From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jun 18 14:30:01 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FB6A106567F for ; Wed, 18 Jun 2008 14:30:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 166828FC1E for ; Wed, 18 Jun 2008 14:30:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m5IEU0e0057028 for ; Wed, 18 Jun 2008 14:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m5IEU0xQ057025; Wed, 18 Jun 2008 14:30:00 GMT (envelope-from gnats) Resent-Date: Wed, 18 Jun 2008 14:30:00 GMT Resent-Message-Id: <200806181430.m5IEU0xQ057025@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthias Andree Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2923B106566C for ; Wed, 18 Jun 2008 14:25:01 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 7F4E88FC14 for ; Wed, 18 Jun 2008 14:25:00 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: (qmail invoked by alias); 18 Jun 2008 14:24:59 -0000 Received: from e179108253.adsl.alicedsl.de (EHLO m2a2.dyndns.org) [85.179.108.253] by mail.gmx.net (mp028) with SMTP; 18 Jun 2008 16:24:59 +0200 Received: by merlin.emma.line.org (Postfix, from userid 500) id 53738C6FE; Wed, 18 Jun 2008 16:24:58 +0200 (CEST) Message-Id: <20080618142458.53738C6FE@merlin.emma.line.org> Date: Wed, 18 Jun 2008 16:24:58 +0200 (CEST) From: Matthias Andree To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: barner@FreeBSD.org Subject: ports/124718: [PATCH] mail/fetchmail: fix CVE-2008-2711 (crash when logging long headers in -v -v mode) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2008 14:30:01 -0000 >Number: 124718 >Category: ports >Synopsis: [PATCH] mail/fetchmail: fix CVE-2008-2711 (crash when logging long headers in -v -v mode) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Jun 18 14:30:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 6.3-STABLE i386 >Organization: >Environment: System: FreeBSD merlin.emma.line.org 6.3-STABLE FreeBSD 6.3-STABLE #33: Sun Jun 1 11:12:24 CEST >Description: Fix CVE-2008-2711 (crash when logging long headers in -v -v mode). Note that I am not providing a vulndb entry at this time for lack of time. Added file(s): - files/patch-CVE-2008-2711 Port maintainer (barner@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- fetchmail-6.3.8_6.patch begins here --- diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/Makefile /usr/home/emma/ports/mail/fetchmail/Makefile --- /usr/ports/mail/fetchmail/Makefile 2008-06-06 15:42:50.000000000 +0200 +++ /usr/home/emma/ports/mail/fetchmail/Makefile 2008-06-18 16:16:56.000000000 +0200 @@ -11,7 +11,7 @@ PORTNAME= fetchmail PORTVERSION= 6.3.8 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= mail ipv6 MASTER_SITES= ${MASTER_SITE_BERLIOS} \ ${MASTER_SITE_SUNSITE:S/$/:sunsite/}\ diff -ruN --exclude=CVS /usr/ports/mail/fetchmail/files/patch-CVE-2008-2711 /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2008-2711 --- /usr/ports/mail/fetchmail/files/patch-CVE-2008-2711 1970-01-01 01:00:00.000000000 +0100 +++ /usr/home/emma/ports/mail/fetchmail/files/patch-CVE-2008-2711 2008-06-18 16:18:27.000000000 +0200 @@ -0,0 +1,31 @@ +diff --git a/report.c b/report.c +index 31d4e48..2a731ac 100644 +--- ./report.c~ ++++ ./report.c +@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_alist) + rep_ensuresize(); + + #if defined(VA_START) +- VA_START (args, message); + for ( ; ; ) + { ++ /* ++ * args has to be initialized before every call of vsnprintf(), ++ * because vsnprintf() invokes va_arg macro and thus args is ++ * undefined after the call. ++ */ ++ VA_START(args, message); + n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used, + message, args); ++ va_end (args); + + if (n >= 0 + && (unsigned)n < partial_message_size - partial_message_size_used) +@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_alist) + partial_message_size += 2048; + partial_message = REALLOC (partial_message, partial_message_size); + } +- va_end (args); + #else + for ( ; ; ) + { --- fetchmail-6.3.8_6.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: