rpms/cyrus-imapd/devel cyrus-imapd-2.3.15-bufov.patch, NONE, 1.1 cyrus-imapd-2.3.1-authid_normalize.patch, 1.3, 1.4 cyrus-imapd-2.3.12p2-autocreate-0.10-0.diff, 1.3, 1.4 cyrus-imapd-2.3.7-notify_sms.patch, 1.1, 1.2 cyrus-imapd.spec, 1.59, 1.60
Michal Hlavinka
mhlavink at fedoraproject.org
Fri Sep 18 13:21:34 UTC 2009
Author: mhlavink
Update of /cvs/extras/rpms/cyrus-imapd/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16278
Modified Files:
cyrus-imapd-2.3.1-authid_normalize.patch
cyrus-imapd-2.3.12p2-autocreate-0.10-0.diff
cyrus-imapd-2.3.7-notify_sms.patch cyrus-imapd.spec
Added Files:
cyrus-imapd-2.3.15-bufov.patch
Log Message:
* Fri Sep 18 2009 Michal Hlavinka <mhlavink at redhat.com> - 2.3.15-1
- fix buffer overflow in cyrus sieve (CVE-2009-3235)
cyrus-imapd-2.3.15-bufov.patch:
bc_eval.c | 6 +++---
script.c | 4 ++--
sieve.y | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
--- NEW FILE cyrus-imapd-2.3.15-bufov.patch ---
diff -up cyrus-imapd-2.3.15/sieve/bc_eval.c.bufov cyrus-imapd-2.3.15/sieve/bc_eval.c
--- cyrus-imapd-2.3.15/sieve/bc_eval.c.bufov 2009-03-31 06:11:30.000000000 +0200
+++ cyrus-imapd-2.3.15/sieve/bc_eval.c 2009-09-18 15:05:29.187990786 +0200
@@ -500,7 +500,7 @@ static int eval_bc_test(sieve_interp_t *
int comparator=ntohl(bc[i+3].value);
int apart=ntohl(bc[i+4].value);
int count=0;
- char scount[3];
+ char scount[21];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
@@ -669,7 +669,7 @@ static int eval_bc_test(sieve_interp_t *
int relation=ntohl(bc[i+2].value);
int comparator=ntohl(bc[i+3].value);
int count=0;
- char scount[3];
+ char scount[21];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
@@ -790,7 +790,7 @@ static int eval_bc_test(sieve_interp_t *
int transform=ntohl(bc[i+4].value);
/* ntohl(bc[i+5].value) is the now unused 'offset' */
int count=0;
- char scount[3];
+ char scount[21];
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
diff -up cyrus-imapd-2.3.15/sieve/script.c.bufov cyrus-imapd-2.3.15/sieve/script.c
--- cyrus-imapd-2.3.15/sieve/script.c.bufov 2009-09-02 15:56:18.000000000 +0200
+++ cyrus-imapd-2.3.15/sieve/script.c 2009-09-18 15:04:00.728927938 +0200
@@ -668,9 +668,9 @@ static int do_sieve_error(int ret,
if ((ret != SIEVE_OK) && interp->err) {
char buf[1024];
if (lastaction == -1) /* we never executed an action */
- sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
+ snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
else
- sprintf(buf, "%s: %s", action_to_string(lastaction),
+ snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
errmsg ? errmsg : sieve_errstr(ret));
ret |= interp->execute_err(buf, interp->interp_context,
diff -up cyrus-imapd-2.3.15/sieve/sieve.y.bufov cyrus-imapd-2.3.15/sieve/sieve.y
--- cyrus-imapd-2.3.15/sieve/sieve.y.bufov 2009-03-26 00:58:54.000000000 +0100
+++ cyrus-imapd-2.3.15/sieve/sieve.y 2009-09-18 15:04:00.734928038 +0200
@@ -1159,7 +1159,7 @@ static int verify_relat(char *r)
else if (!strcmp(r, "ne")) {return NE;}
else if (!strcmp(r, "eq")) {return EQ;}
else{
- sprintf(errbuf, "flag '%s': not a valid relational operation", r);
+ snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
yyerror(errbuf);
return -1;
}
cyrus-imapd-2.3.1-authid_normalize.patch:
auth_unix.c | 18 ++++++++++++++++++
imapoptions | 5 +++++
libcyr_cfg.c | 4 ++++
libcyr_cfg.h | 2 ++
4 files changed, 29 insertions(+)
Index: cyrus-imapd-2.3.1-authid_normalize.patch
===================================================================
RCS file: /cvs/extras/rpms/cyrus-imapd/devel/cyrus-imapd-2.3.1-authid_normalize.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- cyrus-imapd-2.3.1-authid_normalize.patch 21 Jan 2009 13:50:36 -0000 1.3
+++ cyrus-imapd-2.3.1-authid_normalize.patch 18 Sep 2009 13:21:33 -0000 1.4
@@ -1,17 +1,7 @@
---- cyrus-imapd-2.3.13/lib/libcyr_cfg.h.authid_normalize 2008-07-30 18:03:39.000000000 +0200
-+++ cyrus-imapd-2.3.13/lib/libcyr_cfg.h 2009-01-13 11:41:59.000000000 +0100
-@@ -112,6 +112,8 @@ enum cyrus_opt {
- CYRUSOPT_SQL_PASSWD,
- /* Secure SQL connection (OFF) */
- CYRUSOPT_SQL_USESSL,
-+ /* Lowercase uid and strip leading and trailing blanks (OFF) */
-+ CYRUSOPT_NORMALIZEUID,
-
- CYRUSOPT_LAST
-
---- cyrus-imapd-2.3.13/lib/auth_unix.c.authid_normalize 2009-01-13 11:38:08.000000000 +0100
-+++ cyrus-imapd-2.3.13/lib/auth_unix.c 2009-01-13 11:38:08.000000000 +0100
-@@ -155,10 +155,12 @@
+diff -up cyrus-imapd-2.3.15/lib/auth_unix.c.authid_normalize cyrus-imapd-2.3.15/lib/auth_unix.c
+--- cyrus-imapd-2.3.15/lib/auth_unix.c.authid_normalize 2009-09-18 11:53:47.183115911 +0200
++++ cyrus-imapd-2.3.15/lib/auth_unix.c 2009-09-18 11:53:47.252115833 +0200
+@@ -156,10 +156,12 @@ const char *identifier;
size_t len;
{
static char retbuf[81];
@@ -24,7 +14,7 @@
if(!len) len = strlen(identifier);
if(len >= sizeof(retbuf)) return NULL;
-@@ -210,6 +212,22 @@
+@@ -211,6 +213,22 @@ size_t len;
/* now we don't */
/* if (!sawalpha) return NULL; */
@@ -47,9 +37,10 @@
return retbuf;
}
---- cyrus-imapd-2.3.13/lib/imapoptions.authid_normalize 2009-01-13 11:38:08.000000000 +0100
-+++ cyrus-imapd-2.3.13/lib/imapoptions 2009-01-13 11:38:08.000000000 +0100
-@@ -1182,6 +1182,11 @@
+diff -up cyrus-imapd-2.3.15/lib/imapoptions.authid_normalize cyrus-imapd-2.3.15/lib/imapoptions
+--- cyrus-imapd-2.3.15/lib/imapoptions.authid_normalize 2009-09-18 11:53:47.244115877 +0200
++++ cyrus-imapd-2.3.15/lib/imapoptions 2009-09-18 11:53:47.260115873 +0200
+@@ -1217,6 +1217,11 @@ product version in the capabilities */
interface, otherwise the user is assumed to be in the default
domain (if set). */
@@ -61,17 +52,29 @@
/*
.SH SEE ALSO
.PP
---- cyrus-imapd-2.3.13/lib/libcyr_cfg.c.authid_normalize 2008-07-30 18:03:38.000000000 +0200
-+++ cyrus-imapd-2.3.13/lib/libcyr_cfg.c 2009-01-13 11:38:08.000000000 +0100
-@@ -150,6 +150,11 @@
- CFGVAL(long, 0),
+diff -up cyrus-imapd-2.3.15/lib/libcyr_cfg.c.authid_normalize cyrus-imapd-2.3.15/lib/libcyr_cfg.c
+--- cyrus-imapd-2.3.15/lib/libcyr_cfg.c.authid_normalize 2009-03-31 06:43:20.000000000 +0200
++++ cyrus-imapd-2.3.15/lib/libcyr_cfg.c 2009-09-18 11:55:03.436822867 +0200
+@@ -154,6 +154,10 @@ struct cyrusopt_s cyrus_options[] = {
+ CFGVAL(long, 1),
CYRUS_OPT_SWITCH },
+ { CYRUSOPT_NORMALIZEUID,
+ CFGVAL(long, 1),
+ CYRUS_OPT_SWITCH },
+
-+
{ CYRUSOPT_LAST, { NULL }, CYRUS_OPT_NOTOPT }
};
+diff -up cyrus-imapd-2.3.15/lib/libcyr_cfg.h.authid_normalize cyrus-imapd-2.3.15/lib/libcyr_cfg.h
+--- cyrus-imapd-2.3.15/lib/libcyr_cfg.h.authid_normalize 2009-03-31 06:43:20.000000000 +0200
++++ cyrus-imapd-2.3.15/lib/libcyr_cfg.h 2009-09-18 11:55:33.267115989 +0200
+@@ -114,6 +114,8 @@ enum cyrus_opt {
+ CYRUSOPT_SQL_USESSL,
+ /* Checkpoint after every recovery (OFF) */
+ CYRUSOPT_SKIPLIST_ALWAYS_CHECKPOINT,
++ /* Lowercase uid and strip leading and trailing blanks (OFF) */
++ CYRUSOPT_NORMALIZEUID,
+
+ CYRUSOPT_LAST
+
cyrus-imapd-2.3.12p2-autocreate-0.10-0.diff:
cyrus-imapd-2.3.13/README.autocreate | 211 +++++++++++
cyrus-imapd-2.3.15/imap/Makefile.in | 155 ++++----
cyrus-imapd-2.3.15/imap/autosieve.c | 590 ++++++++++++++++++++++++++++++++
cyrus-imapd-2.3.15/imap/compile_sieve.c | 365 +++++++++++++++++++
cyrus-imapd-2.3.15/imap/imapd.c | 43 ++
cyrus-imapd-2.3.15/imap/lmtpd.c | 92 ++++
cyrus-imapd-2.3.15/imap/mboxlist.c | 370 ++++++++++++++++++++
cyrus-imapd-2.3.15/imap/mboxlist.h | 4
cyrus-imapd-2.3.15/imap/pop3d.c | 46 ++
cyrus-imapd-2.3.15/lib/auth.c | 8
cyrus-imapd-2.3.15/lib/auth.h | 2
cyrus-imapd-2.3.15/lib/auth_krb.c | 17
cyrus-imapd-2.3.15/lib/auth_krb5.c | 15
cyrus-imapd-2.3.15/lib/auth_pts.c | 9
cyrus-imapd-2.3.15/lib/auth_unix.c | 11
cyrus-imapd-2.3.15/lib/imapoptions | 49 ++
cyrus-imapd-2.3.15/notifyd/Makefile.in | 3
cyrus-imapd-2.3.15/notifyd/notifyd.c | 2
cyrus-imapd-2.3.15/ptclient/Makefile.in | 3
19 files changed, 1916 insertions(+), 79 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.3 -r 1.4 cyrus-imapd-2.3.12p2-autocreate-0.10-0.diffIndex: cyrus-imapd-2.3.12p2-autocreate-0.10-0.diff
===================================================================
RCS file: /cvs/extras/rpms/cyrus-imapd/devel/cyrus-imapd-2.3.12p2-autocreate-0.10-0.diff,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- cyrus-imapd-2.3.12p2-autocreate-0.10-0.diff 2 Apr 2009 13:44:02 -0000 1.3
+++ cyrus-imapd-2.3.12p2-autocreate-0.10-0.diff 18 Sep 2009 13:21:33 -0000 1.4
@@ -1,435 +1,611 @@
---- cyrus-imapd-2.3.13/notifyd/notifyd.c.autocreate 2008-03-24 20:59:32.000000000 +0100
-+++ cyrus-imapd-2.3.13/notifyd/notifyd.c 2009-01-13 11:14:09.000000000 +0100
-@@ -96,7 +96,7 @@
-
- #define NOTIFY_MAXSIZE 8192
-
--int do_notify()
-+static int do_notify()
- {
- struct sockaddr_un sun_data;
- socklen_t sunlen = sizeof(sun_data);
---- cyrus-imapd-2.3.13/notifyd/Makefile.in.autocreate 2008-03-24 20:59:32.000000000 +0100
-+++ cyrus-imapd-2.3.13/notifyd/Makefile.in 2009-01-13 11:14:09.000000000 +0100
-@@ -71,10 +71,11 @@
- SERVICE=../master/service.o
-
- IMAP_LIBS = @IMAP_LIBS@ @LIB_RT@
-+SIEVE_LIBS = @SIEVE_LIBS@
- IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@
- LIB_WRAP = @LIB_WRAP@
- LIBS = @ZEPHYR_LIBS@ @LIBS@ $(IMAP_COM_ERR_LIBS)
--DEPLIBS=../imap/mutex_fake.o ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
-+DEPLIBS=../imap/mutex_fake.o ../imap/libimap.a $(SIEVE_LIBS) ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
-
- PURIFY=/usr/local/bin/purify
- PUREOPT=-best-effort
---- cyrus-imapd-2.3.13/imap/mboxlist.c.autocreate 2008-10-08 17:47:08.000000000 +0200
-+++ cyrus-imapd-2.3.13/imap/mboxlist.c 2009-01-13 11:14:09.000000000 +0100
-@@ -83,6 +83,12 @@
- #include "quota.h"
- #include "sync_log.h"
-
-+#ifdef USE_SIEVE
-+extern int autoadd_sieve(char *userid,
-+ const char *source_script);
+diff -up /dev/null cyrus-imapd-2.3.15/imap/autosieve.c
+--- /dev/null 2009-09-11 15:21:01.808252010 +0200
++++ cyrus-imapd-2.3.15/imap/autosieve.c 2009-09-18 11:11:39.778115814 +0200
+@@ -0,0 +1,590 @@
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
++#ifdef HAVE_UNISTD_H
++#include <unistd.h>
+#endif
+
++#include <errno.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/uio.h>
++#include <fcntl.h>
++#include <ctype.h>
++#include <time.h>
++#include <syslog.h>
++#include <com_err.h>
++#include <config.h>
+
- #define DB config_mboxlist_db
- #define SUBDB config_subscription_db
-
-@@ -100,11 +106,29 @@
- static int mboxlist_changequota(const char *name, int matchlen, int maycreate,
- void *rock);
-
-+static int mboxlist_autochangesub(char *name, int matchlen, int maycreate,
-+ void *rock);
++#include "global.h"
++#include "util.h"
++#include "xmalloc.h"
++#include "xstrlcpy.h"
++#include "xstrlcat.h"
++#include "mailbox.h"
++#include "imap_err.h"
++#include "sieve_interface.h"
++#include "script.h"
+
-+static int mboxlist_autosubscribe_sharedfolders(struct namespace *namespace,
-+ char *userid, char *auth_userid,
-+ struct auth_state *auth_state);
++#define TIMSIEVE_FAIL -1
++#define TIMSIEVE_OK 0
++#define MAX_FILENAME 1024
+
- struct change_rock {
- struct quota *quota;
- struct txn **tid;
- };
-
-+/*
-+ * Struct needed to be passed as void *rock to
-+ * mboxlist_autochangesub();
-+ */
-+struct changesub_rock_st {
-+ char *userid;
-+ char *auth_userid;
-+ struct auth_state *auth_state;
-+};
++static int get_script_name(char *sievename, size_t buflen, const char *filename);
++static int get_script_dir(char *sieve_script_dir, size_t buflen, char *userid, const char *sieve_dir);
++int autoadd_sieve(char *userid, const char *source_script);
+
++//static void fatal(const char *s, int code);
++static void foo(void);
++static int sieve_notify(void *ac __attribute__((unused)),
++ void *interp_context __attribute__((unused)),
++ void *script_context __attribute__((unused)),
++ void *message_context __attribute__((unused)),
++ const char **errmsg __attribute__((unused)));
++static int mysieve_error(int lineno, const char *msg,
++ void *i __attribute__((unused)), void *s);
++static int is_script_parsable(FILE *stream, char **errstr, sieve_script_t **ret);
++
++
++sieve_vacation_t vacation2 = {
++ 0, /* min response */
++ 0, /* max response */
++ (sieve_callback *) &foo, /* autorespond() */
++ (sieve_callback *) &foo /* send_response() */
++};
+
- #define FNAME_SUBSSUFFIX ".sub"
-
- /*
-@@ -3383,3 +3407,349 @@
-
- return(config_delete_mode == IMAP_ENUM_DELETE_MODE_DELAYED);
- }
+
+/*
-+ * Automatically subscribe user to *ALL* shared folders,
-+ * one has permissions to be subscribed to.
-+ * INBOX subfolders are excluded.
++ * Find the name of the sieve script
++ * given the source script and compiled script names
+ */
-+static int mboxlist_autochangesub(char *name, int matchlen, int maycreate,
-+ void *rock) {
-+
-+ struct changesub_rock_st *changesub_rock = (struct changesub_rock_st *) rock;
-+ char *userid = changesub_rock->userid;
-+ char *auth_userid = changesub_rock->auth_userid;
-+ struct auth_state *auth_state = changesub_rock->auth_state;
++static int get_script_name(char *sievename, size_t buflen, const char *filename)
++{
++ char *p;
+ int r;
+
++ p = strrchr(filename, '/');
++ if (p == NULL)
++ p = (char *) filename;
++ else
++ p++;
+
-+ if((strlen(name) == 5 && !strncmp(name, "INBOX", 5)) || /* Exclude INBOX */
-+ (strlen(name) > 5 && !strncmp(name, "INBOX.",6)) || /* Exclude INBOX subfolders */
-+ (strlen(name) > 4 && !strncmp(name, "user.", 5))) /* Exclude other users' folders */
-+ return 0;
-+
-+
-+ r = mboxlist_changesub(name, userid, auth_state, 1, 0);
-+
-+ if (r) {
-+ syslog(LOG_WARNING,
-+ "autosubscribe: User %s to folder %s, subscription failed: %s",
-+ auth_userid, name, error_message(r));
-+ } else {
-+ syslog(LOG_NOTICE,
-+ "autosubscribe: User %s to folder %s, subscription succeeded",
-+ auth_userid, name);
-+ }
-+
-+ return 0;
++ r = strlcpy(sievename, p, buflen) - buflen;
++ return (r >= 0 || r == -buflen ? 1 : 0);
+}
+
-+#define SEP '|'
+
+/*
-+ * Automatically subscribe user to a shared folder.
-+ * Subscription is done successfully, if the shared
-+ * folder exists and the user has the necessary
-+ * permissions.
++ * Find the directory where the sieve scripts of the user
++ * reside
+ */
-+static int mboxlist_autosubscribe_sharedfolders(struct namespace *namespace,
-+ char *userid, char *auth_userid,
-+ struct auth_state *auth_state) {
-+
[...2756 lines suppressed...]
+
+ struct auth_mech auth_krb5 =
+@@ -240,4 +254,5 @@ struct auth_mech auth_krb5 =
+ &mymemberof,
+ &mynewstate,
+ &myfreestate,
++ &mycanonuser,
+ };
+diff -up cyrus-imapd-2.3.15/lib/auth_krb.c.autocreate cyrus-imapd-2.3.15/lib/auth_krb.c
+--- cyrus-imapd-2.3.15/lib/auth_krb.c.autocreate 2009-03-31 06:11:21.000000000 +0200
++++ cyrus-imapd-2.3.15/lib/auth_krb.c 2009-09-18 11:11:39.785115812 +0200
+@@ -341,6 +341,15 @@ struct auth_state *auth_state;
free((char *)auth_state);
}
@@ -2192,7 +2222,7 @@
#else /* HAVE_KRB */
static int mymemberof(
-@@ -371,6 +380,13 @@
+@@ -372,6 +381,13 @@ static void myfreestate(
fatal("Authentication mechanism (krb) not compiled in", EC_CONFIG);
}
@@ -2206,15 +2236,16 @@
#endif
struct auth_mech auth_krb =
-@@ -381,4 +397,5 @@
+@@ -382,4 +398,5 @@ struct auth_mech auth_krb =
&mymemberof,
&mynewstate,
&myfreestate,
+ &mycanonuser,
};
---- cyrus-imapd-2.3.13/lib/auth_pts.c.autocreate 2008-03-24 18:43:08.000000000 +0100
-+++ cyrus-imapd-2.3.13/lib/auth_pts.c 2009-01-13 11:14:09.000000000 +0100
-@@ -512,6 +512,14 @@
+diff -up cyrus-imapd-2.3.15/lib/auth_pts.c.autocreate cyrus-imapd-2.3.15/lib/auth_pts.c
+--- cyrus-imapd-2.3.15/lib/auth_pts.c.autocreate 2008-03-24 18:43:08.000000000 +0100
++++ cyrus-imapd-2.3.15/lib/auth_pts.c 2009-09-18 11:11:39.785115812 +0200
+@@ -512,6 +512,14 @@ static void myfreestate(struct auth_stat
free(auth_state);
}
@@ -2229,68 +2260,42 @@
struct auth_mech auth_pts =
{
"pts", /* name */
-@@ -520,4 +528,5 @@
+@@ -520,4 +528,5 @@ struct auth_mech auth_pts =
&mymemberof,
&mynewstate,
&myfreestate,
+ &mycanonuser,
};
---- cyrus-imapd-2.3.13/lib/auth.h.autocreate 2008-03-24 18:43:08.000000000 +0100
-+++ cyrus-imapd-2.3.13/lib/auth.h 2009-01-13 11:14:09.000000000 +0100
-@@ -55,6 +55,7 @@
- const char *identifier);
- struct auth_state *(*newstate)(const char *identifier);
- void (*freestate)(struct auth_state *auth_state);
-+ char *(*auth_canonuser)(struct auth_state *auth_state);
- };
-
- extern struct auth_mech *auth_mechs[];
-@@ -77,5 +78,6 @@
- const char *identifier);
- struct auth_state *auth_newstate(const char *identifier);
- void auth_freestate(struct auth_state *auth_state);
-+char *auth_canonuser(struct auth_state *auth_state);
-
- #endif /* INCLUDED_AUTH_H */
---- cyrus-imapd-2.3.13/lib/auth_krb5.c.autocreate 2008-03-24 18:43:08.000000000 +0100
-+++ cyrus-imapd-2.3.13/lib/auth_krb5.c 2009-01-13 11:14:09.000000000 +0100
-@@ -199,6 +199,14 @@
- free(auth_state);
+diff -up cyrus-imapd-2.3.15/lib/auth_unix.c.autocreate cyrus-imapd-2.3.15/lib/auth_unix.c
+--- cyrus-imapd-2.3.15/lib/auth_unix.c.autocreate 2009-03-31 06:11:22.000000000 +0200
++++ cyrus-imapd-2.3.15/lib/auth_unix.c 2009-09-18 11:11:39.787115798 +0200
+@@ -315,6 +315,16 @@ struct auth_state *auth_state;
+ free((char *)auth_state);
}
-+static char *mycanonuser(struct auth_state *auth_state)
++static char *mycanonuser(auth_state)
++ struct auth_state *auth_state;
+{
+ if (auth_state)
-+ return auth_state->userid;
++ return auth_state->userid;
+
+ return NULL;
+}
+
- #else /* HAVE_GSSAPI_H */
-
- static int mymemberof(
-@@ -230,6 +238,12 @@
- fatal("Authentication mechanism (krb5) not compiled in", EC_CONFIG);
- }
-
-+static char *mycanonuser(
-+ struct auth_state *auth_state __attribute__((unused)))
-+{
-+ fatal("Authentication mechanism (krb5) not compiled in", EC_CONFIG);
-+}
+
- #endif
- struct auth_mech auth_krb5 =
-@@ -240,4 +254,5 @@
+ struct auth_mech auth_unix =
+ {
+@@ -324,4 +334,5 @@ struct auth_mech auth_unix =
&mymemberof,
&mynewstate,
&myfreestate,
+ &mycanonuser,
};
---- cyrus-imapd-2.3.13/lib/imapoptions.autocreate 2008-10-08 19:18:12.000000000 +0200
-+++ cyrus-imapd-2.3.13/lib/imapoptions 2009-01-13 11:14:09.000000000 +0100
-@@ -198,6 +198,55 @@
+diff -up cyrus-imapd-2.3.15/lib/imapoptions.autocreate cyrus-imapd-2.3.15/lib/imapoptions
+--- cyrus-imapd-2.3.15/lib/imapoptions.autocreate 2009-06-29 19:21:06.000000000 +0200
++++ cyrus-imapd-2.3.15/lib/imapoptions 2009-09-18 11:11:39.787115798 +0200
+@@ -198,6 +198,55 @@ are listed with ``<none>''.
/* Number of seconds to wait before returning a timeout failure when
performing a client connection (e.g., in a murder environment) */
@@ -2346,28 +2351,47 @@
{ "configdirectory", NULL, STRING }
/* The pathname of the IMAP configuration directory. This field is
required. */
---- cyrus-imapd-2.3.13/lib/auth_unix.c.autocreate 2008-08-26 21:20:39.000000000 +0200
-+++ cyrus-imapd-2.3.13/lib/auth_unix.c 2009-01-13 11:14:09.000000000 +0100
-@@ -314,6 +314,16 @@
- free((char *)auth_state);
- }
+diff -up cyrus-imapd-2.3.15/notifyd/Makefile.in.autocreate cyrus-imapd-2.3.15/notifyd/Makefile.in
+--- cyrus-imapd-2.3.15/notifyd/Makefile.in.autocreate 2008-03-24 20:59:32.000000000 +0100
++++ cyrus-imapd-2.3.15/notifyd/Makefile.in 2009-09-18 11:11:39.776115765 +0200
+@@ -71,10 +71,11 @@ NOTIFYD_LIBS = @NOTIFYD_LIBS@
+ SERVICE=../master/service.o
-+static char *mycanonuser(auth_state)
-+ struct auth_state *auth_state;
-+{
-+ if (auth_state)
-+ return auth_state->userid;
-+
-+ return NULL;
-+}
-+
-+
+ IMAP_LIBS = @IMAP_LIBS@ @LIB_RT@
++SIEVE_LIBS = @SIEVE_LIBS@
+ IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@
+ LIB_WRAP = @LIB_WRAP@
+ LIBS = @ZEPHYR_LIBS@ @LIBS@ $(IMAP_COM_ERR_LIBS)
+-DEPLIBS=../imap/mutex_fake.o ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
++DEPLIBS=../imap/mutex_fake.o ../imap/libimap.a $(SIEVE_LIBS) ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
- struct auth_mech auth_unix =
+ PURIFY=/usr/local/bin/purify
+ PUREOPT=-best-effort
+diff -up cyrus-imapd-2.3.15/notifyd/notifyd.c.autocreate cyrus-imapd-2.3.15/notifyd/notifyd.c
+--- cyrus-imapd-2.3.15/notifyd/notifyd.c.autocreate 2008-03-24 20:59:32.000000000 +0100
++++ cyrus-imapd-2.3.15/notifyd/notifyd.c 2009-09-18 11:11:39.776115765 +0200
+@@ -96,7 +96,7 @@ char *fetch_arg(char *head, char* tail)
+
+ #define NOTIFY_MAXSIZE 8192
+
+-int do_notify()
++static int do_notify()
{
-@@ -323,4 +333,5 @@
- &mymemberof,
- &mynewstate,
- &myfreestate,
-+ &mycanonuser,
- };
+ struct sockaddr_un sun_data;
+ socklen_t sunlen = sizeof(sun_data);
+diff -up cyrus-imapd-2.3.15/ptclient/Makefile.in.autocreate cyrus-imapd-2.3.15/ptclient/Makefile.in
+--- cyrus-imapd-2.3.15/ptclient/Makefile.in.autocreate 2008-03-24 19:34:22.000000000 +0100
++++ cyrus-imapd-2.3.15/ptclient/Makefile.in 2009-09-18 11:11:39.784115791 +0200
+@@ -57,10 +57,11 @@ CPPFLAGS = -I.. -I$(srcdir)/../imap -I$(
+ AFS_LDFLAGS = @AFS_LDFLAGS@ @COM_ERR_LDFLAGS@
+ AFS_LIBS = @AFS_LIBS@
+ IMAP_LIBS = @IMAP_LIBS@ @LIB_RT@
++SIEVE_LIBS = @SIEVE_LIBS@
+ LIBS = $(IMAP_LIBS) @COM_ERR_LIBS@
+ LIB_SASL = @LIB_SASL@
+ LIB_WRAP = @LIB_WRAP@
+-DEPLIBS = ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
++DEPLIBS = ../imap/libimap.a $(SIEVE_LIBS) ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
+ UTIL_LIBS = ../imap/mutex_fake.o ../imap/cli_fatal.o
+
+ LDAP_LIBS=@LDAP_LIBS@
cyrus-imapd-2.3.7-notify_sms.patch:
doc/man/imapd.conf.5.html | 18 +++++++
doc/man/notifyd.8.html | 12 ++++
lib/imapoptions | 4 +
man/imapd.conf.5 | 3 +
man/notifyd.8 | 5 +
notifyd/Makefile.in | 2
notifyd/notify_sms.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++
notifyd/notify_sms.h | 61 ++++++++++++++++++++++++
notifyd/notifyd.h | 2
9 files changed, 222 insertions(+), 1 deletion(-)
Index: cyrus-imapd-2.3.7-notify_sms.patch
===================================================================
RCS file: /cvs/extras/rpms/cyrus-imapd/devel/cyrus-imapd-2.3.7-notify_sms.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- cyrus-imapd-2.3.7-notify_sms.patch 12 Mar 2007 16:22:52 -0000 1.1
+++ cyrus-imapd-2.3.7-notify_sms.patch 18 Sep 2009 13:21:33 -0000 1.2
@@ -1,7 +1,7 @@
-diff -Naur cyrus-imapd-2.3.7.orig/doc/man/imapd.conf.5.html cyrus-imapd-2.3.7/doc/man/imapd.conf.5.html
---- cyrus-imapd-2.3.7.orig/doc/man/imapd.conf.5.html 2006-07-10 16:31:53.000000000 +0200
-+++ cyrus-imapd-2.3.7/doc/man/imapd.conf.5.html 2006-07-14 10:27:29.000000000 +0200
-@@ -3130,6 +3130,24 @@
+diff -up cyrus-imapd-2.3.15/doc/man/imapd.conf.5.html.notify_sms cyrus-imapd-2.3.15/doc/man/imapd.conf.5.html
+--- cyrus-imapd-2.3.15/doc/man/imapd.conf.5.html.notify_sms 2009-09-09 15:19:50.000000000 +0200
++++ cyrus-imapd-2.3.15/doc/man/imapd.conf.5.html 2009-09-18 11:49:42.207115959 +0200
+@@ -3469,6 +3469,24 @@ proxying CREATE.</p>
<tr valign="top" align="left">
<td width="10%"></td>
<td width="89%">
@@ -26,10 +26,10 @@ diff -Naur cyrus-imapd-2.3.7.orig/doc/ma
<p><b>servername:</b> <none></p></td>
</table>
<!-- INDENTATION -->
-diff -Naur cyrus-imapd-2.3.7.orig/doc/man/notifyd.8.html cyrus-imapd-2.3.7/doc/man/notifyd.8.html
---- cyrus-imapd-2.3.7.orig/doc/man/notifyd.8.html 2006-07-10 16:31:54.000000000 +0200
-+++ cyrus-imapd-2.3.7/doc/man/notifyd.8.html 2006-07-14 10:27:29.000000000 +0200
-@@ -181,6 +181,18 @@
+diff -up cyrus-imapd-2.3.15/doc/man/notifyd.8.html.notify_sms cyrus-imapd-2.3.15/doc/man/notifyd.8.html
+--- cyrus-imapd-2.3.15/doc/man/notifyd.8.html.notify_sms 2009-09-09 15:19:51.000000000 +0200
++++ cyrus-imapd-2.3.15/doc/man/notifyd.8.html 2009-09-18 11:49:42.208116026 +0200
+@@ -181,6 +181,18 @@ a Sieve ’notify’ action as i
<td width="11%"></td>
<td width="10%">
@@ -48,10 +48,10 @@ diff -Naur cyrus-imapd-2.3.7.orig/doc/ma
<p><b>zephyr</b></p>
</td>
<td width="77%">
-diff -Naur cyrus-imapd-2.3.7.orig/lib/imapoptions cyrus-imapd-2.3.7/lib/imapoptions
---- cyrus-imapd-2.3.7.orig/lib/imapoptions 2006-06-27 17:58:42.000000000 +0200
-+++ cyrus-imapd-2.3.7/lib/imapoptions 2006-07-14 10:27:29.000000000 +0200
-@@ -829,6 +829,10 @@
+diff -up cyrus-imapd-2.3.15/lib/imapoptions.notify_sms cyrus-imapd-2.3.15/lib/imapoptions
+--- cyrus-imapd-2.3.15/lib/imapoptions.notify_sms 2009-09-18 11:49:42.189116010 +0200
++++ cyrus-imapd-2.3.15/lib/imapoptions 2009-09-18 11:50:38.230115954 +0200
+@@ -966,6 +966,10 @@ are listed with ``<none>''.
/* The pathname of the sendmail executable. Sieve invokes sendmail
for sending rejections, redirects and vacation responses. */
@@ -59,26 +59,26 @@ diff -Naur cyrus-imapd-2.3.7.orig/lib/im
+/* The pathname of the sendsms executable. Sieve invokes sendsms
+ for sending SMS notifications. */
+
- { "servername", NULL, STRING }
- /* This is the hostname visible in the greeting messages of the POP,
- IMAP and LMTP daemons. If it is unset, then the result returned
-diff -Naur cyrus-imapd-2.3.7.orig/man/imapd.conf.5 cyrus-imapd-2.3.7/man/imapd.conf.5
---- cyrus-imapd-2.3.7.orig/man/imapd.conf.5 2006-07-10 16:31:52.000000000 +0200
-+++ cyrus-imapd-2.3.7/man/imapd.conf.5 2006-07-14 10:27:29.000000000 +0200
-@@ -691,6 +691,9 @@
+ { "serverlist", NULL, STRING }
+ /* Whitespace separated list of backend server names. Used for
+ finding server with the most available free space for proxying
+diff -up cyrus-imapd-2.3.15/man/imapd.conf.5.notify_sms cyrus-imapd-2.3.15/man/imapd.conf.5
+--- cyrus-imapd-2.3.15/man/imapd.conf.5.notify_sms 2009-09-09 15:19:48.000000000 +0200
++++ cyrus-imapd-2.3.15/man/imapd.conf.5 2009-09-18 11:51:26.441839866 +0200
+@@ -771,6 +771,9 @@ Allowed values: \fIflat\fR, \fIberkeley\
.IP "\fBsendmail:\fR /usr/lib/sendmail" 5
The pathname of the sendmail executable. Sieve invokes sendmail
for sending rejections, redirects and vacation responses.
+.IP "\fBsendsms:\fR /usr/bin/sendsms" 5
+The pathname of the sendsms executable. Sieve invokes sendsms
+for sending SMS notifications.
- .IP "\fBservername:\fR <none>" 5
- This is the hostname visible in the greeting messages of the POP,
- IMAP and LMTP daemons. If it is unset, then the result returned
-diff -Naur cyrus-imapd-2.3.7.orig/man/notifyd.8 cyrus-imapd-2.3.7/man/notifyd.8
---- cyrus-imapd-2.3.7.orig/man/notifyd.8 2003-08-10 01:43:14.000000000 +0200
-+++ cyrus-imapd-2.3.7/man/notifyd.8 2006-07-14 10:27:29.000000000 +0200
-@@ -110,6 +110,11 @@
+ .IP "\fBserverlist:\fR <none>" 5
+ Whitespace separated list of backend server names. Used for
+ finding server with the most available free space for proxying
+diff -up cyrus-imapd-2.3.15/man/notifyd.8.notify_sms cyrus-imapd-2.3.15/man/notifyd.8
+--- cyrus-imapd-2.3.15/man/notifyd.8.notify_sms 2008-04-04 14:47:00.000000000 +0200
++++ cyrus-imapd-2.3.15/man/notifyd.8 2009-09-18 11:49:42.225115999 +0200
+@@ -111,6 +111,11 @@ Email the notification. This method can
Sieve 'notify' action as it requires a \fImailto:\fR URL to be
specified as an \fI:option\fR.
.TP
@@ -90,10 +90,10 @@ diff -Naur cyrus-imapd-2.3.7.orig/man/no
.B zephyr
Send the notification as a zephyrgram. If used in a Sieve 'notify'
action, additional recipients can be specified as \fI:options\fR.
-diff -Naur cyrus-imapd-2.3.7.orig/notifyd/Makefile.in cyrus-imapd-2.3.7/notifyd/Makefile.in
---- cyrus-imapd-2.3.7.orig/notifyd/Makefile.in 2004-05-31 20:22:59.000000000 +0200
-+++ cyrus-imapd-2.3.7/notifyd/Makefile.in 2006-07-14 10:27:29.000000000 +0200
-@@ -82,7 +82,7 @@
+diff -up cyrus-imapd-2.3.15/notifyd/Makefile.in.notify_sms cyrus-imapd-2.3.15/notifyd/Makefile.in
+--- cyrus-imapd-2.3.15/notifyd/Makefile.in.notify_sms 2009-09-18 11:49:42.172115947 +0200
++++ cyrus-imapd-2.3.15/notifyd/Makefile.in 2009-09-18 11:49:42.225115999 +0200
+@@ -85,7 +85,7 @@ all: notifyd
install:
$(INSTALL) -m 755 notifyd $(DESTDIR)$(service_path)
@@ -102,10 +102,10 @@ diff -Naur cyrus-imapd-2.3.7.orig/notify
notifytest: notifytest.o
$(CC) $(LDFLAGS) -o notifytest \
-diff -Naur cyrus-imapd-2.3.7.orig/notifyd/notifyd.h cyrus-imapd-2.3.7/notifyd/notifyd.h
---- cyrus-imapd-2.3.7.orig/notifyd/notifyd.h 2003-02-13 21:15:48.000000000 +0100
-+++ cyrus-imapd-2.3.7/notifyd/notifyd.h 2006-07-14 10:27:29.000000000 +0200
-@@ -48,6 +48,7 @@
+diff -up cyrus-imapd-2.3.15/notifyd/notifyd.h.notify_sms cyrus-imapd-2.3.15/notifyd/notifyd.h
+--- cyrus-imapd-2.3.15/notifyd/notifyd.h.notify_sms 2008-03-24 20:59:32.000000000 +0100
++++ cyrus-imapd-2.3.15/notifyd/notifyd.h 2009-09-18 11:49:42.233116003 +0200
+@@ -47,6 +47,7 @@
#include "notify_null.h"
#include "notify_log.h"
#include "notify_mailto.h"
@@ -113,7 +113,7 @@ diff -Naur cyrus-imapd-2.3.7.orig/notify
#include "notify_zephyr.h"
/* Notify method dispatch table definition */
-@@ -64,6 +65,7 @@
+@@ -63,6 +64,7 @@ notifymethod_t methods[] = {
{ "null", notify_null }, /* do nothing */
{ "log", notify_log }, /* use syslog (for testing) */
{ "mailto", notify_mailto }, /* send an email */
@@ -121,9 +121,9 @@ diff -Naur cyrus-imapd-2.3.7.orig/notify
#ifdef HAVE_ZEPHYR
{ "zephyr", notify_zephyr }, /* send a zephyrgram */
#endif
-diff -Naur cyrus-imapd-2.3.7.orig/notifyd/notify_sms.c cyrus-imapd-2.3.7/notifyd/notify_sms.c
---- cyrus-imapd-2.3.7.orig/notifyd/notify_sms.c 1970-01-01 01:00:00.000000000 +0100
-+++ cyrus-imapd-2.3.7/notifyd/notify_sms.c 2006-07-14 10:29:10.000000000 +0200
+diff -up /dev/null cyrus-imapd-2.3.15/notifyd/notify_sms.c
+--- /dev/null 2009-09-11 15:21:01.808252010 +0200
++++ cyrus-imapd-2.3.15/notifyd/notify_sms.c 2009-09-18 11:49:42.233116003 +0200
@@ -0,0 +1,116 @@
+/* notify_sms.c -- SMS notification method
+ * Simon Matter
@@ -241,9 +241,9 @@ diff -Naur cyrus-imapd-2.3.7.orig/notify
+
+ return strdup("OK sms notification successful");
+}
-diff -Naur cyrus-imapd-2.3.7.orig/notifyd/notify_sms.h cyrus-imapd-2.3.7/notifyd/notify_sms.h
---- cyrus-imapd-2.3.7.orig/notifyd/notify_sms.h 1970-01-01 01:00:00.000000000 +0100
-+++ cyrus-imapd-2.3.7/notifyd/notify_sms.h 2006-07-14 10:29:10.000000000 +0200
+diff -up /dev/null cyrus-imapd-2.3.15/notifyd/notify_sms.h
+--- /dev/null 2009-09-11 15:21:01.808252010 +0200
++++ cyrus-imapd-2.3.15/notifyd/notify_sms.h 2009-09-18 11:49:42.233116003 +0200
@@ -0,0 +1,61 @@
+/* notify_sms.h -- SMS notification method
+ * Simon Matter
Index: cyrus-imapd.spec
===================================================================
RCS file: /cvs/extras/rpms/cyrus-imapd/devel/cyrus-imapd.spec,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -p -r1.59 -r1.60
--- cyrus-imapd.spec 16 Sep 2009 11:52:47 -0000 1.59
+++ cyrus-imapd.spec 18 Sep 2009 13:21:33 -0000 1.60
@@ -1,6 +1,6 @@
Name: cyrus-imapd
-Version: 2.3.14
-Release: 6%{?dist}
+Version: 2.3.15
+Release: 1%{?dist}
# ********************** BUILD TIME OPTIONS START **********************
@@ -72,7 +72,6 @@ URL: http://cyrusimap.web.cmu.edu/
#Vendor: Invoca Systems
#Distribution: Invoca Linux Server
Source0: ftp://ftp.andrew.cmu.edu/pub/cyrus/%{name}-%{version}.tar.gz
-#Source2: http://ftp.gnu.org/gnu/autoconf/autoconf-%{_acversion}.tar.gz
Source3: cyrus-deliver-wrapper.c
Source4: cyrus-user-procmailrc.template
Source5: cyrus-imapd.logrotate
@@ -116,7 +115,7 @@ Patch15: cyrus-imapd-2.3.1-make_md5_defa
Patch18: cyrus-imapd-2.3.7-krb4.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=461875
Patch19: cyrus-imapd-2.3.12p2-current-db.patch
-Patch20: cyrus-imapd-2.3.13-bufov.patch
+Patch20: cyrus-imapd-2.3.15-bufov.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: autoconf >= 2.59
BuildRequires: cyrus-sasl-devel >= 2.1.15-1, perl-devel, tcp_wrappers
@@ -600,6 +599,7 @@ fi
%{_cyrexecdir}/arbitronsort.pl
%{_cyrexecdir}/chk_cyrus
%{_cyrexecdir}/convert-sieve.pl
+%{_cyrexecdir}/cyr_df
%{_cyrexecdir}/ctl_cyrusdb
%{_cyrexecdir}/ctl_deliver
%{_cyrexecdir}/ctl_mboxlist
@@ -731,7 +731,10 @@ fi
%{_mandir}/man1/*
%changelog
-* Wed Sep 16 2009 Tomas Mraz <tmraz at redhat.com> - 2.3.14-6
+* Fri Sep 18 2009 Michal Hlavinka <mhlavink at redhat.com> - 2.3.15-1
+- fix buffer overflow in cyrus sieve (CVE-2009-3235)
+
+-* Wed Sep 16 2009 Tomas Mraz <tmraz at redhat.com> - 2.3.14-6
- use password-auth common PAM configuration instead of system-auth
* Mon Sep 07 2009 Michal Hlavinka <mhlavink at redhat.com> - 2.3.14-5
More information about the scm-commits
mailing list