diff --git a/mail/mutt/snapshot/Makefile b/mail/mutt/snapshot/Makefile index 23f0a8af682..8346408f792 100644 --- a/mail/mutt/snapshot/Makefile +++ b/mail/mutt/snapshot/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.38 2006/03/22 12:43:09 bernd Exp $ +# $OpenBSD: Makefile,v 1.39 2006/06/21 08:16:45 bernd Exp $ COMMENT= "tty-based e-mail client, development version" VERSION= 1.5.11 DISTNAME= mutt-${VERSION} -PKGNAME= ${DISTNAME}p2 +PKGNAME= ${DISTNAME}p3 MASTER_SITES= ${MASTER_SITES_MUTT:=devel/} AUTOCONF_VERSION= 2.59 diff --git a/mail/mutt/snapshot/patches/patch-imap_browse_c b/mail/mutt/snapshot/patches/patch-imap_browse_c new file mode 100644 index 00000000000..668b317c1df --- /dev/null +++ b/mail/mutt/snapshot/patches/patch-imap_browse_c @@ -0,0 +1,33 @@ +$OpenBSD: patch-imap_browse_c,v 1.1 2006/06/21 08:16:45 bernd Exp $ + +From mutt CVS: +Fix browse_get_namespace() which could overflow ns[LONG_STRING]. +(Possible remote vulnerability) + +--- imap/browse.c.orig Tue Jun 20 15:40:30 2006 ++++ imap/browse.c Tue Jun 20 15:42:34 2006 +@@ -512,7 +512,7 @@ static int browse_get_namespace (IMAP_DA + if (*s == '\"') + { + s++; +- while (*s && *s != '\"') ++ while (*s && *s != '\"' && n < sizeof (ns) - 1) + { + if (*s == '\\') + s++; +@@ -523,12 +523,14 @@ static int browse_get_namespace (IMAP_DA + s++; + } + else +- while (*s && !ISSPACE (*s)) ++ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) + { + ns[n++] = *s; + s++; + } + ns[n] = '\0'; ++ if (n == sizeof (ns) - 1) ++ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); + /* delim? */ + s = imap_next_word (s); + /* delimiter is meaningless if namespace is "". Why does diff --git a/mail/mutt/stable/Makefile b/mail/mutt/stable/Makefile index 804700d4801..69a543b096e 100644 --- a/mail/mutt/stable/Makefile +++ b/mail/mutt/stable/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.27 2006/03/22 12:43:09 bernd Exp $ +# $OpenBSD: Makefile,v 1.28 2006/06/21 08:16:45 bernd Exp $ COMMENT= "tty-based e-mail client" VERSION= 1.4.2 DISTNAME= mutt-${VERSION}i -PKGNAME= ${DISTNAME}p3 +PKGNAME= ${DISTNAME}p4 MASTER_SITES= ${MASTER_SITES_MUTT} AUTOCONF_VERSION=2.13 diff --git a/mail/mutt/stable/patches/patch-imap_browse_c b/mail/mutt/stable/patches/patch-imap_browse_c new file mode 100644 index 00000000000..1efa6b2e0a8 --- /dev/null +++ b/mail/mutt/stable/patches/patch-imap_browse_c @@ -0,0 +1,33 @@ +$OpenBSD: patch-imap_browse_c,v 1.1 2006/06/21 08:16:45 bernd Exp $ + +From mutt CVS: +Fix browse_get_namespace() which could overflow ns[LONG_STRING]. +(Possible remote vulnerability) + +--- imap/browse.c.orig Tue Feb 26 11:38:56 2002 ++++ imap/browse.c Tue Jun 20 15:44:27 2006 +@@ -452,7 +452,7 @@ static int browse_get_namespace (IMAP_DA + if (*s == '\"') + { + s++; +- while (*s && *s != '\"') ++ while (*s && *s != '\"' && n < sizeof (ns) - 1) + { + if (*s == '\\') + s++; +@@ -463,12 +463,14 @@ static int browse_get_namespace (IMAP_DA + s++; + } + else +- while (*s && !ISSPACE (*s)) ++ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) + { + ns[n++] = *s; + s++; + } + ns[n] = '\0'; ++ if (n == sizeof (ns) - 1) ++ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); + /* delim? */ + s = imap_next_word (s); + /* delimiter is meaningless if namespace is "". Why does