[packages/procmail] - release 19, fix for CVE-2017-16844

Sun, 10 Nov 2019 02:12:10 -0800 

commit e1fa28563c9e67e9f7e688ce7217dfea196bd74b
Author: Adam Gołębiowski <[email protected]>
Date:   Sun Nov 10 11:11:26 2019 +0100

    - release 19, fix for CVE-2017-16844

 procmail-3.22-CVE-2017-16844.patch | 13 +++++++++++++
 procmail.spec                      |  4 +++-
 2 files changed, 16 insertions(+), 1 deletion(-)
---
diff --git a/procmail.spec b/procmail.spec
index dd550bf..704d116 100644
--- a/procmail.spec
+++ b/procmail.spec
@@ -11,7 +11,7 @@ Summary(zh_CN.UTF-8): [服务器]分发mail到用户的守护进程
 Summary(zh_TW.UTF-8):  [祀務器]分蛛mail到用戶的佐鰾園評
 Name:          procmail
 Version:       3.22
-Release:       18
+Release:       19
 License:       GPL v2+ or Artistic
 Group:         Applications/Mail
 Source0:       http://www.procmail.org/%{name}-%{version}.tar.gz
@@ -29,6 +29,7 @@ Patch5:               procmail_3.22-8.debian.patch
 Patch6:                procmail-3.22-CVE-2014-3618.patch
 Patch7:                procmail-3.22-ipv6.patch
 Patch8:                procmail-3.22-truncate.patch
+Patch9:                procmail-3.22-CVE-2017-16844.patch
 URL:           http://www.procmail.org/
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -102,6 +103,7 @@ listesi yazılımının temelini oluşturur.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 %build
 echo "" | %{__make} \
diff --git a/procmail-3.22-CVE-2017-16844.patch 
b/procmail-3.22-CVE-2017-16844.patch
new file mode 100644
index 0000000..5e610d7
--- /dev/null
+++ b/procmail-3.22-CVE-2017-16844.patch
@@ -0,0 +1,13 @@
+diff --git a/src/formisc.c b/src/formisc.c
+index 5c2869d..54fd013 100644
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -103,7 +103,7 @@ void loadsaved(sp)const struct saved*const sp;          /* 
load some saved text */
+ }
+                                                           /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)                      /* buf can't hold the text */
++{ while(buffilled+len>buflen)                   /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/procmail.git/commitdiff/e1fa28563c9e67e9f7e688ce7217dfea196bd74b

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to