commit: 69c7c3a6972811fa55db4e302dc11fd72dd8eacc Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Thu Sep 10 08:21:06 2020 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Thu Sep 10 08:21:06 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69c7c3a6
mail-filter/opendmarc-1.3.3: version bump for security, bug #734158 Bug: https://bugs.gentoo.org/734158 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> mail-filter/opendmarc/Manifest | 1 + .../files/opendmarc-1.3.3-CVE-2020-12460.patch | 41 ++++++++++++ mail-filter/opendmarc/opendmarc-1.3.3.ebuild | 78 ++++++++++++++++++++++ 3 files changed, 120 insertions(+) diff --git a/mail-filter/opendmarc/Manifest b/mail-filter/opendmarc/Manifest index fab6b479efb..905f6981f43 100644 --- a/mail-filter/opendmarc/Manifest +++ b/mail-filter/opendmarc/Manifest @@ -1 +1,2 @@ DIST opendmarc-1.3.2.tar.gz 593448 BLAKE2B 80f47a82e38c6cdc5791a695485262c50e9363b81537a52d7af204bd6a830df6eea9e9b6f710b72b7934c3ab7df800def7d4b3e54f53b8908a7f1b42bcea2b2d SHA512 6045fb7d2be8f0ffdeca07324857d92908a41c6792749017c2fcc1058f05f55317b1919c67c780827dd7094ec8fff2e1fa4aeb5bab7ff7461537957af2652748 +DIST opendmarc-1.3.3.tar.gz 575319 BLAKE2B 72dae5553fea9a51d860aaac6d85171a245584a74134df2249217a88f3da04c4eb518141f6342e281c6a9186345d69a34b585dc3ed18bdb53313374db505f4f5 SHA512 bb4bf8e3ad2d1732b07e55316819d4fd708e529b54a336d7d00763e13bfc62580bb1b30f132fa786dbca15e526e8dd5e146c7be454e1c42714a9f57126fc5e12 diff --git a/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch b/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch new file mode 100644 index 00000000000..334c11d5302 --- /dev/null +++ b/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch @@ -0,0 +1,41 @@ +From 50d28af25d8735504b6103537228ce7f76ad765f Mon Sep 17 00:00:00 2001 +From: "Murray S. Kucherawy" <m...@blackops.org> +Date: Wed, 5 Aug 2020 21:56:01 +0000 +Subject: [PATCH] In opendmarc_xml_parse(), ensure NULL-termination of the + buffer passed to opendmarc_xml(). + +--- + libopendmarc/opendmarc_xml.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libopendmarc/opendmarc_xml.c b/libopendmarc/opendmarc_xml.c +index 26bb9dc..b3ac55a 100644 +--- a/libopendmarc/opendmarc_xml.c ++++ b/libopendmarc/opendmarc_xml.c +@@ -158,7 +158,7 @@ opendmarc_xml(char *b, size_t blen, char *e, size_t elen) + if (*cp != '<') + continue; + ++cp; +- for(sp = cp; *sp != '\0'; ++sp) ++ for (sp = cp; *sp != '\0'; ++sp) + { + if (*sp == '?') + break; +@@ -546,7 +546,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len) + if (fname == NULL) + { + xerror = errno; +- (void) snprintf(err_buf, err_len, "%s: %s", fname, "File name was NULL"); ++ (void) snprintf(err_buf, err_len, "%s", "File name was NULL"); + errno = EINVAL; + return NULL; + } +@@ -572,7 +572,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len) + return NULL; + } + +- bufp = calloc(statb.st_size, 1); ++ bufp = calloc(statb.st_size + 1, 1); + if (bufp == NULL) + { + xerror = errno; diff --git a/mail-filter/opendmarc/opendmarc-1.3.3.ebuild b/mail-filter/opendmarc/opendmarc-1.3.3.ebuild new file mode 100644 index 00000000000..c572a891d2e --- /dev/null +++ b/mail-filter/opendmarc/opendmarc-1.3.3.ebuild @@ -0,0 +1,78 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools user multilib systemd + +DESCRIPTION="Open source DMARC implementation " +HOMEPAGE="http://www.trusteddomain.org/opendmarc/"; +SRC_URI="https://github.com/trusteddomainproject/OpenDMARC/archive/rel-${PN}-${PV//./-}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="spf +reports static-libs" + +DEPEND="reports? ( dev-perl/DBI ) + || ( mail-filter/libmilter mail-mta/sendmail )" +RDEPEND="${DEPEND} + reports? ( + dev-perl/DBD-mysql + dev-perl/HTTP-Message + dev-perl/Switch + ) + spf? ( mail-filter/libspf2 )" + +PATCHES=( + "${FILESDIR}"/${PN}-1.3.2-multiple-From.patch + "${FILESDIR}"/${PN}-1.3.3-CVE-2020-12460.patch +) + +S=${WORKDIR}/OpenDMARC-rel-${PN}-${PV//./-} + +pkg_setup() { + enewgroup milter + enewuser milter -1 -1 /var/lib/milter milter +} + +src_prepare() { + default + + # fix issue after they removed docs + sed -i -e '/^\s\+docs\/Makefile/d' configure.ac || die + + eautoreconf + if use !reports ; then + sed -i -e '/^SUBDIRS =/s/reports//' Makefile.in || die + fi +} + +src_configure() { + econf \ + $(use_with spf) \ + $(use_with spf spf2-include "${EPREFIX}"/usr/include/spf2) \ + $(use_with spf spf2-lib "${EPREFIX}"/usr/$(get_libdir)) \ + $(use_enable static-libs static) +} + +src_install() { + default + + use static-libs || rm -f "${ED}"/usr/$(get_libdir)/*.la + + newinitd "${FILESDIR}"/opendmarc.initd opendmarc + newconfd "${FILESDIR}"/opendmarc.confd opendmarc + systemd_dounit "${FILESDIR}/${PN}.service" + + dodir /etc/opendmarc + + # create config file + sed \ + -e 's:^# UserID .*$:UserID milter:' \ + -e "s:^# PidFile .*:PidFile ${EPREFIX}/var/run/opendmarc/opendmarc.pid:" \ + -e '/^# Socket /s:^# ::' \ + "${S}"/opendmarc/opendmarc.conf.sample \ + > "${ED}"/etc/opendmarc/opendmarc.conf \ + || die +}
