Commit 7f9b5fba authored by J0WI's avatar J0WI Committed by Leonardo Arena

main/dovecot: security upgrade to 2.3.6 (CVE-2019-11494, CVE-2019-11499)

Fixes #10389Signed-off-by: default avatarLeonardo Arena <rnalrd@alpinelinux.org>
parent 0ce51efa
......@@ -3,7 +3,7 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dovecot
pkgver=2.3.5.1
pkgver=2.3.6
_pkgvermajor=2.3
pkgrel=0
_pigeonholever=0.5.5
......@@ -33,12 +33,15 @@ source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz
skip-iconv-check.patch
dovecot.logrotate
dovecot.initd
mysql-fix-double-close.patch
"
options="!checkroot"
_builddirpigeonhole="$srcdir/$pkgname-${_pkgvermajor}-pigeonhole-$_pigeonholever"
# secfixes:
# 2.3.6-r0:
# - CVE-2019-11499
# - CVE-2019-11494
# - CVE-2019-10691
# 2.3.5.1-r0:
# - CVE-2019-7524
# 2.3.4.1-r0:
......@@ -212,9 +215,8 @@ _fts_lucene() {
_mv $(cd "$pkgdir" && find usr -name '*fts*lucene*')
}
sha512sums="e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a dovecot-2.3.5.1.tar.gz
sha512sums="ec28af2efcbd4ab534298c3342709251074dcdb0f0f4bcad0d24b996b273387e2ce557d7ab54abafb69be3ed7dd61f25c82b9710d78156932e2eff7f941c9eb2 dovecot-2.3.6.tar.gz
21519fc9b1152a947b64ce4251e1a4bdbe003b48233b1856a32696f9c1e29f730268c56eb38f9431bbfac345e6cd42e8c78c87d0702f39ebf20c6d326dcdbb94 dovecot-2.3-pigeonhole-0.5.5.tar.gz
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd
07500fdc27e8e76f8325e7160e3ac0dfd80e3dcb6d310499ea3b7d6c7899809bbb76c01aec78c4b8b9bf80cd8260dbc26726a612357d30f3b3c8be80f77f9abd mysql-fix-double-close.patch"
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
From 3c5101ffdd2a8115e03ed7180d53578765dea4c9 Mon Sep 17 00:00:00 2001
Patch-Origin: https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9
From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Tue, 4 Dec 2018 14:40:04 +0200
Subject: [PATCH] driver-mysql: Avoid double-closing MySQL connection
Fixes double-free
---
src/lib-sql/driver-mysql.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/lib-sql/driver-mysql.c b/src/lib-sql/driver-mysql.c
index c87e825e4b..5dd1c3124f 100644
--- a/src/lib-sql/driver-mysql.c
+++ b/src/lib-sql/driver-mysql.c
@@ -173,7 +173,9 @@ static int driver_mysql_connect(struct sql_db *_db)
static void driver_mysql_disconnect(struct sql_db *_db)
{
struct mysql_db *db = (struct mysql_db *)_db;
- mysql_close(db->mysql);
+ if (db->mysql != NULL)
+ mysql_close(db->mysql);
+ db->mysql = NULL;
}
static int driver_mysql_parse_connect_string(struct mysql_db *db,
@@ -311,7 +313,9 @@ static void driver_mysql_deinit_v(struct sql_db *_db)
_db->no_reconnect = TRUE;
sql_db_set_state(&db->api, SQL_DB_STATE_DISCONNECTED);
- mysql_close(db->mysql);
+ if (db->mysql != NULL)
+ mysql_close(db->mysql);
+ db->mysql = NULL;
sql_connection_log_finished(_db);
event_unref(&_db->event);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment