procmail: fix CVE-2014-3618 CVE-2017-16844

srcpkgs/procmail/patches/CVE-2014-3618.patch

@@ -0,0 +1,23 @@
+From: Tavis Ormandy
+Subject: formail heap overflow. CVE-2014-3618
+Bug-Debian: http://bugs.debian.org/704675
+Bug-Debian: http://bugs.debian.org/760443
+X-Debian-version: 3.22-22
+
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -84,12 +84,11 @@
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }
+

srcpkgs/procmail/patches/CVE-2017-16844.patch

@@ -0,0 +1,17 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Fix heap-based buffer overflow in loadbuf()
+Bug-Debian: http://bugs.debian.org/876511
+X-Debian-version: 3.22-26
+
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -103,7 +103,7 @@
+ }
+ 							    /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
++{ while(buffilled+len>buflen)			  /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
+

srcpkgs/procmail/template

@@ -1,12 +1,13 @@
 # Template file for 'procmail'
 pkgname=procmail
 version=3.22
-revision=2
+revision=3
+patch_args="-Np1"
 hostmakedepends="opensmtpd"
 depends="virtual?smtp-server"
 short_desc="Autonomous mail processor"
-maintainer="Christian Neukirchen <chneukirchen@gmail.com>"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
-license="GPL-2, Artistic"
+license="GPL-2.0-or-later, Artistic"
 homepage="http://www.procmail.org"
 distfiles="ftp://ftp.informatik.rwth-aachen.de/pub/packages/procmail/${pkgname}-${version}.tar.gz"
 checksum=087c75b34dd33d8b9df5afe9e42801c9395f4bf373a784d9bc97153b0062e117