thomas: server/imapd CVE-2009-2632.patch, NONE, 1.1.2.1 Makefile, 1.40.2.2, 1.40.2.3 kolab.patch, 1.39.2.1, 1.39.2.2

cvs at kolab.org cvs at kolab.org
Tue Sep 22 16:28:23 CEST 2009


Author: thomas

Update of /kolabrepository/server/imapd
In directory doto:/tmp/cvs-serv23700/imapd

Modified Files:
      Tag: kolab_2_2_branch
	Makefile kolab.patch 
Added Files:
      Tag: kolab_2_2_branch
	CVE-2009-2632.patch 
Log Message:
Fix buffer size calculations for sieve actions_string (CVE-2009-2632)


--- NEW FILE: CVE-2009-2632.patch ---
Fix buffer size calculations for sieve actions_string (CVE-2009-2632)
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.67&r2=1.68
(without CVS keyword hunk)

--- src/sieve/script.c	2008/03/24 20:08:46	1.67
+++ src/sieve/script.c	2009/09/02 13:56:18	1.68
@@ -688,7 +688,7 @@ static int do_sieve_error(int ret,
 	ret |= keep_ret;
         if (keep_ret == SIEVE_OK)
             snprintf(actions_string+strlen(actions_string),
-		     sizeof(actions_string)-strlen(actions_string),
+		     ACTIONS_STRING_LEN-strlen(actions_string),
 		     "Kept\n");
 	else {
 	    implicit_keep = 0;	/* don't try an implicit keep again */
@@ -742,7 +742,7 @@ static int do_action_list(sieve_interp_t
 	    
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string), 
+			 ACTIONS_STRING_LEN-strlen(actions_string), 
 			 "Rejected with: %s\n", a->u.rej.msg);
 
 	    break;
@@ -757,7 +757,7 @@ static int do_action_list(sieve_interp_t
 
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Filed into: %s\n",a->u.fil.mailbox);
 	    break;
 	case ACTION_KEEP:
@@ -770,7 +770,7 @@ static int do_action_list(sieve_interp_t
 			       &errmsg);
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Kept\n");
 	    break;
 	case ACTION_REDIRECT:
@@ -783,7 +783,7 @@ static int do_action_list(sieve_interp_t
 				   &errmsg);
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Redirected to %s\n", a->u.red.addr);
 	    break;
 	case ACTION_DISCARD:
@@ -794,7 +794,7 @@ static int do_action_list(sieve_interp_t
 				      &errmsg);
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Discarded\n");
 	    break;
 
@@ -820,12 +820,12 @@ static int do_action_list(sieve_interp_t
 
 		    if (ret == SIEVE_OK)
 			snprintf(actions_string+strlen(actions_string),
-				 sizeof(actions_string)-strlen(actions_string),
+				 ACTIONS_STRING_LEN-strlen(actions_string),
 				 "Sent vacation reply\n");
 
 		} else if (ret == SIEVE_DONE) {
 		    snprintf(actions_string+strlen(actions_string),
-			     sizeof(actions_string)-strlen(actions_string),
+			     ACTIONS_STRING_LEN-strlen(actions_string),
 			     "Vacation reply suppressed\n");
 
 		    ret = SIEVE_OK;

Index: Makefile
===================================================================
RCS file: /kolabrepository/server/imapd/Makefile,v
retrieving revision 1.40.2.2
retrieving revision 1.40.2.3
diff -u -d -r1.40.2.2 -r1.40.2.3
--- Makefile	2 Apr 2009 13:51:44 -0000	1.40.2.2
+++ Makefile	22 Sep 2009 14:28:21 -0000	1.40.2.3
@@ -21,7 +21,7 @@
 PACKAGE=imapd
 VERSION=2.3.13
 RELEASE=20081020
-KOLABRELEASE=20081020_kolab2
+KOLABRELEASE=20081020_kolab3
 
 PATCHES=../patches/cyrus-imapd/cyrus-imapd-$(VERSION)/KOLAB_cyrus-cyradm-$(VERSION)_Annotations.patch \
 	../patches/cyrus-imapd/cyrus-imapd-$(VERSION)/KOLAB_cyrus-imapd-$(VERSION)_Annotations2.patch \
@@ -29,7 +29,8 @@
 	../patches/cyrus-imapd/cyrus-imapd-$(VERSION)/KOLAB_cyrus-imapd-$(VERSION)_Groups2.patch \
 	../patches/cyrus-imapd/cyrus-imapd-$(VERSION)/KOLAB_cyrus-imapd-$(VERSION)_Logging.patch \
 	../patches/cyrus-imapd/cyrus-imapd-$(VERSION)/KOLAB_cyrus-imapd-$(VERSION)_timsieved_starttls-sendcaps.patch \
-	../patches/cyrus-imapd/cyrus-imapd-$(VERSION)/KOLAB_cyrus-imapd-$(VERSION)_UID.patch
+	../patches/cyrus-imapd/cyrus-imapd-$(VERSION)/KOLAB_cyrus-imapd-$(VERSION)_UID.patch \
+	CVE-2009-2632.patch
 
 .PHONY: all
 all: $(PACKAGE)-$(VERSION)-$(KOLABRELEASE).src.rpm

Index: kolab.patch
===================================================================
RCS file: /kolabrepository/server/imapd/kolab.patch,v
retrieving revision 1.39.2.1
retrieving revision 1.39.2.2
diff -u -d -r1.39.2.1 -r1.39.2.2
--- kolab.patch	1 Apr 2009 17:03:45 -0000	1.39.2.1
+++ kolab.patch	22 Sep 2009 14:28:21 -0000	1.39.2.2
@@ -1,11 +1,11 @@
 --- imapd.spec.orig	2008-10-20 20:12:23.000000000 +0200
-+++ imapd.spec	2009-01-25 22:19:52.000000000 +0100
++++ imapd.spec	2009-09-22 16:13:53.049428455 +0200
 @@ -32,7 +32,7 @@
  Group:        Mail
  License:      BSD
  Version:      2.3.13
 -Release:      20081020
-+Release:      20081020_kolab2
++Release:      20081020_kolab3
  
  #   package options
  %option       with_fsl           yes
@@ -17,7 +17,7 @@
  
  #   fixing implicit inter-module dependencies and correlations
  %if "%{with_kolab}" == "yes"
-@@ -67,12 +68,13 @@
+@@ -67,12 +68,14 @@
  Source3:      imapd.conf
  Source4:      fsl.imapd
  Patch0:       imapd.patch
@@ -34,10 +34,11 @@
 +Patch5:       http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/cyrus-imapd/cyrus-imapd-%{version}/KOLAB_cyrus-imapd-%{version}_UID.patch
 +Patch6:       http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/cyrus-imapd/cyrus-imapd-%{version}/KOLAB_cyrus-imapd-%{version}_Folder-names.patch
 +Patch7:       http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/cyrus-imapd/cyrus-imapd-%{version}/KOLAB_cyrus-imapd-%{version}_timsieved_starttls-sendcaps.patch
++Patch8:       CVE-2009-2632.patch
  
  #   build information
  Prefix:       %{l_prefix}
-@@ -120,11 +122,7 @@
+@@ -120,11 +123,7 @@
  
      #   add optional group file support with support to ignore case
  %if "%{with_group}" == "yes"
@@ -50,7 +51,7 @@
      %{l_shtool} subst \
          -e 's;/etc/imapd\.group;%{l_prefix}/etc/imapd/imapd.group;' \
          lib/auth_unix.c
-@@ -132,7 +130,7 @@
+@@ -132,7 +131,7 @@
  
      #   add optional folder annotation support
  %if "%{with_annotate}" == "yes"
@@ -59,7 +60,7 @@
      %patch -p1 -P 3
  %endif
  
-@@ -152,6 +150,11 @@
+@@ -152,12 +151,20 @@
       %patch -p1 -P 6
  %endif
  
@@ -71,7 +72,16 @@
      #   add optional DRAC file support
  %if "%{with_drac}" == "yes"
      %{l_shtool} subst -e 's;@DRACLIBS@;-ldrac;g' contrib/drac_auth.patch
-@@ -287,7 +290,11 @@
+     %{l_patch} -p0 <contrib/drac_auth.patch
+ %endif
+ 
++    # CVE-2009-2632
++    %patch -p1 -P 8
++
+     #   make sure config2header rebuilds imapopts based on imapoptions
+     rm -f lib/imapopts.h lib/imapopts.c >/dev/null 2>&1 || true
+ 
+@@ -287,7 +294,11 @@
  %if "%{with_nntp}" == "yes"
          --enable-nntp \
  %endif
@@ -83,7 +93,7 @@
          --without-krb
  
      #   build program
-@@ -411,9 +418,6 @@
+@@ -411,9 +422,6 @@
      #   before erase, stop service and remove log and temporary files
      if [ $1 -eq 0 ]; then
          %{l_rc} imapd stop 2>/dev/null





More information about the commits mailing list