From bda7385333379625b0faeab9529d170b77a165cb Mon Sep 17 00:00:00 2001 From: is Date: Wed, 6 Mar 2013 20:17:42 +0000 Subject: Patch from upstream for potential buffer overflow reading the certificate index file (Changeset 6298:c7eff98bb299, see mutt flea #3636). --- mail/mutt-devel/Makefile | 4 ++-- mail/mutt-devel/distinfo | 3 ++- mail/mutt-devel/patches/patch-smime.c | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 mail/mutt-devel/patches/patch-smime.c (limited to 'mail/mutt-devel') diff --git a/mail/mutt-devel/Makefile b/mail/mutt-devel/Makefile index 777bab5f9d0..cf2a05e80fb 100644 --- a/mail/mutt-devel/Makefile +++ b/mail/mutt-devel/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.90 2013/02/28 19:21:03 is Exp $ +# $NetBSD: Makefile,v 1.91 2013/03/06 20:17:42 is Exp $ DISTNAME= mutt-1.5.21 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= mail MUTT_SITES= ftp://ftp.mutt.org/mutt/ \ ftp://ftp.stealth.net/pub/mirrors/ftp.mutt.org/pub/mutt/ \ diff --git a/mail/mutt-devel/distinfo b/mail/mutt-devel/distinfo index 72312738254..fd97b4710b7 100644 --- a/mail/mutt-devel/distinfo +++ b/mail/mutt-devel/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.73 2013/02/28 19:21:03 is Exp $ +$NetBSD: distinfo,v 1.74 2013/03/06 20:17:42 is Exp $ SHA1 (mutt-1.5.21.tar.gz) = a8475f2618ce5d5d33bff85c0affdf21ab1d76b9 RMD160 (mutt-1.5.21.tar.gz) = b235a42972ae410592253cdc117a90baf279f47a @@ -24,3 +24,4 @@ SHA1 (patch-ao) = a5dddb01d30f28337ca825c6461139c2d9f288d5 SHA1 (patch-ap) = c6f79d5c4e19efdc15e9d5a59934da52b16b7a62 SHA1 (patch-aq) = e363d8929ced9731a31af1137b111d3476a3d05d SHA1 (patch-lib.c) = 7a0dc485ac8351b4c41279e22cf74134462c6432 +SHA1 (patch-smime.c) = 5ed07d69700992767572216844e44d655f5eec7d diff --git a/mail/mutt-devel/patches/patch-smime.c b/mail/mutt-devel/patches/patch-smime.c new file mode 100644 index 00000000000..88d9f1463ee --- /dev/null +++ b/mail/mutt-devel/patches/patch-smime.c @@ -0,0 +1,20 @@ +$NetBSD: patch-smime.c,v 1.1 2013/03/06 20:17:43 is Exp $ + +Index: smime.c +=================================================================== +--- smime.c (revision 6178) ++++ smime.c (revision 6298) +@@ -358,5 +358,5 @@ + FILE *index; + char buf[LONG_STRING]; +- char fields[5][STRING]; ++ char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */ + int numFields, hash_suffix, done, cur; /* The current entry */ + MUTTMENU* menu; +@@ -471,5 +471,5 @@ + char cert_path[_POSIX_PATH_MAX]; + char buf[LONG_STRING], prompt[STRING]; +- char fields[5][STRING]; ++ char fields[5][STRING+1]; /* +1 due to use of fscanf() below. the max field width does not include the null terminator (see http://dev.mutt.org/trac/ticket/3636) */ + char key[STRING]; + int numFields; -- cgit v1.2.3