commit: 6a18f75bc0b98b1bc66844c82d5eee10eac9dfd7 Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Mon Jun 8 08:05:57 2020 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Mon Jun 8 08:06:10 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a18f75b
mail-mta/exim-4.94-r1: fix PAM expansion, bug #727310 Closes: https://bugs.gentoo.org/727310 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> .../exim/{exim-4.94.ebuild => exim-4.94-r1.ebuild} | 1 + .../exim/files/exim-4.94-taint-pam-expansion.patch | 35 ++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/mail-mta/exim/exim-4.94.ebuild b/mail-mta/exim/exim-4.94-r1.ebuild similarity index 99% rename from mail-mta/exim/exim-4.94.ebuild rename to mail-mta/exim/exim-4.94-r1.ebuild index cc977b34b9a..52358f32bef 100644 --- a/mail-mta/exim/exim-4.94.ebuild +++ b/mail-mta/exim/exim-4.94-r1.ebuild @@ -114,6 +114,7 @@ src_prepare() { eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 eapply "${FILESDIR}"/exim-4.69-r1.27021.patch eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch + eapply -p2 "${FILESDIR}"/exim-4.94-taint-pam-expansion.patch # drop on NR if use maildir ; then eapply "${FILESDIR}"/exim-4.94-maildir.patch diff --git a/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch b/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch new file mode 100644 index 00000000000..81863d340ed --- /dev/null +++ b/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch @@ -0,0 +1,35 @@ +From f7f933a199be8bb7362c715e0040545b514cddca Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146...@wizmail.org> +Date: Tue, 2 Jun 2020 14:50:31 +0100 +Subject: [PATCH] Taint: fix pam expansion condition. Bug 2587 + +--- + doc/doc-txt/ChangeLog | 5 +++++ + src/src/auths/call_pam.c | 5 ++--- + 2 files changed, 7 insertions(+), 3 deletions(-) + +modified for gentoo so the patch applies by dropping Changelog part + +diff --git a/src/src/auths/call_pam.c b/src/src/auths/call_pam.c +index 2959cbbf3..80bb23ec3 100644 +--- a/src/src/auths/call_pam.c ++++ b/src/src/auths/call_pam.c +@@ -83,8 +83,7 @@ for (int i = 0; i < num_msg; i++) + { + case PAM_PROMPT_ECHO_ON: + case PAM_PROMPT_ECHO_OFF: +- arg = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size); +- if (!arg) ++ if (!(arg = string_nextinlist(&pam_args, &sep, NULL, 0))) + { + arg = US""; + pam_arg_ended = TRUE; +@@ -155,7 +154,7 @@ pam_arg_ended = FALSE; + fail. PAM doesn't support authentication with an empty user (it prompts for it, + causing a potential mis-interpretation). */ + +-user = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size); ++user = string_nextinlist(&pam_args, &sep, NULL, 0); + if (user == NULL || user[0] == 0) return FAIL; + + /* Start off PAM interaction */