Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Sep 2014 07:41:09 +0000 (UTC)
From:      Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r368009 - in head/mail/procmail: . files
Message-ID:  <201409120741.s8C7f924057463@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: sunpoet
Date: Fri Sep 12 07:41:09 2014
New Revision: 368009
URL: http://svnweb.freebsd.org/changeset/ports/368009
QAT: https://qat.redports.org/buildarchive/r368009/

Log:
  - Fix heap-based buffer overflow in formisc.c
  - Bump PORTREVISION for package change
  
  Security:	CVE-2014-3618
  MFH:		2014Q3

Added:
  head/mail/procmail/files/patch-src-formisc.c   (contents, props changed)
Modified:
  head/mail/procmail/Makefile

Modified: head/mail/procmail/Makefile
==============================================================================
--- head/mail/procmail/Makefile	Fri Sep 12 07:08:41 2014	(r368008)
+++ head/mail/procmail/Makefile	Fri Sep 12 07:41:09 2014	(r368009)
@@ -3,7 +3,7 @@
 
 PORTNAME=	procmail
 PORTVERSION=	3.22
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.ucsb.edu/pub/mirrors/procmail/ \
 		ftp://ftp.informatik.rwth-aachen.de/pub/packages/procmail/ \

Added: head/mail/procmail/files/patch-src-formisc.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/mail/procmail/files/patch-src-formisc.c	Fri Sep 12 07:41:09 2014	(r368009)
@@ -0,0 +1,16 @@
+--- src/formisc.c.orig	2001-06-29 10:20:45.000000000 +0800
++++ src/formisc.c	2014-09-12 00:58:12.989105253 +0800
+@@ -84,12 +84,11 @@
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409120741.s8C7f924057463>