+18

pkgs/applications/misc/procmail/CVE-2014-3618.patch

reviewed

··· 1 1 + From http://seclists.org/oss-sec/2014/q3/495 (with whitespace corrected). 2 2 + 3 3 + --- a/src/formisc.c 2013-08-04 00:13:33.000000000 -0700 4 4 + +++ b/src/formisc.c 2014-09-03 11:42:25.986002396 -0700 5 5 + @@ -84,12 +84,11 @@ 6 6 + case '"':*target++=delim='"';start++; 7 7 + } 8 8 + ;{ int i; 9 9 + - do 10 10 + + while(*start) 11 11 + if((i= *target++= *start++)==delim) /* corresponding delimiter? */ 12 12 + break; 13 13 + else if(i=='\\'&&*start) /* skip quoted character */ 14 14 + *target++= *start++; 15 15 + - while(*start); /* anything? */ 16 16 + } 17 17 + hitspc=2; 18 18 + }

+3 -1

pkgs/applications/misc/procmail/default.nix

reviewed

··· 15 15 make DESTDIR=\$out install 16 16 "; 17 17 18 18 - phases = "unpackPhase installPhase"; 18 18 + phases = "unpackPhase patchPhase installPhase"; 19 19 + 20 20 + patches = [ ./CVE-2014-3618.patch ]; 19 21 20 22 src = fetchurl { 21 23 url = ftp://ftp.fu-berlin.de/pub/unix/mail/procmail/procmail-3.22.tar.gz;