[gentoo-commits] repo/gentoo:master commit in: mail-filter/procmail/files/, mail-filter/procmail/

["Thomas Deutschmann" <whissi@gentoo.org>]

commit:     038c9f3140b69054f3de9cb4f1a6ccf292510952
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 28 00:44:20 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 28 00:44:20 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=038c9f31

mail-filter/procmail: re-add security fix with crash fix

Bug: https://bugs.gentoo.org/638108
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../procmail/files/procmail-3.22-crash-fix.patch   |  58 ++++++++++
 mail-filter/procmail/procmail-3.22-r13.ebuild      | 125 +++++++++++++++++++++
 2 files changed, 183 insertions(+)

diff --git a/mail-filter/procmail/files/procmail-3.22-crash-fix.patch b/mail-filter/procmail/files/procmail-3.22-crash-fix.patch
new file mode 100644
index 00000000000..8563ea3d1d4
--- /dev/null
+++ b/mail-filter/procmail/files/procmail-3.22-crash-fix.patch
@@ -0,0 +1,58 @@
+diff --git a/src/cstdio.c b/src/cstdio.c
+index 7b6fe6d..0a0bd5b 100644
+--- a/src/cstdio.c
++++ b/src/cstdio.c
+@@ -144,7 +144,7 @@ int getbl(p,end)char*p,*end;					  /* my gets */
+       { case '\n':case EOF:*q='\0';
+ 	   return overflow?-1:p!=q;	     /* did we read anything at all? */
+       }
+-     if(q==end)	    /* check here so that a trailing backslash won't be lost */
++     if(q>=end)	    /* check here so that a trailing backslash won't be lost */
+ 	q=p,overflow=1;
+      *q++=i;
+    }
+@@ -199,7 +199,7 @@ int getlline(target,end)char*target,*end;
+ 	   if(*(target=strchr(target,'\0')-1)=='\\')
+ 	    { if(chp2!=target)				  /* non-empty line? */
+ 		 target++;		      /* then preserve the backslash */
+-	      if(target>end-2)			  /* space enough for getbl? */
++	      if(target>=end-2)			  /* space enough for getbl? */
+ 		 target=end-linebuf,overflow=1;		/* toss what we have */
+ 	      continue;
+ 	    }
+diff --git a/src/formail.c b/src/formail.c
+index 1f5c9dd..49b9967 100644
+--- a/src/formail.c
++++ b/src/formail.c
+@@ -219,7 +219,8 @@ static char*getsender(namep,fldp,headreply)char*namep;struct field*fldp;
+   if(i>=0&&(i!=maxindex(sest)||fldp==rdheader))		  /* found anything? */
+    { char*saddr;char*tmp;			     /* determine the weight */
+      nowm=areply&&headreply?headreply==1?sest[i].wrepl:sest[i].wrrepl:i;chp+=j;
+-     tmp=malloc(j=fldp->Tot_len-j);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
++     tmp=malloc((j=fldp->Tot_len-j) + 1);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
++     chp[j]='\0';
+      if(sest[i].head==From_)
+       { char*pastad;
+ 	if(strchr(saddr=chp,'\n'))		     /* multiple From_ lines */
+@@ -364,7 +365,7 @@ static PROGID;
+ 
+ int main(lastm,argv)int lastm;const char*const argv[];
+ { int i,split=0,force=0,bogus=1,every=0,headreply=0,digest=0,nowait=0,keepb=0,
+-   minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart,
++   minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart=0,
+    berkeley=0,forgetclen;
+   long maxlen,ctlength;FILE*idcache=0;pid_t thepid;
+   size_t j,lnl,escaplen;char*chp,*namep,*escap=ESCAP;
+diff --git a/src/formisc.c b/src/formisc.c
+index c48df52..5c2869d 100644
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -66,7 +66,7 @@ inc:	   start++;
+ retz:	      *target='\0';
+ ret:	      return start;
+ 	    }
+-	   if(*start=='\\')
++	   if(*start=='\\' && *(start + 1))
+ 	      *target++='\\',start++;
+ 	   hitspc=2;
+ 	   goto normal;					      /* normal word */

diff --git a/mail-filter/procmail/procmail-3.22-r13.ebuild b/mail-filter/procmail/procmail-3.22-r13.ebuild
new file mode 100644
index 00000000000..9597d1ca647
--- /dev/null
+++ b/mail-filter/procmail/procmail-3.22-r13.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit flag-o-matic toolchain-funcs prefix
+
+DESCRIPTION="Mail delivery agent/filter"
+HOMEPAGE="http://www.procmail.org/"
+SRC_URI="http://www.procmail.org/${P}.tar.gz"
+
+LICENSE="|| ( Artistic GPL-2 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris"
+IUSE="mbox selinux"
+
+DEPEND="virtual/mta"
+RDEPEND="selinux? ( sec-policy/selinux-procmail )"
+
+src_prepare() {
+	# disable flock, using both fcntl and flock style locking
+	# doesn't work with NFS with 2.6.17+ kernels, bug #156493
+
+	sed -e "s:/\*#define NO_flock_LOCK:#define NO_flock_LOCK:" \
+		-i config.h || die "sed failed"
+
+	if ! use mbox ; then
+		echo "# Use maildir-style mailbox in user's home directory" > "${S}"/procmailrc || die
+		echo 'DEFAULT=$HOME/.maildir/' >> "${S}"/procmailrc || die
+		cd "${S}" || die
+		eapply "${FILESDIR}/gentoo-maildir3.diff"
+	else
+		echo '# Use mbox-style mailbox in /var/spool/mail' > "${S}"/procmailrc || die
+		echo 'DEFAULT=${EPREFIX}/var/spool/mail/$LOGNAME' >> "${S}"/procmailrc || die
+	fi
+
+	# Do not use lazy bindings on lockfile and procmail
+	if [[ ${CHOST} != *-darwin* ]]; then
+		eapply -p0 "${FILESDIR}/${PN}-lazy-bindings.diff"
+	fi
+
+	# Fix for bug #102340
+	eapply -p0 "${FILESDIR}/${PN}-comsat-segfault.diff"
+
+	# Fix for bug #119890
+	eapply -p0 "${FILESDIR}/${PN}-maxprocs-fix.diff"
+
+	# Prefixify config.h
+	eapply -p0 "${FILESDIR}"/${PN}-prefix.patch
+	eprefixify config.h Makefile src/autoconf src/recommend.c
+
+	# Fix for bug #200006
+	eapply "${FILESDIR}/${PN}-pipealloc.diff"
+
+	# Fix for bug #270551
+	eapply "${FILESDIR}/${PN}-3.22-glibc-2.10.patch"
+
+	# Fix security bugs #522114 and #638108
+	eapply "${FILESDIR}/${PN}-CVE-2014-3618-16844.patch"
+
+	eapply "${FILESDIR}/${PN}-3.22-crash-fix.patch"
+
+	eapply_user
+}
+
+src_compile() {
+	# -finline-functions (implied by -O3) leaves strstr() in an infinite loop.
+	# To work around this, we append -fno-inline-functions to CFLAGS
+	# Since GCC 4.7 we also need -fno-ipa-cp-clone (bug #466552)
+	# If it's clang, ignore -fno-ipa-cp-clone, as clang doesn't support this
+	case "$(tc-getCC)" in
+		"clang") append-flags -fno-inline-functions ;;
+		"gcc"|*) append-flags -fno-inline-functions -fno-ipa-cp-clone ;;
+	esac
+
+	sed -e "s:CFLAGS0 = -O:CFLAGS0 = ${CFLAGS}:" \
+		-e "s:LDFLAGS0= -s:LDFLAGS0 = ${LDFLAGS}:" \
+		-e "s:LOCKINGTEST=__defaults__:#LOCKINGTEST=__defaults__:" \
+		-e "s:#LOCKINGTEST=/tmp:LOCKINGTEST=/tmp:" \
+		-i Makefile || die "sed failed"
+
+	emake CC="$(tc-getCC)"
+}
+
+src_install() {
+	cd "${S}"/new || die
+	insinto /usr/bin
+	insopts -m 6755
+	doins procmail
+
+	doins lockfile
+	fowners root:mail /usr/bin/lockfile
+	fperms 2755 /usr/bin/lockfile
+
+	dobin formail mailstat
+	insopts -m 0644
+
+	doman *.1 *.5
+
+	cd "${S}" || die
+	dodoc FAQ FEATURES HISTORY INSTALL KNOWN_BUGS README
+
+	insinto /etc
+	doins procmailrc
+
+	docinto examples
+	dodoc examples/*
+}
+
+pkg_postinst() {
+	if ! use mbox ; then
+		elog "Starting with mail-filter/procmail-3.22-r9 you'll need to ensure"
+		elog "that you configure a mail storage location using DEFAULT in"
+		elog "/etc/procmailrc, for example:"
+		elog "\tDEFAULT=\$HOME/.maildir/"
+	fi
+	if has sfperms ${FEATURES}; then
+		ewarn "FEATURES=sfperms removes the read-bit for others from"
+		ewarn "  /usr/bin/procmail"
+		ewarn "  /usr/bin/lockfile"
+		ewarn "If you use procmail from an MTA like Exim, you need to"
+		ewarn "re-add the read-bit or avoid the MTA checking the binary"
+		ewarn "exists."
+	fi
+}