diff options
Diffstat (limited to 'mail-filter/opendmarc/files')
8 files changed, 149 insertions, 82 deletions
diff --git a/mail-filter/opendmarc/files/opendmarc-1.3.2-multiple-From.patch b/mail-filter/opendmarc/files/opendmarc-1.3.2-multiple-From.patch deleted file mode 100644 index 28b2f852f39a..000000000000 --- a/mail-filter/opendmarc/files/opendmarc-1.3.2-multiple-From.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f6b615e345037408b88b2ffd1acd03239af8a858 Mon Sep 17 00:00:00 2001 -From: Marcin Seremak <panpilkarz@protonmail.com> -Date: Tue, 30 Jul 2019 08:05:28 +0200 -Subject: [PATCH] Fix multiple addresses in From vulnerability - ---- - libopendmarc/tests/test_finddomain.c | 1 + - opendmarc/opendmarc.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libopendmarc/tests/test_finddomain.c b/libopendmarc/tests/test_finddomain.c -index 50cf405..8447463 100644 ---- a/libopendmarc/tests/test_finddomain.c -+++ b/libopendmarc/tests/test_finddomain.c -@@ -23,6 +23,7 @@ main(int argc, char **argv) - /* 11 */ {"(,) joe@joe.com", "joe.com"}, - /* 12 */ {"\"( bob@bob.com)\" joe@joe.com", "joe.com"}, - /* 12 */ {"From: Davide D'Marco <user@blah.com>", "blah.com"}, -+ /* 13 */ {"blah.com", "blah.com"}, - {NULL, NULL}, - }; - u_char dbuf[256]; -diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c -index 419c15a..9b7fe3a 100644 ---- a/opendmarc/opendmarc.c -+++ b/opendmarc/opendmarc.c -@@ -2193,7 +2193,7 @@ mlfi_eom(SMFICTX *ctx) - strncpy(dfc->mctx_fromdomain, domain, sizeof dfc->mctx_fromdomain - 1); - - ostatus = opendmarc_policy_store_from_domain(cc->cctx_dmarc, -- from->hdr_value); -+ dfc->mctx_fromdomain); - if (ostatus != DMARC_PARSE_OKAY) - { - if (conf->conf_dolog) diff --git a/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch b/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch deleted file mode 100644 index 334c11d5302f..000000000000 --- a/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 50d28af25d8735504b6103537228ce7f76ad765f Mon Sep 17 00:00:00 2001 -From: "Murray S. Kucherawy" <msk@blackops.org> -Date: Wed, 5 Aug 2020 21:56:01 +0000 -Subject: [PATCH] In opendmarc_xml_parse(), ensure NULL-termination of the - buffer passed to opendmarc_xml(). - ---- - libopendmarc/opendmarc_xml.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/libopendmarc/opendmarc_xml.c b/libopendmarc/opendmarc_xml.c -index 26bb9dc..b3ac55a 100644 ---- a/libopendmarc/opendmarc_xml.c -+++ b/libopendmarc/opendmarc_xml.c -@@ -158,7 +158,7 @@ opendmarc_xml(char *b, size_t blen, char *e, size_t elen) - if (*cp != '<') - continue; - ++cp; -- for(sp = cp; *sp != '\0'; ++sp) -+ for (sp = cp; *sp != '\0'; ++sp) - { - if (*sp == '?') - break; -@@ -546,7 +546,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len) - if (fname == NULL) - { - xerror = errno; -- (void) snprintf(err_buf, err_len, "%s: %s", fname, "File name was NULL"); -+ (void) snprintf(err_buf, err_len, "%s", "File name was NULL"); - errno = EINVAL; - return NULL; - } -@@ -572,7 +572,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len) - return NULL; - } - -- bufp = calloc(statb.st_size, 1); -+ bufp = calloc(statb.st_size + 1, 1); - if (bufp == NULL) - { - xerror = errno; diff --git a/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch new file mode 100644 index 000000000000..2bf87ffbde07 --- /dev/null +++ b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch @@ -0,0 +1,87 @@ +From afa44abe68afe5ce29b6418538a60a642f39e459 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch> +Date: Thu, 3 Jun 2021 21:59:55 +0200 +Subject: [PATCH 1/3] Fix multi-value From handling logic + +Fixes #175 +--- + opendmarc/opendmarc.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index 65f6b49..bc38103 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2479,12 +2479,12 @@ mlfi_eom(SMFICTX *ctx) + syslog(LOG_ERR, + "%s: multi-valued From field detected", + dfc->mctx_jobid); +- } + +- if (conf->conf_reject_multi_from) +- return SMFIS_REJECT; +- else +- return SMFIS_ACCEPT; ++ if (conf->conf_reject_multi_from) ++ return SMFIS_REJECT; ++ else ++ return SMFIS_ACCEPT; ++ } + } + + user = users[0]; + +From 4ea4b219c6c93dbfd512b1caa433f5a810fdb436 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch> +Date: Thu, 3 Jun 2021 22:01:34 +0200 +Subject: [PATCH 2/3] Guard syslog call with conf_dolog flag + +--- + opendmarc/opendmarc.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index bc38103..fb3d4b9 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2476,9 +2476,12 @@ mlfi_eom(SMFICTX *ctx) + { + if (strcasecmp(domains[0], domains[c]) != 0) + { +- syslog(LOG_ERR, +- "%s: multi-valued From field detected", +- dfc->mctx_jobid); ++ if (conf->conf_dolog) ++ { ++ syslog(LOG_ERR, ++ "%s: multi-valued From field detected", ++ dfc->mctx_jobid); ++ } + + if (conf->conf_reject_multi_from) + return SMFIS_REJECT; + +From 1245589ad44baadb3eb18ce110932da8c6fe286c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch> +Date: Wed, 9 Jun 2021 19:18:21 +0200 +Subject: [PATCH 3/3] Skip null domains when checking multi-value From header + +--- + opendmarc/opendmarc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index fb3d4b9..ffcbc3f 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2474,7 +2474,9 @@ mlfi_eom(SMFICTX *ctx) + + for (c = 1; users[c] != NULL; c++) + { +- if (strcasecmp(domains[0], domains[c]) != 0) ++ if (domains[0] != NULL ++ && domains[c] != NULL ++ && strcasecmp(domains[0], domains[c]) != 0) + { + if (conf->conf_dolog) + { diff --git a/mail-filter/opendmarc/files/opendmarc-1.4.1.1-arc-seal-crash.patch b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-arc-seal-crash.patch new file mode 100644 index 000000000000..7f96512fe45c --- /dev/null +++ b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-arc-seal-crash.patch @@ -0,0 +1,38 @@ +https://github.com/trusteddomainproject/OpenDMARC/issues/183 +https://bugs.gentoo.org/900521 + +--- a/opendmarc/opendmarc-arcseal.h 2021-04-30 17:34:43.000000000 +0100 ++++ b/opendmarc/opendmarc-arcseal.h 2021-06-25 14:23:01.725593770 +0100 +@@ -32,7 +32,7 @@ + /* max header tag value length (short) */ + #define OPENDMARC_ARCSEAL_MAX_SHORT_VALUE_LEN 256 + /* max header tag value length (long) */ +-#define OPENDMARC_ARCSEAL_MAX_LONG_VALUE_LEN 512 ++#define OPENDMARC_ARCSEAL_MAX_LONG_VALUE_LEN 768 + + /* names and field labels */ + #define OPENDMARC_ARCSEAL_HDRNAME "ARC-Seal" +--- a/opendmarc/opendmarc-arcseal.c 2021-04-30 17:34:43.000000000 +0100 ++++ b/opendmarc/opendmarc-arcseal.c 2021-06-25 14:27:10.689908703 +0100 +@@ -29,7 +29,7 @@ + #include "opendmarc.h" + + #define OPENDMARC_ARCSEAL_MAX_FIELD_NAME_LEN 255 +-#define OPENDMARC_ARCSEAL_MAX_TOKEN_LEN 512 ++#define OPENDMARC_ARCSEAL_MAX_TOKEN_LEN 768 + + /* tables */ + struct opendmarc_arcseal_lookup +@@ -167,7 +167,12 @@ opendmarc_arcseal_parse(u_char *hdr, str + if (*token_ptr == '\0') + return 0; + tag_label = strsep(&token_ptr, "="); ++ if (token_ptr == NULL) ++ return 0; ++ + tag_value = opendmarc_arcseal_strip_whitespace(token_ptr); ++ if (tag_value == NULL) ++ return 0; + + tag_code = opendmarc_arcseal_convert(as_tags, tag_label); + diff --git a/mail-filter/opendmarc/files/opendmarc-1.4.1.1-underlinking.patch b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-underlinking.patch new file mode 100644 index 000000000000..825ee461dfd6 --- /dev/null +++ b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-underlinking.patch @@ -0,0 +1,17 @@ +libopendmarc.so.2.0.3 uses +* __dn_expand +* __dn_skipname +* __res_nquery +which are defined in libresolv in glibc 2.33 and older. + +See: https://bugs.gentoo.org/839951 + +--- a/libopendmarc/Makefile.am ++++ b/libopendmarc/Makefile.am +@@ -15,5 +15,6 @@ + opendmarc_spf_dns.c \ + opendmarc_internal.h + libopendmarc_la_LDFLAGS = -version-info $(LIBOPENDMARC_VERSION_INFO) ++libopendmarc_la_LIBADD = $(LIBRESOLV) + libopendmarc_includedir = $(includedir)/opendmarc + libopendmarc_include_HEADERS = dmarc.h diff --git a/mail-filter/opendmarc/files/opendmarc.confd b/mail-filter/opendmarc/files/opendmarc.confd index ef59affa3f89..722237173ebf 100644 --- a/mail-filter/opendmarc/files/opendmarc.confd +++ b/mail-filter/opendmarc/files/opendmarc.confd @@ -1,3 +1,3 @@ # user/group to run opendmarc daemon as -OPENDMARC_USER=milter -OPENDMARC_GROUP=milter +OPENDMARC_USER=opendmarc +OPENDMARC_GROUP=opendmarc diff --git a/mail-filter/opendmarc/files/opendmarc.initd b/mail-filter/opendmarc/files/opendmarc.initd index 6a8300f145d6..3f55464e11b4 100644 --- a/mail-filter/opendmarc/files/opendmarc.initd +++ b/mail-filter/opendmarc/files/opendmarc.initd @@ -15,8 +15,9 @@ check_cfg() { return 1 fi # create /var/run/opendmarc - mkdir -p /var/run/opendmarc >& /dev/null - chown ${OPENDMARC_USER}:${OPENDMARC_GROUP} /var/run/opendmarc >& /dev/null + mkdir -p /var/run/opendmarc > /dev/null 2>&1 + chown ${OPENDMARC_USER}:${OPENDMARC_GROUP} \ + /var/run/opendmarc > /dev/null 2>&1 PIDFILE=$(sed -ne 's/^[[:space:]]*PidFile[[:space:]]\+//p' "${CONFFILE}") local PIDDIR="${PIDFILE%/*}" if [ ! -d "${PIDDIR}" ] ; then diff --git a/mail-filter/opendmarc/files/opendmarc.service b/mail-filter/opendmarc/files/opendmarc.service index 90ee5ccb4341..b29aa1afafdc 100644 --- a/mail-filter/opendmarc/files/opendmarc.service +++ b/mail-filter/opendmarc/files/opendmarc.service @@ -4,8 +4,8 @@ Documentation=man:opendmarc(8) man:opendmarc.conf(5) man:opendmarc-expire(8) man After=network.target nss-lookup.target syslog.target [Service] -User=milter -Group=milter +User=opendmarc +Group=opendmarc PIDFile=/var/run/opendmarc/opendmarc.pid ExecStartPre=/usr/sbin/opendmarc -c /etc/opendmarc/opendmarc.conf -n ExecStart=/usr/sbin/opendmarc -c /etc/opendmarc/opendmarc.conf -f -P /var/run/opendmarc/opendmarc.pid |