head 1.5; access; symbols pkgsrc-2024Q2:1.4.0.54 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.52 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.4.0.50 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.48 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.46 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.44 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.42 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.40 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.38 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.36 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.34 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.32 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.30 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.28 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.26 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.24 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.22 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.18 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.20 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.16 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.14 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.12 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.10 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.8 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.6 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.4 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.2 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.3.0.28 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.24 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.22 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.20 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.18 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.16 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.14 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.12 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.10 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.8 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.6 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.4 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.2 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.2.0.20 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.18 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.16 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.14 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.12 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.10 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.6 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.4 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.2 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.1.0.20 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.18 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.16 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.14 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.12 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.10 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.8 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.6 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.4 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.2 pkgsrc-2009Q3-base:1.1; locks; strict; comment @# @; 1.5 date 2024.07.31.22.31.50; author vins; state dead; branches; next 1.4; commitid H3zUPrGg40k0H2kF; 1.4 date 2017.11.26.20.39.40; author snj; state Exp; branches; next 1.3; commitid fuoWCqNh7XmXsAgA; 1.3 date 2014.09.04.07.37.44; author wiz; state Exp; branches 1.3.28.1; next 1.2; commitid V3DnC2ilybiu20Px; 1.2 date 2012.03.12.13.22.17; author fhajny; state Exp; branches; next 1.1; 1.1 date 2009.07.18.03.15.18; author smb; state Exp; branches; next ; 1.3.28.1 date 2017.12.20.16.36.28; author spz; state Exp; branches; next ; commitid 8Q96De18qv3fmEjA; desc @@ 1.5 log @mail/procmail: long due update to v3.24 Fixed all bugs collected by Debian and others during the past 21 years. See the git commit history for detailed descriptions. @ text @$NetBSD: patch-bd,v 1.4 2017/11/26 20:39:40 snj Exp $ First chunk: https://bugzilla.redhat.com/show_bug.cgi?id=1121299 CVE-2014-3618 Second chunk: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 CVE-2017-16844 Third chunk: Avoid conflict with existing getline() functions. --- src/formisc.c.orig 2001-06-28 19:20:45.000000000 -0700 +++ src/formisc.c 2017-11-26 12:21:14.260042851 -0800 @@@@ -84,12 +84,11 @@@@ normal: *target++= *start++; case '"':*target++=delim='"';start++; } ;{ int i; - do + while(*start) if((i= *target++= *start++)==delim) /* corresponding delimiter? */ break; else if(i=='\\'&&*start) /* skip quoted character */ *target++= *start++; - while(*start); /* anything? */ } hitspc=2; } @@@@ -104,7 +103,7 @@@@ void loadsaved(sp)const struct saved*con } /* append to buf */ void loadbuf(text,len)const char*const text;const size_t len; -{ if(buffilled+len>buflen) /* buf can't hold the text */ +{ while(buffilled+len>buflen) /* buf can't hold the text */ buf=realloc(buf,buflen+=Bsize); tmemmove(buf+buffilled,text,len);buffilled+=len; } @@@@ -115,7 +114,7 @@@@ void loadchar(c)const int c; /* a buf[buffilled++]=c; } -int getline P((void)) /* read a newline-terminated line */ +int get_line P((void)) /* read a newline-terminated line */ { if(buflast==EOF) /* at the end of our Latin already? */ { loadchar('\n'); /* fake empty line */ return EOF; /* spread the word */ @ 1.4 log @procmail: Fix CVE-2017-16844 Patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 Bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Fix CVE-2014-3618. https://bugzilla.redhat.com/show_bug.cgi?id=1121299 While here: Convert to user-destdir by using pkgsrc setuid framework. Add comments to some patches. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-bd,v 1.2 2012/03/12 13:22:17 fhajny Exp $ d8 4 d14 2 a15 2 --- src/formisc.c.orig 2001-06-29 02:20:45.000000000 +0000 +++ src/formisc.c d30 9 @ 1.3.28.1 log @Pullup ticket #5653 - requested by bsiegert mail/procmail: security patch Revisions pulled up: - mail/procmail/Makefile 1.50 - mail/procmail/distinfo 1.17 - mail/procmail/patches/patch-bd 1.4 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: snj Date: Sun Nov 26 20:39:41 UTC 2017 Modified Files: pkgsrc/mail/procmail: Makefile distinfo pkgsrc/mail/procmail/patches: patch-bd Log Message: procmail: Fix CVE-2017-16844 Patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug‡6511 Bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 pkgsrc/mail/procmail/Makefile cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/procmail/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/mail/procmail/patches/patch-bd @ text @d1 1 a1 1 $NetBSD$ a7 4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 CVE-2017-16844 Third chunk: d10 2 a11 2 --- src/formisc.c.orig 2001-06-28 19:20:45.000000000 -0700 +++ src/formisc.c 2017-11-26 12:21:14.260042851 -0800 a25 9 @@@@ -104,7 +103,7 @@@@ void loadsaved(sp)const struct saved*con } /* append to buf */ void loadbuf(text,len)const char*const text;const size_t len; -{ if(buffilled+len>buflen) /* buf can't hold the text */ +{ while(buffilled+len>buflen) /* buf can't hold the text */ buf=realloc(buf,buflen+=Bsize); tmemmove(buf+buffilled,text,len);buffilled+=len; } @ 1.2 log @Fix the SunOS do-install target to be DESTDIR compatible. Fix the patch files to contain proper RCS keywords. @ text @d1 1 a1 1 $NetBSD$ d3 24 a26 3 --- src/formisc.c.orig 2009-07-17 23:04:16.000000000 -0400 +++ src/formisc.c 2009-07-17 23:04:16.000000000 -0400 @@@@ -115,7 +115,7 @@@@ @ 1.1 log @Changet getline() to get_line() @ text @d1 2 @