[Pkg-cyrus-sasl2-commits] r487 - in /cyrus-sasl-2.1/branches/etch/debian: changelog patches/0021_CVE-2009-0688-fix.dpatch patches/00list
fabbe at users.alioth.debian.org
fabbe at users.alioth.debian.org
Wed May 27 17:25:53 UTC 2009
Author: fabbe
Date: Wed May 27 17:25:53 2009
New Revision: 487
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/?sc=1&rev=487
Log:
Add patch for CVE-2009-0688.
Added:
cyrus-sasl-2.1/branches/etch/debian/patches/0021_CVE-2009-0688-fix.dpatch (with props)
Modified:
cyrus-sasl-2.1/branches/etch/debian/changelog
cyrus-sasl-2.1/branches/etch/debian/patches/00list
Modified: cyrus-sasl-2.1/branches/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/branches/etch/debian/changelog?rev=487&op=diff
==============================================================================
--- cyrus-sasl-2.1/branches/etch/debian/changelog (original)
+++ cyrus-sasl-2.1/branches/etch/debian/changelog Wed May 27 17:25:53 2009
@@ -1,8 +1,10 @@
-cyrus-sasl2 (2.1.22.dfsg1-9) UNRELEASED; urgency=low
+cyrus-sasl2 (2.1.22.dfsg1-8+lenny1) UNRELEASED; urgency=low
* NOT RELEASED YET
-
- -- Fabian Fagerholm <fabbe at debian.org> Thu, 14 Dec 2006 00:12:42 +0200
+ * debian/patches/0021_CVE-2009-0688-fix.dpatchh, debian/patches/00list:
+ Backport security fix for CVE-2009-0688 from upstream version 2.1.23.
+
+ -- Fabian Fagerholm <fabbe at debian.org> Wed, 27 May 2009 20:24:16 +0300
cyrus-sasl2 (2.1.22.dfsg1-8) unstable; urgency=high
Added: cyrus-sasl-2.1/branches/etch/debian/patches/0021_CVE-2009-0688-fix.dpatch
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/branches/etch/debian/patches/0021_CVE-2009-0688-fix.dpatch?rev=487&op=file
==============================================================================
--- cyrus-sasl-2.1/branches/etch/debian/patches/0021_CVE-2009-0688-fix.dpatch (added)
+++ cyrus-sasl-2.1/branches/etch/debian/patches/0021_CVE-2009-0688-fix.dpatch Wed May 27 17:25:53 2009
@@ -1,0 +1,45 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 0021_CVE-2009-0688-fix.dpatch by <fabbe at paniq.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Newer version of lib/saslutil.c to fix security issue
+## DP: (CVE-2009-0688).
+
+ at DPATCH@
+diff -urNad etch~/lib/saslutil.c etch/lib/saslutil.c
+--- etch~/lib/saslutil.c 2009-05-27 20:23:38.000000000 +0300
++++ etch/lib/saslutil.c 2009-05-27 20:23:38.000000000 +0300
+@@ -1,7 +1,7 @@
+ /* saslutil.c
+ * Rob Siemborski
+ * Tim Martin
+- * $Id: saslutil.c,v 1.44 2006/03/13 18:26:36 mel Exp $
++ * $Id: saslutil.c,v 1.44.2.1 2009/04/27 17:47:17 murch Exp $
+ */
+ /*
+ * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved.
+@@ -125,10 +125,12 @@
+
+ /* Will it fit? */
+ olen = (inlen + 2) / 3 * 4;
+- if (outlen)
++ if (outlen) {
+ *outlen = olen;
+- if (outmax < olen)
++ }
++ if (outmax <= olen) {
+ return SASL_BUFOVER;
++ }
+
+ /* Do the work... */
+ blah=(char *) out;
+@@ -151,8 +153,7 @@
+ *out++ = '=';
+ }
+
+- if (olen < outmax)
+- *out = '\0';
++ *out = '\0';
+
+ return SASL_OK;
+ }
Propchange: cyrus-sasl-2.1/branches/etch/debian/patches/0021_CVE-2009-0688-fix.dpatch
------------------------------------------------------------------------------
svn:executable = *
Modified: cyrus-sasl-2.1/branches/etch/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-cyrus-sasl2/cyrus-sasl-2.1/branches/etch/debian/patches/00list?rev=487&op=diff
==============================================================================
--- cyrus-sasl-2.1/branches/etch/debian/patches/00list (original)
+++ cyrus-sasl-2.1/branches/etch/debian/patches/00list Wed May 27 17:25:53 2009
@@ -13,3 +13,4 @@
0013_fix_hurd_build
0014_avoid_pic_overwrite
0015_saslutil_decode64_fix
+0021_CVE-2009-0688-fix
More information about the Pkg-cyrus-sasl2-commits
mailing list