aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-12-10 21:18:07 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-12-10 21:24:12 -0300
commit21650367c747c2e554c7548118f07e6133e02cdb (patch)
tree6c0986b2b56e0b2c59c49faffb6be465eb360dba
parent675ce583181fb5b5f20767fd8b435d80fdc1dd16 (diff)
downloadaports-21650367c747c2e554c7548118f07e6133e02cdb.tar.gz
aports-21650367c747c2e554c7548118f07e6133e02cdb.tar.bz2
aports-21650367c747c2e554c7548118f07e6133e02cdb.tar.xz
main/dovecot: fix CVE-2020-12673 and CVE-2020-12674
Partial Fix for #11843
-rw-r--r--main/dovecot/APKBUILD9
-rw-r--r--main/dovecot/CVE-2020-12673.patch31
-rw-r--r--main/dovecot/CVE-2020-12674.patch22
3 files changed, 61 insertions, 1 deletions
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
index 3d7caebb5a..3ca3451bfc 100644
--- a/main/dovecot/APKBUILD
+++ b/main/dovecot/APKBUILD
@@ -6,7 +6,7 @@
pkgname=dovecot
pkgver=2.3.10.1
_pkgvermajor=2.3
-pkgrel=0
+pkgrel=1
_pigeonholever=0.5.10
_pigeonholevermajor=${_pigeonholever%.*}
pkgdesc="IMAP and POP3 server"
@@ -61,6 +61,8 @@ source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz
skip-iconv-check.patch
split-protocols.patch
default-config.patch
+ CVE-2020-12673.patch
+ CVE-2020-12674.patch
dovecot.logrotate
dovecot.initd
"
@@ -68,6 +70,9 @@ builddir="$srcdir/$pkgname-$pkgver"
_builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever"
# secfixes:
+# 2.3.10.1-r1:
+# - CVE-2020-12673
+# - CVE-2020-12674
# 2.3.10.1-r0:
# - CVE-2020-10957
# - CVE-2020-10958
@@ -314,5 +319,7 @@ f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch
0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch
+54d5b1bfbc9fcdc00a5c943420bcbbfc8f0107ab2ff160ef0b2f73093a23766e0fcdb4cfc7944def40526414f97aff818cac6bdec155a6f3962f477b210a8ed5 CVE-2020-12673.patch
+3599ca53dff1234dcea483006a82ec7276c1feee8df4f1df50f0b080202e351dd34e011af1bbdbdce1d9db54761beb0890b0be6e4ce7ed86e62513896c072e0c CVE-2020-12674.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
diff --git a/main/dovecot/CVE-2020-12673.patch b/main/dovecot/CVE-2020-12673.patch
new file mode 100644
index 0000000000..9dd26e0350
--- /dev/null
+++ b/main/dovecot/CVE-2020-12673.patch
@@ -0,0 +1,31 @@
+From fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 18 May 2020 12:33:39 +0300
+Subject: [PATCH] lib-ntlm: Check buffer length on responses
+
+Add missing check for buffer length.
+
+If this is not checked, it is possible to send message which
+causes read past buffer bug.
+
+Broken in c7480644202e5451fbed448508ea29a25cffc99c
+---
+ src/lib-ntlm/ntlm-message.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/lib-ntlm/ntlm-message.c b/src/lib-ntlm/ntlm-message.c
+index 160b9f918c..a29413b47e 100644
+--- a/src/lib-ntlm/ntlm-message.c
++++ b/src/lib-ntlm/ntlm-message.c
+@@ -184,6 +184,11 @@ static bool ntlmssp_check_buffer(const struct ntlmssp_buffer *buffer,
+ if (length == 0 && space == 0)
+ return TRUE;
+
++ if (length > data_size) {
++ *error = "buffer length out of bounds";
++ return FALSE;
++ }
++
+ if (offset >= data_size) {
+ *error = "buffer offset out of bounds";
+ return FALSE;
diff --git a/main/dovecot/CVE-2020-12674.patch b/main/dovecot/CVE-2020-12674.patch
new file mode 100644
index 0000000000..a9dca2a82d
--- /dev/null
+++ b/main/dovecot/CVE-2020-12674.patch
@@ -0,0 +1,22 @@
+From 69ad3c902ea4bbf9f21ab1857d8923f975dc6145 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Wed, 6 May 2020 13:40:36 +0300
+Subject: [PATCH] auth: mech-rpa - Fail on zero len buffer
+
+---
+ src/auth/mech-rpa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c
+index 08298ebdd6..2de8705b4f 100644
+--- a/src/auth/mech-rpa.c
++++ b/src/auth/mech-rpa.c
+@@ -224,7 +224,7 @@ rpa_read_buffer(pool_t pool, const unsigned char **data,
+ return 0;
+
+ len = *p++;
+- if (p + len > end)
++ if (p + len > end || len == 0)
+ return 0;
+
+ *buffer = p_malloc(pool, len);