fix buffer overflow in cyrus sieve

cyrus-imapd-2.3.13-bufov.patch

@@ -0,0 +1,80 @@
+--- src/sieve/script.c	2008/03/24 20:08:46	1.67
++++ src/sieve/script.c	2009/09/02 13:56:18	1.68
+@@ -40,7 +40,7 @@
+  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+  *
+- * $Id: cyrus-imapd-2.3.13-bufov.patch,v 1.1 2009/09/07 14:37:58 mhlavink Exp $
++ * $Id: cyrus-imapd-2.3.13-bufov.patch,v 1.1 2009/09/07 14:37:58 mhlavink Exp $
+  */
+ 
+ #ifdef HAVE_CONFIG_H
+@@ -688,7 +688,7 @@ static int do_sieve_error(int ret,
+ 	ret |= keep_ret;
+         if (keep_ret == SIEVE_OK)
+             snprintf(actions_string+strlen(actions_string),
+-		     sizeof(actions_string)-strlen(actions_string),
++		     ACTIONS_STRING_LEN-strlen(actions_string),
+ 		     "Kept\n");
+ 	else {
+ 	    implicit_keep = 0;	/* don't try an implicit keep again */
+@@ -742,7 +742,7 @@ static int do_action_list(sieve_interp_t
+ 	    
+ 	    if (ret == SIEVE_OK)
+ 		snprintf(actions_string+strlen(actions_string),
+-			 sizeof(actions_string)-strlen(actions_string), 
++			 ACTIONS_STRING_LEN-strlen(actions_string), 
+ 			 "Rejected with: %s\n", a->u.rej.msg);
+ 
+ 	    break;
+@@ -757,7 +757,7 @@ static int do_action_list(sieve_interp_t
+ 
+ 	    if (ret == SIEVE_OK)
+ 		snprintf(actions_string+strlen(actions_string),
+-			 sizeof(actions_string)-strlen(actions_string),
++			 ACTIONS_STRING_LEN-strlen(actions_string),
+ 			 "Filed into: %s\n",a->u.fil.mailbox);
+ 	    break;
+ 	case ACTION_KEEP:
+@@ -770,7 +770,7 @@ static int do_action_list(sieve_interp_t
+ 			       &errmsg);
+ 	    if (ret == SIEVE_OK)
+ 		snprintf(actions_string+strlen(actions_string),
+-			 sizeof(actions_string)-strlen(actions_string),
++			 ACTIONS_STRING_LEN-strlen(actions_string),
+ 			 "Kept\n");
+ 	    break;
+ 	case ACTION_REDIRECT:
+@@ -783,7 +783,7 @@ static int do_action_list(sieve_interp_t
+ 				   &errmsg);
+ 	    if (ret == SIEVE_OK)
+ 		snprintf(actions_string+strlen(actions_string),
+-			 sizeof(actions_string)-strlen(actions_string),
++			 ACTIONS_STRING_LEN-strlen(actions_string),
+ 			 "Redirected to %s\n", a->u.red.addr);
+ 	    break;
+ 	case ACTION_DISCARD:
+@@ -794,7 +794,7 @@ static int do_action_list(sieve_interp_t
+ 				      &errmsg);
+ 	    if (ret == SIEVE_OK)
+ 		snprintf(actions_string+strlen(actions_string),
+-			 sizeof(actions_string)-strlen(actions_string),
++			 ACTIONS_STRING_LEN-strlen(actions_string),
+ 			 "Discarded\n");
+ 	    break;
+ 
+@@ -820,12 +820,12 @@ static int do_action_list(sieve_interp_t
+ 
+ 		    if (ret == SIEVE_OK)
+ 			snprintf(actions_string+strlen(actions_string),
+-				 sizeof(actions_string)-strlen(actions_string),
++				 ACTIONS_STRING_LEN-strlen(actions_string),
+ 				 "Sent vacation reply\n");
+ 
+ 		} else if (ret == SIEVE_DONE) {
+ 		    snprintf(actions_string+strlen(actions_string),
+-			     sizeof(actions_string)-strlen(actions_string),
++			     ACTIONS_STRING_LEN-strlen(actions_string),
+ 			     "Vacation reply suppressed\n");
+ 
+ 		    ret = SIEVE_OK;

cyrus-imapd.spec

@@ -1,6 +1,6 @@
 Name: cyrus-imapd
 Version: 2.3.14
-Release: 4%{?dist}
+Release: 5%{?dist}
 
 # ********************** BUILD TIME OPTIONS START **********************
 
@@ -116,6 +116,7 @@ Patch15: cyrus-imapd-2.3.1-make_md5_defaults.patch
 Patch18: cyrus-imapd-2.3.7-krb4.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=461875
 Patch19: cyrus-imapd-2.3.12p2-current-db.patch
+Patch20: cyrus-imapd-2.3.13-bufov.patch
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 BuildRequires: autoconf >= 2.59
 BuildRequires: cyrus-sasl-devel >= 2.1.15-1, perl-devel, tcp_wrappers
@@ -213,6 +214,7 @@ one running the server.
 %patch15 -p1 -b .make_md5_defaults
 %patch18 -p1 -b .krb4
 %patch19 -p1 -b .db4.7
+%patch20 -p1 -b .bufov
 
 # only to update config.* files
 automake -a -f -c || :
@@ -729,6 +731,9 @@ fi
 %{_mandir}/man1/*
 
 %changelog
+* Mon Sep 07 2009 Michal Hlavinka <mhlavink@redhat.com> - 2.3.14-5
+- fix buffer overflow in cyrus sieve (#521010)
+
 * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.3.14-4
 - rebuilt with new openssl