[gentoo-commits] repo/gentoo:master commit in: mail-filter/procmail/files/, mail-filter/procmail/

["Aaron Bauman" <bman@gentoo.org>]

commit:     31e0e8db9e641bbe158add9c6d4907f2c3eb2d57
Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Sun Mar 24 00:22:31 2019 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sun Mar 24 00:26:04 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31e0e8db

mail-filter/procmail: revbump to fix longstanding vulnerabilities

This patch is a combination of patches from the OSS ML and the Debian
bug tracker.  Both patches and authors can be found in the below
referenced bugs.

Bug: https://bugs.gentoo.org/522114
Bug: https://bugs.gentoo.org/638108
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>

 .../files/procmail-CVE-2014-3618-16844.patch       |  25 +++++
 mail-filter/procmail/procmail-3.22-r12.ebuild      | 123 +++++++++++++++++++++
 2 files changed, 148 insertions(+)

diff --git a/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch b/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch
new file mode 100644
index 00000000000..4f1714063c9
--- /dev/null
+++ b/mail-filter/procmail/files/procmail-CVE-2014-3618-16844.patch
@@ -0,0 +1,25 @@
+--- a/src/formisc.c	2019-03-23 19:52:18.450174402 -0400
++++ b/src/formisc.c	2019-03-23 19:52:47.914351039 -0400
+@@ -84,12 +84,11 @@
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start);
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }
+@@ -104,7 +103,7 @@
+ }
+ 							    /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
++{ while(buffilled+len>buflen)			  /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }

diff --git a/mail-filter/procmail/procmail-3.22-r12.ebuild b/mail-filter/procmail/procmail-3.22-r12.ebuild
new file mode 100644
index 00000000000..dc9660af9c1
--- /dev/null
+++ b/mail-filter/procmail/procmail-3.22-r12.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit flag-o-matic toolchain-funcs prefix
+
+DESCRIPTION="Mail delivery agent/filter"
+HOMEPAGE="http://www.procmail.org/"
+SRC_URI="http://www.procmail.org/${P}.tar.gz"
+
+LICENSE="|| ( Artistic GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris"
+IUSE="mbox selinux"
+
+DEPEND="virtual/mta"
+RDEPEND="selinux? ( sec-policy/selinux-procmail )"
+
+src_prepare() {
+	# disable flock, using both fcntl and flock style locking
+	# doesn't work with NFS with 2.6.17+ kernels, bug #156493
+
+	sed -e "s:/\*#define NO_flock_LOCK:#define NO_flock_LOCK:" \
+		-i config.h || die "sed failed"
+
+	if ! use mbox ; then
+		echo "# Use maildir-style mailbox in user's home directory" > "${S}"/procmailrc || die
+		echo 'DEFAULT=$HOME/.maildir/' >> "${S}"/procmailrc || die
+		cd "${S}" || die
+		eapply "${FILESDIR}/gentoo-maildir3.diff"
+	else
+		echo '# Use mbox-style mailbox in /var/spool/mail' > "${S}"/procmailrc || die
+		echo 'DEFAULT=${EPREFIX}/var/spool/mail/$LOGNAME' >> "${S}"/procmailrc || die
+	fi
+
+	# Do not use lazy bindings on lockfile and procmail
+	if [[ ${CHOST} != *-darwin* ]]; then
+		eapply -p0 "${FILESDIR}/${PN}-lazy-bindings.diff"
+	fi
+
+	# Fix for bug #102340
+	eapply -p0 "${FILESDIR}/${PN}-comsat-segfault.diff"
+
+	# Fix for bug #119890
+	eapply -p0 "${FILESDIR}/${PN}-maxprocs-fix.diff"
+
+	# Prefixify config.h
+	eapply -p0 "${FILESDIR}"/${PN}-prefix.patch
+	eprefixify config.h Makefile src/autoconf src/recommend.c
+
+	# Fix for bug #200006
+	eapply "${FILESDIR}/${PN}-pipealloc.diff"
+
+	# Fix for bug #270551
+	eapply "${FILESDIR}/${PN}-3.22-glibc-2.10.patch"
+
+	# Fix security bugs #522114 and #638108
+	eapply "${FILESDIR}/${PN}-CVE-2014-3618-16844.patch"
+
+	eapply_user
+}
+
+src_compile() {
+	# -finline-functions (implied by -O3) leaves strstr() in an infinite loop.
+	# To work around this, we append -fno-inline-functions to CFLAGS
+	# Since GCC 4.7 we also need -fno-ipa-cp-clone (bug #466552)
+	# If it's clang, ignore -fno-ipa-cp-clone, as clang doesn't support this
+	case "$(tc-getCC)" in
+		"clang") append-flags -fno-inline-functions ;;
+		"gcc"|*) append-flags -fno-inline-functions -fno-ipa-cp-clone ;;
+	esac
+
+	sed -e "s:CFLAGS0 = -O:CFLAGS0 = ${CFLAGS}:" \
+		-e "s:LDFLAGS0= -s:LDFLAGS0 = ${LDFLAGS}:" \
+		-e "s:LOCKINGTEST=__defaults__:#LOCKINGTEST=__defaults__:" \
+		-e "s:#LOCKINGTEST=/tmp:LOCKINGTEST=/tmp:" \
+		-i Makefile || die "sed failed"
+
+	emake CC="$(tc-getCC)"
+}
+
+src_install() {
+	cd "${S}"/new || die
+	insinto /usr/bin
+	insopts -m 6755
+	doins procmail
+
+	doins lockfile
+	fowners root:mail /usr/bin/lockfile
+	fperms 2755 /usr/bin/lockfile
+
+	dobin formail mailstat
+	insopts -m 0644
+
+	doman *.1 *.5
+
+	cd "${S}" || die
+	dodoc FAQ FEATURES HISTORY INSTALL KNOWN_BUGS README
+
+	insinto /etc
+	doins procmailrc
+
+	docinto examples
+	dodoc examples/*
+}
+
+pkg_postinst() {
+	if ! use mbox ; then
+		elog "Starting with mail-filter/procmail-3.22-r9 you'll need to ensure"
+		elog "that you configure a mail storage location using DEFAULT in"
+		elog "/etc/procmailrc, for example:"
+		elog "\tDEFAULT=\$HOME/.maildir/"
+	fi
+	if has sfperms ${FEATURES}; then
+		ewarn "FEATURES=sfperms removes the read-bit for others from"
+		ewarn "  /usr/bin/procmail"
+		ewarn "  /usr/bin/lockfile"
+		ewarn "If you use procmail from an MTA like Exim, you need to"
+		ewarn "re-add the read-bit or avoid the MTA checking the binary"
+		ewarn "exists."
+	fi
+}