aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMilan P. Stanić <mps@arvanta.net>2021-06-30 16:41:21 +0000
committerMilan P. Stanić <mps@arvanta.net>2021-06-30 18:40:47 +0000
commit2652f1efda91ad8ddd71cc7829708c6bc9b09701 (patch)
tree69c5ca30d0aeee7f110d2335790bad3f59dab663
parent3c81b8514507dbed329cc73a2c9e7d3f56966e41 (diff)
downloadaports-2652f1efda91ad8ddd71cc7829708c6bc9b09701.tar.gz
aports-2652f1efda91ad8ddd71cc7829708c6bc9b09701.tar.bz2
aports-2652f1efda91ad8ddd71cc7829708c6bc9b09701.tar.xz
main/dovecot: security upgrade to 2.3.15
fixes CVE-2021-29157 and CVE-2021-33515 0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch. fixed upstream remove fix-oauth2-jwt.c.patch, fixed upstream add fix-libssl_iostream_openssl.patch add test-imap-client-hibernate.patch to fix test
-rw-r--r--main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch49
-rw-r--r--main/dovecot/APKBUILD29
-rw-r--r--main/dovecot/fix-libssl_iostream_openssl.patch14
-rw-r--r--main/dovecot/fix-oauth2-jwt.c.patch55
-rw-r--r--main/dovecot/test-imap-client-hibernate.patch14
5 files changed, 44 insertions, 117 deletions
diff --git a/main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch b/main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
deleted file mode 100644
index 3c494b40c5..0000000000
--- a/main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From b715149395814fc1f77da2d52f74a635854efd49 Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@open-xchange.com>
-Date: Mon, 18 Jan 2021 17:38:15 +0200
-Subject: [PATCH] lib: time-util - Fix calculations to work on 32-bit systems
-
-Broken by 16ab55427a727d3c93046367f7ae582c9f744458
----
- src/lib/time-util.c | 16 +++++++++-------
- 1 file changed, 9 insertions(+), 7 deletions(-)
-
-diff --git a/src/lib/time-util.c b/src/lib/time-util.c
-index 294bb02310..c9ff4a5b62 100644
---- a/src/lib/time-util.c
-+++ b/src/lib/time-util.c
-@@ -38,22 +38,24 @@ int timeval_cmp(const struct timeval *tv1, const struct timeval *tv2)
- int timeval_cmp_margin(const struct timeval *tv1, const struct timeval *tv2,
- unsigned int usec_margin)
- {
-- long long usecs_diff;
-+ long long usecs_diff, secs_diff;
- int sec_margin, ret;
-
- if (tv1->tv_sec < tv2->tv_sec) {
-+ secs_diff = (long long)tv2->tv_sec - (long long)tv1->tv_sec;
-+ usecs_diff = tv2->tv_usec - tv1->tv_usec;
- sec_margin = ((int)usec_margin / 1000000) + 1;
-- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin)
-+ if (secs_diff > sec_margin)
- return -1;
-- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL +
-- (tv2->tv_usec - tv1->tv_usec);
-+ usecs_diff = secs_diff * 1000000LL + usecs_diff;
- ret = -1;
- } else if (tv1->tv_sec > tv2->tv_sec) {
-+ secs_diff = (long long)tv1->tv_sec - (long long)tv2->tv_sec;
-+ usecs_diff = tv1->tv_usec - tv2->tv_usec;
- sec_margin = ((int)usec_margin / 1000000) + 1;
-- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin)
-+ if (secs_diff > sec_margin)
- return 1;
-- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL +
-- (tv1->tv_usec - tv2->tv_usec);
-+ usecs_diff = secs_diff * 1000000LL + usecs_diff;
- ret = 1;
- } else if (tv1->tv_usec < tv2->tv_usec) {
- usecs_diff = tv2->tv_usec - tv1->tv_usec;
---
-2.20.1
-
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
index 1e226b6d35..ac96c2a00b 100644
--- a/main/dovecot/APKBUILD
+++ b/main/dovecot/APKBUILD
@@ -4,12 +4,10 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dovecot
-pkgver=2.3.13
+pkgver=2.3.15
_pkgverminor=${pkgver%.*}
-_pkgvermajor=${_pkgverminor%.*}
-pkgrel=1
-_pigeonholever=0.5.13
-_pigeonholevermajor=${_pigeonholever%.*}
+pkgrel=0
+_pigeonholever=0.5.15
pkgdesc="IMAP and POP3 server"
url="https://www.dovecot.org/"
arch="all"
@@ -56,19 +54,22 @@ subpackages="
$pkgname-fts-lucene:_fts_lucene
"
source="https://www.dovecot.org/releases/$_pkgverminor/dovecot-$pkgver.tar.gz
- https://pigeonhole.dovecot.org/releases/$_pkgverminor/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever.tar.gz
+ https://pigeonhole.dovecot.org/releases/$_pkgverminor/dovecot-$_pkgverminor-pigeonhole-$_pigeonholever.tar.gz
skip-iconv-check.patch
split-protocols.patch
default-config.patch
- fix-oauth2-jwt.c.patch
fix-out-of-memory-test.patch
- 0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
+ fix-libssl_iostream_openssl.patch
+ test-imap-client-hibernate.patch
dovecot.logrotate
dovecot.initd
"
_builddir_pigeonhole="$srcdir/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever"
# secfixes:
+# 2.3.15-r0:
+# - CVE-2021-29157
+# - CVE-2021-33515
# 2.3.13-r0:
# - CVE-2020-24386
# - CVE-2020-25275
@@ -316,13 +317,15 @@ _submv() {
done
}
-sha512sums="758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95 dovecot-2.3.13.tar.gz
-fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3 dovecot-2.3-pigeonhole-0.5.13.tar.gz
+sha512sums="
+75bbdbeac663da109f78dba06c42bb5193e911c6b3c64f055fc4473ae9afaf0c8304c49fc7f06c5c6b61e67dd13dc21fbed6ff160a99f38f547c88ba05e6b03a dovecot-2.3.15.tar.gz
+521070080802bf2a50cd0ff0af5dc991c04d70b807abc2cd9aa567444a4869f5f42800f19d9b740a519bd4069437139e70ca6ae4b905479fcec8faa133ac5f54 dovecot-2.3-pigeonhole-0.5.15.tar.gz
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch
0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch
-7f428b0f14323a5dda00aef93f4835c2c38a7b780a939a47f759d31df4636e86055f95d17e2358cb37a2704ea022dfad602c7ed4568cba644347f20fd1e15e3b fix-oauth2-jwt.c.patch
733cdbfb7f6b2608470bd30a0f9190ec86099d4c8e48b7fb92d7b595be665bf749976889033e1ad438edd3f99f2e0d496dd0d667291915c80df82f7e62483f59 fix-out-of-memory-test.patch
-ad2cd2c51b0fe977d22b62fda7258de68d62513c6fe11bd0e38d8326f478f2d5a469800fd5a110070f35072facccfdb6c044e41b3a5c4b03ea1ea0b2a3e00395 0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
+0fb56eb9c7fae8d8b1d794928ce2ba58d03c102cd7c3f959799c62c5d838ff535ecccb64bc1970d960f67d49388c880773e9eac5aed3bcf92e6efed3b56cc837 fix-libssl_iostream_openssl.patch
+33c6eefaaca755c7766c74cb1afdc54fa9241b3d75b1db6b1167615061b5d79b85d759746c2d1793f4a3669d493489236e89ca4278dd38dd681f537c83e81a20 test-imap-client-hibernate.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
-d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
+d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd
+"
diff --git a/main/dovecot/fix-libssl_iostream_openssl.patch b/main/dovecot/fix-libssl_iostream_openssl.patch
new file mode 100644
index 0000000000..5c4cbb6263
--- /dev/null
+++ b/main/dovecot/fix-libssl_iostream_openssl.patch
@@ -0,0 +1,14 @@
+diff --git a/src/lib-dcrypt/Makefile.am b/src/lib-dcrypt/Makefile.am
+index e9e5116953..718d451c4f 100644
+--- a/src/lib-dcrypt/Makefile.am
++++ b/src/lib-dcrypt/Makefile.am
+@@ -20,7 +20,8 @@ libdcrypt_la_CFLAGS = $(AM_CPPFLAGS) \
+ if BUILD_DCRYPT_OPENSSL
+ pkglib_LTLIBRARIES += libdcrypt_openssl.la
+ libdcrypt_openssl_la_SOURCES = dcrypt-openssl.c
+-libdcrypt_openssl_la_LDFLAGS = -module -avoid-version ../lib-ssl-iostream/libssl_iostream_openssl.la
++libdcrypt_openssl_la_LDFLAGS = -module -avoid-version ../lib-ssl-iostream/libssl_iostream.la \
++ ../lib-ssl-iostream/libssl_iostream_openssl.la
+ libdcrypt_openssl_la_LIBADD = $(SSL_LIBS)
+ libdcrypt_openssl_la_DEPENDENCIES = ../lib-ssl-iostream/libssl_iostream_openssl.la
+ libdcrypt_openssl_la_CFLAGS = $(AM_CPPFLAGS) \
diff --git a/main/dovecot/fix-oauth2-jwt.c.patch b/main/dovecot/fix-oauth2-jwt.c.patch
deleted file mode 100644
index b3755f6993..0000000000
--- a/main/dovecot/fix-oauth2-jwt.c.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 42c37d2473116bf4a7fcafcaf94de83947fe80bc Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@open-xchange.com>
-Date: Thu, 13 Aug 2020 20:01:41 +0300
-Subject: [PATCH] oauth2-jwt: Use int64_t instead time_t for portability
-
-
-diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
-index a68875e57..0adf612d9 100644
---- a/src/lib-oauth2/oauth2-jwt.c
-+++ b/src/lib-oauth2/oauth2-jwt.c
-@@ -31,18 +31,25 @@ static const char *get_field(const struct json_tree *tree, const char *key)
- }
-
- static int get_time_field(const struct json_tree *tree, const char *key,
-- long *value_r)
-+ int64_t *value_r)
- {
-+ time_t tvalue;
- const char *value = get_field(tree, key);
- int tz_offset ATTR_UNUSED;
- if (value == NULL)
- return 0;
-- if ((str_to_long(value, value_r) < 0 &&
-- !iso8601_date_parse((const unsigned char*)value, strlen(value),
-- value_r, &tz_offset)) ||
-- *value_r < 0)
-- return -1;
-- return 1;
-+ if (str_to_int64(value, value_r) == 0) {
-+ if (*value_r < 0)
-+ return -1;
-+ return 1;
-+ } else if (iso8601_date_parse((const unsigned char*)value, strlen(value),
-+ &tvalue, &tz_offset)) {
-+ if (tvalue < 0)
-+ return -1;
-+ *value_r = tvalue;
-+ return 1;
-+ }
-+ return -1;
- }
-
- static int oauth2_lookup_hmac_key(const struct oauth2_settings *set,
-@@ -283,9 +290,9 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg, cons
- const char *sub = get_field(tree, "sub");
-
- int ret;
-- long t0 = time(NULL);
-+ int64_t t0 = time(NULL);
- /* default IAT and NBF to now */
-- long iat, nbf, exp;
-+ int64_t iat, nbf, exp;
- int tz_offset ATTR_UNUSED;
-
- if (sub == NULL) {
diff --git a/main/dovecot/test-imap-client-hibernate.patch b/main/dovecot/test-imap-client-hibernate.patch
new file mode 100644
index 0000000000..ce6584c032
--- /dev/null
+++ b/main/dovecot/test-imap-client-hibernate.patch
@@ -0,0 +1,14 @@
+submitted as https://github.com/dovecot/core/pull/159
+reduce filename length
+
+--- a/src/imap/test-imap-client-hibernate.c
++++ b/src/imap/test-imap-client-hibernate.c
+@@ -19,7 +19,7 @@
+
+ #include <sys/stat.h>
+
+-#define TEMP_DIRNAME ".test-imap-client-hibernate"
++#define TEMP_DIRNAME ".test-ich"
+
+ #define EVILSTR "\t\r\n\001"
+