summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Groffen <grobian@gentoo.org>2021-08-08 08:54:58 +0200
committerFabian Groffen <grobian@gentoo.org>2021-08-08 08:55:11 +0200
commit5cdf10e604f2bfdd5663aa2e23c55dce8cf44321 (patch)
tree18812a0023561b70fc1f1b1a3b4ea71e9c5911f0 /mail-filter
parentmail-mta/postfix: bump to 3.7_pre20210807 (diff)
downloadgentoo-5cdf10e604f2bfdd5663aa2e23c55dce8cf44321.tar.gz
gentoo-5cdf10e604f2bfdd5663aa2e23c55dce8cf44321.tar.bz2
gentoo-5cdf10e604f2bfdd5663aa2e23c55dce8cf44321.zip
mail-filter/opendmarc-1.4.1.1-r2: bump for CVE-2021-34555
Bug: https://bugs.gentoo.org/797214 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Diffstat (limited to 'mail-filter')
-rw-r--r--mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch87
-rw-r--r--mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild70
2 files changed, 157 insertions, 0 deletions
diff --git a/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch
new file mode 100644
index 000000000000..2bf87ffbde07
--- /dev/null
+++ b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch
@@ -0,0 +1,87 @@
+From afa44abe68afe5ce29b6418538a60a642f39e459 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch>
+Date: Thu, 3 Jun 2021 21:59:55 +0200
+Subject: [PATCH 1/3] Fix multi-value From handling logic
+
+Fixes #175
+---
+ opendmarc/opendmarc.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c
+index 65f6b49..bc38103 100644
+--- a/opendmarc/opendmarc.c
++++ b/opendmarc/opendmarc.c
+@@ -2479,12 +2479,12 @@ mlfi_eom(SMFICTX *ctx)
+ syslog(LOG_ERR,
+ "%s: multi-valued From field detected",
+ dfc->mctx_jobid);
+- }
+
+- if (conf->conf_reject_multi_from)
+- return SMFIS_REJECT;
+- else
+- return SMFIS_ACCEPT;
++ if (conf->conf_reject_multi_from)
++ return SMFIS_REJECT;
++ else
++ return SMFIS_ACCEPT;
++ }
+ }
+
+ user = users[0];
+
+From 4ea4b219c6c93dbfd512b1caa433f5a810fdb436 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch>
+Date: Thu, 3 Jun 2021 22:01:34 +0200
+Subject: [PATCH 2/3] Guard syslog call with conf_dolog flag
+
+---
+ opendmarc/opendmarc.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c
+index bc38103..fb3d4b9 100644
+--- a/opendmarc/opendmarc.c
++++ b/opendmarc/opendmarc.c
+@@ -2476,9 +2476,12 @@ mlfi_eom(SMFICTX *ctx)
+ {
+ if (strcasecmp(domains[0], domains[c]) != 0)
+ {
+- syslog(LOG_ERR,
+- "%s: multi-valued From field detected",
+- dfc->mctx_jobid);
++ if (conf->conf_dolog)
++ {
++ syslog(LOG_ERR,
++ "%s: multi-valued From field detected",
++ dfc->mctx_jobid);
++ }
+
+ if (conf->conf_reject_multi_from)
+ return SMFIS_REJECT;
+
+From 1245589ad44baadb3eb18ce110932da8c6fe286c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch>
+Date: Wed, 9 Jun 2021 19:18:21 +0200
+Subject: [PATCH 3/3] Skip null domains when checking multi-value From header
+
+---
+ opendmarc/opendmarc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c
+index fb3d4b9..ffcbc3f 100644
+--- a/opendmarc/opendmarc.c
++++ b/opendmarc/opendmarc.c
+@@ -2474,7 +2474,9 @@ mlfi_eom(SMFICTX *ctx)
+
+ for (c = 1; users[c] != NULL; c++)
+ {
+- if (strcasecmp(domains[0], domains[c]) != 0)
++ if (domains[0] != NULL
++ && domains[c] != NULL
++ && strcasecmp(domains[0], domains[c]) != 0)
+ {
+ if (conf->conf_dolog)
+ {
diff --git a/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild b/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild
new file mode 100644
index 000000000000..349716a8d7a3
--- /dev/null
+++ b/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools multilib systemd
+
+DESCRIPTION="Open source DMARC implementation"
+HOMEPAGE="http://www.trusteddomain.org/opendmarc/"
+SRC_URI="https://github.com/trusteddomainproject/OpenDMARC/archive/rel-${PN}-${PV//./-}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0/3" # 1.4 has API breakage with 1.3, yet uses same soname
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="spf +reports static-libs"
+
+DEPEND="reports? ( dev-perl/DBI )
+ || ( mail-filter/libmilter mail-mta/sendmail )"
+RDEPEND="${DEPEND}
+ acct-user/opendmarc
+ reports? (
+ dev-perl/DBD-mysql
+ dev-perl/HTTP-Message
+ dev-perl/Switch
+ )
+ spf? ( mail-filter/libspf2 )"
+
+S=${WORKDIR}/OpenDMARC-rel-${PN}-${PV//./-}
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.4.1.1-CVE-2021-34555.patch
+)
+
+src_prepare() {
+ default
+
+ eautoreconf
+ if use !reports ; then
+ sed -i -e '/^SUBDIRS =/s/reports//' Makefile.in || die
+ fi
+}
+
+src_configure() {
+ econf \
+ $(use_with spf) \
+ $(use_with spf spf2-include "${EPREFIX}"/usr/include/spf2) \
+ $(use_with spf spf2-lib "${EPREFIX}"/usr/$(get_libdir)) \
+ $(use_enable static-libs static)
+}
+
+src_install() {
+ default
+
+ use static-libs || rm -f "${ED}"/usr/$(get_libdir)/*.la
+
+ newinitd "${FILESDIR}"/opendmarc.initd opendmarc
+ newconfd "${FILESDIR}"/opendmarc.confd opendmarc
+ systemd_dounit "${FILESDIR}/${PN}.service"
+
+ dodir /etc/opendmarc
+
+ # create config file
+ sed \
+ -e 's:^# UserID .*$:UserID opendmarc:' \
+ -e "s:^# PidFile .*:PidFile ${EPREFIX}/var/run/opendmarc/opendmarc.pid:" \
+ -e '/^# Socket /s:^# ::' \
+ "${S}"/opendmarc/opendmarc.conf.sample \
+ > "${ED}"/etc/opendmarc/opendmarc.conf \
+ || die
+}