#1 import cyrus-sasl-2.1.27-6.el8_5
Closed 2 years ago by carlwgeorge. Opened 2 years ago by sbonazzo.
rpms/ sbonazzo/cyrus-sasl c8s  into  c8s

@@ -0,0 +1,82 @@ 

+ From 37f2e0f0658d78a1496dc277f402f8b577ce6aae Mon Sep 17 00:00:00 2001

+ From: Klaus Espenlaub <klaus@espenlaub.com>

+ Date: Tue, 8 Feb 2022 20:34:40 +0000

+ Subject: [PATCH] CVE-2022-24407 Escape password for SQL insert/update

+  commands.

+ 

+ Signed-off-by: Klaus Espenlaub <klaus@espenlaub.com>

+ ---

+  plugins/sql.c | 26 +++++++++++++++++++++++---

+  1 file changed, 23 insertions(+), 3 deletions(-)

+ 

+ diff --git a/plugins/sql.c b/plugins/sql.c

+ index 31b54a78..6ac81c2f 100644

+ --- a/plugins/sql.c

+ +++ b/plugins/sql.c

+ @@ -1151,6 +1151,7 @@ static int sql_auxprop_store(void *glob_context,

+      char *statement = NULL;

+      char *escap_userid = NULL;

+      char *escap_realm = NULL;

+ +    char *escap_passwd = NULL;

+      const char *cmd;

+      

+      sql_settings_t *settings;

+ @@ -1222,6 +1223,11 @@ static int sql_auxprop_store(void *glob_context,

+  			    "Unable to begin transaction\n");

+      }

+      for (cur = to_store; ret == SASL_OK && cur->name; cur++) {

+ +	/* Free the buffer, current content is from previous loop. */

+ +	if (escap_passwd) {

+ +	    sparams->utils->free(escap_passwd);

+ +	    escap_passwd = NULL;

+ +	}

+  

+  	if (cur->name[0] == '*') {

+  	    continue;

+ @@ -1243,19 +1249,32 @@ static int sql_auxprop_store(void *glob_context,

+  	}

+  	sparams->utils->free(statement);

+  

+ +	if (cur->values[0]) {

+ +	    escap_passwd = (char *)sparams->utils->malloc(strlen(cur->values[0])*2+1);

+ +	    if (!escap_passwd) {

+ +		ret = SASL_NOMEM;

+ +		break;

+ +	    }

+ +	    settings->sql_engine->sql_escape_str(escap_passwd, cur->values[0]);

+ +	}

+ +

+  	/* create a statement that we will use */

+  	statement = sql_create_statement(cmd, cur->name, escap_userid,

+  					 escap_realm,

+ -					 cur->values && cur->values[0] ?

+ -					 cur->values[0] : SQL_NULL_VALUE,

+ +					 escap_passwd ?

+ +					 escap_passwd : SQL_NULL_VALUE,

+  					 sparams->utils);

+ +	if (!statement) {

+ +	    ret = SASL_NOMEM;

+ +	    break;

+ +	}

+  	

+  	{

+  	    char *log_statement =

+  		sql_create_statement(cmd, cur->name,

+  				     escap_userid,

+  				     escap_realm,

+ -				     cur->values && cur->values[0] ?

+ +				     escap_passwd ?

+  				     "<omitted>" : SQL_NULL_VALUE,

+  				     sparams->utils);

+  	    sparams->utils->log(sparams->utils->conn, SASL_LOG_DEBUG,

+ @@ -1288,6 +1307,7 @@ static int sql_auxprop_store(void *glob_context,

+    done:

+      if (escap_userid) sparams->utils->free(escap_userid);

+      if (escap_realm) sparams->utils->free(escap_realm);

+ +    if (escap_passwd) sparams->utils->free(escap_passwd);

+      if (conn) settings->sql_engine->sql_close(conn);

+      if (userid) sparams->utils->free(userid);

+      if (realm) sparams->utils->free(realm);

+ -- 

+ 2.25.1

+ 

file modified
+8 -1
@@ -8,7 +8,7 @@ 

  Summary: The Cyrus SASL library

  Name: cyrus-sasl

  Version: 2.1.27

- Release: 5%{?dist}

+ Release: 6%{?dist}

  License: BSD with advertising

  Group: System Environment/Libraries

  # Source0 originally comes from https://www.cyrusimap.org/releases/;
@@ -36,6 +36,8 @@ 

  Patch833: cyrus-sasl-2.1.27-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO.patch

  Patch834: cyrus-sasl-2.1.27-Emit-debug-log-only-in-case-of-errors.patch

  

+ Patch900: 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch

+ 

  Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

  BuildRequires: autoconf, automake, libtool, gdbm-devel, groff

  BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
@@ -173,6 +175,7 @@ 

  %patch832 -p1 -b .gssapi_cbs

  %patch833 -p1 -b .maxssf0

  %patch834 -p1 -b .nolog

+ %patch900 -p1 -b .CVE-2022-24407

  

  %build

  # reconfigure
@@ -406,6 +409,10 @@ 

  %{_sbindir}/sasl2-shared-mechlist

  

  %changelog

+ * Thu Feb 17 2022 Simo Sorce <simo@redhat.com> - 2.1.27-6

+ - Fix for CVE-2022-24407

+ - Resolves: rhbz#2055846

+ 

  * Tue May  5 2020 Simo Sorce <simo@redhat.com> - 2.1.27-5

  - Reduce excessive GSSAPI plugin logging

  - Resolves: rhbz#1274734

Thanks but it's unnecessary, we can build from the c8 branch and tag it for the c8s compose.

Pull-Request has been closed by carlwgeorge

2 years ago