pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/dovecot2 Add fix for CVE-2015-3420.
details: https://anonhg.NetBSD.org/pkgsrc/rev/f595898167a7
branches: trunk
changeset: 651731:f595898167a7
user: taca <taca%pkgsrc.org@localhost>
date: Sun May 10 07:33:49 2015 +0000
description:
Add fix for CVE-2015-3420.
Bump PKGREVISION.
diffstat:
mail/dovecot2/Makefile | 4 +-
mail/dovecot2/distinfo | 3 +-
mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c | 55 ++++++++++
3 files changed, 59 insertions(+), 3 deletions(-)
diffs (91 lines):
diff -r 2eb950a508d3 -r f595898167a7 mail/dovecot2/Makefile
--- a/mail/dovecot2/Makefile Sun May 10 04:36:15 2015 +0000
+++ b/mail/dovecot2/Makefile Sun May 10 07:33:49 2015 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.74 2015/04/23 09:27:31 jperkin Exp $
+# $NetBSD: Makefile,v 1.75 2015/05/10 07:33:49 taca Exp $
#
# when updating to a new release, update ABI depends in
# the buildlink3.mk file as well, since the plugins' version
# must match (see PR 49563).
DISTNAME= dovecot-2.2.16
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= mail
MASTER_SITES= http://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
diff -r 2eb950a508d3 -r f595898167a7 mail/dovecot2/distinfo
--- a/mail/dovecot2/distinfo Sun May 10 04:36:15 2015 +0000
+++ b/mail/dovecot2/distinfo Sun May 10 07:33:49 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.53 2015/03/15 09:19:23 tron Exp $
+$NetBSD: distinfo,v 1.54 2015/05/10 07:33:49 taca Exp $
SHA1 (dovecot-2.2.16.tar.gz) = 7b267ee939b790ee42809efebc96d6ae78a49432
RMD160 (dovecot-2.2.16.tar.gz) = 79768b2077137d255a3cfbc492de6d979e594e31
@@ -7,4 +7,5 @@
SHA1 (patch-ab) = d637a64feec8e4eafacda149cf0193aa1b70a054
SHA1 (patch-ae) = 51d8cb998cc2ded8bfc767710e465b752c50e656
SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498
+SHA1 (patch-src_login-common_ssl-proxy-openssl.c) = ae2929851b36a0ac230cbad602851d6d021f0e71
SHA1 (patch-src_stats_mail-stats.h) = 90645c2aab956a0119630da4b71905db704bffda
diff -r 2eb950a508d3 -r f595898167a7 mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c Sun May 10 07:33:49 2015 +0000
@@ -0,0 +1,55 @@
+$NetBSD: patch-src_login-common_ssl-proxy-openssl.c,v 1.1 2015/05/10 07:33:49 taca Exp $
+
+* Fix CVE-2015-3420 from revision 86f535375750 of dovecot-2.2.
+
+--- src/login-common/ssl-proxy-openssl.c.orig 2015-01-29 16:01:15.000000000 +0000
++++ src/login-common/ssl-proxy-openssl.c
+@@ -80,6 +80,7 @@ struct ssl_proxy {
+ unsigned int cert_broken:1;
+ unsigned int client_proxy:1;
+ unsigned int flushing:1;
++ unsigned int failed:1;
+ };
+
+ struct ssl_parameters {
+@@ -131,6 +132,12 @@ static void ssl_proxy_ctx_set_crypto_par
+ static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
+ #endif
+
++static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
++{
++ proxy->failed = TRUE;
++ ssl_proxy_destroy(proxy);
++}
++
+ static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
+ {
+ unsigned int i, g, h = 0;
+@@ -462,7 +469,7 @@ static void ssl_handle_error(struct ssl_
+
+ if (errstr != NULL) {
+ proxy->last_error = i_strdup(errstr);
+- ssl_proxy_destroy(proxy);
++ ssl_proxy_destroy_failed(proxy);
+ }
+ ssl_proxy_unref(proxy);
+ }
+@@ -492,7 +499,7 @@ static void ssl_handshake(struct ssl_pro
+
+ if (proxy->handshake_callback != NULL) {
+ if (proxy->handshake_callback(proxy->handshake_context) < 0)
+- ssl_proxy_destroy(proxy);
++ ssl_proxy_destroy_failed(proxy);
+ }
+ }
+
+@@ -822,7 +829,8 @@ void ssl_proxy_destroy(struct ssl_proxy
+ if (proxy->destroyed || proxy->flushing)
+ return;
+ proxy->flushing = TRUE;
+- ssl_proxy_flush(proxy);
++ if (!proxy->failed && proxy->handshaked)
++ ssl_proxy_flush(proxy);
+ proxy->destroyed = TRUE;
+
+ ssl_proxy_count--;
Home |
Main Index |
Thread Index |
Old Index