Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package isync for openSUSE:Factory checked in at 2021-08-11 11:47:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/isync (Old) and /work/SRC/openSUSE:Factory/.isync.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "isync" Wed Aug 11 11:47:13 2021 rev:9 rq:911240 version:1.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/isync/isync.changes 2021-06-14 23:11:44.280821200 +0200 +++ /work/SRC/openSUSE:Factory/.isync.new.1899/isync.changes 2021-08-11 11:47:51.293700475 +0200 @@ -1,0 +2,5 @@ +Wed Aug 4 07:31:05 UTC 2021 - Dan ??erm??k <dcer...@suse.com> + +- New upstream release 1.4.3 + +------------------------------------------------------------------- Old: ---- isync-1.4.2.tar.gz isync-1.4.2.tar.gz.asc New: ---- isync-1.4.3.tar.gz isync-1.4.3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ isync.spec ++++++ --- /var/tmp/diff_new_pack.2Qdi2K/_old 2021-08-11 11:47:51.697699989 +0200 +++ /var/tmp/diff_new_pack.2Qdi2K/_new 2021-08-11 11:47:51.697699989 +0200 @@ -17,7 +17,7 @@ Name: isync -Version: 1.4.2 +Version: 1.4.3 Release: 0 Summary: Utility to synchronize IMAP mailboxes with local maildir folders License: GPL-2.0-only ++++++ isync-1.4.2.tar.gz -> isync-1.4.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/isync-1.4.2/ChangeLog new/isync-1.4.3/ChangeLog --- old/isync-1.4.2/ChangeLog 2021-06-06 17:29:43.000000000 +0200 +++ new/isync-1.4.3/ChangeLog 2021-07-29 13:14:32.000000000 +0200 @@ -1,3 +1,37 @@ +2021-07-29 11:14 Oswald Buddenhagen <o...@users.sf.net> + + * configure.ac: + + bump version + +2021-06-21 09:35 Oswald Buddenhagen <o...@users.sf.net> + + * src/drv_maildir.c: + + limit maildir nesting depth + + this is a cheap way to catch symlink loops. 10 seems like a reasonable + limit, as it's unlikely that anyone would be able to actually work with + such a deeply nested mailbox tree. + + fixes debian bug #990117. + +2021-06-11 15:56 Oswald Buddenhagen <o...@users.sf.net> + + * src/drv_imap.c: + + enable embedding arbitrarily long strings into IMAP commands + + the AUTHENTICATE command may get insanely long for GSSAPI when SASL-IR + is available. instead of growing the buffers each time someone hits the + limit (as done in f7cec306), remove the limitation altogether. + + imap_vprintf() still contains a fixed-size buffer which could overflow + when really long strings (e.g., mailbox names) need to be quoted. this + seems very unlikely, so we'll deal with it if someone actually hits it. + + REFMAIL: 87sg1qxdye....@cern.ch + 2021-06-03 09:07 Oswald Buddenhagen <o...@users.sf.net> * configure.ac: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/isync-1.4.2/configure new/isync-1.4.3/configure --- old/isync-1.4.2/configure 2021-06-06 17:29:42.000000000 +0200 +++ new/isync-1.4.3/configure 2021-07-29 13:14:30.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for isync 1.4.2. +# Generated by GNU Autoconf 2.69 for isync 1.4.3. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='isync' PACKAGE_TARNAME='isync' -PACKAGE_VERSION='1.4.2' -PACKAGE_STRING='isync 1.4.2' +PACKAGE_VERSION='1.4.3' +PACKAGE_STRING='isync 1.4.3' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1308,7 +1308,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures isync 1.4.2 to adapt to many kinds of systems. +\`configure' configures isync 1.4.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1380,7 +1380,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of isync 1.4.2:";; + short | recursive ) echo "Configuration of isync 1.4.3:";; esac cat <<\_ACEOF @@ -1486,7 +1486,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -isync configure 1.4.2 +isync configure 1.4.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1851,7 +1851,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by isync $as_me 1.4.2, which was +It was created by isync $as_me 1.4.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2823,7 +2823,7 @@ # Define the identity of the package. PACKAGE='isync' - VERSION='1.4.2' + VERSION='1.4.3' cat >>confdefs.h <<_ACEOF @@ -5724,7 +5724,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by isync $as_me 1.4.2, which was +This file was extended by isync $as_me 1.4.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5790,7 +5790,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -isync config.status 1.4.2 +isync config.status 1.4.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/isync-1.4.2/configure.ac new/isync-1.4.3/configure.ac --- old/isync-1.4.2/configure.ac 2021-06-03 11:07:31.000000000 +0200 +++ new/isync-1.4.3/configure.ac 2021-07-29 13:13:58.000000000 +0200 @@ -1,4 +1,4 @@ -AC_INIT([isync], [1.4.2]) +AC_INIT([isync], [1.4.3]) AC_CONFIG_HEADERS([autodefs.h]) AC_CANONICAL_TARGET diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/isync-1.4.2/isync.spec new/isync-1.4.3/isync.spec --- old/isync-1.4.2/isync.spec 2021-06-06 17:29:43.000000000 +0200 +++ new/isync-1.4.3/isync.spec 2021-07-29 13:14:31.000000000 +0200 @@ -1,10 +1,10 @@ Summary: Utility to synchronize IMAP mailboxes with local maildir folders Name: isync -Version: 1.4.2 +Version: 1.4.3 Release: 1 License: GPL Group: Applications/Internet -Source: isync-1.4.2.tar.gz +Source: isync-1.4.3.tar.gz URL: http://isync.sf.net/ Packager: Oswald Buddenhagen <o...@users.sf.net> BuildRoot: /var/tmp/%{name}-buildroot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/isync-1.4.2/src/drv_imap.c new/isync-1.4.3/src/drv_imap.c --- old/isync-1.4.2/src/drv_imap.c 2021-06-03 11:04:41.000000000 +0200 +++ new/isync-1.4.3/src/drv_imap.c 2021-06-11 17:47:32.000000000 +0200 @@ -335,42 +335,45 @@ static void send_imap_cmd( imap_store_t *ctx, imap_cmd_t *cmd ) { - int litplus, iovcnt = 1; - int bufl; - const char *buffmt; - conn_iovec_t iov[3]; - char buf[4096]; + int litplus, iovcnt = 3; + uint tbufl, lbufl; + conn_iovec_t iov[5]; + char tagbuf[16]; + char lenbuf[16]; cmd->tag = ++ctx->nexttag; + tbufl = nfsnprintf( tagbuf, sizeof(tagbuf), "%d ", cmd->tag ); if (!cmd->param.data) { - buffmt = "%d %s\r\n"; + memcpy( lenbuf, "\r\n", 3 ); + lbufl = 2; litplus = 0; } else if ((cmd->param.to_trash && ctx->trashnc == TrashUnknown) || !CAP(LITERALPLUS) || cmd->param.data_len >= 100*1024) { - buffmt = "%d %s{%d}\r\n"; + lbufl = nfsnprintf( lenbuf, sizeof(lenbuf), "{%u}\r\n", cmd->param.data_len ); litplus = 0; } else { - buffmt = "%d %s{%d+}\r\n"; + lbufl = nfsnprintf( lenbuf, sizeof(lenbuf), "{%u+}\r\n", cmd->param.data_len ); litplus = 1; } -DIAG_PUSH -DIAG_DISABLE("-Wformat-nonliteral") - bufl = nfsnprintf( buf, sizeof(buf), buffmt, - cmd->tag, cmd->cmd, cmd->param.data_len ); -DIAG_POP if (DFlags & DEBUG_NET) { if (ctx->num_in_progress) printf( "(%d in progress) ", ctx->num_in_progress ); if (starts_with( cmd->cmd, -1, "LOGIN", 5 )) - printf( "%s>>> %d LOGIN <user> <pass>\n", ctx->label, cmd->tag ); + printf( "%s>>> %sLOGIN <user> <pass>\r\n", ctx->label, tagbuf ); else if (starts_with( cmd->cmd, -1, "AUTHENTICATE PLAIN", 18 )) - printf( "%s>>> %d AUTHENTICATE PLAIN <authdata>\n", ctx->label, cmd->tag ); + printf( "%s>>> %sAUTHENTICATE PLAIN <authdata>\r\n", ctx->label, tagbuf ); else - printf( "%s>>> %s", ctx->label, buf ); + printf( "%s>>> %s%s%s", ctx->label, tagbuf, cmd->cmd, lenbuf ); fflush( stdout ); } - iov[0].buf = buf; - iov[0].len = (uint)bufl; + iov[0].buf = tagbuf; + iov[0].len = tbufl; iov[0].takeOwn = KeepOwn; + iov[1].buf = cmd->cmd; + iov[1].len = strlen( cmd->cmd ); + iov[1].takeOwn = KeepOwn; + iov[2].buf = lenbuf; + iov[2].len = lbufl; + iov[2].takeOwn = KeepOwn; if (litplus) { if (DFlags & DEBUG_NET_ALL) { printf( "%s>>>>>>>>>\n", ctx->label ); @@ -378,15 +381,15 @@ printf( "%s>>>>>>>>>\n", ctx->label ); fflush( stdout ); } - iov[1].buf = cmd->param.data; - iov[1].len = cmd->param.data_len; - iov[1].takeOwn = GiveOwn; + iov[3].buf = cmd->param.data; + iov[3].len = cmd->param.data_len; + iov[3].takeOwn = GiveOwn; cmd->param.data = NULL; ctx->buffer_mem -= cmd->param.data_len; - iov[2].buf = "\r\n"; - iov[2].len = 2; - iov[2].takeOwn = KeepOwn; - iovcnt = 3; + iov[4].buf = "\r\n"; + iov[4].len = 2; + iov[4].takeOwn = KeepOwn; + iovcnt = 5; } socket_write( &ctx->conn, iov, iovcnt ); if (cmd->param.to_trash && ctx->trashnc == TrashUnknown) @@ -512,7 +515,20 @@ const char *s; char *d, *ed; char c; - char buf[4096]; +#define MAX_SEGS 16 +#define add_seg(s, l) \ + do { \ + if (nsegs == MAX_SEGS) \ + oob(); \ + segs[nsegs] = s; \ + segls[nsegs++] = l; \ + totlen += l; \ + } while (0) + int nsegs = 0; + uint totlen = 0; + const char *segs[MAX_SEGS]; + uint segls[MAX_SEGS]; + char buf[1000]; d = buf; ed = d + sizeof(buf); @@ -521,12 +537,10 @@ c = *fmt; if (!c || c == '%') { uint l = fmt - s; - if (d + l > ed) - oob(); - memcpy( d, s, l ); - d += l; + if (l) + add_seg( s, l ); if (!c) - return nfstrndup( buf, (size_t)(d - buf) ); + break; uint maxlen = UINT_MAX; c = *++fmt; if (c == '\\') { @@ -535,6 +549,7 @@ fputs( "Fatal: unsupported escaped format specifier. Please report a bug.\n", stderr ); abort(); } + char *bd = d; s = va_arg( ap, const char * ); while ((c = *s++)) { if (d + 2 > ed) @@ -543,6 +558,9 @@ *d++ = '\\'; *d++ = c; } + l = d - bd; + if (l) + add_seg( bd, l ); } else { /* \\ cannot be combined with anything else. */ if (c == '.') { c = *++fmt; @@ -556,18 +574,21 @@ if (c == 'c') { if (d + 1 > ed) oob(); + add_seg( d, 1 ); *d++ = (char)va_arg( ap , int ); } else if (c == 's') { s = va_arg( ap, const char * ); l = strnlen( s, maxlen ); - if (d + l > ed) - oob(); - memcpy( d, s, l ); - d += l; + if (l) + add_seg( s, l ); } else if (c == 'd') { - d += nfsnprintf( d, ed - d, "%d", va_arg( ap , int ) ); + l = nfsnprintf( d, ed - d, "%d", va_arg( ap, int ) ); + add_seg( d, l ); + d += l; } else if (c == 'u') { - d += nfsnprintf( d, ed - d, "%u", va_arg( ap , uint ) ); + l = nfsnprintf( d, ed - d, "%u", va_arg( ap, uint ) ); + add_seg( d, l ); + d += l; } else { fputs( "Fatal: unsupported format specifier. Please report a bug.\n", stderr ); abort(); @@ -578,6 +599,13 @@ fmt++; } } + char *out = d = nfmalloc( totlen + 1 ); + for (int i = 0; i < nsegs; i++) { + memcpy( d, segs[i], segls[i] ); + d += segls[i]; + } + *d = 0; + return out; } static void diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/isync-1.4.2/src/drv_maildir.c new/isync-1.4.3/src/drv_maildir.c --- old/isync-1.4.2/src/drv_maildir.c 2021-03-19 18:18:09.000000000 +0100 +++ new/isync-1.4.3/src/drv_maildir.c 2021-07-29 13:12:45.000000000 +0200 @@ -395,7 +395,7 @@ static int maildir_list_path( maildir_store_t *ctx, int flags, const char *inbox ); static int -maildir_list_recurse( maildir_store_t *ctx, int isBox, int flags, +maildir_list_recurse( maildir_store_t *ctx, int isBox, int flags, int depth, const char *inbox, uint inboxLen, const char *basePath, uint basePathLen, char *path, int pathLen, char *name, int nameLen ) { @@ -417,6 +417,12 @@ closedir( dir ); return -1; } + if (++depth > 10) { + // We do the other checks first to avoid confusing error messages for files. + error( "Maildir error: path %s is too deeply nested. Symlink loop?\n", path ); + closedir( dir ); + return -1; + } while ((de = readdir( dir ))) { const char *ent = de->d_name; if (ent[0] == '.' && (!ent[1] || (ent[1] == '.' && !ent[2]))) @@ -464,7 +470,7 @@ add_string_list( &ctx->boxes, name ); path[pl] = 0; name[nl++] = '/'; - if (maildir_list_recurse( ctx, isBox + 1, flags, inbox, inboxLen, basePath, basePathLen, path, pl, name, nl ) < 0) { + if (maildir_list_recurse( ctx, isBox + 1, flags, depth, inbox, inboxLen, basePath, basePathLen, path, pl, name, nl ) < 0) { closedir( dir ); return -1; } @@ -485,7 +491,7 @@ add_string_list( &ctx->boxes, "INBOX" ); return maildir_list_recurse( - ctx, 1, flags, NULL, 0, basePath, basePath ? strlen( basePath ) - 1 : 0, + ctx, 1, flags, 0, NULL, 0, basePath, basePath ? strlen( basePath ) - 1 : 0, path, nfsnprintf( path, _POSIX_PATH_MAX, "%s/", ctx->conf->inbox ), name, nfsnprintf( name, _POSIX_PATH_MAX, "INBOX/" ) ); } @@ -502,7 +508,7 @@ if (maildir_ensure_path( ctx->conf ) < 0) return -1; return maildir_list_recurse( - ctx, 0, flags, inbox, inbox ? strlen( inbox ) : 0, NULL, 0, + ctx, 0, flags, 0, inbox, inbox ? strlen( inbox ) : 0, NULL, 0, path, nfsnprintf( path, _POSIX_PATH_MAX, "%s", ctx->conf->path ), name, 0 ); }