summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2019-03-30 18:02:56 +0100
committerThomas Deutschmann <whissi@gentoo.org>2019-03-30 18:02:56 +0100
commitff36e4f6862f3949e3bfedd7bb352cd9d0602ffe (patch)
treec970132fdffa4bdfd24bc45391d3d6f777e4f04c /mail-filter/procmail
parentdev-util/gnome-builder-3.24: json-glib[introspection] is required for build (diff)
downloadgentoo-ff36e4f6862f3949e3bfedd7bb352cd9d0602ffe.tar.gz
gentoo-ff36e4f6862f3949e3bfedd7bb352cd9d0602ffe.tar.bz2
gentoo-ff36e4f6862f3949e3bfedd7bb352cd9d0602ffe.zip
mail-filter/procmail: replace patch for CVE-2014-3618
Fixes an infinite loop. Bug: https://bugs.gentoo.org/638108 Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'mail-filter/procmail')
-rw-r--r--mail-filter/procmail/files/procmail-3.22-CVE-2014-3618.patch18
-rw-r--r--mail-filter/procmail/files/procmail-3.22-CVE-2017-16844.patch13
-rw-r--r--mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch25
-rw-r--r--mail-filter/procmail/procmail-3.22-r14.ebuild (renamed from mail-filter/procmail/procmail-3.22-r13.ebuild)3
4 files changed, 33 insertions, 26 deletions
diff --git a/mail-filter/procmail/files/procmail-3.22-CVE-2014-3618.patch b/mail-filter/procmail/files/procmail-3.22-CVE-2014-3618.patch
new file mode 100644
index 00000000000..124d1f99685
--- /dev/null
+++ b/mail-filter/procmail/files/procmail-3.22-CVE-2014-3618.patch
@@ -0,0 +1,18 @@
+diff --git a/src/formisc.c b/src/formisc.c
+index 338733b..c48df52 100644
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -84,12 +84,11 @@ normal: *target++= *start++;
+ case '"':*target++=delim='"';start++;
+ }
+ ;{ int i;
+- do
++ while(*start) /* anything? */
+ if((i= *target++= *start++)==delim) /* corresponding delimiter? */
+ break;
+ else if(i=='\\'&&*start) /* skip quoted character */
+ *target++= *start++;
+- while(*start); /* anything? */
+ }
+ hitspc=2;
+ }
diff --git a/mail-filter/procmail/files/procmail-3.22-CVE-2017-16844.patch b/mail-filter/procmail/files/procmail-3.22-CVE-2017-16844.patch
new file mode 100644
index 00000000000..5e610d723da
--- /dev/null
+++ b/mail-filter/procmail/files/procmail-3.22-CVE-2017-16844.patch
@@ -0,0 +1,13 @@
+diff --git a/src/formisc.c b/src/formisc.c
+index 5c2869d..54fd013 100644
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -103,7 +103,7 @@ void loadsaved(sp)const struct saved*const sp; /* load some saved text */
+ }
+ /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen) /* buf can't hold the text */
++{ while(buffilled+len>buflen) /* buf can't hold the text */
+ buf=realloc(buf,buflen+=Bsize);
+ tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
diff --git a/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch b/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch
deleted file mode 100644
index 4f1714063c9..00000000000
--- a/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- a/src/formisc.c 2019-03-23 19:52:18.450174402 -0400
-+++ b/src/formisc.c 2019-03-23 19:52:47.914351039 -0400
-@@ -84,12 +84,11 @@
- case '"':*target++=delim='"';start++;
- }
- ;{ int i;
-- do
-+ while(*start);
- if((i= *target++= *start++)==delim) /* corresponding delimiter? */
- break;
- else if(i=='\\'&&*start) /* skip quoted character */
- *target++= *start++;
-- while(*start); /* anything? */
- }
- hitspc=2;
- }
-@@ -104,7 +103,7 @@
- }
- /* append to buf */
- void loadbuf(text,len)const char*const text;const size_t len;
--{ if(buffilled+len>buflen) /* buf can't hold the text */
-+{ while(buffilled+len>buflen) /* buf can't hold the text */
- buf=realloc(buf,buflen+=Bsize);
- tmemmove(buf+buffilled,text,len);buffilled+=len;
- }
diff --git a/mail-filter/procmail/procmail-3.22-r13.ebuild b/mail-filter/procmail/procmail-3.22-r14.ebuild
index 9534c350bf8..d99a4ffde72 100644
--- a/mail-filter/procmail/procmail-3.22-r13.ebuild
+++ b/mail-filter/procmail/procmail-3.22-r14.ebuild
@@ -56,7 +56,8 @@ src_prepare() {
eapply "${FILESDIR}/${PN}-3.22-glibc-2.10.patch"
# Fix security bugs #522114 and #638108
- eapply "${FILESDIR}/${PN}-CVE-2014-3618-16844.patch"
+ eapply "${FILESDIR}/${PN}-3.22-CVE-2014-3618.patch"
+ eapply "${FILESDIR}/${PN}-3.22-CVE-2017-16844.patch"
eapply "${FILESDIR}/${PN}-3.22-crash-fix.patch"