Commit b5b1db0a authored by Milan P. Stanić's avatar Milan P. Stanić

main/dovecot: security upgrade to 2.3.13

fixes:
 - CVE-2020-24386
 - CVE-2020-25275
add fix-out-of-memory-test.patch to fix test on musl

add patch posted to me by upstream author to fix failed tests on 32bit
arches
fixes #12274
parent aeec6a37
Pipeline #69332 failed with stages
in 30 seconds
From b715149395814fc1f77da2d52f74a635854efd49 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 18 Jan 2021 17:38:15 +0200
Subject: [PATCH] lib: time-util - Fix calculations to work on 32-bit systems
Broken by 16ab55427a727d3c93046367f7ae582c9f744458
---
src/lib/time-util.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/lib/time-util.c b/src/lib/time-util.c
index 294bb02310..c9ff4a5b62 100644
--- a/src/lib/time-util.c
+++ b/src/lib/time-util.c
@@ -38,22 +38,24 @@ int timeval_cmp(const struct timeval *tv1, const struct timeval *tv2)
int timeval_cmp_margin(const struct timeval *tv1, const struct timeval *tv2,
unsigned int usec_margin)
{
- long long usecs_diff;
+ long long usecs_diff, secs_diff;
int sec_margin, ret;
if (tv1->tv_sec < tv2->tv_sec) {
+ secs_diff = (long long)tv2->tv_sec - (long long)tv1->tv_sec;
+ usecs_diff = tv2->tv_usec - tv1->tv_usec;
sec_margin = ((int)usec_margin / 1000000) + 1;
- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin)
+ if (secs_diff > sec_margin)
return -1;
- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL +
- (tv2->tv_usec - tv1->tv_usec);
+ usecs_diff = secs_diff * 1000000LL + usecs_diff;
ret = -1;
} else if (tv1->tv_sec > tv2->tv_sec) {
+ secs_diff = (long long)tv1->tv_sec - (long long)tv2->tv_sec;
+ usecs_diff = tv1->tv_usec - tv2->tv_usec;
sec_margin = ((int)usec_margin / 1000000) + 1;
- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin)
+ if (secs_diff > sec_margin)
return 1;
- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL +
- (tv1->tv_usec - tv2->tv_usec);
+ usecs_diff = secs_diff * 1000000LL + usecs_diff;
ret = 1;
} else if (tv1->tv_usec < tv2->tv_usec) {
usecs_diff = tv2->tv_usec - tv1->tv_usec;
--
2.20.1
......@@ -4,10 +4,11 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dovecot
pkgver=2.3.10.1
_pkgvermajor=2.3
pkgver=2.3.13
_pkgverminor=${pkgver%.*}
_pkgvermajor=${_pkgverminor%.*}
pkgrel=1
_pigeonholever=0.5.10
_pigeonholever=0.5.13
_pigeonholevermajor=${_pigeonholever%.*}
pkgdesc="IMAP and POP3 server"
url="https://www.dovecot.org/"
......@@ -54,20 +55,23 @@ subpackages="
$pkgname-fts-solr:_fts_solr
$pkgname-fts-lucene:_fts_lucene
"
source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz
https://pigeonhole.dovecot.org/releases/$_pkgvermajor/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever.tar.gz
source="https://www.dovecot.org/releases/$_pkgverminor/dovecot-$pkgver.tar.gz
https://pigeonhole.dovecot.org/releases/$_pkgverminor/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever.tar.gz
skip-iconv-check.patch
split-protocols.patch
default-config.patch
CVE-2020-12673.patch
CVE-2020-12674.patch
fix-oauth2-jwt.c.patch
fix-out-of-memory-test.patch
0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
dovecot.logrotate
dovecot.initd
"
builddir="$srcdir/$pkgname-$pkgver"
_builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever"
_builddir_pigeonhole="$srcdir/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever"
# secfixes:
# 2.3.13-r0:
# - CVE-2020-24386
# - CVE-2020-25275
# 2.3.10.1-r1:
# - CVE-2020-12673
# - CVE-2020-12674
......@@ -315,12 +319,13 @@ _submv() {
done
}
sha512sums="5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 dovecot-2.3.10.1.tar.gz
f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b dovecot-2.3-pigeonhole-0.5.10.tar.gz
sha512sums="758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95 dovecot-2.3.13.tar.gz
fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3 dovecot-2.3-pigeonhole-0.5.13.tar.gz
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch
0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch
54d5b1bfbc9fcdc00a5c943420bcbbfc8f0107ab2ff160ef0b2f73093a23766e0fcdb4cfc7944def40526414f97aff818cac6bdec155a6f3962f477b210a8ed5 CVE-2020-12673.patch
3599ca53dff1234dcea483006a82ec7276c1feee8df4f1df50f0b080202e351dd34e011af1bbdbdce1d9db54761beb0890b0be6e4ce7ed86e62513896c072e0c CVE-2020-12674.patch
7f428b0f14323a5dda00aef93f4835c2c38a7b780a939a47f759d31df4636e86055f95d17e2358cb37a2704ea022dfad602c7ed4568cba644347f20fd1e15e3b fix-oauth2-jwt.c.patch
733cdbfb7f6b2608470bd30a0f9190ec86099d4c8e48b7fb92d7b595be665bf749976889033e1ad438edd3f99f2e0d496dd0d667291915c80df82f7e62483f59 fix-out-of-memory-test.patch
ad2cd2c51b0fe977d22b62fda7258de68d62513c6fe11bd0e38d8326f478f2d5a469800fd5a110070f35072facccfdb6c044e41b3a5c4b03ea1ea0b2a3e00395 0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
From fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 18 May 2020 12:33:39 +0300
Subject: [PATCH] lib-ntlm: Check buffer length on responses
Add missing check for buffer length.
If this is not checked, it is possible to send message which
causes read past buffer bug.
Broken in c7480644202e5451fbed448508ea29a25cffc99c
---
src/lib-ntlm/ntlm-message.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/lib-ntlm/ntlm-message.c b/src/lib-ntlm/ntlm-message.c
index 160b9f918c..a29413b47e 100644
--- a/src/lib-ntlm/ntlm-message.c
+++ b/src/lib-ntlm/ntlm-message.c
@@ -184,6 +184,11 @@ static bool ntlmssp_check_buffer(const struct ntlmssp_buffer *buffer,
if (length == 0 && space == 0)
return TRUE;
+ if (length > data_size) {
+ *error = "buffer length out of bounds";
+ return FALSE;
+ }
+
if (offset >= data_size) {
*error = "buffer offset out of bounds";
return FALSE;
From 69ad3c902ea4bbf9f21ab1857d8923f975dc6145 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 6 May 2020 13:40:36 +0300
Subject: [PATCH] auth: mech-rpa - Fail on zero len buffer
---
src/auth/mech-rpa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c
index 08298ebdd6..2de8705b4f 100644
--- a/src/auth/mech-rpa.c
+++ b/src/auth/mech-rpa.c
@@ -224,7 +224,7 @@ rpa_read_buffer(pool_t pool, const unsigned char **data,
return 0;
len = *p++;
- if (p + len > end)
+ if (p + len > end || len == 0)
return 0;
*buffer = p_malloc(pool, len);
From 42c37d2473116bf4a7fcafcaf94de83947fe80bc Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 13 Aug 2020 20:01:41 +0300
Subject: [PATCH] oauth2-jwt: Use int64_t instead time_t for portability
diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index a68875e57..0adf612d9 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -31,18 +31,25 @@ static const char *get_field(const struct json_tree *tree, const char *key)
}
static int get_time_field(const struct json_tree *tree, const char *key,
- long *value_r)
+ int64_t *value_r)
{
+ time_t tvalue;
const char *value = get_field(tree, key);
int tz_offset ATTR_UNUSED;
if (value == NULL)
return 0;
- if ((str_to_long(value, value_r) < 0 &&
- !iso8601_date_parse((const unsigned char*)value, strlen(value),
- value_r, &tz_offset)) ||
- *value_r < 0)
- return -1;
- return 1;
+ if (str_to_int64(value, value_r) == 0) {
+ if (*value_r < 0)
+ return -1;
+ return 1;
+ } else if (iso8601_date_parse((const unsigned char*)value, strlen(value),
+ &tvalue, &tz_offset)) {
+ if (tvalue < 0)
+ return -1;
+ *value_r = tvalue;
+ return 1;
+ }
+ return -1;
}
static int oauth2_lookup_hmac_key(const struct oauth2_settings *set,
@@ -283,9 +290,9 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg, cons
const char *sub = get_field(tree, "sub");
int ret;
- long t0 = time(NULL);
+ int64_t t0 = time(NULL);
/* default IAT and NBF to now */
- long iat, nbf, exp;
+ int64_t iat, nbf, exp;
int tz_offset ATTR_UNUSED;
if (sub == NULL) {
fixes test in src/lib/test-file-cache.c for musl
--- a/src/lib/test-file-cache.c 2021-01-04 17:55:39.550032767 +0000
+++ b/src/lib/test-file-cache.c 2021-01-04 17:54:31.439645416 +0000
@@ -263,7 +263,7 @@
};
const char *errstr =
t_strdup_printf("mmap_anon(.test_file_cache, %zu) failed: "
- "Cannot allocate memory", page_size);
+ "Out of memory", page_size);
test_assert(setrlimit(RLIMIT_AS, &rl_new) == 0);
test_expect_error_string(errstr);
test_assert(file_cache_set_size(cache, 1024) == -1);
@@ -271,7 +271,7 @@
/* same for mremap */
errstr = t_strdup_printf("mremap_anon(.test_file_cache, %zu) failed: "
- "Cannot allocate memory", page_size*2);
+ "Out of memory", page_size*2);
test_assert(file_cache_set_size(cache, 1) == 0);
test_assert(setrlimit(RLIMIT_AS, &rl_new) == 0);
test_expect_error_string(errstr);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment