svn commit: r402745 - in head/mail/cyrus-imapd24: . files
Hajimu UMEMOTO
ume at FreeBSD.org
Tue Dec 1 14:33:33 UTC 2015
Author: ume
Date: Tue Dec 1 14:33:31 2015
New Revision: 402745
URL: https://svnweb.freebsd.org/changeset/ports/402745
Log:
Apply upstream patches to fix CVE-2015-8077 and CVE-2015-8078.
Obtained from: https://cyrus.foundation/cyrus-imapd/patch/?id=745e161c834f1eb6d62fc14477f51dae799e1e08,
https://cyrus.foundation/cyrus-imapd/patch/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2
MFH: 2015Q4
Security: d62ec98e-97d8-11e5-8c0e-080027b00c2e
Added:
head/mail/cyrus-imapd24/files/patch-CVE-2015-8077 (contents, props changed)
head/mail/cyrus-imapd24/files/patch-CVE-2015-8078 (contents, props changed)
Modified:
head/mail/cyrus-imapd24/Makefile
Modified: head/mail/cyrus-imapd24/Makefile
==============================================================================
--- head/mail/cyrus-imapd24/Makefile Tue Dec 1 14:30:48 2015 (r402744)
+++ head/mail/cyrus-imapd24/Makefile Tue Dec 1 14:33:31 2015 (r402745)
@@ -2,7 +2,7 @@
PORTNAME= cyrus-imapd
PORTVERSION= 2.4.18
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= mail ipv6
MASTER_SITES= ftp://ftp.cyrusimap.org/cyrus-imapd/ \
http://cyrusimap.org/releases/
Added: head/mail/cyrus-imapd24/files/patch-CVE-2015-8077
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/mail/cyrus-imapd24/files/patch-CVE-2015-8077 Tue Dec 1 14:33:31 2015 (r402745)
@@ -0,0 +1,40 @@
+From 745e161c834f1eb6d62fc14477f51dae799e1e08 Mon Sep 17 00:00:00 2001
+From: ellie timoney <ellie at fastmail.com>
+Date: Mon, 26 Oct 2015 16:15:40 +1100
+Subject: urlfetch: protect against overflow in range checks
+
+
+--- imap/index.c.orig 2015-07-06 03:38:29 UTC
++++ imap/index.c
+@@ -2712,7 +2712,8 @@ int index_urlfetch(struct index_state *s
+ int fetchmime = 0, domain = DOMAIN_7BIT;
+ unsigned size;
+ int32_t skip = 0;
+- int n, r = 0;
++ unsigned long n;
++ int r = 0;
+ char *decbuf = NULL;
+ struct mailbox *mailbox = state->mailbox;
+ struct index_map *im = &state->map[msgno-1];
+@@ -2849,7 +2850,7 @@ int index_urlfetch(struct index_state *s
+ start_octet = size;
+ n = 0;
+ }
+- else if (start_octet + n > size) {
++ else if (start_octet + n < start_octet || start_octet + n > size) {
+ n = size - start_octet;
+ }
+
+@@ -2861,10 +2862,10 @@ int index_urlfetch(struct index_state *s
+
+ if (domain == DOMAIN_BINARY) {
+ /* Write size of literal8 */
+- prot_printf(pout, " ~{%u}\r\n", n);
++ prot_printf(pout, " ~{%lu}\r\n", n);
+ } else {
+ /* Write size of literal */
+- prot_printf(pout, " {%u}\r\n", n);
++ prot_printf(pout, " {%lu}\r\n", n);
+ }
+ }
+
Added: head/mail/cyrus-imapd24/files/patch-CVE-2015-8078
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/mail/cyrus-imapd24/files/patch-CVE-2015-8078 Tue Dec 1 14:33:31 2015 (r402745)
@@ -0,0 +1,23 @@
+From 6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2 Mon Sep 17 00:00:00 2001
+From: ellie timoney <ellie at fastmail.com>
+Date: Mon, 26 Oct 2015 16:21:01 +1100
+Subject: urlfetch: and the other bit
+
+
+diff --git a/imap/index.c b/imap/index.c
+index f5161cd..da8ce3d 100644
+--- imap/index.c
++++ imap/index.c
+@@ -4244,7 +4244,8 @@ EXPORTED int index_urlfetch(struct index_state *state, uint32_t msgno,
+ size_t section_offset = CACHE_ITEM_BIT32(cacheitem);
+ size_t section_size = CACHE_ITEM_BIT32(cacheitem + CACHE_ITEM_SIZE_SKIP);
+
+- if (section_offset + section_size > size) {
++ if (section_offset + section_size < section_offset
++ || section_offset + section_size > size) {
+ r = IMAP_INTERNAL;
+ goto done;
+ }
+--
+cgit v0.10.2
+
More information about the svn-ports-head
mailing list