From nobody Wed May 1 19:54:56 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VV7812BY1z5JxxP; Wed, 1 May 2024 19:54:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VV7810nXXz4hZq; Wed, 1 May 2024 19:54:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714593297; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MSCIAqwsu67BukU5l+21h6Ijcg0QOqw4RZgK6KnKjyM=; b=DI0Ea8/5bZl5L6iJ7z7FegRLQqbZrzIWL0nJi5uqEkSHS75HJRINkq70GMj1ZvfSjG0Isw IPcfsLbSU91tkvDqmRXIV904I7BCqqaNLg4xQj4xWS2Qvjdx7oeDVnenZySSlKSACsPyRk 0BwxwMQ1OkLvwlY+1rnB7lumkLf0I94H51UPJih2edMCku1eexeB68+lWCy919HIklYvBy 1U11DfNicjsdt6MoyqTfMBb0kdnNSpf2WisY3rV6SDkNF5pzt88TrvHygzh5xYfbW5Mr60 k8IX6zCUQkeiWptqX10Ffz3YVtqTkKD2AxqGjRFh8oGSK14pgv7jlONPUphdSA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714593297; a=rsa-sha256; cv=none; b=kA978Y6Otd3Ckj9bB6nV+FYx0WLskUgzgHHNtZ0DUSkW34GyWb4Og0BcWPZoaojLS6JObO DxGIuxDEpDxNht2XB9w8bsNjwnRmjC+y3CJkp350Z4kiGcKXCjphW3hI16c7omGPlhF9jT oKp0qCLMAz35OEBtOskofqIP6MWc8hnkLiuaEcl8wO7wEkuhPCenptGXKK9kJgdKZJIGau 3zSEDOmX2KIwFkCT9nA2jPD3xZMU3ug3nMvM11MjbnWhSf3Zx8rQ2CY4ziiamAx1iPMCEo 6npvFsqsbLmGSeSaw1GC106HaPrZJBDw1rPKv/g2Qt/h89+Cnb8y7gAo5iTFcA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714593297; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MSCIAqwsu67BukU5l+21h6Ijcg0QOqw4RZgK6KnKjyM=; b=TegKKeuvuVJRqaGuHGxlfNIbCgeXeBqCFZoWdw/gcoAXs9BP960zuOgRwDyyc1hNQcm4i5 dXuwxWOJHtUnmW7qXbAvK2wTwEx9rH+HOcoJGOxgQmt7Rl4k4sknecvNw1IWub5XJy1Dul OA9nzm9YTBn6OPRoZsktPxvp9agnN16WmwjEwK2rorb28vIXoAGfWQ9l8EBjgFEUanpVXH YjPILmjQtcP0rbfLGm+b10W2SmpucSS1HtMk3V0NvgikfmbG1myXc2Y/rBhEMWlXaIsqf+ ru4SrSLfQ8hRu40IA/ShOQObsSqmqxQUIxCQvcYdwtss84SvqtHQ/FnC37O4BA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VV7810HGfzXs1; Wed, 1 May 2024 19:54:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 441JsuXW000356; Wed, 1 May 2024 19:54:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 441JsubQ000353; Wed, 1 May 2024 19:54:56 GMT (envelope-from git) Date: Wed, 1 May 2024 19:54:56 GMT Message-Id: <202405011954.441JsubQ000353@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Thomas Zander Subject: git: 483d9e29e056 - main - korean/hcode: Fix buffer overflow in mail.c List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: riggs X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 483d9e29e0569128d7f88e08c295c1f3dbeabf01 Auto-Submitted: auto-generated The branch main has been updated by riggs: URL: https://cgit.FreeBSD.org/ports/commit/?id=483d9e29e0569128d7f88e08c295c1f3dbeabf01 commit 483d9e29e0569128d7f88e08c295c1f3dbeabf01 Author: Thomas Zander AuthorDate: 2024-05-01 19:52:46 +0000 Commit: Thomas Zander CommitDate: 2024-05-01 19:54:54 +0000 korean/hcode: Fix buffer overflow in mail.c Reported by: Wolfgang Frisch MFH: 2024Q2 Security: CVE-2024-34020 --- korean/hcode/Makefile | 2 +- korean/hcode/files/patch-mail.c | 34 ++++++++++++++++++++++------------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/korean/hcode/Makefile b/korean/hcode/Makefile index c881a07a90ee..d268b08c41c6 100644 --- a/korean/hcode/Makefile +++ b/korean/hcode/Makefile @@ -1,6 +1,6 @@ PORTNAME= hcode PORTVERSION= 2.1.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= korean MASTER_SITES= http://ftp.kaist.ac.kr/hangul/incoming/ \ ftp://ftp.kaist.ac.kr/hangul/incoming/ \ diff --git a/korean/hcode/files/patch-mail.c b/korean/hcode/files/patch-mail.c index 9c9f5136dff3..57bc6ab2837e 100644 --- a/korean/hcode/files/patch-mail.c +++ b/korean/hcode/files/patch-mail.c @@ -1,15 +1,16 @@ ---- mail.c.orig 1998-03-11 05:02:22.000000000 -0500 -+++ mail.c 2013-06-12 20:06:21.000000000 -0400 -@@ -1,4 +1,8 @@ +--- mail.c.orig 1998-03-11 10:02:22 UTC ++++ mail.c +@@ -1,5 +1,9 @@ +#include #include +#include -+ -+static int ks2iso(unsigned char *, FILE *); ++static int ks2iso(unsigned char *, FILE *); ++ /* ------------------------------------------------------ Search for Starting Mark and print out (ENGLISH) prologue -@@ -66,9 +70,8 @@ + mark : Starting Code +@@ -66,9 +70,8 @@ FILE *fpin, *fpout; #define SI '\017' #define SO '\016' @@ -21,7 +22,7 @@ { int mode=ASCII; int i=0; -@@ -172,8 +175,8 @@ +@@ -172,8 +175,8 @@ void (*prwc)(); if (fgets((char *) ibuf,HDR_BUF_LEN,fpin) == NULL) /* no message body */ return(1); /* header only (6/8/96) */ @@ -32,7 +33,7 @@ header_switch(iptr,fpout); continue; } -@@ -186,7 +189,7 @@ +@@ -186,7 +189,7 @@ void (*prwc)(); while ( charset[++i] != NULL ) { sprintf(encode_prefix,"=?%s?B?",charset[i]); @@ -41,7 +42,7 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Bencode, -@@ -195,7 +198,7 @@ +@@ -195,7 +198,7 @@ void (*prwc)(); } sprintf(encode_prefix,"=?%s?Q?",charset[i]); @@ -50,7 +51,16 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Qencode, -@@ -250,15 +253,15 @@ +@@ -238,7 +241,7 @@ int outCode; + unsigned char ibuf[HDR_BUF_LEN],obuf[HDR_BUF_LEN],tbuf[HDR_BUF_LEN]; + unsigned char *iptr, *tptr; + +- if ( cp >= HDR_BUF_LEN ) { ++ if ( cp >= (HDR_BUF_LEN-8) ) { + pr2m(Printwc,fpout,outCode); + return; + } +@@ -250,15 +253,15 @@ int outCode; return; } ibuf[cp++] = '\n'; @@ -69,7 +79,7 @@ string_to_base64(obuf, tbuf); fprintf(fpout,"=?EUC-KR?B?%s?=",obuf); } -@@ -342,12 +345,12 @@ +@@ -342,12 +345,12 @@ void (*prwc)(); only checks if there's any whitespace or '?'. */ @@ -85,7 +95,7 @@ iptr+=2; if ( encoding == Bencode) base64_to_string(obuf, tbuf); -@@ -495,7 +498,7 @@ +@@ -495,7 +498,7 @@ void header_switch(iptr,fpout) /* void header_switch(iptr0,fpout,name_len) */ void header_switch(iptr,fpout) /* unsigned char **iptr0; */