community/libetpan: backport fix for CVE-2020-15953

ref #11869
author: Natanael Copa <ncopa@alpinelinux.org> 2020-10-12 15:22:28 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2020-10-12 15:23:05 +0000
commit: f6b8c8ff1924324b5ae18ea879086deec396c9e5 (patch)
tree: 56f31680f580af8d86e8edb86aa23ceeec2b0d07
parent: 5ed4e396bb324e9819f9555980039fe55d1caad1 (diff)
download: alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.bz2
alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.xz
alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.zip
2 files changed, 83 insertions, 2 deletions
diff --git a/community/libetpan/APKBUILD b/community/libetpan/APKBUILD
index 7fe5581258..1da27ac5ed 100644
--- a/community/libetpan/APKBUILD
+++ b/community/libetpan/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libetpan
 pkgver=1.9.4
-pkgrel=0
+pkgrel=1
 pkgdesc="a portable middleware for email access"
 url="http://www.etpan.org/"
 arch="all"
@@ -12,6 +12,7 @@ makedepends="cyrus-sasl-dev curl-dev expat-dev gnutls-dev libgcrypt-dev
 depends_dev="cyrus-sasl-dev"
 source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz
        fix-build.patch
+        CVE-2020-15953.patch
        "
 prepare() {
@@ -43,4 +44,5 @@ package() {
 }
 sha512sums="7b7047d084fb4ce0c91821c2ad78e921d6d009106851afb7f5b068713c84ebe6926f6bf7a7423f263eeebef617511e44f6b65448d892bbc058c447235fd55c0f  libetpan-1.9.4.tar.gz
-85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9  fix-build.patch"
+85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9  fix-build.patch
+4430fb1172944b48a379feb9d716d6d8594819206daabcd2c00dbdd07fa4598a213161d97073f1e5cacab08921263c938bbf40c1ba9080436a5dba4a17dcfd79  CVE-2020-15953.patch"
diff --git a/community/libetpan/CVE-2020-15953.patch b/community/libetpan/CVE-2020-15953.patch
new file mode 100644
index 0000000000..e02b000aad
--- /dev/null
+++ b/community/libetpan/CVE-2020-15953.patch
@@ -0,0 +1,79 @@
+From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001
+From: Damian Poddebniak <duesee@users.noreply.github.com>
+Date: Fri, 24 Jul 2020 19:39:53 +0200
+Subject: [PATCH] Detect extra data after STARTTLS response and exit (#387)
+---
+ src/low-level/imap/mailimap.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
+index bb17119d..4ffcf55d 100644
+--- a/src/low-level/imap/mailimap.c
+++ b/src/low-level/imap/mailimap.c
+@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
+ 
+   mailimap_response_free(response);
+ 
+  // Detect if the server send extra data after the STARTTLS response.
+  // This *may* be a "response injection attack".
+  if (session->imap_stream->read_buffer_len != 0) {
+      // Since it is also an IMAP protocol violation, exit.
+      return MAILIMAP_ERROR_STARTTLS;
+  }
+
+   switch (error_code) {
+   case MAILIMAP_RESP_COND_STATE_OK:
+     return MAILIMAP_NO_ERROR;
+From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001
+From: Fabian Ising <Murgeye@users.noreply.github.com>
+Date: Fri, 24 Jul 2020 19:40:48 +0200
+Subject: [PATCH] Detect extra data after STARTTLS responses in SMTP and POP3
+ and exit (#388)
+* Detect extra data after STLS response and return error
+* Detect extra data after SMTP STARTTLS response and return error
+---
+ src/low-level/pop3/mailpop3.c | 8 ++++++++
+ src/low-level/smtp/mailsmtp.c | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c
+index ab9535be..e2124bf8 100644
+--- a/src/low-level/pop3/mailpop3.c
+++ b/src/low-level/pop3/mailpop3.c
+@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f)
+ 
+   if (r != RESPONSE_OK)
+     return MAILPOP3_ERROR_STLS_NOT_SUPPORTED;
+
+  // Detect if the server send extra data after the STLS response.
+  // This *may* be a "response injection attack".
+  if (f->pop3_stream->read_buffer_len != 0) {
+    // Since it is also protocol violation, exit.
+    // There is no error type for STARTTLS errors in POP3
+    return MAILPOP3_ERROR_SSL;
+  }
+   
+   return MAILPOP3_NO_ERROR;
+ }
+diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c
+index b7fc459e..3145cadf 100644
+--- a/src/low-level/smtp/mailsmtp.c
+++ b/src/low-level/smtp/mailsmtp.c
+@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session)
+     return MAILSMTP_ERROR_STREAM;
+   r = read_response(session);
+ 
+  // Detect if the server send extra data after the STARTTLS response.
+  // This *may* be a "response injection attack".
+  if (session->stream->read_buffer_len != 0) {
+    // Since it is also protocol violation, exit.
+    // There is no general error type for STARTTLS errors in SMTP
+    return MAILSMTP_ERROR_SSL;
+  }
+
+   switch (r) {
+   case 220:
+     return MAILSMTP_NO_ERROR;
author	Natanael Copa <ncopa@alpinelinux.org>	2020-10-12 15:22:28 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2020-10-12 15:23:05 +0000
commit	f6b8c8ff1924324b5ae18ea879086deec396c9e5 (patch)
tree	56f31680f580af8d86e8edb86aa23ceeec2b0d07
parent	5ed4e396bb324e9819f9555980039fe55d1caad1 (diff)
download	alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.bz2 alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.tar.xz alpine_aports-f6b8c8ff1924324b5ae18ea879086deec396c9e5.zip

diff --git a/community/libetpan/APKBUILD b/community/libetpan/APKBUILD index 7fe5581258..1da27ac5ed 100644 --- a/community/libetpan/APKBUILD +++ b/community/libetpan/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=libetpan	2	pkgname=libetpan
3	pkgver=1.9.4	3	pkgver=1.9.4
4	pkgrel=0	4	pkgrel=1
5	pkgdesc="a portable middleware for email access"	5	pkgdesc="a portable middleware for email access"
6	url="http://www.etpan.org/"	6	url="http://www.etpan.org/"
7	arch="all"	7	arch="all"
@@ -12,6 +12,7 @@ makedepends="cyrus-sasl-dev curl-dev expat-dev gnutls-dev libgcrypt-dev
12	depends_dev="cyrus-sasl-dev"	12	depends_dev="cyrus-sasl-dev"
13	source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz	13	source="libetpan-$pkgver.tar.gz::https://github.com/dinhviethoa/libetpan/archive/$pkgver.tar.gz
14	fix-build.patch	14	fix-build.patch
		15	CVE-2020-15953.patch
15	"	16	"
16		17
17	prepare() {	18	prepare() {
@@ -43,4 +44,5 @@ package() {
43	}	44	}
44		45
45	sha512sums="7b7047d084fb4ce0c91821c2ad78e921d6d009106851afb7f5b068713c84ebe6926f6bf7a7423f263eeebef617511e44f6b65448d892bbc058c447235fd55c0f libetpan-1.9.4.tar.gz	46	sha512sums="7b7047d084fb4ce0c91821c2ad78e921d6d009106851afb7f5b068713c84ebe6926f6bf7a7423f263eeebef617511e44f6b65448d892bbc058c447235fd55c0f libetpan-1.9.4.tar.gz
46	85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9 fix-build.patch"	47	85d0be0b1a57cb5865a6802c01c9f4fe3e4e32b06929a9c7f688be6f2115a2f6ea8229fd637f83d1376925939b7112bcb6704a9bd79206bf821c32f06747e6c9 fix-build.patch
		48	4430fb1172944b48a379feb9d716d6d8594819206daabcd2c00dbdd07fa4598a213161d97073f1e5cacab08921263c938bbf40c1ba9080436a5dba4a17dcfd79 CVE-2020-15953.patch"


diff --git a/community/libetpan/CVE-2020-15953.patch b/community/libetpan/CVE-2020-15953.patch new file mode 100644 index 0000000000..e02b000aad --- /dev/null +++ b/community/libetpan/CVE-2020-15953.patch
@@ -0,0 +1,79 @@
		1	From 1002a0121a8f5a9aee25357769807f2c519fa50b Mon Sep 17 00:00:00 2001
		2	From: Damian Poddebniak <duesee@users.noreply.github.com>
		3	Date: Fri, 24 Jul 2020 19:39:53 +0200
		4	Subject: [PATCH] Detect extra data after STARTTLS response and exit (#387)
		5
		6	---
		7	src/low-level/imap/mailimap.c \| 7 +++++++
		8	1 file changed, 7 insertions(+)
		9
		10	diff --git a/src/low-level/imap/mailimap.c b/src/low-level/imap/mailimap.c
		11	index bb17119d..4ffcf55d 100644
		12	--- a/src/low-level/imap/mailimap.c
		13	+++ b/src/low-level/imap/mailimap.c
		14	@@ -2428,6 +2428,13 @@ int mailimap_starttls(mailimap * session)
		15
		16	mailimap_response_free(response);
		17
		18	+ // Detect if the server send extra data after the STARTTLS response.
		19	+ // This may be a "response injection attack".
		20	+ if (session->imap_stream->read_buffer_len != 0) {
		21	+ // Since it is also an IMAP protocol violation, exit.
		22	+ return MAILIMAP_ERROR_STARTTLS;
		23	+ }
		24	+
		25	switch (error_code) {
		26	case MAILIMAP_RESP_COND_STATE_OK:
		27	return MAILIMAP_NO_ERROR;
		28	From 298460a2adaabd2f28f417a0f106cb3b68d27df9 Mon Sep 17 00:00:00 2001
		29	From: Fabian Ising <Murgeye@users.noreply.github.com>
		30	Date: Fri, 24 Jul 2020 19:40:48 +0200
		31	Subject: [PATCH] Detect extra data after STARTTLS responses in SMTP and POP3
		32	and exit (#388)
		33
		34	* Detect extra data after STLS response and return error
		35
		36	* Detect extra data after SMTP STARTTLS response and return error
		37	---
		38	src/low-level/pop3/mailpop3.c \| 8 ++++++++
		39	src/low-level/smtp/mailsmtp.c \| 8 ++++++++
		40	2 files changed, 16 insertions(+)
		41
		42	diff --git a/src/low-level/pop3/mailpop3.c b/src/low-level/pop3/mailpop3.c
		43	index ab9535be..e2124bf8 100644
		44	--- a/src/low-level/pop3/mailpop3.c
		45	+++ b/src/low-level/pop3/mailpop3.c
		46	@@ -959,6 +959,14 @@ int mailpop3_stls(mailpop3 * f)
		47
		48	if (r != RESPONSE_OK)
		49	return MAILPOP3_ERROR_STLS_NOT_SUPPORTED;
		50	+
		51	+ // Detect if the server send extra data after the STLS response.
		52	+ // This may be a "response injection attack".
		53	+ if (f->pop3_stream->read_buffer_len != 0) {
		54	+ // Since it is also protocol violation, exit.
		55	+ // There is no error type for STARTTLS errors in POP3
		56	+ return MAILPOP3_ERROR_SSL;
		57	+ }
		58
		59	return MAILPOP3_NO_ERROR;
		60	}
		61	diff --git a/src/low-level/smtp/mailsmtp.c b/src/low-level/smtp/mailsmtp.c
		62	index b7fc459e..3145cadf 100644
		63	--- a/src/low-level/smtp/mailsmtp.c
		64	+++ b/src/low-level/smtp/mailsmtp.c
		65	@@ -1111,6 +1111,14 @@ int mailesmtp_starttls(mailsmtp * session)
		66	return MAILSMTP_ERROR_STREAM;
		67	r = read_response(session);
		68
		69	+ // Detect if the server send extra data after the STARTTLS response.
		70	+ // This may be a "response injection attack".
		71	+ if (session->stream->read_buffer_len != 0) {
		72	+ // Since it is also protocol violation, exit.
		73	+ // There is no general error type for STARTTLS errors in SMTP
		74	+ return MAILSMTP_ERROR_SSL;
		75	+ }
		76	+
		77	switch (r) {
		78	case 220:
		79	return MAILSMTP_NO_ERROR;