[Pkg-cyrus-sasl2-commits] r448 - in /cyrus-sasl-2.1/branches/lenny/debian: changelog patches/0021_CVE-2009-0688-fix.dpatch patches/00list

fabbe at users.alioth.debian.org fabbe at users.alioth.debian.org
Sun May 24 09:23:42 UTC 2009 

Author: fabbe
Date: Sun May 24 09:23:42 2009
New Revision: 448

URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/?sc=1&rev=448
Log:
Backport CVE-2009-0688 security fix from upstream version 2.1.23.

Added:
    cyrus-sasl-2.1/branches/lenny/debian/patches/0021_CVE-2009-0688-fix.dpatch   (with props)
Modified:
    cyrus-sasl-2.1/branches/lenny/debian/changelog
    cyrus-sasl-2.1/branches/lenny/debian/patches/00list

Modified: cyrus-sasl-2.1/branches/lenny/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/branches/lenny/debian/changelog?rev=448&op=diff
==============================================================================
--- cyrus-sasl-2.1/branches/lenny/debian/changelog (original)
+++ cyrus-sasl-2.1/branches/lenny/debian/changelog Sun May 24 09:23:42 2009
@@ -1,3 +1,10 @@
+cyrus-sasl2 (2.1.22.dfsg1-23+lenny1) stable-security; urgency=high
+
+  * debian/patches/0021_CVE-2009-0688-fix.dpatch, debian/patches/00list:
+    Backport security fix for CVE-2009-0688 from upstream version 2.1.23.
+
+ -- Fabian Fagerholm <fabbe at debian.org>  Sun, 24 May 2009 12:16:35 +0300
+
 cyrus-sasl2 (2.1.22.dfsg1-23) unstable; urgency=low
 
   * Add README.source to comply with Standards-Version 3.8.0

Added: cyrus-sasl-2.1/branches/lenny/debian/patches/0021_CVE-2009-0688-fix.dpatch
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/branches/lenny/debian/patches/0021_CVE-2009-0688-fix.dpatch?rev=448&op=file
==============================================================================
--- cyrus-sasl-2.1/branches/lenny/debian/patches/0021_CVE-2009-0688-fix.dpatch (added)
+++ cyrus-sasl-2.1/branches/lenny/debian/patches/0021_CVE-2009-0688-fix.dpatch Sun May 24 09:23:42 2009
@@ -1,0 +1,45 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0021_CVE-2009-0688-fix.dpatch by  <fabbe at paniq.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Newer version of lib/saslutil.c to fix security issue
+## DP: (CVE-2009-0688).
+
+ at DPATCH@
+diff -urNad lenny~/lib/saslutil.c lenny/lib/saslutil.c
+--- lenny~/lib/saslutil.c	2009-05-24 12:13:43.000000000 +0300
++++ lenny/lib/saslutil.c	2009-05-24 12:15:02.000000000 +0300
+@@ -1,7 +1,7 @@
+ /* saslutil.c
+  * Rob Siemborski
+  * Tim Martin
+- * $Id: saslutil.c,v 1.44 2006/03/13 18:26:36 mel Exp $
++ * $Id: saslutil.c,v 1.44.2.1 2009/04/27 17:47:17 murch Exp $
+  */
+ /* 
+  * Copyright (c) 1998-2003 Carnegie Mellon University.  All rights reserved.
+@@ -125,10 +125,12 @@
+     
+     /* Will it fit? */
+     olen = (inlen + 2) / 3 * 4;
+-    if (outlen)
++    if (outlen) {
+       *outlen = olen;
+-    if (outmax < olen)
++    }
++    if (outmax <= olen) {
+       return SASL_BUFOVER;
++    }
+ 
+     /* Do the work... */
+     blah=(char *) out;
+@@ -151,8 +153,7 @@
+         *out++ = '=';
+     }
+ 
+-    if (olen < outmax)
+-      *out = '\0';
++    *out = '\0';
+     
+     return SASL_OK;
+ }

Propchange: cyrus-sasl-2.1/branches/lenny/debian/patches/0021_CVE-2009-0688-fix.dpatch
------------------------------------------------------------------------------
    svn:executable = *

Modified: cyrus-sasl-2.1/branches/lenny/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/branches/lenny/debian/patches/00list?rev=448&op=diff
==============================================================================
--- cyrus-sasl-2.1/branches/lenny/debian/patches/00list (original)
+++ cyrus-sasl-2.1/branches/lenny/debian/patches/00list Sun May 24 09:23:42 2009
@@ -19,3 +19,4 @@
 0018_auth_rimap_quotes
 0019_ldap_deprecated
 0020_saslauthd_manpage
+0021_CVE-2009-0688-fix

More information about the Pkg-cyrus-sasl2-commits mailing list