Date: Sunday, October 11, 2020 @ 16:41:15 Author: freswa Revision: 723496
backport fix for CVE-2020-12460 fixes FS#67873 Added: opendmarc/trunk/CVE-2020-12460.patch Modified: opendmarc/trunk/PKGBUILD ----------------------+ CVE-2020-12460.patch | 41 +++++++++++++++++++++++++++++++++++++++++ PKGBUILD | 5 ++++- 2 files changed, 45 insertions(+), 1 deletion(-) Added: CVE-2020-12460.patch =================================================================== --- CVE-2020-12460.patch (rev 0) +++ CVE-2020-12460.patch 2020-10-11 16:41:15 UTC (rev 723496) @@ -0,0 +1,41 @@ +From 50d28af25d8735504b6103537228ce7f76ad765f Mon Sep 17 00:00:00 2001 +From: "Murray S. Kucherawy" <[email protected]> +Date: Wed, 5 Aug 2020 21:56:01 +0000 +Subject: [PATCH] In opendmarc_xml_parse(), ensure NULL-termination of the + buffer passed to opendmarc_xml(). + +--- + libopendmarc/opendmarc_xml.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libopendmarc/opendmarc_xml.c b/libopendmarc/opendmarc_xml.c +index 26bb9dc..b3ac55a 100644 +--- a/libopendmarc/opendmarc_xml.c ++++ b/libopendmarc/opendmarc_xml.c +@@ -158,7 +158,7 @@ opendmarc_xml(char *b, size_t blen, char *e, size_t elen) + if (*cp != '<') + continue; + ++cp; +- for(sp = cp; *sp != '\0'; ++sp) ++ for (sp = cp; *sp != '\0'; ++sp) + { + if (*sp == '?') + break; +@@ -546,7 +546,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len) + if (fname == NULL) + { + xerror = errno; +- (void) snprintf(err_buf, err_len, "%s: %s", fname, "File name was NULL"); ++ (void) snprintf(err_buf, err_len, "%s", "File name was NULL"); + errno = EINVAL; + return NULL; + } +@@ -572,7 +572,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len) + return NULL; + } + +- bufp = calloc(statb.st_size, 1); ++ bufp = calloc(statb.st_size + 1, 1); + if (bufp == NULL) + { + xerror = errno; Modified: PKGBUILD =================================================================== --- PKGBUILD 2020-10-11 16:11:28 UTC (rev 723495) +++ PKGBUILD 2020-10-11 16:41:15 UTC (rev 723496) @@ -5,7 +5,7 @@ pkgname=opendmarc pkgver=1.3.3 -pkgrel=1 +pkgrel=2 pkgdesc="Free open source software implementation of the DMARC specification" arch=('x86_64') url="https://github.com/trusteddomainproject/OpenDMARC"; @@ -20,10 +20,12 @@ 'perl-libwww: generate DMARC reports') backup=('etc/opendmarc/opendmarc.conf') source=("https://github.com/trusteddomainproject/OpenDMARC/archive/rel-opendmarc-${pkgver//./-}.tar.gz"; + 'CVE-2020-12460.patch' 'opendmarc.service' 'opendmarc.conf' 'opendmarc.sysusers') sha512sums=('bb4bf8e3ad2d1732b07e55316819d4fd708e529b54a336d7d00763e13bfc62580bb1b30f132fa786dbca15e526e8dd5e146c7be454e1c42714a9f57126fc5e12' + '98582c2b0a08d77b27856331f28214b7b5fa3972c572189ed21963030e98858285a5a69851f173d08380bf409d985980e7c61de5d571af11062f0d394fc8b5f5' '738de0cd286dd30713f32034f9ecf9009b6f64038c573c9f8aedaf10df8293bb9eec9d19492a03a2ebf2d2960289bdf48be9b1eb25395dbe9a490f7e3b25cb34' '2753ad4477b499947ca07bb385ad0e10f327efa61a9059884091ead8e8e2bd65793436053d5a9c734e4c0676b7823982083ea7b35fae967eeacaeafb6226ff20' 'fbd5e81ded35281e3a63b4858a368033fa27696dee22a5dcf52e3e04b0762476e1ffa6edb489cf76612f3b4ffaee0fce586ab97d1da9805a089bbaf3487c907b') @@ -33,6 +35,7 @@ # sed -i '' configure.ac mkdir docs touch docs/Makefile.in + patch -Np1 < "${srcdir}"/CVE-2020-12460.patch } build() {
