[pkgsrc/trunk]: pkgsrc/mail/dovecot Fix for CVE-2014-3430.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/mail/dovecot Fix for CVE-2014-3430.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 17:09:58 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/3b9cde2c90c3
branches:  trunk
changeset: 645112:3b9cde2c90c3
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Fri Jan 23 12:17:47 2015 +0000

description:
Fix for CVE-2014-3430.
Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b
adapted to pkgsrc by Edgar Fuß in PR 49599.
Bump PKGREVISION.

regen patch-ab while here

diffstat:

 mail/dovecot/Makefile                                           |   4 +-
 mail/dovecot/distinfo                                           |   9 ++-
 mail/dovecot/patches/patch-ab                                   |  23 +++++----
 mail/dovecot/patches/patch-src_imap-login_client.c              |  16 ++++++
 mail/dovecot/patches/patch-src_login-common_ssl-proxy-openssl.c |  24 ++++++++++
 mail/dovecot/patches/patch-src_login-common_ssl-proxy.c         |  16 ++++++
 mail/dovecot/patches/patch-src_login-common_ssl-proxy.h         |  15 ++++++
 mail/dovecot/patches/patch-src_pop3-login_client.c              |  16 ++++++
 8 files changed, 109 insertions(+), 14 deletions(-)

diffs (232 lines):

diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/Makefile
--- a/mail/dovecot/Makefile     Fri Jan 23 11:28:41 2015 +0000
+++ b/mail/dovecot/Makefile     Fri Jan 23 12:17:47 2015 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.174 2014/10/09 14:06:38 wiz Exp $
+# $NetBSD: Makefile,v 1.175 2015/01/23 12:17:47 wiz Exp $
 
 DOVECOT_VERSION=       1.2
 DOVECOT_SUBVERSION=    .17
 SIEVE_VERSION=         0.1.19
 MANAGESIEVE_VERSION=   0.11.13
 DISTNAME=              dovecot-${DOVECOT_VERSION}${DOVECOT_SUBVERSION}
-PKGREVISION=           14
+PKGREVISION=           15
 CATEGORIES=            mail
 MASTER_SITES=          http://www.dovecot.org/releases/${DOVECOT_VERSION}/
 DOVECOT_SIEVE_SITES=   http://www.rename-it.nl/dovecot/${DOVECOT_VERSION}/
diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/distinfo
--- a/mail/dovecot/distinfo     Fri Jan 23 11:28:41 2015 +0000
+++ b/mail/dovecot/distinfo     Fri Jan 23 12:17:47 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.118 2011/06/09 13:15:35 obache Exp $
+$NetBSD: distinfo,v 1.119 2015/01/23 12:17:47 wiz Exp $
 
 SHA1 (dovecot-1.2-managesieve-0.11.13.tar.gz) = cd5d2149250072aa8079f9db967cfeffc1b57c53
 RMD160 (dovecot-1.2-managesieve-0.11.13.tar.gz) = 9deed0637f1b5942a1b4996a343fed1b23301023
@@ -13,7 +13,12 @@
 RMD160 (dovecot-1.2.17.tar.gz) = 59f619dba2aadef3cccd6ceb045a2e75a11700a2
 Size (dovecot-1.2.17.tar.gz) = 2983431 bytes
 SHA1 (patch-aa) = 447e46268a93201b3ef22491ff0968752978d020
-SHA1 (patch-ab) = e5b5d72f0553da42d14ee05a9ed0faff8a6c7075
+SHA1 (patch-ab) = c4b94708ba99d8ae51898a1a46ef0c0faef92f14
 SHA1 (patch-ac) = 5912392abb79df8e78de6f710c2a83264ee58fe7
 SHA1 (patch-ag) = 7e733d41c0607df64c2c3195b78683689f2143d6
 SHA1 (patch-ah) = a7d02fa3ab1d1a760e05510ebd3cfb07a6652863
+SHA1 (patch-src_imap-login_client.c) = 9385443757ab53499385b099bc65e6aee0b4edbf
+SHA1 (patch-src_login-common_ssl-proxy-openssl.c) = dc965b545681f09a74758033c0665924377ff551
+SHA1 (patch-src_login-common_ssl-proxy.c) = b1cf551a2f68d9acad3e2ce4b768a91683dc6e2f
+SHA1 (patch-src_login-common_ssl-proxy.h) = ec9bfc3eb70cdff8983f17ab05e47bdefece1c63
+SHA1 (patch-src_pop3-login_client.c) = 290427f221d1f8bfae89aef07b61798cdabc29ca
diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/patches/patch-ab
--- a/mail/dovecot/patches/patch-ab     Fri Jan 23 11:28:41 2015 +0000
+++ b/mail/dovecot/patches/patch-ab     Fri Jan 23 12:17:47 2015 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $
+$NetBSD: patch-ab,v 1.30 2015/01/23 12:17:47 wiz Exp $
 
---- dovecot-example.conf.orig  2009-06-01 05:21:42.000000000 +0200
+--- dovecot-example.conf.orig  2010-01-24 23:30:41.000000000 +0000
 +++ dovecot-example.conf
-@@ -12,9 +12,6 @@
+@@ -12,16 +12,13 @@
  # Default values are shown for each setting, it's not required to uncomment
  # those. These are exceptions to this though: No sections (e.g. namespace {})
  # or plugin settings are added by default, they're listed only as examples.
@@ -12,11 +12,14 @@
  
  # Base directory where to store runtime data.
  #base_dir = /var/run/dovecot/
-@@ -23,3 +20,3 @@
+ 
+ # Protocols we want to be serving: imap imaps pop3 pop3s
  # If you only want to use dovecot-auth, you can set this to "none".
 -#protocols = imap imaps
 +protocols = imap pop3
  
+ # A space separated list of IP or host addresses where to listen in for
+ # connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6
 @@ -86,7 +83,7 @@
  #ssl_listen =
  
@@ -74,7 +77,7 @@
  
    # Don't try to set mails non-recent or seen with POP3 sessions. This is
    # mostly intended to reduce disk I/O. With maildir it doesn't move files
-@@ -678,7 +675,7 @@ protocol pop3 {
+@@ -682,7 +679,7 @@ protocol pop3 {
    # Support for dynamically loadable plugins. mail_plugins is a space separated
    # list of plugins to load.
    #mail_plugins = 
@@ -83,7 +86,7 @@
  
    # Workarounds for various client bugs:
    #   outlook-no-nuls:
-@@ -706,7 +703,7 @@ protocol lda {
+@@ -710,7 +707,7 @@ protocol lda {
    # Support for dynamically loadable plugins. mail_plugins is a space separated
    # list of plugins to load.
    #mail_plugins = 
@@ -92,7 +95,7 @@
  
    # If user is over quota, return with temporary failure instead of
    # bouncing the mail.
-@@ -720,7 +717,7 @@ protocol lda {
+@@ -724,7 +721,7 @@ protocol lda {
    #deliver_log_format = msgid=%m: %$
  
    # Binary to use for sending mails.
@@ -101,7 +104,7 @@
  
    # Subject: header to use for rejection mails. You can use the same variables
    # as for rejection_reason below.
-@@ -739,7 +736,7 @@ protocol lda {
+@@ -743,7 +740,7 @@ protocol lda {
  ##
  
  # Executable location
@@ -110,7 +113,7 @@
  
  # Set max. process size in megabytes.
  #auth_process_size = 256
-@@ -869,7 +866,7 @@ auth default {
+@@ -872,7 +869,7 @@ auth default {
    # database (passwd usually), you can use static userdb.
    # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
    # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
@@ -119,7 +122,7 @@
      # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
      # [cache_key=<key>] [<service name>]
      #
-@@ -902,15 +899,15 @@ auth default {
+@@ -905,15 +902,15 @@ auth default {
      #   args = session=yes %Ls
      #   args = cache_key=%u dovecot
      #args = dovecot
diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/patches/patch-src_imap-login_client.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/dovecot/patches/patch-src_imap-login_client.c        Fri Jan 23 12:17:47 2015 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_imap-login_client.c,v 1.1 2015/01/23 12:17:47 wiz Exp $
+
+Fix for CVE-2014-3430.
+Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b
+
+--- src/imap-login/client.c.orig       2010-01-24 23:14:17.000000000 +0000
++++ src/imap-login/client.c
+@@ -557,6 +557,8 @@ void client_destroy(struct imap_client *
+ 
+       client_unlink(&client->common);
+ 
++      if (!client->login_success && client->common.proxy != NULL)
++              ssl_proxy_destroy(client->common.proxy);
+       if (client->common.input != NULL)
+               i_stream_close(client->common.input);
+       if (client->output != NULL)
diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/patches/patch-src_login-common_ssl-proxy-openssl.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/dovecot/patches/patch-src_login-common_ssl-proxy-openssl.c   Fri Jan 23 12:17:47 2015 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-src_login-common_ssl-proxy-openssl.c,v 1.1 2015/01/23 12:17:47 wiz Exp $
+
+Fix for CVE-2014-3430.
+Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b
+
+--- src/login-common/ssl-proxy-openssl.c.orig  2011-01-20 21:16:59.000000000 +0000
++++ src/login-common/ssl-proxy-openssl.c
+@@ -80,7 +80,6 @@ static void plain_read(struct ssl_proxy 
+ static void ssl_read(struct ssl_proxy *proxy);
+ static void ssl_write(struct ssl_proxy *proxy);
+ static void ssl_step(struct ssl_proxy *proxy);
+-static void ssl_proxy_destroy(struct ssl_proxy *proxy);
+ static void ssl_proxy_unref(struct ssl_proxy *proxy);
+ 
+ static void ssl_params_corrupted(const char *path)
+@@ -676,7 +675,7 @@ static void ssl_proxy_unref(struct ssl_p
+       main_unref();
+ }
+ 
+-static void ssl_proxy_destroy(struct ssl_proxy *proxy)
++void ssl_proxy_destroy(struct ssl_proxy *proxy)
+ {
+       if (proxy->destroyed)
+               return;
diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/patches/patch-src_login-common_ssl-proxy.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/dovecot/patches/patch-src_login-common_ssl-proxy.c   Fri Jan 23 12:17:47 2015 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_login-common_ssl-proxy.c,v 1.1 2015/01/23 12:17:47 wiz Exp $
+
+Fix for CVE-2014-3430.
+Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b
+
+--- src/login-common/ssl-proxy.c.orig  2010-01-24 23:14:17.000000000 +0000
++++ src/login-common/ssl-proxy.c
+@@ -55,6 +55,8 @@ const char *ssl_proxy_get_security_strin
+       return "";
+ }
+ 
++void ssl_proxy_destroy(struct ssl_proxy *proxy ATTR_UNUSED) {}
++
+ void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {}
+ 
+ unsigned int ssl_proxy_get_count(void)
diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/patches/patch-src_login-common_ssl-proxy.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/dovecot/patches/patch-src_login-common_ssl-proxy.h   Fri Jan 23 12:17:47 2015 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_login-common_ssl-proxy.h,v 1.1 2015/01/23 12:17:47 wiz Exp $
+
+Fix for CVE-2014-3430.
+Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b
+
+--- src/login-common/ssl-proxy.h.orig  2009-06-27 04:49:34.000000000 +0000
++++ src/login-common/ssl-proxy.h
+@@ -24,6 +24,7 @@ const char *ssl_proxy_get_peer_name(stru
+ bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
+ const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
+ const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
++void ssl_proxy_destroy(struct ssl_proxy *proxy);
+ void ssl_proxy_free(struct ssl_proxy *proxy);
+ 
+ /* Return number of active SSL proxies */
diff -r 248965bfc902 -r 3b9cde2c90c3 mail/dovecot/patches/patch-src_pop3-login_client.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/dovecot/patches/patch-src_pop3-login_client.c        Fri Jan 23 12:17:47 2015 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_pop3-login_client.c,v 1.1 2015/01/23 12:17:47 wiz Exp $
+
+Fix for CVE-2014-3430.
+Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b
+
+--- src/pop3-login/client.c.orig       2010-01-24 23:14:17.000000000 +0000
++++ src/pop3-login/client.c
+@@ -359,6 +359,8 @@ void client_destroy(struct pop3_client *
+ 
+       client_unlink(&client->common);
+ 
++      if (!client->login_success && client->common.proxy != NULL)
++              ssl_proxy_destroy(client->common.proxy);
+       if (client->common.input != NULL)
+               i_stream_close(client->common.input);
+       if (client->output != NULL)
Prev by Date: [pkgsrc/trunk]: pkgsrc/math/cln/patches Commit correct version of patch (oops).
Next by Date: [pkgsrc/trunk]: pkgsrc/security/ruby-twitter_oauth Update ruby-twitter_oauth ...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/math/cln/patches Commit correct version of patch (oops).
Next by Thread: [pkgsrc/trunk]: pkgsrc/security/ruby-twitter_oauth Update ruby-twitter_oauth ...
Indexes:
Home | Main Index | Thread Index | Old Index