Re: mail/procmail CVE-2017-16844

2022-05-04 Thread Josh Grosse
On Thu, May 05, 2022 at 12:09:37AM +0100, Stuart Henderson wrote: > It has been de-abandoned upstream, there is a new release from earlier this > year. Update diff for that below FWIW. It builds, runtime not tested, I > have forgotten how to use it. I've just tested it on amd64, and it works

Re: mail/procmail CVE-2017-16844

2022-05-04 Thread Stuart Henderson
On 2022/05/04 23:42, Martin Schröder wrote: > Am Mi., 6. Dez. 2017 um 13:06 Uhr schrieb Stuart Henderson > : > > OK for the fix. But guenther@'s comment from 2015 still stands - > > > > "Executive summary: delete the procmail port; the code is not safe and > > should not be used as a basis for any

Re: mail/procmail CVE-2017-16844

2022-05-04 Thread Martin Schröder
Am Mi., 6. Dez. 2017 um 13:06 Uhr schrieb Stuart Henderson : > OK for the fix. But guenther@'s comment from 2015 still stands - > > "Executive summary: delete the procmail port; the code is not safe and > should not be used as a basis for any further work." > >

Re: mail/procmail CVE-2017-16844

2017-12-06 Thread Stuart Henderson
On 2017/12/06 12:46, Alexander Bluhm wrote: > On Wed, Nov 29, 2017 at 09:02:07PM +0100, Stefan Sperling wrote: > > > > + void loadbuf(text,len)const char*const text;const size_t len; > > > > +-{ if(buffilled+len>buflen) /* buf can't hold the > > > > text */ > > > > ++{

Re: mail/procmail CVE-2017-16844

2017-12-06 Thread Alexander Bluhm
On Wed, Nov 29, 2017 at 09:02:07PM +0100, Stefan Sperling wrote: > > > + void loadbuf(text,len)const char*const text;const size_t len; > > > +-{ if(buffilled+len>buflen)/* buf can't hold the > > > text */ > > > ++{ while(buffilled+len>buflen) /* buf

Re: mail/procmail CVE-2017-16844

2017-11-29 Thread Stefan Sperling
On Wed, Nov 29, 2017 at 06:08:00PM +0100, Landry Breuil wrote: > On Wed, Nov 29, 2017 at 06:03:31PM +0100, Alexander Bluhm wrote: > > Hi, > > > > +Index: src/formisc.c > > +--- src/formisc.c.orig > > src/formisc.c > > @@ -84,12 +84,11 @@ normal: *target++= *start++; > > case

Re: mail/procmail CVE-2017-16844

2017-11-29 Thread Landry Breuil
On Wed, Nov 29, 2017 at 06:03:31PM +0100, Alexander Bluhm wrote: > Hi, > > +Index: src/formisc.c > +--- src/formisc.c.orig > src/formisc.c > @@ -84,12 +84,11 @@ normal: *target++= *start++; > case '"':*target++=delim='"';start++; > } > @@ -19,6 +24,15 @@ with unbalanced

mail/procmail CVE-2017-16844

2017-11-29 Thread Alexander Bluhm
Hi, I would like to fix CVE-2017-16844 for procmail. ok? bluhm Index: mail/procmail/Makefile === RCS file: /data/mirror/openbsd/cvs/ports/mail/procmail/Makefile,v retrieving revision 1.42 diff -u -p -r1.42 Makefile ---