- release 20, crashfix patch from fedora

diff --git a/procmail-3.22-crash-fix.patch b/procmail-3.22-crash-fix.patch
new file mode 100644 (file)
index 0000000..8563ea3
--- /dev/null
+++ b/procmail-3.22-crash-fix.patch
@@ -0,0 +1,58 @@
+diff --git a/src/cstdio.c b/src/cstdio.c
+index 7b6fe6d..0a0bd5b 100644
+--- a/src/cstdio.c
++++ b/src/cstdio.c
+@@ -144,7 +144,7 @@ int getbl(p,end)char*p,*end;                                         /* my gets */
+       { case '\n':case EOF:*q='\0';
+          return overflow?-1:p!=q;          /* did we read anything at all? */
+       }
+-     if(q==end)           /* check here so that a trailing backslash won't be lost */
++     if(q>=end)           /* check here so that a trailing backslash won't be lost */
+       q=p,overflow=1;
+      *q++=i;
+    }
+@@ -199,7 +199,7 @@ int getlline(target,end)char*target,*end;
+          if(*(target=strchr(target,'\0')-1)=='\\')
+           { if(chp2!=target)                            /* non-empty line? */
+                target++;                    /* then preserve the backslash */
+-            if(target>end-2)                    /* space enough for getbl? */
++            if(target>=end-2)                   /* space enough for getbl? */
+                target=end-linebuf,overflow=1;         /* toss what we have */
+             continue;
+           }
+diff --git a/src/formail.c b/src/formail.c
+index 1f5c9dd..49b9967 100644
+--- a/src/formail.c
++++ b/src/formail.c
+@@ -219,7 +219,8 @@ static char*getsender(namep,fldp,headreply)char*namep;struct field*fldp;
+   if(i>=0&&(i!=maxindex(sest)||fldp==rdheader))                 /* found anything? */
+    { char*saddr;char*tmp;                          /* determine the weight */
+      nowm=areply&&headreply?headreply==1?sest[i].wrepl:sest[i].wrrepl:i;chp+=j;
+-     tmp=malloc(j=fldp->Tot_len-j);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
++     tmp=malloc((j=fldp->Tot_len-j) + 1);tmemmove(tmp,chp,j);(chp=tmp)[j-1]='\0';
++     chp[j]='\0';
+      if(sest[i].head==From_)
+       { char*pastad;
+       if(strchr(saddr=chp,'\n'))                   /* multiple From_ lines */
+@@ -364,7 +365,7 @@ static PROGID;
+ 
+ int main(lastm,argv)int lastm;const char*const argv[];
+ { int i,split=0,force=0,bogus=1,every=0,headreply=0,digest=0,nowait=0,keepb=0,
+-   minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart,
++   minfields=(char*)progid-(char*)progid,conctenate=0,babyl=0,babylstart=0,
+    berkeley=0,forgetclen;
+   long maxlen,ctlength;FILE*idcache=0;pid_t thepid;
+   size_t j,lnl,escaplen;char*chp,*namep,*escap=ESCAP;
+diff --git a/src/formisc.c b/src/formisc.c
+index c48df52..5c2869d 100644
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -66,7 +66,7 @@ inc:    start++;
+ retz:       *target='\0';
+ ret:        return start;
+           }
+-         if(*start=='\\')
++         if(*start=='\\' && *(start + 1))
+             *target++='\\',start++;
+          hitspc=2;
+          goto normal;                                       /* normal word */

diff --git a/procmail.spec b/procmail.spec
index 704d116733af8b7bdb60c87772d7ef148b999db4..9819ffd49a17aa84d871067bc55e5ef5b268cf7a 100644 (file)
--- a/procmail.spec
+++ b/procmail.spec
@@ -11,7 +11,7 @@ Summary(zh_CN.UTF-8): [服务器]分发mail到用户的守护进程
 Summary(zh_TW.UTF-8):  [祀務器]分蛛mail到用戶的佐鰾園評
 Name:          procmail
 Version:       3.22
-Release:       19
+Release:       20
 License:       GPL v2+ or Artistic
 Group:         Applications/Mail
 Source0:       http://www.procmail.org/%{name}-%{version}.tar.gz
@@ -30,6 +30,7 @@ Patch6:               procmail-3.22-CVE-2014-3618.patch
 Patch7:                procmail-3.22-ipv6.patch
 Patch8:                procmail-3.22-truncate.patch
 Patch9:                procmail-3.22-CVE-2017-16844.patch
+Patch10:       procmail-3.22-crash-fix.patch
 URL:           http://www.procmail.org/
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -104,6 +105,7 @@ listesi yazılımının temelini oluşturur.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 %build
 echo "" | %{__make} \