aboutsummaryrefslogtreecommitdiffstats
path: root/mail
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-02-19 05:47:18 +0800
committernectar <nectar@FreeBSD.org>2004-02-19 05:47:18 +0800
commitc594cdee70e2cb7401dc727e5b2a2011a39b749e (patch)
tree21512b258a5ff6b6cd44599105a79343ccb70b93 /mail
parentb6a65e144d707af1e463c15f7edc1cde480a52c8 (diff)
downloadfreebsd-ports-gnome-c594cdee70e2cb7401dc727e5b2a2011a39b749e.tar.gz
freebsd-ports-gnome-c594cdee70e2cb7401dc727e5b2a2011a39b749e.tar.zst
freebsd-ports-gnome-c594cdee70e2cb7401dc727e5b2a2011a39b749e.zip
Correct two format string vulnerabilities and two buffer overflows in
metamail (CVE names CAN-2004-0104 and CAN-2004-0104). Submitted by: Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>
Diffstat (limited to 'mail')
-rw-r--r--mail/metamail/Makefile1
-rw-r--r--mail/metamail/files/patch-ae22
-rw-r--r--mail/metamail/files/patch-af60
3 files changed, 79 insertions, 4 deletions
diff --git a/mail/metamail/Makefile b/mail/metamail/Makefile
index 00cfa31add11..fe4f9458966d 100644
--- a/mail/metamail/Makefile
+++ b/mail/metamail/Makefile
@@ -7,6 +7,7 @@
PORTNAME= metamail
PORTVERSION= 2.7
+PORTREVISION= 1
CATEGORIES= mail
MASTER_SITES= ftp://thumper.bellcore.com/pub/nsb/
DISTNAME= mm${PORTVERSION}
diff --git a/mail/metamail/files/patch-ae b/mail/metamail/files/patch-ae
index 263382803431..3cfe25c60518 100644
--- a/mail/metamail/files/patch-ae
+++ b/mail/metamail/files/patch-ae
@@ -1,5 +1,5 @@
-*** metamail/splitmail.c.orig Sun Jun 18 13:13:56 1995
---- metamail/splitmail.c Sun Jun 18 13:14:48 1995
+*** metamail/splitmail.c.orig Mon Jan 31 16:23:14 1994
+--- metamail/splitmail.c Wed Feb 18 15:39:09 2004
***************
*** 41,48 ****
#define VERBOSEDELIVERYCMD VerboseDeliveryCmd
@@ -19,3 +19,21 @@
#endif
usageexit() {
+***************
+*** 361,367 ****
+ }
+ if (!ULstrcmp(s, "subject")) {
+ *colon = ':';
+! strcpy(SubjectBuf, ++colon);
+ return(0);
+ }
+ if (!ULstrcmp(s, "content-type")) {
+--- 361,368 ----
+ }
+ if (!ULstrcmp(s, "subject")) {
+ *colon = ':';
+! strncpy(SubjectBuf, ++colon, sizeof(SubjectBuf));
+! SubjectBuf[sizeof(SubjectBuf) - 1] = '\0';
+ return(0);
+ }
+ if (!ULstrcmp(s, "content-type")) {
diff --git a/mail/metamail/files/patch-af b/mail/metamail/files/patch-af
index 2cb4033d6e55..3a67175fd480 100644
--- a/mail/metamail/files/patch-af
+++ b/mail/metamail/files/patch-af
@@ -74,8 +74,8 @@
while (s && *s && isspace((unsigned char) *s)) ++s;
if (s && (*s == 'y' || *s == 'Y')) break;
continue;
-*** metamail.c.bak Thu Feb 17 04:57:19 1994
---- metamail/metamail.c Mon Nov 20 01:21:37 1995
+*** metamail/metamail.c.orig Wed Feb 16 19:57:19 1994
+--- metamail/metamail.c Wed Feb 18 15:39:09 2004
***************
*** 83,89 ****
#define MAX_FILE_NAME_SIZE 256
@@ -111,6 +111,27 @@
overwriteans = 0;
} else {
***************
+*** 1202,1210 ****
+ fprintf(outfp, "Content-type: %s", ContentType);
+ for (j=0; j<CParamsUsed; ++j) {
+ fprintf(outfp, " ; ");
+! fprintf(outfp, CParams[j]);
+ fprintf(outfp, " = ");
+! fprintf(outfp, CParamValues[j]);
+ }
+ fprintf(outfp, "\n\n");
+ TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
+--- 1202,1210 ----
+ fprintf(outfp, "Content-type: %s", ContentType);
+ for (j=0; j<CParamsUsed; ++j) {
+ fprintf(outfp, " ; ");
+! fprintf(outfp, "%s", CParams[j]);
+ fprintf(outfp, " = ");
+! fprintf(outfp, "%s", CParamValues[j]);
+ }
+ fprintf(outfp, "\n\n");
+ TranslateInputToOutput(InputFP, outfp, EncodingCode, ContentType);
+***************
*** 1823,1829 ****
} else {
printf("This message contains '%s'-format data.\nDo you want to view it using the '%s' command (y/n) [y] ? ", ctype, ShortCommand(progname));
@@ -127,3 +148,38 @@
if (!s) return(0); /* EOF */
while (s && *s && isspace((unsigned char) *s)) ++s;
if (*s == 'y' || *s == 'Y' || !*s || *s == '\n') return(1);
+***************
+*** 2022,2028 ****
+ if (lc2strcmp(charset, PrevCharset)) {
+ char *s2, *charsetinuse;
+
+! strcpy(PrevCharset, charset);
+ for (s2=PrevCharset; *s2; ++s2) {
+ if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
+ }
+--- 2022,2029 ----
+ if (lc2strcmp(charset, PrevCharset)) {
+ char *s2, *charsetinuse;
+
+! strncpy(PrevCharset, charset, sizeof(PrevCharset));
+! PrevCharset[sizeof(PrevCharset) - 1] = '\0';
+ for (s2=PrevCharset; *s2; ++s2) {
+ if (isupper((unsigned char) *s2)) *s2 = tolower((unsigned char) *s2);
+ }
+***************
+*** 2032,2038 ****
+ }
+ }
+ if (ecode == ENCODING_NONE) {
+! printf(txt+1);
+ } else {
+ /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
+ MkTmpFileName(TmpFile);
+--- 2033,2039 ----
+ }
+ }
+ if (ecode == ENCODING_NONE) {
+! printf("%s", txt+1);
+ } else {
+ /* What follows is REALLY bogus, but all my encoding stuff is pipe-oriented right now... */
+ MkTmpFileName(TmpFile);