gentoo resync : 16.09.2020

1 files changed, 41 insertions, 0 deletions

diff --git a/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch b/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch
new file mode 100644
index 000000000000..334c11d5302f
--- /dev/null
+++ b/mail-filter/opendmarc/files/opendmarc-1.3.3-CVE-2020-12460.patch
@@ -0,0 +1,41 @@
+From 50d28af25d8735504b6103537228ce7f76ad765f Mon Sep 17 00:00:00 2001
+From: "Murray S. Kucherawy" <msk@blackops.org>
+Date: Wed, 5 Aug 2020 21:56:01 +0000
+Subject: [PATCH] In opendmarc_xml_parse(), ensure NULL-termination of the
+ buffer passed to opendmarc_xml().
+
+---
+ libopendmarc/opendmarc_xml.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libopendmarc/opendmarc_xml.c b/libopendmarc/opendmarc_xml.c
+index 26bb9dc..b3ac55a 100644
+--- a/libopendmarc/opendmarc_xml.c
++++ b/libopendmarc/opendmarc_xml.c
+@@ -158,7 +158,7 @@ opendmarc_xml(char *b, size_t blen, char *e, size_t elen)
+ 			if (*cp != '<')
+ 				continue;
+ 			++cp;
+-			for(sp = cp; *sp != '\0'; ++sp)
++			for (sp = cp; *sp != '\0'; ++sp)
+ 			{
+ 				if (*sp == '?')
+ 					break;
+@@ -546,7 +546,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len)
+ 	if (fname == NULL)
+ 	{
+ 		xerror = errno;
+-		(void) snprintf(err_buf, err_len, "%s: %s", fname, "File name was NULL");
++		(void) snprintf(err_buf, err_len, "%s", "File name was NULL");
+ 		errno = EINVAL;
+ 		return NULL;
+ 	}
+@@ -572,7 +572,7 @@ opendmarc_xml_parse(char *fname, char *err_buf, size_t err_len)
+ 		return NULL;
+ 	}
+ 
+-	bufp = calloc(statb.st_size, 1);
++	bufp = calloc(statb.st_size + 1, 1);
+ 	if (bufp == NULL)
+ 	{
+ 		xerror = errno;