Fix CVE-2014-3618. https://bugzilla.redhat.com/show_bug.cgi?id=1121299 While here: Convert to user-destdir by using pkgsrc setuid framework. Add comments to some patches. Bump PKGREVISION.diff -r1.47 -r1.48 pkgsrc/mail/procmail/Makefile
(wiz)
@@ -1,36 +1,35 @@ | @@ -1,36 +1,35 @@ | |||
1 | # $NetBSD: Makefile,v 1.47 2012/03/12 13:22:16 fhajny Exp $ | 1 | # $NetBSD: Makefile,v 1.48 2014/09/04 07:37:44 wiz Exp $ | |
2 | # | |||
3 | 2 | |||
4 | DISTNAME= procmail-3.22 | 3 | DISTNAME= procmail-3.22 | |
5 | PKGREVISION= 3 | 4 | PKGREVISION= 4 | |
6 | CATEGORIES= mail | 5 | CATEGORIES= mail | |
7 | MASTER_SITES= ftp://ftp.procmail.org/pub/procmail/ | 6 | MASTER_SITES= ftp://ftp.procmail.org/pub/procmail/ | |
8 | 7 | |||
9 | MAINTAINER= kim@tac.nyc.ny.us | 8 | MAINTAINER= kim@tac.nyc.ny.us | |
10 | HOMEPAGE= http://www.procmail.org/ | 9 | HOMEPAGE= http://www.procmail.org/ | |
11 | COMMENT= Local mail delivery agent | 10 | COMMENT= Local mail delivery agent | |
12 | LICENSE= artistic OR gnu-gpl-v2 | 11 | LICENSE= artistic OR gnu-gpl-v2 | |
13 | 12 | |||
14 | PKG_DESTDIR_SUPPORT= destdir | |||
15 | ||||
16 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 13 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
17 | 14 | |||
18 | MAKE_JOBS_SAFE= no | 15 | MAKE_JOBS_SAFE= no | |
19 | 16 | |||
20 | MAKE_ENV+= SHELL=${SH:Q} CHMOD=${CHMOD:Q} | 17 | MAKE_ENV+= SHELL=${SH:Q} CHMOD=${CHMOD:Q} | |
21 | INSTALL_TARGET= install-suid install.man | 18 | INSTALL_TARGET= install-suid install.man | |
22 | UNLIMIT_RESOURCES= datasize | 19 | UNLIMIT_RESOURCES= datasize | |
23 | 20 | |||
21 | SPECIAL_PERMS+= bin/procmail ${SETUID_ROOT_PERMS} | |||
22 | ||||
24 | .include "../../mk/bsd.prefs.mk" | 23 | .include "../../mk/bsd.prefs.mk" | |
25 | 24 | |||
26 | BUILD_DEFS+= PROCMAIL_MAILSPOOLHOME PROCMAIL_TRUSTED_IDS | 25 | BUILD_DEFS+= PROCMAIL_MAILSPOOLHOME PROCMAIL_TRUSTED_IDS | |
27 | 26 | |||
28 | PROCMAIL_TRUSTED_IDS?=\ | 27 | PROCMAIL_TRUSTED_IDS?=\ | |
29 | "root","daemon","uucp","mail","x400","network","list","slist","lists","news",0 | 28 | "root","daemon","uucp","mail","x400","network","list","slist","lists","news",0 | |
30 | 29 | |||
31 | INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 | 30 | INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 | |
32 | 31 | |||
33 | ### Inlining functions (implied by -O3 or higher) cause the strstr() test | 32 | ### Inlining functions (implied by -O3 or higher) cause the strstr() test | |
34 | ### to enter an infinite loop so disable it. This fixes PR pkg/30999. | 33 | ### to enter an infinite loop so disable it. This fixes PR pkg/30999. | |
35 | CFLAGS+= -fno-inline-functions | 34 | CFLAGS+= -fno-inline-functions | |
36 | 35 | |||
@@ -51,17 +50,16 @@ pre-configure: | @@ -51,17 +50,16 @@ pre-configure: | |||
51 | .if ${OPSYS} == "SunOS" | 50 | .if ${OPSYS} == "SunOS" | |
52 | do-install: | 51 | do-install: | |
53 | cd ${WRKSRC}/new; \ | 52 | cd ${WRKSRC}/new; \ | |
54 | for f in procmail formail lockfile; do \ | 53 | for f in procmail formail lockfile; do \ | |
55 | ${INSTALL_PROGRAM} $$f ${DESTDIR}${PREFIX}/bin/$$f; \ | 54 | ${INSTALL_PROGRAM} $$f ${DESTDIR}${PREFIX}/bin/$$f; \ | |
56 | done; \ | 55 | done; \ | |
57 | ${INSTALL_SCRIPT} mailstat ${DESTDIR}${PREFIX}/bin/mailstat; \ | 56 | ${INSTALL_SCRIPT} mailstat ${DESTDIR}${PREFIX}/bin/mailstat; \ | |
58 | for f in procmail.1 formail.1 lockfile.1; do \ | 57 | for f in procmail.1 formail.1 lockfile.1; do \ | |
59 | ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/$$f; \ | 58 | ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/$$f; \ | |
60 | done; \ | 59 | done; \ | |
61 | for f in procmailex.5 procmailrc.5 procmailsc.5; do \ | 60 | for f in procmailex.5 procmailrc.5 procmailsc.5; do \ | |
62 | ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/$$f; \ | 61 | ${INSTALL_MAN} $$f ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/$$f; \ | |
63 | done | 62 | done | |
64 | DESTDIR=${DESTDIR:Q} ${SH} ${WRKSRC}/suid.sh | |||
65 | .endif | 63 | .endif | |
66 | 64 | |||
67 | .include "../../mk/bsd.pkg.mk" | 65 | .include "../../mk/bsd.pkg.mk" |
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | $NetBSD: distinfo,v 1.14 2012/03/12 13:22:17 fhajny Exp $ | 1 | $NetBSD: distinfo,v 1.15 2014/09/04 07:37:44 wiz Exp $ | |
2 | 2 | |||
3 | SHA1 (procmail-3.22.tar.gz) = cd4e44c15559816453fd60349e5a32289f6f2965 | 3 | SHA1 (procmail-3.22.tar.gz) = cd4e44c15559816453fd60349e5a32289f6f2965 | |
4 | RMD160 (procmail-3.22.tar.gz) = e609ec94ea9ab3b93629c62b3e29add497806483 | 4 | RMD160 (procmail-3.22.tar.gz) = e609ec94ea9ab3b93629c62b3e29add497806483 | |
5 | Size (procmail-3.22.tar.gz) = 226817 bytes | 5 | Size (procmail-3.22.tar.gz) = 226817 bytes | |
6 | SHA1 (patch-aa) = 6e29885f53d24662c5c69ac906ccc36a26665be2 | 6 | SHA1 (patch-aa) = 6e29885f53d24662c5c69ac906ccc36a26665be2 | |
7 | SHA1 (patch-ab) = 5233a6033198dc2baec135a6fba987e7e2b89ff2 | 7 | SHA1 (patch-ab) = 5233a6033198dc2baec135a6fba987e7e2b89ff2 | |
8 | SHA1 (patch-ac) = fe2350e704546c2262d546bb615175dd0591ba8b | 8 | SHA1 (patch-ac) = fe2350e704546c2262d546bb615175dd0591ba8b | |
9 | SHA1 (patch-ad) = b35d6d508a15b8e70734ac7ccd58c19db31717ab | 9 | SHA1 (patch-ad) = b35d6d508a15b8e70734ac7ccd58c19db31717ab | |
10 | SHA1 (patch-ae) = b5ac027b337c8d9cf9c6096a48ef534315e18250 | 10 | SHA1 (patch-ae) = b5ac027b337c8d9cf9c6096a48ef534315e18250 | |
11 | SHA1 (patch-af) = 889f937f50561308c644d5a4bd836eccabbb2938 | 11 | SHA1 (patch-af) = 889f937f50561308c644d5a4bd836eccabbb2938 | |
12 | SHA1 (patch-ag) = 66ae907f1b7ccfa10b5278443a9d9b0277923e61 | 12 | SHA1 (patch-ag) = 8f2ae1f2e7bdc3c2295148c33183176423802fee | |
13 | SHA1 (patch-ba) = dfe9a74ed4fece98850780bebedd162fd0e5b275 | 13 | SHA1 (patch-ba) = 2ebbd43d2773b147ee6410e37ab3696aeda3c07c | |
14 | SHA1 (patch-bb) = 0ba6c7a62ea49e8afc2e443fa84b4de692897af4 | 14 | SHA1 (patch-bb) = 5b273bd60d24168794189bb844e39e94bd688ea8 | |
15 | SHA1 (patch-bc) = 3f37d5d4ba427407230aae58e4a08a7c87ccad4e | 15 | SHA1 (patch-bc) = 7344d3c2fce1bcd3276d8e5014bf9537c6dece5c | |
16 | SHA1 (patch-bd) = 7fe12e0b626c9c7a045cb4a6ccbed20614d5c8d6 | 16 | SHA1 (patch-bd) = fb6f2fb4b5fe1ea01682a319b6655b023e5c5fd0 |
@@ -1,12 +1,14 @@ | @@ -1,12 +1,14 @@ | |||
1 | $NetBSD: patch-ag,v 1.1 2006/01/08 13:43:26 joerg Exp $ | 1 | $NetBSD: patch-ag,v 1.2 2014/09/04 07:37:44 wiz Exp $ | |
2 | ||||
3 | Remove unportable errno redefinition. | |||
2 | 4 | |||
3 | --- src/includes.h.orig 2006-01-08 13:33:18.000000000 +0000 | 5 | --- src/includes.h.orig 2006-01-08 13:33:18.000000000 +0000 | |
4 | +++ src/includes.h | 6 | +++ src/includes.h | |
5 | @@ -283,7 +283,6 @@ double pow(); | 7 | @@ -283,7 +283,6 @@ double pow(); | |
6 | #endif | 8 | #endif | |
7 | 9 | |||
8 | extern /*const*/char**environ; | 10 | extern /*const*/char**environ; | |
9 | -extern int errno; | 11 | -extern int errno; | |
10 | 12 | |||
11 | #ifndef STDIN_FILENO | 13 | #ifndef STDIN_FILENO | |
12 | #define STDIN 0 | 14 | #define STDIN 0 |
@@ -1,13 +1,15 @@ | @@ -1,13 +1,15 @@ | |||
1 | $NetBSD: patch-ba,v 1.2 2012/03/12 13:22:17 fhajny Exp $ | 1 | $NetBSD: patch-ba,v 1.3 2014/09/04 07:37:44 wiz Exp $ | |
2 | ||||
3 | Avoid conflict with existing getline() functions. | |||
2 | 4 | |||
3 | --- src/formail.c.orig 2009-07-17 23:04:16.000000000 -0400 | 5 | --- src/formail.c.orig 2009-07-17 23:04:16.000000000 -0400 | |
4 | +++ src/formail.c 2009-07-17 23:04:16.000000000 -0400 | 6 | +++ src/formail.c 2009-07-17 23:04:16.000000000 -0400 | |
5 | @@ -819,7 +819,7 @@ | 7 | @@ -819,7 +819,7 @@ | |
6 | { if(split) /* gobble up the next start separator */ | 8 | { if(split) /* gobble up the next start separator */ | |
7 | { buffilled=0; | 9 | { buffilled=0; | |
8 | #ifdef sMAILBOX_SEPARATOR | 10 | #ifdef sMAILBOX_SEPARATOR | |
9 | - getline();buffilled=0; /* but only if it's defined */ | 11 | - getline();buffilled=0; /* but only if it's defined */ | |
10 | + get_line();buffilled=0; /* but only if it's defined */ | 12 | + get_line();buffilled=0; /* but only if it's defined */ | |
11 | #endif | 13 | #endif | |
12 | if(buflast!=EOF) /* if any */ | 14 | if(buflast!=EOF) /* if any */ | |
13 | goto splitit; | 15 | goto splitit; |
@@ -1,14 +1,16 @@ | @@ -1,14 +1,16 @@ | |||
1 | $NetBSD: patch-bb,v 1.2 2012/03/12 13:22:17 fhajny Exp $ | 1 | $NetBSD: patch-bb,v 1.3 2014/09/04 07:37:44 wiz Exp $ | |
2 | ||||
3 | Avoid conflict with existing getline() functions. | |||
2 | 4 | |||
3 | --- src/fields.c.orig 2009-07-17 23:04:16.000000000 -0400 | 5 | --- src/fields.c.orig 2009-07-17 23:04:16.000000000 -0400 | |
4 | +++ src/fields.c 2009-07-17 23:04:16.000000000 -0400 | 6 | +++ src/fields.c 2009-07-17 23:04:16.000000000 -0400 | |
5 | @@ -110,16 +110,16 @@ | 7 | @@ -110,16 +110,16 @@ | |
6 | /* try and append one valid field to rdheader from stdin */ | 8 | /* try and append one valid field to rdheader from stdin */ | |
7 | int readhead P((void)) | 9 | int readhead P((void)) | |
8 | { int idlen; | 10 | { int idlen; | |
9 | - getline(); | 11 | - getline(); | |
10 | + get_line(); | 12 | + get_line(); | |
11 | if((idlen=breakfield(buf,buffilled))<=0) /* not the start of a valid field */ | 13 | if((idlen=breakfield(buf,buffilled))<=0) /* not the start of a valid field */ | |
12 | return 0; | 14 | return 0; | |
13 | if(idlen==STRLEN(FROM)&&eqFrom_(buf)) /* it's a From_ line */ | 15 | if(idlen==STRLEN(FROM)&&eqFrom_(buf)) /* it's a From_ line */ | |
14 | { if(rdheader) | 16 | { if(rdheader) |
@@ -1,10 +1,12 @@ | @@ -1,10 +1,12 @@ | |||
1 | $NetBSD: patch-bc,v 1.2 2012/03/12 13:22:17 fhajny Exp $ | 1 | $NetBSD: patch-bc,v 1.3 2014/09/04 07:37:44 wiz Exp $ | |
2 | ||||
3 | Avoid conflict with existing getline() functions. | |||
2 | 4 | |||
3 | --- src/formisc.h.orig 2009-07-17 23:04:16.000000000 -0400 | 5 | --- src/formisc.h.orig 2009-07-17 23:04:16.000000000 -0400 | |
4 | +++ src/formisc.h 2009-07-17 23:04:16.000000000 -0400 | 6 | +++ src/formisc.h 2009-07-17 23:04:16.000000000 -0400 | |
5 | @@ -17,4 +17,4 @@ | 7 | @@ -17,4 +17,4 @@ | |
6 | char* | 8 | char* | |
7 | skipwords P((char*start)); | 9 | skipwords P((char*start)); | |
8 | int | 10 | int | |
9 | - getline P((void)); | 11 | - getline P((void)); | |
10 | + get_line P((void)); | 12 | + get_line P((void)); |
@@ -1,13 +1,34 @@ | @@ -1,13 +1,34 @@ | |||
1 | $NetBSD: patch-bd,v 1.2 2012/03/12 13:22:17 fhajny Exp $ | 1 | $NetBSD: patch-bd,v 1.3 2014/09/04 07:37:44 wiz Exp $ | |
2 | 2 | |||
3 | --- src/formisc.c.orig 2009-07-17 23:04:16.000000000 -0400 | 3 | First chunk: | |
4 | +++ src/formisc.c 2009-07-17 23:04:16.000000000 -0400 | 4 | https://bugzilla.redhat.com/show_bug.cgi?id=1121299 | |
5 | @@ -115,7 +115,7 @@ | 5 | CVE-2014-3618 | |
6 | ||||
7 | Second chunk: | |||
8 | Avoid conflict with existing getline() functions. | |||
9 | ||||
10 | --- src/formisc.c.orig 2001-06-29 02:20:45.000000000 +0000 | |||
11 | +++ src/formisc.c | |||
12 | @@ -84,12 +84,11 @@ normal: *target++= *start++; | |||
13 | case '"':*target++=delim='"';start++; | |||
14 | } | |||
15 | ;{ int i; | |||
16 | - do | |||
17 | + while(*start) | |||
18 | if((i= *target++= *start++)==delim) /* corresponding delimiter? */ | |||
19 | break; | |||
20 | else if(i=='\\'&&*start) /* skip quoted character */ | |||
21 | *target++= *start++; | |||
22 | - while(*start); /* anything? */ | |||
23 | } | |||
24 | hitspc=2; | |||
25 | } | |||
26 | @@ -115,7 +114,7 @@ void loadchar(c)const int c; /* a | |||
6 | buf[buffilled++]=c; | 27 | buf[buffilled++]=c; | |
7 | } | 28 | } | |
8 | 29 | |||
9 | -int getline P((void)) /* read a newline-terminated line */ | 30 | -int getline P((void)) /* read a newline-terminated line */ | |
10 | +int get_line P((void)) /* read a newline-terminated line */ | 31 | +int get_line P((void)) /* read a newline-terminated line */ | |
11 | { if(buflast==EOF) /* at the end of our Latin already? */ | 32 | { if(buflast==EOF) /* at the end of our Latin already? */ | |
12 | { loadchar('\n'); /* fake empty line */ | 33 | { loadchar('\n'); /* fake empty line */ | |
13 | return EOF; /* spread the word */ | 34 | return EOF; /* spread the word */ |