diff options
| author | wiz <wiz> | 2015-01-23 12:17:47 +0000 |
|---|---|---|
| committer | wiz <wiz> | 2015-01-23 12:17:47 +0000 |
| commit | 5ac33e9563fde1706f5c3088fa20b1450041f304 (patch) | |
| tree | 4d8153212582535fc1dd7521478e0e56bfa829ae /mail/dovecot | |
| parent | 2f5628cb8a6dc997f5194cd595765015e5a6685e (diff) | |
| download | pkgsrc-5ac33e9563fde1706f5c3088fa20b1450041f304.tar.gz | |
Fix for CVE-2014-3430.
Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b
adapted to pkgsrc by Edgar Fuß in PR 49599.
Bump PKGREVISION.
regen patch-ab while here
Diffstat (limited to 'mail/dovecot')
| -rw-r--r-- | mail/dovecot/Makefile | 4 | ||||
| -rw-r--r-- | mail/dovecot/distinfo | 9 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-ab | 23 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-src_imap-login_client.c | 16 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-src_login-common_ssl-proxy-openssl.c | 24 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-src_login-common_ssl-proxy.c | 16 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-src_login-common_ssl-proxy.h | 15 | ||||
| -rw-r--r-- | mail/dovecot/patches/patch-src_pop3-login_client.c | 16 |
8 files changed, 109 insertions, 14 deletions
diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile index 07b012f9c89..81b42f62fe8 100644 --- a/mail/dovecot/Makefile +++ b/mail/dovecot/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.174 2014/10/09 14:06:38 wiz Exp $ +# $NetBSD: Makefile,v 1.175 2015/01/23 12:17:47 wiz Exp $ DOVECOT_VERSION= 1.2 DOVECOT_SUBVERSION= .17 SIEVE_VERSION= 0.1.19 MANAGESIEVE_VERSION= 0.11.13 DISTNAME= dovecot-${DOVECOT_VERSION}${DOVECOT_SUBVERSION} -PKGREVISION= 14 +PKGREVISION= 15 CATEGORIES= mail MASTER_SITES= http://www.dovecot.org/releases/${DOVECOT_VERSION}/ DOVECOT_SIEVE_SITES= http://www.rename-it.nl/dovecot/${DOVECOT_VERSION}/ diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo index a7d5bce4cf5..c0eba808260 100644 --- a/mail/dovecot/distinfo +++ b/mail/dovecot/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.118 2011/06/09 13:15:35 obache Exp $ +$NetBSD: distinfo,v 1.119 2015/01/23 12:17:47 wiz Exp $ SHA1 (dovecot-1.2-managesieve-0.11.13.tar.gz) = cd5d2149250072aa8079f9db967cfeffc1b57c53 RMD160 (dovecot-1.2-managesieve-0.11.13.tar.gz) = 9deed0637f1b5942a1b4996a343fed1b23301023 @@ -13,7 +13,12 @@ SHA1 (dovecot-1.2.17.tar.gz) = 457b16791a15e739c6bc8b02bc9c78f9ad794e39 RMD160 (dovecot-1.2.17.tar.gz) = 59f619dba2aadef3cccd6ceb045a2e75a11700a2 Size (dovecot-1.2.17.tar.gz) = 2983431 bytes SHA1 (patch-aa) = 447e46268a93201b3ef22491ff0968752978d020 -SHA1 (patch-ab) = e5b5d72f0553da42d14ee05a9ed0faff8a6c7075 +SHA1 (patch-ab) = c4b94708ba99d8ae51898a1a46ef0c0faef92f14 SHA1 (patch-ac) = 5912392abb79df8e78de6f710c2a83264ee58fe7 SHA1 (patch-ag) = 7e733d41c0607df64c2c3195b78683689f2143d6 SHA1 (patch-ah) = a7d02fa3ab1d1a760e05510ebd3cfb07a6652863 +SHA1 (patch-src_imap-login_client.c) = 9385443757ab53499385b099bc65e6aee0b4edbf +SHA1 (patch-src_login-common_ssl-proxy-openssl.c) = dc965b545681f09a74758033c0665924377ff551 +SHA1 (patch-src_login-common_ssl-proxy.c) = b1cf551a2f68d9acad3e2ce4b768a91683dc6e2f +SHA1 (patch-src_login-common_ssl-proxy.h) = ec9bfc3eb70cdff8983f17ab05e47bdefece1c63 +SHA1 (patch-src_pop3-login_client.c) = 290427f221d1f8bfae89aef07b61798cdabc29ca diff --git a/mail/dovecot/patches/patch-ab b/mail/dovecot/patches/patch-ab index a38ea6195e9..f1648c3fd0a 100644 --- a/mail/dovecot/patches/patch-ab +++ b/mail/dovecot/patches/patch-ab @@ -1,8 +1,8 @@ -$NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ +$NetBSD: patch-ab,v 1.30 2015/01/23 12:17:47 wiz Exp $ ---- dovecot-example.conf.orig 2009-06-01 05:21:42.000000000 +0200 +--- dovecot-example.conf.orig 2010-01-24 23:30:41.000000000 +0000 +++ dovecot-example.conf -@@ -12,9 +12,6 @@ +@@ -12,16 +12,13 @@ # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. @@ -12,11 +12,14 @@ $NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ # Base directory where to store runtime data. #base_dir = /var/run/dovecot/ -@@ -23,3 +20,3 @@ + + # Protocols we want to be serving: imap imaps pop3 pop3s # If you only want to use dovecot-auth, you can set this to "none". -#protocols = imap imaps +protocols = imap pop3 + # A space separated list of IP or host addresses where to listen in for + # connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6 @@ -86,7 +83,7 @@ #ssl_listen = @@ -74,7 +77,7 @@ $NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ # Don't try to set mails non-recent or seen with POP3 sessions. This is # mostly intended to reduce disk I/O. With maildir it doesn't move files -@@ -678,7 +675,7 @@ protocol pop3 { +@@ -682,7 +679,7 @@ protocol pop3 { # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. #mail_plugins = @@ -83,7 +86,7 @@ $NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ # Workarounds for various client bugs: # outlook-no-nuls: -@@ -706,7 +703,7 @@ protocol lda { +@@ -710,7 +707,7 @@ protocol lda { # Support for dynamically loadable plugins. mail_plugins is a space separated # list of plugins to load. #mail_plugins = @@ -92,7 +95,7 @@ $NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ # If user is over quota, return with temporary failure instead of # bouncing the mail. -@@ -720,7 +717,7 @@ protocol lda { +@@ -724,7 +721,7 @@ protocol lda { #deliver_log_format = msgid=%m: %$ # Binary to use for sending mails. @@ -101,7 +104,7 @@ $NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ # Subject: header to use for rejection mails. You can use the same variables # as for rejection_reason below. -@@ -739,7 +736,7 @@ protocol lda { +@@ -743,7 +740,7 @@ protocol lda { ## # Executable location @@ -110,7 +113,7 @@ $NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ # Set max. process size in megabytes. #auth_process_size = 256 -@@ -869,7 +866,7 @@ auth default { +@@ -872,7 +869,7 @@ auth default { # database (passwd usually), you can use static userdb. # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> @@ -119,7 +122,7 @@ $NetBSD: patch-ab,v 1.29 2010/01/06 16:57:18 sketch Exp $ # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] # -@@ -902,15 +899,15 @@ auth default { +@@ -905,15 +902,15 @@ auth default { # args = session=yes %Ls # args = cache_key=%u dovecot #args = dovecot diff --git a/mail/dovecot/patches/patch-src_imap-login_client.c b/mail/dovecot/patches/patch-src_imap-login_client.c new file mode 100644 index 00000000000..5e881bc9fc7 --- /dev/null +++ b/mail/dovecot/patches/patch-src_imap-login_client.c @@ -0,0 +1,16 @@ +$NetBSD: patch-src_imap-login_client.c,v 1.1 2015/01/23 12:17:47 wiz Exp $ + +Fix for CVE-2014-3430. +Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b + +--- src/imap-login/client.c.orig 2010-01-24 23:14:17.000000000 +0000 ++++ src/imap-login/client.c +@@ -557,6 +557,8 @@ void client_destroy(struct imap_client * + + client_unlink(&client->common); + ++ if (!client->login_success && client->common.proxy != NULL) ++ ssl_proxy_destroy(client->common.proxy); + if (client->common.input != NULL) + i_stream_close(client->common.input); + if (client->output != NULL) diff --git a/mail/dovecot/patches/patch-src_login-common_ssl-proxy-openssl.c b/mail/dovecot/patches/patch-src_login-common_ssl-proxy-openssl.c new file mode 100644 index 00000000000..32388e69326 --- /dev/null +++ b/mail/dovecot/patches/patch-src_login-common_ssl-proxy-openssl.c @@ -0,0 +1,24 @@ +$NetBSD: patch-src_login-common_ssl-proxy-openssl.c,v 1.1 2015/01/23 12:17:47 wiz Exp $ + +Fix for CVE-2014-3430. +Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b + +--- src/login-common/ssl-proxy-openssl.c.orig 2011-01-20 21:16:59.000000000 +0000 ++++ src/login-common/ssl-proxy-openssl.c +@@ -80,7 +80,6 @@ static void plain_read(struct ssl_proxy + static void ssl_read(struct ssl_proxy *proxy); + static void ssl_write(struct ssl_proxy *proxy); + static void ssl_step(struct ssl_proxy *proxy); +-static void ssl_proxy_destroy(struct ssl_proxy *proxy); + static void ssl_proxy_unref(struct ssl_proxy *proxy); + + static void ssl_params_corrupted(const char *path) +@@ -676,7 +675,7 @@ static void ssl_proxy_unref(struct ssl_p + main_unref(); + } + +-static void ssl_proxy_destroy(struct ssl_proxy *proxy) ++void ssl_proxy_destroy(struct ssl_proxy *proxy) + { + if (proxy->destroyed) + return; diff --git a/mail/dovecot/patches/patch-src_login-common_ssl-proxy.c b/mail/dovecot/patches/patch-src_login-common_ssl-proxy.c new file mode 100644 index 00000000000..ebc984e7a34 --- /dev/null +++ b/mail/dovecot/patches/patch-src_login-common_ssl-proxy.c @@ -0,0 +1,16 @@ +$NetBSD: patch-src_login-common_ssl-proxy.c,v 1.1 2015/01/23 12:17:47 wiz Exp $ + +Fix for CVE-2014-3430. +Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b + +--- src/login-common/ssl-proxy.c.orig 2010-01-24 23:14:17.000000000 +0000 ++++ src/login-common/ssl-proxy.c +@@ -55,6 +55,8 @@ const char *ssl_proxy_get_security_strin + return ""; + } + ++void ssl_proxy_destroy(struct ssl_proxy *proxy ATTR_UNUSED) {} ++ + void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {} + + unsigned int ssl_proxy_get_count(void) diff --git a/mail/dovecot/patches/patch-src_login-common_ssl-proxy.h b/mail/dovecot/patches/patch-src_login-common_ssl-proxy.h new file mode 100644 index 00000000000..37a7fe3d8d0 --- /dev/null +++ b/mail/dovecot/patches/patch-src_login-common_ssl-proxy.h @@ -0,0 +1,15 @@ +$NetBSD: patch-src_login-common_ssl-proxy.h,v 1.1 2015/01/23 12:17:47 wiz Exp $ + +Fix for CVE-2014-3430. +Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b + +--- src/login-common/ssl-proxy.h.orig 2009-06-27 04:49:34.000000000 +0000 ++++ src/login-common/ssl-proxy.h +@@ -24,6 +24,7 @@ const char *ssl_proxy_get_peer_name(stru + bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE; + const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE; + const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy); ++void ssl_proxy_destroy(struct ssl_proxy *proxy); + void ssl_proxy_free(struct ssl_proxy *proxy); + + /* Return number of active SSL proxies */ diff --git a/mail/dovecot/patches/patch-src_pop3-login_client.c b/mail/dovecot/patches/patch-src_pop3-login_client.c new file mode 100644 index 00000000000..7ce39ecd7af --- /dev/null +++ b/mail/dovecot/patches/patch-src_pop3-login_client.c @@ -0,0 +1,16 @@ +$NetBSD: patch-src_pop3-login_client.c,v 1.1 2015/01/23 12:17:47 wiz Exp $ + +Fix for CVE-2014-3430. +Based on http://hg.dovecot.org/dovecot-1.2/raw-rev/8ba4253adc9b + +--- src/pop3-login/client.c.orig 2010-01-24 23:14:17.000000000 +0000 ++++ src/pop3-login/client.c +@@ -359,6 +359,8 @@ void client_destroy(struct pop3_client * + + client_unlink(&client->common); + ++ if (!client->login_success && client->common.proxy != NULL) ++ ssl_proxy_destroy(client->common.proxy); + if (client->common.input != NULL) + i_stream_close(client->common.input); + if (client->output != NULL) |