From 5801437e5c78fb9c302a8b25b3f034714e611487 Mon Sep 17 00:00:00 2001 From: Diego Herrera Date: Wed, 15 Nov 2023 10:36:20 -0300 Subject: Upstream fix for CVE-2022-48521 --- opendkim-CVE-2022-48521-fix.patch | 30 ++++++++++++++++++++++++++++++ opendkim.spec | 7 ++++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 opendkim-CVE-2022-48521-fix.patch diff --git a/opendkim-CVE-2022-48521-fix.patch b/opendkim-CVE-2022-48521-fix.patch new file mode 100644 index 0000000..3cec20c --- /dev/null +++ b/opendkim-CVE-2022-48521-fix.patch @@ -0,0 +1,30 @@ +diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c +index 5517322c..494c9157 100644 +--- a/opendkim/opendkim.c ++++ b/opendkim/opendkim.c +@@ -13652,8 +13652,15 @@ mlfi_eom(SMFICTX *ctx) + return SMFIS_TEMPFAIL; + } + +- c = 0; ++ c = 1; ++ + for (hdr = dfc->mctx_hqhead; hdr != NULL; hdr = hdr->hdr_next) ++ { ++ if (strcasecmp(hdr->hdr_hdr, AUTHRESULTSHDR) == 0) ++ c++; ++ } ++ ++ for (hdr = dfc->mctx_hqtail; hdr != NULL; hdr = hdr->hdr_prev) + { + memset(ares, '\0', sizeof(struct authres)); + +@@ -13665,7 +13672,7 @@ mlfi_eom(SMFICTX *ctx) + char *slash; + + /* remember index */ +- c++; ++ c--; + + /* parse the header */ + arstat = ares_parse((u_char *) hdr->hdr_val, diff --git a/opendkim.spec b/opendkim.spec index 5f553c6..1848be5 100644 --- a/opendkim.spec +++ b/opendkim.spec @@ -13,7 +13,7 @@ Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail Name: opendkim Version: 2.11.0 -Release: 0.35%{?dist} +Release: 0.36%{?dist} License: BSD-3-Clause AND Sendmail URL: http://%{name}.org/ Source0: https://github.com/trusteddomainproject/OpenDKIM/archive/%{full_version}.tar.gz @@ -30,6 +30,8 @@ Patch0: 0001-support-for-lua-5.3.patch Patch1: opendkim-2.11.0-comment-separator.patch # systemd service type=simple Patch2: opendkim-systemd-service-simple.patch +# https://github.com/trusteddomainproject/OpenDKIM/pull/189 +Patch3: opendkim-CVE-2022-48521-fix.patch # Required for all versions Requires: lib%{name}%{?_isa} = %{version}-%{release} @@ -221,6 +223,9 @@ exit 0 %{_libdir}/pkgconfig/*.pc %changelog +* Wed Nov 15 2023 Diego Herrera - 2.11.0-0.36 +- Add upstream PR that filters Authentication-Results headers correctly. + * Thu Jul 20 2023 Fedora Release Engineering - 2.11.0-0.35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -- cgit