Hello community,
here is the log from the commit of package cyrus-imapd for openSUSE:Factory
checked in at Tue May 24 14:19:10 CEST 2011.
--------
--- cyrus-imapd/cyrus-imapd.changes 2010-12-07 23:02:10.000000000 +0100
+++ /mounts/work_src_done/STABLE/cyrus-imapd/cyrus-imapd.changes
2011-05-23 16:18:17.000000000 +0200
@@ -1,0 +2,7 @@
+Mon May 23 14:17:33 UTC 2011 - rha...@suse.de
+
+- Fixed STARTTLS plaintext command injection vulnerability
+ (bnc#694247, cyrus-bug#3425)
+- Fixed building against newer perl release (5.14)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
cyrus-imapd-STARTTLS-plaintext-command-injection.patch
cyrus-imapd-perl-5.14.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cyrus-imapd.spec ++++++
--- /var/tmp/diff_new_pack.hzPwS1/_old 2011-05-24 14:16:56.000000000 +0200
+++ /var/tmp/diff_new_pack.hzPwS1/_new 2011-05-24 14:16:56.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package cyrus-imapd (Version 2.3.16)
+# spec file for package cyrus-imapd
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -57,7 +57,7 @@
%endif
Summary: The Cyrus IMAP and POP Mail Server
Version: 2.3.16
-Release: 12
+Release: 18
Source: %{prjname}-%{version}.tar.bz2
Source1: cyrus-imapd-rc.tar.gz
Source2: DB_CONFIG
@@ -73,6 +73,8 @@
Patch12: pie.patch
Patch18: cyrus-imapd-perl-path.patch
Patch19: cyrus-imapd-libdb-4_8.patch
+Patch20: cyrus-imapd-perl-5.14.patch
+Patch21: cyrus-imapd-STARTTLS-plaintext-command-injection.patch
%if %{with_kolab}
# KOLAB_cyrus-imapd patches are maintained at
@@ -185,6 +187,8 @@
%patch12 -p1
%patch18
%patch19 -p1
+%patch20 -p1
+%patch21 -p1
%if %{with_kolab}
%patch100 -p1
++++++ cyrus-imapd-STARTTLS-plaintext-command-injection.patch ++++++
>From febfa4a5e2b20521e6176c787b0f05acc05d93e6 Mon Sep 17 00:00:00 2001
From: Ken Murchison <mu...@andrew.cmu.edu>
Date: Fri, 25 Mar 2011 11:50:18 -0400
Subject: Fixed bug #3423 - STARTTLS plaintext command injection vulnerability
Index: cyrus-imapd-2.3.16/imap/imapd.c
===================================================================
--- cyrus-imapd-2.3.16.orig/imap/imapd.c
+++ cyrus-imapd-2.3.16/imap/imapd.c
@@ -1774,6 +1774,9 @@ void cmdloop()
if (c == '\r') c = prot_getc(imapd_in);
if (c != '\n') goto extraargs;
+ /* XXX discard any input pipelined after STARTTLS */
+ prot_flush(imapd_in);
+
/* if we've already done SASL fail */
if (imapd_userid != NULL) {
prot_printf(imapd_out,
Index: cyrus-imapd-2.3.16/imap/lmtpengine.c
===================================================================
--- cyrus-imapd-2.3.16.orig/imap/lmtpengine.c
+++ cyrus-imapd-2.3.16/imap/lmtpengine.c
@@ -1576,6 +1576,9 @@ void lmtpmode(struct lmtp_func *func,
sasl_ssf_t ssf;
char *auth_id;
+ /* XXX discard any input pipelined after STARTTLS */
+ prot_flush(pin);
+
/* SASL and openssl have different ideas
about whether ssf is signed */
layerp = (int *) &ssf;
Index: cyrus-imapd-2.3.16/imap/mupdate.c
===================================================================
--- cyrus-imapd-2.3.16.orig/imap/mupdate.c
+++ cyrus-imapd-2.3.16/imap/mupdate.c
@@ -927,6 +927,9 @@ mupdate_docmd_result_t docmd(struct conn
if (!strcmp(c->cmd.s, "Starttls")) {
CHECKNEWLINE(c, ch);
+ /* XXX discard any input pipelined after STARTTLS */
+ prot_flush(c->pin);
+
if (!tls_enabled()) {
/* we don't support starttls */
goto badcmd;
Index: cyrus-imapd-2.3.16/imap/nntpd.c
===================================================================
--- cyrus-imapd-2.3.16.orig/imap/nntpd.c
+++ cyrus-imapd-2.3.16/imap/nntpd.c
@@ -1436,6 +1436,9 @@ static void cmdloop(void)
if (c == '\r') c = prot_getc(nntp_in);
if (c != '\n') goto extraargs;
+ /* XXX discard any input pipelined after STARTTLS */
+ prot_flush(nntp_in);
+
cmd_starttls(0);
}
else if (!strcmp(cmd.s, "Stat")) {
Index: cyrus-imapd-2.3.16/imap/pop3d.c
===================================================================
--- cyrus-imapd-2.3.16.orig/imap/pop3d.c
+++ cyrus-imapd-2.3.16/imap/pop3d.c
@@ -950,6 +950,9 @@ static void cmdloop(void)
if (arg) {
prot_printf(popd_out, "-ERR Unexpected extra argument\r\n");
} else {
+ /* XXX discard any input pipelined after STLS */
+ prot_flush(popd_in);
+
cmd_starttls(0);
}
}
Index: cyrus-imapd-2.3.16/imap/sync_server.c
===================================================================
--- cyrus-imapd-2.3.16.orig/imap/sync_server.c
+++ cyrus-imapd-2.3.16/imap/sync_server.c
@@ -904,6 +904,9 @@ static void cmdloop(void)
if (c == '\r') c = prot_getc(sync_in);
if (c != '\n') goto extraargs;
+ /* XXX discard any input pipelined after STARTTLS */
+ prot_flush(sync_in);
+
/* if we've already done SASL fail */
if (sync_userid != NULL) {
prot_printf(sync_out,
Index: cyrus-imapd-2.3.16/lib/prot.c
===================================================================
--- cyrus-imapd-2.3.16.orig/lib/prot.c
+++ cyrus-imapd-2.3.16/lib/prot.c
@@ -728,10 +728,29 @@ int prot_fill(struct protstream *s)
}
/*
+ * If 's' is an input stream, discard any pending/buffered data. Otherwise,
* Write out any buffered data in the stream 's'
*/
int prot_flush(struct protstream *s)
{
+ if (!s->write) {
+ int c, save_dontblock = s->dontblock;
+
+ /* Set stream to nonblocking mode */
+ if (!save_dontblock) nonblock(s->fd, (s->dontblock = 1));
+
+ /* Ingest any pending input */
+ while ((c = prot_fill(s)) != EOF);
+
+ /* Reset stream to previous blocking mode */
+ if (!save_dontblock) nonblock(s->fd, (s->dontblock = 0));
+
+ /* Discard any buffered input */
+ s->cnt = 0;
+
+ return 0;
+ }
+
return prot_flush_internal(s, 1);
}
Index: cyrus-imapd-2.3.16/timsieved/parser.c
===================================================================
--- cyrus-imapd-2.3.16.orig/timsieved/parser.c
+++ cyrus-imapd-2.3.16/timsieved/parser.c
@@ -443,6 +443,9 @@ int parser(struct protstream *sieved_out
goto error;
}
+ /* XXX discard any input pipelined after STARTTLS */
+ prot_flush(sieved_in);
+
if(referral_host)
goto do_referral;
++++++ cyrus-imapd-perl-5.14.patch ++++++
commit 27287454fb150b9d4f6d4b86d1e7dba4ea7934e2
Author: Ralf Haferkamp <rha...@suse.de>
Date: Mon May 23 16:05:51 2011 +0200
Build with newer perl
Index: cyrus-imapd-2.3.16/perl/imap/IMAP.xs
===================================================================
--- cyrus-imapd-2.3.16.orig/perl/imap/IMAP.xs
+++ cyrus-imapd-2.3.16/perl/imap/IMAP.xs
@@ -124,10 +124,10 @@ void imclient_xs_cb(struct imclient *cli
SAVETMPS;
PUSHMARK(SP);
XPUSHs(sv_2mortal(newSVpv("-client", 0)));
- rv = newSVsv(&sv_undef);
+ rv = newSVsv(&PL_sv_undef);
sv_setref_pv(rv, NULL, (void *) rock->client);
XPUSHs(rv);
- if (rock->prock != &sv_undef) {
+ if (rock->prock != &PL_sv_undef) {
XPUSHs(sv_2mortal(newSVpv("-rock", 0)));
XPUSHs(sv_mortalcopy(rock->prock));
}
@@ -392,7 +392,7 @@ CODE:
ST(0) = sv_newmortal();
if(client->authenticated) {
- ST(0) = &sv_no;
+ ST(0) = &PL_sv_no;
return;
}
@@ -414,10 +414,10 @@ CODE:
rc = imclient_authenticate(client->imclient, mechlist, service, user,
minssf, maxssf);
if (rc)
- ST(0) = &sv_no;
+ ST(0) = &PL_sv_no;
else {
client->authenticated = 1;
- ST(0) = &sv_yes;
+ ST(0) = &PL_sv_yes;
}
int
@@ -449,12 +449,12 @@ CODE:
#ifdef HAVE_SSL
rc = imclient_starttls(client->imclient, tls_cert_file, tls_key_file,
CAfile, CApath);
if (rc)
- ST(0) = &sv_no;
+ ST(0) = &PL_sv_no;
else {
- ST(0) = &sv_yes;
+ ST(0) = &PL_sv_yes;
}
#else
- ST(0) = &sv_no;
+ ST(0) = &PL_sv_no;
#endif /* HAVE_SSL */
void
@@ -514,7 +514,7 @@ PPCODE:
(val = hv_fetch(cb, "Rock", 4, 0)))
prock = *val;
else
- prock = &sv_undef;
+ prock = &PL_sv_undef;
/*
* build our internal rock, which is used by our internal
* callback handler to invoke the Perl callback
@@ -525,7 +525,7 @@ PPCODE:
rock = (struct xsccb *) safemalloc(sizeof *rock);
/* bump refcounts on these so they don't go away */
rock->pcb = SvREFCNT_inc(pcb);
- if (!prock) prock = &sv_undef;
+ if (!prock) prock = &PL_sv_undef;
rock->prock = SvREFCNT_inc(prock);
rock->client = client;
rock->autofree = 0;
@@ -652,9 +652,9 @@ PPCODE:
EXTEND(SP, 1);
pcb = av_shift(av);
if (strcmp(SvPV(pcb, arg), "OK") == 0)
- PUSHs(&sv_yes);
+ PUSHs(&PL_sv_yes);
else
- PUSHs(&sv_no);
+ PUSHs(&PL_sv_no);
pcb = perl_get_sv("@", TRUE);
sv_setsv(pcb, av_shift(av));
if (av_len(av) != -1) {
@@ -687,9 +687,9 @@ PPCODE:
EXTEND(SP, 2);
PUSHs(sv_2mortal(newSViv(fd)));
if (writep)
- PUSHs(&sv_yes);
+ PUSHs(&PL_sv_yes);
else
- PUSHs(&sv_no);
+ PUSHs(&PL_sv_no);
void
imclient_fromURL(client,url)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
