From b9fc225fdbb8ab9619dd08555ebbdda9a496aef2 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 23 Jun 2020 09:24:04 +0200 Subject: sync with Fedora --- PHPMailer-5.2.28-cve2020-13625.patch | 88 ++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 PHPMailer-5.2.28-cve2020-13625.patch (limited to 'PHPMailer-5.2.28-cve2020-13625.patch') diff --git a/PHPMailer-5.2.28-cve2020-13625.patch b/PHPMailer-5.2.28-cve2020-13625.patch new file mode 100644 index 0000000..7063ed4 --- /dev/null +++ b/PHPMailer-5.2.28-cve2020-13625.patch @@ -0,0 +1,88 @@ +diff -Naurp PHPMailer-acba50393dd03da69a50226c139722af8b153b11.orig/class.phpmailer.php PHPMailer-acba50393dd03da69a50226c139722af8b153b11.new/class.phpmailer.php +--- PHPMailer-acba50393dd03da69a50226c139722af8b153b11.orig/class.phpmailer.php 2020-06-20 23:41:09.301467536 +0200 ++++ PHPMailer-acba50393dd03da69a50226c139722af8b153b11.new/class.phpmailer.php 2020-06-21 00:12:06.174576353 +0200 +@@ -2621,9 +2621,9 @@ class PHPMailer + //Only include a filename property if we have one + if (!empty($name)) { + $mime[] = sprintf( +- 'Content-Type: %s; name="%s"%s', ++ 'Content-Type: %s; name=%s%s', + $type, +- $this->encodeHeader($this->secureHeader($name)), ++ self::quotedString($this->encodeHeader($this->secureHeader($name))), + $this->LE + ); + } else { +@@ -2642,34 +2642,22 @@ class PHPMailer + $mime[] = sprintf('Content-ID: <%s>%s', $cid, $this->LE); + } + +- // If a filename contains any of these chars, it should be quoted, +- // but not otherwise: RFC2183 & RFC2045 5.1 +- // Fixes a warning in IETF's msglint MIME checker +- // Allow for bypassing the Content-Disposition header totally ++ // Allow for bypassing the Content-Disposition header + if (!(empty($disposition))) { + $encoded_name = $this->encodeHeader($this->secureHeader($name)); +- if (preg_match('/[ \(\)<>@,;:\\"\/\[\]\?=]/', $encoded_name)) { ++ if (!empty($encoded_name)) { + $mime[] = sprintf( +- 'Content-Disposition: %s; filename="%s"%s', ++ 'Content-Disposition: %s; filename=%s%s', + $disposition, +- $encoded_name, ++ self::quotedString($encoded_name), + $this->LE . $this->LE + ); + } else { +- if (!empty($encoded_name)) { +- $mime[] = sprintf( +- 'Content-Disposition: %s; filename=%s%s', +- $disposition, +- $encoded_name, +- $this->LE . $this->LE +- ); +- } else { +- $mime[] = sprintf( +- 'Content-Disposition: %s%s', +- $disposition, +- $this->LE . $this->LE +- ); +- } ++ $mime[] = sprintf( ++ 'Content-Disposition: %s%s', ++ $disposition, ++ $this->LE . $this->LE ++ ); + } + } else { + $mime[] = $this->LE; +@@ -3974,6 +3962,28 @@ class PHPMailer + } + + /** ++ * If a string contains any "special" characters, double-quote the name, ++ * and escape any double quotes with a backslash. ++ * ++ * @param string $str ++ * ++ * @return string ++ * ++ * @see RFC822 3.4.1 ++ */ ++ public static function quotedString($str) ++ { ++ if (preg_match('/[ ()<>@,;:"\/\[\]?=]/', $str)) { ++ //If the string contains any of these chars, it must be double-quoted ++ //and any double quotes must be escaped with a backslash ++ return '"' . str_replace('"', '\\"', $str) . '"'; ++ } ++ ++ //Return the string untouched, it doesn't need quoting ++ return $str; ++ } ++ ++ /** + * Allows for public read access to 'to' property. + * @note: Before the send() call, queued addresses (i.e. with IDN) are not yet included. + * @access public -- cgit