diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2020-10-12 15:22:28 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2020-10-12 15:23:05 +0000 |
commit | f6b8c8ff1924324b5ae18ea879086deec396c9e5 (patch) | |
tree | 56f31680f580af8d86e8edb86aa23ceeec2b0d07 | |
parent | 5ed4e396bb324e9819f9555980039fe55d1caad1 (diff) | |
download | alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.bz2 alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.xz alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.zip |
community/libetpan: backport fix for CVE-2020-15953
ref #11869
-rw-r--r-- | community/libetpan/APKBUILD | 6 | ||||
-rw-r--r-- | community/libetpan/CVE-2020-15953.patch | 79 |
2 files changed, 83 insertions, 2 deletions
diff --git a/community/libetpan/APKBUILD b/community/libetpan/APKBUILD index 7fe5581258..1da27ac5ed 100644 --- a/community/libetpan/APKBUILD +++ b/community/libetpan/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=libetpan | 2 | pkgname=libetpan |
3 | pkgver=1.9.4 | 3 | pkgver=1.9.4 |
4 | pkgrel=0 | 4 | pkgrel=1 |
5 | pkgdesc="a portable middleware for email access" | 5 | pkgdesc="a portable middleware for email access" |
6 | url="http://www.etpan.org/" | 6 | url="http://www.etpan.org/" |
7 | arch="all" | 7 | arch="all" |
@@ -12,6 +12,7 @@ makedepends="cyrus-sasl-dev curl-dev expat-dev gnutls-dev libgcrypt-dev | |||
12 | depends_dev="cyrus-sasl-dev" | 12 | depends_dev="cyrus-sasl-dev" |
13 | source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz | 13 | source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz |
14 | fix-build.patch | 14 | fix-build.patch |
15 | CVE-2020-15953.patch | ||
15 | " | 16 | " |
16 | 17 | ||
17 | prepare() { | 18 | prepare() { |
@@ -43,4 +44,5 @@ package() { | |||
43 | } | 44 | } |
44 | 45 | ||
45 | sha512sums="7b7047d084fb4ce0c91821c2ad78e921d6d009106851afb7f5b068713c84ebe6926f6bf7a7423f263eeebef617511e44f6b65448d892bbc058c447235fd55c0f libetpan-1.9.4.tar.gz | 46 | sha512sums="7b7047d084fb4ce0c91821c2ad78e921d6d009106851afb7f5b068713c84ebe6926f6bf7a7423f263eeebef617511e44f6b65448d892bbc058c447235fd55c0f libetpan-1.9.4.tar.gz |
46 | 85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9 fix-build.patch" | 47 | 85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9 fix-build.patch |
48 | 4430fb1172944b48a379feb9d716d6d8594819206daabcd2c00dbdd07fa4598a213161d97073f1e5cacab08921263c938bbf40c1ba9080436a5dba4a17dcfd79 CVE-2020-15953.patch" | ||
diff --git a/community/libetpan/CVE-2020-15953.patch b/community/libetpan/CVE-2020-15953.patch new file mode 100644 index 0000000000..e02b000aad --- /dev/null +++ b/community/libetpan/CVE-2020-15953.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001 | ||
2 | From: Damian Poddebniak <duesee@users.noreply.github.com> | ||
3 | Date: Fri, 24 Jul 2020 19:39:53 +0200 | ||
4 | Subject: [PATCH] Detect extra data after STARTTLS response and exit (#387) | ||
5 | |||
6 | --- | ||
7 | src/low-level/imap/mailimap.c | 7 +++++++ | ||
8 | 1 file changed, 7 insertions(+) | ||
9 | |||
10 | diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c | ||
11 | index bb17119d..4ffcf55d 100644 | ||
12 | --- a/src/low-level/imap/mailimap.c | ||
13 | +++ b/src/low-level/imap/mailimap.c | ||
14 | @@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session) | ||
15 | |||
16 | mailimap_response_free(response); | ||
17 | |||
18 | + // Detect if the server send extra data after the STARTTLS response. | ||
19 | + // This *may* be a "response injection attack". | ||
20 | + if (session->imap_stream->read_buffer_len != 0) { | ||
21 | + // Since it is also an IMAP protocol violation, exit. | ||
22 | + return MAILIMAP_ERROR_STARTTLS; | ||
23 | + } | ||
24 | + | ||
25 | switch (error_code) { | ||
26 | case MAILIMAP_RESP_COND_STATE_OK: | ||
27 | return MAILIMAP_NO_ERROR; | ||
28 | From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001 | ||
29 | From: Fabian Ising <Murgeye@users.noreply.github.com> | ||
30 | Date: Fri, 24 Jul 2020 19:40:48 +0200 | ||
31 | Subject: [PATCH] Detect extra data after STARTTLS responses in SMTP and POP3 | ||
32 | and exit (#388) | ||
33 | |||
34 | * Detect extra data after STLS response and return error | ||
35 | |||
36 | * Detect extra data after SMTP STARTTLS response and return error | ||
37 | --- | ||
38 | src/low-level/pop3/mailpop3.c | 8 ++++++++ | ||
39 | src/low-level/smtp/mailsmtp.c | 8 ++++++++ | ||
40 | 2 files changed, 16 insertions(+) | ||
41 | |||
42 | diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c | ||
43 | index ab9535be..e2124bf8 100644 | ||
44 | --- a/src/low-level/pop3/mailpop3.c | ||
45 | +++ b/src/low-level/pop3/mailpop3.c | ||
46 | @@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f) | ||
47 | |||
48 | if (r != RESPONSE_OK) | ||
49 | return MAILPOP3_ERROR_STLS_NOT_SUPPORTED; | ||
50 | + | ||
51 | + // Detect if the server send extra data after the STLS response. | ||
52 | + // This *may* be a "response injection attack". | ||
53 | + if (f->pop3_stream->read_buffer_len != 0) { | ||
54 | + // Since it is also protocol violation, exit. | ||
55 | + // There is no error type for STARTTLS errors in POP3 | ||
56 | + return MAILPOP3_ERROR_SSL; | ||
57 | + } | ||
58 | |||
59 | return MAILPOP3_NO_ERROR; | ||
60 | } | ||
61 | diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c | ||
62 | index b7fc459e..3145cadf 100644 | ||
63 | --- a/src/low-level/smtp/mailsmtp.c | ||
64 | +++ b/src/low-level/smtp/mailsmtp.c | ||
65 | @@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session) | ||
66 | return MAILSMTP_ERROR_STREAM; | ||
67 | r = read_response(session); | ||
68 | |||
69 | + // Detect if the server send extra data after the STARTTLS response. | ||
70 | + // This *may* be a "response injection attack". | ||
71 | + if (session->stream->read_buffer_len != 0) { | ||
72 | + // Since it is also protocol violation, exit. | ||
73 | + // There is no general error type for STARTTLS errors in SMTP | ||
74 | + return MAILSMTP_ERROR_SSL; | ||
75 | + } | ||
76 | + | ||
77 | switch (r) { | ||
78 | case 220: | ||
79 | return MAILSMTP_NO_ERROR; | ||