diff options
| author | Diego Herrera <dherrera@redhat.com> | 2023-11-15 10:36:20 -0300 |
|---|---|---|
| committer | Diego Herrera <dherrera@redhat.com> | 2023-11-15 13:27:05 -0300 |
| commit | 5801437e5c78fb9c302a8b25b3f034714e611487 (patch) | |
| tree | 534d97fec7542a7d65769b86b3237e27fa8cd766 | |
| parent | 6b19003ffadc0889cc21536078ab818f166efa86 (diff) | |
| download | opendkim_EL6-5801437e5c78fb9c302a8b25b3f034714e611487.tar.gz | |
Upstream fix for CVE-2022-48521
| -rw-r--r-- | opendkim-CVE-2022-48521-fix.patch | 30 | ||||
| -rw-r--r-- | opendkim.spec | 7 |
2 files changed, 36 insertions, 1 deletions
diff --git a/opendkim-CVE-2022-48521-fix.patch b/opendkim-CVE-2022-48521-fix.patch new file mode 100644 index 0000000..3cec20c --- /dev/null +++ b/opendkim-CVE-2022-48521-fix.patch @@ -0,0 +1,30 @@ +diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c +index 5517322c..494c9157 100644 +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -13652,8 +13652,15 @@ mlfi_eom(SMFICTX *ctx) + return SMFIS_TEMPFAIL; + } + +- c = 0; ++ c = 1; ++ + for (hdr = dfc->mctx_hqhead; hdr != NULL; hdr = hdr->hdr_next) ++ { ++ if (strcasecmp(hdr->hdr_hdr, AUTHRESULTSHDR) == 0) ++ c++; ++ } ++ ++ for (hdr = dfc->mctx_hqtail; hdr != NULL; hdr = hdr->hdr_prev) + { + memset(ares, '\0', sizeof(struct authres)); + +@@ -13665,7 +13672,7 @@ mlfi_eom(SMFICTX *ctx) + char *slash; + + /* remember index */ +- c++; ++ c--; + + /* parse the header */ + arstat = ares_parse((u_char *) hdr->hdr_val, diff --git a/opendkim.spec b/opendkim.spec index 5f553c6..1848be5 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -13,7 +13,7 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.35%{?dist} +Release: 0.36%{?dist} License: BSD-3-Clause AND Sendmail URL: http://%{name}.org/ Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz @@ -30,6 +30,8 @@ Patch0: 0001-support-for-lua-5.3.patch Patch1: opendkim-2.11.0-comment-separator.patch # systemd service type=simple Patch2: opendkim-systemd-service-simple.patch +# https://github.com/trusteddomainproject/OpenDKIM/pull/189 +Patch3: opendkim-CVE-2022-48521-fix.patch # Required for all versions Requires: lib%{name}%{?_isa} = %{version}-%{release} @@ -221,6 +223,9 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Wed Nov 15 2023 Diego Herrera <dherrera@redhat.com> - 2.11.0-0.36 +- Add upstream PR that filters Authentication-Results headers correctly. + * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild |