Date: Tuesday, April 28, 2015 @ 21:13:10
Author: andyrtr
Revision: 238228
upgpkg: dovecot 2.2.16-2
FS#44757
Added:
dovecot/trunk/CVE-2015-3420.patch
Modified:
dovecot/trunk/PKGBUILD
---------------------+
CVE-2015-3420.patch | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 9 ++++++-
2 files changed, 65 insertions(+), 2 deletions(-)
Added: CVE-2015-3420.patch
===================================================================
--- CVE-2015-3420.patch (rev 0)
+++ CVE-2015-3420.patch 2015-04-28 19:13:10 UTC (rev 238228)
@@ -0,0 +1,58 @@
+
+diff -r a2d342257b25 -r 86f535375750 src/login-common/ssl-proxy-openssl.c
+--- a/src/login-common/ssl-proxy-openssl.c Sat Apr 25 12:16:07 2015 +0300
++++ b/src/login-common/ssl-proxy-openssl.c Tue Apr 28 11:27:04 2015 +0200
+@@ -80,6 +80,7 @@
+ unsigned int cert_broken:1;
+ unsigned int client_proxy:1;
+ unsigned int flushing:1;
++ unsigned int failed:1;
+ };
+
+ struct ssl_parameters {
+@@ -131,6 +132,12 @@
+ static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct
master_service_ssl_settings *set);
+ #endif
+
++static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
++{
++ proxy->failed = TRUE;
++ ssl_proxy_destroy(proxy);
++}
++
+ static unsigned int ssl_server_context_hash(const struct ssl_server_context
*ctx)
+ {
+ unsigned int i, g, h = 0;
+@@ -462,7 +469,7 @@
+
+ if (errstr != NULL) {
+ proxy->last_error = i_strdup(errstr);
+- ssl_proxy_destroy(proxy);
++ ssl_proxy_destroy_failed(proxy);
+ }
+ ssl_proxy_unref(proxy);
+ }
+@@ -492,7 +499,7 @@
+
+ if (proxy->handshake_callback != NULL) {
+ if (proxy->handshake_callback(proxy->handshake_context) < 0)
+- ssl_proxy_destroy(proxy);
++ ssl_proxy_destroy_failed(proxy);
+ }
+ }
+
+@@ -822,7 +829,8 @@
+ if (proxy->destroyed || proxy->flushing)
+ return;
+ proxy->flushing = TRUE;
+- ssl_proxy_flush(proxy);
++ if (!proxy->failed && proxy->handshaked)
++ ssl_proxy_flush(proxy);
+ proxy->destroyed = TRUE;
+
+ ssl_proxy_count--;
+
+
+
+
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-04-28 15:25:17 UTC (rev 238227)
+++ PKGBUILD 2015-04-28 19:13:10 UTC (rev 238228)
@@ -9,7 +9,7 @@
pkgname=dovecot
pkgver=2.2.16
-pkgrel=1
+pkgrel=2
pkgdesc="An IMAP and POP3 server written with security primarily in mind"
arch=('i686' 'x86_64')
url="http://dovecot.org/";
@@ -23,15 +23,20 @@
provides=('imap-server' 'pop3-server')
install=$pkgname.install
source=(http://dovecot.org/releases/2.2/${pkgname}-${pkgver}.tar.gz{,.sig}
+ CVE-2015-3420.patch
dovecot.tmpfilesd)
md5sums=('8dba21e817b4239e462d98a925233418'
'SKIP'
+ '730366bb5895a3092f1b6511e254709a'
'342a28251d40f983c98c0d1f1bf3d07d')
validpgpkeys=('E643F0BDFDCD04D9FFCB6279C948525140558AC9') # Timo Sirainen
<[email protected]>
prepare() {
cd $pkgname-$pkgver
-
+
+ # https://bugs.archlinux.org/task/44757
+ patch -Np1 -i ${srcdir}/CVE-2015-3420.patch
+
# fix path in helper script
sed -i
's:OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}:OPENSSLCONFIG=${OPENSSLCONFIG-
/etc/ssl/dovecot-openssl.cnf}:' doc/mkcert.sh
}
