[Kolab-devel] patches for cyrus?

Richard Bos ml at radoeka.nl
Fri Oct 9 22:37:06 CEST 2009


Op vrijdag 09 oktober 2009 11:38:27 schreef Thomas Arendsen Hein:
> * Richard Bos <ml at radoeka.nl> [20091008 17:49]:
> > Op donderdag 08 oktober 2009 12:37:19 schreef Thomas Arendsen Hein:
> > > * Richard Bos <ml at radoeka.nl> [20091007 20:36]:
> > > > I solved it by using this patch:
> > > > --- ./cyrus-imapd-2.3.14/ptclient/afskrb.c      2008-03-24
> > > > 19:34:22.000000000 +0100
> > > > +++ ./cyrus-imapd-2.3.14.new/ptclient/afskrb.c  2009-10-07
> > > > 20:00:07.000000000 +0200
> > > > @@ -546,6 +546,7 @@
> > > >      int *dsize __attribute__((unused)))
> > > >  {
> > > >         fatal("PTS module (afskrb) not compiled in", EC_CONFIG);
> > > > +       return 0;
> > > >  }
> > > >
> > > >  #endif /* HAVE_AFSKRB */
> > >
> > > Please report this bug to the OpenLDAP people, unless it is already
> > > fixed in a newer version.
> >
> > Do you really mean openLDAP  or do you mean cyrus?
>
> Of course, my brain is just playing tricks on me due to a cold.

Don't worry, as long as it is a lively discussion mistakes like this are 
correctly quickly :)

> > > And you should use 2.3.15 (or the patch from kolab_2_2_branch)
> > > anyway to close a security issue with sieve scripts.
> >
> > I'll upgrade to 2.3.15 as soon as possible.  Do you have a url to the
> > patch from kolab_2_2_branch, or a pointer to the repository / directory
> > that contains the patch?
>
> http://kolab.org/cgi-bin/viewcvs-kolab.cgi/server/imapd/Attic/CVE-2009-2632
>.patch?only_with_tag=kolab_2_2_branch

Ah!  I'm in the comfortable position of using openSUSE's native cyrus spec 
file (that contains a switch to enable kolab).  This native package is already 
equipped with the patch that you refer to above :)  Even without me knowing 
it, the security patch was already there!

-- 
Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/devel/attachments/20091009/f304f964/attachment.html>


More information about the devel mailing list