- Security fix: potential crash in -v -v verbose mode.

- Bump port revision

PR:		ports/124718
Submitted by:	Matthias Andree <matthias.andree@gmx.de>
Security:	http://www.vuxml.org/freebsd/168190df-3e9a-11dd-87bc-000ea69a5213.html
Security:	CVE-2008-2711

2 files changed, 32 insertions, 1 deletions

diff --git a/mail/fetchmail/Makefile b/mail/fetchmail/Makefile
index 9a5955493320..5c5bf8667d46 100644
--- a/mail/fetchmail/Makefile
+++ b/mail/fetchmail/Makefile
@@ -11,7 +11,7 @@
 
 PORTNAME=	fetchmail
 PORTVERSION=	6.3.8
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	mail ipv6
 MASTER_SITES=	${MASTER_SITE_BERLIOS} \
 		${MASTER_SITE_SUNSITE:S/$/:sunsite/}\
diff --git a/mail/fetchmail/files/patch-CVE-2008-2711 b/mail/fetchmail/files/patch-CVE-2008-2711
new file mode 100644
index 000000000000..a8514ac2ff47
--- /dev/null
+++ b/mail/fetchmail/files/patch-CVE-2008-2711
@@ -0,0 +1,31 @@
+diff --git a/report.c b/report.c
+index 31d4e48..2a731ac 100644
+--- ./report.c~
++++ ./report.c
+@@ -238,11 +238,17 @@ report_build (FILE *errfp, message, va_alist)
+     rep_ensuresize();
+
+ #if defined(VA_START)
+-    VA_START (args, message);
+     for ( ; ; )
+     {
++	/*
++	 * args has to be initialized before every call of vsnprintf(),
++	 * because vsnprintf() invokes va_arg macro and thus args is
++	 * undefined after the call.
++	 */
++	VA_START(args, message);
+ 	n = vsnprintf (partial_message + partial_message_size_used, partial_message_size - partial_message_size_used,
+ 		       message, args);
++	va_end (args);
+
+ 	if (n >= 0
+ 	    && (unsigned)n < partial_message_size - partial_message_size_used)
+@@ -254,7 +260,6 @@ report_build (FILE *errfp, message, va_alist)
+ 	partial_message_size += 2048;
+ 	partial_message = REALLOC (partial_message, partial_message_size);
+     }
+-    va_end (args);
+ #else
+     for ( ; ; )
+     {