rpms/cyrus-imapd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import cyrus-imapd-3.0.7-15.el8_0.1

Browse Source
This commit is contained in:
CentOS Sources 2019-07-15 04:58:11 -04:00 committed by Andrew Lukoshko
parent 9d35fdeec3
commit 7b6043bb55
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
SOURCES/cyrus-imapd-cve_2019_11356.patch Normal file
View File

@ -0,0 +1,26 @@
diff --git a/imap/httpd.c b/imap/httpd.c
index dc53f8c..24b65e5 100644
--- a/imap/httpd.c
+++ b/imap/httpd.c
@@ -2202,7 +2202,7 @@ EXPORTED time_t calc_compile_time(const char *time, const char *date)
memset(&tm, 0, sizeof(struct tm));
tm.tm_isdst = -1;
sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
- sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
+ sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
tm.tm_year -= 1900;
for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) {
if (!strcmp(month, monthname[tm.tm_mon])) break;
diff --git a/imap/ical_support.c b/imap/ical_support.c
index 1d7550a..e1bda50 100644
--- a/imap/ical_support.c
+++ b/imap/ical_support.c
@@ -458,7 +458,7 @@ const char *get_icalcomponent_errstr(icalcomponent *ical)
/* Check if this is an empty property error */
if (sscanf(errstr,
- "No value for %s property", propname) == 1) {
+ "No value for %255s property", propname) == 1) {
/* Empty LOCATION is OK */
if (!strcasecmp(propname, "LOCATION")) continue;
if (!strcasecmp(propname, "COMMENT")) continue;

8
SPECS/cyrus-imapd.spec
View File

@ -9,7 +9,7 @@
Name: cyrus-imapd
Version: 3.0.7
Release: 15%{?dist}
Release: 15%{?dist}.1
%define ssl_pem_file /etc/pki/%name/%name.pem
@ -42,6 +42,7 @@ Patch4: cyrus-imapd-close_backup_on_failure.patch
Patch5: cyrus-imapd-memory_leak_on_cleanup.patch
Patch6: cyrus-imapd-memory_leak_on_cleanup_2.patch
Patch7: cyrus-imapd-close_backup_fd_on_error.patch
Patch8: cyrus-imapd-cve_2019_11356.patch
Source10: cyrus-imapd.logrotate
Source11: cyrus-imapd.pam-config
@ -55,6 +56,8 @@ Source17: cyrus-imapd.service
Source18: cyrus-imapd-init.service
Source19: cyrus-imapd.tmpfiles.conf
# Source files for running the Cassandane test suite at build time.
Source80: https://github.com/cyrusimap/cassandane/archive/%cocas.tar.gz#/cassandane-%{scmt %cocas}.tar.gz
@ -672,6 +675,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
%changelog
* Fri Jun 7 2019 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-15.1
- Resolves: #1718194 - don't overrun buffer when parsing strings with sscanf()
* Mon Oct 8 2018 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-15
- Related: #1602472 - Fix rpmdiff warnings