Hi, Attached is a debdiff of the changes I made for 2.2.13-5.1 0-day NMU
Cheers, Giuseppe.
diff -u kolab-cyrus-imapd-2.2.13/debian/rules
kolab-cyrus-imapd-2.2.13/debian/rules
--- kolab-cyrus-imapd-2.2.13/debian/rules
+++ kolab-cyrus-imapd-2.2.13/debian/rules
@@ -9,6 +9,7 @@
# DebHelper control
export DH_ALWAYS_EXCLUDE=CVS
+export DH_VERBOSE=1
export MAINPKG=kolab-cyrus-common
export TMPPKG := $(CURDIR)/debian/tmp
diff -u kolab-cyrus-imapd-2.2.13/debian/changelog
kolab-cyrus-imapd-2.2.13/debian/changelog
--- kolab-cyrus-imapd-2.2.13/debian/changelog
+++ kolab-cyrus-imapd-2.2.13/debian/changelog
@@ -1,3 +1,11 @@
+kolab-cyrus-imapd (2.2.13-5.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Fix buffer overflow in SIEVE script component
+ (CVE-2009-3235, CVE-2009-2632) (Closes: 547712)
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Sat, 03 Oct 2009 20:00:44 +0200
+
kolab-cyrus-imapd (2.2.13-5) unstable; urgency=low
* Synced against cyrus-imapd package (closes: #475128)
diff -u kolab-cyrus-imapd-2.2.13/debian/patches/00list
kolab-cyrus-imapd-2.2.13/debian/patches/00list
--- kolab-cyrus-imapd-2.2.13/debian/patches/00list
+++ kolab-cyrus-imapd-2.2.13/debian/patches/00list
@@ -74,0 +75 @@
+0024-upstream-fix-sieve.dpatch
only in patch2:
unchanged:
--- kolab-cyrus-imapd-2.2.13.orig/debian/patches/0024-upstream-fix-sieve.dpatch
+++ kolab-cyrus-imapd-2.2.13/debian/patches/0024-upstream-fix-sieve.dpatch
@@ -0,0 +1,142 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0024-upstream-fix-sieve.dpatch by Giuseppe Iuculano <giuse...@iuculano.it>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+...@dpatch@
+diff -urNad kolab-cyrus-imapd-2.2.13~/sieve/bc_eval.c
kolab-cyrus-imapd-2.2.13/sieve/bc_eval.c
+--- kolab-cyrus-imapd-2.2.13~/sieve/bc_eval.c 2009-09-23 11:27:37.000000000
+0200
++++ kolab-cyrus-imapd-2.2.13/sieve/bc_eval.c 2009-09-23 11:28:09.000000000
+0200
+@@ -440,7 +440,7 @@
+ int comparator=ntohl(bc[i+3].value);
+ int apart=ntohl(bc[i+4].value);
+ int count=0;
+- char scount[3];
++ char scount[21];
+ int isReg = (match==B_REGEX);
+ int ctag = 0;
+ regex_t *reg;
+@@ -574,7 +574,7 @@
+
+ if (match == B_COUNT)
+ {
+- sprintf(scount, "%u", count);
++ snprintf(scount, sizeof(scount), "%u", count);
+ /* search through all the data */
+ currd=datai+2;
+ for (z=0; z<numdata && !res; z++)
+@@ -608,7 +608,7 @@
+ int relation=ntohl(bc[i+2].value);
+ int comparator=ntohl(bc[i+3].value);
+ int count=0;
+- char scount[3];
++ char scount[21];
+ int isReg = (match==B_REGEX);
+ int ctag = 0;
+ regex_t *reg;
+@@ -689,7 +689,7 @@
+
+ if (match == B_COUNT )
+ {
+- sprintf(scount, "%u", count);
++ snprintf(scount, sizeof(scount), "%u", count);
+ /*search through all the data*/
+ currd=datai+2;
+ for (z=0; z<numdata && !res; z++)
+diff -urNad kolab-cyrus-imapd-2.2.13~/sieve/script.c
kolab-cyrus-imapd-2.2.13/sieve/script.c
+--- kolab-cyrus-imapd-2.2.13~/sieve/script.c 2009-09-23 11:27:43.000000000
+0200
++++ kolab-cyrus-imapd-2.2.13/sieve/script.c 2009-09-23 11:27:44.000000000
+0200
+@@ -531,9 +531,9 @@
+ if ((ret != SIEVE_OK) && interp->err) {
+ char buf[1024];
+ if (lastaction == -1) /* we never executed an action */
+- sprintf(buf, "%s", errmsg ? errmsg : sieve_errstr(ret));
++ snprintf(buf, sizeof(buf), "%s", errmsg ? errmsg :
sieve_errstr(ret));
+ else
+- sprintf(buf, "%s: %s", action_to_string(lastaction),
++ snprintf(buf, sizeof(buf), "%s: %s", action_to_string(lastaction),
+ errmsg ? errmsg : sieve_errstr(ret));
+
+ ret |= interp->execute_err(buf, interp->interp_context,
+@@ -551,7 +551,7 @@
+ ret |= keep_ret;
+ if (keep_ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Kept\n");
+ else {
+ implicit_keep = 0; /* don't try an implicit keep again */
+@@ -604,7 +604,7 @@
+
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Rejected with: %s\n", a->u.rej.msg);
+
+ break;
+@@ -620,7 +620,7 @@
+
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Filed into: %s\n",a->u.fil.mailbox);
+ break;
+ case ACTION_KEEP:
+@@ -634,7 +634,7 @@
+ &errmsg);
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Kept\n");
+ break;
+ case ACTION_REDIRECT:
+@@ -648,7 +648,7 @@
+ &errmsg);
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Redirected to %s\n", a->u.red.addr);
+ break;
+ case ACTION_DISCARD:
+@@ -660,7 +660,7 @@
+ &errmsg);
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Discarded\n");
+ break;
+
+@@ -694,12 +694,12 @@
+
+ if (ret == SIEVE_OK)
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Sent vacation reply\n");
+
+ } else if (ret == SIEVE_DONE) {
+ snprintf(actions_string+strlen(actions_string),
+- sizeof(actions_string)-strlen(actions_string),
++ ACTIONS_STRING_LEN-strlen(actions_string),
+ "Vacation reply suppressed\n");
+
+ ret = SIEVE_OK;
+diff -urNad kolab-cyrus-imapd-2.2.13~/sieve/sieve.y
kolab-cyrus-imapd-2.2.13/sieve/sieve.y
+--- kolab-cyrus-imapd-2.2.13~/sieve/sieve.y 2009-09-23 11:27:37.000000000
+0200
++++ kolab-cyrus-imapd-2.2.13/sieve/sieve.y 2009-09-23 11:27:44.000000000
+0200
+@@ -923,7 +923,7 @@
+ else if (!strcmp(r, "ne")) {return NE;}
+ else if (!strcmp(r, "eq")) {return EQ;}
+ else{
+- sprintf(errbuf, "flag '%s': not a valid relational operation", r);
++ snprintf(errbuf, sizeof(errbuf), "flag '%s': not a valid relational
operation", r);
+ yyerror(errbuf);
+ return -1;
+ }
signature.asc
Description: OpenPGP digital signature
