summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Bauman <bman@gentoo.org>2019-03-23 20:22:31 -0400
committerAaron Bauman <bman@gentoo.org>2019-03-23 20:26:04 -0400
commit31e0e8db9e641bbe158add9c6d4907f2c3eb2d57 (patch)
treeff7e7a962225bfa929a8c06be2ba5974f46fa908 /mail-filter
parentnet-misc/cgminer: Use ${PKG_CONFIG} instead of pkg-config (diff)
downloadgentoo-31e0e8db9e641bbe158add9c6d4907f2c3eb2d57.tar.gz
gentoo-31e0e8db9e641bbe158add9c6d4907f2c3eb2d57.tar.bz2
gentoo-31e0e8db9e641bbe158add9c6d4907f2c3eb2d57.zip
mail-filter/procmail: revbump to fix longstanding vulnerabilities
This patch is a combination of patches from the OSS ML and the Debian bug tracker. Both patches and authors can be found in the below referenced bugs. Bug: https://bugs.gentoo.org/522114 Bug: https://bugs.gentoo.org/638108 Signed-off-by: Aaron Bauman <bman@gentoo.org>
Diffstat (limited to 'mail-filter')
-rw-r--r--mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch25
-rw-r--r--mail-filter/procmail/procmail-3.22-r12.ebuild123
2 files changed, 148 insertions, 0 deletions
diff --git a/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch b/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch
new file mode 100644
index 000000000000..4f1714063c9e
--- /dev/null
+++ b/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch
@@ -0,0 +1,25 @@
+--- a/src/formisc.c 2019-03-23 19:52:18.450174402 -0400
++++ b/src/formisc.c 2019-03-23 19:52:47.914351039 -0400
+@@ -84,12 +84,11 @@
+ case '"':*target++=delim='"';start++;
+ }
+ ;{ int i;
+- do
++ while(*start);
+ if((i= *target++= *start++)==delim) /* corresponding delimiter? */
+ break;
+ else if(i=='\\'&&*start) /* skip quoted character */
+ *target++= *start++;
+- while(*start); /* anything? */
+ }
+ hitspc=2;
+ }
+@@ -104,7 +103,7 @@
+ }
+ /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen) /* buf can't hold the text */
++{ while(buffilled+len>buflen) /* buf can't hold the text */
+ buf=realloc(buf,buflen+=Bsize);
+ tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
diff --git a/mail-filter/procmail/procmail-3.22-r12.ebuild b/mail-filter/procmail/procmail-3.22-r12.ebuild
new file mode 100644
index 000000000000..dc9660af9c14
--- /dev/null
+++ b/mail-filter/procmail/procmail-3.22-r12.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit flag-o-matic toolchain-funcs prefix
+
+DESCRIPTION="Mail delivery agent/filter"
+HOMEPAGE="http://www.procmail.org/"
+SRC_URI="http://www.procmail.org/${P}.tar.gz"
+
+LICENSE="|| ( Artistic GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris"
+IUSE="mbox selinux"
+
+DEPEND="virtual/mta"
+RDEPEND="selinux? ( sec-policy/selinux-procmail )"
+
+src_prepare() {
+ # disable flock, using both fcntl and flock style locking
+ # doesn't work with NFS with 2.6.17+ kernels, bug #156493
+
+ sed -e "s:/\*#define NO_flock_LOCK:#define NO_flock_LOCK:" \
+ -i config.h || die "sed failed"
+
+ if ! use mbox ; then
+ echo "# Use maildir-style mailbox in user's home directory" > "${S}"/procmailrc || die
+ echo 'DEFAULT=$HOME/.maildir/' >> "${S}"/procmailrc || die
+ cd "${S}" || die
+ eapply "${FILESDIR}/gentoo-maildir3.diff"
+ else
+ echo '# Use mbox-style mailbox in /var/spool/mail' > "${S}"/procmailrc || die
+ echo 'DEFAULT=${EPREFIX}/var/spool/mail/$LOGNAME' >> "${S}"/procmailrc || die
+ fi
+
+ # Do not use lazy bindings on lockfile and procmail
+ if [[ ${CHOST} != *-darwin* ]]; then
+ eapply -p0 "${FILESDIR}/${PN}-lazy-bindings.diff"
+ fi
+
+ # Fix for bug #102340
+ eapply -p0 "${FILESDIR}/${PN}-comsat-segfault.diff"
+
+ # Fix for bug #119890
+ eapply -p0 "${FILESDIR}/${PN}-maxprocs-fix.diff"
+
+ # Prefixify config.h
+ eapply -p0 "${FILESDIR}"/${PN}-prefix.patch
+ eprefixify config.h Makefile src/autoconf src/recommend.c
+
+ # Fix for bug #200006
+ eapply "${FILESDIR}/${PN}-pipealloc.diff"
+
+ # Fix for bug #270551
+ eapply "${FILESDIR}/${PN}-3.22-glibc-2.10.patch"
+
+ # Fix security bugs #522114 and #638108
+ eapply "${FILESDIR}/${PN}-CVE-2014-3618-16844.patch"
+
+ eapply_user
+}
+
+src_compile() {
+ # -finline-functions (implied by -O3) leaves strstr() in an infinite loop.
+ # To work around this, we append -fno-inline-functions to CFLAGS
+ # Since GCC 4.7 we also need -fno-ipa-cp-clone (bug #466552)
+ # If it's clang, ignore -fno-ipa-cp-clone, as clang doesn't support this
+ case "$(tc-getCC)" in
+ "clang") append-flags -fno-inline-functions ;;
+ "gcc"|*) append-flags -fno-inline-functions -fno-ipa-cp-clone ;;
+ esac
+
+ sed -e "s:CFLAGS0 = -O:CFLAGS0 = ${CFLAGS}:" \
+ -e "s:LDFLAGS0= -s:LDFLAGS0 = ${LDFLAGS}:" \
+ -e "s:LOCKINGTEST=__defaults__:#LOCKINGTEST=__defaults__:" \
+ -e "s:#LOCKINGTEST=/tmp:LOCKINGTEST=/tmp:" \
+ -i Makefile || die "sed failed"
+
+ emake CC="$(tc-getCC)"
+}
+
+src_install() {
+ cd "${S}"/new || die
+ insinto /usr/bin
+ insopts -m 6755
+ doins procmail
+
+ doins lockfile
+ fowners root:mail /usr/bin/lockfile
+ fperms 2755 /usr/bin/lockfile
+
+ dobin formail mailstat
+ insopts -m 0644
+
+ doman *.1 *.5
+
+ cd "${S}" || die
+ dodoc FAQ FEATURES HISTORY INSTALL KNOWN_BUGS README
+
+ insinto /etc
+ doins procmailrc
+
+ docinto examples
+ dodoc examples/*
+}
+
+pkg_postinst() {
+ if ! use mbox ; then
+ elog "Starting with mail-filter/procmail-3.22-r9 you'll need to ensure"
+ elog "that you configure a mail storage location using DEFAULT in"
+ elog "/etc/procmailrc, for example:"
+ elog "\tDEFAULT=\$HOME/.maildir/"
+ fi
+ if has sfperms ${FEATURES}; then
+ ewarn "FEATURES=sfperms removes the read-bit for others from"
+ ewarn " /usr/bin/procmail"
+ ewarn " /usr/bin/lockfile"
+ ewarn "If you use procmail from an MTA like Exim, you need to"
+ ewarn "re-add the read-bit or avoid the MTA checking the binary"
+ ewarn "exists."
+ fi
+}