Received: by mail.netbsd.org (Postfix, from userid 605)
	id 2C54384E39; Sun, 26 Nov 2017 20:39:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id A985484CFC
	for <pkgsrc-changes@NetBSD.org>; Sun, 26 Nov 2017 20:39:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id ZS_LAKkQL2Ga for <pkgsrc-changes@netbsd.org>;
	Sun, 26 Nov 2017 20:39:41 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 2619A84DE2
	for <pkgsrc-changes@NetBSD.org>; Sun, 26 Nov 2017 20:39:41 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 243E9FB40; Sun, 26 Nov 2017 20:39:41 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1511728781262920"
MIME-Version: 1.0
Date: Sun, 26 Nov 2017 20:39:41 +0000
From: "Soren Jacobsen" <snj@netbsd.org>
Subject: CVS commit: pkgsrc/mail/procmail
To: pkgsrc-changes@NetBSD.org
Reply-To: snj@netbsd.org
X-Mailer: log_accum
Message-Id: <20171126203941.243E9FB40@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1511728781262920
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	snj
Date:		Sun Nov 26 20:39:41 UTC 2017

Modified Files:
	pkgsrc/mail/procmail: Makefile distinfo
	pkgsrc/mail/procmail/patches: patch-bd

Log Message:
procmail: Fix CVE-2017-16844

Patch from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511

Bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 pkgsrc/mail/procmail/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/procmail/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/mail/procmail/patches/patch-bd

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1511728781262920
Content-Disposition: inline
Content-Length: 2911
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/mail/procmail/Makefile
diff -u pkgsrc/mail/procmail/Makefile:1.49 pkgsrc/mail/procmail/Makefile:1.50
--- pkgsrc/mail/procmail/Makefile:1.49	Thu Oct  9 14:06:40 2014
+++ pkgsrc/mail/procmail/Makefile	Sun Nov 26 20:39:40 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.49 2014/10/09 14:06:40 wiz Exp $
+# $NetBSD: Makefile,v 1.50 2017/11/26 20:39:40 snj Exp $
 
 DISTNAME=	procmail-3.22
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.procmail.org/pub/procmail/
 

Index: pkgsrc/mail/procmail/distinfo
diff -u pkgsrc/mail/procmail/distinfo:1.16 pkgsrc/mail/procmail/distinfo:1.17
--- pkgsrc/mail/procmail/distinfo:1.16	Tue Nov  3 23:27:17 2015
+++ pkgsrc/mail/procmail/distinfo	Sun Nov 26 20:39:40 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2015/11/03 23:27:17 agc Exp $
+$NetBSD: distinfo,v 1.17 2017/11/26 20:39:40 snj Exp $
 
 SHA1 (procmail-3.22.tar.gz) = cd4e44c15559816453fd60349e5a32289f6f2965
 RMD160 (procmail-3.22.tar.gz) = e609ec94ea9ab3b93629c62b3e29add497806483
@@ -14,4 +14,4 @@ SHA1 (patch-ag) = 8f2ae1f2e7bdc3c2295148
 SHA1 (patch-ba) = 2ebbd43d2773b147ee6410e37ab3696aeda3c07c
 SHA1 (patch-bb) = 5b273bd60d24168794189bb844e39e94bd688ea8
 SHA1 (patch-bc) = 7344d3c2fce1bcd3276d8e5014bf9537c6dece5c
-SHA1 (patch-bd) = fb6f2fb4b5fe1ea01682a319b6655b023e5c5fd0
+SHA1 (patch-bd) = 27a7711e400f934bc82937eae68681e0b5c30c4a

Index: pkgsrc/mail/procmail/patches/patch-bd
diff -u pkgsrc/mail/procmail/patches/patch-bd:1.3 pkgsrc/mail/procmail/patches/patch-bd:1.4
--- pkgsrc/mail/procmail/patches/patch-bd:1.3	Thu Sep  4 07:37:44 2014
+++ pkgsrc/mail/procmail/patches/patch-bd	Sun Nov 26 20:39:40 2017
@@ -1,14 +1,18 @@
-$NetBSD: patch-bd,v 1.3 2014/09/04 07:37:44 wiz Exp $
+$NetBSD: patch-bd,v 1.4 2017/11/26 20:39:40 snj Exp $
 
 First chunk:
 https://bugzilla.redhat.com/show_bug.cgi?id=1121299
 CVE-2014-3618
 
 Second chunk:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511
+CVE-2017-16844
+
+Third chunk:
 Avoid conflict with existing getline() functions.
 
---- src/formisc.c.orig	2001-06-29 02:20:45.000000000 +0000
-+++ src/formisc.c
+--- src/formisc.c.orig	2001-06-28 19:20:45.000000000 -0700
++++ src/formisc.c	2017-11-26 12:21:14.260042851 -0800
 @@ -84,12 +84,11 @@ normal:	   *target++= *start++;
  	case '"':*target++=delim='"';start++;
        }
@@ -23,6 +27,15 @@ Avoid conflict with existing getline() f
        }
       hitspc=2;
     }
+@@ -104,7 +103,7 @@ void loadsaved(sp)const struct saved*con
+ }
+ 							    /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
++{ while(buffilled+len>buflen)			  /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
 @@ -115,7 +114,7 @@ void loadchar(c)const int c;		      /* a
    buf[buffilled++]=c;
  }


--_----------=_1511728781262920--