsubr.c | 22 |
3 files changed, 26 insertions, 2 deletions
diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile index 42b17d59366..e883eae5e33 100644 --- a/mail/fetchmail/Makefile +++ b/mail/fetchmail/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.177 2011/08/26 07:19:25 tron Exp $ +# $NetBSD: Makefile,v 1.178 2012/08/21 15:49:54 tez Exp $ # Note to updaters: mail/fetchmailconf reaches over here, make sure it builds. DISTNAME= fetchmail-6.3.21 +PKGREVISION= 1 CATEGORIES= mail MASTER_SITES= http://download.berlios.de/fetchmail/ EXTRACT_SUFX= .tar.bz2 diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo index c0e9b2ac113..7573b5742de 100644 --- a/mail/fetchmail/distinfo +++ b/mail/fetchmail/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.45 2011/08/26 07:19:25 tron Exp $ +$NetBSD: distinfo,v 1.46 2012/08/21 15:49:54 tez Exp $ SHA1 (fetchmail-6.3.21.tar.bz2) = e32a0d40ec133d651782543ecd7bc9bbee52dff7 RMD160 (fetchmail-6.3.21.tar.bz2) = 981084b384eb8f6f424af64ceb5922a030271519 Size (fetchmail-6.3.21.tar.bz2) = 1724445 bytes +SHA1 (patch-ntlmsubr.c) = 0f84d835f0bd49365706290b5bc1f27177ae6c5a diff --git a/mail/fetchmail/patches/patch-ntlmsubr.c b/mail/fetchmail/patches/patch-ntlmsubr.c new file mode 100644 index 00000000000..8281fce6c84 --- /dev/null +++ b/mail/fetchmail/patches/patch-ntlmsubr.c @@ -0,0 +1,22 @@ +$NetBSD: patch-ntlmsubr.c,v 1.1 2012/08/21 15:49:54 tez Exp $ + +Fix CVE-2012-3482 +patch from http://gitorious.org/fetchmail/fetchmail/commit/3fbc7cd331602c76f882d1b507cd05c1d824ba8b/diffs + +--- ntlmsubr.c.orig 2012-08-21 15:19:44.585694400 +0000 ++++ ntlmsubr.c +@@ -55,7 +55,13 @@ int ntlm_helper(int sock, struct query * + if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + goto cancelfail; + +- (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); ++ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0) { ++ report (stderr, GT_("could not decode BASE64 challenge\n")); ++ /* We do not goto cancelfail; the server has already sent the ++ * tagged reply, so the protocol exchange has ended, no need ++ * for us to send the asterisk. */ ++ return PS_AUTHFAIL; ++ } + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthChallenge(stdout, &challenge); |