Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Sep 2014 14:59:24 +0000 (UTC)
From:      Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r368028 - in branches/2014Q3/mail/procmail: . files
Message-ID:  <201409121459.s8CExOOD083973@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: sunpoet
Date: Fri Sep 12 14:59:23 2014
New Revision: 368028
URL: http://svnweb.freebsd.org/changeset/ports/368028
QAT: https://qat.redports.org/buildarchive/r368028/

Log:
  MFH: r368009
  
  - Fix heap-based buffer overflow in formisc.c
  - Bump PORTREVISION for package change
  
  Security:	CVE-2014-3618
  Approved by:	portmgr (erwin)

Added:
  branches/2014Q3/mail/procmail/files/patch-src-formisc.c
     - copied unchanged from r368009, head/mail/procmail/files/patch-src-formisc.c
Modified:
  branches/2014Q3/mail/procmail/Makefile
Directory Properties:
  branches/2014Q3/   (props changed)

Modified: branches/2014Q3/mail/procmail/Makefile
==============================================================================
--- branches/2014Q3/mail/procmail/Makefile	Fri Sep 12 14:16:50 2014	(r368027)
+++ branches/2014Q3/mail/procmail/Makefile	Fri Sep 12 14:59:23 2014	(r368028)
@@ -3,7 +3,7 @@
 
 PORTNAME=	procmail
 PORTVERSION=	3.22
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.ucsb.edu/pub/mirrors/procmail/ \
 		ftp://ftp.informatik.rwth-aachen.de/pub/packages/procmail/ \

Copied: branches/2014Q3/mail/procmail/files/patch-src-formisc.c (from r368009, head/mail/procmail/files/patch-src-formisc.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2014Q3/mail/procmail/files/patch-src-formisc.c	Fri Sep 12 14:59:23 2014	(r368028, copy of r368009, head/mail/procmail/files/patch-src-formisc.c)
@@ -0,0 +1,16 @@
+--- src/formisc.c.orig	2001-06-29 10:20:45.000000000 +0800
++++ src/formisc.c	2014-09-12 00:58:12.989105253 +0800
+@@ -84,12 +84,11 @@
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409121459.s8CExOOD083973>