Hello community, here is the log from the commit of package postfix for openSUSE:11.4 checked in at Thu Mar 31 00:47:41 CEST 2011. -------- --- old-versions/11.4/all/postfix/postfix.changes 2011-02-10 12:44:15.000000000 +0100 +++ 11.4/postfix/postfix.changes 2011-03-30 12:23:01.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Mar 30 10:22:33 UTC 2011 - varkoly@novell.com + +- bnc#677792 - VUL-0: postfix: STARTTLS plaintext injection + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/postfix Destination is old-versions/11.4/UPDATES/all/postfix calling whatdependson for 11.4-i586 New: ---- bnc#677792.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.nZnB8V/_old 2011-03-31 00:47:21.000000000 +0200 +++ /var/tmp/diff_new_pack.nZnB8V/_new 2011-03-31 00:47:21.000000000 +0200 @@ -22,7 +22,7 @@ Name: postfix Summary: A fast, secure, and flexible mailer Version: 2.7.2 -Release: 3 +Release: 13.<RELEASE14> License: IBM Public License .. Group: Productivity/Networking/Email/Servers Url: http://www.postfix.org/ @@ -39,6 +39,7 @@ Patch10: %{name}-2.7.1-main.cf.patch Patch11: %{name}-vda-2.7.1.patch Patch12: %{name}-SuSE-ldap.patch +Patch13: bnc#677792.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq PreReq: /usr/bin/getent @@ -172,6 +173,7 @@ %patch10 -p1 %patch11 -p1 %patch12 -p0 +%patch13 -p1 # --------------------------------------------------------------------------- %build ++++++ bnc#677792.diff ++++++ diff -urN postfix-2.5.6-ipv6_disabled.patch//src/smtp/smtp_proto.c postfix-2.5.6-bnc#677792//src/smtp/smtp_proto.c --- postfix-2.5.6-ipv6_disabled.patch//src/smtp/smtp_proto.c 2008-01-09 15:04:37.000000000 +0100 +++ postfix-2.5.6-bnc#677792//src/smtp/smtp_proto.c 2011-03-17 08:18:19.498489005 +0100 @@ -811,6 +811,9 @@ SMTP_RESP_FAKE(&fake, "4.7.5"), "Server certificate not verified")); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(session->stream, VSTREAM_PURGE_BOTH); + /* * At this point we have to re-negotiate the "EHLO" to reget the * feature-list. diff -urN postfix-2.5.6-ipv6_disabled.patch//src/smtpd/smtpd.c postfix-2.5.6-bnc#677792//src/smtpd/smtpd.c --- postfix-2.5.6-ipv6_disabled.patch//src/smtpd/smtpd.c 2009-01-04 02:04:04.000000000 +0100 +++ postfix-2.5.6-bnc#677792//src/smtpd/smtpd.c 2011-03-17 08:18:19.497489005 +0100 @@ -3912,6 +3912,9 @@ /* Flush before we switch the stream's read/write routines. */ smtp_flush(state->client); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(state->client, VSTREAM_PURGE_BOTH); + /* * Reset all inputs to the initial state. * ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org