summaryrefslogtreecommitdiff
path: root/mail/dovecot2
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2015-05-10 07:33:49 +0000
committertaca <taca@pkgsrc.org>2015-05-10 07:33:49 +0000
commit5d073a83e219c9ec569c74629aec3b9215597b7a (patch)
tree2bd1a2474bb56a0895870645bab57ea2c4361175 /mail/dovecot2
parent7244ed5f2ba9a35a6c1c9b3089bfc9d6940c3daf (diff)
downloadpkgsrc-5d073a83e219c9ec569c74629aec3b9215597b7a.tar.gz
Add fix for CVE-2015-3420.
Bump PKGREVISION.
Diffstat (limited to 'mail/dovecot2')
-rw-r--r--mail/dovecot2/Makefile4
-rw-r--r--mail/dovecot2/distinfo3
-rw-r--r--mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c55
3 files changed, 59 insertions, 3 deletions
diff --git a/mail/dovecot2/Makefile b/mail/dovecot2/Makefile
index c768a531110..cc07a5aafe7 100644
--- a/mail/dovecot2/Makefile
+++ b/mail/dovecot2/Makefile
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.74 2015/04/23 09:27:31 jperkin Exp $
+# $NetBSD: Makefile,v 1.75 2015/05/10 07:33:49 taca Exp $
#
# when updating to a new release, update ABI depends in
# the buildlink3.mk file as well, since the plugins' version
# must match (see PR 49563).
DISTNAME= dovecot-2.2.16
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= mail
MASTER_SITES= http://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
diff --git a/mail/dovecot2/distinfo b/mail/dovecot2/distinfo
index 5fb91acd4ab..2bf37411e83 100644
--- a/mail/dovecot2/distinfo
+++ b/mail/dovecot2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.53 2015/03/15 09:19:23 tron Exp $
+$NetBSD: distinfo,v 1.54 2015/05/10 07:33:49 taca Exp $
SHA1 (dovecot-2.2.16.tar.gz) = 7b267ee939b790ee42809efebc96d6ae78a49432
RMD160 (dovecot-2.2.16.tar.gz) = 79768b2077137d255a3cfbc492de6d979e594e31
@@ -7,4 +7,5 @@ SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
SHA1 (patch-ab) = d637a64feec8e4eafacda149cf0193aa1b70a054
SHA1 (patch-ae) = 51d8cb998cc2ded8bfc767710e465b752c50e656
SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498
+SHA1 (patch-src_login-common_ssl-proxy-openssl.c) = ae2929851b36a0ac230cbad602851d6d021f0e71
SHA1 (patch-src_stats_mail-stats.h) = 90645c2aab956a0119630da4b71905db704bffda
diff --git a/mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c b/mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c
new file mode 100644
index 00000000000..c779981365f
--- /dev/null
+++ b/mail/dovecot2/patches/patch-src_login-common_ssl-proxy-openssl.c
@@ -0,0 +1,55 @@
+$NetBSD: patch-src_login-common_ssl-proxy-openssl.c,v 1.1 2015/05/10 07:33:49 taca Exp $
+
+* Fix CVE-2015-3420 from revision 86f535375750 of dovecot-2.2.
+
+--- src/login-common/ssl-proxy-openssl.c.orig 2015-01-29 16:01:15.000000000 +0000
++++ src/login-common/ssl-proxy-openssl.c
+@@ -80,6 +80,7 @@ struct ssl_proxy {
+ unsigned int cert_broken:1;
+ unsigned int client_proxy:1;
+ unsigned int flushing:1;
++ unsigned int failed:1;
+ };
+
+ struct ssl_parameters {
+@@ -131,6 +132,12 @@ static void ssl_proxy_ctx_set_crypto_par
+ static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
+ #endif
+
++static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
++{
++ proxy->failed = TRUE;
++ ssl_proxy_destroy(proxy);
++}
++
+ static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
+ {
+ unsigned int i, g, h = 0;
+@@ -462,7 +469,7 @@ static void ssl_handle_error(struct ssl_
+
+ if (errstr != NULL) {
+ proxy->last_error = i_strdup(errstr);
+- ssl_proxy_destroy(proxy);
++ ssl_proxy_destroy_failed(proxy);
+ }
+ ssl_proxy_unref(proxy);
+ }
+@@ -492,7 +499,7 @@ static void ssl_handshake(struct ssl_pro
+
+ if (proxy->handshake_callback != NULL) {
+ if (proxy->handshake_callback(proxy->handshake_context) < 0)
+- ssl_proxy_destroy(proxy);
++ ssl_proxy_destroy_failed(proxy);
+ }
+ }
+
+@@ -822,7 +829,8 @@ void ssl_proxy_destroy(struct ssl_proxy
+ if (proxy->destroyed || proxy->flushing)
+ return;
+ proxy->flushing = TRUE;
+- ssl_proxy_flush(proxy);
++ if (!proxy->failed && proxy->handshaked)
++ ssl_proxy_flush(proxy);
+ proxy->destroyed = TRUE;
+
+ ssl_proxy_count--;