From 4b1875e9066fa8506c7d218b05b939eaa5030d62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Fri, 18 Aug 2017 13:01:51 +0200
Subject: [PATCH] Replaced compile-fix patch by format-security patch from
 Debian not to   change status codes   Resolves: rhbz#1482808

---
 ...h => sendmail-8.15.2-format-security.patch | 71 +++++++++++++------
 sendmail.spec                                 | 13 +++-
 2 files changed, 61 insertions(+), 23 deletions(-)
 rename sendmail-8.15.2-compile-fix.patch => sendmail-8.15.2-format-security.patch (58%)

diff --git a/sendmail-8.15.2-compile-fix.patch b/sendmail-8.15.2-format-security.patch
similarity index 58%
rename from sendmail-8.15.2-compile-fix.patch
rename to sendmail-8.15.2-format-security.patch
index dd994bf..290a4a0 100644
--- a/sendmail-8.15.2-compile-fix.patch
+++ b/sendmail-8.15.2-format-security.patch
@@ -1,5 +1,13 @@
-diff --git a/sendmail/envelope.c b/sendmail/envelope.c
-index bae6b00..beb91a1 100644
+Author: Andreas Beckmann <anbe@debian.org>
+Description: fix FTBFS with -Werror=format-security
+ If a message string from an (untrusted) external source may start with a
+ smtp status code ("123 4.5.6 Foobar"), we cannot sanitize this via
+ ("%s", string) since the status code is expected as part of the format
+ string. Therefore verify that the message string contains no formatting
+ codes before passing it as the format string. Add a dummy argument to
+ suppress the "format not a string literal and no format arguments" error
+ in this case.
+
 --- a/sendmail/envelope.c
 +++ b/sendmail/envelope.c
 @@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split)
@@ -20,11 +28,9 @@ index bae6b00..beb91a1 100644
  				e->e_flags |= EF_WARNING;
  			}
  			if (msg_timeout == MSG_WARN_BY)
-diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c
-index 2adb39c..ba99414 100644
 --- a/sendmail/parseaddr.c
 +++ b/sendmail/parseaddr.c
-@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimptr, e, isrcpt)
+@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimpt
  			msg = "Deferring message until queue run";
  		if (tTd(20, 1))
  			sm_dprintf("parseaddr: queueing message\n");
@@ -33,68 +39,93 @@ index 2adb39c..ba99414 100644
  		if (e->e_message == NULL && e->e_sendmode != SM_DEFER)
  			e->e_message = sm_rpool_strdup_x(e->e_rpool, msg);
  		a->q_state = QS_QUEUEUP;
-diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
-index ba636a8..2821532 100644
 --- a/sendmail/srvrsmtp.c
 +++ b/sendmail/srvrsmtp.c
-@@ -578,13 +578,13 @@ static bool	smtp_data __P((SMTP_T *, ENVELOPE *));
+@@ -122,6 +122,26 @@ extern ENVELOPE	BlankEnvelope;
+ #define SKIP_SPACE(s)	while (isascii(*s) && isspace(*s))	\
+ 				(s)++
+ 
++static inline void
++message1(fmt)
++	char *fmt;
++{
++	if (strchr(fmt, '%') == NULL)
++		message(fmt, NULL);
++	else
++		message("%s", fmt);
++}
++
++static inline void
++usrerr1(fmt)
++	char *fmt;
++{
++	if (strchr(fmt, '%') == NULL)
++		usrerr(fmt, NULL);
++	else
++		usrerr("%s", fmt);
++}
++
+ /*
+ **  PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
+ **
+@@ -578,13 +598,13 @@ static bool	smtp_data __P((SMTP_T *, ENV
  				bool tsave = QuickAbort;		\
  									\
  				QuickAbort = false;			\
 -				usrerr(response);			\
-+				usrerr("%s", response);		\
++				usrerr1(response);			\
  				QuickAbort = tsave;			\
  				e->e_sendqueue = NULL;			\
  				goto doquit;				\
  			}						\
  			else						\
 -				usrerr(response);			\
-+				usrerr("%s", response);			\
++				usrerr1(response);			\
  			break;						\
  									\
  		  case SMFIR_REJECT:					\
-@@ -931,7 +931,7 @@ smtp(nullserver, d_flags, e)
+@@ -931,7 +951,7 @@ smtp(nullserver, d_flags, e)
  	}
  	else if (strncmp(nullserver, "421 ", 4) == 0)
  	{
 -		message(nullserver);
-+		message("%s", nullserver);
++		message1(nullserver);
  		goto doquit;
  	}
  
-@@ -1849,7 +1849,7 @@ smtp(nullserver, d_flags, e)
+@@ -1849,7 +1869,7 @@ smtp(nullserver, d_flags, e)
  				if (nullserver != NULL)
  				{
  					if (ISSMTPREPLY(nullserver))
 -						usrerr(nullserver);
-+						usrerr("%s", nullserver);
++						usrerr1(nullserver);
  					else
  						usrerr("550 5.0.0 %s",
  						       nullserver);
-@@ -2449,7 +2449,7 @@ smtp(nullserver, d_flags, e)
+@@ -2452,7 +2472,7 @@ smtp(nullserver, d_flags, e)
  					tempfail = true;
  					smtp.sm_milterize = false;
  					if (response != NULL)
 -						usrerr(response);
-+						usrerr("%s", response);
++						usrerr1(response);
  					else
  						message("421 4.7.0 %s closing connection",
  							MyHostName);
-@@ -3656,7 +3656,7 @@ smtp_data(smtp, e)
+@@ -3659,7 +3679,7 @@ smtp_data(smtp, e)
  				(void) extenhsc(response + 4, ' ', e->e_enhsc);
  #endif /* _FFR_MILTER_ENHSC */
  
 -			usrerr(response);
-+			usrerr("%s", response);
++			usrerr1(response);
  			if (strncmp(response, "421 ", 4) == 0
  			    || strncmp(response, "421-", 4) == 0)
  			{
-@@ -3776,7 +3776,7 @@ smtp_data(smtp, e)
+@@ -3779,7 +3799,7 @@ smtp_data(smtp, e)
  			if (ISSMTPCODE(response))
  				(void) extenhsc(response + 4, ' ', e->e_enhsc);
  #endif /* _FFR_MILTER_ENHSC */
 -			usrerr(response);
-+			usrerr("%s", response);
++			usrerr1(response);
  			if (strncmp(response, "421 ", 4) == 0
  			    || strncmp(response, "421-", 4) == 0)
  				rv = false;
diff --git a/sendmail.spec b/sendmail.spec
index d4318c2..95f48aa 100644
--- a/sendmail.spec
+++ b/sendmail.spec
@@ -17,7 +17,7 @@
 Summary: A widely used Mail Transport Agent (MTA)
 Name: sendmail
 Version: 8.15.2
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: Sendmail
 Group: System Environment/Daemons
 URL: http://www.sendmail.org/
@@ -87,7 +87,9 @@ Patch26: sendmail-8.15.2-libmilter-socket-activation.patch
 # patch provided by upstream
 Patch27: sendmail-8.15.2-smtp-session-reuse-fix.patch
 Patch28: sendmail-8.15.2-openssl-1.1.0-fix.patch
-Patch29: sendmail-8.15.2-compile-fix.patch
+# patch taken from Debian
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807258
+Patch29: sendmail-8.15.2-format-security.patch
 # rhbz#1473971
 Patch30: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -216,7 +218,7 @@ cp devtools/M4/UNIX/{,shared}library.m4
 %patch26 -p1 -b .libmilter-socket-activation
 %patch27 -p1 -b .smtp-session-reuse-fix
 %patch28 -p1 -b .openssl-1.1.0-fix
-%patch29 -p1 -b .compile-fix
+%patch29 -p1 -b .format-security
 %patch30 -p1 -b .openssl-1.1.0-ecdhe-fix
 
 for f in RELEASE_NOTES contrib/etrn.0; do
@@ -736,6 +738,11 @@ fi
 %endif
 
 %changelog
+* Fri Aug 18 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 8.15.2-19
+- Replaced compile-fix patch by format-security patch from Debian not to
+  change status codes
+  Resolves: rhbz#1482808
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 8.15.2-18
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild