[SVN] r802 - in /branches/cyrus23/cyrus-imapd-2.3-development/debian: changelog patches/0024-upstream-fix-sieve.dpatch patches/00list
debian at incase.de
debian at incase.de
Fri Sep 4 15:42:46 UTC 2009
Author: duncan
Date: Fri Sep 4 17:42:44 2009
New Revision: 802
URL: https://mail.incase.de/viewcvs?rev=802&root=cyrus22&view=rev
Log:
Add patch updating sieve/script.c to bring in upstream security fix and a couple of bug fixes.
Added:
branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0024-upstream-fix-sieve.dpatch
Modified:
branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog
branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list
Modified: branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog
URL: https://mail.incase.de/viewcvs/branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog?rev=802&root=cyrus22&r1=801&r2=802&view=diff
==============================================================================
--- branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog (original)
+++ branches/cyrus23/cyrus-imapd-2.3-development/debian/changelog Fri Sep 4 17:42:44 2009
@@ -1,3 +1,9 @@
+cyrus-imapd-2.3 (2.3.14-2) experimental; urgency=medium
+
+ * Add upstream patch fixing a buffer overflow in sieve.
+
+ -- Duncan Gibb <Duncan.Gibb at siriusit.co.uk> Fri, 4 Sep 2009 15:16:35 +0100
+
cyrus-imapd-2.3 (2.3.14-1) experimental; urgency=low
* New upstream release.
Added: branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0024-upstream-fix-sieve.dpatch
URL: https://mail.incase.de/viewcvs/branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0024-upstream-fix-sieve.dpatch?rev=802&root=cyrus22&view=auto
==============================================================================
--- branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0024-upstream-fix-sieve.dpatch (added)
+++ branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/0024-upstream-fix-sieve.dpatch Fri Sep 4 17:42:44 2009
@@ -1,0 +1,198 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0024-upstream-fix-sieve.dpatch
+##
+## DP: Upstream patch fixing a buffer overflow bug in sieve. Taken from
+## DP: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sieve/script.c.diff?r1=1.63;r2=1.68
+
+ at DPATCH@
+--- src/sieve/script.c 2006/11/30 17:11:24 1.63
++++ src/sieve/script.c 2009/09/02 13:56:18 1.68
+@@ -1,29 +1,47 @@
+ /* script.c -- sieve script functions
+ * Larry Greenfield
+- * $Id: script.c,v 1.63 2006/11/30 17:11:24 murch Exp $
++ *
++ * Copyright (c) 1994-2008 Carnegie Mellon University. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. The name "Carnegie Mellon University" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For permission or any legal
++ * details, please contact
++ * Carnegie Mellon University
++ * Center for Technology Transfer and Enterprise Creation
++ * 4615 Forbes Avenue
++ * Suite 302
++ * Pittsburgh, PA 15213
++ * (412) 268-7393, fax: (412) 268-7395
++ * innovation at andrew.cmu.edu
++ *
++ * 4. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by Computing Services
++ * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
++ *
++ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
++ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
++ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
++ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
++ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ *
++ * $Id: script.c,v 1.68 2009/09/02 13:56:18 brong Exp $
+ */
+-/***********************************************************
+- Copyright 1999 by Carnegie Mellon University
+-
+- All Rights Reserved
+-
+-Permission to use, copy, modify, and distribute this software and its
+-documentation for any purpose and without fee is hereby granted,
+-provided that the above copyright notice appear in all copies and that
+-both that copyright notice and this permission notice appear in
+-supporting documentation, and that the name of Carnegie Mellon
+-University not be used in advertising or publicity pertaining to
+-distribution of the software without specific, written prior
+-permission.
+-
+-CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+-THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+-FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR
+-ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-******************************************************************/
+
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+@@ -186,7 +204,7 @@ int sieve_script_parse(sieve_interp_t *i
+ return res;
+ }
+
+-void free_imapflags(sieve_imapflags_t *imapflags)
++static void free_imapflags(sieve_imapflags_t *imapflags)
+ {
+ while (imapflags->nflags)
+ free(imapflags->flag[--imapflags->nflags]);
+@@ -318,15 +336,15 @@ static int build_notify_message(sieve_in
+ }
+ }
+
+- if (n == 0 || n > size) n = size;
++ if (n == 0 || n > (size_t)size) n = size;
+
+ /* realloc if necessary */
+- if ( (*outlen) + n+1 >= allocsize) {
++ if ( (*outlen) + n+1 >= (size_t)allocsize) {
+ allocsize = (*outlen) + n+1 + GROW_AMOUNT;
+ *out = xrealloc(*out, allocsize);
+ }
+ /* copy the plaintext */
+- strncat(*out, parts[0]->content, n);
++ strncat(*out, content, n);
+ (*out)[*outlen+n]='\0';
+ (*outlen) += n;
+ }
+@@ -343,7 +361,7 @@ static int build_notify_message(sieve_in
+ /* find length of plaintext up to next potential variable */
+ n = strcspn(c+1, "$") + 1; /* skip opening '$' */
+ /* realloc if necessary */
+- if ( (*outlen) + n+1 >= allocsize) {
++ if ( (*outlen) + n+1 >= (size_t)allocsize) {
+ allocsize = (*outlen) + n+1 + GROW_AMOUNT;
+ *out = xrealloc(*out, allocsize);
+ }
+@@ -536,6 +554,11 @@ int sieve_script_load(const char *fname,
+ syslog(LOG_ERR, "IOERROR: can not open sieve script %s: %m", fname);
+ return SIEVE_FAIL;
+ }
++ if (fstat(fd, &sbuf) == -1) {
++ syslog(LOG_ERR, "IOERROR: fstating sieve script %s: %m", fname);
++ close(fd);
++ return SIEVE_FAIL;
++ }
+
+ bc = (sieve_bytecode_t *) xzmalloc(sizeof(sieve_bytecode_t));
+
+@@ -665,7 +688,7 @@ static int do_sieve_error(int ret,
+ ret |= keep_ret;
+ if (keep_ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Kept\n");
+ else {
+ implicit_keep = 0; /* don't try an implicit keep again */
+@@ -719,7 +742,7 @@ static int do_action_list(sieve_interp_t
+
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Rejected with: %s\n", a->u.rej.msg);
+
+ break;
+@@ -734,7 +757,7 @@ static int do_action_list(sieve_interp_t
+
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Filed into: %s\n",a->u.fil.mailbox);
+ break;
+ case ACTION_KEEP:
+@@ -747,7 +770,7 @@ static int do_action_list(sieve_interp_t
+ &errmsg);
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Kept\n");
+ break;
+ case ACTION_REDIRECT:
+@@ -760,7 +783,7 @@ static int do_action_list(sieve_interp_t
+ &errmsg);
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Redirected to %s\n", a->u.red.addr);
+ break;
+ case ACTION_DISCARD:
+@@ -771,7 +794,7 @@ static int do_action_list(sieve_interp_t
+ &errmsg);
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Discarded\n");
+ break;
+
+@@ -797,12 +820,12 @@ static int do_action_list(sieve_interp_t
+
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Sent vacation reply\n");
+
+ } else if (ret == SIEVE_DONE) {
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Vacation reply suppressed\n");
+
+ ret = SIEVE_OK;
Modified: branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list
URL: https://mail.incase.de/viewcvs/branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list?rev=802&root=cyrus22&r1=801&r2=802&view=diff
==============================================================================
--- branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list (original)
+++ branches/cyrus23/cyrus-imapd-2.3-development/debian/patches/00list Fri Sep 4 17:42:44 2009
@@ -1,3 +1,4 @@
+0024-upstream-fix-sieve.dpatch
01-fix_Makefile.in.dpatch
02-add_mkinstalldirs.dpatch
03-fix_docs.dpatch
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list