Fixed buffer overflow in formail

Resolves: CVE-2014-3618

procmail-3.22-CVE-2014-3618.patch

@@ -0,0 +1,18 @@
+diff --git a/src/formisc.c b/src/formisc.c
+index 338733b..c48df52 100644
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -84,12 +84,11 @@ normal:	   *target++= *start++;
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)						/* anything? */
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }

procmail.spec

@@ -8,7 +8,7 @@
 Summary: Mail processing program
 Name: procmail
 Version: 3.22
-Release: 35%{?dist}
+Release: 36%{?dist}
 License: GPLv2+ or Artistic
 Group: Applications/Internet
 # Source: ftp://ftp.procmail.org/pub/procmail/procmail-%{version}.tar.gz
@@ -24,6 +24,7 @@ Patch2: procmail_3.22-8.debian.patch
 Patch4: procmail-3.22-truncate.patch
 Patch5: procmail-3.22-ipv6.patch
 Patch6: procmail-3.22-getline.patch
+Patch7: procmail-3.22-CVE-2014-3618.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -42,6 +43,7 @@ forward certain incoming mail automatically to someone.
 %patch4 -p1 -b .truncate
 %patch5 -p1 -b .ipv6
 %patch6 -p1 -b .getline
+%patch7 -p1 -b .CVE-2014-3618
 
 find examples -type f | xargs chmod 644
 
@@ -77,6 +79,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man[15]/*
 
 %changelog
+* Thu Sep  4 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 3.22-36
+- Fixed buffer overflow in formail
+  Resolves: CVE-2014-3618
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.22-35
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild