Hello community, here is the log from the commit of package postfix for openSUSE:11.3 checked in at Fri Mar 18 14:59:33 CET 2011. -------- --- old-versions/11.3/UPDATES/all/postfix/postfix.changes 2010-08-12 20:59:58.000000000 +0200 +++ 11.3/postfix/postfix.changes 2011-03-15 12:02:46.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Mar 15 11:00:32 UTC 2011 - varkoly@novell.com + +- bnc#677792 - VUL-0: postfix: STARTTLS plaintext injection + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- bnc#677792.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.uNleDA/_old 2011-03-18 14:59:24.000000000 +0100 +++ /var/tmp/diff_new_pack.uNleDA/_new 2011-03-18 14:59:24.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package postfix (Version 2.7.1) +# spec file for package postfix # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Name: postfix Summary: A fast, secure, and flexible mailer Version: 2.7.1 -Release: 2.<RELEASE2> +Release: 2.<RELEASE4> License: IBM Public License .. Group: Productivity/Networking/Email/Servers Url: http://www.postfix.org/ @@ -39,6 +39,7 @@ Patch10: %{name}-2.2.9-main.cf.patch Patch11: %{name}-2.6.1-vda-ng.patch Patch12: %{name}-2.6.1-vda-ng-64bit.patch +Patch13: bnc#677792.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq PreReq: /usr/bin/getent @@ -171,6 +172,7 @@ %ifarch x86_64 %patch12 -p1 %endif +%patch13 # --------------------------------------------------------------------------- %build ++++++ bnc#677792.diff ++++++ --- src/smtpd/smtpd.c-orig 2011-03-15 11:46:16.488687003 +0100 +++ src/smtpd/smtpd.c 2011-03-15 11:47:22.865687008 +0100 @@ -4097,6 +4097,9 @@ /* Flush before we switch the stream's read/write routines. */ smtp_flush(state->client); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(state->client, VSTREAM_PURGE_BOTH); + /* * Reset all inputs to the initial state. * --- src/smtp/smtp_proto.c.orig 2011-03-15 11:44:46.016054002 +0100 +++ src/smtp/smtp_proto.c 2011-03-15 11:45:49.621686995 +0100 @@ -812,6 +812,9 @@ SMTP_RESP_FAKE(&fake, "4.7.5"), "Server certificate not verified")); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(session->stream, VSTREAM_PURGE_BOTH); + /* * At this point we have to re-negotiate the "EHLO" to reget the * feature-list. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org