Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of
service and potential remote execution of arbitrary code).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618

Source:
http://seclists.org/oss-sec/2014/q3/495

Adopted by Debian as patch '27':
https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -84,12 +84,11 @@
 	case '"':*target++=delim='"';start++;
       }
      ;{ int i;
-	do
+	while(*start)
 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
 	      break;
 	   else if(i=='\\'&&*start)		    /* skip quoted character */
 	      *target++= *start++;
-	while(*start);						/* anything? */
       }
      hitspc=2;
    }
ue='koszko' selected='selected'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=9be28375cf6d900e075b470412d629ddbd8710c0'>refs</a><a class='active' href='/guix/log/tests/guix-build.sh'>log</a><a href='/guix/tree/tests/guix-build.sh?id=9be28375cf6d900e075b470412d629ddbd8710c0'>tree</a><a href='/guix/commit/tests/guix-build.sh?id=9be28375cf6d900e075b470412d629ddbd8710c0'>commit</a><a href='/guix/diff/tests/guix-build.sh?id=9be28375cf6d900e075b470412d629ddbd8710c0'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/guix-build.sh'>
<input type='hidden' name='id' value='9be28375cf6d900e075b470412d629ddbd8710c0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=9be28375cf6d900e075b470412d629ddbd8710c0'>root</a>/<a href='/guix/log/tests?id=9be28375cf6d900e075b470412d629ddbd8710c0'>tests</a>/<a href='/guix/log/tests/guix-build.sh?id=9be28375cf6d900e075b470412d629ddbd8710c0'>guix-build.sh</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/guix-build.sh?id=9be28375cf6d900e075b470412d629ddbd8710c0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-04-28 19:50:36 +0200'>2023-04-28</span></td><td><a href='/guix/commit/tests/guix-build.sh?id=5c26e69118128f6ef162cabddfe5726f03abe4ae'>tests: guix-build.sh: Don't use hidden gcc for transformation tests.</a><span class='msg-avail'>...<span class='msg-tooltip'>* tests/guix-build.sh: Do not try to rewrite gcc, it is hidden and so will not
be rewritten, as per eee95b5a879b7096dffd533f24107cf8926b621e.  Instead, try
to build grep with coreutils rewritten to hello.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Josselin Poiret</td></tr>
<tr><td><span title='2023-04-21 16:16:38 +0200'>2023-04-21</span></td><td><a href='/guix/commit/tests/guix-build.sh?id=37dd69b44511dc73eb04bdebe8d82c9a0386338e'>tests: Fix checks for expected failures.</a><span class='msg-avail'>...<span class='msg-tooltip'>Addresses &lt;https://issues.guix.gnu.org/62406&gt;.

With 'set -e', a return status inverted with '!' does not cause the shell to
exit immediately.  Instead use '&amp;&amp; false' to indicate an expected failure.

* tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh,
tests/guix-daemon.sh, tests/guix-download.sh,
tests/guix-environment-container.sh, tests/guix-environment.sh,
tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh,
tests/guix-hash.sh, tests/guix-home.sh, tests/guix-pack-relocatable.sh,
tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh,
tests/guix-package.sh, tests/guix-refresh.sh, tests/guix-shell.sh,
tests/guix-style.sh, tests/guix-system.sh: Replace uses of '! ...' with
'... &amp;&amp; false' or `test ! ...` as appropriate.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Eric Bavier</td></tr>

Age	Commit message (Expand)	Author
2023-04-28	tests: guix-build.sh: Don't use hidden gcc for transformation tests....* tests/guix-build.sh: Do not try to rewrite gcc, it is hidden and so will not be rewritten, as per eee95b5a879b7096dffd533f24107cf8926b621e. Instead, try to build grep with coreutils rewritten to hello. Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Josselin Poiret
2023-04-21	tests: Fix checks for expected failures....Addresses <https://issues.guix.gnu.org/62406>. With 'set -e', a return status inverted with '!' does not cause the shell to exit immediately. Instead use '&& false' to indicate an expected failure. * tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh, tests/guix-daemon.sh, tests/guix-download.sh, tests/guix-environment-container.sh, tests/guix-environment.sh, tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh, tests/guix-hash.sh, tests/guix-home.sh, tests/guix-pack-relocatable.sh, tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh, tests/guix-package.sh, tests/guix-refresh.sh, tests/guix-shell.sh, tests/guix-style.sh, tests/guix-system.sh: Replace uses of '! ...' with '... && false' or `test ! ...` as appropriate. Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Eric Bavier