From: Peter Marko <[email protected]> Take patch from Debian from https://salsa.debian.org/lts-team/packages/uw-imap/-/commit/873b07f46ce40f43bca10ec85fe63a7a0b934294
Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 9f7c1e6bd101494c6cc5dad16a7fa65a13cbac70) Signed-off-by: Anil Dongare <[email protected]> --- .../uw-imap/uw-imap/CVE-2018-19518.patch | 24 +++++++++++++++++++ .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 + 2 files changed, 25 insertions(+) create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch new file mode 100644 index 0000000000..d942a752b3 --- /dev/null +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch @@ -0,0 +1,24 @@ +uw-imap (8:2007f~dfsg-6) unstable; urgency=medium + + * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP + mailboxes through running imapd over rsh, and therefore ssh (Closes: + #914632). Code using the library can enable it with tcp_parameters() + after making sure that the IMAP server name is sanitized. + + -- Magnus Holmgren <[email protected]> Tue, 26 Feb 2019 23:35:43 +0100 + +CVE: CVE-2018-19518 +Upstream-Status: Inactive-Upstream [lastrelease: 2007] +Signed-off-by: Peter Marko <[email protected]> + +--- a/src/osdep/unix/Makefile ++++ b/src/osdep/unix/Makefile +@@ -988,7 +988,7 @@ onceenv: + -DMD5ENABLE=\"$(MD5PWD)\" -DMAILSPOOL=\"$(MAILSPOOL)\" \ + -DANONYMOUSHOME=\"$(MAILSPOOL)/anonymous\" \ + -DACTIVEFILE=\"$(ACTIVEFILE)\" -DNEWSSPOOL=\"$(NEWSSPOOL)\" \ +- -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" \ ++ -DLOCKPGM=\"$(LOCKPGM)\" \ + -DLOCKPGM1=\"$(LOCKPGM1)\" -DLOCKPGM2=\"$(LOCKPGM2)\" \ + -DLOCKPGM3=\"$(LOCKPGM3)\" > OSCFLAGS + echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index dcb59f4ea0..0fec03524a 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb @@ -15,6 +15,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ file://0001-Do-not-build-mtest.patch \ file://0002-tmail-Include-ctype.h-for-isdigit.patch \ file://0001-Fix-Wincompatible-function-pointer-types.patch \ + file://CVE-2018-19518.patch \ " SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369" -- 2.44.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121963): https://lists.openembedded.org/g/openembedded-devel/message/121963 Mute This Topic: https://lists.openembedded.org/mt/116416020/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
