aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2020-10-12 15:22:28 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2020-10-12 15:23:05 +0000
commitf6b8c8ff1924324b5ae18ea879086deec396c9e5 (patch)
tree56f31680f580af8d86e8edb86aa23ceeec2b0d07
parent5ed4e396bb324e9819f9555980039fe55d1caad1 (diff)
downloadaports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.gz
aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.bz2
aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.xz
community/libetpan: backport fix for CVE-2020-15953
ref #11869
-rw-r--r--community/libetpan/APKBUILD6
-rw-r--r--community/libetpan/CVE-2020-15953.patch79
2 files changed, 83 insertions, 2 deletions
diff --git a/community/libetpan/APKBUILD b/community/libetpan/APKBUILD
index 7fe5581258..1da27ac5ed 100644
--- a/community/libetpan/APKBUILD
+++ b/community/libetpan/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libetpan
pkgver=1.9.4
-pkgrel=0
+pkgrel=1
pkgdesc="a portable middleware for email access"
url="http://www.etpan.org/"
arch="all"
@@ -12,6 +12,7 @@ makedepends="cyrus-sasl-dev curl-dev expat-dev gnutls-dev libgcrypt-dev
depends_dev="cyrus-sasl-dev"
source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz
fix-build.patch
+ CVE-2020-15953.patch
"
prepare() {
@@ -43,4 +44,5 @@ package() {
}
sha512sums="7b7047d084fb4ce0c91821c2ad78e921d6d009106851afb7f5b068713c84ebe6926f6bf7a7423f263eeebef617511e44f6b65448d892bbc058c447235fd55c0f libetpan-1.9.4.tar.gz
-85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9 fix-build.patch"
+85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9 fix-build.patch
+4430fb1172944b48a379feb9d716d6d8594819206daabcd2c00dbdd07fa4598a213161d97073f1e5cacab08921263c938bbf40c1ba9080436a5dba4a17dcfd79 CVE-2020-15953.patch"
diff --git a/community/libetpan/CVE-2020-15953.patch b/community/libetpan/CVE-2020-15953.patch
new file mode 100644
index 0000000000..e02b000aad
--- /dev/null
+++ b/community/libetpan/CVE-2020-15953.patch
@@ -0,0 +1,79 @@
+From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001
+From: Damian Poddebniak <duesee@users.noreply.github.com>
+Date: Fri, 24 Jul 2020 19:39:53 +0200
+Subject: [PATCH] Detect extra data after STARTTLS response and exit (#387)
+
+---
+ src/low-level/imap/mailimap.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
+index bb17119d..4ffcf55d 100644
+--- a/src/low-level/imap/mailimap.c
++++ b/src/low-level/imap/mailimap.c
+@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
+
+ mailimap_response_free(response);
+
++ // Detect if the server send extra data after the STARTTLS response.
++ // This *may* be a "response injection attack".
++ if (session->imap_stream->read_buffer_len != 0) {
++ // Since it is also an IMAP protocol violation, exit.
++ return MAILIMAP_ERROR_STARTTLS;
++ }
++
+ switch (error_code) {
+ case MAILIMAP_RESP_COND_STATE_OK:
+ return MAILIMAP_NO_ERROR;
+From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001
+From: Fabian Ising <Murgeye@users.noreply.github.com>
+Date: Fri, 24 Jul 2020 19:40:48 +0200
+Subject: [PATCH] Detect extra data after STARTTLS responses in SMTP and POP3
+ and exit (#388)
+
+* Detect extra data after STLS response and return error
+
+* Detect extra data after SMTP STARTTLS response and return error
+---
+ src/low-level/pop3/mailpop3.c | 8 ++++++++
+ src/low-level/smtp/mailsmtp.c | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c
+index ab9535be..e2124bf8 100644
+--- a/src/low-level/pop3/mailpop3.c
++++ b/src/low-level/pop3/mailpop3.c
+@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f)
+
+ if (r != RESPONSE_OK)
+ return MAILPOP3_ERROR_STLS_NOT_SUPPORTED;
++
++ // Detect if the server send extra data after the STLS response.
++ // This *may* be a "response injection attack".
++ if (f->pop3_stream->read_buffer_len != 0) {
++ // Since it is also protocol violation, exit.
++ // There is no error type for STARTTLS errors in POP3
++ return MAILPOP3_ERROR_SSL;
++ }
+
+ return MAILPOP3_NO_ERROR;
+ }
+diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c
+index b7fc459e..3145cadf 100644
+--- a/src/low-level/smtp/mailsmtp.c
++++ b/src/low-level/smtp/mailsmtp.c
+@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session)
+ return MAILSMTP_ERROR_STREAM;
+ r = read_response(session);
+
++ // Detect if the server send extra data after the STARTTLS response.
++ // This *may* be a "response injection attack".
++ if (session->stream->read_buffer_len != 0) {
++ // Since it is also protocol violation, exit.
++ // There is no general error type for STARTTLS errors in SMTP
++ return MAILSMTP_ERROR_SSL;
++ }
++
+ switch (r) {
+ case 220:
+ return MAILSMTP_NO_ERROR;