aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-04-30 09:24:25 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-04-30 09:27:08 -0600
commit26d4e1e0d48bf4d78508ed3bfee8fef0df27bec9 (patch)
treef7ba03fbc71cc7b935a80e8e839cba4a2dc2db78
parent68315057c5622da2cabab2c83435196acb0bc4af (diff)
downloadaports-26d4e1e0d48bf4d78508ed3bfee8fef0df27bec9.tar.gz
aports-26d4e1e0d48bf4d78508ed3bfee8fef0df27bec9.tar.bz2
aports-26d4e1e0d48bf4d78508ed3bfee8fef0df27bec9.tar.xz
main/opensmtpd: add mitigations for CVE-2020-35679 and CVE-2020-35680
-rw-r--r--main/opensmtpd/APKBUILD11
-rw-r--r--main/opensmtpd/CVE-2020-35679.patch35
-rw-r--r--main/opensmtpd/CVE-2020-35680.patch26
3 files changed, 70 insertions, 2 deletions
diff --git a/main/opensmtpd/APKBUILD b/main/opensmtpd/APKBUILD
index 4f848dfa1f..39f10b77a9 100644
--- a/main/opensmtpd/APKBUILD
+++ b/main/opensmtpd/APKBUILD
@@ -4,11 +4,14 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 6.6.4p1-r2:
+# - CVE-2020-35679
+# - CVE-2020-35680
# 6.6.2p1-r0:
# - CVE-2020-7247
pkgname=opensmtpd
pkgver=6.6.4p1
-pkgrel=1
+pkgrel=2
pkgdesc="Secure, reliable, lean, and easy-to configure SMTP server"
url="https://www.opensmtpd.org/"
arch="all"
@@ -23,6 +26,8 @@ source="https://www.opensmtpd.org/archives/opensmtpd-$pkgver.tar.gz
aliases
autoconf-decl-checks.patch
smtpd.conf.patch
+ CVE-2020-35679.patch
+ CVE-2020-35680.patch
"
options="suid !check"
@@ -62,4 +67,6 @@ sha512sums="267307c91f4fcf21624b0897dfb1f5638b77da7b8d9a02211d734ed2cc5bd39ea754
d544d873e37a503f07808cf2fe0e14736b88401c1dfa08631c1ea49b7237733e2d0cbb3685e695854ae66227f129bb18e9d7e57cd617164017144d7ba00954eb smtpd.initd
51d47b34eb3d728daa45f29d6434cc75db28dfa69b6fb3ecd873121df85b296a2d2c81016d765a07778aa26a496e4b29c09a30b82678cf42596a536734b5deca aliases
37104cc605569f142ceffa902f200e8a7e9e1114ebe5394ed1eac0ed6ce25454e1610270921c45246de8396eee04b7c8ab5a112a231036a6ef14e7e229b264e3 autoconf-decl-checks.patch
-14ff3d4f56aee3a31551ea535c4a5bf9b760f0f11bc269225d7b176d5031294716133cbf4555a92e76cc6e33de89454435562672ddaf1ab365e61085eb1e4d53 smtpd.conf.patch"
+14ff3d4f56aee3a31551ea535c4a5bf9b760f0f11bc269225d7b176d5031294716133cbf4555a92e76cc6e33de89454435562672ddaf1ab365e61085eb1e4d53 smtpd.conf.patch
+4faf05ccc24be2b70f7d7133517e25067f395e4048e32334c9e2ea2cfe6e2f5f50bd3bef273c87ba05310644b263ee512f6f8d454c240d04382c758b60444c20 CVE-2020-35679.patch
+1613aced559f34a8b0022dd8cab97a9489e05c54f9a6312db658cc35896706c98eb3877457571ac7ef850c8710b567a7248b7f157273656d5a9d6a17581bdf59 CVE-2020-35680.patch"
diff --git a/main/opensmtpd/CVE-2020-35679.patch b/main/opensmtpd/CVE-2020-35679.patch
new file mode 100644
index 0000000000..6746c27447
--- /dev/null
+++ b/main/opensmtpd/CVE-2020-35679.patch
@@ -0,0 +1,35 @@
+From 79a034b4aed29e965f45a13409268290c9910043 Mon Sep 17 00:00:00 2001
+From: martijn <martijn@openbsd.org>
+Date: Wed, 23 Dec 2020 08:12:14 +0000
+Subject: [PATCH] Use regfree after we're done with preg.
+
+From gilles@
+---
+ smtpd/table.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c
+index b79451caadd4..1d82d88b81a4 100644
+--- a/smtpd/table.c
++++ b/smtpd/table.c
+@@ -464,6 +464,7 @@ table_regex_match(const char *string, const char *pattern)
+ {
+ regex_t preg;
+ int cflags = REG_EXTENDED|REG_NOSUB;
++ int ret;
+
+ if (strncmp(pattern, "(?i)", 4) == 0) {
+ cflags |= REG_ICASE;
+@@ -473,7 +474,11 @@ table_regex_match(const char *string, const char *pattern)
+ if (regcomp(&preg, pattern, cflags) != 0)
+ return (0);
+
+- if (regexec(&preg, string, 0, NULL, 0) != 0)
++ ret = regexec(&preg, string, 0, NULL, 0);
++
++ regfree(&preg);
++
++ if (ret != 0)
+ return (0);
+
+ return (1);
diff --git a/main/opensmtpd/CVE-2020-35680.patch b/main/opensmtpd/CVE-2020-35680.patch
new file mode 100644
index 0000000000..4496abe3b8
--- /dev/null
+++ b/main/opensmtpd/CVE-2020-35680.patch
@@ -0,0 +1,26 @@
+From 6c3220444ed06b5796dedfd53a0f4becd903c0d1 Mon Sep 17 00:00:00 2001
+From: millert <millert@openbsd.org>
+Date: Wed, 23 Dec 2020 20:17:49 +0000
+Subject: [PATCH] smtpd's filter state machine can prematurely release
+ resources leading to a crash. From gilles@
+
+---
+ smtpd/lka_filter.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/usr.sbin/smtpd/lka_filter.c b/usr.sbin/smtpd/lka_filter.c
+index 21b10ce1033b..d1194254d8df 100644
+--- a/smtpd/lka_filter.c
++++ b/smtpd/lka_filter.c
+@@ -600,11 +600,6 @@ filter_session_io(struct io *io, int evt, void *arg)
+ filter_data(fs->id, line);
+
+ goto nextline;
+-
+- case IO_DISCONNECTED:
+- io_free(fs->io);
+- fs->io = NULL;
+- break;
+ }
+ }
+