commit: 5cdf10e604f2bfdd5663aa2e23c55dce8cf44321 Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Sun Aug 8 06:54:58 2021 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Sun Aug 8 06:55:11 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5cdf10e6
mail-filter/opendmarc-1.4.1.1-r2: bump for CVE-2021-34555 Bug: https://bugs.gentoo.org/797214 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> .../files/opendmarc-1.4.1.1-CVE-2021-34555.patch | 87 ++++++++++++++++++++++ mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild | 70 +++++++++++++++++ 2 files changed, 157 insertions(+) diff --git a/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch new file mode 100644 index 00000000000..2bf87ffbde0 --- /dev/null +++ b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch @@ -0,0 +1,87 @@ +From afa44abe68afe5ce29b6418538a60a642f39e459 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuer...@gluet.ch> +Date: Thu, 3 Jun 2021 21:59:55 +0200 +Subject: [PATCH 1/3] Fix multi-value From handling logic + +Fixes #175 +--- + opendmarc/opendmarc.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index 65f6b49..bc38103 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2479,12 +2479,12 @@ mlfi_eom(SMFICTX *ctx) + syslog(LOG_ERR, + "%s: multi-valued From field detected", + dfc->mctx_jobid); +- } + +- if (conf->conf_reject_multi_from) +- return SMFIS_REJECT; +- else +- return SMFIS_ACCEPT; ++ if (conf->conf_reject_multi_from) ++ return SMFIS_REJECT; ++ else ++ return SMFIS_ACCEPT; ++ } + } + + user = users[0]; + +From 4ea4b219c6c93dbfd512b1caa433f5a810fdb436 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuer...@gluet.ch> +Date: Thu, 3 Jun 2021 22:01:34 +0200 +Subject: [PATCH 2/3] Guard syslog call with conf_dolog flag + +--- + opendmarc/opendmarc.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index bc38103..fb3d4b9 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2476,9 +2476,12 @@ mlfi_eom(SMFICTX *ctx) + { + if (strcasecmp(domains[0], domains[c]) != 0) + { +- syslog(LOG_ERR, +- "%s: multi-valued From field detected", +- dfc->mctx_jobid); ++ if (conf->conf_dolog) ++ { ++ syslog(LOG_ERR, ++ "%s: multi-valued From field detected", ++ dfc->mctx_jobid); ++ } + + if (conf->conf_reject_multi_from) + return SMFIS_REJECT; + +From 1245589ad44baadb3eb18ce110932da8c6fe286c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuer...@gluet.ch> +Date: Wed, 9 Jun 2021 19:18:21 +0200 +Subject: [PATCH 3/3] Skip null domains when checking multi-value From header + +--- + opendmarc/opendmarc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index fb3d4b9..ffcbc3f 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2474,7 +2474,9 @@ mlfi_eom(SMFICTX *ctx) + + for (c = 1; users[c] != NULL; c++) + { +- if (strcasecmp(domains[0], domains[c]) != 0) ++ if (domains[0] != NULL ++ && domains[c] != NULL ++ && strcasecmp(domains[0], domains[c]) != 0) + { + if (conf->conf_dolog) + { diff --git a/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild b/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild new file mode 100644 index 00000000000..349716a8d7a --- /dev/null +++ b/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools multilib systemd + +DESCRIPTION="Open source DMARC implementation" +HOMEPAGE="http://www.trusteddomain.org/opendmarc/"; +SRC_URI="https://github.com/trusteddomainproject/OpenDMARC/archive/rel-${PN}-${PV//./-}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/3" # 1.4 has API breakage with 1.3, yet uses same soname +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="spf +reports static-libs" + +DEPEND="reports? ( dev-perl/DBI ) + || ( mail-filter/libmilter mail-mta/sendmail )" +RDEPEND="${DEPEND} + acct-user/opendmarc + reports? ( + dev-perl/DBD-mysql + dev-perl/HTTP-Message + dev-perl/Switch + ) + spf? ( mail-filter/libspf2 )" + +S=${WORKDIR}/OpenDMARC-rel-${PN}-${PV//./-} + +PATCHES=( + "${FILESDIR}"/${PN}-1.4.1.1-CVE-2021-34555.patch +) + +src_prepare() { + default + + eautoreconf + if use !reports ; then + sed -i -e '/^SUBDIRS =/s/reports//' Makefile.in || die + fi +} + +src_configure() { + econf \ + $(use_with spf) \ + $(use_with spf spf2-include "${EPREFIX}"/usr/include/spf2) \ + $(use_with spf spf2-lib "${EPREFIX}"/usr/$(get_libdir)) \ + $(use_enable static-libs static) +} + +src_install() { + default + + use static-libs || rm -f "${ED}"/usr/$(get_libdir)/*.la + + newinitd "${FILESDIR}"/opendmarc.initd opendmarc + newconfd "${FILESDIR}"/opendmarc.confd opendmarc + systemd_dounit "${FILESDIR}/${PN}.service" + + dodir /etc/opendmarc + + # create config file + sed \ + -e 's:^# UserID .*$:UserID opendmarc:' \ + -e "s:^# PidFile .*:PidFile ${EPREFIX}/var/run/opendmarc/opendmarc.pid:" \ + -e '/^# Socket /s:^# ::' \ + "${S}"/opendmarc/opendmarc.conf.sample \ + > "${ED}"/etc/opendmarc/opendmarc.conf \ + || die +}
