Accepting request 583681 from server:mail

- update pigeonhole to 0.5.0.1
  - imap4flags extension: Fix binary corruption occurring when
    setflag/addflag/removeflag flag-list is a variable.
  - sieve-extprograms plugin: Fix segfault occurring when used in
    IMAPSieve context.
- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch

- pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch

- update to 2.3.0.1
  * CVE-2017-15130: TLS SNI config lookups may lead to excessive
    memory usage, causing imap-login/pop3-login VSZ limit to be
    reached and the process restarted. This happens only if Dovecot
    config has local_name { } or local { } configuration blocks and
    attacker uses randomly generated SNI servernames.
  * CVE-2017-14461: Parsing invalid email addresses may cause a
    crash or leak memory contents to attacker. For example, these
    memory contents might contain parts of an email from another
    user if the same imap process is reused for multiple users.
    First discovered by Aleksandar Nikolic of Cisco Talos.
    Independently also discovered by "flxflndy" via HackerOne.
  * CVE-2017-15132: Aborted SASL authentication leaks memory in
    login process.
  * Linux: Core dumping is no longer enabled by default via
    PR_SET_DUMPABLE, because this may allow attackers to bypass
    chroot/group restrictions. Found by cPanel Security Team.
    Nowadays core dumps can be safely enabled by using "sysctl -w
    fs.suid_dumpable=2". If the old behaviour is wanted, it can
    still be enabled by setting:
    import_environment=$import_environment PR_SET_DUMPABLE=1
  - imap-login with SSL/TLS connections may end up in infinite loop

OBS-URL: https://build.opensuse.org/request/show/583681
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=3

321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch

@@ -1,61 +0,0 @@
-From 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1 Mon Sep 17 00:00:00 2001
-From: Stephan Bosch <stephan.bosch@dovecot.fi>
-Date: Mon, 25 Dec 2017 18:20:14 +0100
-Subject: [PATCH] plugins: sieve-extprograms: Fix segfault occurring when used
- in IMAPSieve context.
-
-This was caused by recent lib-smtp changes.
-There is no envelope in IMAPSieve context, so the rcpt parameters are NULL, causing the segfault.
----
- .../sieve-extprograms/sieve-extprograms-common.c   | 29 +++++++++++++---------
- 1 file changed, 17 insertions(+), 12 deletions(-)
-
-diff --git a/src/plugins/sieve-extprograms/sieve-extprograms-common.c b/src/plugins/sieve-extprograms/sieve-extprograms-common.c
-index 8fef2f53..5f0ed728 100644
---- a/src/plugins/sieve-extprograms/sieve-extprograms-common.c
-+++ b/src/plugins/sieve-extprograms/sieve-extprograms-common.c
-@@ -415,6 +415,7 @@ struct sieve_extprogram *sieve_extprogram_create
- 	struct sieve_instance *svinst = ext->svinst;
- 	struct sieve_extprograms_config *ext_config =
- 		(struct sieve_extprograms_config *) ext->context;
-+	const struct smtp_address *sender, *recipient, *orig_recipient;
- 	struct sieve_extprogram *sprog;
- 	const char *path = NULL;
- 	struct stat st;
-@@ -549,20 +550,24 @@ struct sieve_extprogram *sieve_extprogram_create
- 		program_client_set_env(sprog->program_client, "HOME", svinst->home_dir);
- 	if ( svinst->hostname != NULL )
- 		program_client_set_env(sprog->program_client, "HOST", svinst->hostname);
--	if ( !smtp_address_isnull(msgdata->envelope.mail_from) ) {
--		program_client_set_env
--			(sprog->program_client, "SENDER",
--				smtp_address_encode(msgdata->envelope.mail_from));
-+
-+	sender = msgdata->envelope.mail_from;
-+	recipient = msgdata->envelope.rcpt_to;
-+	orig_recipient = NULL;
-+	if ( msgdata->envelope.rcpt_params != NULL )
-+		orig_recipient = msgdata->envelope.rcpt_params->orcpt.addr;
-+
-+	if ( !smtp_address_isnull(sender) ) {
-+		program_client_set_env(sprog->program_client, "SENDER",
-+				       smtp_address_encode(sender));
- 	}
--	if ( !smtp_address_isnull(msgdata->envelope.rcpt_to) ) {
--		program_client_set_env
--			(sprog->program_client, "RECIPIENT",
--				smtp_address_encode(msgdata->envelope.rcpt_to));
-+	if ( !smtp_address_isnull(recipient) ) {
-+		program_client_set_env(sprog->program_client, "RECIPIENT",
-+				       smtp_address_encode(recipient));
- 	}
--	if ( !smtp_address_isnull(msgdata->envelope.rcpt_params->orcpt.addr) ) {
--		program_client_set_env
--			(sprog->program_client, "ORIG_RECIPIENT",
--				smtp_address_encode(msgdata->envelope.rcpt_params->orcpt.addr));
-+	if ( !smtp_address_isnull(orig_recipient) ) {
-+		program_client_set_env(sprog->program_client, "ORIG_RECIPIENT",
-+				       smtp_address_encode(orig_recipient));
- 	}
- 
- 	return sprog;

dovecot-2.3-pigeonhole-0.5.0.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:56356d14b10c45aa472074e85bfc582c2f08a15a43ecf24f481df39b206efad2
+size 1783039

dovecot-2.3-pigeonhole-0.5.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:54c887a493605322e5b968b86f7ba0cf5c503f68513a8cbcd866185f2b237954
-size 1782375

dovecot-2.3.0.1-over-quota-lmtp-crash.patch

@@ -0,0 +1,162 @@
+From 2bf919786518d138cc07d9cc21e14ad5e07e5e56 Mon Sep 17 00:00:00 2001
+From: Stephan Bosch <stephan.bosch@dovecot.fi>
+Date: Wed, 17 Jan 2018 21:26:44 +0100
+Subject: [PATCH] lmtp: local: Fix segfault occurring when quota is exceeded.
+
+---
+ src/lmtp/lmtp-local.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
+index fa1ce5d869..5b5fe51a95 100644
+--- a/src/lmtp/lmtp-local.c
++++ b/src/lmtp/lmtp-local.c
+@@ -133,7 +133,7 @@ static void
+ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
+ 				const char *error)
+ {
+-	struct smtp_address *address = rcpt->rcpt.rcpt->path;
++	struct smtp_address *address = rcpt->rcpt.path;
+ 	struct lda_settings *lda_set =
+ 		mail_storage_service_user_get_set(rcpt->service_user)[2];
+ 
+From cdbcc8db8e0a04b2cbf6ca9f20b3ee7f7173552d Mon Sep 17 00:00:00 2001
+From: Stephan Bosch <stephan.bosch@dovecot.fi>
+Date: Wed, 31 Jan 2018 10:30:23 +0100
+Subject: [PATCH 1/3] lmtp: local: Make local variable for rcpt->rcpt.rcpt_cmd
+ in lmtp_local_rcpt_check_quota().
+
+---
+ src/lmtp/lmtp-local.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
+index c770e35e5b..d0ee4b312e 100644
+--- a/src/lmtp/lmtp-local.c
++++ b/src/lmtp/lmtp-local.c
+@@ -195,6 +195,7 @@ static int
+ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt)
+ {
+ 	struct client *client = rcpt->rcpt.client;
++	struct smtp_server_cmd_ctx *cmd = rcpt->rcpt.rcpt_cmd;
+ 	struct smtp_address *address = rcpt->rcpt.path;
+ 	struct mail_user *user;
+ 	struct mail_namespace *ns;
+@@ -245,10 +246,10 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt)
+ 	}
+ 
+ 	if (ret < 0 &&
+-		!smtp_server_command_is_replied(rcpt->rcpt.rcpt_cmd->cmd)) {
+-		smtp_server_reply(rcpt->rcpt.rcpt_cmd,
+-			451, "4.3.0", "<%s> Temporary internal error",
+-			smtp_address_encode(address));
++		!smtp_server_command_is_replied(cmd->cmd)) {
++		smtp_server_reply(cmd, 451, "4.3.0",
++				  "<%s> Temporary internal error",
++				  smtp_address_encode(address));
+ 	}
+ 	return ret;
+ }
+
+From c23717da4af9d3275cb45cbc67faaa8daa353ec1 Mon Sep 17 00:00:00 2001
+From: Stephan Bosch <stephan.bosch@dovecot.fi>
+Date: Wed, 31 Jan 2018 10:34:11 +0100
+Subject: [PATCH 2/3] lmtp: local: Add explicit cmd parameter to
+ lmtp_local_rcpt_reply_overquota().
+
+Using the RCPT cmd is only valid for the RCPT command and not when quota excess
+is detected during DATA. That would cause a segmentation fault, since
+rcpt->rcpt.rcpt_cmd == NULL.
+---
+ src/lmtp/lmtp-local.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
+index d0ee4b312e..c19c449e61 100644
+--- a/src/lmtp/lmtp-local.c
++++ b/src/lmtp/lmtp-local.c
+@@ -134,6 +134,7 @@ lmtp_local_rcpt_deinit(struct lmtp_local_recipient *rcpt)
+ 
+ static void
+ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
++				struct smtp_server_cmd_ctx *cmd,
+ 				const char *error)
+ {
+ 	struct smtp_address *address = rcpt->rcpt.path;
+@@ -141,13 +142,11 @@ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
+ 		mail_storage_service_user_get_set(rcpt->service_user)[2];
+ 
+ 	if (lda_set->quota_full_tempfail) {
+-		smtp_server_reply(rcpt->rcpt.rcpt_cmd,
+-			452, "4.2.2", "<%s> %s",
+-			smtp_address_encode(address), error);
++		smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s",
++				  smtp_address_encode(address), error);
+ 	} else {
+-		smtp_server_reply(rcpt->rcpt.rcpt_cmd,
+-			552, "5.2.2", "<%s> %s",
+-			smtp_address_encode(address), error);
++		smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s",
++				  smtp_address_encode(address), error);
+ 	}
+ }
+ 
+@@ -232,7 +231,7 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt)
+ 		if (ret < 0) {
+ 			error = mailbox_get_last_error(box, &mail_error);
+ 			if (mail_error == MAIL_ERROR_NOQUOTA) {
+-				lmtp_local_rcpt_reply_overquota(rcpt, error);
++				lmtp_local_rcpt_reply_overquota(rcpt, cmd, error);
+ 			} else {
+ 				i_error("mailbox_get_status(%s, STATUS_CHECK_OVER_QUOTA) "
+ 					"failed: %s",
+@@ -623,7 +622,7 @@ lmtp_local_deliver(struct lmtp_local *local,
+ 	} else if (storage != NULL) {
+ 		error = mail_storage_get_last_error(storage, &mail_error);
+ 		if (mail_error == MAIL_ERROR_NOQUOTA) {
+-			lmtp_local_rcpt_reply_overquota(rcpt, error);
++			lmtp_local_rcpt_reply_overquota(rcpt, cmd, error);
+ 		} else {
+ 			smtp_server_reply_index(cmd, rcpt_idx,
+ 				451, "4.2.0", "<%s> %s",
+
+From f8d9e6c977847a411af9986c9be62f74e4b06143 Mon Sep 17 00:00:00 2001
+From: Stephan Bosch <stephan.bosch@dovecot.fi>
+Date: Wed, 31 Jan 2018 10:27:54 +0100
+Subject: [PATCH 3/3] lmtp: local: Use recipient index in
+ lmtp_local_rcpt_reply_overquota().
+
+When used during the DATA command, it should send a reply for the correct
+recipient. During the RCPT command there is only one reply due. Added assert
+that checks this.
+---
+ src/lmtp/lmtp-local.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
+index c19c449e61..0b5e7e06ec 100644
+--- a/src/lmtp/lmtp-local.c
++++ b/src/lmtp/lmtp-local.c
+@@ -138,15 +138,18 @@ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
+ 				const char *error)
+ {
+ 	struct smtp_address *address = rcpt->rcpt.path;
++	unsigned int rcpt_idx = rcpt->rcpt.index;
+ 	struct lda_settings *lda_set =
+ 		mail_storage_service_user_get_set(rcpt->service_user)[2];
+ 
++	i_assert(rcpt_idx == 0 || rcpt->rcpt.rcpt_cmd == NULL);
++
+ 	if (lda_set->quota_full_tempfail) {
+-		smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s",
+-				  smtp_address_encode(address), error);
++		smtp_server_reply_index(cmd, rcpt_idx, 452, "4.2.2", "<%s> %s",
++					smtp_address_encode(address), error);
+ 	} else {
+-		smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s",
+-				  smtp_address_encode(address), error);
++		smtp_server_reply_index(cmd, rcpt_idx, 552, "5.2.2", "<%s> %s",
++					smtp_address_encode(address), error);
+ 	}
+ }
+ 

dovecot-2.3.0.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ab772b3e214683aba347203c9391295552255c4d69afb324c7b8c8fc5ad6f153
+size 6499984

dovecot-2.3.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de60cb470d025e4dd0f8e8fbbb4b9316dfd4930eb949d307330669ffbeaf8581
-size 6635541

dovecot23.changes

@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Tue Mar  6 19:28:49 UTC 2018 - mrueckert@suse.de
+
+- update pigeonhole to 0.5.0.1
+  - imap4flags extension: Fix binary corruption occurring when
+    setflag/addflag/removeflag flag-list is a variable.
+  - sieve-extprograms plugin: Fix segfault occurring when used in
+    IMAPSieve context.
+- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+
+-------------------------------------------------------------------
+Tue Mar  6 17:54:58 UTC 2018 - mrueckert@suse.de
+
+- pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch
+
+-------------------------------------------------------------------
+Tue Mar  6 13:48:50 UTC 2018 - mrueckert@suse.de
+
+- update to 2.3.0.1
+  * CVE-2017-15130: TLS SNI config lookups may lead to excessive
+    memory usage, causing imap-login/pop3-login VSZ limit to be
+    reached and the process restarted. This happens only if Dovecot
+    config has local_name { } or local { } configuration blocks and
+    attacker uses randomly generated SNI servernames.
+  * CVE-2017-14461: Parsing invalid email addresses may cause a
+    crash or leak memory contents to attacker. For example, these
+    memory contents might contain parts of an email from another
+    user if the same imap process is reused for multiple users.
+    First discovered by Aleksandar Nikolic of Cisco Talos.
+    Independently also discovered by "flxflndy" via HackerOne.
+  * CVE-2017-15132: Aborted SASL authentication leaks memory in
+    login process.
+  * Linux: Core dumping is no longer enabled by default via
+    PR_SET_DUMPABLE, because this may allow attackers to bypass
+    chroot/group restrictions. Found by cPanel Security Team.
+    Nowadays core dumps can be safely enabled by using "sysctl -w
+    fs.suid_dumpable=2". If the old behaviour is wanted, it can
+    still be enabled by setting:
+    import_environment=$import_environment PR_SET_DUMPABLE=1
+  - imap-login with SSL/TLS connections may end up in infinite loop
+
 -------------------------------------------------------------------
 Mon Dec 25 22:39:53 UTC 2017 - jengelh@inai.de
 

dovecot23.spec

@@ -1,7 +1,7 @@
 #
-# spec file for package dovecot22
+# spec file for package dovecot23
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,11 +17,11 @@
 
 
 Name:           dovecot23
-Version:        2.3.0
+Version:        2.3.0.1
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.0
-%define dovecot_pigeonhole_version 0.5.0
+%define dovecot_version 2.3.0.1
+%define dovecot_pigeonhole_version 0.5.0.1
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -133,7 +133,7 @@ Source8:        dovecot-2.2-pigeonhole.configfiles
 Source9:        dovecot-2.3-pigeonhole.configfiles
 Patch:          dovecot-2.3.0-dont_use_etc_ssl_certs.patch
 Patch1:         dovecot-2.3.0-better_ssl_defaults.patch
-Patch2:         https://github.com/stephanbosch/pigeonhole-core/commit/321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+Patch2:         dovecot-2.3.0.1-over-quota-lmtp-crash.patch
 Summary:        IMAP and POP3 Server Written Primarily with Security in Mind
 License:        BSD-3-Clause and LGPL-2.1+ and MIT
 Group:          Productivity/Networking/Email/Servers
@@ -310,12 +310,10 @@ This package holds the file needed to compile plugins outside of the
 dovecot tree.
 
 %prep
-%setup -q -n %{pkg_name}-ce-%{dovecot_version} -a 1
+%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
 %patch -p1
 %patch1 -p1
-pushd %{dovecot_pigeonhole_source_dir}
 %patch2 -p1
-popd
 gzip -9v ChangeLog
 # Fix plugins dir.
 sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf