On Tue, 16 May 2017 19:32:39 +0300, Paul Irofti <p...@irofti.net> wrote:
> Right, so how about this? I think it's better that way. Thanks for taking care of. ok danj@ > Index: Makefile > =================================================================== > RCS file: /cvs/ports/mail/libetpan/Makefile,v > retrieving revision 1.25 > diff -u -p -u -p -r1.25 Makefile > --- Makefile 11 Nov 2016 12:07:00 -0000 1.25 > +++ Makefile 16 May 2017 16:31:12 -0000 > @@ -6,7 +6,7 @@ GH_ACCOUNT= dinhviethoa > GH_PROJECT= libetpan > GH_TAGNAME= 1.7.2 > CATEGORIES= mail devel > -REVISION= 2 > +REVISION= 3 > > SHARED_LIBS= etpan 17.0 # 20.0 > > Index: patches/patch-src_low-level_imf_mailimf_c > =================================================================== > RCS file: patches/patch-src_low-level_imf_mailimf_c > diff -N patches/patch-src_low-level_imf_mailimf_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_low-level_imf_mailimf_c 16 May 2017 > 16:31:12 -0000 @@ -0,0 +1,32 @@ > +$OpenBSD$ > + > +Fix CVE-2017-8825 null dereference vulnerability in MIME handling > + > +--- src/low-level/imf/mailimf.c.orig Thu May 26 08:27:47 2016 > ++++ src/low-level/imf/mailimf.c Tue May 16 19:17:24 2017 > +@@ -3083,6 +3083,7 @@ static int mailimf_group_parse(const char * > message, s > + struct mailimf_group * group; > + int r; > + int res; > ++ clist * list; > + > + cur_token = * indx; > + > +@@ -3108,6 +3109,17 @@ static int mailimf_group_parse(const char * > message, s > + r = mailimf_cfws_parse(message, length, &cur_token); > + if ((r != MAILIMF_NO_ERROR) && (r != MAILIMF_ERROR_PARSE)) { > + res = r; > ++ goto free_display_name; > ++ } > ++ list = clist_new(); > ++ if (list == NULL) { > ++ res = MAILIMF_ERROR_MEMORY; > ++ goto free_display_name; > ++ } > ++ mailbox_list = mailimf_mailbox_list_new(list); > ++ if (mailbox_list == NULL) { > ++ res = MAILIMF_ERROR_MEMORY; > ++ clist_free(list); > + goto free_display_name; > + } > + break; >