diff options
author | taca <taca@pkgsrc.org> | 2015-05-10 07:33:49 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2015-05-10 07:33:49 +0000 |
commit | 5d073a83e219c9ec569c74629aec3b9215597b7a (patch) | |
tree | 2bd1a2474bb56a0895870645bab57ea2c4361175 /mail/dovecot2 | |
parent | 7244ed5f2ba9a35a6c1c9b3089bfc9d6940c3daf (diff) | |
download | pkgsrc-5d073a83e219c9ec569c74629aec3b9215597b7a.tar.gz |
Add fix for CVE-2015-3420.
Bump PKGREVISION.
Diffstat (limited to 'mail/dovecot2')
-rw-r--r-- | mail/dovecot2/Makefile | 4 | ||||
-rw-r--r-- | mail/dovecot2/distinfo | 3 | ||||
-rw-r--r-- | mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c | 55 |
3 files changed, 59 insertions, 3 deletions
diff --git a/mail/dovecot2/Makefile b/mail/dovecot2/Makefile index c768a531110..cc07a5aafe7 100644 --- a/mail/dovecot2/Makefile +++ b/mail/dovecot2/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.74 2015/04/23 09:27:31 jperkin Exp $ +# $NetBSD: Makefile,v 1.75 2015/05/10 07:33:49 taca Exp $ # # when updating to a new release, update ABI depends in # the buildlink3.mk file as well, since the plugins' version # must match (see PR 49563). DISTNAME= dovecot-2.2.16 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= mail MASTER_SITES= http://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/ diff --git a/mail/dovecot2/distinfo b/mail/dovecot2/distinfo index 5fb91acd4ab..2bf37411e83 100644 --- a/mail/dovecot2/distinfo +++ b/mail/dovecot2/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.53 2015/03/15 09:19:23 tron Exp $ +$NetBSD: distinfo,v 1.54 2015/05/10 07:33:49 taca Exp $ SHA1 (dovecot-2.2.16.tar.gz) = 7b267ee939b790ee42809efebc96d6ae78a49432 RMD160 (dovecot-2.2.16.tar.gz) = 79768b2077137d255a3cfbc492de6d979e594e31 @@ -7,4 +7,5 @@ SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666 SHA1 (patch-ab) = d637a64feec8e4eafacda149cf0193aa1b70a054 SHA1 (patch-ae) = 51d8cb998cc2ded8bfc767710e465b752c50e656 SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498 +SHA1 (patch-src_login-common_ssl-proxy-openssl.c) = ae2929851b36a0ac230cbad602851d6d021f0e71 SHA1 (patch-src_stats_mail-stats.h) = 90645c2aab956a0119630da4b71905db704bffda diff --git a/mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c b/mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c new file mode 100644 index 00000000000..c779981365f --- /dev/null +++ b/mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c @@ -0,0 +1,55 @@ +$NetBSD: patch-src_login-common_ssl-proxy-openssl.c,v 1.1 2015/05/10 07:33:49 taca Exp $ + +* Fix CVE-2015-3420 from revision 86f535375750 of dovecot-2.2. + +--- src/login-common/ssl-proxy-openssl.c.orig 2015-01-29 16:01:15.000000000 +0000 ++++ src/login-common/ssl-proxy-openssl.c +@@ -80,6 +80,7 @@ struct ssl_proxy { + unsigned int cert_broken:1; + unsigned int client_proxy:1; + unsigned int flushing:1; ++ unsigned int failed:1; + }; + + struct ssl_parameters { +@@ -131,6 +132,12 @@ static void ssl_proxy_ctx_set_crypto_par + static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); + #endif + ++static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy) ++{ ++ proxy->failed = TRUE; ++ ssl_proxy_destroy(proxy); ++} ++ + static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx) + { + unsigned int i, g, h = 0; +@@ -462,7 +469,7 @@ static void ssl_handle_error(struct ssl_ + + if (errstr != NULL) { + proxy->last_error = i_strdup(errstr); +- ssl_proxy_destroy(proxy); ++ ssl_proxy_destroy_failed(proxy); + } + ssl_proxy_unref(proxy); + } +@@ -492,7 +499,7 @@ static void ssl_handshake(struct ssl_pro + + if (proxy->handshake_callback != NULL) { + if (proxy->handshake_callback(proxy->handshake_context) < 0) +- ssl_proxy_destroy(proxy); ++ ssl_proxy_destroy_failed(proxy); + } + } + +@@ -822,7 +829,8 @@ void ssl_proxy_destroy(struct ssl_proxy + if (proxy->destroyed || proxy->flushing) + return; + proxy->flushing = TRUE; +- ssl_proxy_flush(proxy); ++ if (!proxy->failed && proxy->handshaked) ++ ssl_proxy_flush(proxy); + proxy->destroyed = TRUE; + + ssl_proxy_count--; |