diff options
| author | salo <salo> | 2007-04-03 16:58:21 +0000 |
|---|---|---|
| committer | salo <salo> | 2007-04-03 16:58:21 +0000 |
| commit | 926923703e06b0b524744ac6b737a048524d6655 (patch) | |
| tree | 59405e793e00ebb1b72136fccd5a04f55aed622c | |
| parent | bedc4b75870f972c34585bdeb3eba4c9cf159e18 (diff) | |
| download | pkgsrc-926923703e06b0b524744ac6b737a048524d6655.tar.gz | |
Pullup ticket 2061 - requested by ghen
security fix for dovecot
Updated via patch provided by the submitter.
http://dovecot.org/list/dovecot-cvs/2007-March/008488.html
| -rw-r--r-- | mail/dovecot/Makefile | 3 | ||||
| -rw-r--r-- | mail/dovecot/distinfo | 3 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-ad | 31 |
3 files changed, 35 insertions, 2 deletions
diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile index 64f3967ee30..c660955814e 100644 --- a/mail/dovecot/Makefile +++ b/mail/dovecot/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.76 2006/12/15 17:35:20 joerg Exp $ +# $NetBSD: Makefile,v 1.76.2.1 2007/04/03 16:58:21 salo Exp $ DISTNAME= dovecot-1.0.rc15 PKGNAME= ${DISTNAME:S/.rc/rc/} +PKGREVISION= 1 CATEGORIES= mail MASTER_SITES= http://www.dovecot.org/releases/ diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo index 45522d18cbe..063cf965eab 100644 --- a/mail/dovecot/distinfo +++ b/mail/dovecot/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.48 2006/11/19 10:36:34 ghen Exp $ +$NetBSD: distinfo,v 1.48.2.1 2007/04/03 16:58:21 salo Exp $ SHA1 (dovecot-1.0.rc15.tar.gz) = 9b618d0c1562aa64bd1e055ffa9fe5f2412514af RMD160 (dovecot-1.0.rc15.tar.gz) = 904ef7d1f0fbfe8055f13d9036f7107f498b522e Size (dovecot-1.0.rc15.tar.gz) = 1463069 bytes SHA1 (patch-aa) = 6258057d49add91f06d4dd51ded72e42f6774354 SHA1 (patch-ab) = 7a6441459bcf6d291d9fef7d99f46e825283f673 +SHA1 (patch-ad) = 91c8246f73c8858ac032c364385a1a348b09b5c7 SHA1 (patch-ag) = bd180441a0983ceccc898024370a3bdefdc11b1f diff --git a/mail/dovecot/patches/patch-ad b/mail/dovecot/patches/patch-ad new file mode 100644 index 00000000000..59dddfd5166 --- /dev/null +++ b/mail/dovecot/patches/patch-ad @@ -0,0 +1,31 @@ +$NetBSD: patch-ad,v 1.4.6.1 2007/04/03 16:58:21 salo Exp $ + +Security fix taken from dovecot-1.0rc29: +http://www.dovecot.org/list/dovecot-news/2007-March/000038.html + +--- src/lib-storage/index/mbox/mbox-storage.c.orig 2007-04-01 13:32:47.000000000 +0200 ++++ src/lib-storage/index/mbox/mbox-storage.c +@@ -706,6 +706,11 @@ mbox_mailbox_open(struct mail_storage *_ + + mail_storage_clear_error(_storage); + ++ if (!mbox_is_valid_existing_name(_storage, name)) { ++ mail_storage_set_error(_storage, "Invalid mailbox name"); ++ return NULL; ++ } ++ + if (input != NULL) + return mbox_mailbox_open_stream(storage, name, input, flags); + +@@ -716,11 +721,6 @@ mbox_mailbox_open(struct mail_storage *_ + return mbox_open(storage, "INBOX", flags); + } + +- if (!mbox_is_valid_existing_name(_storage, name)) { +- mail_storage_set_error(_storage, "Invalid mailbox name"); +- return NULL; +- } +- + path = mbox_get_path(istorage, name); + if (stat(path, &st) == 0) { + if (S_ISDIR(st.st_mode)) { |