aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2020-08-19 10:57:34 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2020-08-19 11:12:03 +0000
commit16ace452cb1f2851f04400577158746694ee0aca (patch)
tree66ee947d4781ea62695b16a6402cd215923d5121
parent0fdf45a9347b4d80ed8abef34bceba3a41959024 (diff)
downloadaports-16ace452cb1f2851f04400577158746694ee0aca.tar.gz
aports-16ace452cb1f2851f04400577158746694ee0aca.tar.bz2
aports-16ace452cb1f2851f04400577158746694ee0aca.tar.xz
main/dovecot: security upgrade to 2.3.11.3
- CVE-2020-12100 - CVE-2020-12673 - CVE-2020-12674 based on: - https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/11360 - https://gitlab.alpinelinux.org/alpine/aports/-/commit/cd32bb7c9ac2d8af16970953f142ac37b57932b9
-rw-r--r--main/dovecot/APKBUILD21
-rw-r--r--main/dovecot/fix-oauth2-jwt.c.patch55
2 files changed, 69 insertions, 7 deletions
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
index 10bfccf28e..b7cca0f284 100644
--- a/main/dovecot/APKBUILD
+++ b/main/dovecot/APKBUILD
@@ -4,10 +4,11 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dovecot
-pkgver=2.3.10.1
-_pkgvermajor=2.3
+pkgver=2.3.11.3
+_pkgverminor=${pkgver%.*}
+_pkgvermajor=${_pkgverminor%.*}
pkgrel=0
-_pigeonholever=0.5.10
+_pigeonholever=0.5.11
_pigeonholevermajor=${_pigeonholever%.*}
pkgdesc="IMAP and POP3 server"
url="https://www.dovecot.org/"
@@ -55,16 +56,21 @@ subpackages="
$pkgname-fts-lucene:_fts_lucene
"
source="https://www.dovecot.org/releases/$_pkgvermajor/dovecot-$pkgver.tar.gz
- https://pigeonhole.dovecot.org/releases/$_pkgvermajor/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever.tar.gz
+ https://pigeonhole.dovecot.org/releases/$_pkgvermajor/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever.tar.gz
skip-iconv-check.patch
split-protocols.patch
default-config.patch
+ fix-oauth2-jwt.c.patch
dovecot.logrotate
dovecot.initd
"
-_builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever"
+_builddir_pigeonhole="$srcdir/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever"
# secfixes:
+# 2.3.11.3-r0:
+# - CVE-2020-12100
+# - CVE-2020-12673
+# - CVE-2020-12674
# 2.3.10.1-r0:
# - CVE-2020-10957
# - CVE-2020-10958
@@ -305,10 +311,11 @@ _submv() {
done
}
-sha512sums="5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 dovecot-2.3.10.1.tar.gz
-f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b dovecot-2.3-pigeonhole-0.5.10.tar.gz
+sha512sums="d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb dovecot-2.3.11.3.tar.gz
+ef65b49092fec736258cd793f4f338cd7838c0e6e23922f6df36b428089e88ff236b8e67a7f31ee9c7e4d587a60a1533fde45d689fa9563fbfd4224bee3d2536 dovecot-2.3.11-pigeonhole-0.5.11.tar.gz
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch
0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch
+7f428b0f14323a5dda00aef93f4835c2c38a7b780a939a47f759d31df4636e86055f95d17e2358cb37a2704ea022dfad602c7ed4568cba644347f20fd1e15e3b fix-oauth2-jwt.c.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
diff --git a/main/dovecot/fix-oauth2-jwt.c.patch b/main/dovecot/fix-oauth2-jwt.c.patch
new file mode 100644
index 0000000000..b3755f6993
--- /dev/null
+++ b/main/dovecot/fix-oauth2-jwt.c.patch
@@ -0,0 +1,55 @@
+From 42c37d2473116bf4a7fcafcaf94de83947fe80bc Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Thu, 13 Aug 2020 20:01:41 +0300
+Subject: [PATCH] oauth2-jwt: Use int64_t instead time_t for portability
+
+
+diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
+index a68875e57..0adf612d9 100644
+--- a/src/lib-oauth2/oauth2-jwt.c
++++ b/src/lib-oauth2/oauth2-jwt.c
+@@ -31,18 +31,25 @@ static const char *get_field(const struct json_tree *tree, const char *key)
+ }
+
+ static int get_time_field(const struct json_tree *tree, const char *key,
+- long *value_r)
++ int64_t *value_r)
+ {
++ time_t tvalue;
+ const char *value = get_field(tree, key);
+ int tz_offset ATTR_UNUSED;
+ if (value == NULL)
+ return 0;
+- if ((str_to_long(value, value_r) < 0 &&
+- !iso8601_date_parse((const unsigned char*)value, strlen(value),
+- value_r, &tz_offset)) ||
+- *value_r < 0)
+- return -1;
+- return 1;
++ if (str_to_int64(value, value_r) == 0) {
++ if (*value_r < 0)
++ return -1;
++ return 1;
++ } else if (iso8601_date_parse((const unsigned char*)value, strlen(value),
++ &tvalue, &tz_offset)) {
++ if (tvalue < 0)
++ return -1;
++ *value_r = tvalue;
++ return 1;
++ }
++ return -1;
+ }
+
+ static int oauth2_lookup_hmac_key(const struct oauth2_settings *set,
+@@ -283,9 +290,9 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg, cons
+ const char *sub = get_field(tree, "sub");
+
+ int ret;
+- long t0 = time(NULL);
++ int64_t t0 = time(NULL);
+ /* default IAT and NBF to now */
+- long iat, nbf, exp;
++ int64_t iat, nbf, exp;
+ int tz_offset ATTR_UNUSED;
+
+ if (sub == NULL) {