Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opendkim for openSUSE:Factory checked in at 2021-10-15 23:03:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opendkim (Old) and /work/SRC/openSUSE:Factory/.opendkim.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opendkim" Fri Oct 15 23:03:53 2021 rev:6 rq:925247 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/opendkim/opendkim.changes 2021-07-07 18:31:57.618293824 +0200 +++ /work/SRC/openSUSE:Factory/.opendkim.new.1890/opendkim.changes 2021-10-15 23:04:16.146110532 +0200 @@ -1,0 +2,10 @@ +Thu Oct 14 11:22:08 UTC 2021 - Togan Muftuoglu <tog...@opensuse.org> + +- Add cve-2020-12272.patch (CVE-2020-12272) + * Confirm that the value of "d=" is properly formed, fixed + upstream in commit 14d54524e0a97d3fe9b80441907d7e356c9ded04 +- Add unbound-fix.patch + * Plug memory leak in Unbound callback + https://github.com/trusteddomainproject/OpenDKIM/pull/57 + +------------------------------------------------------------------- New: ---- cve-2020-12272.patch unbound-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opendkim.spec ++++++ --- /var/tmp/diff_new_pack.q3H3FM/_old 2021-10-15 23:04:16.710110934 +0200 +++ /var/tmp/diff_new_pack.q3H3FM/_new 2021-10-15 23:04:16.714110936 +0200 @@ -50,6 +50,10 @@ Patch0: opendkim-2.9.2_compiler_warnings.patch # PATCH-FIX-OPENSUSE set default values in installed configuration file Patch1: %{name}-default_config.patch +# PATCH-FIX-UPSTREAM LIBOPENDKIM: Confirm that the value of "d=" is properly formed. +Patch2: cve-2020-12272.patch +# PATCH-FIX-UPSTREAM Plug memory leak in Unbound callback function https://github.com/trusteddomainproject/OpenDKIM/pull/57/commits/0010ca7150b09c3c259c17bdd9431a8bfe39e299 +Patch3: unbound-fix.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: curl-devel @@ -151,7 +155,9 @@ performs REPUTE queries for spammy domains. + # Maybe change name (there is already an other libut...) + %package -n libut%{sover_ut} Summary: Library for assisting in URI construction from templates License: BSD-3-Clause @@ -208,6 +214,8 @@ %setup -q -n %{upname}-%{full_version} %patch0 -p1 %patch1 +%patch2 -p1 +%patch3 -p0 %build autoreconf -iv ++++++ cve-2020-12272.patch ++++++ Description: LIBOPENDKIM: Confirm that the value of "d=" is properly formed. Author: Murray S. Kucherawy <m...@trusteddomain.org> Origin: upstream, https://github.com/trusteddomainproject/OpenDKIM/commit/14d54524e0a97d3fe9b80441907d7e356c9ded04 --- a/libopendkim/dkim.c +++ b/libopendkim/dkim.c @@ -775,6 +775,25 @@ return DKIM_STAT_SYNTAX; } + /* confirm the "d=" domain name is well formed */ + value = dkim_param_get(set, (u_char *) "d"); + for (p = value; *p != '\0'; p++) + { + if (!(isalpha(*p) || + isdigit(*p) || + *p == '-' || + *p == '_' || + *p == '.')) + { + dkim_error(dkim, "malformed \"d=\" tag value"); + if (syntax) + dkim_set_free(dkim, set); + else + set->set_bad = TRUE; + return DKIM_STAT_SYNTAX; + } + } + #ifdef _FFR_CONDITIONAL /* confirm we have the right signature version */ if (set->set_minv > 1) ++++++ unbound-fix.patch ++++++ --- opendkim/opendkim-dns.c | 1 + 1 file changed, 1 insertion(+) --- opendkim/opendkim-dns.c.orig +++ opendkim/opendkim-dns.c @@ -199,6 +199,7 @@ dkimf_unbound_cb(void *mydata, int err, { /* result was bogus */ ubdata->ubd_result = DKIM_DNSSEC_BOGUS; + ub_resolve_free(result); return; } else