From: Peter Marko <[email protected]> Take patch from Debian. https://sources.debian.org/data/main/p/procmail/3.22-26%2Bdeb10u1/debian/patches/30
Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 3d97f4c13d5f5810659e107f6461f0b63f6fa92a) Signed-off-by: Armin Kuster <[email protected]> --- .../procmail/procmail/CVE-2017-16844.patch | 20 +++++++++++++++++++ .../recipes-support/procmail/procmail_3.22.bb | 1 + 2 files changed, 21 insertions(+) create mode 100644 meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch diff --git a/meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch b/meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch new file mode 100644 index 0000000000..6e04989c33 --- /dev/null +++ b/meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch @@ -0,0 +1,20 @@ +From: Santiago Vila <[email protected]> +Subject: Fix heap-based buffer overflow in loadbuf() +Bug-Debian: http://bugs.debian.org/876511 +X-Debian-version: 3.22-26 + +CVE: CVE-2017-16844 +Upstream-Status: Inactive-Upstream [lastrelease: 2001] +Signed-off-by: Peter Marko <[email protected]> + +--- a/src/formisc.c ++++ b/src/formisc.c +@@ -103,7 +103,7 @@ + } + /* append to buf */ + void loadbuf(text,len)const char*const text;const size_t len; +-{ if(buffilled+len>buflen) /* buf can't hold the text */ ++{ while(buffilled+len>buflen) /* buf can't hold the text */ + buf=realloc(buf,buflen+=Bsize); + tmemmove(buf+buffilled,text,len);buffilled+=len; + } diff --git a/meta-oe/recipes-support/procmail/procmail_3.22.bb b/meta-oe/recipes-support/procmail/procmail_3.22.bb index 4806bf5f80..16fcf84dad 100644 --- a/meta-oe/recipes-support/procmail/procmail_3.22.bb +++ b/meta-oe/recipes-support/procmail/procmail_3.22.bb @@ -14,6 +14,7 @@ SRC_URI = "http://www.ring.gr.jp/archives/net/mail/${BPN}/${BP}.tar.gz \ file://from-debian-to-fix-man-file.patch \ file://man-file-mailstat.1-from-debian.patch \ file://CVE-2014-3618.patch \ + file://CVE-2017-16844.patch \ " SRC_URI[md5sum] = "1678ea99b973eb77eda4ecf6acae53f1" SRC_URI[sha256sum] = "087c75b34dd33d8b9df5afe9e42801c9395f4bf373a784d9bc97153b0062e117" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#115092): https://lists.openembedded.org/g/openembedded-devel/message/115092 Mute This Topic: https://lists.openembedded.org/mt/110810777/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
