pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/dovecot Fix a possible security hole with LDAP au...
details: https://anonhg.NetBSD.org/pkgsrc/rev/30188d99ec9e
branches: trunk
changeset: 536801:30188d99ec9e
user: ghen <ghen%pkgsrc.org@localhost>
date: Sat Dec 22 23:12:04 2007 +0000
description:
Fix a possible security hole with LDAP authentication and variables in the LDAP
search base, see http://www.dovecot.org/list/dovecot-news/2007-December/000057.html
diffstat:
mail/dovecot/Makefile | 3 ++-
mail/dovecot/distinfo | 3 ++-
mail/dovecot/patches/patch-al | 33 +++++++++++++++++++++++++++++++++
3 files changed, 37 insertions(+), 2 deletions(-)
diffs (63 lines):
diff -r f7a60034bf4f -r 30188d99ec9e mail/dovecot/Makefile
--- a/mail/dovecot/Makefile Sat Dec 22 23:07:37 2007 +0000
+++ b/mail/dovecot/Makefile Sat Dec 22 23:12:04 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.108 2007/12/12 13:15:48 ghen Exp $
+# $NetBSD: Makefile,v 1.109 2007/12/22 23:12:04 ghen Exp $
DISTNAME= dovecot-1.0.9
+PKGREVISION= 1
CATEGORIES= mail
MASTER_SITES= http://www.dovecot.org/releases/1.0/
diff -r f7a60034bf4f -r 30188d99ec9e mail/dovecot/distinfo
--- a/mail/dovecot/distinfo Sat Dec 22 23:07:37 2007 +0000
+++ b/mail/dovecot/distinfo Sat Dec 22 23:12:04 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.75 2007/12/12 13:15:49 ghen Exp $
+$NetBSD: distinfo,v 1.76 2007/12/22 23:12:04 ghen Exp $
SHA1 (dovecot-1.0.9.tar.gz) = 87d89ff79d967c95ab8e59a1c1b3f710caffc290
RMD160 (dovecot-1.0.9.tar.gz) = 535cf4c9672c8e44e751f5ffad911440707fc7d4
@@ -7,3 +7,4 @@
SHA1 (patch-ab) = 5d45a1617dd5ee7ce07fe89b526a6fb273057bb5
SHA1 (patch-ac) = 377da4719b5dca91a0b2fa7b3e11170cd2ea8d59
SHA1 (patch-ag) = bd180441a0983ceccc898024370a3bdefdc11b1f
+SHA1 (patch-al) = 1a6151b7952360e2625a634ff3cbb30e09ef87c6
diff -r f7a60034bf4f -r 30188d99ec9e mail/dovecot/patches/patch-al
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/dovecot/patches/patch-al Sat Dec 22 23:12:04 2007 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-al,v 1.1 2007/12/22 23:12:04 ghen Exp $
+
+If LDAP base contained variables, auth cache should have included
+them in the cache key.
+
+http://www.dovecot.org/list/dovecot-news/2007-December/000057.html
+
+--- src/auth/passdb-ldap.c.orig 2007-12-11 19:52:08.000000000 +0100
++++ src/auth/passdb-ldap.c
+@@ -519,7 +519,8 @@ passdb_ldap_preinit(struct auth_passdb *
+ conn->set.auth_bind ? "password" : NULL);
+ module->module.cache_key =
+ auth_cache_parse_key(auth_passdb->auth->pool,
+- conn->set.pass_filter);
++ t_strconcat(conn->set.base,
++ conn->set.pass_filter, NULL));
+ module->module.default_pass_scheme = conn->set.default_pass_scheme;
+ return &module->module;
+ }
+$NetBSD: patch-al,v 1.1 2007/12/22 23:12:04 ghen Exp $
+
+--- src/auth/userdb-ldap.c.orig 2007-12-11 19:52:08.000000000 +0100
++++ src/auth/userdb-ldap.c
+@@ -231,7 +231,8 @@ userdb_ldap_preinit(struct auth_userdb *
+ conn->user_attr_map, default_attr_map, NULL);
+ module->module.cache_key =
+ auth_cache_parse_key(auth_userdb->auth->pool,
+- conn->set.user_filter);
++ t_strconcat(conn->set.base,
++ conn->set.user_filter, NULL));
+ return &module->module;
+ }
+
Home |
Main Index |
Thread Index |
Old Index