mail/opendkim: Security fix for CVE-2022-48521

PR: 277319 Security: CVE-2022-48521 Approved by: hrs (mentor), maintainer timeout
2024-03-07 23:15:00 +09:00 · 2024-03-07 23:15:00 +09:00 · d1ebdbe935
commit d1ebdbe935
parent 6314e62fdd
2 changed files with 37 additions and 1 deletions
--- a/mail/opendkim/Makefile
+++ b/mail/opendkim/Makefile
@ -1,6 +1,6 @@
 PORTNAME=	opendkim
 PORTVERSION=	2.10.3
-PORTREVISION=	17
+PORTREVISION=	18
 CATEGORIES=	mail security
 MASTER_SITES=	SF/${PORTNAME} \
 		SF/${PORTNAME}/Previous%20Releases \
--- a/mail/opendkim/files/patch-opendkim_opendkim.c
+++ b/mail/opendkim/files/patch-opendkim_opendkim.c
@ -0,0 +1,36 @@
+commit 7c70ee7c86da1cecc621182355cc950d3b193314
+Author: David Bürgin <dbuergin@gluet.ch>
+Date:   Sat Oct 14 09:19:37 2023 +0200
+
+    Delete Authentication-Results headers in reverse
+
+diff --git opendkim/opendkim.c opendkim/opendkim.c
+index 803f37b0..cfa5f018 100644
+--- opendkim/opendkim.c
+++ opendkim/opendkim.c
+@@ -13653,8 +13653,15 @@ mlfi_eom(SMFICTX *ctx)
+ 			return SMFIS_TEMPFAIL;
+ 		}
+ 
+-		c = 0;
+		c = 1;
+
+ 		for (hdr = dfc->mctx_hqhead; hdr != NULL; hdr = hdr->hdr_next)
+		{
+			if (strcasecmp(hdr->hdr_hdr, AUTHRESULTSHDR) == 0)
+				c++;
+		}
+
+		for (hdr = dfc->mctx_hqtail; hdr != NULL; hdr = hdr->hdr_prev)
+ 		{
+ 			memset(ares, '\0', sizeof(struct authres));
+ 
+@@ -13666,7 +13673,7 @@ mlfi_eom(SMFICTX *ctx)
+ 				char *slash;
+ 
+ 				/* remember index */
+-				c++;
+				c--;
+ 
+ 				/* parse the header */
+ 				arstat = ares_parse((u_char *) hdr->hdr_val,