Fix CVE 2019 19906
This commit is contained in:
parent
9396364d6c
commit
46614e1be0
25
cyrus-sasl-cve-2019-19906.patch
Normal file
25
cyrus-sasl-cve-2019-19906.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quanah Gibson-Mount <quanah@symas.com>
|
||||||
|
Date: Tue, 18 Feb 2020 19:05:12 +0000
|
||||||
|
Subject: [PATCH] Fix #587
|
||||||
|
|
||||||
|
Off by one error in common.c, CVE-2019-19906.
|
||||||
|
|
||||||
|
Thanks to Stephan Zeisberg for reporting
|
||||||
|
---
|
||||||
|
lib/common.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/common.c b/lib/common.c
|
||||||
|
index bc3bf1df..9969d6aa 100644
|
||||||
|
--- a/lib/common.c
|
||||||
|
+++ b/lib/common.c
|
||||||
|
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t *alloclen,
|
||||||
|
|
||||||
|
if (add==NULL) add = "(null)";
|
||||||
|
|
||||||
|
- addlen=strlen(add); /* only compute once */
|
||||||
|
+ addlen=strlen(add)+1; /* only compute once */
|
||||||
|
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
|
||||||
|
return SASL_NOMEM;
|
||||||
|
|
@ -8,7 +8,7 @@
|
|||||||
Summary: The Cyrus SASL library
|
Summary: The Cyrus SASL library
|
||||||
Name: cyrus-sasl
|
Name: cyrus-sasl
|
||||||
Version: 2.1.27
|
Version: 2.1.27
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: BSD with advertising
|
License: BSD with advertising
|
||||||
URL: https://www.cyrusimap.org/sasl/
|
URL: https://www.cyrusimap.org/sasl/
|
||||||
|
|
||||||
@ -33,6 +33,8 @@ Patch24: cyrus-sasl-2.1.21-sizes.patch
|
|||||||
Patch49: cyrus-sasl-2.1.26-md5global.patch
|
Patch49: cyrus-sasl-2.1.26-md5global.patch
|
||||||
Patch60: cyrus-sasl-pr559-RC4-openssl.patch
|
Patch60: cyrus-sasl-pr559-RC4-openssl.patch
|
||||||
|
|
||||||
|
Patch100: cyrus-sasl-cve-2019-19906.patch
|
||||||
|
|
||||||
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
|
||||||
BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
|
BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
|
||||||
BuildRequires: mariadb-connector-c-devel, libpq-devel, zlib-devel
|
BuildRequires: mariadb-connector-c-devel, libpq-devel, zlib-devel
|
||||||
@ -151,6 +153,7 @@ the GS2 authentication scheme.
|
|||||||
%patch24 -p1 -b .sizes
|
%patch24 -p1 -b .sizes
|
||||||
%patch49 -p1 -b .md5global.h
|
%patch49 -p1 -b .md5global.h
|
||||||
%patch60 -p1 -b .openssl_rc4
|
%patch60 -p1 -b .openssl_rc4
|
||||||
|
%patch100 -p1 -b .cve_2019_19906
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# reconfigure
|
# reconfigure
|
||||||
@ -357,6 +360,9 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
|
|||||||
%{_sbindir}/sasl2-shared-mechlist
|
%{_sbindir}/sasl2-shared-mechlist
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Mar 19 2020 Simo Sorce - 2.1.27-4
|
||||||
|
- Fix CVE 2019 19906
|
||||||
|
|
||||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.27-3
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.27-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user