Thu Sep 4 07:37:44 2014 UTC ()
Fix CVE-2014-3618.
https://bugzilla.redhat.com/show_bug.cgi?id=1121299

While here:
Convert to user-destdir by using pkgsrc setuid framework.
Add comments to some patches.

Bump PKGREVISION.


(wiz)
diff -r1.47 -r1.48 pkgsrc/mail/procmail/Makefile
diff -r1.14 -r1.15 pkgsrc/mail/procmail/distinfo
diff -r1.1 -r1.2 pkgsrc/mail/procmail/patches/patch-ag
diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-ba
diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-bb
diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-bc
diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-bd
cvs diff -r1.47 -r1.48 pkgsrc/mail/procmail/Makefile (expand / switch to unified diff)

--- pkgsrc/mail/procmail/Makefile 2012/03/12 13:22:16 1.47
+++ pkgsrc/mail/procmail/Makefile 2014/09/04 07:37:44 1.48
@@ -1,36 +1,35 @@ @@ -1,36 +1,35 @@
1# $NetBSD: Makefile,v 1.47 2012/03/12 13:22:16 fhajny Exp $ 1# $NetBSD: Makefile,v 1.48 2014/09/04 07:37:44 wiz Exp $
2# 
3 2
4DISTNAME= procmail-3.22 3DISTNAME= procmail-3.22
5PKGREVISION= 3 4PKGREVISION= 4
6CATEGORIES= mail 5CATEGORIES= mail
7MASTER_SITES= ftp://ftp.procmail.org/pub/procmail/ 6MASTER_SITES= ftp://ftp.procmail.org/pub/procmail/
8 7
9MAINTAINER= kim@tac.nyc.ny.us 8MAINTAINER= kim@tac.nyc.ny.us
10HOMEPAGE= http://www.procmail.org/ 9HOMEPAGE= http://www.procmail.org/
11COMMENT= Local mail delivery agent 10COMMENT= Local mail delivery agent
12LICENSE= artistic OR gnu-gpl-v2 11LICENSE= artistic OR gnu-gpl-v2
13 12
14PKG_DESTDIR_SUPPORT= destdir 
15 
16PKG_INSTALLATION_TYPES= overwrite pkgviews 13PKG_INSTALLATION_TYPES= overwrite pkgviews
17 14
18MAKE_JOBS_SAFE= no 15MAKE_JOBS_SAFE= no
19 16
20MAKE_ENV+= SHELL=${SH:Q} CHMOD=${CHMOD:Q} 17MAKE_ENV+= SHELL=${SH:Q} CHMOD=${CHMOD:Q}
21INSTALL_TARGET= install-suid install.man 18INSTALL_TARGET= install-suid install.man
22UNLIMIT_RESOURCES= datasize 19UNLIMIT_RESOURCES= datasize
23 20
 21SPECIAL_PERMS+= bin/procmail ${SETUID_ROOT_PERMS}
 22
24.include "../../mk/bsd.prefs.mk" 23.include "../../mk/bsd.prefs.mk"
25 24
26BUILD_DEFS+= PROCMAIL_MAILSPOOLHOME PROCMAIL_TRUSTED_IDS 25BUILD_DEFS+= PROCMAIL_MAILSPOOLHOME PROCMAIL_TRUSTED_IDS
27 26
28PROCMAIL_TRUSTED_IDS?=\ 27PROCMAIL_TRUSTED_IDS?=\
29"root","daemon","uucp","mail","x400","network","list","slist","lists","news",0 28"root","daemon","uucp","mail","x400","network","list","slist","lists","news",0
30 29
31INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 30INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${PKGMANDIR}/man5
32 31
33### Inlining functions (implied by -O3 or higher) cause the strstr() test 32### Inlining functions (implied by -O3 or higher) cause the strstr() test
34### to enter an infinite loop so disable it. This fixes PR pkg/30999. 33### to enter an infinite loop so disable it. This fixes PR pkg/30999.
35CFLAGS+= -fno-inline-functions 34CFLAGS+= -fno-inline-functions
36 35
@@ -51,17 +50,16 @@ pre-configure: @@ -51,17 +50,16 @@ pre-configure:
51.if ${OPSYS} == "SunOS" 50.if ${OPSYS} == "SunOS"
52do-install: 51do-install:
53 cd ${WRKSRC}/new; \ 52 cd ${WRKSRC}/new; \
54 for f in procmail formail lockfile; do \ 53 for f in procmail formail lockfile; do \
55 ${INSTALL_PROGRAM} $$f ${DESTDIR}${PREFIX}/bin/$$f; \ 54 ${INSTALL_PROGRAM} $$f ${DESTDIR}${PREFIX}/bin/$$f; \
56 done; \ 55 done; \
57 ${INSTALL_SCRIPT} mailstat ${DESTDIR}${PREFIX}/bin/mailstat; \ 56 ${INSTALL_SCRIPT} mailstat ${DESTDIR}${PREFIX}/bin/mailstat; \
58 for f in procmail.1 formail.1 lockfile.1; do \ 57 for f in procmail.1 formail.1 lockfile.1; do \
59 ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/$$f; \ 58 ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/$$f; \
60 done; \ 59 done; \
61 for f in procmailex.5 procmailrc.5 procmailsc.5; do \ 60 for f in procmailex.5 procmailrc.5 procmailsc.5; do \
62 ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/$$f; \ 61 ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/$$f; \
63 done 62 done
64 DESTDIR=${DESTDIR:Q} ${SH} ${WRKSRC}/suid.sh 
65.endif 63.endif
66 64
67.include "../../mk/bsd.pkg.mk" 65.include "../../mk/bsd.pkg.mk"
cvs diff -r1.14 -r1.15 pkgsrc/mail/procmail/distinfo (expand / switch to unified diff)

--- pkgsrc/mail/procmail/distinfo 2012/03/12 13:22:17 1.14
+++ pkgsrc/mail/procmail/distinfo 2014/09/04 07:37:44 1.15
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1$NetBSD: distinfo,v 1.14 2012/03/12 13:22:17 fhajny Exp $ 1$NetBSD: distinfo,v 1.15 2014/09/04 07:37:44 wiz Exp $
2 2
3SHA1 (procmail-3.22.tar.gz) = cd4e44c15559816453fd60349e5a32289f6f2965 3SHA1 (procmail-3.22.tar.gz) = cd4e44c15559816453fd60349e5a32289f6f2965
4RMD160 (procmail-3.22.tar.gz) = e609ec94ea9ab3b93629c62b3e29add497806483 4RMD160 (procmail-3.22.tar.gz) = e609ec94ea9ab3b93629c62b3e29add497806483
5Size (procmail-3.22.tar.gz) = 226817 bytes 5Size (procmail-3.22.tar.gz) = 226817 bytes
6SHA1 (patch-aa) = 6e29885f53d24662c5c69ac906ccc36a26665be2 6SHA1 (patch-aa) = 6e29885f53d24662c5c69ac906ccc36a26665be2
7SHA1 (patch-ab) = 5233a6033198dc2baec135a6fba987e7e2b89ff2 7SHA1 (patch-ab) = 5233a6033198dc2baec135a6fba987e7e2b89ff2
8SHA1 (patch-ac) = fe2350e704546c2262d546bb615175dd0591ba8b 8SHA1 (patch-ac) = fe2350e704546c2262d546bb615175dd0591ba8b
9SHA1 (patch-ad) = b35d6d508a15b8e70734ac7ccd58c19db31717ab 9SHA1 (patch-ad) = b35d6d508a15b8e70734ac7ccd58c19db31717ab
10SHA1 (patch-ae) = b5ac027b337c8d9cf9c6096a48ef534315e18250 10SHA1 (patch-ae) = b5ac027b337c8d9cf9c6096a48ef534315e18250
11SHA1 (patch-af) = 889f937f50561308c644d5a4bd836eccabbb2938 11SHA1 (patch-af) = 889f937f50561308c644d5a4bd836eccabbb2938
12SHA1 (patch-ag) = 66ae907f1b7ccfa10b5278443a9d9b0277923e61 12SHA1 (patch-ag) = 8f2ae1f2e7bdc3c2295148c33183176423802fee
13SHA1 (patch-ba) = dfe9a74ed4fece98850780bebedd162fd0e5b275 13SHA1 (patch-ba) = 2ebbd43d2773b147ee6410e37ab3696aeda3c07c
14SHA1 (patch-bb) = 0ba6c7a62ea49e8afc2e443fa84b4de692897af4 14SHA1 (patch-bb) = 5b273bd60d24168794189bb844e39e94bd688ea8
15SHA1 (patch-bc) = 3f37d5d4ba427407230aae58e4a08a7c87ccad4e 15SHA1 (patch-bc) = 7344d3c2fce1bcd3276d8e5014bf9537c6dece5c
16SHA1 (patch-bd) = 7fe12e0b626c9c7a045cb4a6ccbed20614d5c8d6 16SHA1 (patch-bd) = fb6f2fb4b5fe1ea01682a319b6655b023e5c5fd0
cvs diff -r1.1 -r1.2 pkgsrc/mail/procmail/patches/patch-ag (expand / switch to unified diff)

--- pkgsrc/mail/procmail/patches/patch-ag 2006/01/08 13:43:26 1.1
+++ pkgsrc/mail/procmail/patches/patch-ag 2014/09/04 07:37:44 1.2
@@ -1,12 +1,14 @@ @@ -1,12 +1,14 @@
1$NetBSD: patch-ag,v 1.1 2006/01/08 13:43:26 joerg Exp $ 1$NetBSD: patch-ag,v 1.2 2014/09/04 07:37:44 wiz Exp $
 2
 3Remove unportable errno redefinition.
2 4
3--- src/includes.h.orig 2006-01-08 13:33:18.000000000 +0000 5--- src/includes.h.orig 2006-01-08 13:33:18.000000000 +0000
4+++ src/includes.h 6+++ src/includes.h
5@@ -283,7 +283,6 @@ double pow(); 7@@ -283,7 +283,6 @@ double pow();
6 #endif 8 #endif
7  9
8 extern /*const*/char**environ; 10 extern /*const*/char**environ;
9-extern int errno; 11-extern int errno;
10  12
11 #ifndef STDIN_FILENO 13 #ifndef STDIN_FILENO
12 #define STDIN 0 14 #define STDIN 0
cvs diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-ba (expand / switch to unified diff)

--- pkgsrc/mail/procmail/patches/patch-ba 2012/03/12 13:22:17 1.2
+++ pkgsrc/mail/procmail/patches/patch-ba 2014/09/04 07:37:44 1.3
@@ -1,13 +1,15 @@ @@ -1,13 +1,15 @@
1$NetBSD: patch-ba,v 1.2 2012/03/12 13:22:17 fhajny Exp $ 1$NetBSD: patch-ba,v 1.3 2014/09/04 07:37:44 wiz Exp $
 2
 3Avoid conflict with existing getline() functions.
2 4
3--- src/formail.c.orig 2009-07-17 23:04:16.000000000 -0400 5--- src/formail.c.orig 2009-07-17 23:04:16.000000000 -0400
4+++ src/formail.c 2009-07-17 23:04:16.000000000 -0400 6+++ src/formail.c 2009-07-17 23:04:16.000000000 -0400
5@@ -819,7 +819,7 @@ 7@@ -819,7 +819,7 @@
6 { if(split) /* gobble up the next start separator */ 8 { if(split) /* gobble up the next start separator */
7 { buffilled=0; 9 { buffilled=0;
8 #ifdef sMAILBOX_SEPARATOR 10 #ifdef sMAILBOX_SEPARATOR
9- getline();buffilled=0; /* but only if it's defined */ 11- getline();buffilled=0; /* but only if it's defined */
10+ get_line();buffilled=0; /* but only if it's defined */ 12+ get_line();buffilled=0; /* but only if it's defined */
11 #endif 13 #endif
12 if(buflast!=EOF) /* if any */ 14 if(buflast!=EOF) /* if any */
13 goto splitit; 15 goto splitit;
cvs diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-bb (expand / switch to unified diff)

--- pkgsrc/mail/procmail/patches/patch-bb 2012/03/12 13:22:17 1.2
+++ pkgsrc/mail/procmail/patches/patch-bb 2014/09/04 07:37:44 1.3
@@ -1,14 +1,16 @@ @@ -1,14 +1,16 @@
1$NetBSD: patch-bb,v 1.2 2012/03/12 13:22:17 fhajny Exp $ 1$NetBSD: patch-bb,v 1.3 2014/09/04 07:37:44 wiz Exp $
 2
 3Avoid conflict with existing getline() functions.
2 4
3--- src/fields.c.orig 2009-07-17 23:04:16.000000000 -0400 5--- src/fields.c.orig 2009-07-17 23:04:16.000000000 -0400
4+++ src/fields.c 2009-07-17 23:04:16.000000000 -0400 6+++ src/fields.c 2009-07-17 23:04:16.000000000 -0400
5@@ -110,16 +110,16 @@ 7@@ -110,16 +110,16 @@
6 /* try and append one valid field to rdheader from stdin */ 8 /* try and append one valid field to rdheader from stdin */
7 int readhead P((void)) 9 int readhead P((void))
8 { int idlen; 10 { int idlen;
9- getline(); 11- getline();
10+ get_line(); 12+ get_line();
11 if((idlen=breakfield(buf,buffilled))<=0) /* not the start of a valid field */ 13 if((idlen=breakfield(buf,buffilled))<=0) /* not the start of a valid field */
12 return 0; 14 return 0;
13 if(idlen==STRLEN(FROM)&&eqFrom_(buf)) /* it's a From_ line */ 15 if(idlen==STRLEN(FROM)&&eqFrom_(buf)) /* it's a From_ line */
14 { if(rdheader) 16 { if(rdheader)
cvs diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-bc (expand / switch to unified diff)

--- pkgsrc/mail/procmail/patches/patch-bc 2012/03/12 13:22:17 1.2
+++ pkgsrc/mail/procmail/patches/patch-bc 2014/09/04 07:37:44 1.3
@@ -1,10 +1,12 @@ @@ -1,10 +1,12 @@
1$NetBSD: patch-bc,v 1.2 2012/03/12 13:22:17 fhajny Exp $ 1$NetBSD: patch-bc,v 1.3 2014/09/04 07:37:44 wiz Exp $
 2
 3Avoid conflict with existing getline() functions.
2 4
3--- src/formisc.h.orig 2009-07-17 23:04:16.000000000 -0400 5--- src/formisc.h.orig 2009-07-17 23:04:16.000000000 -0400
4+++ src/formisc.h 2009-07-17 23:04:16.000000000 -0400 6+++ src/formisc.h 2009-07-17 23:04:16.000000000 -0400
5@@ -17,4 +17,4 @@ 7@@ -17,4 +17,4 @@
6 char* 8 char*
7 skipwords P((char*start)); 9 skipwords P((char*start));
8 int 10 int
9- getline P((void)); 11- getline P((void));
10+ get_line P((void)); 12+ get_line P((void));
cvs diff -r1.2 -r1.3 pkgsrc/mail/procmail/patches/patch-bd (expand / switch to unified diff)

--- pkgsrc/mail/procmail/patches/patch-bd 2012/03/12 13:22:17 1.2
+++ pkgsrc/mail/procmail/patches/patch-bd 2014/09/04 07:37:44 1.3
@@ -1,13 +1,34 @@ @@ -1,13 +1,34 @@
1$NetBSD: patch-bd,v 1.2 2012/03/12 13:22:17 fhajny Exp $ 1$NetBSD: patch-bd,v 1.3 2014/09/04 07:37:44 wiz Exp $
2 2
3--- src/formisc.c.orig 2009-07-17 23:04:16.000000000 -0400 3First chunk:
4+++ src/formisc.c 2009-07-17 23:04:16.000000000 -0400 4https://bugzilla.redhat.com/show_bug.cgi?id=1121299
5@@ -115,7 +115,7 @@ 5CVE-2014-3618
 6
 7Second chunk:
 8Avoid conflict with existing getline() functions.
 9
 10--- src/formisc.c.orig 2001-06-29 02:20:45.000000000 +0000
 11+++ src/formisc.c
 12@@ -84,12 +84,11 @@ normal: *target++= *start++;
 13 case '"':*target++=delim='"';start++;
 14 }
 15 ;{ int i;
 16- do
 17+ while(*start)
 18 if((i= *target++= *start++)==delim) /* corresponding delimiter? */
 19 break;
 20 else if(i=='\\'&&*start) /* skip quoted character */
 21 *target++= *start++;
 22- while(*start); /* anything? */
 23 }
 24 hitspc=2;
 25 }
 26@@ -115,7 +114,7 @@ void loadchar(c)const int c; /* a
6 buf[buffilled++]=c; 27 buf[buffilled++]=c;
7 } 28 }
8  29
9-int getline P((void)) /* read a newline-terminated line */ 30-int getline P((void)) /* read a newline-terminated line */
10+int get_line P((void)) /* read a newline-terminated line */ 31+int get_line P((void)) /* read a newline-terminated line */
11 { if(buflast==EOF) /* at the end of our Latin already? */ 32 { if(buflast==EOF) /* at the end of our Latin already? */
12 { loadchar('\n'); /* fake empty line */ 33 { loadchar('\n'); /* fake empty line */
13 return EOF; /* spread the word */ 34 return EOF; /* spread the word */