From 2d8cbe7d63427528c3ad27870fc06b38177dd904 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 25 2014 15:34:31 +0000 Subject: import dovecot-2.2.10-4.el7_0.1 --- diff --git a/SOURCES/dovecot-2.2.10-CVE_2014_3430.patch b/SOURCES/dovecot-2.2.10-CVE_2014_3430.patch new file mode 100644 index 0000000..f9cf73f --- /dev/null +++ b/SOURCES/dovecot-2.2.10-CVE_2014_3430.patch @@ -0,0 +1,52 @@ + +# HG changeset patch +# User Timo Sirainen +# Date 1399472781 -10800 +# Node ID 41622541a7a3a938895b5fe045bbc633a9b6c022 +# Parent 7a08a481c133be4b8cb8415feaed1321d560cee5 +*-login: SSL connections didn't get closed when the client got destroyed. + +diff -r 7a08a481c133 -r 41622541a7a3 src/login-common/client-common.c +--- a/src/login-common/client-common.c Wed May 07 17:12:19 2014 +0300 ++++ b/src/login-common/client-common.c Wed May 07 17:26:21 2014 +0300 +@@ -171,6 +171,8 @@ + last_client = client->prev; + DLLIST_REMOVE(&clients, client); + ++ if (!client->login_success && client->ssl_proxy != NULL) ++ ssl_proxy_destroy(client->ssl_proxy); + if (client->input != NULL) + i_stream_close(client->input); + if (client->output != NULL) +diff -r 7a08a481c133 -r 41622541a7a3 src/login-common/ssl-proxy-openssl.c +--- a/src/login-common/ssl-proxy-openssl.c Wed May 07 17:12:19 2014 +0300 ++++ b/src/login-common/ssl-proxy-openssl.c Wed May 07 17:26:21 2014 +0300 +@@ -116,7 +116,6 @@ + static void ssl_read(struct ssl_proxy *proxy); + static void ssl_write(struct ssl_proxy *proxy); + static void ssl_step(struct ssl_proxy *proxy); +-static void ssl_proxy_destroy(struct ssl_proxy *proxy); + static void ssl_proxy_unref(struct ssl_proxy *proxy); + + static struct ssl_server_context * +@@ -807,7 +806,7 @@ + i_free(proxy); + } + +-static void ssl_proxy_destroy(struct ssl_proxy *proxy) ++void ssl_proxy_destroy(struct ssl_proxy *proxy) + { + if (proxy->destroyed) + return; +diff -r 7a08a481c133 -r 41622541a7a3 src/login-common/ssl-proxy.h +--- a/src/login-common/ssl-proxy.h Wed May 07 17:12:19 2014 +0300 ++++ b/src/login-common/ssl-proxy.h Wed May 07 17:26:21 2014 +0300 +@@ -34,6 +34,7 @@ + const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy); + const char *ssl_proxy_get_compression(struct ssl_proxy *proxy); + const char *ssl_proxy_get_cert_error(struct ssl_proxy *proxy); ++void ssl_proxy_destroy(struct ssl_proxy *proxy); + void ssl_proxy_free(struct ssl_proxy **proxy); + + /* Return number of active SSL proxies */ + diff --git a/SPECS/dovecot.spec b/SPECS/dovecot.spec index 6281c66..a307054 100644 --- a/SPECS/dovecot.spec +++ b/SPECS/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.10 %global prever %{nil} -Release: 4%{?dist} +Release: 4%{?dist}.1 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -39,6 +39,9 @@ Patch6: dovecot-2.1.10-waitonline.patch #workaround for chroot installation without /dev/random present, rhbz#1026790 Patch7: dovecot-2.2.9-nodevrand.patch +# dovecot < 2.2.13, rhbz#1096402,rhbz#1108004 +Patch8: dovecot-2.2.10-CVE_2014_3430.patch + Source15: prestartscript Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -129,6 +132,7 @@ This package provides the MySQL back end for dovecot-auth etc. %patch5 -p1 -b .privatetmp %patch6 -p1 -b .waitonline %patch7 -p1 -b .nodevrand +%patch8 -p1 -b .CVE_2014_3430 sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in %build @@ -480,6 +484,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jun 11 2014 Michal Hlavinka - 1:2.2.10-4.1 +- fix CVE-2014-3430: denial of service through maxxing out SSL connections (#1108003) + * Fri Jan 24 2014 Daniel Mach - 1:2.2.10-4 - Mass rebuild 2014-01-24