[143284] trunk/dports/mail/procmail

cal at macports.org cal at macports.org
Sat Dec 12 09:20:08 PST 2015 

Revision: 143284
          https://trac.macports.org/changeset/143284
Author:   cal at macports.org
Date:     2015-12-09 13:43:02 -0800 (Wed, 09 Dec 2015)
Log Message:
-----------
procmail: Fix CVE-2014-3618, closes #49044

Modified Paths:
--------------
    trunk/dports/mail/procmail/Portfile

Added Paths:
-----------
    trunk/dports/mail/procmail/files/patch-src-formisc.c

Modified: trunk/dports/mail/procmail/Portfile
===================================================================
--- trunk/dports/mail/procmail/Portfile	2015-12-09 21:34:01 UTC (rev 143283)
+++ trunk/dports/mail/procmail/Portfile	2015-12-09 21:43:02 UTC (rev 143284)
@@ -5,7 +5,7 @@
 
 name                procmail
 version             3.22
-revision            3
+revision            4
 categories          mail
 license             {Artistic-1 GPL-2+}
 platforms           darwin
@@ -69,7 +69,8 @@
     move ${worksrcpath}/INSTALL ${worksrcpath}/INSTALL.README
 }
 
-patchfiles          getline.patch
+patchfiles          getline.patch \
+                    patch-src-formisc.c
 post-patch {
     reinplace "s%^/\\*\\(#define\[ \t\]*DEF\[S\]*PATH\[ \t\]*\".*\\)\".*$%\\1:${prefix}/bin\"%" ${worksrcpath}/config.h
     reinplace "s%/etc/procmailrc%${prefix}/etc/procmailrc%" ${worksrcpath}/config.h

Added: trunk/dports/mail/procmail/files/patch-src-formisc.c
===================================================================
--- trunk/dports/mail/procmail/files/patch-src-formisc.c	                        (rev 0)
+++ trunk/dports/mail/procmail/files/patch-src-formisc.c	2015-12-09 21:43:02 UTC (rev 143284)
@@ -0,0 +1,16 @@
+--- src/formisc.c.orig	2001-06-29 10:20:45.000000000 +0800
++++ src/formisc.c	2014-09-12 00:58:12.989105253 +0800
+@@ -84,12 +84,11 @@
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20151212/76ce19be/attachment-0001.html>

More information about the macports-changes mailing list