Update to 2.4.18 and backport security patch.
This commit is contained in:
Jason Tibbitts
parent
399f01ad19
commit
a55fa566f7
1
.gitignore
vendored
1
.gitignore
vendored
@ -10,3 +10,4 @@ cyrus_sharedbackup-0.1.tar.gz
|
||||
/cyrus-imapd-2.4.15.tar.gz
|
||||
/cyrus-imapd-2.4.16.tar.gz
|
||||
/cyrus-imapd-2.4.17.tar.gz
|
||||
/cyrus-imapd-2.4.18.tar.gz
|
||||
|
||||
29
cyrus-imapd-2.3.18-potential-overflow.patch
Normal file
29
cyrus-imapd-2.3.18-potential-overflow.patch
Normal file
@ -0,0 +1,29 @@
|
||||
This is a backport of
|
||||
https://cyrus.foundation/cyrus-imapd/commit/?id=ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0
|
||||
|
||||
The patch is mentioned in http://seclists.org/oss-sec/2015/q3/651 as fixing
|
||||
potential overflows.
|
||||
|
||||
diff --git a/master/master.c b/master/master.c
|
||||
index 3886441..455548b 100644
|
||||
--- a/master/master.c
|
||||
+++ b/master/master.c
|
||||
@@ -197,13 +197,15 @@ void event_free(struct event *a)
|
||||
free(a);
|
||||
}
|
||||
|
||||
-void get_prog(char *path, unsigned size, char *const *cmd)
|
||||
+void get_prog(char *path, size_t size, char *const *cmd)
|
||||
{
|
||||
+ if (!size) return;
|
||||
if (cmd[0][0] == '/') {
|
||||
- /* master lacks strlcpy, due to no libcyrus */
|
||||
- snprintf(path, size, "%s", cmd[0]);
|
||||
+ /* master lacks strlcpy, due to no libcyrus */
|
||||
+ strncpy(path, cmd[0], size - 1);
|
||||
}
|
||||
else snprintf(path, size, "%s/%s", SERVICE_PATH, cmd[0]);
|
||||
+ path[size-1] = '\0';
|
||||
}
|
||||
|
||||
void get_statsock(int filedes[2])
|
||||
@ -1,6 +1,6 @@
|
||||
Name: cyrus-imapd
|
||||
Version: 2.4.17
|
||||
Release: 14%{?dist}
|
||||
Version: 2.4.18
|
||||
Release: 1%{?dist}
|
||||
|
||||
%define ssl_pem_file %{_sysconfdir}/pki/%{name}/%{name}.pem
|
||||
|
||||
@ -36,6 +36,8 @@ Patch2: cyrus-imapd-2.3.12p2-current-db.patch
|
||||
# for c-i <= 2.4.12
|
||||
Patch3: cyrus-imapd-2.4.12-debugopt.patch
|
||||
|
||||
Patch4: cyrus-imapd-2.3.18-potential-overflow.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: cyrus-sasl-devel, perl-devel, tcp_wrappers
|
||||
BuildRequires: perl(Pod::Html)
|
||||
@ -446,6 +448,11 @@ fi
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Thu Oct 01 2015 Jason L Tibbitts III <tibbs@math.uh.edu> - 2.4.18-1
|
||||
- Update to 2.4.18, rhbz#1267871 and rhbz#1267878
|
||||
- Backport ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0 to fix issues from
|
||||
http://seclists.org/oss-sec/2015/q3/651
|
||||
|
||||
* Wed Sep 09 2015 Jason L Tibbitts III <tibbs@math.uh.edu> - 2.4.17-14
|
||||
- Use %%license tag
|
||||
- Have -devel require the base package
|
||||
|
||||
Loading…
Reference in New Issue
Block a user