diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2019-03-28 01:44:20 +0100 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2019-03-28 01:44:20 +0100 |
commit | 038c9f3140b69054f3de9cb4f1a6ccf292510952 (patch) | |
tree | cf9fd79df2ca1eea36bd7104c970dfc09403157f /mail-filter | |
parent | sys-devel/patch: add patches for CVE-2018-{6951,6952}, CVE-2018-1000156 (diff) | |
download | gentoo-038c9f3140b69054f3de9cb4f1a6ccf292510952.tar.gz gentoo-038c9f3140b69054f3de9cb4f1a6ccf292510952.tar.bz2 gentoo-038c9f3140b69054f3de9cb4f1a6ccf292510952.zip |
mail-filter/procmail: re-add security fix with crash fix
Bug: https://bugs.gentoo.org/638108
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'mail-filter')
-rw-r--r-- | mail-filter/procmail/files/procmail-3.22-crash-fix.patch | 58 | ||||
-rw-r--r-- | mail-filter/procmail/procmail-3.22-r13.ebuild | 125 |
2 files changed, 183 insertions, 0 deletions
diff --git a/mail-filter/procmail/files/procmail-3.22-crash-fix.patch b/mail-filter/procmail/files/procmail-3.22-crash-fix.patch new file mode 100644 index 000000000000..8563ea3d1d4c --- /dev/null +++ b/mail-filter/procmail/files/procmail-3.22-crash-fix.patch @@ -0,0 +1,58 @@ +diff --git a/src/cstdio.c b/src/cstdio.c +index 7b6fe6d..0a0bd5b 100644 +--- a/src/cstdio.c ++++ b/src/cstdio.c +@@ -144,7 +144,7 @@ int getbl(p,end)char*p,*end; /* my gets */ + { case '\n':case EOF:*q='\0'; + return overflow?-1:p!=q; /* did we read anything at all? */ + } +- if(q==end) /* check here so that a trailing backslash won't be lost */ ++ if(q>=end) /* check here so that a trailing backslash won't be lost */ + q=p,overflow=1; + *q++=i; + } +@@ -199,7 +199,7 @@ int getlline(target,end)char*target,*end; + if(*(target=strchr(target,'\0')-1)=='\\') + { if(chp2!=target) /* non-empty line? */ + target++; /* then preserve the backslash */ +- if(target>end-2) /* space enough for getbl? */ ++ if(target>=end-2) /* space enough for getbl? */ + target=end-linebuf,overflow=1; /* toss what we have */ + continue; + } +diff --git a/src/formail.c b/src/formail.c +index 1f5c9dd..49b9967 100644 +--- a/src/formail.c ++++ b/src/formail.c +@@ -219,7 +219,8 @@ static char*getsender(namep,fldp,headreply)char*namep;struct field*fldp; + if(i>=0&&(i!=maxindex(sest)||fldp==rdheader)) /* found anything? */ + { char*saddr;char*tmp; /* determine the weight */ + nowm=areply&&headreply?headreply==1?sest[i].wrepl:sest[i].wrrepl:i;chp+=j; +- tmp=malloc(j=fldp->Tot_len-j);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0'; ++ tmp=malloc((j=fldp->Tot_len-j) + 1);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0'; ++ chp[j]='\0'; + if(sest[i].head==From_) + { char*pastad; + if(strchr(saddr=chp,'\n')) /* multiple From_ lines */ +@@ -364,7 +365,7 @@ static PROGID; + + int main(lastm,argv)int lastm;const char*const argv[]; + { int i,split=0,force=0,bogus=1,every=0,headreply=0,digest=0,nowait=0,keepb=0, +- minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart, ++ minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart=0, + berkeley=0,forgetclen; + long maxlen,ctlength;FILE*idcache=0;pid_t thepid; + size_t j,lnl,escaplen;char*chp,*namep,*escap=ESCAP; +diff --git a/src/formisc.c b/src/formisc.c +index c48df52..5c2869d 100644 +--- a/src/formisc.c ++++ b/src/formisc.c +@@ -66,7 +66,7 @@ inc: start++; + retz: *target='\0'; + ret: return start; + } +- if(*start=='\\') ++ if(*start=='\\' && *(start + 1)) + *target++='\\',start++; + hitspc=2; + goto normal; /* normal word */ diff --git a/mail-filter/procmail/procmail-3.22-r13.ebuild b/mail-filter/procmail/procmail-3.22-r13.ebuild new file mode 100644 index 000000000000..9597d1ca647a --- /dev/null +++ b/mail-filter/procmail/procmail-3.22-r13.ebuild @@ -0,0 +1,125 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit flag-o-matic toolchain-funcs prefix + +DESCRIPTION="Mail delivery agent/filter" +HOMEPAGE="http://www.procmail.org/" +SRC_URI="http://www.procmail.org/${P}.tar.gz" + +LICENSE="|| ( Artistic GPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris" +IUSE="mbox selinux" + +DEPEND="virtual/mta" +RDEPEND="selinux? ( sec-policy/selinux-procmail )" + +src_prepare() { + # disable flock, using both fcntl and flock style locking + # doesn't work with NFS with 2.6.17+ kernels, bug #156493 + + sed -e "s:/\*#define NO_flock_LOCK:#define NO_flock_LOCK:" \ + -i config.h || die "sed failed" + + if ! use mbox ; then + echo "# Use maildir-style mailbox in user's home directory" > "${S}"/procmailrc || die + echo 'DEFAULT=$HOME/.maildir/' >> "${S}"/procmailrc || die + cd "${S}" || die + eapply "${FILESDIR}/gentoo-maildir3.diff" + else + echo '# Use mbox-style mailbox in /var/spool/mail' > "${S}"/procmailrc || die + echo 'DEFAULT=${EPREFIX}/var/spool/mail/$LOGNAME' >> "${S}"/procmailrc || die + fi + + # Do not use lazy bindings on lockfile and procmail + if [[ ${CHOST} != *-darwin* ]]; then + eapply -p0 "${FILESDIR}/${PN}-lazy-bindings.diff" + fi + + # Fix for bug #102340 + eapply -p0 "${FILESDIR}/${PN}-comsat-segfault.diff" + + # Fix for bug #119890 + eapply -p0 "${FILESDIR}/${PN}-maxprocs-fix.diff" + + # Prefixify config.h + eapply -p0 "${FILESDIR}"/${PN}-prefix.patch + eprefixify config.h Makefile src/autoconf src/recommend.c + + # Fix for bug #200006 + eapply "${FILESDIR}/${PN}-pipealloc.diff" + + # Fix for bug #270551 + eapply "${FILESDIR}/${PN}-3.22-glibc-2.10.patch" + + # Fix security bugs #522114 and #638108 + eapply "${FILESDIR}/${PN}-CVE-2014-3618-16844.patch" + + eapply "${FILESDIR}/${PN}-3.22-crash-fix.patch" + + eapply_user +} + +src_compile() { + # -finline-functions (implied by -O3) leaves strstr() in an infinite loop. + # To work around this, we append -fno-inline-functions to CFLAGS + # Since GCC 4.7 we also need -fno-ipa-cp-clone (bug #466552) + # If it's clang, ignore -fno-ipa-cp-clone, as clang doesn't support this + case "$(tc-getCC)" in + "clang") append-flags -fno-inline-functions ;; + "gcc"|*) append-flags -fno-inline-functions -fno-ipa-cp-clone ;; + esac + + sed -e "s:CFLAGS0 = -O:CFLAGS0 = ${CFLAGS}:" \ + -e "s:LDFLAGS0= -s:LDFLAGS0 = ${LDFLAGS}:" \ + -e "s:LOCKINGTEST=__defaults__:#LOCKINGTEST=__defaults__:" \ + -e "s:#LOCKINGTEST=/tmp:LOCKINGTEST=/tmp:" \ + -i Makefile || die "sed failed" + + emake CC="$(tc-getCC)" +} + +src_install() { + cd "${S}"/new || die + insinto /usr/bin + insopts -m 6755 + doins procmail + + doins lockfile + fowners root:mail /usr/bin/lockfile + fperms 2755 /usr/bin/lockfile + + dobin formail mailstat + insopts -m 0644 + + doman *.1 *.5 + + cd "${S}" || die + dodoc FAQ FEATURES HISTORY INSTALL KNOWN_BUGS README + + insinto /etc + doins procmailrc + + docinto examples + dodoc examples/* +} + +pkg_postinst() { + if ! use mbox ; then + elog "Starting with mail-filter/procmail-3.22-r9 you'll need to ensure" + elog "that you configure a mail storage location using DEFAULT in" + elog "/etc/procmailrc, for example:" + elog "\tDEFAULT=\$HOME/.maildir/" + fi + if has sfperms ${FEATURES}; then + ewarn "FEATURES=sfperms removes the read-bit for others from" + ewarn " /usr/bin/procmail" + ewarn " /usr/bin/lockfile" + ewarn "If you use procmail from an MTA like Exim, you need to" + ewarn "re-add the read-bit or avoid the MTA checking the binary" + ewarn "exists." + fi +} |