Accepting request 583681 from server:mail

- update pigeonhole to 0.5.0.1 - imap4flags extension: Fix binary corruption occurring when setflag/addflag/removeflag flag-list is a variable. - sieve-extprograms plugin: Fix segfault occurring when used in IMAPSieve context. - drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch - pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch - update to 2.3.0.1 * CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames. * CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak memory contents to attacker. For example, these memory contents might contain parts of an email from another user if the same imap process is reused for multiple users. First discovered by Aleksandar Nikolic of Cisco Talos. Independently also discovered by "flxflndy" via HackerOne. * CVE-2017-15132: Aborted SASL authentication leaks memory in login process. * Linux: Core dumping is no longer enabled by default via PR_SET_DUMPABLE, because this may allow attackers to bypass chroot/group restrictions. Found by cPanel Security Team. Nowadays core dumps can be safely enabled by using "sysctl -w fs.suid_dumpable=2". If the old behaviour is wanted, it can still be enabled by setting: import_environment=$import_environment PR_SET_DUMPABLE=1 - imap-login with SSL/TLS connections may end up in infinite loop OBS-URL: https://build.opensuse.org/request/show/583681 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=3
2018-03-07 09:39:34 +00:00 · 2018-03-07 09:39:34 +00:00 · d81026e707
commit d81026e707
parent 1f49286ed7 611d2263be
8 changed files with 216 additions and 76 deletions
--- a/321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+++ b/321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
@ -1,61 +0,0 @@
 From 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1 Mon Sep 17 00:00:00 2001
 From: Stephan Bosch <stephan.bosch@dovecot.fi>
 Date: Mon, 25 Dec 2017 18:20:14 +0100
 Subject: [PATCH] plugins: sieve-extprograms: Fix segfault occurring when used
 in IMAPSieve context.
 This was caused by recent lib-smtp changes.
 There is no envelope in IMAPSieve context, so the rcpt parameters are NULL, causing the segfault.
 ---
 .../sieve-extprograms/sieve-extprograms-common.c   | 29 +++++++++++++---------
 1 file changed, 17 insertions(+), 12 deletions(-)
 diff --git a/src/plugins/sieve-extprograms/sieve-extprograms-common.c b/src/plugins/sieve-extprograms/sieve-extprograms-common.c
 index 8fef2f53..5f0ed728 100644
 --- a/src/plugins/sieve-extprograms/sieve-extprograms-common.c
 +++ b/src/plugins/sieve-extprograms/sieve-extprograms-common.c
@@ -415,6 +415,7 @@ struct sieve_extprogram *sieve_extprogram_create
 	struct sieve_instance *svinst = ext->svinst;
 	struct sieve_extprograms_config *ext_config =
 		(struct sieve_extprograms_config *) ext->context;
 +	const struct smtp_address *sender, *recipient, *orig_recipient;
 	struct sieve_extprogram *sprog;
 	const char *path = NULL;
 	struct stat st;
@@ -549,20 +550,24 @@ struct sieve_extprogram *sieve_extprogram_create
 		program_client_set_env(sprog->program_client, "HOME", svinst->home_dir);
 	if ( svinst->hostname != NULL )
 		program_client_set_env(sprog->program_client, "HOST", svinst->hostname);
 -	if ( !smtp_address_isnull(msgdata->envelope.mail_from) ) {
 -		program_client_set_env
 -			(sprog->program_client, "SENDER",
 -				smtp_address_encode(msgdata->envelope.mail_from));
 +
 +	sender = msgdata->envelope.mail_from;
 +	recipient = msgdata->envelope.rcpt_to;
 +	orig_recipient = NULL;
 +	if ( msgdata->envelope.rcpt_params != NULL )
 +		orig_recipient = msgdata->envelope.rcpt_params->orcpt.addr;
 +
 +	if ( !smtp_address_isnull(sender) ) {
 +		program_client_set_env(sprog->program_client, "SENDER",
 +				       smtp_address_encode(sender));
 	}
 -	if ( !smtp_address_isnull(msgdata->envelope.rcpt_to) ) {
 -		program_client_set_env
 -			(sprog->program_client, "RECIPIENT",
 -				smtp_address_encode(msgdata->envelope.rcpt_to));
 +	if ( !smtp_address_isnull(recipient) ) {
 +		program_client_set_env(sprog->program_client, "RECIPIENT",
 +				       smtp_address_encode(recipient));
 	}
 -	if ( !smtp_address_isnull(msgdata->envelope.rcpt_params->orcpt.addr) ) {
 -		program_client_set_env
 -			(sprog->program_client, "ORIG_RECIPIENT",
 -				smtp_address_encode(msgdata->envelope.rcpt_params->orcpt.addr));
 +	if ( !smtp_address_isnull(orig_recipient) ) {
 +		program_client_set_env(sprog->program_client, "ORIG_RECIPIENT",
 +				       smtp_address_encode(orig_recipient));
 	}
 	return sprog;
--- a/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz
+++ b/dovecot-2.3-pigeonhole-0.5.0.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:56356d14b10c45aa472074e85bfc582c2f08a15a43ecf24f481df39b206efad2
 size 1783039
--- a/dovecot-2.3-pigeonhole-0.5.0.tar.gz
+++ b/dovecot-2.3-pigeonhole-0.5.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:54c887a493605322e5b968b86f7ba0cf5c503f68513a8cbcd866185f2b237954
 size 1782375
--- a/dovecot-2.3.0.1-over-quota-lmtp-crash.patch
+++ b/dovecot-2.3.0.1-over-quota-lmtp-crash.patch
@ -0,0 +1,162 @@
 From 2bf919786518d138cc07d9cc21e14ad5e07e5e56 Mon Sep 17 00:00:00 2001
 From: Stephan Bosch <stephan.bosch@dovecot.fi>
 Date: Wed, 17 Jan 2018 21:26:44 +0100
 Subject: [PATCH] lmtp: local: Fix segfault occurring when quota is exceeded.
 ---
 src/lmtp/lmtp-local.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
 index fa1ce5d869..5b5fe51a95 100644
 --- a/src/lmtp/lmtp-local.c
 +++ b/src/lmtp/lmtp-local.c
@@ -133,7 +133,7 @@ static void
 lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
 				const char *error)
 {
 -	struct smtp_address *address = rcpt->rcpt.rcpt->path;
 +	struct smtp_address *address = rcpt->rcpt.path;
 	struct lda_settings *lda_set =
 		mail_storage_service_user_get_set(rcpt->service_user)[2];
 From cdbcc8db8e0a04b2cbf6ca9f20b3ee7f7173552d Mon Sep 17 00:00:00 2001
 From: Stephan Bosch <stephan.bosch@dovecot.fi>
 Date: Wed, 31 Jan 2018 10:30:23 +0100
 Subject: [PATCH 1/3] lmtp: local: Make local variable for rcpt->rcpt.rcpt_cmd
 in lmtp_local_rcpt_check_quota().
 ---
 src/lmtp/lmtp-local.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
 diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
 index c770e35e5b..d0ee4b312e 100644
 --- a/src/lmtp/lmtp-local.c
 +++ b/src/lmtp/lmtp-local.c
@@ -195,6 +195,7 @@ static int
 lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt)
 {
 	struct client *client = rcpt->rcpt.client;
 +	struct smtp_server_cmd_ctx *cmd = rcpt->rcpt.rcpt_cmd;
 	struct smtp_address *address = rcpt->rcpt.path;
 	struct mail_user *user;
 	struct mail_namespace *ns;
@@ -245,10 +246,10 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt)
 	}
 	if (ret < 0 &&
 -		!smtp_server_command_is_replied(rcpt->rcpt.rcpt_cmd->cmd)) {
 -		smtp_server_reply(rcpt->rcpt.rcpt_cmd,
 -			451, "4.3.0", "<%s> Temporary internal error",
 -			smtp_address_encode(address));
 +		!smtp_server_command_is_replied(cmd->cmd)) {
 +		smtp_server_reply(cmd, 451, "4.3.0",
 +				  "<%s> Temporary internal error",
 +				  smtp_address_encode(address));
 	}
 	return ret;
 }
 From c23717da4af9d3275cb45cbc67faaa8daa353ec1 Mon Sep 17 00:00:00 2001
 From: Stephan Bosch <stephan.bosch@dovecot.fi>
 Date: Wed, 31 Jan 2018 10:34:11 +0100
 Subject: [PATCH 2/3] lmtp: local: Add explicit cmd parameter to
 lmtp_local_rcpt_reply_overquota().
 Using the RCPT cmd is only valid for the RCPT command and not when quota excess
 is detected during DATA. That would cause a segmentation fault, since
 rcpt->rcpt.rcpt_cmd == NULL.
 ---
 src/lmtp/lmtp-local.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)
 diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
 index d0ee4b312e..c19c449e61 100644
 --- a/src/lmtp/lmtp-local.c
 +++ b/src/lmtp/lmtp-local.c
@@ -134,6 +134,7 @@ lmtp_local_rcpt_deinit(struct lmtp_local_recipient *rcpt)
 static void
 lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
 +				struct smtp_server_cmd_ctx *cmd,
 				const char *error)
 {
 	struct smtp_address *address = rcpt->rcpt.path;
@@ -141,13 +142,11 @@ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
 		mail_storage_service_user_get_set(rcpt->service_user)[2];
 	if (lda_set->quota_full_tempfail) {
 -		smtp_server_reply(rcpt->rcpt.rcpt_cmd,
 -			452, "4.2.2", "<%s> %s",
 -			smtp_address_encode(address), error);
 +		smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s",
 +				  smtp_address_encode(address), error);
 	} else {
 -		smtp_server_reply(rcpt->rcpt.rcpt_cmd,
 -			552, "5.2.2", "<%s> %s",
 -			smtp_address_encode(address), error);
 +		smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s",
 +				  smtp_address_encode(address), error);
 	}
 }
@@ -232,7 +231,7 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt)
 		if (ret < 0) {
 			error = mailbox_get_last_error(box, &mail_error);
 			if (mail_error == MAIL_ERROR_NOQUOTA) {
 -				lmtp_local_rcpt_reply_overquota(rcpt, error);
 +				lmtp_local_rcpt_reply_overquota(rcpt, cmd, error);
 			} else {
 				i_error("mailbox_get_status(%s, STATUS_CHECK_OVER_QUOTA) "
 					"failed: %s",
@@ -623,7 +622,7 @@ lmtp_local_deliver(struct lmtp_local *local,
 	} else if (storage != NULL) {
 		error = mail_storage_get_last_error(storage, &mail_error);
 		if (mail_error == MAIL_ERROR_NOQUOTA) {
 -			lmtp_local_rcpt_reply_overquota(rcpt, error);
 +			lmtp_local_rcpt_reply_overquota(rcpt, cmd, error);
 		} else {
 			smtp_server_reply_index(cmd, rcpt_idx,
 				451, "4.2.0", "<%s> %s",
 From f8d9e6c977847a411af9986c9be62f74e4b06143 Mon Sep 17 00:00:00 2001
 From: Stephan Bosch <stephan.bosch@dovecot.fi>
 Date: Wed, 31 Jan 2018 10:27:54 +0100
 Subject: [PATCH 3/3] lmtp: local: Use recipient index in
 lmtp_local_rcpt_reply_overquota().
 When used during the DATA command, it should send a reply for the correct
 recipient. During the RCPT command there is only one reply due. Added assert
 that checks this.
 ---
 src/lmtp/lmtp-local.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)
 diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
 index c19c449e61..0b5e7e06ec 100644
 --- a/src/lmtp/lmtp-local.c
 +++ b/src/lmtp/lmtp-local.c
@@ -138,15 +138,18 @@ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt,
 				const char *error)
 {
 	struct smtp_address *address = rcpt->rcpt.path;
 +	unsigned int rcpt_idx = rcpt->rcpt.index;
 	struct lda_settings *lda_set =
 		mail_storage_service_user_get_set(rcpt->service_user)[2];
 +	i_assert(rcpt_idx == 0 || rcpt->rcpt.rcpt_cmd == NULL);
 +
 	if (lda_set->quota_full_tempfail) {
 -		smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s",
 -				  smtp_address_encode(address), error);
 +		smtp_server_reply_index(cmd, rcpt_idx, 452, "4.2.2", "<%s> %s",
 +					smtp_address_encode(address), error);
 	} else {
 -		smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s",
 -				  smtp_address_encode(address), error);
 +		smtp_server_reply_index(cmd, rcpt_idx, 552, "5.2.2", "<%s> %s",
 +					smtp_address_encode(address), error);
 	}
 }
--- a/dovecot-2.3.0.1.tar.gz
+++ b/dovecot-2.3.0.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ab772b3e214683aba347203c9391295552255c4d69afb324c7b8c8fc5ad6f153
 size 6499984
--- a/dovecot-2.3.0.tar.gz
+++ b/dovecot-2.3.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:de60cb470d025e4dd0f8e8fbbb4b9316dfd4930eb949d307330669ffbeaf8581
 size 6635541
--- a/dovecot23.changes
+++ b/dovecot23.changes
@ -1,3 +1,44 @@
 -------------------------------------------------------------------
 Tue Mar  6 19:28:49 UTC 2018 - mrueckert@suse.de
 - update pigeonhole to 0.5.0.1
  - imap4flags extension: Fix binary corruption occurring when
    setflag/addflag/removeflag flag-list is a variable.
  - sieve-extprograms plugin: Fix segfault occurring when used in
    IMAPSieve context.
 - drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
 -------------------------------------------------------------------
 Tue Mar  6 17:54:58 UTC 2018 - mrueckert@suse.de
 - pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch
 -------------------------------------------------------------------
 Tue Mar  6 13:48:50 UTC 2018 - mrueckert@suse.de
 - update to 2.3.0.1
  * CVE-2017-15130: TLS SNI config lookups may lead to excessive
    memory usage, causing imap-login/pop3-login VSZ limit to be
    reached and the process restarted. This happens only if Dovecot
    config has local_name { } or local { } configuration blocks and
    attacker uses randomly generated SNI servernames.
  * CVE-2017-14461: Parsing invalid email addresses may cause a
    crash or leak memory contents to attacker. For example, these
    memory contents might contain parts of an email from another
    user if the same imap process is reused for multiple users.
    First discovered by Aleksandar Nikolic of Cisco Talos.
    Independently also discovered by "flxflndy" via HackerOne.
  * CVE-2017-15132: Aborted SASL authentication leaks memory in
    login process.
  * Linux: Core dumping is no longer enabled by default via
    PR_SET_DUMPABLE, because this may allow attackers to bypass
    chroot/group restrictions. Found by cPanel Security Team.
    Nowadays core dumps can be safely enabled by using "sysctl -w
    fs.suid_dumpable=2". If the old behaviour is wanted, it can
    still be enabled by setting:
    import_environment=$import_environment PR_SET_DUMPABLE=1
  - imap-login with SSL/TLS connections may end up in infinite loop
 -------------------------------------------------------------------
 Mon Dec 25 22:39:53 UTC 2017 - jengelh@inai.de
--- a/dovecot23.spec
+++ b/dovecot23.spec
@ -1,7 +1,7 @@
 #
-# spec file for package dovecot22
+# spec file for package dovecot23
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,11 +17,11 @@
 Name:           dovecot23
-Version:        2.3.0
+Version:        2.3.0.1
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.0
+%define dovecot_version 2.3.0.1
-%define dovecot_pigeonhole_version 0.5.0
+%define dovecot_pigeonhole_version 0.5.0.1
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@ -133,7 +133,7 @@ Source8:        dovecot-2.2-pigeonhole.configfiles
 Source9:        dovecot-2.3-pigeonhole.configfiles
 Patch:          dovecot-2.3.0-dont_use_etc_ssl_certs.patch
 Patch1:         dovecot-2.3.0-better_ssl_defaults.patch
-Patch2:         https://github.com/stephanbosch/pigeonhole-core/commit/321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+Patch2:         dovecot-2.3.0.1-over-quota-lmtp-crash.patch
 Summary:        IMAP and POP3 Server Written Primarily with Security in Mind
 License:        BSD-3-Clause and LGPL-2.1+ and MIT
 Group:          Productivity/Networking/Email/Servers
@ -310,12 +310,10 @@ This package holds the file needed to compile plugins outside of the
 dovecot tree.
 %prep
-%setup -q -n %{pkg_name}-ce-%{dovecot_version} -a 1
+%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
 %patch -p1
 %patch1 -p1
 pushd %{dovecot_pigeonhole_source_dir}
 %patch2 -p1
 popd
 gzip -9v ChangeLog
 # Fix plugins dir.
 sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf