diff -pruN 1.82-2/debian/changelog 1.82-3/debian/changelog --- 1.82-2/debian/changelog 2011-03-24 14:34:40.000000000 +0000 +++ 1.82-3/debian/changelog 2011-03-23 10:29:31.000000000 +0000 @@ -1,3 +1,9 @@ +postfix-policyd (1.82-3) unstable; urgency=low + + * Fix bad strcpy usage on overlapping buffer (Closes: #619276) + + -- Ondřej Surý Wed, 23 Mar 2011 11:26:15 +0100 + postfix-policyd (1.82-2) unstable; urgency=low * Add LSB dependency header to init.d scripts (Closes: #467141). diff -pruN 1.82-2/debian/compat 1.82-3/debian/compat --- 1.82-2/debian/compat 2011-03-24 14:34:40.000000000 +0000 +++ 1.82-3/debian/compat 2011-03-23 10:29:31.000000000 +0000 @@ -1 +1 @@ -4 +7 diff -pruN 1.82-2/debian/control 1.82-3/debian/control --- 1.82-2/debian/control 2011-03-24 14:34:40.000000000 +0000 +++ 1.82-3/debian/control 2011-03-23 10:29:31.000000000 +0000 @@ -2,12 +2,19 @@ Source: postfix-policyd Section: mail Priority: optional Maintainer: Ondřej Surý -Build-Depends: debhelper (>= 5), libmysqlclient15-dev | libmysqlclient-dev, zlib1g-dev -Standards-Version: 3.7.2.1 +Build-Depends: quilt (>= 0.46-7~), + debhelper (>= 7.0.50~), + hardening-wrapper, + libmysqlclient-dev, + zlib1g-dev +Standards-Version: 3.9.2 Package: postfix-policyd Architecture: any -Depends: dbconfig-common, mysql-client, ${shlibs:Depends}, ${misc:Depends} +Depends: dbconfig-common, + mysql-client, + ${shlibs:Depends}, + ${misc:Depends} Recommends: mysql-server Description: anti-spam plugin for Postfix Policyd is an anti-spam plugin for Postfix (MySQL based) that diff -pruN 1.82-2/debian/gbp.conf 1.82-3/debian/gbp.conf --- 1.82-2/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100 +++ 1.82-3/debian/gbp.conf 2011-03-23 10:29:31.000000000 +0000 @@ -0,0 +1,9 @@ +[DEFAULT] +debian-branch = debian-sid +debian-tag = debian/%(version)s +upstream-branch = upstream-sid +upstream-tag = upstream/%(version)s +pristine-tar = True + +[git-dch] +meta = 1 diff -pruN 1.82-2/debian/patches/dont-use-strcpy-on-overlapping-buffer.patch 1.82-3/debian/patches/dont-use-strcpy-on-overlapping-buffer.patch --- 1.82-2/debian/patches/dont-use-strcpy-on-overlapping-buffer.patch 1970-01-01 01:00:00.000000000 +0100 +++ 1.82-3/debian/patches/dont-use-strcpy-on-overlapping-buffer.patch 2011-03-23 10:29:31.000000000 +0000 @@ -0,0 +1,22 @@ +--- a/syslog.c ++++ b/syslog.c +@@ -214,14 +214,15 @@ char + if (strlen (str) == 0) + return (str); + ++ p = str + strlen(str); ++ + for (i = 0; isspace (str[i]); i++) + ; + +- strcpy (str, str + i); ++ str += i; + +- p = str + strlen (str); +- while ((p--) != str && isspace (*p)) +- *p = 0; ++ while ((p--) != str && isspace (*p)) ++ *p = 0; + + return (str); + } diff -pruN 1.82-2/debian/patches/series 1.82-3/debian/patches/series --- 1.82-2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ 1.82-3/debian/patches/series 2011-03-23 10:29:31.000000000 +0000 @@ -0,0 +1 @@ +dont-use-strcpy-on-overlapping-buffer.patch diff -pruN 1.82-2/debian/postfix-policyd.examples 1.82-3/debian/postfix-policyd.examples --- 1.82-2/debian/postfix-policyd.examples 2011-03-24 14:34:40.000000000 +0000 +++ 1.82-3/debian/postfix-policyd.examples 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -debian/examples/postfix-policyd.conf diff -pruN 1.82-2/debian/rules 1.82-3/debian/rules --- 1.82-2/debian/rules 2011-03-24 14:34:40.000000000 +0000 +++ 1.82-3/debian/rules 2011-03-23 10:29:31.000000000 +0000 @@ -9,79 +9,32 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DH_OPTIONS +DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) +export DEB_BUILD_HARDENING=1 -CFLAGS = -Wall -g - +CFLAGS = -Wl,-z,defs -Wl,--as-needed ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 +CFLAGS += -O0 else - CFLAGS += -O2 +CFLAGS += -O2 endif -configure: configure-stamp -configure-stamp: - dh_testdir - # Add here commands to configure the package. - - touch configure-stamp - - -build: build-stamp - -build-stamp: configure-stamp - dh_testdir - # Add here commands to compile the package. - $(MAKE) build +%: + dh --with quilt $@ - touch build-stamp +override_dh_auto_configure: + # nothing to do -clean: - dh_testdir - dh_testroot - rm -f build-stamp configure-stamp - - # Add here commands to clean up after the build process. - -$(MAKE) clean - - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs +override_dh_auto_build: + dh_auto_build -- build +override_dh_auto_install: /usr/bin/install -m 755 $(CURDIR)/policyd $(CURDIR)/debian/postfix-policyd/usr/sbin/postfix-policyd /usr/bin/install -m 755 $(CURDIR)/cleanup $(CURDIR)/debian/postfix-policyd/usr/lib/postfix-policyd/cleanup /usr/bin/install -m 600 $(CURDIR)/debian/policyd.conf $(CURDIR)/debian/postfix-policyd/usr/share/postfix-policyd/postfix-policyd.conf /usr/bin/install -m 644 $(CURDIR)/debian/install-files/mysql.sql $(CURDIR)/debian/postfix-policyd/usr/share/dbconfig-common/data/postfix-policyd/install/mysql /usr/bin/install -m 644 $(CURDIR)/debian/install-files/mysql-upgrade-1.73.sql $(CURDIR)/debian/postfix-policyd/usr/share/dbconfig-common/data/postfix-policyd/upgrade/mysql/1.73-1 - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install - dh_testdir - dh_testroot - dh_installdebconf - dh_installchangelogs ChangeLog - dh_installdocs - dh_installinit - dh_installcron - dh_link - dh_strip - dh_compress - dh_fixperms - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install configure diff -pruN 1.82-2/debian/source/format 1.82-3/debian/source/format --- 1.82-2/debian/source/format 1970-01-01 01:00:00.000000000 +0100 +++ 1.82-3/debian/source/format 2011-03-24 13:54:34.000000000 +0000 @@ -0,0 +1 @@ +3.0 (quilt) diff -pruN 1.82-2/.pc/applied-patches 1.82-3/.pc/applied-patches --- 1.82-2/.pc/applied-patches 1970-01-01 01:00:00.000000000 +0100 +++ 1.82-3/.pc/applied-patches 2011-03-24 13:54:34.000000000 +0000 @@ -0,0 +1 @@ +dont-use-strcpy-on-overlapping-buffer.patch diff -pruN 1.82-2/.pc/dont-use-strcpy-on-overlapping-buffer.patch/syslog.c 1.82-3/.pc/dont-use-strcpy-on-overlapping-buffer.patch/syslog.c --- 1.82-2/.pc/dont-use-strcpy-on-overlapping-buffer.patch/syslog.c 1970-01-01 01:00:00.000000000 +0100 +++ 1.82-3/.pc/dont-use-strcpy-on-overlapping-buffer.patch/syslog.c 2007-08-20 07:42:05.000000000 +0100 @@ -0,0 +1,230 @@ +#include "policyd.h" + + +/* + * + * + * Policy Daemon + * + * policy daemon is used in conjuction with postfix to combat spam. + * + * Copyright (C) 2004 Cami Sardinha (cami@mweb.co.za) + * + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * + * + */ + +/* + * SYSLOG FACILITIES + */ +static struct syslog_priority { + char *str; + int num; +} syslog_priorities[] = { + + /* priorities */ +#ifdef LOG_EMERG + { "LOG_EMERG", LOG_EMERG }, +#endif +#ifdef LOG_ALERT + { "LOG_ALERT", LOG_ALERT }, +#endif +#ifdef LOG_CRIT + { "LOG_CRIT", LOG_CRIT }, +#endif +#ifdef LOG_ERR + { "LOG_ERR", LOG_ERR }, +#endif +#ifdef LOG_WARNING + { "LOG_WARNING", LOG_WARNING }, +#endif +#ifdef LOG_NOTICE + { "LOG_NOTICE", LOG_NOTICE }, +#endif +#ifdef LOG_INFO + { "LOG_INFO", LOG_INFO }, +#endif +#ifdef LOG_DEBUG + { "LOG_DEBUG", LOG_DEBUG }, +#endif + + + /* facilities */ +#ifdef LOG_KERN + { "LOG_KERN", LOG_KERN }, +#endif +#ifdef LOG_USER + { "LOG_USER", LOG_USER }, +#endif +#ifdef LOG_MAIL + { "LOG_MAIL", LOG_MAIL }, +#endif +#ifdef LOG_DAEMON + { "LOG_DAEMON", LOG_DAEMON }, +#endif +#ifdef LOG_AUTH + { "LOG_AUTH", LOG_AUTH }, +#endif +#ifdef LOG_SYSLOG + { "LOG_SYSLOG", LOG_SYSLOG }, +#endif +#ifdef LOG_AUTHPRIV + { "LOG_AUTHPRIV", LOG_AUTHPRIV }, +#endif +#ifdef LOG_LOCAL0 + { "LOG_LOCAL0", LOG_LOCAL0 }, +#endif +#ifdef LOG_LOCAL1 + { "LOG_LOCAL1", LOG_LOCAL1 }, +#endif +#ifdef LOG_LOCAL2 + { "LOG_LOCAL2", LOG_LOCAL2 }, +#endif +#ifdef LOG_LOCAL3 + { "LOG_LOCAL3", LOG_LOCAL3 }, +#endif +#ifdef LOG_LOCAL4 + { "LOG_LOCAL4", LOG_LOCAL4 }, +#endif +#ifdef LOG_LOCAL5 + { "LOG_LOCAL5", LOG_LOCAL5 }, +#endif +#ifdef LOG_LOCAL6 + { "LOG_LOCAL6", LOG_LOCAL6 }, +#endif +#ifdef LOG_LOCAL7 + { "LOG_LOCAL7", LOG_LOCAL7 }, +#endif + { NULL, 0 } +}; + + + + +/* + * function: parse_syslog_priority + * purpose: split up tokens and ensure they are syslog facilities/priorities + * return: syslog facility + */ +int +parse_syslog_priority(char *str) +{ + char *token; + int n = -1; + + token = (char *) strtok (str, "|"); + if (token == NULL) + { + logmessage("fatal: error parsing (1st) syslog string: %s from %s\n", token, str); + exit(-1); + } + + /* ensure priority/facility is supported */ + syslog_token_set (token, &n); + + /* ensure priority/facility is supported */ + while ((token = (char *) strtok (NULL, "|")) != NULL) + syslog_token_set (token, &n); + + if (n == -1) + { + logmessage("fatal: error parsing (2st) syslog string: %s from %s\n", token, str); + exit(-1); + } + + /* return priority */ + return (n); +} + + + + +/* + * function: syslog_token_set + * purpose: check token against struct of priorities/facilities + * return: nada + */ +void +syslog_token_set(char *token, int *value) +{ + unsigned int i; + token = strip_space (token); + + for (i = 0; syslog_priorities[i].str != NULL; i++) + { + if(DEBUG > 3) + logmessage("DEBUG: token = %s, got = %s\n", + token, syslog_priorities[i].str); + + if (!strcasecmp (token, syslog_priorities[i].str)) + { + if (*value == -1) + { + if(DEBUG > 3) + logmessage("DEBUG: initial set: %s, n = 0x%08lx\n", + token, syslog_priorities[i].num); + + *value = syslog_priorities[i].num; + } else { + + if(DEBUG > 3) + logmessage("DEBUG: subsequent OR: %s, n = 0x%08lx\n", + token, *value | syslog_priorities[i].num); + + *value = *value | syslog_priorities[i].num; + } + + return; + } + } + + logmessage("fatal: didn't find priority '%s', exiting\n", token); + exit (-1); +} + + + + +/* + * function: strip_space + * purpose: remove whitespace + * return: cleaned string + */ +char +*strip_space (char *str) +{ + char *p; + unsigned int i = 0; + + if (strlen (str) == 0) + return (str); + + for (i = 0; isspace (str[i]); i++) + ; + + strcpy (str, str + i); + + p = str + strlen (str); + while ((p--) != str && isspace (*p)) + *p = 0; + + return (str); +} + + +/* EOF */ diff -pruN 1.82-2/.pc/.version 1.82-3/.pc/.version --- 1.82-2/.pc/.version 1970-01-01 01:00:00.000000000 +0100 +++ 1.82-3/.pc/.version 2011-03-24 13:54:34.000000000 +0000 @@ -0,0 +1 @@ +2 diff -pruN 1.82-2/syslog.c 1.82-3/syslog.c --- 1.82-2/syslog.c 2007-08-20 07:42:05.000000000 +0100 +++ 1.82-3/syslog.c 2011-03-24 13:54:34.000000000 +0000 @@ -214,14 +214,15 @@ char if (strlen (str) == 0) return (str); + p = str + strlen(str); + for (i = 0; isspace (str[i]); i++) ; - strcpy (str, str + i); + str += i; - p = str + strlen (str); - while ((p--) != str && isspace (*p)) - *p = 0; + while ((p--) != str && isspace (*p)) + *p = 0; return (str); }