mail/opendkim: Security fix for CVE-2022-48521

PR:		277319
Security:	CVE-2022-48521
Approved by:	hrs (mentor), maintainer timeout

2 files changed, 37 insertions, 1 deletions

diff --git a/mail/opendkim/Makefile b/mail/opendkim/Makefile
index 17a8669827dc..9e10cdd23229 100644
--- a/mail/opendkim/Makefile
+++ b/mail/opendkim/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	opendkim
 PORTVERSION=	2.10.3
-PORTREVISION=	17
+PORTREVISION=	18
 CATEGORIES=	mail security
 MASTER_SITES=	SF/${PORTNAME} \
 		SF/${PORTNAME}/Previous%20Releases \
diff --git a/mail/opendkim/files/patch-opendkim_opendkim.c b/mail/opendkim/files/patch-opendkim_opendkim.c
new file mode 100644
index 000000000000..8ec336794477
--- /dev/null
+++ b/mail/opendkim/files/patch-opendkim_opendkim.c
@@ -0,0 +1,36 @@
+commit 7c70ee7c86da1cecc621182355cc950d3b193314
+Author: David Bürgin <dbuergin@gluet.ch>
+Date:   Sat Oct 14 09:19:37 2023 +0200
+
+    Delete Authentication-Results headers in reverse
+
+diff --git opendkim/opendkim.c opendkim/opendkim.c
+index 803f37b0..cfa5f018 100644
+--- opendkim/opendkim.c
++++ opendkim/opendkim.c
+@@ -13653,8 +13653,15 @@ mlfi_eom(SMFICTX *ctx)
+ 			return SMFIS_TEMPFAIL;
+ 		}
+ 
+-		c = 0;
++		c = 1;
++
+ 		for (hdr = dfc->mctx_hqhead; hdr != NULL; hdr = hdr->hdr_next)
++		{
++			if (strcasecmp(hdr->hdr_hdr, AUTHRESULTSHDR) == 0)
++				c++;
++		}
++
++		for (hdr = dfc->mctx_hqtail; hdr != NULL; hdr = hdr->hdr_prev)
+ 		{
+ 			memset(ares, '\0', sizeof(struct authres));
+ 
+@@ -13666,7 +13673,7 @@ mlfi_eom(SMFICTX *ctx)
+ 				char *slash;
+ 
+ 				/* remember index */
+-				c++;
++				c--;
+ 
+ 				/* parse the header */
+ 				arstat = ares_parse((u_char *) hdr->hdr_val,