On Tue, 16 May 2017 19:32:39 +0300, Paul Irofti <p...@irofti.net> wrote:
> Right, so how about this?
I think it's better that way. Thanks for taking care of. ok danj@
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/libetpan/Makefile,v
> retrieving revision 1.25
> diff -u -p -u -p -r1.25 Makefile
> --- Makefile 11 Nov 2016 12:07:00 -0000 1.25
> +++ Makefile 16 May 2017 16:31:12 -0000
> @@ -6,7 +6,7 @@ GH_ACCOUNT= dinhviethoa
> GH_PROJECT= libetpan
> GH_TAGNAME= 1.7.2
> CATEGORIES= mail devel
> -REVISION= 2
> +REVISION= 3
>
> SHARED_LIBS= etpan 17.0 # 20.0
>
> Index: patches/patch-src_low-level_imf_mailimf_c
> ===================================================================
> RCS file: patches/patch-src_low-level_imf_mailimf_c
> diff -N patches/patch-src_low-level_imf_mailimf_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_low-level_imf_mailimf_c 16 May 2017
> 16:31:12 -0000 @@ -0,0 +1,32 @@
> +$OpenBSD$
> +
> +Fix CVE-2017-8825 null dereference vulnerability in MIME handling
> +
> +--- src/low-level/imf/mailimf.c.orig Thu May 26 08:27:47 2016
> ++++ src/low-level/imf/mailimf.c Tue May 16 19:17:24 2017
> +@@ -3083,6 +3083,7 @@ static int mailimf_group_parse(const char *
> message, s
> + struct mailimf_group * group;
> + int r;
> + int res;
> ++ clist * list;
> +
> + cur_token = * indx;
> +
> +@@ -3108,6 +3109,17 @@ static int mailimf_group_parse(const char *
> message, s
> + r = mailimf_cfws_parse(message, length, &cur_token);
> + if ((r != MAILIMF_NO_ERROR) && (r != MAILIMF_ERROR_PARSE)) {
> + res = r;
> ++ goto free_display_name;
> ++ }
> ++ list = clist_new();
> ++ if (list == NULL) {
> ++ res = MAILIMF_ERROR_MEMORY;
> ++ goto free_display_name;
> ++ }
> ++ mailbox_list = mailimf_mailbox_list_new(list);
> ++ if (mailbox_list == NULL) {
> ++ res = MAILIMF_ERROR_MEMORY;
> ++ clist_free(list);
> + goto free_display_name;
> + }
> + break;
>
