Browse code
procmail : Fix CVE-2017-16844
Change-Id: I311797e96ee9d42782033709ee65ca9d37bb4743
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4436
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
xiaolin-vmware authored on 2017/12/06 08:34:38Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,13 @@ |
| 0 |
+diff --git a/src/formisc.c b/src/formisc.c |
|
| 1 |
+index d91b227..6c7594b 100644 |
|
| 2 |
+--- a/src/formisc.c |
|
| 3 |
+@@ -103,7 +103,7 @@ void loadsaved(sp)const struct saved*const sp; /* load some saved text */ |
|
| 4 |
+ } |
|
| 5 |
+ /* append to buf */ |
|
| 6 |
+ void loadbuf(text,len)const char*const text;const size_t len; |
|
| 7 |
+-{ if(buffilled+len>buflen) /* buf can't hold the text */
|
|
| 8 |
++{ while(buffilled+len>buflen) /* buf can't hold the text */
|
|
| 9 |
+ buf=realloc(buf,buflen+=Bsize); |
|
| 10 |
+ tmemmove(buf+buffilled,text,len);buffilled+=len; |
|
| 11 |
+ } |
| ... | ... |
@@ -1,22 +1,25 @@ |
| 1 |
-Summary: Autonomous Mail Processor |
|
| 2 |
-Name: procmail |
|
| 3 |
-Version: 3.22 |
|
| 4 |
-Release: 4%{?dist}
|
|
| 5 |
-License: GPLv2+ |
|
| 6 |
-URL: http://www.procmail.org |
|
| 7 |
-Group: Applications/Internet |
|
| 8 |
-Source0: http://www.ring.gr.jp/archives/net/mail/procmail/%{name}-%{version}.tar.gz
|
|
| 9 |
-%define sha1 procmail=cd4e44c15559816453fd60349e5a32289f6f2965 |
|
| 10 |
-Patch0: procmail-3.22-config.patch |
|
| 11 |
-Patch1: procmail-3.22-CVE-2014-3618.patch |
|
| 12 |
-Vendor: VMware, Inc. |
|
| 13 |
-Distribution: Photon |
|
| 1 |
+Summary: Autonomous Mail Processor |
|
| 2 |
+Name: procmail |
|
| 3 |
+Version: 3.22 |
|
| 4 |
+Release: 5%{?dist}
|
|
| 5 |
+License: GPLv2+ |
|
| 6 |
+URL: http://www.procmail.org |
|
| 7 |
+Group: Applications/Internet |
|
| 8 |
+Source0: http://www.ring.gr.jp/archives/net/mail/procmail/%{name}-%{version}.tar.gz
|
|
| 9 |
+%define sha1 procmail=cd4e44c15559816453fd60349e5a32289f6f2965 |
|
| 10 |
+Patch0: procmail-3.22-config.patch |
|
| 11 |
+Patch1: procmail-3.22-CVE-2014-3618.patch |
|
| 12 |
+#https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=876511;filename=formisc.c.patch.txt;msg=10 |
|
| 13 |
+Patch2: procmail-3.22-CVE-2017-16844.patch |
|
| 14 |
+Vendor: VMware, Inc. |
|
| 15 |
+Distribution: Photon |
|
| 14 | 16 |
%description |
| 15 | 17 |
Procmail is a program for filtering, sorting and storing email. It can be used both on mail clients and mail servers. It can be used to filter out spam, checking for viruses, to send automatic replies, etc. |
| 16 | 18 |
%prep |
| 17 | 19 |
%setup -q |
| 18 | 20 |
%patch0 -p1 |
| 19 | 21 |
%patch1 -p1 |
| 22 |
+%patch2 -p1 |
|
| 20 | 23 |
%build |
| 21 | 24 |
sed -i 's/getline/get_line/' src/*.[ch] |
| 22 | 25 |
|
| ... | ... |
@@ -33,11 +36,13 @@ make BASENAME=%{buildroot}%{_prefix} install-suid
|
| 33 | 33 |
%{_mandir}/man1/*
|
| 34 | 34 |
%{_mandir}/man5/*
|
| 35 | 35 |
%changelog |
| 36 |
-* Tue Apr 25 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.22-4 |
|
| 37 |
-- Ensure non empty debuginfo |
|
| 38 |
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.22-3 |
|
| 39 |
-- GA - Bump release of all rpms |
|
| 40 |
-* Wed Mar 30 2016 Anish Swaminathan <anishs@vmware.com> 3.22-2 |
|
| 41 |
-- Add patch for CVE-2014-3618 |
|
| 42 |
-* Mon Nov 02 2015 Divya Thaluru <dthaluru@vmware.com> 3.22-1 |
|
| 43 |
-- Initial build. First version |
|
| 36 |
+* Tue Dec 05 2017 Xiaolin Li <xiaolinl@vmware.com> 3.22-5 |
|
| 37 |
+- Fix CVE-2017-16844 |
|
| 38 |
+* Tue Apr 25 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.22-4 |
|
| 39 |
+- Ensure non empty debuginfo |
|
| 40 |
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.22-3 |
|
| 41 |
+- GA - Bump release of all rpms |
|
| 42 |
+* Wed Mar 30 2016 Anish Swaminathan <anishs@vmware.com> 3.22-2 |
|
| 43 |
+- Add patch for CVE-2014-3618 |
|
| 44 |
+* Mon Nov 02 2015 Divya Thaluru <dthaluru@vmware.com> 3.22-1 |
|
| 45 |
+- Initial build. First version |