Update fetchmail to 6.3.21_1, fixing CVE-2012-3482.

Adjust VuXML database entry from < 6.3.22 to < 6.3.21_1.

PR:		ports/170613
Approved by:	maintainer timeout (14 days)
Security:	http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html
Security:	CVE-2012-3482

3 files changed, 56 insertions, 1 deletions

diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile
index c829d74cd083..371fbc9b6b47 100644
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@@ -12,6 +12,7 @@
 
 PORTNAME=	fetchmail
 PORTVERSION=	6.3.21
+PORTREVISION=	1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	BERLIOS/${PORTNAME}/ \
 		SF/${PORTNAME}/branch_6.3/ \
diff --git a/mail/fetchmail/files/patch-CVE-2012-3482 b/mail/fetchmail/files/patch-CVE-2012-3482
new file mode 100644
index 000000000000..64e4588effe1
--- /dev/null
+++ b/mail/fetchmail/files/patch-CVE-2012-3482
@@ -0,0 +1,53 @@
+diff --git a/ntlm.h b/ntlm.h
+index 1469633..ad83520 100644
+--- a/ntlm.h
++++ b/ntlm.h
+@@ -32,8 +32,8 @@ uint32        msgType;
+ tSmbStrHeader    uDomain;
+ uint32        flags;
+ uint8         challengeData[8];
+-uint8         reserved[8];
+-tSmbStrHeader    emptyString;
++uint32        context[2];
++tSmbStrHeader    targetInfo;
+ uint8         buffer[1024];
+ uint32        bufIndex;
+ }tSmbNtlmAuthChallenge;
+diff --git a/ntlmsubr.c b/ntlmsubr.c
+index f9d2733..63cbed8 100644
+--- a/ntlmsubr.c
++++ b/ntlmsubr.c
+@@ -55,7 +55,32 @@ int ntlm_helper(int sock, struct query *ctl, const char *proto)
+     if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ 	goto cancelfail;
+ 
+-    (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
++    if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0
++	    || result < ((void *)&challenge.context - (void *)&challenge))
++    {
++	report (stderr, GT_("could not decode BASE64 challenge\n"));
++	/* We do not goto cancelfail; the server has already sent the
++	 * tagged reply, so the protocol exchange has ended, no need
++	 * for us to send the asterisk. */
++	return PS_AUTHFAIL;
++    }
++
++    /* validate challenge:
++     * - ident
++     * - message type
++     * - that offset points into buffer
++     * - that offset + length does not wrap
++     * - that offset + length is not bigger than buffer */
++    if (0 != memcmp("NTLMSSP", challenge.ident, 8)
++	    || challenge.msgType != 2
++	    || challenge.uDomain.offset > result
++	    || challenge.uDomain.offset + challenge.uDomain.len < challenge.uDomain.offset
++	    || challenge.uDomain.offset + challenge.uDomain.len > result)
++    {
++	report (stderr, GT_("NTLM challenge contains invalid data.\n"));
++	result = PS_AUTHFAIL;
++	goto cancelfail;
++    }
+ 
+     if (outlevel >= O_DEBUG)
+ 	dumpSmbNtlmAuthChallenge(stdout, &challenge);
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index a4095e0a2e56..07759c986cd3 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -611,7 +611,7 @@ Note:  Please add new entries to the beginning of this file.
     <affects>
       <package>
 	<name>fetchmail</name>
-	<range><ge>5.0.8</ge><lt>6.3.22</lt></range>
+	<range><ge>5.0.8</ge><lt>6.3.21_1</lt></range>
       </package>
     </affects>
     <description>
@@ -634,6 +634,7 @@ Note:  Please add new entries to the beginning of this file.
     <dates>
       <discovery>2012-08-12</discovery>
       <entry>2012-08-14</entry>
+      <modified>2012-08-27</modified>
     </dates>
   </vuln>