From: Peter Marko <[email protected]> Take patch from Debian from https://salsa.debian.org/lts-team/packages/uw-imap/-/commit/873b07f46ce40f43bca10ec85fe63a7a0b934294
Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 9f7c1e6bd101494c6cc5dad16a7fa65a13cbac70) Adapted to Kirkstone. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../uw-imap/uw-imap/CVE-2018-19518.patch | 24 +++++++++++++++++++ .../recipes-devtools/uw-imap/uw-imap_2007f.bb | 1 + 2 files changed, 25 insertions(+) create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch new file mode 100644 index 0000000000..d942a752b3 --- /dev/null +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch @@ -0,0 +1,24 @@ +uw-imap (8:2007f~dfsg-6) unstable; urgency=medium + + * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP + mailboxes through running imapd over rsh, and therefore ssh (Closes: + #914632). Code using the library can enable it with tcp_parameters() + after making sure that the IMAP server name is sanitized. + + -- Magnus Holmgren <[email protected]> Tue, 26 Feb 2019 23:35:43 +0100 + +CVE: CVE-2018-19518 +Upstream-Status: Inactive-Upstream [lastrelease: 2007] +Signed-off-by: Peter Marko <[email protected]> + +--- a/src/osdep/unix/Makefile ++++ b/src/osdep/unix/Makefile +@@ -988,7 +988,7 @@ onceenv: + -DMD5ENABLE=\"$(MD5PWD)\" -DMAILSPOOL=\"$(MAILSPOOL)\" \ + -DANONYMOUSHOME=\"$(MAILSPOOL)/anonymous\" \ + -DACTIVEFILE=\"$(ACTIVEFILE)\" -DNEWSSPOOL=\"$(NEWSSPOOL)\" \ +- -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" \ ++ -DLOCKPGM=\"$(LOCKPGM)\" \ + -DLOCKPGM1=\"$(LOCKPGM1)\" -DLOCKPGM2=\"$(LOCKPGM2)\" \ + -DLOCKPGM3=\"$(LOCKPGM3)\" > OSCFLAGS + echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb index df90b629a9..de614716cf 100644 --- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb +++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb @@ -11,6 +11,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \ file://imap-2007e-shared.patch \ file://imap-2007f-format-security.patch \ file://0001-Support-OpenSSL-1.1.patch \ + file://CVE-2018-19518.patch \ " SRC_URI[md5sum] = "2126fd125ea26b73b20f01fcd5940369"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121712): https://lists.openembedded.org/g/openembedded-devel/message/121712 Mute This Topic: https://lists.openembedded.org/mt/116297693/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
