diff options
Diffstat (limited to 'mail-filter/opendmarc')
| -rw-r--r-- | mail-filter/opendmarc/Manifest | 2 | ||||
| -rw-r--r-- | mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch | 87 | ||||
| -rw-r--r-- | mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild | 70 |
3 files changed, 159 insertions, 0 deletions
diff --git a/mail-filter/opendmarc/Manifest b/mail-filter/opendmarc/Manifest index e4e9d4556e34..88b837407080 100644 --- a/mail-filter/opendmarc/Manifest +++ b/mail-filter/opendmarc/Manifest @@ -1,5 +1,6 @@ AUX opendmarc-1.3.2-multiple-From.patch 1394 BLAKE2B 91b36a131ca9dca5e33f3a9610ab5c3ba17bf7f44f891d278f4c070629987a4177166c176692edd36dee184948811f727a9752e3c6adcbaf1822cfe9aa6d0c8e SHA512 068f58f25133fc6216c437ba9df5a44d5e7139c471f85d63bea81d7c930a56a2900239bc051cf2a3ed7f60fac939a0090bbef4a690c78457911e267293019d66 AUX opendmarc-1.3.3-CVE-2020-12460.patch 1302 BLAKE2B 8bd4a1f6aaf44e9931fb97553d2e072aa5efa3114e75f5240107a5c126fe432829cc515d29e5c0e082a013b4e2dd90b5eed8b4b07ec8110c63c3fe00248a8955 SHA512 98582c2b0a08d77b27856331f28214b7b5fa3972c572189ed21963030e98858285a5a69851f173d08380bf409d985980e7c61de5d571af11062f0d394fc8b5f5 +AUX opendmarc-1.4.1.1-CVE-2021-34555.patch 2517 BLAKE2B 93ebfb101591e5b797b52de4d85a6e199c208544076a7d5bc05fb8b7237c663a204a45172d4cf38d408daf57d5076929b3de227e4e787d97c85aad3e42af9d03 SHA512 24df989c7a501ffea5da43469e049f4a5d9de82f2fe67875f93bad690f558d1734b9d4ea2da1a6aebdedb80b576ada8e12844e7aa061117dd41da3e23c24e176 AUX opendmarc.confd 85 BLAKE2B 52cccfd8d194febc24453ad92bebf4358f92125cc4512e664e279f09ee0c44bffc4fa2c4c6dbbdfaf653576bcce821597cccb58fafdfae51b81e5ac149e20113 SHA512 7e5faeebbccaaafe42e6edda3a812b9954f19d71b4593cb2ab895dfeb26a8073e4aaeb2f5c626b1c35877d08ea00077b0507fe833e2838b10d83d5e0acfe966c AUX opendmarc.initd 1509 BLAKE2B b1cde9546c95b51c8c395f10eddf85bcb2fd17fd8a537df523e04a71d241c0fad4a3d2e4c34c950d7b684be518368fe78538828b81627d647e3531177eabb85e SHA512 00c9901cf5b460e20d8010d4aedfd7c338c76d1053f9ddcd9d4aa2c183345e3b810d0bee1207ff9a7ad988577192c52470ca62c67130a981fa67e393d5c70129 AUX opendmarc.service 800 BLAKE2B 866b1aaa0c8570494ac56aaa9962821204a7a24437cdb8bec0343c716cfc1d3748a368a32ec314dfce7e4264188cfb1dff51212d60340d4be8e33394a85486f6 SHA512 b140dc3ac99ee7c3dcee80743d6c4295dec4ce5090ab9f560ffe35f9d5e63c7f5af871edcc759be462b8110706028c047cd05ae910a74ecba0436620d6b291bb @@ -7,4 +8,5 @@ DIST opendmarc-1.3.3.tar.gz 575319 BLAKE2B 72dae5553fea9a51d860aaac6d85171a24558 DIST opendmarc-1.4.1.1.tar.gz 426618 BLAKE2B a74b2623bc35abb5c34f8d1eff737c71af8f5cadfd6a5d0a85adb6536efd2958118f9da25dd9b736dc24563221968c4ee1ff99b101fa30909764563bda2a8d88 SHA512 ee034386c70c75b87ca2fce0849a1a3538e10e0aebfb0fc9dcba6817d2cf71f52aa5586ccaacdee620190c5fbb81498419fb8e8db9fac15d7c71a61a7da396a6 EBUILD opendmarc-1.3.3.ebuild 1886 BLAKE2B d94da2b2c301f7b208dd43272539ee93758ff01b6ac583f9f6a092a8582492c6a5edb57a305380b5169a76e9c7ba5d32d8945535590406f1bd8d6ca90f745f57 SHA512 d8106ffa6ef62c24ad9503a499c8fe9bc1c84320b47a3eb84d59421f3855de70054b7cfc394d66f0260a51aab40bcc40639ec0c8c694503cc62c9b3b0afd14ea EBUILD opendmarc-1.4.1.1-r1.ebuild 1685 BLAKE2B 6d70bda0a5c5f2317ec22f3041cae59e3811813cbde2956d7a0c84611cc00934927afedb232b7bc0c154b5d74a5c05734857ec96a221ce34f509bcb01065f3b5 SHA512 d63c2432f93754ba18bb67bcb30b3570f7967306ef159c5e7797e0fcb7d11af33e82e78a7a0949cd2999a25913645c830f4e1ef3a1e2bb42b15c312662fcef36 +EBUILD opendmarc-1.4.1.1-r2.ebuild 1744 BLAKE2B dd732ddca9fb22743b9b35be8a2b579407bec8eeda6d7ac1e501342f9ac5d25ac72e1a730fe3cb926ffe27a34e17f1ccb2a2026179307a2526899d0523571307 SHA512 78519c92cf56a9c7916a568de49fef5a1b80a579ee9d33b47194c620ed652dc33ad505d63a913e97a479c2ee154fb2e6f3da503c76f91a080496e01e15ba371f MISC metadata.xml 512 BLAKE2B e837ed3fdef4432f4a6e208b57942ac6b74de558ad20fa978ce046d49147b4225720506c7191a07eeceeb85d6773d3f6d2ae5ca62c08fddb7126061bcfd46fdb SHA512 33b5347b487959b6412dd8a9e7babf0cedac3dd27eb6397dfc226de5d34b70c7e67e9b30dae231bdf743e4c18ffd2cfcd6df1af450e201cafa3c5105d5a889f0 diff --git a/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch new file mode 100644 index 000000000000..2bf87ffbde07 --- /dev/null +++ b/mail-filter/opendmarc/files/opendmarc-1.4.1.1-CVE-2021-34555.patch @@ -0,0 +1,87 @@ +From afa44abe68afe5ce29b6418538a60a642f39e459 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch> +Date: Thu, 3 Jun 2021 21:59:55 +0200 +Subject: [PATCH 1/3] Fix multi-value From handling logic + +Fixes #175 +--- + opendmarc/opendmarc.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index 65f6b49..bc38103 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2479,12 +2479,12 @@ mlfi_eom(SMFICTX *ctx) + syslog(LOG_ERR, + "%s: multi-valued From field detected", + dfc->mctx_jobid); +- } + +- if (conf->conf_reject_multi_from) +- return SMFIS_REJECT; +- else +- return SMFIS_ACCEPT; ++ if (conf->conf_reject_multi_from) ++ return SMFIS_REJECT; ++ else ++ return SMFIS_ACCEPT; ++ } + } + + user = users[0]; + +From 4ea4b219c6c93dbfd512b1caa433f5a810fdb436 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch> +Date: Thu, 3 Jun 2021 22:01:34 +0200 +Subject: [PATCH 2/3] Guard syslog call with conf_dolog flag + +--- + opendmarc/opendmarc.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index bc38103..fb3d4b9 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2476,9 +2476,12 @@ mlfi_eom(SMFICTX *ctx) + { + if (strcasecmp(domains[0], domains[c]) != 0) + { +- syslog(LOG_ERR, +- "%s: multi-valued From field detected", +- dfc->mctx_jobid); ++ if (conf->conf_dolog) ++ { ++ syslog(LOG_ERR, ++ "%s: multi-valued From field detected", ++ dfc->mctx_jobid); ++ } + + if (conf->conf_reject_multi_from) + return SMFIS_REJECT; + +From 1245589ad44baadb3eb18ce110932da8c6fe286c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?David=20B=C3=BCrgin?= <dbuergin@gluet.ch> +Date: Wed, 9 Jun 2021 19:18:21 +0200 +Subject: [PATCH 3/3] Skip null domains when checking multi-value From header + +--- + opendmarc/opendmarc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/opendmarc/opendmarc.c b/opendmarc/opendmarc.c +index fb3d4b9..ffcbc3f 100644 +--- a/opendmarc/opendmarc.c ++++ b/opendmarc/opendmarc.c +@@ -2474,7 +2474,9 @@ mlfi_eom(SMFICTX *ctx) + + for (c = 1; users[c] != NULL; c++) + { +- if (strcasecmp(domains[0], domains[c]) != 0) ++ if (domains[0] != NULL ++ && domains[c] != NULL ++ && strcasecmp(domains[0], domains[c]) != 0) + { + if (conf->conf_dolog) + { diff --git a/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild b/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild new file mode 100644 index 000000000000..5dfc2ccf8605 --- /dev/null +++ b/mail-filter/opendmarc/opendmarc-1.4.1.1-r2.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools multilib systemd + +DESCRIPTION="Open source DMARC implementation" +HOMEPAGE="http://www.trusteddomain.org/opendmarc/" +SRC_URI="https://github.com/trusteddomainproject/OpenDMARC/archive/rel-${PN}-${PV//./-}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSD" +SLOT="0/3" # 1.4 has API breakage with 1.3, yet uses same soname +KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ppc ppc64 sparc ~x86" +IUSE="spf +reports static-libs" + +DEPEND="reports? ( dev-perl/DBI ) + || ( mail-filter/libmilter mail-mta/sendmail )" +RDEPEND="${DEPEND} + acct-user/opendmarc + reports? ( + dev-perl/DBD-mysql + dev-perl/HTTP-Message + dev-perl/Switch + ) + spf? ( mail-filter/libspf2 )" + +S=${WORKDIR}/OpenDMARC-rel-${PN}-${PV//./-} + +PATCHES=( + "${FILESDIR}"/${PN}-1.4.1.1-CVE-2021-34555.patch +) + +src_prepare() { + default + + eautoreconf + if use !reports ; then + sed -i -e '/^SUBDIRS =/s/reports//' Makefile.in || die + fi +} + +src_configure() { + econf \ + $(use_with spf) \ + $(use_with spf spf2-include "${EPREFIX}"/usr/include/spf2) \ + $(use_with spf spf2-lib "${EPREFIX}"/usr/$(get_libdir)) \ + $(use_enable static-libs static) +} + +src_install() { + default + + use static-libs || rm -f "${ED}"/usr/$(get_libdir)/*.la + + newinitd "${FILESDIR}"/opendmarc.initd opendmarc + newconfd "${FILESDIR}"/opendmarc.confd opendmarc + systemd_dounit "${FILESDIR}/${PN}.service" + + dodir /etc/opendmarc + + # create config file + sed \ + -e 's:^# UserID .*$:UserID opendmarc:' \ + -e "s:^# PidFile .*:PidFile ${EPREFIX}/var/run/opendmarc/opendmarc.pid:" \ + -e '/^# Socket /s:^# ::' \ + "${S}"/opendmarc/opendmarc.conf.sample \ + > "${ED}"/etc/opendmarc/opendmarc.conf \ + || die +} |