rpms/cyrus-imapd/F-10 cyrus-imapd-2.3.13-bufov.patch, NONE, 1.1 cyrus-imapd.spec, 1.51, 1.52

Michal Hlavinka mhlavink at fedoraproject.org
Mon Sep 7 14:41:58 UTC 2009 

Author: mhlavink

Update of /cvs/extras/rpms/cyrus-imapd/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18007

Modified Files:
	cyrus-imapd.spec 
Added Files:
	cyrus-imapd-2.3.13-bufov.patch 
Log Message:
fix buffer overflow in cyrus sieve


cyrus-imapd-2.3.13-bufov.patch:
 script.c |   18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

--- NEW FILE cyrus-imapd-2.3.13-bufov.patch ---
--- src/sieve/script.c	2008/03/24 20:08:46	1.67
+++ src/sieve/script.c	2009/09/02 13:56:18	1.68
@@ -40,7 +40,7 @@
  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
- * $Id: script.c,v 1.67 2008/03/24 20:08:46 murch Exp $
+ * $Id: script.c,v 1.68 2009/09/02 13:56:18 brong Exp $
  */
 
 #ifdef HAVE_CONFIG_H
@@ -688,7 +688,7 @@ static int do_sieve_error(int ret,
 	ret |= keep_ret;
         if (keep_ret == SIEVE_OK)
             snprintf(actions_string+strlen(actions_string),
-		     sizeof(actions_string)-strlen(actions_string),
+		     ACTIONS_STRING_LEN-strlen(actions_string),
 		     "Kept\n");
 	else {
 	    implicit_keep = 0;	/* don't try an implicit keep again */
@@ -742,7 +742,7 @@ static int do_action_list(sieve_interp_t
 	    
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string), 
+			 ACTIONS_STRING_LEN-strlen(actions_string), 
 			 "Rejected with: %s\n", a->u.rej.msg);
 
 	    break;
@@ -757,7 +757,7 @@ static int do_action_list(sieve_interp_t
 
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Filed into: %s\n",a->u.fil.mailbox);
 	    break;
 	case ACTION_KEEP:
@@ -770,7 +770,7 @@ static int do_action_list(sieve_interp_t
 			       &errmsg);
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Kept\n");
 	    break;
 	case ACTION_REDIRECT:
@@ -783,7 +783,7 @@ static int do_action_list(sieve_interp_t
 				   &errmsg);
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Redirected to %s\n", a->u.red.addr);
 	    break;
 	case ACTION_DISCARD:
@@ -794,7 +794,7 @@ static int do_action_list(sieve_interp_t
 				      &errmsg);
 	    if (ret == SIEVE_OK)
 		snprintf(actions_string+strlen(actions_string),
-			 sizeof(actions_string)-strlen(actions_string),
+			 ACTIONS_STRING_LEN-strlen(actions_string),
 			 "Discarded\n");
 	    break;
 
@@ -820,12 +820,12 @@ static int do_action_list(sieve_interp_t
 
 		    if (ret == SIEVE_OK)
 			snprintf(actions_string+strlen(actions_string),
-				 sizeof(actions_string)-strlen(actions_string),
+				 ACTIONS_STRING_LEN-strlen(actions_string),
 				 "Sent vacation reply\n");
 
 		} else if (ret == SIEVE_DONE) {
 		    snprintf(actions_string+strlen(actions_string),
-			     sizeof(actions_string)-strlen(actions_string),
+			     ACTIONS_STRING_LEN-strlen(actions_string),
 			     "Vacation reply suppressed\n");
 
 		    ret = SIEVE_OK;


Index: cyrus-imapd.spec
===================================================================
RCS file: /cvs/extras/rpms/cyrus-imapd/F-10/cyrus-imapd.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- cyrus-imapd.spec	26 May 2009 11:28:24 -0000	1.51
+++ cyrus-imapd.spec	7 Sep 2009 14:41:58 -0000	1.52
@@ -1,6 +1,6 @@
 Name: cyrus-imapd
 Version: 2.3.14
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 # ********************** BUILD TIME OPTIONS START **********************
 
@@ -116,6 +116,7 @@ Patch15: cyrus-imapd-2.3.1-make_md5_defa
 Patch18: cyrus-imapd-2.3.7-krb4.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=461875
 Patch19: cyrus-imapd-2.3.12p2-current-db.patch
+Patch20: cyrus-imapd-2.3.13-bufov.patch
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 BuildRequires: autoconf >= 2.59
 BuildRequires: cyrus-sasl-devel >= 2.1.15-1, perl-devel, tcp_wrappers
@@ -213,6 +214,7 @@ one running the server.
 %patch15 -p1 -b .make_md5_defaults
 %patch18 -p1 -b .krb4
 %patch19 -p1 -b .db4.7
+%patch20 -p1 -b .bufov
 
 # only to update config.* files
 automake -a -f -c || :
@@ -729,6 +731,9 @@ fi
 %{_mandir}/man1/*
 
 %changelog
+* Mon Sep 07 2009 Michal Hlavinka <mhlavink at redhat.com> - 2.3.14-2
+- fix buffer overflow in cyrus sieve (#521010)
+
 * Tue May 26 2009 Michal Hlavinka <mhlavink at redhat.com> - 2.3.14-1
 - updated to 2.3.14
 - spec clean-up

More information about the scm-commits mailing list