Hello community, here is the log from the commit of package cyrus-imapd for openSUSE:Factory checked in at Tue May 24 14:19:10 CEST 2011.
-------- --- cyrus-imapd/cyrus-imapd.changes 2010-12-07 23:02:10.000000000 +0100 +++ /mounts/work_src_done/STABLE/cyrus-imapd/cyrus-imapd.changes 2011-05-23 16:18:17.000000000 +0200 @@ -1,0 +2,7 @@ +Mon May 23 14:17:33 UTC 2011 - rha...@suse.de + +- Fixed STARTTLS plaintext command injection vulnerability + (bnc#694247, cyrus-bug#3425) +- Fixed building against newer perl release (5.14) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- cyrus-imapd-STARTTLS-plaintext-command-injection.patch cyrus-imapd-perl-5.14.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cyrus-imapd.spec ++++++ --- /var/tmp/diff_new_pack.hzPwS1/_old 2011-05-24 14:16:56.000000000 +0200 +++ /var/tmp/diff_new_pack.hzPwS1/_new 2011-05-24 14:16:56.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package cyrus-imapd (Version 2.3.16) +# spec file for package cyrus-imapd # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -57,7 +57,7 @@ %endif Summary: The Cyrus IMAP and POP Mail Server Version: 2.3.16 -Release: 12 +Release: 18 Source: %{prjname}-%{version}.tar.bz2 Source1: cyrus-imapd-rc.tar.gz Source2: DB_CONFIG @@ -73,6 +73,8 @@ Patch12: pie.patch Patch18: cyrus-imapd-perl-path.patch Patch19: cyrus-imapd-libdb-4_8.patch +Patch20: cyrus-imapd-perl-5.14.patch +Patch21: cyrus-imapd-STARTTLS-plaintext-command-injection.patch %if %{with_kolab} # KOLAB_cyrus-imapd patches are maintained at @@ -185,6 +187,8 @@ %patch12 -p1 %patch18 %patch19 -p1 +%patch20 -p1 +%patch21 -p1 %if %{with_kolab} %patch100 -p1 ++++++ cyrus-imapd-STARTTLS-plaintext-command-injection.patch ++++++ >From febfa4a5e2b20521e6176c787b0f05acc05d93e6 Mon Sep 17 00:00:00 2001 From: Ken Murchison <mu...@andrew.cmu.edu> Date: Fri, 25 Mar 2011 11:50:18 -0400 Subject: Fixed bug #3423 - STARTTLS plaintext command injection vulnerability Index: cyrus-imapd-2.3.16/imap/imapd.c =================================================================== --- cyrus-imapd-2.3.16.orig/imap/imapd.c +++ cyrus-imapd-2.3.16/imap/imapd.c @@ -1774,6 +1774,9 @@ void cmdloop() if (c == '\r') c = prot_getc(imapd_in); if (c != '\n') goto extraargs; + /* XXX discard any input pipelined after STARTTLS */ + prot_flush(imapd_in); + /* if we've already done SASL fail */ if (imapd_userid != NULL) { prot_printf(imapd_out, Index: cyrus-imapd-2.3.16/imap/lmtpengine.c =================================================================== --- cyrus-imapd-2.3.16.orig/imap/lmtpengine.c +++ cyrus-imapd-2.3.16/imap/lmtpengine.c @@ -1576,6 +1576,9 @@ void lmtpmode(struct lmtp_func *func, sasl_ssf_t ssf; char *auth_id; + /* XXX discard any input pipelined after STARTTLS */ + prot_flush(pin); + /* SASL and openssl have different ideas about whether ssf is signed */ layerp = (int *) &ssf; Index: cyrus-imapd-2.3.16/imap/mupdate.c =================================================================== --- cyrus-imapd-2.3.16.orig/imap/mupdate.c +++ cyrus-imapd-2.3.16/imap/mupdate.c @@ -927,6 +927,9 @@ mupdate_docmd_result_t docmd(struct conn if (!strcmp(c->cmd.s, "Starttls")) { CHECKNEWLINE(c, ch); + /* XXX discard any input pipelined after STARTTLS */ + prot_flush(c->pin); + if (!tls_enabled()) { /* we don't support starttls */ goto badcmd; Index: cyrus-imapd-2.3.16/imap/nntpd.c =================================================================== --- cyrus-imapd-2.3.16.orig/imap/nntpd.c +++ cyrus-imapd-2.3.16/imap/nntpd.c @@ -1436,6 +1436,9 @@ static void cmdloop(void) if (c == '\r') c = prot_getc(nntp_in); if (c != '\n') goto extraargs; + /* XXX discard any input pipelined after STARTTLS */ + prot_flush(nntp_in); + cmd_starttls(0); } else if (!strcmp(cmd.s, "Stat")) { Index: cyrus-imapd-2.3.16/imap/pop3d.c =================================================================== --- cyrus-imapd-2.3.16.orig/imap/pop3d.c +++ cyrus-imapd-2.3.16/imap/pop3d.c @@ -950,6 +950,9 @@ static void cmdloop(void) if (arg) { prot_printf(popd_out, "-ERR Unexpected extra argument\r\n"); } else { + /* XXX discard any input pipelined after STLS */ + prot_flush(popd_in); + cmd_starttls(0); } } Index: cyrus-imapd-2.3.16/imap/sync_server.c =================================================================== --- cyrus-imapd-2.3.16.orig/imap/sync_server.c +++ cyrus-imapd-2.3.16/imap/sync_server.c @@ -904,6 +904,9 @@ static void cmdloop(void) if (c == '\r') c = prot_getc(sync_in); if (c != '\n') goto extraargs; + /* XXX discard any input pipelined after STARTTLS */ + prot_flush(sync_in); + /* if we've already done SASL fail */ if (sync_userid != NULL) { prot_printf(sync_out, Index: cyrus-imapd-2.3.16/lib/prot.c =================================================================== --- cyrus-imapd-2.3.16.orig/lib/prot.c +++ cyrus-imapd-2.3.16/lib/prot.c @@ -728,10 +728,29 @@ int prot_fill(struct protstream *s) } /* + * If 's' is an input stream, discard any pending/buffered data. Otherwise, * Write out any buffered data in the stream 's' */ int prot_flush(struct protstream *s) { + if (!s->write) { + int c, save_dontblock = s->dontblock; + + /* Set stream to nonblocking mode */ + if (!save_dontblock) nonblock(s->fd, (s->dontblock = 1)); + + /* Ingest any pending input */ + while ((c = prot_fill(s)) != EOF); + + /* Reset stream to previous blocking mode */ + if (!save_dontblock) nonblock(s->fd, (s->dontblock = 0)); + + /* Discard any buffered input */ + s->cnt = 0; + + return 0; + } + return prot_flush_internal(s, 1); } Index: cyrus-imapd-2.3.16/timsieved/parser.c =================================================================== --- cyrus-imapd-2.3.16.orig/timsieved/parser.c +++ cyrus-imapd-2.3.16/timsieved/parser.c @@ -443,6 +443,9 @@ int parser(struct protstream *sieved_out goto error; } + /* XXX discard any input pipelined after STARTTLS */ + prot_flush(sieved_in); + if(referral_host) goto do_referral; ++++++ cyrus-imapd-perl-5.14.patch ++++++ commit 27287454fb150b9d4f6d4b86d1e7dba4ea7934e2 Author: Ralf Haferkamp <rha...@suse.de> Date: Mon May 23 16:05:51 2011 +0200 Build with newer perl Index: cyrus-imapd-2.3.16/perl/imap/IMAP.xs =================================================================== --- cyrus-imapd-2.3.16.orig/perl/imap/IMAP.xs +++ cyrus-imapd-2.3.16/perl/imap/IMAP.xs @@ -124,10 +124,10 @@ void imclient_xs_cb(struct imclient *cli SAVETMPS; PUSHMARK(SP); XPUSHs(sv_2mortal(newSVpv("-client", 0))); - rv = newSVsv(&sv_undef); + rv = newSVsv(&PL_sv_undef); sv_setref_pv(rv, NULL, (void *) rock->client); XPUSHs(rv); - if (rock->prock != &sv_undef) { + if (rock->prock != &PL_sv_undef) { XPUSHs(sv_2mortal(newSVpv("-rock", 0))); XPUSHs(sv_mortalcopy(rock->prock)); } @@ -392,7 +392,7 @@ CODE: ST(0) = sv_newmortal(); if(client->authenticated) { - ST(0) = &sv_no; + ST(0) = &PL_sv_no; return; } @@ -414,10 +414,10 @@ CODE: rc = imclient_authenticate(client->imclient, mechlist, service, user, minssf, maxssf); if (rc) - ST(0) = &sv_no; + ST(0) = &PL_sv_no; else { client->authenticated = 1; - ST(0) = &sv_yes; + ST(0) = &PL_sv_yes; } int @@ -449,12 +449,12 @@ CODE: #ifdef HAVE_SSL rc = imclient_starttls(client->imclient, tls_cert_file, tls_key_file, CAfile, CApath); if (rc) - ST(0) = &sv_no; + ST(0) = &PL_sv_no; else { - ST(0) = &sv_yes; + ST(0) = &PL_sv_yes; } #else - ST(0) = &sv_no; + ST(0) = &PL_sv_no; #endif /* HAVE_SSL */ void @@ -514,7 +514,7 @@ PPCODE: (val = hv_fetch(cb, "Rock", 4, 0))) prock = *val; else - prock = &sv_undef; + prock = &PL_sv_undef; /* * build our internal rock, which is used by our internal * callback handler to invoke the Perl callback @@ -525,7 +525,7 @@ PPCODE: rock = (struct xsccb *) safemalloc(sizeof *rock); /* bump refcounts on these so they don't go away */ rock->pcb = SvREFCNT_inc(pcb); - if (!prock) prock = &sv_undef; + if (!prock) prock = &PL_sv_undef; rock->prock = SvREFCNT_inc(prock); rock->client = client; rock->autofree = 0; @@ -652,9 +652,9 @@ PPCODE: EXTEND(SP, 1); pcb = av_shift(av); if (strcmp(SvPV(pcb, arg), "OK") == 0) - PUSHs(&sv_yes); + PUSHs(&PL_sv_yes); else - PUSHs(&sv_no); + PUSHs(&PL_sv_no); pcb = perl_get_sv("@", TRUE); sv_setsv(pcb, av_shift(av)); if (av_len(av) != -1) { @@ -687,9 +687,9 @@ PPCODE: EXTEND(SP, 2); PUSHs(sv_2mortal(newSViv(fd))); if (writep) - PUSHs(&sv_yes); + PUSHs(&PL_sv_yes); else - PUSHs(&sv_no); + PUSHs(&PL_sv_no); void imclient_fromURL(client,url) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org