commit a8ec44af72ad1e57db58418f0f2000b7fc3a924d

pyrox.dev / nixpkgs

lol

procmail: update from 3.22 to 3.24

- Don't coredump in comsat code if interrupted early
- Correctly handle COMSAT=on
- Once used, the 'H' and 'r' flags would never be cleared
- Fix possible buffer overflow in variable-capture actions
- Fix up the parsing of variable-capture actions
- LMTP code assumed sizeof(long)==sizeof(int)
- SHELL is now always preset to /bin/sh. USER_SHELL contains
the shell from the user's passwd entry
- When HOST is mismatched, reset it for the next rcfile
- Always read in a new, global rcfile (/etc/procmail.conf)
to allow runtime configuration of variables like DEFAULT.
This rcfile cannot deliver or filter messages
- Mismatched HOST in /etc/procmailrc didn't discard the message
- backquote expansion in a condition disabled header
concatenation for that condition
- LMTP didn't correctly handle quoted localparts
- Removed SIZE extension from LMTP (unsupportable semantics)
- Don't coredump if unable to exec /bin/sh
- Enable "+detail" processing in LMTP mode by passing the
delimiter (e.g., "+") as an optional argument after -z
- In LMTP mode, save the domain of the recipient in
PROCMAIL_DOMAIN
- Set PROCMAIL_MODE to one of "d", "m", "z", or "" to reflect
the mode option it was invoked with, if any
- Fixed all bugs collected by Debian and others
during the past 21 years. See the git commit history
for detailed descriptions.

Peter Simons 3 years ago a8ec44af 39de7690

+4 -31

2 changed files

expand all

unified split

pkgs

applications

misc

procmail

CVE-2014-3618.patch

default.nix

-18

pkgs/applications/misc/procmail/CVE-2014-3618.patch

··· 1 - From http://seclists.org/oss-sec/2014/q3/495 (with whitespace corrected). 2 - 3 - --- a/src/formisc.c 2013-08-04 00:13:33.000000000 -0700 4 - +++ b/src/formisc.c 2014-09-03 11:42:25.986002396 -0700 5 - @@ -84,12 +84,11 @@ 6 - case '"':*target++=delim='"';start++; 7 - } 8 - ;{ int i; 9 - - do 10 - + while(*start) 11 - if((i= *target++= *start++)==delim) /* corresponding delimiter? */ 12 - break; 13 - else if(i=='\\'&&*start) /* skip quoted character */ 14 - *target++= *start++; 15 - - while(*start); /* anything? */ 16 - } 17 - hitspc=2; 18 - }

···

+4 -13

pkgs/applications/misc/procmail/default.nix

··· 2 3 stdenv.mkDerivation rec { 4 pname = "procmail"; 5 - version = "3.22"; 6 7 src = fetchurl { 8 - url = "ftp://ftp.fu-berlin.de/pub/unix/mail/procmail/procmail-${version}.tar.gz"; 9 - sha256 = "05z1c803n5cppkcq99vkyd5myff904lf9sdgynfqngfk9nrpaz08"; 10 }; 11 - 12 - patches = [ 13 - ./CVE-2014-3618.patch 14 - (fetchurl { 15 - url = "https://sources.debian.org/data/main/p/procmail/3.22-26/debian/patches/30"; 16 - sha256 = "11zmz1bj0v9pay3ldmyyg7473b80h89gycrhndsgg9q50yhcqaaq"; 17 - name = "CVE-2017-16844"; 18 - }) 19 - ]; 20 21 # getline is defined differently in glibc now. So rename it. 22 # Without the .PHONY target "make install" won't install anything on Darwin. ··· 33 34 meta = with lib; { 35 description = "Mail processing and filtering utility"; 36 - homepage = "http://www.procmail.org/"; 37 license = licenses.gpl2; 38 platforms = platforms.unix; 39 maintainers = with maintainers; [ gebner ];

··· 2 3 stdenv.mkDerivation rec { 4 pname = "procmail"; 5 + version = "3.24"; 6 7 src = fetchurl { 8 + url = "https://github.com/BuGlessRB/procmail/archive/refs/tags/v${version}.tar.gz"; 9 + sha256 = "UU6kMzOXg+ld+TIeeUdx5Ih7mCOsVf2yRpcCz2m9OYk="; 10 }; 11 12 # getline is defined differently in glibc now. So rename it. 13 # Without the .PHONY target "make install" won't install anything on Darwin. ··· 24 25 meta = with lib; { 26 description = "Mail processing and filtering utility"; 27 + homepage = "https://github.com/BuGlessRB/procmail/"; 28 license = licenses.gpl2; 29 platforms = platforms.unix; 30 maintainers = with maintainers; [ gebner ];