From a27f9583594ae3fe3f3af1cdaf4e6f56c7d013e7 Mon Sep 17 00:00:00 2001 From: tron Date: Sun, 23 Sep 2007 12:48:46 +0000 Subject: Add fix for security vulnerability reported in CVE-2007-4565. Bump package revision. --- mail/fetchmail/Makefile | 3 ++- mail/fetchmail/distinfo | 3 ++- mail/fetchmail/patches/patch-aa | 13 +++++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 mail/fetchmail/patches/patch-aa (limited to 'mail') diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile index 79c9f23ce5d..6351e4bf297 100644 --- a/mail/fetchmail/Makefile +++ b/mail/fetchmail/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.162 2007/04/14 22:14:29 tron Exp $ +# $NetBSD: Makefile,v 1.163 2007/09/23 12:48:46 tron Exp $ DISTNAME= fetchmail-6.3.8 +PKGREVISION= 1 CATEGORIES= mail MASTER_SITES= http://download.berlios.de/fetchmail/ \ http://download2.berlios.de/fetchmail/ diff --git a/mail/fetchmail/distinfo b/mail/fetchmail/distinfo index 8b2559cca5e..943e3a0bbe0 100644 --- a/mail/fetchmail/distinfo +++ b/mail/fetchmail/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.37 2007/04/14 22:14:29 tron Exp $ +$NetBSD: distinfo,v 1.38 2007/09/23 12:48:46 tron Exp $ SHA1 (fetchmail-6.3.8.tar.bz2) = b8e8c51ed6cf53fc398c821fdb29d166c6713bb0 RMD160 (fetchmail-6.3.8.tar.bz2) = 34034f9ae9fe44ba35f0a16d3128d4a9b0001df2 Size (fetchmail-6.3.8.tar.bz2) = 1323515 bytes +SHA1 (patch-aa) = d8234f2bbe91003c4cb5c9896dfe33c8226a74de diff --git a/mail/fetchmail/patches/patch-aa b/mail/fetchmail/patches/patch-aa new file mode 100644 index 00000000000..4836906bd5e --- /dev/null +++ b/mail/fetchmail/patches/patch-aa @@ -0,0 +1,13 @@ +$NetBSD: patch-aa,v 1.6 2007/09/23 12:48:46 tron Exp $ + +--- sink.c.orig 2007-03-29 23:45:17.000000000 +0100 ++++ sink.c 2007-09-23 13:42:40.000000000 +0100 +@@ -262,7 +262,7 @@ + const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; + + /* don't bounce in reply to undeliverable bounces */ +- if (!msg->return_path[0] || ++ if (!msg || !msg->return_path[0] || + strcmp(msg->return_path, "<>") == 0 || + strcasecmp(msg->return_path, md1) == 0 || + strncasecmp(msg->return_path, md2, strlen(md2)) == 0) -- cgit v1.2.3