Security: Fix possible single byte overflow in mailbox handling code.
Security: Fix possible single byte overflows in the imapd annotate
extension.
Security: Fix stack buffer overflows in fetchnews (exploitable by
peer news server), backend (exploitable by admin), and in
imapd (exploitable by users though only on platforms where
a filename may be larger than a mailbox name).
* Change ACLs correctly when renaming a user
* Do not abandon std{in,out,err} file descriptors; syslog assumes it
can use stderr if syslogd isn't running.
* Clean up imap magic plus to avoid buffer overrun (CAN-2004-1011)
* Fix lack of bounds checking in PARTIAL and FETCH (CAN-2004-1012,
CAN-2004-1013)
* Do not attempt to reuse a freed connection in lmtpproxyd.
* Allow login without authentication with -N switch in proxyd.
* Fix use of xrealloc and fold pointers in lmtpengine.
- Fix build problem with WITH_SNMP_5 on FreeBSD 4.X with
perl5.8 installed. Though we need 5.8's libperl.so,
/usr/lib/libperl.so was linked. [1]
Reported by: Thomas Vogt <tv@solnet.ch> [1]
Since there are some issue to upgrading from 2.2.0-ALPHA,
you should read /usr/local/share/doc/cyrus-imapd22/install-upgrade.html
before upgrading your server.
The release has two security fixes:
- Fixed some potential buffer overflows in the sieve code
- Fixed a pre-login buffer overflow in the IMAP parsing code
Approved by: portmgr
- IPv6 patch was updated to 20010709 version.
(Now, reconfig by SIGHUP should work. However, since master is
running without root privilege, re-bind to privileged port still
fails. I believe it is original problem.)
security/cyrus-sasl port. Fix deliver.c so it uses the correct location
of sendmail (/usr/sbin/sendmail vs. /usr/lib/sendmail). Open the port up
to the world after previous maintainer showed no interest in the port for
nearly 2 years.
PR: 22791, 22465
Submitted by: Martti Kuparinen <martti.kuparinen@piuha.net>
Scot W. Hetzel <hetzels@westbend.net>
