commit courier-authlib for openSUSE:11.1
Hello community, here is the log from the commit of package courier-authlib for openSUSE:11.1 checked in at Wed Dec 17 16:58:27 CET 2008. -------- --- old-versions/11.1/all/courier-authlib/courier-authlib.changes 2008-09-08 13:57:30.000000000 +0200 +++ /mounts/work_src_done/11.1/courier-authlib/courier-authlib.changes 2008-12-09 17:08:11.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Dec 9 17:07:53 CET 2008 - hvogel@suse.de + +- Fix CVE-2008-2380: Use PQsetClientEncoding() for proper + input sanitizing. This fixes a SQL injection possibility with + PGSQL databases that use non-Latin character sets. + Patch: courier-authlib-0.59plus.patch + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.1/all/courier-authlib Destination is old-versions/11.1/UPDATES/all/courier-authlib calling whatdependson for 11.1-i586 New: ---- courier-authlib-0.59plus.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ courier-authlib.spec ++++++ --- /var/tmp/diff_new_pack.w24358/_old 2008-12-17 16:58:20.000000000 +0100 +++ /var/tmp/diff_new_pack.w24358/_new 2008-12-17 16:58:20.000000000 +0100 @@ -22,13 +22,14 @@ BuildRequires: expect gcc-c++ gdbm-devel mysql-devel openldap2-devel pam-devel postgresql-devel procps Summary: Courier Authentication Library Version: 0.61.0 -Release: 1 +Release: 1.20.1 License: GPL v2 or later Group: Productivity/Networking/Email/Servers Url: http://www.courier-mta.org/imap/ Source: %{name}-%{version}.tar.bz2 Source1: courier-authdaemon.init Source2: rpmlintrc +Patch0: courier-authlib-0.59plus.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /bin/rm %define authdaemondir %{_localstatedir}/run/authdaemon.courier-imap @@ -121,6 +122,7 @@ %prep %setup -q +%patch0 %build export CFLAGS="$RPM_OPT_FLAGS -DLDAP_DEPRECATED=1" @@ -261,6 +263,11 @@ %{_libdir}/libauthpipe.so* %changelog +* Tue Dec 09 2008 hvogel@suse.de +- Fix CVE-2008-2380: Use PQsetClientEncoding() for proper + input sanitizing. This fixes a SQL injection possibility with + PGSQL databases that use non-Latin character sets. + Patch: courier-authlib-0.59plus.patch * Fri Sep 05 2008 hvogel@suse.de - update to version 0.61.0 * Cleanup: always compile md5, sha* and hmac stuff, and remove all ++++++ courier-authlib-0.59plus.patch ++++++ ++++ 775 lines (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de