Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cyrus-imapd for openSUSE:Factory checked in at 2022-03-09 18:47:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cyrus-imapd (Old) and /work/SRC/openSUSE:Factory/.cyrus-imapd.new.2349 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cyrus-imapd" Wed Mar 9 18:47:59 2022 rev:2 rq:960379 version:2.4.22 Changes: -------- --- /work/SRC/openSUSE:Factory/cyrus-imapd/cyrus-imapd.changes 2022-01-20 00:12:56.674608715 +0100 +++ /work/SRC/openSUSE:Factory/.cyrus-imapd.new.2349/cyrus-imapd.changes 2022-03-11 11:41:24.794617510 +0100 @@ -1,0 +2,7 @@ +Mon Feb 28 16:36:06 UTC 2022 - Matthias Fehring <buschman...@opensuse.org> + +- Add cyrus-imapd-2.4.22-fix-cve-2021-33582.patch: Fix CVE-2021-33582 +- Add cyrus-imapd-2.4.22-recognize-new-backends.patch: Recognize + backends of Cyrus versions 3.6 and 3.7 + +------------------------------------------------------------------- New: ---- cyrus-imapd-2.4.22-fix-cve-2021-33582.patch cyrus-imapd-2.4.22-recognize-new-backends.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cyrus-imapd.spec ++++++ --- /var/tmp/diff_new_pack.Llx7O0/_old 2022-03-11 11:41:25.410618202 +0100 +++ /var/tmp/diff_new_pack.Llx7O0/_new 2022-03-11 11:41:25.418618211 +0100 @@ -1,7 +1,7 @@ # # spec file for package cyrus-imapd # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,9 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %define _lto_cflags %{nil} #Compat macro for new _fillupdir macro introduced in Nov 2017 @@ -32,7 +33,7 @@ Summary: The Cyrus IMAP and POP Mail Server License: BSD-3-Clause Group: Productivity/Networking/Email/Servers -Url: http://www.cyrusimap.org +URL: http://www.cyrusimap.org # Upstream sources Source0: https://github.com/cyrusimap/cyrus-imapd/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz Source90: https://github.com/cyrusimap/cyrus-imapd/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz.sig @@ -60,6 +61,10 @@ Patch31: cyrus-imapd-2.4.18-D19-Outlook_2013_XLIST.patch # PATCH-FIX-OPENSUSE -- Fix conflicting function name Patch32: cyrus-imapd-2.4.21-fix-bdb-function-conflict.patch +# PATCH-FIX-UPSTREAM cyrus-imapd-2.4.22-fix-cve-2021-33582.patch buschman...@opensuse.org - Fix CVE-2021-33582 +Patch33: cyrus-imapd-2.4.22-fix-cve-2021-33582.patch +# PATCH-FIX-UPSTREAM cyrus-imapd-2.4.22-recognize-new-backends.patch buschman...@opensuse.org - Recognize new backends +Patch34: cyrus-imapd-2.4.22-recognize-new-backends.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bison ++++++ cyrus-imapd-2.4.22-fix-cve-2021-33582.patch ++++++ >From c532115a11eb1742ff53ed821685d8d975e2af0f Mon Sep 17 00:00:00 2001 From: Robert Stepanek <r...@fastmailteam.com> Date: Mon, 14 Oct 2019 17:43:18 +0200 Subject: [PATCH 1/5] hash: gracefully handle lookup on zero-sized tables --- lib/hash.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/hash.c b/lib/hash.c index bdf11507bc..ba1d4b132c 100644 --- a/lib/hash.c +++ b/lib/hash.c @@ -157,9 +157,14 @@ void *hash_insert(const char *key, void *data, hash_table *table) void *hash_lookup(const char *key, hash_table *table) { - unsigned val = strhash(key) % table->size; + unsigned val; bucket *ptr; + if (!table->size) + return NULL; + + val = strhash(key) % table->size; + if (!(table->table)[val]) return NULL; >From 7c3156bb511b6b84413eead1ffd99bd818bb9b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD=20=D0=9F=D0=B0=D0=BB=D0=B0?= =?UTF-8?q?=D1=83=D0=B7=D0=BE=D0=B2?= <git-...@aegee.org> Date: Tue, 29 Sep 2020 22:15:18 +0300 Subject: [PATCH 2/5] hash.c:hash_del: deduplicate code --- lib/hash.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/lib/hash.c b/lib/hash.c index ba1d4b132c..cf85d9d2ca 100644 --- a/lib/hash.c +++ b/lib/hash.c @@ -188,7 +188,6 @@ void *hash_lookup(const char *key, hash_table *table) void *hash_del(char *key, hash_table *table) { unsigned val = strhash(key) % table->size; - void *data; bucket *ptr, *last = NULL; if (!(table->table)[val]) @@ -209,15 +208,10 @@ void *hash_del(char *key, hash_table *table) int cmpresult = strcmp(key, ptr->key); if (!cmpresult) { + void *data = ptr->data; if (last != NULL ) { - data = ptr -> data; last -> next = ptr -> next; - if(!table->pool) { - free(ptr->key); - free(ptr); - } - return data; } /* @@ -230,15 +224,15 @@ void *hash_del(char *key, hash_table *table) else { - data = ptr->data; (table->table)[val] = ptr->next; + } if(!table->pool) { free(ptr->key); free(ptr); } return data; } - } else if (cmpresult < 0) { + if (cmpresult < 0) { /* its not here! */ return NULL; } >From d415da7ae571c3854550564a1764e763cc83c921 Mon Sep 17 00:00:00 2001 From: ellie timoney <el...@fastmail.com> Date: Wed, 19 May 2021 13:39:34 +1000 Subject: [PATCH 3/5] strhash: replace ad-hoc algorithm with seeded djb2 Part of CVE-2021-33582 --- lib/strhash.c | 37 ++++++++++++++++++++++++++----------- lib/strhash.h | 6 +++++- 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/lib/strhash.c b/lib/strhash.c index 3457abab27..8f68d13867 100644 --- a/lib/strhash.c +++ b/lib/strhash.c @@ -57,17 +57,32 @@ #include "assert.h" #include "strhash.h" -unsigned strhash(const char *string) +#include "lib/strhash.h" + +/* The well-known djb2 algorithm (e.g. http://www.cse.yorku.ca/~oz/hash.html), + * with the addition of an optional seed to limit predictability. + * + * XXX return type 'unsigned' for back-compat to previous version, but + * XXX ought to be 'uint32_t' + */ +unsigned strhash_seeded_djb2(uint32_t seed, const char *string) { - unsigned ret_val = 0; - int i; + const unsigned char *ustr = (const unsigned char *) string; + unsigned hash = 5381; + int c; + + if (seed) { + /* treat the bytes of the seed as a prefix to the string */ + unsigned i; + for (i = 0; i < sizeof seed; i++) { + c = seed & 0xff; + hash = ((hash << 5) + hash) ^ c; + seed >>= 8; + } + } + + while ((c = *ustr++)) + hash = ((hash << 5) + hash) ^ c; - while (*string) - { - i = (int) *string; - ret_val ^= i; - ret_val <<= 1; - string ++; - } - return ret_val; + return hash; } diff --git a/lib/strhash.h b/lib/strhash.h index 3ecb432a34..dc6f6b759f 100644 --- a/lib/strhash.h +++ b/lib/strhash.h @@ -43,6 +43,7 @@ */ #ifndef _STRHASH_H_ +#include <stdint.h> #ifdef HAVE_UNISTD_H #include <unistd.h> @@ -57,6 +58,9 @@ #include <syslog.h> #include <errno.h> -unsigned strhash(const char *string); +unsigned strhash_seeded_djb2(uint32_t seed, const char *string); + +#define strhash(in) strhash_seeded_djb2((0), (in)) +#define strhash_seeded(sd, in) strhash_seeded_djb2((sd), (in)) #endif /* _STRHASH_H_ */ >From f63695609c88a3f76129499bb49fb82e8155fb32 Mon Sep 17 00:00:00 2001 From: ellie timoney <el...@fastmail.com> Date: Wed, 19 May 2021 14:01:41 +1000 Subject: [PATCH 4/5] hash: use a seed when hashing Part of CVE-2021-33582 --- lib/hash.c | 9 ++++++--- lib/hash.h | 5 +++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/hash.c b/lib/hash.c index cf85d9d2ca..1b025b21b5 100644 --- a/lib/hash.c +++ b/lib/hash.c @@ -48,6 +48,9 @@ hash_table *construct_hash_table(hash_table *table, size_t size, int use_mpool) fatal("construct_hash_table called without a size", EC_TEMPFAIL); table->size = size; + do { + table->seed = rand(); + } while (table->seed == 0); /* Allocate the table -- different for using memory pools and not */ if(use_mpool) { @@ -76,7 +79,7 @@ hash_table *construct_hash_table(hash_table *table, size_t size, int use_mpool) void *hash_insert(const char *key, void *data, hash_table *table) { - unsigned val = strhash(key) % table->size; + unsigned val = strhash_seeded(table->seed, key) % table->size; bucket *ptr, *newptr; bucket **prev; @@ -163,7 +166,7 @@ void *hash_lookup(const char *key, hash_table *table) if (!table->size) return NULL; - val = strhash(key) % table->size; + val = strhash_seeded(table->seed, key) % table->size; if (!(table->table)[val]) return NULL; @@ -187,7 +190,7 @@ void *hash_lookup(const char *key, hash_table *table) * since it will leak memory until you get rid of the entire hash table */ void *hash_del(char *key, hash_table *table) { - unsigned val = strhash(key) % table->size; + unsigned val = strhash_seeded(table->seed, key) % table->size; bucket *ptr, *last = NULL; if (!(table->table)[val]) diff --git a/lib/hash.h b/lib/hash.h index 77d0dc8a33..c3bc1dc2f5 100644 --- a/lib/hash.h +++ b/lib/hash.h @@ -5,9 +5,13 @@ #define HASH__H #include <stddef.h> /* For size_t */ +#include <stdint.h> + #include "strhash.h" #include "mpool.h" +#define HASH_TABLE_INITIALIZER {0, 0, NULL, NULL} + /* ** A hash table consists of an array of these buckets. Each bucket ** holds a copy of the key, a pointer to the data associated with the @@ -32,6 +36,7 @@ typedef struct bucket { typedef struct hash_table { size_t size; + uint32_t seed; bucket **table; struct mpool *pool; } hash_table; >From 833c22bd7de5bbb591c2cb3705c9983b6d2b1fee Mon Sep 17 00:00:00 2001 From: ellie timoney <el...@fastmail.com> Date: Fri, 2 Jul 2021 10:34:20 +1000 Subject: [PATCH 5/5] hash: it's okay for seed to be zero sometimes randomly not seeding is not any more predictable than any individual random seed, and allowing it to be zero saves us having to deal with preventing zeroes. --- lib/hash.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/hash.c b/lib/hash.c index 1b025b21b5..8081b429d5 100644 --- a/lib/hash.c +++ b/lib/hash.c @@ -48,9 +48,7 @@ hash_table *construct_hash_table(hash_table *table, size_t size, int use_mpool) fatal("construct_hash_table called without a size", EC_TEMPFAIL); table->size = size; - do { - table->seed = rand(); - } while (table->seed == 0); + table->seed = rand(); /* might be zero, that's okay */ /* Allocate the table -- different for using memory pools and not */ if(use_mpool) { ++++++ cyrus-imapd-2.4.22-recognize-new-backends.patch ++++++ >From 17b96e0e266b809f2da5cd7b8d9b5314e8b259d1 Mon Sep 17 00:00:00 2001 From: ellie timoney <el...@fastmail.com> Date: Fri, 21 Jan 2022 11:00:33 +1100 Upstream: merged(https://github.com/cyrusimap/cyrus-imapd/commit/17b96e0e266b809f2da5cd7b8d9b5314e8b259d1) Subject: [PATCH] imapd: recognise 3.6 and 3.7 backends --- imap/imapd.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/imap/imapd.c b/imap/imapd.c index d459df07dd..ee98e58ab5 100644 --- a/imap/imapd.c +++ b/imap/imapd.c @@ -8470,12 +8470,23 @@ static int backend_version(struct backend *be) * In 3.3 and later, this function lives in backend.c */ - /* It's like looking in the mirror and not suffering from schizophrenia */ + /* identical banner? identical version! */ if (strstr(be->banner, cyrus_version())) { return MAILBOX_MINOR_VERSION; } - /* unstable 3.5 series ranges from 17..?? */ + /* unstable 3.7 series ranges from 17..?? */ + if (strstr(be->banner, "Cyrus IMAP 3.7")) { + /* all versions of 3.7 support at least this version */ + return 17; + } + + /* version 3.6 is 17 */ + if (strstr(be->banner, "Cyrus IMAP 3.6")) { + return 17; + } + + /* unstable 3.5 series is 17 */ if (strstr(be->banner, "Cyrus IMAP 3.5")) { /* all versions of 3.5 support at least this version */ return 17;
