rpms/dovecot/F-8 dovecot-1.0.15-cve_2008_4577.patch, NONE, 1.1 dovecot.spec, 1.103, 1.104
Michal Hlavinka
mhlavink at fedoraproject.org
Wed Oct 29 08:00:10 UTC 2008
Author: mhlavink
Update of /cvs/extras/rpms/dovecot/F-8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16472
Modified Files:
dovecot.spec
Added Files:
dovecot-1.0.15-cve_2008_4577.patch
Log Message:
fix handling of negative rights in the ACL plugin (Resolves: CVE-2008-4577)
dovecot-1.0.15-cve_2008_4577.patch:
--- NEW FILE dovecot-1.0.15-cve_2008_4577.patch ---
diff -up dovecot-1.0.15/src/plugins/acl/acl-cache.c.cve_2008_4577 dovecot-1.0.15/src/plugins/acl/acl-cache.c
--- dovecot-1.0.15/src/plugins/acl/acl-cache.c.cve_2008_4577 2008-10-29 08:53:23.872610374 +0100
+++ dovecot-1.0.15/src/plugins/acl/acl-cache.c 2008-10-29 08:53:23.873610244 +0100
@@ -375,10 +375,8 @@ acl_cache_my_current_rights_recalculate(
rights. */
right_size = obj_cache->my_neg_rights[i]->size;
p = buffer_get_space_unsafe(bitmask, 0, right_size);
- for (j = 0; j < right_size; j++) {
- p[j] |=
- obj_cache->my_neg_rights[i]->mask[j];
- }
+ for (j = 0; j < right_size; j++)
+ p[j] &= ~obj_cache->my_neg_rights[i]->mask[j];
}
}
Index: dovecot.spec
===================================================================
RCS file: /cvs/extras/rpms/dovecot/F-8/dovecot.spec,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -r1.103 -r1.104
--- dovecot.spec 14 Aug 2008 09:06:00 -0000 1.103
+++ dovecot.spec 29 Oct 2008 07:59:40 -0000 1.104
@@ -1,7 +1,7 @@
%define upstream 1.0.15
%define sieve_upstream 1.0.3
%define pkg_version 1.0.15
-%define my_release 13
+%define my_release 14
%define pkg_release %{my_release}%{?dist}
%define pkg_sieve_version 1.0.3
%define pkg_sieve_release %{my_release}%{?dist}
@@ -39,6 +39,7 @@
Patch105: dovecot-1.0.rc7-mkcert-paths.patch
Patch106: dovecot-1.0.rc27-quota-warning.patch
Patch107: dovecot-1.0-default-settings-passwd.patch
+Patch108: dovecot-1.0.15-cve_2008_4577.patch
Patch200: dovecot-1.0.rc32-split.patch
# XXX this patch needs review and forward porting
@@ -183,6 +184,7 @@
#%patch107 -p1 -b .unicodedata
%patch106 -p1 -b .quota-warning
%patch107 -p1 -b .passwd
+%patch108 -p1 -b .cve_2008_4577
%patch200 -p1 -b .split
#%patch200 -p1 -b .%{dovecot_hg}
%patch1000 -p1 -b .winbind
@@ -438,6 +440,9 @@
%changelog
+* Wed Oct 29 2008 Michal Hlavinka <mhlavink at redhat.com> - 1:1.0.15-14
+- fix handling of negative rights in the ACL plugin (Resolves: CVE-2008-4577)
+
* Thu Aug 14 2008 Dan Horak <dan[at]danny.cz> - 1:1.0.15-13
- add missing defattr into subpackages
- remove unused patches from CVS
More information about the fedora-extras-commits
mailing list