as with 2.0.3:
> apply a patch from evution CVS: > 2005-01-20 Not Zed <NotZed@Ximian.com> > * camel-lock-helper.c (main): since malloc(MAXINT+1) returns a > valid pointer, validate the length of the path before using it. > set maximum path to 65000 characters. Spotted by Max Vozeler > <max@hinterhof.net> > > This fixes the security vulnerability refered to as CAN-2005-0102. > bump PKGREVISION
This commit is contained in:
parent
9415f1f987
commit
6d0c25831d
3 changed files with 20 additions and 3 deletions
|
@ -1,8 +1,8 @@
|
|||
# $NetBSD: Makefile,v 1.14 2004/12/28 23:18:16 reed Exp $
|
||||
# $NetBSD: Makefile,v 1.15 2005/01/31 17:33:57 drochner Exp $
|
||||
|
||||
DISTNAME= evolution-1.2.4
|
||||
PKGNAME= ${DISTNAME:S/evolution/evolution12/}
|
||||
PKGREVISION= 3
|
||||
PKGREVISION= 4
|
||||
CATEGORIES= mail time gnome
|
||||
MASTER_SITES= ftp://ftp.ximian.com/pub/ximian-evolution/source/ \
|
||||
ftp://ximian.netnitco.net/pub/mirrors/ximian/ximian-evolution/source/ \
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.1.1.1 2004/01/04 21:39:50 rh Exp $
|
||||
$NetBSD: distinfo,v 1.2 2005/01/31 17:33:57 drochner Exp $
|
||||
|
||||
SHA1 (evolution-1.2.4.tar.bz2) = 924ef022d39ab437e41b784181ba572e8a16e59d
|
||||
Size (evolution-1.2.4.tar.bz2) = 12940769 bytes
|
||||
|
@ -14,3 +14,4 @@ SHA1 (patch-ai) = 2d73b5a3a2a006bb29b83650154ca64d721ef09d
|
|||
SHA1 (patch-aj) = 0e132d78a59631d443a8fe03a838033089e1802c
|
||||
SHA1 (patch-ak) = 3c1f314f16743221a2ce9db659c0877b70f00f51
|
||||
SHA1 (patch-al) = de0b84420c20aabe4d9eadf5f322b117a71ca2dc
|
||||
SHA1 (patch-am) = 18b9a5eda1ca81ef158e04295e13a33c54683ae1
|
||||
|
|
16
mail/evolution12/patches/patch-am
Normal file
16
mail/evolution12/patches/patch-am
Normal file
|
@ -0,0 +1,16 @@
|
|||
$NetBSD: patch-am,v 1.1 2005/01/31 17:33:57 drochner Exp $
|
||||
|
||||
--- camel/camel-lock-helper.c.orig 2001-11-03 01:26:18.000000000 +0100
|
||||
+++ camel/camel-lock-helper.c
|
||||
@@ -360,8 +360,9 @@ int main(int argc, char **argv)
|
||||
switch(msg.id) {
|
||||
case CAMEL_LOCK_HELPER_LOCK:
|
||||
res = CAMEL_LOCK_HELPER_STATUS_NOMEM;
|
||||
- path = malloc(msg.data+1);
|
||||
- if (path != NULL) {
|
||||
+ if (msg.data > 0xffff) {
|
||||
+ res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL;
|
||||
+ } else if ((path = malloc(msg.data+1)) != NULL) {
|
||||
res = CAMEL_LOCK_HELPER_STATUS_PROTOCOL;
|
||||
len = read_n(STDIN_FILENO, path, msg.data);
|
||||
if (len == msg.data) {
|
Loading…
Reference in a new issue