diff --git a/procmail-3.22-CVE-2014-3618.patch b/procmail-3.22-CVE-2014-3618.patch new file mode 100644 index 0000000..124d1f9 --- /dev/null +++ b/procmail-3.22-CVE-2014-3618.patch @@ -0,0 +1,18 @@ +diff --git a/src/formisc.c b/src/formisc.c +index 338733b..c48df52 100644 +--- a/src/formisc.c ++++ b/src/formisc.c +@@ -84,12 +84,11 @@ normal: *target++= *start++; + case '"':*target++=delim='"';start++; + } + ;{ int i; +- do ++ while(*start) /* anything? */ + if((i= *target++= *start++)==delim) /* corresponding delimiter? */ + break; + else if(i=='\\'&&*start) /* skip quoted character */ + *target++= *start++; +- while(*start); /* anything? */ + } + hitspc=2; + } diff --git a/procmail.spec b/procmail.spec index a3a4f71..493a28f 100644 --- a/procmail.spec +++ b/procmail.spec @@ -8,7 +8,7 @@ Summary: Mail processing program Name: procmail Version: 3.22 -Release: 35%{?dist} +Release: 36%{?dist} License: GPLv2+ or Artistic Group: Applications/Internet # Source: ftp://ftp.procmail.org/pub/procmail/procmail-%{version}.tar.gz @@ -24,6 +24,7 @@ Patch2: procmail_3.22-8.debian.patch Patch4: procmail-3.22-truncate.patch Patch5: procmail-3.22-ipv6.patch Patch6: procmail-3.22-getline.patch +Patch7: procmail-3.22-CVE-2014-3618.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %description @@ -42,6 +43,7 @@ forward certain incoming mail automatically to someone. %patch4 -p1 -b .truncate %patch5 -p1 -b .ipv6 %patch6 -p1 -b .getline +%patch7 -p1 -b .CVE-2014-3618 find examples -type f | xargs chmod 644 @@ -77,6 +79,10 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man[15]/* %changelog +* Thu Sep 4 2014 Jaroslav Škarvada - 3.22-36 +- Fixed buffer overflow in formail + Resolves: CVE-2014-3618 + * Sun Aug 17 2014 Fedora Release Engineering - 3.22-35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild