pkg/49599: mail/dovecot (Dovecot 1.2) fix for CVE-2014-3430

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/49599: mail/dovecot (Dovecot 1.2) fix for CVE-2014-3430
From: ef%math.uni-bonn.de@localhost
Date: Thu, 22 Jan 2015 17:40:00 +0000 (UTC)

>Number:         49599
>Category:       pkg
>Synopsis:       mail/dovecot (Dovecot 1.2) fix for CVE-2014-3430
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 22 17:40:00 +0000 2015
>Originator:     Edgar FuÃ?
>Release:        pkgsrc-2014Q4
>Organization:
	Mathematisches Institu der UniversitÃ¤t Bonn
>Description:
	Dovecot 1.2 is subject to a denial-of-service vulnerability, CVE-2014-3430.
	Timo Sirainen has prepared a fix (http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b), but hasn't released a new 1.2.x version (see http://permalink.gmane.org/gmane.mail.imap.dovecot/77499)
>How-To-Repeat:
	cd mail/dovecot && make fetch
>Fix:
	Adapt the patch provided by Timo Sirainen:

	$NetBSD: patch-CVE-2014-3430 $

	login: SSL connections didn't get closed when the client got destroyed.
	essentially http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b 
	fixes CVE-2014-3430.
	--- src/imap-login/client.c.orig	2010-01-25 00:14:17.000000000 +0100
	+++ src/imap-login/client.c	2015-01-22 18:18:22.000000000 +0100
	@@ -557,6 +557,8 @@
	 
		client_unlink(&client->common);
	 
	+	if (!client->login_success && client->common.proxy != NULL)
	+		ssl_proxy_destroy(client->common.proxy);
		if (client->common.input != NULL)
			i_stream_close(client->common.input);
		if (client->output != NULL)
	--- src/login-common/ssl-proxy-openssl.c.orig	2011-01-20 22:16:59.000000000 +0100
	+++ src/login-common/ssl-proxy-openssl.c	2015-01-22 18:18:22.000000000 +0100
	@@ -80,7 +80,6 @@
	 static void ssl_read(struct ssl_proxy *proxy);
	 static void ssl_write(struct ssl_proxy *proxy);
	 static void ssl_step(struct ssl_proxy *proxy);
	-static void ssl_proxy_destroy(struct ssl_proxy *proxy);
	 static void ssl_proxy_unref(struct ssl_proxy *proxy);
	 
	 static void ssl_params_corrupted(const char *path)
	@@ -676,7 +675,7 @@
		main_unref();
	 }
	 
	-static void ssl_proxy_destroy(struct ssl_proxy *proxy)
	+void ssl_proxy_destroy(struct ssl_proxy *proxy)
	 {
		if (proxy->destroyed)
			return;
	--- src/login-common/ssl-proxy.c.orig	2010-01-25 00:14:17.000000000 +0100
	+++ src/login-common/ssl-proxy.c	2015-01-22 18:18:22.000000000 +0100
	@@ -55,6 +55,8 @@
		return "";
	 }
	 
	+void ssl_proxy_destroy(struct ssl_proxy *proxy ATTR_UNUSED) {}
	+
	 void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {}
	 
	 unsigned int ssl_proxy_get_count(void)
	--- src/login-common/ssl-proxy.h.orig	2009-06-27 06:49:34.000000000 +0200
	+++ src/login-common/ssl-proxy.h	2015-01-22 18:18:22.000000000 +0100
	@@ -24,6 +24,7 @@
	 bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
	 const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
	 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
	+void ssl_proxy_destroy(struct ssl_proxy *proxy);
	 void ssl_proxy_free(struct ssl_proxy *proxy);
	 
	 /* Return number of active SSL proxies */
	--- src/pop3-login/client.c.orig	2010-01-25 00:14:17.000000000 +0100
	+++ src/pop3-login/client.c	2015-01-22 18:18:22.000000000 +0100
	@@ -359,6 +359,8 @@
	 
		client_unlink(&client->common);
	 
	+	if (!client->login_success && client->common.proxy != NULL)
	+		ssl_proxy_destroy(client->common.proxy);
		if (client->common.input != NULL)
			i_stream_close(client->common.input);
		if (client->output != NULL)


	update distinfo and bump PKGREVISON:

	Index: Makefile
	===================================================================
	RCS file: /cvsroot/pkgsrc/mail/dovecot/Makefile,v
	retrieving revision 1.174
	diff -u -r1.174 Makefile
	--- Makefile	9 Oct 2014 14:06:38 -0000	1.174
	+++ Makefile	22 Jan 2015 17:29:30 -0000
	@@ -5,7 +5,7 @@
	 SIEVE_VERSION=		0.1.19
	 MANAGESIEVE_VERSION=	0.11.13
	 DISTNAME=		dovecot-${DOVECOT_VERSION}${DOVECOT_SUBVERSION}
	-PKGREVISION=		14
	+PKGREVISION=		15
	 CATEGORIES=		mail
	 MASTER_SITES=		http://www.dovecot.org/releases/${DOVECOT_VERSION}/
	 DOVECOT_SIEVE_SITES=	http://www.rename-it.nl/dovecot/${DOVECOT_VERSION}/
	Index: distinfo
	===================================================================
	RCS file: /cvsroot/pkgsrc/mail/dovecot/distinfo,v
	retrieving revision 1.118
	diff -u -r1.118 distinfo
	--- distinfo	9 Jun 2011 13:15:35 -0000	1.118
	+++ distinfo	22 Jan 2015 17:29:30 -0000
	@@ -12,6 +12,7 @@
	 SHA1 (dovecot-1.2.17.tar.gz) = 457b16791a15e739c6bc8b02bc9c78f9ad794e39
	 RMD160 (dovecot-1.2.17.tar.gz) = 59f619dba2aadef3cccd6ceb045a2e75a11700a2
	 Size (dovecot-1.2.17.tar.gz) = 2983431 bytes
	+SHA1 (patch-CVE-2014-3430) = f719b06f53992019d17c91db9e5030c3d0732813
	 SHA1 (patch-aa) = 447e46268a93201b3ef22491ff0968752978d020
	 SHA1 (patch-ab) = e5b5d72f0553da42d14ee05a9ed0faff8a6c7075
	 SHA1 (patch-ac) = 5912392abb79df8e78de6f710c2a83264ee58fe7

Prev by Date: Re: pkg/39062 (security/dsniff-nox11 build fails on MacOS 10.4.11)
Next by Date: Re: pkg/49594: math/blas build failure
Previous by Thread: pkg/49598: perl5 build failures on powerpc 601
Next by Thread: Re: pkg/49599 (mail/dovecot (Dovecot 1.2) fix for CVE-2014-3430)
Indexes:

Home | Main Index | Thread Index | Old Index