[packages/procmail] - release 19, fix for CVE-2017-16844

adamg adamg at pld-linux.org
Sun Nov 10 11:11:42 CET 2019 

commit e1fa28563c9e67e9f7e688ce7217dfea196bd74b
Author: Adam Gołębiowski <adamg at pld-linux.org>
Date:   Sun Nov 10 11:11:26 2019 +0100

    - release 19, fix for CVE-2017-16844

 procmail-3.22-CVE-2017-16844.patch | 13 +++++++++++++
 procmail.spec                      |  4 +++-
 2 files changed, 16 insertions(+), 1 deletion(-)
---
diff --git a/procmail.spec b/procmail.spec
index dd550bf..704d116 100644
--- a/procmail.spec
+++ b/procmail.spec
@@ -11,7 +11,7 @@ Summary(zh_CN.UTF-8):	[服务器]分发mail到用户的守护进程
 Summary(zh_TW.UTF-8):	[祀務器]分蛛mail到用戶的佐鰾園評
 Name:		procmail
 Version:	3.22
-Release:	18
+Release:	19
 License:	GPL v2+ or Artistic
 Group:		Applications/Mail
 Source0:	http://www.procmail.org/%{name}-%{version}.tar.gz
@@ -29,6 +29,7 @@ Patch5:		procmail_3.22-8.debian.patch
 Patch6:		procmail-3.22-CVE-2014-3618.patch
 Patch7:		procmail-3.22-ipv6.patch
 Patch8:		procmail-3.22-truncate.patch
+Patch9:		procmail-3.22-CVE-2017-16844.patch
 URL:		http://www.procmail.org/
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -102,6 +103,7 @@ listesi yazılımının temelini oluşturur.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 %build
 echo "" | %{__make} \
diff --git a/procmail-3.22-CVE-2017-16844.patch b/procmail-3.22-CVE-2017-16844.patch
new file mode 100644
index 0000000..5e610d7
--- /dev/null
+++ b/procmail-3.22-CVE-2017-16844.patch
@@ -0,0 +1,13 @@
+diff --git a/src/formisc.c b/src/formisc.c
+index 5c2869d..54fd013 100644
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -103,7 +103,7 @@ void loadsaved(sp)const struct saved*const sp;	     /* load some saved text */
+ }
+ 							    /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
++{ while(buffilled+len>buflen)			  /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/procmail.git/commitdiff/e1fa28563c9e67e9f7e688ce7217dfea196bd74b

More information about the pld-cvs-commit mailing list