From c297e965d51a332b15bccbb180d6f9a400cb8805 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 21 Nov 2017 12:47:40 -0500 Subject: gnu: procmail: Fix CVE-2017-16844. * gnu/packages/patches/procmail-CVE-2017-16844.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/mail.scm (procmail)[source]: Use it. --- gnu/packages/mail.scm | 3 ++- gnu/packages/patches/procmail-CVE-2017-16844.patch | 25 ++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/procmail-CVE-2017-16844.patch (limited to 'gnu/packages') diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 77d935171a..38140d6e65 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -1611,7 +1611,8 @@ deliver it in various ways.") ;; getline() in formail.c. The patch is provided by Debian as ;; patch 24. (patches (search-patches "procmail-ambiguous-getline-debian.patch" - "procmail-CVE-2014-3618.patch")))) + "procmail-CVE-2014-3618.patch" + "procmail-CVE-2017-16844.patch")))) (arguments `(#:phases (modify-phases %standard-phases (replace 'configure diff --git a/gnu/packages/patches/procmail-CVE-2017-16844.patch b/gnu/packages/patches/procmail-CVE-2017-16844.patch new file mode 100644 index 0000000000..b96540c8cd --- /dev/null +++ b/gnu/packages/patches/procmail-CVE-2017-16844.patch @@ -0,0 +1,25 @@ +Fix CVE-2017-16844: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 + +Patch copied from Debian procmail package 3.22-26: + +http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz + +From: Santiago Vila +Subject: Fix heap-based buffer overflow in loadbuf() +Bug-Debian: http://bugs.debian.org/876511 +X-Debian-version: 3.22-26 + +--- a/src/formisc.c ++++ b/src/formisc.c +@@ -103,7 +103,7 @@ + } + /* append to buf */ + void loadbuf(text,len)const char*const text;const size_t len; +-{ if(buffilled+len>buflen) /* buf can't hold the text */ ++{ while(buffilled+len>buflen) /* buf can't hold the text */ + buf=realloc(buf,buflen+=Bsize); + tmemmove(buf+buffilled,text,len);buffilled+=len; + } -- cgit v1.2.3