[SVN] r847 - in /trunk/cyrus-imapd-2.2.13/debian: changelog patches/0025-upstream-fix-cve-2009-3235.dpatch

Wed Sep 23 13:38:04 UTC 2009

Author: hmh
Date: Wed Sep 23 15:38:04 2009
New Revision: 847

URL: https://mail.incase.de/viewcvs?rev=847&root=cyrus22&view=rev
Log:
* sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
  update for completeness to match the patch used by the security-team:
  use snprintf for scount, to future-proof against "int" larger than
  64 bits.

Modified:
    trunk/cyrus-imapd-2.2.13/debian/changelog
    trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch

Modified: trunk/cyrus-imapd-2.2.13/debian/changelog
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/changelog?rev=847&root=cyrus22&r1=846&r2=847&view=diff
==============================================================================

--- trunk/cyrus-imapd-2.2.13/debian/changelog (original)
+++ trunk/cyrus-imapd-2.2.13/debian/changelog Wed Sep 23 15:38:04 2009
@@ -1,8 +1,12 @@
 cyrus-imapd-2.2 (2.2.13-18) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
-
- -- Henrique de Moraes Holschuh <hmh at debian.org>  Tue, 22 Sep 2009 23:26:20 -0300
+  * sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
+    update for completeness to match the patch used by the security-team:
+    use snprintf for scount, to future-proof against "int" larger than
+    64 bits.
+
+ -- Henrique de Moraes Holschuh <hmh at debian.org>  Wed, 23 Sep 2009 09:22:07 -0300
 
 cyrus-imapd-2.2 (2.2.13-17) unstable; urgency=high
 

Modified: trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch?rev=847&root=cyrus22&r1=3D846&r2=847&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch (original)
+++ trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch Wed Sep 23 15:38:04 2009
@@ -6,8 +6,8 @@
 
 @DPATCH@
 diff -urNad cyrus-imapd-2.2.13~/sieve/bc_eval.c cyrus-imapd-2.2.13/sieve/bc_eval.c
---- cyrus-imapd-2.2.13~/sieve/bc_eval.c	2009-09-22 18:47:23.000000000 -0300
-+++ cyrus-imapd-2.2.13/sieve/bc_eval.c	2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/bc_eval.c	2009-09-23 09:18:50.557332445 -0300
++++ cyrus-imapd-2.2.13/sieve/bc_eval.c	2009-09-23 09:20:15.831016330 -0300
 @@ -440,7 +440,7 @@
  	int comparator=ntohl(bc[i+3].value);
  	int apart=ntohl(bc[i+4].value);
@@ -17,6 +17,15 @@
  	int isReg = (match==B_REGEX);
  	int ctag = 0;
  	regex_t *reg;
+@@ -574,7 +574,7 @@
+      
+ 	if  (match == B_COUNT)
+ 	{
+-	    sprintf(scount, "%u", count);
++	    snprintf(scount, sizeof(scount), "%u", count);
+ 	    /* search through all the data */ 
+ 	    currd=datai+2;
+ 	    for (z=0; z<numdata && !res; z++)
 @@ -608,7 +608,7 @@
  	int relation=ntohl(bc[i+2].value);
  	int comparator=ntohl(bc[i+3].value);
@@ -26,9 +35,18 @@
  	int isReg = (match==B_REGEX);
  	int ctag = 0;
  	regex_t *reg;
+@@ -689,7 +689,7 @@
+ 	
+ 	if  (match == B_COUNT )
+ 	{
+-	    sprintf(scount, "%u", count);
++	    snprintf(scount, sizeof(scount), "%u", count);
+ 	    /*search through all the data*/ 
+ 	    currd=datai+2;
+ 	    for (z=0; z<numdata && !res; z++)
 diff -urNad cyrus-imapd-2.2.13~/sieve/script.c cyrus-imapd-2.2.13/sieve/script.c
---- cyrus-imapd-2.2.13~/sieve/script.c	2009-09-22 18:57:09.666668946 -0300
-+++ cyrus-imapd-2.2.13/sieve/script.c	2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/script.c	2009-09-23 09:18:51.474832314 -0300
++++ cyrus-imapd-2.2.13/sieve/script.c	2009-09-23 09:18:51.627330879 -0300
 @@ -526,9 +526,9 @@
      if ((ret != SIEVE_OK) && interp->err) {
  	char buf[1024];
@@ -42,8 +60,8 @@
   
  	ret |= interp->execute_err(buf, interp->interp_context,
 diff -urNad cyrus-imapd-2.2.13~/sieve/sieve.y cyrus-imapd-2.2.13/sieve/sieve.y
---- cyrus-imapd-2.2.13~/sieve/sieve.y	2009-09-22 18:47:23.000000000 -0300
-+++ cyrus-imapd-2.2.13/sieve/sieve.y	2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/sieve.y	2009-09-23 09:18:50.557332445 -0300
++++ cyrus-imapd-2.2.13/sieve/sieve.y	2009-09-23 09:18:51.627330879 -0300
 @@ -923,7 +923,7 @@
  	else if (!strcmp(r, "ne")) {return NE;}
  	else if (!strcmp(r, "eq")) {return EQ;}


