Commit fc93d886 authored by Kevin Daudt's avatar Kevin Daudt 💻

community/postsrsd: security fix for CVE-2020-35573

parent 42fdcdb4
......@@ -2,43 +2,39 @@
# Maintainer: Kevin Daudt <kdaudt@alpinelinux.org>
pkgname=postsrsd
pkgver=1.6
pkgrel=3
pkgrel=4
pkgdesc="Postfix Sender Rewriting Scheme daemon"
url="https://github.com/roehling/postsrsd"
arch="all"
license="GPL-2.0"
depends=""
makedepends="cmake help2man"
pkgusers="postsrsd"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-openrc"
source="$pkgname-$pkgver.tar.gz::https://github.com/roehling/postsrsd/archive/$pkgver.tar.gz
10-fix-defaults.patch
postsrsd.initd"
builddir="$srcdir/$pkgname-$pkgver"
postsrsd.initd
cve-2020-35573-dos-timestamp.patch
"
build() {
cd "$builddir"
mkdir build
cd build
# secfixes:
# 1.6-r4:
# - CVE-2020-35573
cmake .. -DCMAKE_INSTALL_PREFIX=/usr/ \
build() {
cmake -B build -DCMAKE_INSTALL_PREFIX=/usr/ \
-DCMAKE_BUILD_TYPE=None \
-DGENERATE_SRS_SECRET=OFF \
-DCONFIG_DIR=/etc/postsrsd
make all
make -C build all
}
check() {
cd "$builddir"/build
./postsrsd_tests
build/postsrsd_tests
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir/" install
make -C build DESTDIR="$pkgdir/" install
install -d "$pkgdir/etc/postsrsd/"
install -Dm0644 build/postsrsd.default "$pkgdir/etc/conf.d/postsrsd"
......@@ -47,4 +43,5 @@ package() {
sha512sums="b2df4cdec41361e15cd8c9207fb16564d607559bcb36dd73c9347b90e4f3c2414b88434ef1ffe6a18783f38c5960383516e40e4ffa28802a03539e52ca723aa1 postsrsd-1.6.tar.gz
96a1c4e04ded844b98e5b5e263af51389ad8f1424a0fcd923f8156a2f9491b67552fbe3b5ad972cf1279d7b0e022787d151b5151a27da43227176356848ec4d7 10-fix-defaults.patch
8541fbd517370cabf905b992ba4aeccc249c56b71bf0c3f5f50c13a4bbc9e191265632147d9f2cd617911049144abbf0f2c510d0fa41ba4268ccf1ede9798116 postsrsd.initd"
8541fbd517370cabf905b992ba4aeccc249c56b71bf0c3f5f50c13a4bbc9e191265632147d9f2cd617911049144abbf0f2c510d0fa41ba4268ccf1ede9798116 postsrsd.initd
8282ca416933b46e5430822d9806d17c1914c337193f241994db1d7f57be982407a40f47ebdfb6c8dc5da17a041e8df371bbf54aa86531dd26b0c7b1beacde28 cve-2020-35573-dos-timestamp.patch"
From 4733fb11f6bec6524bb8518c5e1a699288c26bac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20R=C3=B6hling?= <timo@gaussglocke.de>
Date: Sat, 12 Dec 2020 10:42:28 +0100
Subject: [PATCH] SECURITY: Fix potential denial of service attack against
PostSRSd
I discovered that PostSRSd could be tricked into consuming a lot of CPU
time with an SRS address that has an excessively long time stamp tag,
e.g.
SRS0=HHHH=TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT=0@example.com
---
srs2.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/srs2.c b/srs2.c
index b07a664..6a2eebb 100644
--- a/srs2.c
+++ b/srs2.c
@@ -230,6 +230,7 @@ srs_timestamp_check(srs_t *srs, const char *stamp)
time_t now;
time_t then;
+ if (strlen(stamp) != 2) return SRS_ETIMESTAMPOUTOFDATE;
/* We had better go around this loop exactly twice! */
then = 0;
for (sp = stamp; *sp; sp++) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment