daftaupe/opt
1
0
Fork 0
forked from ports/opt
Code Pull Requests Activity

[notify] dovecot: update to 2.3.0.1, closes FS#1599

Browse Source 
security fix, see
https://dovecot.org/list/dovecot-news/2018-February/000371.html
This commit is contained in:
Juergen Daubert 2018-03-01 09:57:59 +01:00
parent 51cb8df9a8
commit b927b2f2d7
5 changed files with 7 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dovecot/.md5sum
View File

@ -1,5 +1,3 @@
a1a5efc13766e3b2d0a154e9716f0f7a CVE-2017-15132-1.patch
f043e0bb2773cd38f74ada8c164524a6 CVE-2017-15132.patch
ec342928dd97131f82dba41546741b5f dovecot
a8802617ddf68972f5f97bd8677e5856 dovecot-2.3.0.tar.gz
865d6ad94c98ac3289fa06a77b1c014e dovecot-2.3.0.1.tar.gz
1cc42484b5515bddf47edcf26b288b6b dovecot-config.patch

8
dovecot/.signature
View File

@ -1,9 +1,7 @@
untrusted comment: verify with /etc/ports/opt.pub
RWSE3ohX2g5d/SkROei+JVsseDKn6SIUNsjxW4JVhAKiDa6r4HZW5ka8HbQjpy6OBAAyHGpg/+/NM5m9pchHJcjlYyFH2k1VXQs=
SHA256 (Pkgfile) = f325affa0506d8e0a7f7ac40e81503af99fa2ee54a3a8c38a76205de6e8e396b
RWSE3ohX2g5d/d5N12tWoNTQhb7I2Fr15CI5nf6EiZ2gY+6Rhbz6ryRonaZ1C0T02UcuQeVDNq4sOW7xEVNd5IwW2K3Msih3vQE=
SHA256 (Pkgfile) = 4d2c31432a6ab2b7a42ea598e913f45ee22ddc15d7f1ba53d95ccf30896c884b
SHA256 (.footprint) = d464c6eb14ad58ab166c901d6c1a6f66a010f3e934f3b1645a9cd20d24663b4b
SHA256 (dovecot-2.3.0.tar.gz) = de60cb470d025e4dd0f8e8fbbb4b9316dfd4930eb949d307330669ffbeaf8581
SHA256 (CVE-2017-15132.patch) = ddbfdb187e1e763aa10364e57ed82bd37d264d66ed01559a7dbdeccb9f41e91f
SHA256 (CVE-2017-15132-1.patch) = 480980136322c3361ab334346218504397668df49d66afef0bca70b7e4d40fae
SHA256 (dovecot-2.3.0.1.tar.gz) = ab772b3e214683aba347203c9391295552255c4d69afb324c7b8c8fc5ad6f153
SHA256 (dovecot-config.patch) = a6f09e637f1ac15368d2d18736dc353e4a188959c5940dedd5306b689156e91c
SHA256 (dovecot) = ead06d36290cca8be6be350f2c05edf53a4e9ce8aec5d5d663b1162ae96c17c7

57
dovecot/CVE-2017-15132-1.patch
View File

@ -1,57 +0,0 @@
From a9b135760aea6d1790d447d351c56b78889dac22 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Fri, 26 Jan 2018 10:55:54 +0200
Subject: [PATCH] lib-auth: Remove request after abort
Otherwise the request will still stay in hash table
and get dereferenced when all requests are aborted
causing an attempt to access free'd memory.
Found by Apollon Oikonomopoulos <apoikos@debian.org>
Broken in 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060
---
src/lib-auth/auth-client-request.c | 2 ++
src/lib-auth/auth-server-connection.c | 7 +++++++
src/lib-auth/auth-server-connection.h | 2 ++
3 files changed, 11 insertions(+)
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 046f7c307d..f6d0290a13 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request)
auth_client_send_cancel(request->conn->client, request->id);
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+ /* remove the request */
+ auth_server_connection_remove_request(request->conn, request->id);
pool_unref(&request->pool);
}
diff --git a/src/lib-auth/auth-server-connection.c b/src/lib-auth/auth-server-connection.c
index 9d65450fb3..7eea061cad 100644
--- a/src/lib-auth/auth-server-connection.c
+++ b/src/lib-auth/auth-server-connection.c
@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,
hash_table_insert(conn->requests, POINTER_CAST(id), request);
return id;
}
+
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
+ unsigned int id)
+{
+ i_assert(conn->handshake_received);
+ hash_table_remove(conn->requests, POINTER_CAST(id));
+}
diff --git a/src/lib-auth/auth-server-connection.h b/src/lib-auth/auth-server-connection.h
index 179b5dbd4c..c2c533a41d 100644
--- a/src/lib-auth/auth-server-connection.h
+++ b/src/lib-auth/auth-server-connection.h
@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,
unsigned int
auth_server_connection_add_request(struct auth_server_connection *conn,
struct auth_client_request *request);
+void auth_server_connection_remove_request(struct auth_server_connection *conn,
+ unsigned int id);
#endif

28
dovecot/CVE-2017-15132.patch
View File

@ -1,28 +0,0 @@
From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Mon, 18 Dec 2017 16:50:51 +0200
Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort()
This caused memory leaks when authentication was aborted. For example
with IMAP:
a AUTHENTICATE PLAIN
*
Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021
---
src/lib-auth/auth-client-request.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 480fb42b30..046f7c307d 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request)
auth_client_send_cancel(request->conn->client, request->id);
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+ pool_unref(&request->pool);
}
unsigned int auth_client_request_get_id(struct auth_client_request *request)

11
dovecot/Pkgfile
View File

@ -4,18 +4,13 @@
# Depends on: zlib bzip2 openssl libcap
name=dovecot
version=2.3.0
release=3
version=2.3.0.1
release=1
source=(https://dovecot.org/releases/2.3/$name-$version.tar.gz
CVE-2017-15132.patch CVE-2017-15132-1.patch
dovecot-config.patch dovecot)
build () {
cd $name-ce-$version
patch -p1 -i $SRC/CVE-2017-15132.patch
patch -p1 -i $SRC/CVE-2017-15132-1.patch
patch -p1 -i $SRC/$name-config.patch
cd $name-$version
./configure --prefix=/usr \
--libexecdir=/usr/lib \