From owner-svn-ports-head@FreeBSD.ORG  Mon Aug 27 17:44:24 2012
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7EF80106564A;
	Mon, 27 Aug 2012 17:44:24 +0000 (UTC)
	(envelope-from mandree@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 68A738FC0A;
	Mon, 27 Aug 2012 17:44:24 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7RHiNvc033039;
	Mon, 27 Aug 2012 17:44:23 GMT (envelope-from mandree@svn.freebsd.org)
Received: (from mandree@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7RHiN04033035;
	Mon, 27 Aug 2012 17:44:23 GMT (envelope-from mandree@svn.freebsd.org)
Message-Id: <201208271744.q7RHiN04033035@svn.freebsd.org>
From: Matthias Andree <mandree@FreeBSD.org>
Date: Mon, 27 Aug 2012 17:44:23 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
	svn-ports-head@freebsd.org
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r303238 - in head: mail/fetchmail mail/fetchmail/files
	security/vuxml
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the ports tree for head
	<svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>, 
	<mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
	<mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2012 17:44:24 -0000

Author: mandree
Date: Mon Aug 27 17:44:23 2012
New Revision: 303238
URL: http://svn.freebsd.org/changeset/ports/303238

Log:
  Update fetchmail to 6.3.21_1, fixing CVE-2012-3482.
  Adjust VuXML database entry from < 6.3.22 to < 6.3.21_1.
  
  PR:		ports/170613
  Approved by:	maintainer timeout (14 days)
  Security:	http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html
  Security:	CVE-2012-3482

Added:
  head/mail/fetchmail/files/patch-CVE-2012-3482   (contents, props changed)
Modified:
  head/mail/fetchmail/Makefile   (contents, props changed)
  head/security/vuxml/vuln.xml

Modified: head/mail/fetchmail/Makefile
==============================================================================
--- head/mail/fetchmail/Makefile	Mon Aug 27 17:43:38 2012	(r303237)
+++ head/mail/fetchmail/Makefile	Mon Aug 27 17:44:23 2012	(r303238)
@@ -12,6 +12,7 @@
 
 PORTNAME=	fetchmail
 PORTVERSION=	6.3.21
+PORTREVISION=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	BERLIOS/${PORTNAME}/ \
 		SF/${PORTNAME}/branch_6.3/ \

Added: head/mail/fetchmail/files/patch-CVE-2012-3482
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/mail/fetchmail/files/patch-CVE-2012-3482	Mon Aug 27 17:44:23 2012	(r303238)
@@ -0,0 +1,53 @@
+diff --git a/ntlm.h b/ntlm.h
+index 1469633..ad83520 100644
+--- a/ntlm.h
++++ b/ntlm.h
+@@ -32,8 +32,8 @@ uint32        msgType;
+ tSmbStrHeader    uDomain;
+ uint32        flags;
+ uint8         challengeData[8];
+-uint8         reserved[8];
+-tSmbStrHeader    emptyString;
++uint32        context[2];
++tSmbStrHeader    targetInfo;
+ uint8         buffer[1024];
+ uint32        bufIndex;
+ }tSmbNtlmAuthChallenge;
+diff --git a/ntlmsubr.c b/ntlmsubr.c
+index f9d2733..63cbed8 100644
+--- a/ntlmsubr.c
++++ b/ntlmsubr.c
+@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
+     if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ 	goto cancelfail;
+ 
+-    (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
++    if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0
++	    || result < ((void *)&challenge.context - (void *)&challenge))
++    {
++	report (stderr, GT_("could not decode BASE64 challenge\n"));
++	/* We do not goto cancelfail; the server has already sent the
++	 * tagged reply, so the protocol exchange has ended, no need
++	 * for us to send the asterisk. */
++	return PS_AUTHFAIL;
++    }
++
++    /* validate challenge:
++     * - ident
++     * - message type
++     * - that offset points into buffer
++     * - that offset + length does not wrap
++     * - that offset + length is not bigger than buffer */
++    if (0 != memcmp("NTLMSSP", challenge.ident, 8)
++	    || challenge.msgType != 2
++	    || challenge.uDomain.offset > result
++	    || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset
++	    || challenge.uDomain.offset + challenge.uDomain.len > result)
++    {
++	report (stderr, GT_("NTLM challenge contains invalid data.\n"));
++	result = PS_AUTHFAIL;
++	goto cancelfail;
++    }
+ 
+     if (outlevel >= O_DEBUG)
+ 	dumpSmbNtlmAuthChallenge(stdout, &challenge);

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Aug 27 17:43:38 2012	(r303237)
+++ head/security/vuxml/vuln.xml	Mon Aug 27 17:44:23 2012	(r303238)
@@ -611,7 +611,7 @@ Note:  Please add new entries to the beg
     <affects>
       <package>
 	<name>fetchmail</name>
-	<range><ge>5.0.8</ge><lt>6.3.22</lt></range>
+	<range><ge>5.0.8</ge><lt>6.3.21_1</lt></range>
       </package>
     </affects>
     <description>
@@ -634,6 +634,7 @@ Note:  Please add new entries to the beg
     <dates>
       <discovery>2012-08-12</discovery>
       <entry>2012-08-14</entry>
+      <modified>2012-08-27</modified>
     </dates>
   </vuln>