[SVN] r847 - in /trunk/cyrus-imapd-2.2.13/debian: changelog patches/0025-upstream-fix-cve-2009-3235.dpatch

Wed, 23 Sep 2009 06:39:19 -0700 

Author: hmh
Date: Wed Sep 23 15:38:04 2009
New Revision: 847

URL: https://mail.incase.de/viewcvs?rev=847&root=cyrus22&view=rev
Log:
* sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
  update for completeness to match the patch used by the security-team:
  use snprintf for scount, to future-proof against "int" larger than
  64 bits.

Modified:
    trunk/cyrus-imapd-2.2.13/debian/changelog
    
trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch

Modified: trunk/cyrus-imapd-2.2.13/debian/changelog
URL: 
https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/changelog?rev=847&root=cyrus22&r1=846&r2=847&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/changelog (original)
+++ trunk/cyrus-imapd-2.2.13/debian/changelog Wed Sep 23 15:38:04 2009
@@ -1,8 +1,12 @@
 cyrus-imapd-2.2 (2.2.13-18) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
-
- -- Henrique de Moraes Holschuh <[email protected]>  Tue, 22 Sep 2009 23:26:20 
-0300
+  * sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
+    update for completeness to match the patch used by the security-team:
+    use snprintf for scount, to future-proof against "int" larger than
+    64 bits.
+
+ -- Henrique de Moraes Holschuh <[email protected]>  Wed, 23 Sep 2009 09:22:07 
-0300
 
 cyrus-imapd-2.2 (2.2.13-17) unstable; urgency=high
 

Modified: 
trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
URL: 
https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch?rev=847&root=cyrus22&r1=3D846&r2=847&view=diff
==============================================================================
--- 
trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch 
(original)
+++ 
trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch 
Wed Sep 23 15:38:04 2009
@@ -6,8 +6,8 @@
 
 @DPATCH@
 diff -urNad cyrus-imapd-2.2.13~/sieve/bc_eval.c 
cyrus-imapd-2.2.13/sieve/bc_eval.c
---- cyrus-imapd-2.2.13~/sieve/bc_eval.c        2009-09-22 18:47:23.000000000 
-0300
-+++ cyrus-imapd-2.2.13/sieve/bc_eval.c 2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/bc_eval.c        2009-09-23 09:18:50.557332445 
-0300
++++ cyrus-imapd-2.2.13/sieve/bc_eval.c 2009-09-23 09:20:15.831016330 -0300
 @@ -440,7 +440,7 @@
        int comparator=ntohl(bc[i+3].value);
        int apart=ntohl(bc[i+4].value);
@@ -17,6 +17,15 @@
        int isReg = (match==B_REGEX);
        int ctag = 0;
        regex_t *reg;
+@@ -574,7 +574,7 @@
+      
+       if  (match == B_COUNT)
+       {
+-          sprintf(scount, "%u", count);
++          snprintf(scount, sizeof(scount), "%u", count);
+           /* search through all the data */ 
+           currd=datai+2;
+           for (z=0; z<numdata && !res; z++)
 @@ -608,7 +608,7 @@
        int relation=ntohl(bc[i+2].value);
        int comparator=ntohl(bc[i+3].value);
@@ -26,9 +35,18 @@
        int isReg = (match==B_REGEX);
        int ctag = 0;
        regex_t *reg;
+@@ -689,7 +689,7 @@
+       
+       if  (match == B_COUNT )
+       {
+-          sprintf(scount, "%u", count);
++          snprintf(scount, sizeof(scount), "%u", count);
+           /*search through all the data*/ 
+           currd=datai+2;
+           for (z=0; z<numdata && !res; z++)
 diff -urNad cyrus-imapd-2.2.13~/sieve/script.c 
cyrus-imapd-2.2.13/sieve/script.c
---- cyrus-imapd-2.2.13~/sieve/script.c 2009-09-22 18:57:09.666668946 -0300
-+++ cyrus-imapd-2.2.13/sieve/script.c  2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/script.c 2009-09-23 09:18:51.474832314 -0300
++++ cyrus-imapd-2.2.13/sieve/script.c  2009-09-23 09:18:51.627330879 -0300
 @@ -526,9 +526,9 @@
      if ((ret != SIEVE_OK) && interp->err) {
        char buf[1024];
@@ -42,8 +60,8 @@
   
        ret |= interp->execute_err(buf, interp->interp_context,
 diff -urNad cyrus-imapd-2.2.13~/sieve/sieve.y cyrus-imapd-2.2.13/sieve/sieve.y
---- cyrus-imapd-2.2.13~/sieve/sieve.y  2009-09-22 18:47:23.000000000 -0300
-+++ cyrus-imapd-2.2.13/sieve/sieve.y   2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/sieve.y  2009-09-23 09:18:50.557332445 -0300
++++ cyrus-imapd-2.2.13/sieve/sieve.y   2009-09-23 09:18:51.627330879 -0300
 @@ -923,7 +923,7 @@
        else if (!strcmp(r, "ne")) {return NE;}
        else if (!strcmp(r, "eq")) {return EQ;}


_______________________________________________
Pkg-Cyrus-imapd-Debian-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-cyrus-imapd-debian-devel

Reply via email to