diff --git a/sendmail-8.16.0.29-fix-covscan-issues.patch b/sendmail-8.16.0.29-fix-covscan-issues.patch new file mode 100644 index 0000000..99f7216 --- /dev/null +++ b/sendmail-8.16.0.29-fix-covscan-issues.patch @@ -0,0 +1,149 @@ +diff --git a/include/sm/varargs.h b/include/sm/varargs.h +index 612858d..2609630 100644 +--- a/include/sm/varargs.h ++++ b/include/sm/varargs.h +@@ -32,6 +32,11 @@ + # define SM_VA_COPY(dst, src) __va_copy((dst), (src)) + # else + # define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst))) ++# define SM_VA_END_COPY(ap) do { } while (0) ++# endif ++ ++# ifndef SM_VA_END_COPY ++# define SM_VA_END_COPY(ap) va_end(ap) + # endif + + /* +diff --git a/libsm/vfprintf.c b/libsm/vfprintf.c +index 87c353c..c99d4e5 100644 +--- a/libsm/vfprintf.c ++++ b/libsm/vfprintf.c +@@ -782,6 +782,7 @@ number: if ((dprec = prec) >= 0) + done: + FLUSH(); + error: ++ SM_VA_END_COPY(orgap); + if ((argtable != NULL) && (argtable != statargtable)) + sm_free(argtable); + return sm_error(fp) ? SM_IO_EOF : ret; +diff --git a/sendmail/milter.c b/sendmail/milter.c +index 462efd2..af6dc66 100644 +--- a/sendmail/milter.c ++++ b/sendmail/milter.c +@@ -2437,8 +2437,7 @@ milter_negotiate(m, e, milters) + sm_syslog(LOG_ERR, e->e_id, + "Milter (%s): negotiate: returned %c instead of %c", + m->mf_name, rcmd, SMFIC_OPTNEG); +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + milter_error(m, e); + return -1; + } +@@ -2453,8 +2452,7 @@ milter_negotiate(m, e, milters) + sm_syslog(LOG_ERR, e->e_id, + "Milter (%s): negotiate: did not return valid info", + m->mf_name); +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + milter_error(m, e); + return -1; + } +@@ -2472,8 +2470,7 @@ milter_negotiate(m, e, milters) + sm_syslog(LOG_ERR, e->e_id, + "Milter (%s): negotiate: did not return enough info", + m->mf_name); +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + milter_error(m, e); + return -1; + } +@@ -2589,11 +2586,11 @@ milter_negotiate(m, e, milters) + if (tTd(64, 5)) + sm_dprintf("milter_negotiate(%s): received: version %u, fflags 0x%x, pflags 0x%x\n", + m->mf_name, m->mf_fvers, m->mf_fflags, m->mf_pflags); ++ SM_FREE(response); + return 0; + + error: +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + return -1; + } + +@@ -3230,6 +3227,7 @@ milter_changeheader(m, response, rlen, e) + addheader(newstr(field), mh_value, H_USER, e, + !bitset(SMFIP_HDR_LEADSPC, m->mf_pflags)); + } ++ SM_FREE(mh_value); + return; + } + +@@ -3438,6 +3436,8 @@ milter_chgfrom(response, rlen, e) + { + if (tTd(64, 10)) + sm_dprintf("didn't follow protocol argc=%d\n", argc); ++ if (argv != NULL) ++ free(argv); + return; + } + +@@ -3456,6 +3456,7 @@ milter_chgfrom(response, rlen, e) + mail_esmtp_args); + } + Errors = olderrors; ++ free(argv); + return; + } + +@@ -3503,6 +3504,8 @@ milter_addrcpt_par(response, rlen, e) + { + if (tTd(64, 10)) + sm_dprintf("didn't follow protocol argc=%d\n", argc); ++ if (argv != NULL) ++ free(argv); + return; + } + olderrors = Errors; +@@ -3527,6 +3530,7 @@ milter_addrcpt_par(response, rlen, e) + } + + Errors = olderrors; ++ free(argv); + return; + } + +diff --git a/sendmail/queue.c b/sendmail/queue.c +index 503f296..c9153c8 100644 +--- a/sendmail/queue.c ++++ b/sendmail/queue.c +@@ -8590,6 +8590,7 @@ split_by_recipient(e) + if (split_within_queue(ee) == SM_SPLIT_FAIL) + { + e->e_sibling = firstsibling; ++ SM_FREE(lsplits); + return false; + } + ee->e_flags |= EF_SPLIT; +@@ -8604,8 +8605,7 @@ split_by_recipient(e) + if (p == NULL) + { + /* let's try to get this done */ +- sm_free(lsplits); +- lsplits = NULL; ++ SM_FREE(lsplits); + } + else + lsplits = p; +@@ -8627,7 +8627,7 @@ split_by_recipient(e) + { + sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s", + n - 1, n > 2 ? "s" : "", lsplits); +- sm_free(lsplits); ++ SM_FREE(lsplits); + } + split = split_within_queue(e) != SM_SPLIT_FAIL; + if (split) diff --git a/sendmail.spec b/sendmail.spec index b5d3568..d2f28ca 100644 --- a/sendmail.spec +++ b/sendmail.spec @@ -19,7 +19,7 @@ Summary: A widely used Mail Transport Agent (MTA) Name: sendmail Version: 8.15.2 -Release: 40%{?dist} +Release: 41%{?dist} License: Sendmail URL: http://www.sendmail.org/ @@ -94,6 +94,8 @@ Patch29: sendmail-8.15.2-format-security.patch Patch30: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch # rhbz#1736650 Patch31: sendmail-8.15.2-gethostbyname2.patch +# Upstream patch: +Patch32: sendmail-8.16.0.29-fix-covscan-issues.patch BuildRequires: libdb-devel BuildRequires: libnsl2-devel @@ -205,6 +207,7 @@ cp devtools/M4/UNIX/{,shared}library.m4 %patch29 -p1 -b .format-security %patch30 -p1 -b .openssl-1.1.0-ecdhe-fix %patch31 -p1 -b .gethostbyname2 +%patch32 -p1 -b .fix-covscan-issues for f in RELEASE_NOTES contrib/etrn.0; do iconv -f iso8859-1 -t utf8 -o ${f}{_,} && @@ -707,6 +710,9 @@ exit 0 %changelog +* Mon Nov 04 2019 Ondřej Lysoněk - 8.15.2-41 +- Fix issues discovered by Coverity scan + * Thu Aug 22 2019 Lubomir Rintel - 8.15.2-40 - Move the NetworkManager dispatcher script out of /etc