diff --git a/dovecot-1.0.15-cve_2008_4870.patch b/dovecot-1.0.15-cve_2008_4870.patch new file mode 100644 index 0000000..5cb2e32 --- /dev/null +++ b/dovecot-1.0.15-cve_2008_4870.patch @@ -0,0 +1,186 @@ +diff -up dovecot-1.0.15/dovecot-example.conf.cve_2008_4870 dovecot-1.0.15/dovecot-example.conf +--- dovecot-1.0.15/dovecot-example.conf.cve_2008_4870 2008-12-02 18:14:59.881567691 +0100 ++++ dovecot-1.0.15/dovecot-example.conf 2008-12-02 18:15:46.796559728 +0100 +@@ -92,7 +92,9 @@ + #ssl_key_file = /etc/pki/dovecot/private/dovecot.pem + + # If key file is password protected, give the password here. Alternatively +-# give it when starting dovecot with -p parameter. ++# give it when starting dovecot with -p parameter. Since this file is often ++# world-readable, you may want to place this setting instead to a different ++# root owned 0600 file by using !include_try . + #ssl_key_password = + + # File containing trusted SSL certificate authorities. Set this only if you +diff -up dovecot-1.0.15/src/deliver/deliver.c.cve_2008_4870 dovecot-1.0.15/src/deliver/deliver.c +--- dovecot-1.0.15/src/deliver/deliver.c.cve_2008_4870 2008-02-29 10:17:05.000000000 +0100 ++++ dovecot-1.0.15/src/deliver/deliver.c 2008-12-02 18:14:59.907564783 +0100 +@@ -261,6 +261,13 @@ static void config_file_init(const char + len--; + line[len] = '\0'; + ++ if (strncmp(line, "!include_try ", 13) == 0) ++ continue; ++ if (strncmp(line, "!include ", 9) == 0) { ++ i_fatal_status(EX_CONFIG, "Error in config file %s: " ++ "deliver doesn't support !include directive", path); ++ } ++ + value = p = strchr(line, '='); + if (value == NULL) { + if (strchr(line, '{') != NULL) { +diff -up dovecot-1.0.15/src/lib-settings/settings.c.cve_2008_4870 dovecot-1.0.15/src/lib-settings/settings.c +--- dovecot-1.0.15/src/lib-settings/settings.c.cve_2008_4870 2007-12-11 19:52:08.000000000 +0100 ++++ dovecot-1.0.15/src/lib-settings/settings.c 2008-12-02 18:17:45.485562650 +0100 +@@ -1,6 +1,7 @@ + /* Copyright (C) 2002 Timo Sirainen */ + + #include "lib.h" ++#include "str.h" + #include "istream.h" + #include "strescape.h" + #include "settings.h" +@@ -8,7 +9,16 @@ + #include + #include + +-#define SECTION_ERRORMSG "%s (section changed at line %d)" ++#define SECTION_ERRORMSG "%s (section changed in %s at line %d)" ++ ++struct input_stack { ++ struct input_stack *prev; ++ ++ struct istream *input; ++ const char *path; ++ unsigned int linenum; ++}; ++ + + static const char *get_bool(const char *value, bool *result) + { +@@ -65,11 +75,11 @@ bool settings_read(const char *path, con + settings_callback_t *callback, + settings_section_callback_t *sect_callback, void *context) + { +- struct istream *input; +- const char *errormsg, *next_section; +- char *line, *key, *name, *p, quote; ++ struct input_stack root, *input, *new_input; ++ const char *errormsg, *next_section, *name, *last_section_path = NULL; ++ char *line, *key, *p, quote; + size_t len; +- int fd, linenum, last_section_line = 0, skip, sections, root_section; ++ int fd, last_section_line = 0, skip, sections, root_section; + + fd = open(path, O_RDONLY); + if (fd < 0) { +@@ -87,23 +97,29 @@ bool settings_read(const char *path, con + next_section = t_strcut(section, '/'); + } + +- linenum = 0; sections = 0; root_section = 0; errormsg = NULL; +- input = i_stream_create_file(fd, default_pool, 2048, TRUE); ++ memset(&root, 0, sizeof(root)); ++ root.path = path; ++ input = &root; ++ ++ sections = 0; root_section = 0; errormsg = NULL; ++newfile: ++ input->input = i_stream_create_file(fd, default_pool, 2048, TRUE); ++prevfile: + for (;;) { +- line = i_stream_read_next_line(input); ++ line = i_stream_read_next_line(input->input); + if (line == NULL) { + /* EOF. Also handle the last line even if it doesn't + contain LF. */ + const unsigned char *data; + size_t size; + +- data = i_stream_get_data(input, &size); ++ data = i_stream_get_data(input->input, &size); + if (size == 0) + break; + line = t_strdup_noconst(t_strndup(data, size)); +- i_stream_skip(input, size); ++ i_stream_skip(input->input, size); + } +- linenum++; ++ input->linenum++; + + /* @UNSAFE: line is modified */ + +@@ -148,7 +164,30 @@ bool settings_read(const char *path, con + while (IS_WHITE(*line)) line++; + } + +- if (*line == '=') { ++ if (strcmp(key, "!include_try") == 0 || ++ strcmp(key, "!include") == 0) { ++ struct input_stack *tmp; ++ ++ for (tmp = input; tmp != NULL; tmp = tmp->prev) { ++ if (strcmp(tmp->path, line) == 0) ++ break; ++ } ++ if (tmp != NULL) { ++ errormsg = "Recursive include"; ++ } else if ((fd = open(line, O_RDONLY)) != -1) { ++ new_input = t_new(struct input_stack, 1); ++ new_input->prev = input; ++ new_input->path = t_strdup(line); ++ input = new_input; ++ goto newfile; ++ } else { ++ /* failed, but ignore failures with include_try. */ ++ if (strcmp(key, "!include") == 0) { ++ errormsg = t_strdup_printf( ++ "Couldn't open include file %s: %m", line); ++ } ++ } ++ } else if (*line == '=') { + /* a) */ + *line++ = '\0'; + while (IS_WHITE(*line)) line++; +@@ -212,10 +251,12 @@ bool settings_read(const char *path, con + errormsg = t_strdup_printf( + SECTION_ERRORMSG, + errormsg, ++ last_section_path, + last_section_line); + } + } +- last_section_line = linenum; ++ last_section_path = input->path; ++ last_section_line = input->linenum; + } + } else { + /* c) */ +@@ -234,19 +275,24 @@ bool settings_read(const char *path, con + break; + } + } +- last_section_line = linenum; ++ last_section_path = input->path; ++ last_section_line = input->linenum; + sections--; + } + } + + if (errormsg != NULL) { + i_error("Error in configuration file %s line %d: %s", +- path, linenum, errormsg); ++ input->path, input->linenum, errormsg); + break; + } + } + +- i_stream_destroy(&input); ++ i_stream_destroy(&input->input); ++ input = input->prev; ++ if (line == NULL && input != NULL) ++ goto prevfile; ++ + t_pop(); + + return errormsg == NULL; diff --git a/dovecot-1.0.rc15-default-settings.patch b/dovecot-1.0.rc15-default-settings.patch index f753585..218b75f 100644 --- a/dovecot-1.0.rc15-default-settings.patch +++ b/dovecot-1.0.rc15-default-settings.patch @@ -1,46 +1,7 @@ ---- dovecot-1.0.rc15/src/master/master-settings.c.default-settings 2006-11-12 18:56:07.000000000 +0100 -+++ dovecot-1.0.rc15/src/master/master-settings.c 2006-11-21 09:47:40.000000000 +0100 -@@ -269,8 +269,8 @@ - MEMBER(syslog_facility) "mail", - - /* general */ -- MEMBER(protocols) "imap imaps", -- MEMBER(listen) "*", -+ MEMBER(protocols) "imap imaps pop3 pop3s", -+ MEMBER(listen) "[::]", - MEMBER(ssl_listen) "", - - MEMBER(ssl_disable) FALSE, -@@ -281,7 +281,7 @@ - MEMBER(ssl_parameters_regenerate) 168, - MEMBER(ssl_cipher_list) "", - MEMBER(ssl_verify_client_cert) FALSE, -- MEMBER(disable_plaintext_auth) TRUE, -+ MEMBER(disable_plaintext_auth) FALSE, - MEMBER(verbose_ssl) FALSE, - MEMBER(shutdown_clients) TRUE, - MEMBER(nfs_check) TRUE, -@@ -337,7 +337,7 @@ - MEMBER(maildir_stat_dirs) FALSE, - MEMBER(maildir_copy_with_hardlinks) FALSE, - MEMBER(mbox_read_locks) "fcntl", -- MEMBER(mbox_write_locks) "dotlock fcntl", -+ MEMBER(mbox_write_locks) "fcntl", - MEMBER(mbox_lock_timeout) 300, - MEMBER(mbox_dotlock_change_timeout) 120, - MEMBER(mbox_min_index_size) 0, -@@ -366,7 +366,7 @@ - MEMBER(pop3_enable_last) FALSE, - MEMBER(pop3_reuse_xuidl) FALSE, - MEMBER(pop3_lock_session) FALSE, -- MEMBER(pop3_uidl_format) "", -+ MEMBER(pop3_uidl_format) "%08Xu%08Xv", - MEMBER(pop3_client_workarounds) "", - MEMBER(pop3_logout_format) "top=%t/%p, retr=%r/%b, del=%d/%m, size=%s", - ---- dovecot-1.0.rc15/dovecot-example.conf.default-settings 2006-11-05 18:14:37.000000000 +0100 -+++ dovecot-1.0.rc15/dovecot-example.conf 2006-11-21 09:49:06.000000000 +0100 -@@ -7,17 +7,14 @@ +diff -up dovecot-1.0.15/dovecot-example.conf.default-settings dovecot-1.0.15/dovecot-example.conf +--- dovecot-1.0.15/dovecot-example.conf.default-settings 2008-05-27 13:48:26.000000000 +0200 ++++ dovecot-1.0.15/dovecot-example.conf 2008-12-02 18:12:14.998564969 +0100 +@@ -10,17 +10,14 @@ # value inside quotes, eg.: key = "# char and trailing whitespace " # Default values are shown for each setting, it's not required to uncomment @@ -60,7 +21,7 @@ # IP or host address where to listen in for connections. It's not currently # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. -@@ -36,13 +33,13 @@ +@@ -39,13 +36,13 @@ # listen = *:10100 # .. # } @@ -76,7 +37,7 @@ # Should all IMAP and POP3 processes be killed when Dovecot master process # shuts down. Setting this to "no" means that Dovecot can be upgraded without -@@ -87,8 +84,8 @@ +@@ -91,8 +88,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf @@ -87,7 +48,7 @@ # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. -@@ -425,7 +422,7 @@ +@@ -451,7 +448,7 @@ # locking methods as well. Some operating systems don't allow using some of # them simultaneously. #mbox_read_locks = fcntl @@ -96,7 +57,7 @@ # Maximum time in seconds to wait for lock (all of them) before aborting. #mbox_lock_timeout = 300 -@@ -593,7 +590,7 @@ +@@ -620,7 +617,7 @@ protocol pop3 { # installations. %08Xu%08Xv will be the new default, so use it for new # installations. # @@ -105,3 +66,44 @@ # POP3 logout format string: # %t - number of TOP commands +diff -up dovecot-1.0.15/src/master/master-settings.c.default-settings dovecot-1.0.15/src/master/master-settings.c +--- dovecot-1.0.15/src/master/master-settings.c.default-settings 2008-06-21 15:11:40.000000000 +0200 ++++ dovecot-1.0.15/src/master/master-settings.c 2008-12-02 18:13:21.295809214 +0100 +@@ -162,8 +162,8 @@ struct settings default_settings = { + MEMBER(syslog_facility) "mail", + + /* general */ +- MEMBER(protocols) "imap imaps", +- MEMBER(listen) "*", ++ MEMBER(protocols) "imap imaps pop3 pop3s", ++ MEMBER(listen) "[::]", + MEMBER(ssl_listen) "", + + MEMBER(ssl_disable) FALSE, +@@ -174,7 +174,7 @@ struct settings default_settings = { + MEMBER(ssl_parameters_regenerate) 168, + MEMBER(ssl_cipher_list) "", + MEMBER(ssl_verify_client_cert) FALSE, +- MEMBER(disable_plaintext_auth) TRUE, ++ MEMBER(disable_plaintext_auth) FALSE, + MEMBER(verbose_ssl) FALSE, + MEMBER(shutdown_clients) TRUE, + MEMBER(nfs_check) TRUE, +@@ -235,7 +235,7 @@ struct settings default_settings = { + MEMBER(maildir_copy_with_hardlinks) FALSE, + MEMBER(maildir_copy_preserve_filename) FALSE, + MEMBER(mbox_read_locks) "fcntl", +- MEMBER(mbox_write_locks) "dotlock fcntl", ++ MEMBER(mbox_write_locks) "fcntl", + MEMBER(mbox_lock_timeout) 300, + MEMBER(mbox_dotlock_change_timeout) 120, + MEMBER(mbox_min_index_size) 0, +@@ -265,7 +265,7 @@ struct settings default_settings = { + MEMBER(pop3_enable_last) FALSE, + MEMBER(pop3_reuse_xuidl) FALSE, + MEMBER(pop3_lock_session) FALSE, +- MEMBER(pop3_uidl_format) "", ++ MEMBER(pop3_uidl_format) "%08Xu%08Xv", + MEMBER(pop3_client_workarounds) "", + MEMBER(pop3_logout_format) "top=%t/%p, retr=%r/%b, del=%d/%m, size=%s", + diff --git a/dovecot.spec b/dovecot.spec index 4661b62..1c90f56 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -1,7 +1,7 @@ %define upstream 1.0.15 %define sieve_upstream 1.0.3 %define pkg_version 1.0.15 -%define my_release 15 +%define my_release 16 %define pkg_release %{my_release}%{?dist} %define pkg_sieve_version 1.0.3 %define pkg_sieve_release %{my_release}%{?dist} @@ -39,6 +39,7 @@ Patch103: dovecot-1.0.beta2-mkcert-permissions.patch Patch105: dovecot-1.0.rc7-mkcert-paths.patch Patch106: dovecot-1.0.rc27-quota-warning.patch Patch108: dovecot-1.0.15-cve_2008_4577.patch +Patch109: dovecot-1.0.15-cve_2008_4870.patch Patch200: dovecot-1.0.rc32-split.patch # XXX this patch needs review and forward porting @@ -183,6 +184,8 @@ This package provides the development files for dovecot. #%patch107 -p1 -b .unicodedata %patch106 -p1 -b .quota-warning %patch108 -p1 -b .cve_2008_4577 +%patch109 -p1 -b .cve_2008_4870 + %patch200 -p1 -b .split #%patch200 -p1 -b .%{dovecot_hg} %patch1000 -p1 -b .winbind @@ -271,7 +274,7 @@ chmod 700 $RPM_BUILD_ROOT/var/run/dovecot/login # Install dovecot.conf and dovecot-openssl.cnf mkdir -p $RPM_BUILD_ROOT/%{ssldir} -install -p -m640 $RPM_BUILD_DIR/dovecot-%{upstream}/dovecot-example.conf $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot.conf +install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/dovecot-example.conf $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot.conf rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot-*example.conf # dovecot seems to install this by itself install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/doc/dovecot-openssl.cnf $RPM_BUILD_ROOT/%{ssldir}/dovecot-openssl.cnf @@ -371,7 +374,7 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) %doc %{docdir}-%{version} %config(noreplace) %{_sysconfdir}/dovecot.conf -%attr(0640,root,mail) %config(noreplace) %{_sysconfdir}/dovecot.conf +%config(noreplace) %{_sysconfdir}/dovecot.conf %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot %config %{_sysconfdir}/rc.d/init.d/dovecot %config(noreplace) %{_sysconfdir}/pam.d/dovecot @@ -382,19 +385,6 @@ rm -rf $RPM_BUILD_ROOT %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/certs/dovecot.pem %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/private/dovecot.pem %{_libexecdir}/%{name} -%{_libexecdir}/%{name}/checkpassword-reply -%attr(2755,root,mail) %{_libexecdir}/%{name}/deliver -%{_libexecdir}/%{name}/dict -%{_libexecdir}/%{name}/dovecot-auth -%{_libexecdir}/%{name}/gdbhelper -%{_libexecdir}/%{name}/idxview -%{_libexecdir}/%{name}/imap -%{_libexecdir}/%{name}/imap-login -%{_libexecdir}/%{name}/logview -%{_libexecdir}/%{name}/pop3 -%{_libexecdir}/%{name}/pop3-login -%{_libexecdir}/%{name}/rawlog -%{_libexecdir}/%{name}/ssl-build-param %dir %{_libdir}/%{name} %{_sbindir}/dovecot %{_sbindir}/dovecotpw @@ -452,6 +442,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Nov 24 2008 Michal Hlavinka - 1.0.15-16 +- permissions of deliver and dovecot.conf from 1.0.15-15 reverted +- password can be stored in different file readable only for root now + * Mon Nov 3 2008 Michal Hlavinka - 1:1.0.15-15 - change permissions of deliver and dovecot.conf to prevent possible password exposure