commit procmail for openSUSE:Factory

Tue, 21 Nov 2017 06:19:35 -0800 

Hello community,

here is the log from the commit of package procmail for openSUSE:Factory 
checked in at 2017-11-21 15:19:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/procmail (Old)
 and      /work/SRC/openSUSE:Factory/.procmail.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "procmail"

Tue Nov 21 15:19:17 2017 rev:30 rq:542613 version:3.22

Changes:
--------
--- /work/SRC/openSUSE:Factory/procmail/procmail.changes        2017-06-17 
10:19:15.711299839 +0200
+++ /work/SRC/openSUSE:Factory/.procmail.new/procmail.changes   2017-11-21 
15:19:23.073455125 +0100
@@ -1,0 +2,6 @@
+Fri Nov 17 10:37:58 UTC 2017 - wer...@suse.de
+
+- Add patch procmail-formisc.c.patch to fix bug bsc#1068648
+  CVE-2017-16844
+
+-------------------------------------------------------------------

New:
----
  procmail-formisc.c.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ procmail.spec ++++++
--- /var/tmp/diff_new_pack.O5jvfs/_old  2017-11-21 15:19:24.101417858 +0100
+++ /var/tmp/diff_new_pack.O5jvfs/_new  2017-11-21 15:19:24.105417713 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package procmail
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,6 +36,8 @@
 Patch7:         procmail-%{version}-CVE-2014-3618.patch
 # PATCH-FIX-SUSE bmwiedemann -- make build reproducible
 Patch8:         reproducible.patch
+# PATCH-FIX-SUSE Patch for Bug 1068648 aka CVE-2017-16844
+Patch9:         procmail-formisc.c.patch
 BuildRequires:  pcre-devel
 BuildRequires:  postfix
 Requires:       /bin/sed
@@ -62,6 +64,7 @@
 %patch6 -p1
 %patch7 -p0
 %patch8 -p1
+%patch9 -p1
 sed -ri '\@^/\*@,\@\*/@{ s@^(/\*[^*]*)(/\*)@\1\*/ \2@; }' config.h
 sed -ri '\@^/\*@,\@\*/@{ s@^(/\*[^*]*)(/\*)@\1\*/ \2@; }' src/includes.h
 sed -ri '\@^#.*[[:blank:]]+/\*[^/]*$@M,\@\*/$@{ s@(^[[:blank:]]+)/\*@\1  @;}' 
src/includes.h

++++++ procmail-formisc.c.patch ++++++
Patch for Bug 1068648 aka CVE-2017-16844

diff --git a/src/formisc.c b/src/formisc.c
index d91b227..6c7594b 100644
--- a/src/formisc.c
+++ b/src/formisc.c
@@ -103,7 +103,7 @@ void loadsaved(sp)const struct saved*const sp;           /* 
load some saved text */
 }
                                                            /* append to buf */
 void loadbuf(text,len)const char*const text;const size_t len;
-{ if(buffilled+len>buflen)                       /* buf can't hold the text */
+{ while(buffilled+len>buflen)                    /* buf can't hold the text */
      buf=realloc(buf,buflen+=Bsize);
   tmemmove(buf+buffilled,text,len);buffilled+=len;
 }

Reply via email to