diff options
| author | Ariadne Conill <ariadne@dereferenced.org> | 2021-04-30 09:24:25 -0600 |
|---|---|---|
| committer | Ariadne Conill <ariadne@dereferenced.org> | 2021-04-30 09:27:08 -0600 |
| commit | 26d4e1e0d48bf4d78508ed3bfee8fef0df27bec9 (patch) | |
| tree | f7ba03fbc71cc7b935a80e8e839cba4a2dc2db78 | |
| parent | 68315057c5622da2cabab2c83435196acb0bc4af (diff) | |
main/opensmtpd: add mitigations for CVE-2020-35679 and CVE-2020-35680
| -rw-r--r-- | main/opensmtpd/APKBUILD | 11 | ||||
| -rw-r--r-- | main/opensmtpd/CVE-2020-35679.patch | 35 | ||||
| -rw-r--r-- | main/opensmtpd/CVE-2020-35680.patch | 26 |
3 files changed, 70 insertions, 2 deletions
diff --git a/main/opensmtpd/APKBUILD b/main/opensmtpd/APKBUILD index 4f848dfa1f1..39f10b77a98 100644 --- a/main/opensmtpd/APKBUILD +++ b/main/opensmtpd/APKBUILD @@ -4,11 +4,14 @@ # Maintainer: Jakub Jirutka <jakub@jirutka.cz> # # secfixes: +# 6.6.4p1-r2: +# - CVE-2020-35679 +# - CVE-2020-35680 # 6.6.2p1-r0: # - CVE-2020-7247 pkgname=opensmtpd pkgver=6.6.4p1 -pkgrel=1 +pkgrel=2 pkgdesc="Secure, reliable, lean, and easy-to configure SMTP server" url="https://www.opensmtpd.org/" arch="all" @@ -23,6 +26,8 @@ source="https://www.opensmtpd.org/archives/opensmtpd-$pkgver.tar.gz aliases autoconf-decl-checks.patch smtpd.conf.patch + CVE-2020-35679.patch + CVE-2020-35680.patch " options="suid !check" @@ -62,4 +67,6 @@ sha512sums="267307c91f4fcf21624b0897dfb1f5638b77da7b8d9a02211d734ed2cc5bd39ea754 d544d873e37a503f07808cf2fe0e14736b88401c1dfa08631c1ea49b7237733e2d0cbb3685e695854ae66227f129bb18e9d7e57cd617164017144d7ba00954eb smtpd.initd 51d47b34eb3d728daa45f29d6434cc75db28dfa69b6fb3ecd873121df85b296a2d2c81016d765a07778aa26a496e4b29c09a30b82678cf42596a536734b5deca aliases 37104cc605569f142ceffa902f200e8a7e9e1114ebe5394ed1eac0ed6ce25454e1610270921c45246de8396eee04b7c8ab5a112a231036a6ef14e7e229b264e3 autoconf-decl-checks.patch -14ff3d4f56aee3a31551ea535c4a5bf9b760f0f11bc269225d7b176d5031294716133cbf4555a92e76cc6e33de89454435562672ddaf1ab365e61085eb1e4d53 smtpd.conf.patch" +14ff3d4f56aee3a31551ea535c4a5bf9b760f0f11bc269225d7b176d5031294716133cbf4555a92e76cc6e33de89454435562672ddaf1ab365e61085eb1e4d53 smtpd.conf.patch +4faf05ccc24be2b70f7d7133517e25067f395e4048e32334c9e2ea2cfe6e2f5f50bd3bef273c87ba05310644b263ee512f6f8d454c240d04382c758b60444c20 CVE-2020-35679.patch +1613aced559f34a8b0022dd8cab97a9489e05c54f9a6312db658cc35896706c98eb3877457571ac7ef850c8710b567a7248b7f157273656d5a9d6a17581bdf59 CVE-2020-35680.patch" diff --git a/main/opensmtpd/CVE-2020-35679.patch b/main/opensmtpd/CVE-2020-35679.patch new file mode 100644 index 00000000000..6746c274477 --- /dev/null +++ b/main/opensmtpd/CVE-2020-35679.patch @@ -0,0 +1,35 @@ +From 79a034b4aed29e965f45a13409268290c9910043 Mon Sep 17 00:00:00 2001 +From: martijn <martijn@openbsd.org> +Date: Wed, 23 Dec 2020 08:12:14 +0000 +Subject: [PATCH] Use regfree after we're done with preg. + +From gilles@ +--- + smtpd/table.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c +index b79451caadd4..1d82d88b81a4 100644 +--- a/smtpd/table.c ++++ b/smtpd/table.c +@@ -464,6 +464,7 @@ table_regex_match(const char *string, const char *pattern) + { + regex_t preg; + int cflags = REG_EXTENDED|REG_NOSUB; ++ int ret; + + if (strncmp(pattern, "(?i)", 4) == 0) { + cflags |= REG_ICASE; +@@ -473,7 +474,11 @@ table_regex_match(const char *string, const char *pattern) + if (regcomp(&preg, pattern, cflags) != 0) + return (0); + +- if (regexec(&preg, string, 0, NULL, 0) != 0) ++ ret = regexec(&preg, string, 0, NULL, 0); ++ ++ regfree(&preg); ++ ++ if (ret != 0) + return (0); + + return (1); diff --git a/main/opensmtpd/CVE-2020-35680.patch b/main/opensmtpd/CVE-2020-35680.patch new file mode 100644 index 00000000000..4496abe3b8c --- /dev/null +++ b/main/opensmtpd/CVE-2020-35680.patch @@ -0,0 +1,26 @@ +From 6c3220444ed06b5796dedfd53a0f4becd903c0d1 Mon Sep 17 00:00:00 2001 +From: millert <millert@openbsd.org> +Date: Wed, 23 Dec 2020 20:17:49 +0000 +Subject: [PATCH] smtpd's filter state machine can prematurely release + resources leading to a crash. From gilles@ + +--- + smtpd/lka_filter.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/usr.sbin/smtpd/lka_filter.c b/usr.sbin/smtpd/lka_filter.c +index 21b10ce1033b..d1194254d8df 100644 +--- a/smtpd/lka_filter.c ++++ b/smtpd/lka_filter.c +@@ -600,11 +600,6 @@ filter_session_io(struct io *io, int evt, void *arg) + filter_data(fs->id, line); + + goto nextline; +- +- case IO_DISCONNECTED: +- io_free(fs->io); +- fs->io = NULL; +- break; + } + } + |