diff options
| author | ghen <ghen@pkgsrc.org> | 2007-12-22 23:12:04 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2007-12-22 23:12:04 +0000 |
| commit | 05cbfc4159adb3016bdfc3addfa5829e8956840a (patch) | |
| tree | 1d38f5c55c9edd6cf5bd16a33903d862d1c9e0dc /mail/dovecot | |
| parent | a4968182b868b8029944c9a3d1545457eb2bfcbf (diff) | |
| download | pkgsrc-05cbfc4159adb3016bdfc3addfa5829e8956840a.tar.gz | |
Fix a possible security hole with LDAP authentication and variables in the LDAP
search base, see http://www.dovecot.org/list/dovecot-news/2007-December/000057.html
Diffstat (limited to 'mail/dovecot')
| -rw-r--r-- | mail/dovecot/Makefile | 3 | ||||
| -rw-r--r-- | mail/dovecot/distinfo | 3 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-al | 33 |
3 files changed, 37 insertions, 2 deletions
diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile index 04ef6b544c8..d4096bd401e 100644 --- a/mail/dovecot/Makefile +++ b/mail/dovecot/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.108 2007/12/12 13:15:48 ghen Exp $ +# $NetBSD: Makefile,v 1.109 2007/12/22 23:12:04 ghen Exp $ DISTNAME= dovecot-1.0.9 +PKGREVISION= 1 CATEGORIES= mail MASTER_SITES= http://www.dovecot.org/releases/1.0/ diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo index 3a8bb10d927..b033795e346 100644 --- a/mail/dovecot/distinfo +++ b/mail/dovecot/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.75 2007/12/12 13:15:49 ghen Exp $ +$NetBSD: distinfo,v 1.76 2007/12/22 23:12:04 ghen Exp $ SHA1 (dovecot-1.0.9.tar.gz) = 87d89ff79d967c95ab8e59a1c1b3f710caffc290 RMD160 (dovecot-1.0.9.tar.gz) = 535cf4c9672c8e44e751f5ffad911440707fc7d4 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 6258057d49add91f06d4dd51ded72e42f6774354 SHA1 (patch-ab) = 5d45a1617dd5ee7ce07fe89b526a6fb273057bb5 SHA1 (patch-ac) = 377da4719b5dca91a0b2fa7b3e11170cd2ea8d59 SHA1 (patch-ag) = bd180441a0983ceccc898024370a3bdefdc11b1f +SHA1 (patch-al) = 1a6151b7952360e2625a634ff3cbb30e09ef87c6 diff --git a/mail/dovecot/patches/patch-al b/mail/dovecot/patches/patch-al new file mode 100644 index 00000000000..c59283589cb --- /dev/null +++ b/mail/dovecot/patches/patch-al @@ -0,0 +1,33 @@ +$NetBSD: patch-al,v 1.1 2007/12/22 23:12:04 ghen Exp $ + +If LDAP base contained variables, auth cache should have included +them in the cache key. + +http://www.dovecot.org/list/dovecot-news/2007-December/000057.html + +--- src/auth/passdb-ldap.c.orig 2007-12-11 19:52:08.000000000 +0100 ++++ src/auth/passdb-ldap.c +@@ -519,7 +519,8 @@ passdb_ldap_preinit(struct auth_passdb * + conn->set.auth_bind ? "password" : NULL); + module->module.cache_key = + auth_cache_parse_key(auth_passdb->auth->pool, +- conn->set.pass_filter); ++ t_strconcat(conn->set.base, ++ conn->set.pass_filter, NULL)); + module->module.default_pass_scheme = conn->set.default_pass_scheme; + return &module->module; + } +$NetBSD: patch-al,v 1.1 2007/12/22 23:12:04 ghen Exp $ + +--- src/auth/userdb-ldap.c.orig 2007-12-11 19:52:08.000000000 +0100 ++++ src/auth/userdb-ldap.c +@@ -231,7 +231,8 @@ userdb_ldap_preinit(struct auth_userdb * + conn->user_attr_map, default_attr_map, NULL); + module->module.cache_key = + auth_cache_parse_key(auth_userdb->auth->pool, +- conn->set.user_filter); ++ t_strconcat(conn->set.base, ++ conn->set.user_filter, NULL)); + return &module->module; + } + |