Hello community,
here is the log from the commit of package imap for openSUSE:11.1
checked in at Wed Dec 17 16:58:41 CET 2008.
--------
--- old-versions/11.1/all/imap/imap.changes 2008-01-07 11:42:44.000000000 +0100
+++ /mounts/work_src_done/11.1/imap/imap.changes 2008-12-16 12:43:27.000000000 +0100
@@ -1,0 +2,8 @@
+Tue Dec 16 12:19:03 CET 2008 - hvogel@suse.de
+
+- Fix CVE-2008-5514. Buffer overflow in rfc822_output_char.
+ bnc#458579
+- Fix smtp NULL pointer dereference DOS.
+ bnc#459037
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback old-versions/11.1/all/imap
Destination is old-versions/11.1/UPDATES/all/imap
calling whatdependson for 11.1-i586
New:
----
imap-2006c1-rfc822_output_char_dos.patch
imap-2006c1-smtp_quit.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ imap.spec ++++++
--- /var/tmp/diff_new_pack.L25549/_old 2008-12-17 16:58:34.000000000 +0100
+++ /var/tmp/diff_new_pack.L25549/_new 2008-12-17 16:58:34.000000000 +0100
@@ -2,21 +2,29 @@
# spec file for package imap (Version 2006c1_suse)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
+
Name: imap
BuildRequires: openssl-devel pam-devel
Url: http://www.washington.edu/imap/
-License: BSD 3-Clause
+License: The Apache Software License
Group: Productivity/Networking/Email/Servers
Version: 2006c1_suse
-Release: 67
+Release: 127.1
Summary: IMAP4, POP2, and POP3 Mail Server
Source0: imap-2006c1.tar.bz2
Source1: README.SuSE
@@ -35,6 +43,8 @@
Patch4: imap-2001a-overflow.diff
Patch5: imap-2002c-c++.diff
Patch6: imap-2006c1.diff
+Patch7: imap-2006c1-rfc822_output_char_dos.patch
+Patch8: imap-2006c1-smtp_quit.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: pam inet-daemon
PreReq: bash /bin/echo /bin/mv
@@ -51,6 +61,7 @@
Mark Crispin
%package lib
+License: BSD 3-Clause
Summary: IMAP4rev1/c-client Development Environment
Group: Development/Libraries/C and C++
Provides: imap-devel:/usr/lib/libc-client.so
@@ -65,6 +76,7 @@
Mark Crispin
%package devel
+License: BSD 3-Clause
Summary: IMAP4rev1/c-client Development Environment
Group: Development/Libraries/C and C++
Requires: imap-lib = %version
@@ -88,6 +100,8 @@
%patch4
%patch5
%patch6
+%patch7
+%patch8
%build
export CFLAGS="$RPM_OPT_FLAGS -DDISABLE_POP_PROXY=1 -fPIC -fno-strict-aliasing -fstack-protector"
@@ -172,129 +186,134 @@
fi
%changelog
-* Mon Jan 07 2008 - mskibbe@suse.de
+* Tue Dec 16 2008 hvogel@suse.de
+- Fix CVE-2008-5514. Buffer overflow in rfc822_output_char.
+ bnc#458579
+- Fix smtp NULL pointer dereference DOS.
+ bnc#459037
+* Mon Jan 07 2008 mskibbe@suse.de
- Bug 351197 - several packages use wrong dir for SuSEfirewall2
services files
-* Fri Mar 16 2007 - mskibbe@suse.de
+* Fri Mar 16 2007 mskibbe@suse.de
- fix ports in firewall file
-* Fri Mar 02 2007 - mskibbe@suse.de
+* Fri Mar 02 2007 mskibbe@suse.de
- imap : Support for FATE #300687: Ports for SuSEfirewall added
via packages (#250579)
-* Thu Nov 16 2006 - mskibbe@suse.de
+* Thu Nov 16 2006 mskibbe@suse.de
- update to version 2006c1 which
o fix bugs
o fix bug( Bug 217287 - imap-2004g_suse-28: use of dangerous
"gets" function )
o fix bug( Bug 144598 - imap-2004g_suse-4: dodgy code )
-* Thu Feb 02 2006 - ro@suse.de
+* Thu Feb 02 2006 ro@suse.de
- give libc-client.so a SONAME
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
-* Sat Jan 14 2006 - schwab@suse.de
+* Sat Jan 14 2006 schwab@suse.de
- Don't strip binaries.
-* Wed Jan 11 2006 - seife@suse.de
+* Wed Jan 11 2006 seife@suse.de
- add -fstack-protector
-* Mon Oct 10 2005 - rommel@suse.de
+* Mon Oct 10 2005 rommel@suse.de
- version update to imap-2004g (includes fix for Bug #120608)
-* Mon Aug 22 2005 - rommel@suse.de
+* Mon Aug 22 2005 rommel@suse.de
- the FreeFork license used by UW says we have to make it clear in the version
number that we modified the sources; hinted by our license manager
-* Fri Jan 21 2005 - arvin@suse.de
+* Fri Jan 21 2005 arvin@suse.de
- updated to version 2004c
-* Tue Dec 14 2004 - arvin@suse.de
+* Tue Dec 14 2004 arvin@suse.de
- updated to version 2004b RC1
-* Mon Nov 15 2004 - kukuk@suse.de
+* Mon Nov 15 2004 kukuk@suse.de
- Use common-* PAM config files in imap.pamd and pop.pamd
-* Mon Sep 13 2004 - arvin@suse.de
+* Mon Sep 13 2004 arvin@suse.de
- fixes for mailbox access over rsh and ssh (bug #43905)
-* Fri Jul 16 2004 - arvin@suse.de
+* Fri Jul 16 2004 arvin@suse.de
- updated to version 2004a (bugfix release)
-* Tue May 11 2004 - arvin@suse.de
+* Tue May 11 2004 arvin@suse.de
- updated to version 2004
- enable IPv6 support
-* Fri Feb 27 2004 - arvin@suse.de
+* Fri Feb 27 2004 arvin@suse.de
- add %%run_ldconfig
-* Fri Jan 16 2004 - kukuk@suse.de
+* Fri Jan 16 2004 kukuk@suse.de
- Add pam-devel to neededforbuild
-* Fri Oct 31 2003 - arvin@suse.de
+* Fri Oct 31 2003 arvin@suse.de
- build rpms as non-root user
-* Wed Sep 24 2003 - arvin@suse.de
+* Wed Sep 24 2003 arvin@suse.de
- updated to version 2002e (minor release with primarily bugfixes)
-* Thu Jun 12 2003 - arvin@suse.de
+* Thu Jun 12 2003 arvin@suse.de
- fixed directory file list
-* Fri Jun 06 2003 - arvin@suse.de
+* Fri Jun 06 2003 arvin@suse.de
- updated to version 2002d (minor release with primarily bugfixes)
-* Thu Apr 17 2003 - arvin@suse.de
+* Thu Apr 17 2003 arvin@suse.de
- updated to version 2002c (minor release with primarily bugfixes)
-* Tue Apr 15 2003 - arvin@suse.de
+* Tue Apr 15 2003 arvin@suse.de
- explain how to create a certificate (bug #26281)
-* Fri Apr 11 2003 - arvin@suse.de
+* Fri Apr 11 2003 arvin@suse.de
- added tls/ssl services to xinetd config file
-* Thu Apr 10 2003 - arvin@suse.de
+* Thu Apr 10 2003 arvin@suse.de
- updated to version 2002b (maintenace release)
-* Thu Apr 10 2003 - arvin@suse.de
+* Thu Apr 10 2003 arvin@suse.de
- fixed path for certificates (now /etc/ssl/certs) (bug #25762)
-* Thu Mar 06 2003 - arvin@suse.de
+* Thu Mar 06 2003 arvin@suse.de
- don't use tcpwrapper config file for xinetd (bug #24773)
-* Mon Mar 03 2003 - arvin@suse.de
+* Mon Mar 03 2003 arvin@suse.de
- added config file for xinetd
-* Fri Feb 07 2003 - kukuk@suse.de
+* Fri Feb 07 2003 kukuk@suse.de
- Use pam_unix2.so instead of pam_unix.so
- Don't use absolute path to pam modules
-* Wed Nov 20 2002 - arvin@suse.de
+* Wed Nov 20 2002 arvin@suse.de
- updated to imap version 2002
- now compiled with the default SSLTYPE=nopwd in accordance with
current IESG security requirements
-* Thu Nov 07 2002 - arvin@suse.de
+* Thu Nov 07 2002 arvin@suse.de
- include linkage.c in imap-devel
-* Tue Sep 03 2002 - arvin@suse.de
+* Tue Sep 03 2002 arvin@suse.de
- fixed header files to be C++ compliant
-* Wed Jul 24 2002 - arvin@suse.de
+* Wed Jul 24 2002 arvin@suse.de
- moved shared library into extra sub package
-* Fri Jul 12 2002 - arvin@suse.de
+* Fri Jul 12 2002 arvin@suse.de
- imap-devel package requires imap package
-* Mon May 06 2002 - arvin@suse.de
+* Mon May 06 2002 arvin@suse.de
- fixed overflow while parsing rfc822 messages
-* Mon Apr 22 2002 - arvin@suse.de
+* Mon Apr 22 2002 arvin@suse.de
- make c-client.a a link to libc-client.a
-* Thu Apr 18 2002 - kukuk@suse.de
+* Thu Apr 18 2002 kukuk@suse.de
- Use -fPIC instead of -fpic
-* Mon Feb 04 2002 - arvin@suse.de
+* Mon Feb 04 2002 arvin@suse.de
- updated to version 2001a (maintenance release)
- turned SSL support on again
-* Fri Aug 24 2001 - ro@suse.de
+* Fri Aug 24 2001 ro@suse.de
- removed /lib/security path from pam.d config file
-* Mon Jun 18 2001 - arvin@suse.de
+* Mon Jun 18 2001 arvin@suse.de
- added osdep.h to imap-devel (bug #8698)
-* Tue May 08 2001 - arvin@suse.de
+* Tue May 08 2001 arvin@suse.de
- bzip2 sources
-* Wed Apr 18 2001 - arvin@suse.de
+* Wed Apr 18 2001 arvin@suse.de
- do not explicit provide imap, it's done automatically
-* Tue Feb 06 2001 - arvin@suse.de
+* Tue Feb 06 2001 arvin@suse.de
- updated to version 2000c
- fixed to compile without kernel header files
-* Tue Dec 19 2000 - arvin@suse.de
+* Tue Dec 19 2000 arvin@suse.de
- ensure to link against shared version of libcrypto
-* Mon Dec 18 2000 - arvin@suse.de
+* Mon Dec 18 2000 arvin@suse.de
- added SSL support
-* Fri Nov 03 2000 - kukuk@suse.de
+* Fri Nov 03 2000 kukuk@suse.de
- Fix compiling on SPARC
-* Fri Nov 03 2000 - arvin@suse.de
+* Fri Nov 03 2000 arvin@suse.de
- changed group tag
-* Thu Oct 26 2000 - arvin@suse.de
+* Thu Oct 26 2000 arvin@suse.de
- new version with imap 2000
- contains both programs and libraries
-* Fri Mar 17 2000 - rolf@suse.de
+* Fri Mar 17 2000 rolf@suse.de
- removed binaries [bug#2378]
- compile -fpic for shared lib
- use RPM macros for locations of files
- set Group: tag
-* Thu Dec 23 1999 - rolf@suse.de
+* Thu Dec 23 1999 rolf@suse.de
- make shared lib work and strip it
-* Thu Dec 09 1999 - rolf@suse.de
+* Thu Dec 09 1999 rolf@suse.de
- new version 4.7
- build for PAM systems (LDAP not supported)
- apply lock-patch
- also build shared lib
-* Fri Oct 01 1999 - rolf@suse.de
+* Fri Oct 01 1999 rolf@suse.de
- initial version 4.5.BETA
++++++ imap-2006c1-rfc822_output_char_dos.patch ++++++
Index: src/c-client/rfc822.c
===================================================================
--- src/c-client/rfc822.c.orig
+++ src/c-client/rfc822.c
@@ -1322,6 +1322,7 @@ char *rfc822_skip_comment (char **s,long
static long rfc822_output_char (RFC822BUFFER *buf,int c)
{
+ if ((buf->cur == buf->end) && !rfc822_output_flush (buf)) return NIL;
*buf->cur++ = c; /* add character, soutr buffer if full */
return (buf->cur == buf->end) ? rfc822_output_flush (buf) : LONGT;
}
@@ -1345,7 +1346,8 @@ static long rfc822_output_data (RFC822BU
len -= i;
}
/* soutr buffer now if full */
- if (len && !rfc822_output_flush (buf)) return NIL;
+ if ((len || (buf->cur == buf->end)) && !rfc822_output_flush (buf))
+ return NIL;
}
return LONGT;
}
++++++ imap-2006c1-smtp_quit.patch ++++++
--- src/c-client/smtp.c
+++ src/c-client/smtp.c
@@ -400,6 +400,8 @@
if (stream->netstream) { /* do close actions if have netstream */
smtp_send (stream,"QUIT",NIL);
net_close (stream->netstream);
+ if (stream->netstream) /* could have been closed during "QUIT" */
+ net_close (stream->netstream);
}
/* clean up */
if (stream->host) fs_give ((void **) &stream->host);
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org