Bug 18968 - cyrus-sasl-1.5.24 is not the "real" 1.5.24
cyrus-sasl-1.5.24 is not the "real" 1.5.24
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: cyrus-sasl (Show other bugs)
7.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-12 12:02 EDT by heckmann
Modified: 2007-03-26 23:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-10-25 18:34:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description heckmann 2000-10-12 12:02:28 EDT
NOTE: This is a cyrus-sasl bug, but it is not in the component list, I
think Nalin should get this report

I seems that there have been silent upgrades and what not to cyrus-sasl so
that there are many version 1.5.24's floating around. Quoting Kurt D.
Zeilenga from openldap:

"Sounds like you might be suffering from a nasty (and dangerous) Cyrus SASL
bug.  Make sure you have Cyrus SASL 1.5.24 installed as currently available
from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail.                Do not install
versions from any other source as there appears
to                                                                be
multiple versions labeled 1.5.24 floating about (due to a
silent                                                                
upgrade) and only the version in the official FTP site is known
not                                                                 to
contain the bug."

A diff of the 1.5.24 tarball from the 7.0 src.rpm and the "official" 1.5.24
reveals the following:

diff -uNr rh/cyrus-sasl-1.5.24/lib/server.c
cyrus/cyrus-sasl-1.5.24/lib/server.c
--- rh/cyrus-sasl-1.5.24/lib/server.c   Mon Jul 10 14:54:45 2000
+++ cyrus/cyrus-sasl-1.5.24/lib/server.c        Sun Aug 13 22:04:42 2000
@@ -895,7 +895,7 @@
        s_conn->base.oparams.user = (char *) canonuser;
     }
 
-    return SASL_OK;
+    return ret;
 }
 
This should be verified to find out if this is a serious bug or not.
Comment 1 Nalin Dahyabhai 2000-10-25 16:57:39 EDT
Looks like you're right.  Refetching the tarball gives me a file that's 58 bytes
larger than the one I had.  Will be updated in 1.5.24-11 and -12.  Thanks *very*
much for the heads-up!
Comment 2 Nalin Dahyabhai 2000-10-25 18:34:23 EDT
I've put an updated cyrus-sasl-1.5.24 into the pipeline for release as a
security errata.

Note You need to log in before you can comment on or make changes to this bug.