Hello community,
here is the log from the commit of package cyrus-imapd for openSUSE:Factory
checked in at 2015-11-17 14:22:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cyrus-imapd (Old)
and /work/SRC/openSUSE:Factory/.cyrus-imapd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cyrus-imapd"
Changes:
--------
--- /work/SRC/openSUSE:Factory/cyrus-imapd/cyrus-imapd.changes 2015-09-08
18:12:02.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.cyrus-imapd.new/cyrus-imapd.changes
2015-11-17 14:22:53.000000000 +0100
@@ -1,0 +2,9 @@
+Sun Nov 15 11:48:17 UTC 2015 - a...@ajaissle.de
+
+- Added cyrus-imapd-2.4.18-CVE-2015-8077.patch:
+ boo#954200, CVE-2015-8077: Integer overflow in range checks
+
+- Added cyrus-imapd-2.4.18-CVE-2015-8078.patch:
+ boo#954201, CVE-2015-8078: Integer overflow in index_urlfetch
+
+-------------------------------------------------------------------
@@ -4 +13 @@
-- Update to 2.4.18
+- Update to 2.4.18 [boo#945844]
New:
----
cyrus-imapd-2.4.18-CVE-2015-8077.patch
cyrus-imapd-2.4.18-CVE-2015-8078.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cyrus-imapd.spec ++++++
--- /var/tmp/diff_new_pack.krq1mz/_old 2015-11-17 14:22:54.000000000 +0100
+++ /var/tmp/diff_new_pack.krq1mz/_new 2015-11-17 14:22:54.000000000 +0100
@@ -66,6 +66,10 @@
Patch27: cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch
# PATCH-FIX-UPSTREAM -- Have the correct #include when using implicit
definitions
Patch28: cyrus-imapd-2.4.18-implicit_definitions.patch
+# PATCH-FIX-UPSTREAM -- Fix for CVE-2015-8077
+Patch29: cyrus-imapd-2.4.18-CVE-2015-8077.patch
+# PATCH-FIX-UPSTREAM -- Fix for CVE-2015-8078
+Patch30: cyrus-imapd-2.4.18-CVE-2015-8078.patch
BuildRequires: automake
BuildRequires: bison
@@ -225,6 +229,8 @@
%patch25 -p1
%patch27 -p1
%patch28 -p1
+%patch29 -p1
+%patch30 -p1
# remove executable bit from docs
find doc -type f -name '*.html' -exec %{__chmod} -x {} \;
++++++ cyrus-imapd-2.4.18-CVE-2015-8077.patch ++++++
>From 538359e5a7c978e2f27c80124c8bd1282c7661a9 Mon Sep 17 00:00:00 2001
From: ellie timoney <el...@fastmail.com>
Date: Mon, 26 Oct 2015 16:15:40 +1100
Subject: urlfetch: protect against overflow in range checks
diff --git a/imap/index.c b/imap/index.c
index 43dfe16..566a983 100644
--- a/imap/index.c
+++ b/imap/index.c
@@ -2712,7 +2712,8 @@ int index_urlfetch(struct index_state *state, uint32_t
msgno,
int fetchmime = 0, domain = DOMAIN_7BIT;
unsigned size;
int32_t skip = 0;
- int n, r = 0;
+ unsigned long n;
+ int r = 0;
char *decbuf = NULL;
struct mailbox *mailbox = state->mailbox;
struct index_map *im = &state->map[msgno-1];
@@ -2849,7 +2850,7 @@ int index_urlfetch(struct index_state *state, uint32_t
msgno,
start_octet = size;
n = 0;
}
- else if (start_octet + n > size) {
+ else if (start_octet + n < start_octet || start_octet + n > size) {
n = size - start_octet;
}
@@ -2861,10 +2862,10 @@ int index_urlfetch(struct index_state *state, uint32_t
msgno,
if (domain == DOMAIN_BINARY) {
/* Write size of literal8 */
- prot_printf(pout, " ~{%u}\r\n", n);
+ prot_printf(pout, " ~{%lu}\r\n", n);
} else {
/* Write size of literal */
- prot_printf(pout, " {%u}\r\n", n);
+ prot_printf(pout, " {%lu}\r\n", n);
}
}
--
cgit v0.10.2
++++++ cyrus-imapd-2.4.18-CVE-2015-8078.patch ++++++
>From 0142e98fa90f02a030f93469523ac64f91ae7a9f Mon Sep 17 00:00:00 2001
From: ellie timoney <el...@fastmail.com>
Date: Mon, 26 Oct 2015 16:21:01 +1100
Subject: urlfetch: and the other bit
diff --git a/imap/index.c b/imap/index.c
index 566a983..6216f02 100644
--- a/imap/index.c
+++ b/imap/index.c
@@ -2807,7 +2807,8 @@ int index_urlfetch(struct index_state *state, uint32_t
msgno,
size_t section_offset = CACHE_ITEM_BIT32(cacheitem);
size_t section_size = CACHE_ITEM_BIT32(cacheitem +
CACHE_ITEM_SIZE_SKIP);
- if (section_offset + section_size > size) {
+ if (section_offset + section_size < section_offset
+ || section_offset + section_size > size) {
r = IMAP_INTERNAL;
goto done;
}
--
cgit v0.10.2
