Hello community, here is the log from the commit of package procmail for openSUSE:Factory checked in at 2014-10-14 07:12:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/procmail (Old) and /work/SRC/openSUSE:Factory/.procmail.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "procmail" Changes: -------- --- /work/SRC/openSUSE:Factory/procmail/procmail.changes 2013-04-18 15:00:36.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.procmail.new/procmail.changes 2014-10-14 07:12:59.000000000 +0200 @@ -1,0 +2,15 @@ +Thu Sep 4 13:32:42 UTC 2014 - [email protected] + +- Correct licenses +- Add cflags() shell function to be able to check for compiler, + linker, and assembler flags, that is if those are supported by + the compiler, linker, or assembler. + +------------------------------------------------------------------- +Thu Sep 4 08:39:12 UTC 2014 - [email protected] + +- Add patch procmail-3.22-CVE-2014-3618.patch to fix heap-overflow + in procmail's formail utility when processing specially-crafted + email headers (bnc#894999, CVE-2014-3618) + +------------------------------------------------------------------- New: ---- procmail-3.22-CVE-2014-3618.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ procmail.spec ++++++ --- /var/tmp/diff_new_pack.0ExfVE/_old 2014-10-14 07:13:00.000000000 +0200 +++ /var/tmp/diff_new_pack.0ExfVE/_new 2014-10-14 07:13:00.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package procmail # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -34,6 +34,8 @@ Patch4: procmail-%{version}-owl-truncate.dif Patch5: procmail-%{version}-autoconf.dif Patch6: procmail-%{version}-ipv6.patch +# PATCH-FIX-SUSE Heap-overflow in procmail's formail utility when processing specially-crafted email headers (bnc#894999) +Patch7: procmail-%{version}-CVE-2014-3618.patch BuildRequires: pcre-devel BuildRequires: postfix %if %suse_version >= 1230 @@ -56,21 +58,62 @@ echo Patch $p patch -s -p1 --fuzz=0 < $p done -%patch0 -b .mailstat -%patch1 -%patch2 -%patch3 -%patch4 -%patch5 -%patch6 -p1 -b .ipv6 +%patch0 -p0 +%patch1 -p0 +%patch2 -p0 +%patch3 -p0 +%patch4 -p0 +%patch5 -p0 +%patch6 -p1 +%patch7 -p0 sed -ri '\@^/\*@,\@\*/@{ s@^(/\*[^*]*)(/\*)@\1\*/ \2@; }' config.h sed -ri '\@^/\*@,\@\*/@{ s@^(/\*[^*]*)(/\*)@\1\*/ \2@; }' src/includes.h sed -ri '\@^#.*[[:blank:]]+/\*[^/]*$@M,\@\*/$@{ s@(^[[:blank:]]+)/\*@\1 @;}' src/includes.h %build - RPM_OPT_FLAGS="-std=c89 %{optflags} -Wno-parentheses -Wno-sign-compare -Wno-unprototyped-calls" - export RPM_OPT_FLAGS - make %{?_smp_mflags} XCFLAGS="-fno-strict-aliasing -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" MANDIR=%{_mandir} LDFLAGS0= + cflags () + { + local flag=$1; shift + local var=$1; shift + local gold + test -n "${flag}" -a -n "${var}" || return + case "${!var}" in + *${flag}*) return + esac + if type ld.gold > /dev/null 2>&1 ; then + gold=-Wl,-fuse-ld=gold + fi + set -o noclobber + case "$flag" in + -Wl,*) + if echo 'int main () { return 0; }' | \ + ${CC:-gcc} -Werror $gold $flag -o /dev/null -xc - > /dev/null 2>&1 ; then + eval $var=\${$var:+\$$var\ }$flag + fi + rm -f ldtest.c + ;; + *) + if ${CC:-gcc} -Werror $gold $flag -S -o /dev/null -xc /dev/null > /dev/null 2>&1 ; then + eval $var=\${$var:+\$$var\ }$flag + fi + if ${CXX:-g++} -Werror $gold $flag -S -o /dev/null -xc++ /dev/null > /dev/null 2>&1 ; then + eval $var=\${$var:+\$$var\ }$flag + fi + esac + set +o noclobber + } + RPM_OPT_FLAGS="%{optflags}" + XCFLAGS="$(getconf LFS_CFLAGS)" + cflags -std=c89 RPM_OPT_FLAGS + cflags -Wno-parentheses RPM_OPT_FLAGS + cflags -Wno-sign-compare RPM_OPT_FLAGS + cflags -Wno-unprototyped-calls RPM_OPT_FLAGS + cflags -pipe RPM_OPT_FLAGS + cflags -fno-strict-aliasing XCFLAGS + cflags -Wl,-O2 LDFLAGS0 + cflags -Wl,--hash-size=8599 LDFLAGS0 + export RPM_OPT_FLAGS XCFLAGS LDFLAGS0 + make %{?_smp_mflags} XCFLAGS="${XCFLAGS}" MANDIR=%{_mandir} LDFLAGS0="${LDFLAGS0}" %install mkdir -p %{buildroot}%{_mandir}/man{1,5} %{buildroot}%{_prefix}/bin @@ -79,6 +122,7 @@ %files %defattr(-,root,root) +%doc Artistic COPYING %doc FAQ FEATURES README examples %{_bindir}/formail %{_bindir}/lockfile ++++++ procmail-3.22-CVE-2014-3618.patch ++++++ BNC#894999 - VUL-0: procmail: CVE-2014-3618 procmail: Heap-overflow in procmail's formail utility when processing specially-crafted email headers --- src/formisc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- src/formisc.c +++ src/formisc.c 2014-09-04 08:27:31.827152957 +0000 @@ -83,13 +83,14 @@ normal: *target++= *start++; break; case '"':*target++=delim='"';start++; } - ;{ int i; - do + { + while(*start) /* anything? */ + { int i; if((i= *target++= *start++)==delim) /* corresponding delimiter? */ break; else if(i=='\\'&&*start) /* skip quoted character */ *target++= *start++; - while(*start); /* anything? */ + } } hitspc=2; } ++++++ procmail.keyring ++++++ --- /var/tmp/diff_new_pack.0ExfVE/_old 2014-10-14 07:13:00.000000000 +0200 +++ /var/tmp/diff_new_pack.0ExfVE/_new 2014-10-14 07:13:00.000000000 +0200 @@ -1,16 +1,16 @@ +pub 1024R/4A25D351 1999-02-09 +uid Procmail Distribution <[email protected]> + -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: PGPfreeware 5.0i for non-commercial use +Version: GnuPG v2.0.22 (GNU/Linux) -mQCNAza/mYsAAAEEAOGphvTkXnaD0gIHXR5ICLoO97QW0rqtfJjIJ3Eg7XZInIQW -BKVzx0b80DHikyneISG2DFk/xFlxlPRYcdD6q/2OM03Km92/ucG3PXPmwYDNUx8X -xzLNSCxSGV0Zl8gBU5uSN8FD6O4VYLXgJw7rEaBLe5neJPQtRQSfxfRKJdNRAAUR -tChQcm9jbWFpbCBEaXN0cmlidXRpb24gPGJ1Z0Bwcm9jbWFpbC5vcmc+iQCVAwUQ -Nr+Z150ocUeK3KGhAQFPwwP+Iu1G4zR2iR0wXwqo0y144fhEM+AItQTrYGzi4R5x -72qvVwqEjBvq8oNPTj66lylFxs5JlBEtAdPvae0xEyCRbzl8Ln4xh2L7IGFCLg9l -FHAQk8f9aqCApUfadoBxUyYKIHS08r9jqhsPLxJO+aaHgKi+FiDgjZjVAlExfq6Y -UNeJAJUDBRA2v5muBJ/F9Eol01EBAWjSBACBrEN30POAEitSAb0STTGfVsHV54Y1 -mR7DbC2E3/uhiFnBCkzQJG8MJwrCCuDDHnMWbXOaIDuyAU5qE5GEgU0ncAuvj2NP -TkjgYAXBORQxBQoj2fld8PuCr7afg2ELGXx5KeS7hU+1wGJSuOzPz+FQ/RjbeMdD -dZ03LEeafqLxGg== -=YqHH +mI0DNr+ZiwAAAQQA4amG9ORedoPSAgddHkgIug73tBbSuq18mMgncSDtdkichBYE +pXPHRvzQMeKTKd4hIbYMWT/EWXGU9Fhx0Pqr/Y4zTcqb3b+5wbc9c+bBgM1THxfH +Ms1ILFIZXRmXyAFTm5I3wUPo7hVgteAnDusRoEt7md4k9C1FBJ/F9Eol01EABRG0 +KFByb2NtYWlsIERpc3RyaWJ1dGlvbiA8YnVnQHByb2NtYWlsLm9yZz6JAJUDBRA2 +v5muBJ/F9Eol01EBAWjSBACBrEN30POAEitSAb0STTGfVsHV54Y1mR7DbC2E3/uh +iFnBCkzQJG8MJwrCCuDDHnMWbXOaIDuyAU5qE5GEgU0ncAuvj2NPTkjgYAXBORQx +BQoj2fld8PuCr7afg2ELGXx5KeS7hU+1wGJSuOzPz+FQ/RjbeMdDdZ03LEeafqLx +Gg== +=ISUD -----END PGP PUBLIC KEY BLOCK----- -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
