Hello community,

here is the log from the commit of package dovecot23 for openSUSE:Factory 
checked in at 2018-03-07 10:39:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
 and      /work/SRC/openSUSE:Factory/.dovecot23.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dovecot23"

Wed Mar  7 10:39:34 2018 rev:3 rq:583681 version:2.3.0.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes      2018-01-10 
23:35:43.722444855 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-03-07 
10:39:51.243275430 +0100
@@ -1,0 +2,41 @@
+Tue Mar  6 19:28:49 UTC 2018 - mrueck...@suse.de
+
+- update pigeonhole to 0.5.0.1
+  - imap4flags extension: Fix binary corruption occurring when
+    setflag/addflag/removeflag flag-list is a variable.
+  - sieve-extprograms plugin: Fix segfault occurring when used in
+    IMAPSieve context.
+- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+
+-------------------------------------------------------------------
+Tue Mar  6 17:54:58 UTC 2018 - mrueck...@suse.de
+
+- pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch
+
+-------------------------------------------------------------------
+Tue Mar  6 13:48:50 UTC 2018 - mrueck...@suse.de
+
+- update to 2.3.0.1
+  * CVE-2017-15130: TLS SNI config lookups may lead to excessive
+    memory usage, causing imap-login/pop3-login VSZ limit to be
+    reached and the process restarted. This happens only if Dovecot
+    config has local_name { } or local { } configuration blocks and
+    attacker uses randomly generated SNI servernames.
+  * CVE-2017-14461: Parsing invalid email addresses may cause a
+    crash or leak memory contents to attacker. For example, these
+    memory contents might contain parts of an email from another
+    user if the same imap process is reused for multiple users.
+    First discovered by Aleksandar Nikolic of Cisco Talos.
+    Independently also discovered by "flxflndy" via HackerOne.
+  * CVE-2017-15132: Aborted SASL authentication leaks memory in
+    login process.
+  * Linux: Core dumping is no longer enabled by default via
+    PR_SET_DUMPABLE, because this may allow attackers to bypass
+    chroot/group restrictions. Found by cPanel Security Team.
+    Nowadays core dumps can be safely enabled by using "sysctl -w
+    fs.suid_dumpable=2". If the old behaviour is wanted, it can
+    still be enabled by setting:
+    import_environment=$import_environment PR_SET_DUMPABLE=1
+  - imap-login with SSL/TLS connections may end up in infinite loop
+
+-------------------------------------------------------------------

Old:
----
  321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
  dovecot-2.3-pigeonhole-0.5.0.tar.gz
  dovecot-2.3.0.tar.gz

New:
----
  dovecot-2.3-pigeonhole-0.5.0.1.tar.gz
  dovecot-2.3.0.1-over-quota-lmtp-crash.patch
  dovecot-2.3.0.1.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dovecot23.spec ++++++
--- /var/tmp/diff_new_pack.uzV0Z7/_old  2018-03-07 10:39:53.467195212 +0100
+++ /var/tmp/diff_new_pack.uzV0Z7/_new  2018-03-07 10:39:53.471195067 +0100
@@ -1,7 +1,7 @@
 #
-# spec file for package dovecot22
+# spec file for package dovecot23
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,11 +17,11 @@
 
 
 Name:           dovecot23
-Version:        2.3.0
+Version:        2.3.0.1
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.0
-%define dovecot_pigeonhole_version 0.5.0
+%define dovecot_version 2.3.0.1
+%define dovecot_pigeonhole_version 0.5.0.1
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir 
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -133,7 +133,7 @@
 Source9:        dovecot-2.3-pigeonhole.configfiles
 Patch:          dovecot-2.3.0-dont_use_etc_ssl_certs.patch
 Patch1:         dovecot-2.3.0-better_ssl_defaults.patch
-Patch2:         
https://github.com/stephanbosch/pigeonhole-core/commit/321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+Patch2:         dovecot-2.3.0.1-over-quota-lmtp-crash.patch
 Summary:        IMAP and POP3 Server Written Primarily with Security in Mind
 License:        BSD-3-Clause and LGPL-2.1+ and MIT
 Group:          Productivity/Networking/Email/Servers
@@ -310,12 +310,10 @@
 dovecot tree.
 
 %prep
-%setup -q -n %{pkg_name}-ce-%{dovecot_version} -a 1
+%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
 %patch -p1
 %patch1 -p1
-pushd %{dovecot_pigeonhole_source_dir}
 %patch2 -p1
-popd
 gzip -9v ChangeLog
 # Fix plugins dir.
 sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = 
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf

++++++ dovecot-2.3-pigeonhole-0.5.0.tar.gz -> 
dovecot-2.3-pigeonhole-0.5.0.1.tar.gz ++++++
++++ 3867 lines of diff (skipped)

++++++ dovecot-2.3.0.1-over-quota-lmtp-crash.patch ++++++
>From 2bf919786518d138cc07d9cc21e14ad5e07e5e56 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bo...@dovecot.fi>
Date: Wed, 17 Jan 2018 21:26:44 +0100
Subject: [PATCH] lmtp: local: Fix segfault occurring when quota is exceeded.

---
 src/lmtp/lmtp-local.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
index fa1ce5d869..5b5fe51a95 100644
--- a/src/lmtp/lmtp-local.c
+++ b/src/lmtp/lmtp-local.c
@@ -133,7 +133,7 @@ static void
 lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
                                const char *error)
 {
-       struct smtp_address *address = rcpt->rcpt.rcpt->path;
+       struct smtp_address *address = rcpt->rcpt.path;
        struct lda_settings *lda_set =
                mail_storage_service_user_get_set(rcpt->service_user)[2];
 
>From cdbcc8db8e0a04b2cbf6ca9f20b3ee7f7173552d Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bo...@dovecot.fi>
Date: Wed, 31 Jan 2018 10:30:23 +0100
Subject: [PATCH 1/3] lmtp: local: Make local variable for rcpt->rcpt.rcpt_cmd
 in lmtp_local_rcpt_check_quota().

---
 src/lmtp/lmtp-local.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
index c770e35e5b..d0ee4b312e 100644
--- a/src/lmtp/lmtp-local.c
+++ b/src/lmtp/lmtp-local.c
@@ -195,6 +195,7 @@ static int
 lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt)
 {
        struct client *client = rcpt->rcpt.client;
+       struct smtp_server_cmd_ctx *cmd = rcpt->rcpt.rcpt_cmd;
        struct smtp_address *address = rcpt->rcpt.path;
        struct mail_user *user;
        struct mail_namespace *ns;
@@ -245,10 +246,10 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient 
*rcpt)
        }
 
        if (ret < 0 &&
-               !smtp_server_command_is_replied(rcpt->rcpt.rcpt_cmd->cmd)) {
-               smtp_server_reply(rcpt->rcpt.rcpt_cmd,
-                       451, "4.3.0", "<%s> Temporary internal error",
-                       smtp_address_encode(address));
+               !smtp_server_command_is_replied(cmd->cmd)) {
+               smtp_server_reply(cmd, 451, "4.3.0",
+                                 "<%s> Temporary internal error",
+                                 smtp_address_encode(address));
        }
        return ret;
 }

>From c23717da4af9d3275cb45cbc67faaa8daa353ec1 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bo...@dovecot.fi>
Date: Wed, 31 Jan 2018 10:34:11 +0100
Subject: [PATCH 2/3] lmtp: local: Add explicit cmd parameter to
 lmtp_local_rcpt_reply_overquota().

Using the RCPT cmd is only valid for the RCPT command and not when quota excess
is detected during DATA. That would cause a segmentation fault, since
rcpt->rcpt.rcpt_cmd == NULL.
---
 src/lmtp/lmtp-local.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
index d0ee4b312e..c19c449e61 100644
--- a/src/lmtp/lmtp-local.c
+++ b/src/lmtp/lmtp-local.c
@@ -134,6 +134,7 @@ lmtp_local_rcpt_deinit(struct lmtp_local_recipient *rcpt)
 
 static void
 lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
+                               struct smtp_server_cmd_ctx *cmd,
                                const char *error)
 {
        struct smtp_address *address = rcpt->rcpt.path;
@@ -141,13 +142,11 @@ lmtp_local_rcpt_reply_overquota(struct 
lmtp_local_recipient *rcpt,
                mail_storage_service_user_get_set(rcpt->service_user)[2];
 
        if (lda_set->quota_full_tempfail) {
-               smtp_server_reply(rcpt->rcpt.rcpt_cmd,
-                       452, "4.2.2", "<%s> %s",
-                       smtp_address_encode(address), error);
+               smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s",
+                                 smtp_address_encode(address), error);
        } else {
-               smtp_server_reply(rcpt->rcpt.rcpt_cmd,
-                       552, "5.2.2", "<%s> %s",
-                       smtp_address_encode(address), error);
+               smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s",
+                                 smtp_address_encode(address), error);
        }
 }
 
@@ -232,7 +231,7 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient 
*rcpt)
                if (ret < 0) {
                        error = mailbox_get_last_error(box, &mail_error);
                        if (mail_error == MAIL_ERROR_NOQUOTA) {
-                               lmtp_local_rcpt_reply_overquota(rcpt, error);
+                               lmtp_local_rcpt_reply_overquota(rcpt, cmd, 
error);
                        } else {
                                i_error("mailbox_get_status(%s, 
STATUS_CHECK_OVER_QUOTA) "
                                        "failed: %s",
@@ -623,7 +622,7 @@ lmtp_local_deliver(struct lmtp_local *local,
        } else if (storage != NULL) {
                error = mail_storage_get_last_error(storage, &mail_error);
                if (mail_error == MAIL_ERROR_NOQUOTA) {
-                       lmtp_local_rcpt_reply_overquota(rcpt, error);
+                       lmtp_local_rcpt_reply_overquota(rcpt, cmd, error);
                } else {
                        smtp_server_reply_index(cmd, rcpt_idx,
                                451, "4.2.0", "<%s> %s",

>From f8d9e6c977847a411af9986c9be62f74e4b06143 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bo...@dovecot.fi>
Date: Wed, 31 Jan 2018 10:27:54 +0100
Subject: [PATCH 3/3] lmtp: local: Use recipient index in
 lmtp_local_rcpt_reply_overquota().

When used during the DATA command, it should send a reply for the correct
recipient. During the RCPT command there is only one reply due. Added assert
that checks this.
---
 src/lmtp/lmtp-local.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
index c19c449e61..0b5e7e06ec 100644
--- a/src/lmtp/lmtp-local.c
+++ b/src/lmtp/lmtp-local.c
@@ -138,15 +138,18 @@ lmtp_local_rcpt_reply_overquota(struct 
lmtp_local_recipient *rcpt,
                                const char *error)
 {
        struct smtp_address *address = rcpt->rcpt.path;
+       unsigned int rcpt_idx = rcpt->rcpt.index;
        struct lda_settings *lda_set =
                mail_storage_service_user_get_set(rcpt->service_user)[2];
 
+       i_assert(rcpt_idx == 0 || rcpt->rcpt.rcpt_cmd == NULL);
+
        if (lda_set->quota_full_tempfail) {
-               smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s",
-                                 smtp_address_encode(address), error);
+               smtp_server_reply_index(cmd, rcpt_idx, 452, "4.2.2", "<%s> %s",
+                                       smtp_address_encode(address), error);
        } else {
-               smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s",
-                                 smtp_address_encode(address), error);
+               smtp_server_reply_index(cmd, rcpt_idx, 552, "5.2.2", "<%s> %s",
+                                       smtp_address_encode(address), error);
        }
 }
 
++++++ dovecot-2.3-pigeonhole-0.5.0.tar.gz -> dovecot-2.3.0.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3-pigeonhole-0.5.0.tar.gz 
/work/SRC/openSUSE:Factory/.dovecot23.new/dovecot-2.3.0.1.tar.gz differ: char 
5, line 1


Reply via email to