[SVN] r848 - in /branches/cyrus23/cyrus-imapd-2.3-development/debian: changelog patches/0025a-upstream-cve-2009-3235-partial.dpatch patches/0025b-cve-2009-3235-extras.dpatch patches/00list

debian at incase.de debian at incase.de
Fri Oct 9 09:34:44 UTC 2009 

Author: duncan
Date: Fri Oct  9 11:34:42 2009
New Revision: 848

URL: https://mail.incase.de/viewcvs?rev=848&root=cyrus22&view=rev
Log:
Security fix for sieve buffer overflow (DSA-1893-1).

Added:
    branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025a-upstream-cve-2009-3235-partial.dpatch   (with props)
    branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025b-cve-2009-3235-extras.dpatch   (with props)
Modified:
    branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog
    branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list

Modified: branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog
URL: https://mail.incase.de/viewcvs/branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog?rev=848&root=cyrus22&r1=847&r2=848&view=diff
==============================================================================
--- branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog (original)
+++ branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog Fri Oct  9 11:34:42 2009
@@ -2,6 +2,9 @@
 
   [ Duncan Gibb ]
   * Add upstream patch fixing a buffer overflow in sieve.
+    Fixes CERT VU#336053 = CVE-2009-2632 = DSA-1881-1.
+  * Add two-part patch for sieve buffer overflow - upstream and Debian.
+    Fixes CVE-2009-3235 = DSA-1893-1 = Debian bug #547947.
 
   [ Sven Mueller ]
   * Fix cyrus-common postinst to only run makedirs if a new upstream is

Added: branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025a-upstream-cve-2009-3235-partial.dpatch
URL: https://mail.incase.de/viewcvs/branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025a-upstream-cve-2009-3235-partial.dpatch?rev=848&root=cyrus22&view=auto
==============================================================================
--- branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025a-upstream-cve-2009-3235-partial.dpatch (added)
+++ branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025a-upstream-cve-2009-3235-partial.dpatch Fri Oct  9 11:34:42 2009
@@ -1,0 +1,36 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0025-upstream-cve-2009-3235-partial.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix for CVE-2009-3235 = DSA-1893-1 as committed upstream
+ at DPATCH@
+--- src/sieve/bc_eval.c	2009/03/31 04:11:30	1.14
++++ src/sieve/bc_eval.c	2009/09/15 16:24:03	1.15
+@@ -481,7 +481,7 @@
+ 	int comparator=ntohl(bc[i+3].value);
+ 	int apart=ntohl(bc[i+4].value);
+ 	int count=0;
+-	char scount[3];
++	char scount[21];
+ 	int isReg = (match==B_REGEX);
+ 	int ctag = 0;
+ 	regex_t *reg;
+@@ -650,7 +650,7 @@ 
+ 	int relation=ntohl(bc[i+2].value);
+ 	int comparator=ntohl(bc[i+3].value);
+ 	int count=0;	
+-	char scount[3];
++	char scount[21];
+ 	int isReg = (match==B_REGEX);
+ 	int ctag = 0;
+ 	regex_t *reg;
+@@ -771,7 +771,7 @@
+ 	int transform=ntohl(bc[i+4].value);
+ 	int offset=ntohl(bc[i+5].value);
+ 	int count=0;
+-	char scount[3];
++	char scount[21];
+ 	int isReg = (match==B_REGEX);
+ 	int ctag = 0;
+ 	regex_t *reg;
+

Propchange: branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025a-upstream-cve-2009-3235-partial.dpatch
------------------------------------------------------------------------------
    svn:executable = *

Added: branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025b-cve-2009-3235-extras.dpatch
URL: https://mail.incase.de/viewcvs/branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025b-cve-2009-3235-extras.dpatch?rev=848&root=3Dcyrus22&view=auto
==============================================================================
--- branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025b-cve-2009-3235-extras.dpatch (added)
+++ branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025b-cve-2009-3235-extras.dpatch Fri Oct  9 11:34:42 2009
@@ -1,0 +1,56 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0025b-cve-2009-3235-extras.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Additions to upstream fix for CVE-2009-3235 = DSA-1893-1 as
+## DP: used by Giuseppe Iuculano <giuseppe at iuculano.it> in the Debian
+## DP: security update.
+ at DPATCH@
+diff -urNad cyrus-imapd-2.2.13~/sieve/bc_eval.c cyrus-imapd-2.2.13/sieve/bc_eval.c
+--- cyrus-imapd-2.2.13~/sieve/bc_eval.c	2009-09-23 09:18:50.557332445 -0300
++++ cyrus-imapd-2.2.13/sieve/bc_eval.c	2009-09-23 09:20:15.831016330 -0300
+@@ -616,7 +616,7 @@
+      
+ 	if  (match == B_COUNT)
+ 	{
+-	    sprintf(scount, "%u", count);
++	    snprintf(scount, sizeof(scount), "%u", count);
+ 	    /* search through all the data */ 
+ 	    currd=datai+2;
+ 	    for (z=0; z<numdata && !res; z++)
+@@ -732,7 +732,7 @@
+ 	
+ 	if  (match == B_COUNT )
+ 	{
+-	    sprintf(scount, "%u", count);
++	    snprintf(scount, sizeof(scount), "%u", count);
+ 	    /*search through all the data*/ 
+ 	    currd=datai+2;
+ 	    for (z=0; z<numdata && !res; z++)
+diff -urNad cyrus-imapd-2.2.13~/sieve/script.c cyrus-imapd-2.2.13/sieve/script.c
+--- cyrus-imapd-2.2.13~/sieve/script.c	2009-09-23 09:18:51.474832314 -0300
++++ cyrus-imapd-2.2.13/sieve/script.c	2009-09-23 09:18:51.627330879 -0300
+@@ -668,9 +668,9 @@
+     if ((ret != SIEVE_OK) && interp->err) {
+ 	char buf[1024];
+ 	if (lastaction == -1) /* we never executed an action */
+-	    sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
++	    snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg : sieve_errstr(ret));
+ 	else
+-	    sprintf(buf, "%s: %s", action_to_string(lastaction),
++	    snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
+ 		    errmsg ? errmsg : sieve_errstr(ret));
+  
+ 	ret |= interp->execute_err(buf, interp->interp_context,
+diff -urNad cyrus-imapd-2.2.13~/sieve/sieve.y cyrus-imapd-2.2.13/sieve/sieve.y
+--- cyrus-imapd-2.2.13~/sieve/sieve.y	2009-09-23 09:18:50.557332445 -0300
++++ cyrus-imapd-2.2.13/sieve/sieve.y	2009-09-23 09:18:51.627330879 -0300
+@@ -1133,7 +1133,7 @@
+ 	else if (!strcmp(r, "ne")) {return NE;}
+ 	else if (!strcmp(r, "eq")) {return EQ;}
+ 	else{
+-	  sprintf(errbuf, "flag '%s': not a valid relational operation", r);
++	  snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational operation", r);
+ 	  yyerror(errbuf);
+ 	  return -1;
+ 	}

Propchange: branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0025b-cve-2009-3235-extras.dpatch
------------------------------------------------------------------------------
    svn:executable = *

Modified: branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list
URL: https://mail.incase.de/viewcvs/branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list?rev=848&root=cyrus22&r1=847&r2=848&view=diff
==============================================================================
--- branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list (original)
+++ branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list Fri Oct  9 11:34:42 2009
@@ -1,4 +1,6 @@
 0024-upstream-fix-sieve.dpatch
+0025a-upstream-cve-2009-3235-partial.dpatch
+0025b-cve-2009-3235-extras.dpatch
 01-fix_Makefile.in.dpatch
 02-add_mkinstalldirs.dpatch
 03-fix_docs.dpatch

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list