From 579394558547f8f589ab5cdca6b9cb32d6955d47 Mon Sep 17 00:00:00 2001 From: "Milan P. Stanić" Date: Mon, 4 Jan 2021 18:22:19 +0000 Subject: main/dovecot: upgrade to 2.3.13 and cve fixes fixes: - CVE-2020-24386 - CVE-2020-25275 add fix-out-of-memory-test.patch to fix test on musl remove fix-test-failures-on-32-bit-systems.patch, fixed upstream --- main/dovecot/APKBUILD | 21 ++++---- main/dovecot/fix-out-of-memory-test.patch | 22 +++++++++ .../fix-test-failures-on-32-bit-systems.patch | 56 ---------------------- 3 files changed, 34 insertions(+), 65 deletions(-) create mode 100644 main/dovecot/fix-out-of-memory-test.patch delete mode 100644 main/dovecot/fix-test-failures-on-32-bit-systems.patch diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD index 7f178cd1f71..18361d7778f 100644 --- a/main/dovecot/APKBUILD +++ b/main/dovecot/APKBUILD @@ -4,11 +4,11 @@ # Contributor: Jakub Jirutka # Maintainer: Natanael Copa pkgname=dovecot -pkgver=2.3.11.3 +pkgver=2.3.13 _pkgverminor=${pkgver%.*} _pkgvermajor=${_pkgverminor%.*} -pkgrel=1 -_pigeonholever=0.5.11 +pkgrel=0 +_pigeonholever=0.5.13 _pigeonholevermajor=${_pigeonholever%.*} pkgdesc="IMAP and POP3 server" url="https://www.dovecot.org/" @@ -55,19 +55,22 @@ subpackages=" $pkgname-fts-solr:_fts_solr $pkgname-fts-lucene:_fts_lucene " -source="https://www.dovecot.org/releases/$_pkgvermajor/dovecot-$pkgver.tar.gz - https://pigeonhole.dovecot.org/releases/$_pkgvermajor/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever.tar.gz +source="https://www.dovecot.org/releases/$_pkgverminor/dovecot-$pkgver.tar.gz + https://pigeonhole.dovecot.org/releases/$_pkgverminor/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever.tar.gz skip-iconv-check.patch split-protocols.patch default-config.patch fix-oauth2-jwt.c.patch - fix-test-failures-on-32-bit-systems.patch + fix-out-of-memory-test.patch dovecot.logrotate dovecot.initd " _builddir_pigeonhole="$srcdir/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever" # secfixes: +# 2.3.13-r0: +# - CVE-2020-24386 +# - CVE-2020-25275 # 2.3.11.3-r0: # - CVE-2020-12100 # - CVE-2020-12673 @@ -312,12 +315,12 @@ _submv() { done } -sha512sums="d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb dovecot-2.3.11.3.tar.gz -ef65b49092fec736258cd793f4f338cd7838c0e6e23922f6df36b428089e88ff236b8e67a7f31ee9c7e4d587a60a1533fde45d689fa9563fbfd4224bee3d2536 dovecot-2.3.11-pigeonhole-0.5.11.tar.gz +sha512sums="758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95 dovecot-2.3.13.tar.gz +fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3 dovecot-2.3-pigeonhole-0.5.13.tar.gz fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch 794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch 0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch 7f428b0f14323a5dda00aef93f4835c2c38a7b780a939a47f759d31df4636e86055f95d17e2358cb37a2704ea022dfad602c7ed4568cba644347f20fd1e15e3b fix-oauth2-jwt.c.patch -c8ff62e646c74582fca869f1bdf70e96180eb992ed412dd8a311612ffe64c91139204b3eae30ef25209f780cdaa2b5d661b2ac2f2650a18ab65f3c0169c8ddbf fix-test-failures-on-32-bit-systems.patch +733cdbfb7f6b2608470bd30a0f9190ec86099d4c8e48b7fb92d7b595be665bf749976889033e1ad438edd3f99f2e0d496dd0d667291915c80df82f7e62483f59 fix-out-of-memory-test.patch 9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd" diff --git a/main/dovecot/fix-out-of-memory-test.patch b/main/dovecot/fix-out-of-memory-test.patch new file mode 100644 index 00000000000..09df953d5c2 --- /dev/null +++ b/main/dovecot/fix-out-of-memory-test.patch @@ -0,0 +1,22 @@ +fixes test in src/lib/test-file-cache.c for musl + +--- a/src/lib/test-file-cache.c 2021-01-04 17:55:39.550032767 +0000 ++++ b/src/lib/test-file-cache.c 2021-01-04 17:54:31.439645416 +0000 +@@ -263,7 +263,7 @@ + }; + const char *errstr = + t_strdup_printf("mmap_anon(.test_file_cache, %zu) failed: " +- "Cannot allocate memory", page_size); ++ "Out of memory", page_size); + test_assert(setrlimit(RLIMIT_AS, &rl_new) == 0); + test_expect_error_string(errstr); + test_assert(file_cache_set_size(cache, 1024) == -1); +@@ -271,7 +271,7 @@ + + /* same for mremap */ + errstr = t_strdup_printf("mremap_anon(.test_file_cache, %zu) failed: " +- "Cannot allocate memory", page_size*2); ++ "Out of memory", page_size*2); + test_assert(file_cache_set_size(cache, 1) == 0); + test_assert(setrlimit(RLIMIT_AS, &rl_new) == 0); + test_expect_error_string(errstr); diff --git a/main/dovecot/fix-test-failures-on-32-bit-systems.patch b/main/dovecot/fix-test-failures-on-32-bit-systems.patch deleted file mode 100644 index 1650944f266..00000000000 --- a/main/dovecot/fix-test-failures-on-32-bit-systems.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: =?utf-8?q?Christian_G=C3=B6ttsche?= -Date: Fri, 14 Aug 2020 11:41:00 +0200 -Subject: test-mech.c: fix 32-bit issues -Forwarded: https://github.com/dovecot/core/pull/134 -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -Use size_t and %zu for sizes as on 32bit architectures sizes are not of type unsigned long. - -test-mech.c: In function ‘test_mechs’: -test-mech.c:326:61: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘unsigned int’ [-Wformat=] - 326 | const char *testname = t_strdup_printf("auth mech %s %d/%lu", - | ~~^ - | | - | long unsigned int - | %u -test-mech.c:338:12: warning: passing argument 2 of ‘test_mech_construct_apop_challenge’ from incompatible pointer type [-Wincompatible-pointer-types] - 338 | &test_case->len); - | ^~~~~~~~~~~~~~~ - | | - | size_t * {aka unsigned int *} -test-mech.c:195:77: note: expected ‘long unsigned int *’ but argument is of type ‘size_t *’ {aka ‘unsigned int *’} - 195 | test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) - | ~~~~~~~~~~~~~~~^~~~~ ---- - src/auth/test-mech.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index cf05370..db9f85c 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -192,11 +192,11 @@ static void test_mech_handle_challenge(struct auth_request *request, - } - - static inline const unsigned char * --test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) -+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r) - { - string_t *apop_challenge = t_str_new(128); - -- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(), -+ str_printfa(apop_challenge,"<%lx.%u.%"PRIxTIME_T"", (unsigned long) getpid(), - connect_uid, process_start_time+10); - str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26); - *len_r = apop_challenge->used; -@@ -323,7 +323,7 @@ static void test_mechs(void) - struct test_case *test_case = &tests[running_test]; - const struct mech_module *mech = test_case->mech; - struct auth_request *request; -- const char *testname = t_strdup_printf("auth mech %s %d/%lu", -+ const char *testname = t_strdup_printf("auth mech %s %d/%zu", - mech->mech_name, - running_test+1, - N_ELEMENTS(tests)); -- cgit v1.2.3