[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#787299: jessie-pu: package dovecot/1:2.2.13-12~deb8u1



On Sun, 31 May 2015, Jaldhar H. Vyas wrote:

A debdiff is attached relative to 1:2.2.13-11 which is the version currently in jessie.


...and I forgot the diff.  Here it is now.

--
Jaldhar H. Vyas <jaldhar@debian.org>
diff -Nru dovecot-2.2.13/debian/changelog dovecot-2.2.13/debian/changelog
--- dovecot-2.2.13/debian/changelog	2014-12-14 12:28:42.000000000 -0500
+++ dovecot-2.2.13/debian/changelog	2015-05-31 01:47:31.000000000 -0400
@@ -1,3 +1,21 @@
+dovecot (1:2.2.13-12~deb8u1) stable; urgency=high
+
+  * [6e16721] Fix a mbox corruption problem by applying two patches from
+    mercurial upstream.
+    - fix-mbox-corruption-18534.patch (changeset 18534:94bd895721d8).
+    - fix-mbox-corruption-18679.patch (changeset 18679:b6ea460e7cc4).
+    Thanks to Santiago Vila <sanvila@unex.es> (Closes: 776094)
+
+ -- Jaldhar H. Vyas <jaldhar@debian.org>  Sun, 31 May 2015 01:38:40 -0400
+
+dovecot (1:2.2.13-12) unstable; urgency=high
+
+  * [48f6fe4] Add patch cve-2015-3420.patch: Fix SSL/TLS handshake failures
+    leading to a crash of the login process with newer versions of OpenSSL.
+    Closes: #783649 (CVE-2015-3420)
+
+ -- Jelmer Vernooij <jelmer@debian.org>  Mon, 04 May 2015 11:38:30 +0000
+
 dovecot (1:2.2.13-11) unstable; urgency=high
 
   * [ebc0377] Don't allow install of dovecot-sieve without a new enough
diff -Nru dovecot-2.2.13/debian/patches/cve-2015-3420.patch dovecot-2.2.13/debian/patches/cve-2015-3420.patch
--- dovecot-2.2.13/debian/patches/cve-2015-3420.patch	1969-12-31 19:00:00.000000000 -0500
+++ dovecot-2.2.13/debian/patches/cve-2015-3420.patch	2015-05-31 01:47:31.000000000 -0400
@@ -0,0 +1,61 @@
+Description: Fix SSL/TLS handshake failures leading to a crash of the login process (CVE-2015-3420)
+Author: Timo Sirainen <tss@iki.fi>
+Status: cherry-picked from upstream, http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
+Bug-Debian: https://bugs.debian.org/783649
+
+diff -r a2d342257b25 -r 86f535375750 src/login-common/ssl-proxy-openssl.c
+--- a/src/login-common/ssl-proxy-openssl.c	Sat Apr 25 12:16:07 2015 +0300
++++ b/src/login-common/ssl-proxy-openssl.c	Tue Apr 28 11:27:04 2015 +0200
+@@ -80,6 +80,7 @@
+ 	unsigned int cert_broken:1;
+ 	unsigned int client_proxy:1;
+ 	unsigned int flushing:1;
++	unsigned int failed:1;
+ };
+ 
+ struct ssl_parameters {
+@@ -131,6 +132,12 @@
+ static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
+ #endif
+ 
++static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
++{
++	proxy->failed = TRUE;
++	ssl_proxy_destroy(proxy);
++}
++
+ static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
+ {
+ 	unsigned int i, g, h = 0;
+@@ -462,7 +469,7 @@
+ 
+ 	if (errstr != NULL) {
+ 		proxy->last_error = i_strdup(errstr);
+-		ssl_proxy_destroy(proxy);
++		ssl_proxy_destroy_failed(proxy);
+ 	}
+ 	ssl_proxy_unref(proxy);
+ }
+@@ -492,7 +499,7 @@
+ 
+ 	if (proxy->handshake_callback != NULL) {
+ 		if (proxy->handshake_callback(proxy->handshake_context) < 0)
+-			ssl_proxy_destroy(proxy);
++			ssl_proxy_destroy_failed(proxy);
+ 	}
+ }
+ 
+@@ -822,7 +829,8 @@
+ 	if (proxy->destroyed || proxy->flushing)
+ 		return;
+ 	proxy->flushing = TRUE;
+-	ssl_proxy_flush(proxy);
++	if (!proxy->failed && proxy->handshaked)
++		ssl_proxy_flush(proxy);
+ 	proxy->destroyed = TRUE;
+ 
+ 	ssl_proxy_count--;
+
+
+
+
diff -Nru dovecot-2.2.13/debian/patches/fix-mbox-corruption-18534.patch dovecot-2.2.13/debian/patches/fix-mbox-corruption-18534.patch
--- dovecot-2.2.13/debian/patches/fix-mbox-corruption-18534.patch	1969-12-31 19:00:00.000000000 -0500
+++ dovecot-2.2.13/debian/patches/fix-mbox-corruption-18534.patch	2015-05-31 01:47:31.000000000 -0400
@@ -0,0 +1,40 @@
+From: Timo Sirainen <tss@iki.fi>
+Subject: mbox: Fixed crash/corruption in some situations when the first mail was expunged.
+
+--- a/src/lib-storage/index/mbox/mbox-sync.c
++++ b/src/lib-storage/index/mbox/mbox-sync.c
+@@ -630,7 +630,7 @@
+ static int mbox_sync_handle_header(struct mbox_sync_mail_context *mail_ctx)
+ {
+ 	struct mbox_sync_context *sync_ctx = mail_ctx->sync_ctx;
+-	uoff_t orig_from_offset;
++	uoff_t orig_from_offset, postlf_from_offset = (uoff_t)-1;
+ 	off_t move_diff;
+ 	int ret;
+ 
+@@ -647,6 +647,7 @@
+ 			if (sync_ctx->first_mail_crlf_expunged)
+ 				mail_ctx->mail.from_offset++;
+ 		}
++		postlf_from_offset = mail_ctx->mail.from_offset;
+ 
+ 		/* read the From-line before rewriting overwrites it */
+ 		if (mbox_read_from_line(mail_ctx) < 0)
+@@ -700,10 +701,16 @@
+ 			/* create dummy message to describe the expunged data */
+ 			struct mbox_sync_mail mail;
+ 
++			/* if this is going to be the first mail, increase the
++			   from_offset to point to the beginning of the
++			   From-line, because the previous [CR]LF is already
++			   covered by expunged_space. */
++			i_assert(postlf_from_offset != (uoff_t)-1);
++			mail_ctx->mail.from_offset = postlf_from_offset;
++
+ 			memset(&mail, 0, sizeof(mail));
+ 			mail.expunged = TRUE;
+ 			mail.offset = mail.from_offset =
+-				(sync_ctx->dest_first_mail ? 1 : 0) +
+ 				mail_ctx->mail.from_offset -
+ 				sync_ctx->expunged_space;
+ 			mail.space = sync_ctx->expunged_space;
diff -Nru dovecot-2.2.13/debian/patches/fix-mbox-corruption-18679.patch dovecot-2.2.13/debian/patches/fix-mbox-corruption-18679.patch
--- dovecot-2.2.13/debian/patches/fix-mbox-corruption-18679.patch	1969-12-31 19:00:00.000000000 -0500
+++ dovecot-2.2.13/debian/patches/fix-mbox-corruption-18679.patch	2015-05-31 01:47:31.000000000 -0400
@@ -0,0 +1,18 @@
+From: Timo Sirainen <tss@iki.fi>
+Subject: mbox: Fixed corruption in some usage patterns.
+
+--- a/src/lib-storage/index/mbox/mbox-sync.c
++++ b/src/lib-storage/index/mbox/mbox-sync.c
+@@ -679,8 +679,10 @@
+ 		}
+ 	} else if (mail_ctx->need_rewrite) {
+ 		mbox_sync_update_header(mail_ctx);
+-		if (sync_ctx->delay_writes) {
+-			/* mark it dirty and do it later */
++		if (sync_ctx->delay_writes && sync_ctx->need_space_seq == 0) {
++			/* mark it dirty and do it later. we can't do this
++			   if we're in the middle of rewriting acquiring more
++			   space. */
+ 			mail_ctx->dirty = TRUE;
+ 			return 0;
+ 		}
diff -Nru dovecot-2.2.13/debian/patches/series dovecot-2.2.13/debian/patches/series
--- dovecot-2.2.13/debian/patches/series	2014-12-14 12:28:42.000000000 -0500
+++ dovecot-2.2.13/debian/patches/series	2015-05-31 01:47:31.000000000 -0400
@@ -9,3 +9,7 @@
 mboxlocking.patch
 dovecot_name.patch
 bye_logout_not_sent.patch
+cve-2015-3420.patch
+fix-mbox-corruption-18534.patch
+fix-mbox-corruption-18679.patch
+

Reply to: