From nobody Wed May 01 19:55:41 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VV78t24Sbz5JxgK; Wed, 1 May 2024 19:55:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VV78t16mSz4hmV; Wed, 1 May 2024 19:55:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714593342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ADDxwFk9nzntWAmYPwZDsAAFgt+2/feEIAXI4grDg3Y=; b=jWWqJPHq/5wQPSiKoXHoeKDPNH5djuqEsnnYMyK6eipgmj3VU1YdYKfezK5hOnr3BuylT1 bv7zdd0NqEkuk1f+c2cXJAdW51cyr5hYM+0fJoCyBSspWhU+5GlXDt42DOYkZUZKGs/Yaz 5XEzgJMD7f6m4Owl2uDrtOHzh1NHZVw4iioMFP6c4U9q6A00F103BMoZZT/L3HbL2hvVLM DGR69+eU4Nq/W/sjrUABUvW7o8CCglTNl/tNZ/8CT5j58TlC9/3VyBUFk8CvFrogkZYIyc 5mzQdlS1agCaujxFRkD0igqfA/Vqu5lDTJCf10Ip5Rj5TlRNy9/plh2V0w0Lug== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714593342; a=rsa-sha256; cv=none; b=nqfrICQUJ4lEMGhX+5E6+58KkclvLKkcZxH+6pT/cfFvF2S2a3xe13OCFawarB3QI8X4JY PLWU4cRW73+Q/Rumne3Yv3gbQZpfm3vo1TtR96FcHgacI1mMUIK10b6OFjyB371dkAexjX ByTrL7SRLOt4Xoq6DhyGG5bd7uH1o0djsyguZ6Gy5ZZLzqZi29zu4ivr9F89+d+wTUUGk3 4ambkM0uxV7kKqhRMN0QuRhXstLVDWX+QZ5Ke3rg7+UdEC/XvQ3slMM3bVAKBOKm2AnKnq YhJeko2WPCakTZ72wKZ/5N2y+qDwbLnWf5fmhYjtFFvmnG3AnJwc0bYkQgb8cA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714593342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ADDxwFk9nzntWAmYPwZDsAAFgt+2/feEIAXI4grDg3Y=; b=K50Wxoe66sgEScQnFHJXelyiaY1Av1kHMIcPClex9CZ4YOGN3zRR+yZ3fqyOUkQ6kPwdJt ul4CiSkuhOiZZDY1YOEE+vdoBpB3YC0AoQ5PlfZrmOJZXtudTvBX6tmSyIq7TJo+prIRD3 Vlfz2A/NKbvyvCmOzmyXdXS5/YFU1v1HR/jugmrZR3q/Bq+LeB6bYN+MazSmwwlEop6kLr KgAn0Qg4Nc05Nav8O72BggKtvwfp0LKNIiolLViB2jfsVn12O4mJTl43DGmEJpg4LtHb9b eH26fVgnkUrnDJcMu20y7WpNMpkgWCyAU8x5ZNsZ21dvvUmo1reV84+MRHDZtQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VV78t0jqRzYMV; Wed, 1 May 2024 19:55:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 441JtgQe000636; Wed, 1 May 2024 19:55:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 441JtfD9000633; Wed, 1 May 2024 19:55:41 GMT (envelope-from git) Date: Wed, 1 May 2024 19:55:41 GMT Message-Id: <202405011955.441JtfD9000633@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Thomas Zander Subject: git: 8763fb2f27d9 - 2024Q2 - korean/hcode: Fix buffer overflow in mail.c List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: riggs X-Git-Repository: ports X-Git-Refname: refs/heads/2024Q2 X-Git-Reftype: branch X-Git-Commit: 8763fb2f27d9b163b8981a8317a6cc6c890d5999 Auto-Submitted: auto-generated The branch 2024Q2 has been updated by riggs: URL: https://cgit.FreeBSD.org/ports/commit/?id=8763fb2f27d9b163b8981a8317a6cc6c890d5999 commit 8763fb2f27d9b163b8981a8317a6cc6c890d5999 Author: Thomas Zander AuthorDate: 2024-05-01 19:52:46 +0000 Commit: Thomas Zander CommitDate: 2024-05-01 19:55:30 +0000 korean/hcode: Fix buffer overflow in mail.c Reported by: Wolfgang Frisch MFH: 2024Q2 Security: CVE-2024-34020 (cherry picked from commit 483d9e29e0569128d7f88e08c295c1f3dbeabf01) --- korean/hcode/Makefile | 2 +- korean/hcode/files/patch-mail.c | 34 ++++++++++++++++++++++------------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/korean/hcode/Makefile b/korean/hcode/Makefile index c881a07a90ee..d268b08c41c6 100644 --- a/korean/hcode/Makefile +++ b/korean/hcode/Makefile @@ -1,6 +1,6 @@ PORTNAME= hcode PORTVERSION= 2.1.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= korean MASTER_SITES= http://ftp.kaist.ac.kr/hangul/incoming/ \ ftp://ftp.kaist.ac.kr/hangul/incoming/ \ diff --git a/korean/hcode/files/patch-mail.c b/korean/hcode/files/patch-mail.c index 9c9f5136dff3..57bc6ab2837e 100644 --- a/korean/hcode/files/patch-mail.c +++ b/korean/hcode/files/patch-mail.c @@ -1,15 +1,16 @@ ---- mail.c.orig 1998-03-11 05:02:22.000000000 -0500 -+++ mail.c 2013-06-12 20:06:21.000000000 -0400 -@@ -1,4 +1,8 @@ +--- mail.c.orig 1998-03-11 10:02:22 UTC ++++ mail.c +@@ -1,5 +1,9 @@ +#include #include +#include -+ -+static int ks2iso(unsigned char *, FILE *); ++static int ks2iso(unsigned char *, FILE *); ++ /* ------------------------------------------------------ Search for Starting Mark and print out (ENGLISH) prologue -@@ -66,9 +70,8 @@ + mark : Starting Code +@@ -66,9 +70,8 @@ FILE *fpin, *fpout; #define SI '\017' #define SO '\016' @@ -21,7 +22,7 @@ { int mode=ASCII; int i=0; -@@ -172,8 +175,8 @@ +@@ -172,8 +175,8 @@ void (*prwc)(); if (fgets((char *) ibuf,HDR_BUF_LEN,fpin) == NULL) /* no message body */ return(1); /* header only (6/8/96) */ @@ -32,7 +33,7 @@ header_switch(iptr,fpout); continue; } -@@ -186,7 +189,7 @@ +@@ -186,7 +189,7 @@ void (*prwc)(); while ( charset[++i] != NULL ) { sprintf(encode_prefix,"=?%s?B?",charset[i]); @@ -41,7 +42,7 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Bencode, -@@ -195,7 +198,7 @@ +@@ -195,7 +198,7 @@ void (*prwc)(); } sprintf(encode_prefix,"=?%s?Q?",charset[i]); @@ -50,7 +51,16 @@ strlen(encode_prefix)) ) { isbqheader= bqheader_decode(&iptr,encode_prefix,Qencode, -@@ -250,15 +253,15 @@ +@@ -238,7 +241,7 @@ int outCode; + unsigned char ibuf[HDR_BUF_LEN],obuf[HDR_BUF_LEN],tbuf[HDR_BUF_LEN]; + unsigned char *iptr, *tptr; + +- if ( cp >= HDR_BUF_LEN ) { ++ if ( cp >= (HDR_BUF_LEN-8) ) { + pr2m(Printwc,fpout,outCode); + return; + } +@@ -250,15 +253,15 @@ int outCode; return; } ibuf[cp++] = '\n'; @@ -69,7 +79,7 @@ string_to_base64(obuf, tbuf); fprintf(fpout,"=?EUC-KR?B?%s?=",obuf); } -@@ -342,12 +345,12 @@ +@@ -342,12 +345,12 @@ void (*prwc)(); only checks if there's any whitespace or '?'. */ @@ -85,7 +95,7 @@ iptr+=2; if ( encoding == Bencode) base64_to_string(obuf, tbuf); -@@ -495,7 +498,7 @@ +@@ -495,7 +498,7 @@ void header_switch(iptr,fpout) /* void header_switch(iptr0,fpout,name_len) */ void header_switch(iptr,fpout) /* unsigned char **iptr0; */