[pkgsrc/trunk]: pkgsrc/security/cyrus-sasl cyrus-sasl: Fix CVE-2019-19906

[nia <nia%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7ec241fb8238
branches:  trunk
changeset: 431524:7ec241fb8238
user:      nia <nia%pkgsrc.org@localhost>
date:      Thu May 14 14:27:31 2020 +0000

description:
cyrus-sasl: Fix CVE-2019-19906

diffstat:

 security/cyrus-sasl/Makefile                     |   3 ++-
 security/cyrus-sasl/distinfo                     |   3 ++-
 security/cyrus-sasl/patches/patch-CVE-2019-19906 |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diffs (47 lines):

diff -r 04e8a5770781 -r 7ec241fb8238 security/cyrus-sasl/Makefile
--- a/security/cyrus-sasl/Makefile      Thu May 14 14:26:59 2020 +0000
+++ b/security/cyrus-sasl/Makefile      Thu May 14 14:27:31 2020 +0000
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.76 2019/11/04 21:12:52 rillig Exp $
+# $NetBSD: Makefile,v 1.77 2020/05/14 14:27:31 nia Exp $
 
+PKGREVISION=   1
 COMMENT=       Simple Authentication and Security Layer
 
 .include "Makefile.common"
diff -r 04e8a5770781 -r 7ec241fb8238 security/cyrus-sasl/distinfo
--- a/security/cyrus-sasl/distinfo      Thu May 14 14:26:59 2020 +0000
+++ b/security/cyrus-sasl/distinfo      Thu May 14 14:27:31 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.37 2019/07/09 11:55:56 jperkin Exp $
+$NetBSD: distinfo,v 1.38 2020/05/14 14:27:31 nia Exp $
 
 SHA1 (cyrus-sasl-2.1.27-rc7.tar.gz) = d4b72782975be980cc46ac9ccf176b8307bfcf67
 RMD160 (cyrus-sasl-2.1.27-rc7.tar.gz) = 6679c7b887f73da50a314dba97f676848d067684
@@ -8,6 +8,7 @@
 RMD160 (cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2) = c42b1b5c0b6c7322001fd506c44320a7f6eeee80
 SHA512 (cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2) = 
08964bc3ad713e137b8f05f9bac345d79676d14784bc37525f195e8e2a3e6740428237b64f7eeeacc0c71ed6cf1664c6e9c2267ac6df327761d92174a1853744
 Size (cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2) = 3836 bytes
+SHA1 (patch-CVE-2019-19906) = 752de2053696f13de098267f8605b4b7afb24a6c
 SHA1 (patch-common_crypto-compat) = ad8575c62648aba83983172ec8fef08d2c9f537e
 SHA1 (patch-configure) = 1afa4777f2cc2a24bb526fab9fb6d9265677fb9f
 SHA1 (patch-plugins_otp.c) = 1dd8763d5b14c2f2462349ce5f73353ae70313fa
diff -r 04e8a5770781 -r 7ec241fb8238 security/cyrus-sasl/patches/patch-CVE-2019-19906
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/cyrus-sasl/patches/patch-CVE-2019-19906  Thu May 14 14:27:31 2020 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-CVE-2019-19906,v 1.1 2020/05/14 14:27:32 nia Exp $
+
+https://github.com/cyrusimap/cyrus-sasl/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1.patch
+
+--- lib/common.c.orig  2018-01-19 14:13:40.000000000 +0000
++++ lib/common.c
+@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t 
+ 
+   if (add==NULL) add = "(null)";
+ 
+-  addlen=strlen(add); /* only compute once */
++  addlen=strlen(add)+1; /* only compute once */
+   if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
+     return SASL_NOMEM;
+