Bug#1016439: buster-pu: package procmail/3.22-26+deb10u1

Sun, 31 Jul 2022 11:33:27 -0700 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sanv...@debian.org

Dear release managers:
I've applied this small procmail fix to buster as well, hopefully to be part of the next point release, whenever it will be. 

This was done to bullseye previously:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014221

As in the bullseye case, this is the type of bug I don't want to see in
stable or oldstable.

The debdiff is attached.

Thanks.
diff -Nru procmail-3.22/debian/changelog procmail-3.22/debian/changelog
--- procmail-3.22/debian/changelog      2017-11-16 23:42:36.000000000 +0100
+++ procmail-3.22/debian/changelog      2022-07-31 20:10:00.000000000 +0200
@@ -1,3 +1,11 @@
+procmail (3.22-26+deb10u1) buster; urgency=medium
+
+  * Fix NULL pointer dereference. Closes: #769938.
+    Reported by Jakub Wilk using American Fuzzy Lop.
+    Patch from Stephen R. van den Berg.
+
+ -- Santiago Vila <sanv...@debian.org>  Sun, 31 Jul 2022 20:10:00 +0200
+
 procmail (3.22-26) unstable; urgency=medium
 
   * Fix buffer overflow in loadbuf(). Closes: #876511.
diff -Nru procmail-3.22/debian/patches/31 procmail-3.22/debian/patches/31
--- procmail-3.22/debian/patches/31     1970-01-01 01:00:00.000000000 +0100
+++ procmail-3.22/debian/patches/31     2022-07-31 19:32:00.000000000 +0200
@@ -0,0 +1,19 @@
+From: Stephen R. van den Berg <s...@cuci.nl>
+Subject: Cater for mails containing an incomplete From_ line.
+Bug-Debian: http://bugs.debian.org/769938
+X-Debian-version: 3.22-27
+
+--- a/src/from.c
++++ b/src/from.c
+@@ -117,7 +117,10 @@
+             themail.p[extra]='\0';              /* terminate it for strchr */
+           }
+          while(!(rstart=strchr(themail.p,'\n')));
+-         extra=rstart?extra-(++rstart-themail.p):0;
++         if (rstart)
++           extra -= ++rstart - themail.p;
++         else
++           extra = 0, rstart = themail.p;
+        }
+       else
+        { size_t tfrl= ++rstart-themail.p; /* length of existing From_ line */
diff -Nru procmail-3.22/debian/patches/series 
procmail-3.22/debian/patches/series
--- procmail-3.22/debian/patches/series 2017-11-16 23:41:45.000000000 +0100
+++ procmail-3.22/debian/patches/series 2022-07-31 19:00:00.000000000 +0200
@@ -29,3 +29,4 @@
 28
 29
 30
+31

Reply via email to