From cd394340d8f550e1778682a5ff60116f3bba84bf Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Sun, 15 Dec 2019 03:45:47 +0100 Subject: [PATCH] dovecot: 2.3.8 -> 2.3.9.2 Update to latest version & updated the patch file to match with the lastest verison. Fixes the following security issue: * CVE-2019-19722: Mails with group addresses in From or To fields caused crash in push notification drivers. --- .../mail/dovecot/2.2.x-module_dir.patch | 135 -------------- .../mail/dovecot/2.3.x-module_dir.patch | 165 ++++++++++++++++++ pkgs/servers/mail/dovecot/default.nix | 6 +- 3 files changed, 168 insertions(+), 138 deletions(-) delete mode 100644 pkgs/servers/mail/dovecot/2.2.x-module_dir.patch create mode 100644 pkgs/servers/mail/dovecot/2.3.x-module_dir.patch diff --git a/pkgs/servers/mail/dovecot/2.2.x-module_dir.patch b/pkgs/servers/mail/dovecot/2.2.x-module_dir.patch deleted file mode 100644 index 422bfad92e6a..000000000000 --- a/pkgs/servers/mail/dovecot/2.2.x-module_dir.patch +++ /dev/null @@ -1,135 +0,0 @@ -diff --git a/src/auth/main.c b/src/auth/main.c -index 2dbf9e1..b1e778a 100644 ---- a/src/auth/main.c -+++ b/src/auth/main.c -@@ -192,7 +192,7 @@ static void main_preinit(void) - mod_set.debug = global_auth_settings->debug; - mod_set.filter_callback = auth_module_filter; - -- modules = module_dir_load(AUTH_MODULE_DIR, NULL, &mod_set); -+ modules = module_dir_load("/etc/dovecot/modules/auth", NULL, &mod_set); - module_dir_init(modules); - - if (!worker) -@@ -223,7 +223,7 @@ void auth_module_load(const char *names) - mod_set.debug = global_auth_settings->debug; - mod_set.ignore_missing = TRUE; - -- modules = module_dir_load_missing(modules, AUTH_MODULE_DIR, names, -+ modules = module_dir_load_missing(modules, "/etc/dovecot/modules/auth", names, - &mod_set); - module_dir_init(modules); - } -diff --git a/src/config/all-settings.c b/src/config/all-settings.c -index 4a2ab53..5057d63 100644 ---- a/src/config/all-settings.c -+++ b/src/config/all-settings.c -@@ -1079,7 +1079,7 @@ static const struct mail_user_settings mail_user_default_settings = { - .last_valid_gid = 0, - - .mail_plugins = "", -- .mail_plugin_dir = MODULEDIR, -+ .mail_plugin_dir = "/etc/dovecot/modules", - - .mail_log_prefix = "%s(%u)<%{pid}><%{session}>: ", - -@@ -4723,7 +4723,7 @@ const struct doveadm_settings doveadm_default_settings = { - .base_dir = PKG_RUNDIR, - .libexec_dir = PKG_LIBEXECDIR, - .mail_plugins = "", -- .mail_plugin_dir = MODULEDIR, -+ .mail_plugin_dir = "/etc/dovecot/modules", - .auth_debug = FALSE, - .auth_socket_path = "auth-userdb", - .doveadm_socket_path = "doveadm-server", -diff --git a/src/config/config-parser.c b/src/config/config-parser.c -index 6894123..07e9fec 100644 ---- a/src/config/config-parser.c -+++ b/src/config/config-parser.c -@@ -1077,7 +1077,7 @@ void config_parse_load_modules(void) - - i_zero(&mod_set); - mod_set.abi_version = DOVECOT_ABI_VERSION; -- modules = module_dir_load(CONFIG_MODULE_DIR, NULL, &mod_set); -+ modules = module_dir_load("/etc/dovecot/modules/settings", NULL, &mod_set); - module_dir_init(modules); - - i_array_init(&new_roots, 64); -diff --git a/src/dict/main.c b/src/dict/main.c -index 722ed02..4ed12ae 100644 ---- a/src/dict/main.c -+++ b/src/dict/main.c -@@ -104,7 +104,7 @@ static void main_init(void) - mod_set.abi_version = DOVECOT_ABI_VERSION; - mod_set.require_init_funcs = TRUE; - -- modules = module_dir_load(DICT_MODULE_DIR, NULL, &mod_set); -+ modules = module_dir_load("/etc/dovecot/modules/dict", NULL, &mod_set); - module_dir_init(modules); - - /* Register only after loading modules. They may contain SQL drivers, -diff --git a/src/doveadm/doveadm-settings.c b/src/doveadm/doveadm-settings.c -index 88da40c..141ed05 100644 ---- a/src/doveadm/doveadm-settings.c -+++ b/src/doveadm/doveadm-settings.c -@@ -86,7 +86,7 @@ const struct doveadm_settings doveadm_default_settings = { - .base_dir = PKG_RUNDIR, - .libexec_dir = PKG_LIBEXECDIR, - .mail_plugins = "", -- .mail_plugin_dir = MODULEDIR, -+ .mail_plugin_dir = "/etc/dovecot/modules", - .auth_debug = FALSE, - .auth_socket_path = "auth-userdb", - .doveadm_socket_path = "doveadm-server", -diff --git a/src/lib-fs/fs-api.c b/src/lib-fs/fs-api.c -index a939f61..846cf86 100644 ---- a/src/lib-fs/fs-api.c -+++ b/src/lib-fs/fs-api.c -@@ -114,7 +114,7 @@ static void fs_class_try_load_plugin(const char *driver) - mod_set.abi_version = DOVECOT_ABI_VERSION; - mod_set.ignore_missing = TRUE; - -- fs_modules = module_dir_load_missing(fs_modules, MODULE_DIR, -+ fs_modules = module_dir_load_missing(fs_modules, "/etc/dovecot/modules", - module_name, &mod_set); - module_dir_init(fs_modules); - -diff --git a/src/lib-ssl-iostream/iostream-ssl.c b/src/lib-ssl-iostream/iostream-ssl.c -index f857ec9..0d1023b 100644 ---- a/src/lib-ssl-iostream/iostream-ssl.c -+++ b/src/lib-ssl-iostream/iostream-ssl.c -@@ -53,7 +53,7 @@ int ssl_module_load(const char **error_r) - mod_set.abi_version = DOVECOT_ABI_VERSION; - mod_set.setting_name = ""; - mod_set.require_init_funcs = TRUE; -- ssl_module = module_dir_load(MODULE_DIR, plugin_name, &mod_set); -+ ssl_module = module_dir_load("/etc/dovecot/modules", plugin_name, &mod_set); - if (module_dir_try_load_missing(&ssl_module, MODULE_DIR, plugin_name, - &mod_set, error_r) < 0) - return -1; -diff --git a/src/lib-storage/mail-storage-settings.c b/src/lib-storage/mail-storage-settings.c -index b314b52..7055094 100644 ---- a/src/lib-storage/mail-storage-settings.c -+++ b/src/lib-storage/mail-storage-settings.c -@@ -337,7 +337,7 @@ static const struct mail_user_settings mail_user_default_settings = { - .last_valid_gid = 0, - - .mail_plugins = "", -- .mail_plugin_dir = MODULEDIR, -+ .mail_plugin_dir = "/etc/dovecot/modules", - - .mail_log_prefix = "%s(%u)<%{pid}><%{session}>: ", - -diff --git a/src/lmtp/lmtp-settings.c b/src/lmtp/lmtp-settings.c -index 1666ec9..8a27200 100644 ---- a/src/lmtp/lmtp-settings.c -+++ b/src/lmtp/lmtp-settings.c -@@ -89,7 +89,7 @@ static const struct lmtp_settings lmtp_default_settings = { - .login_trusted_networks = "", - - .mail_plugins = "", -- .mail_plugin_dir = MODULEDIR, -+ .mail_plugin_dir = "/etc/dovecot/modules", - }; - - static const struct setting_parser_info *lmtp_setting_dependencies[] = { diff --git a/pkgs/servers/mail/dovecot/2.3.x-module_dir.patch b/pkgs/servers/mail/dovecot/2.3.x-module_dir.patch new file mode 100644 index 000000000000..0f987b44d8a2 --- /dev/null +++ b/pkgs/servers/mail/dovecot/2.3.x-module_dir.patch @@ -0,0 +1,165 @@ +diff -ru dovecot-2.3.9.2.orig/src/auth/main.c dovecot-2.3.9.2/src/auth/main.c +--- dovecot-2.3.9.2.orig/src/auth/main.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/auth/main.c 2019-12-15 19:46:52.101597499 +0100 +@@ -191,7 +191,7 @@ + mod_set.debug = global_auth_settings->debug; + mod_set.filter_callback = auth_module_filter; + +- modules = module_dir_load(AUTH_MODULE_DIR, NULL, &mod_set); ++ modules = module_dir_load("/etc/dovecot/modules/auth", NULL, &mod_set); + module_dir_init(modules); + + if (!worker) +@@ -222,7 +222,7 @@ + mod_set.debug = global_auth_settings->debug; + mod_set.ignore_missing = TRUE; + +- modules = module_dir_load_missing(modules, AUTH_MODULE_DIR, names, ++ modules = module_dir_load_missing(modules, "/etc/dovecot/modules/auth", names, + &mod_set); + module_dir_init(modules); + } +diff -ru dovecot-2.3.9.2.orig/src/config/all-settings.c dovecot-2.3.9.2/src/config/all-settings.c +--- dovecot-2.3.9.2.orig/src/config/all-settings.c 2019-12-13 14:12:32.000000000 +0100 ++++ dovecot-2.3.9.2/src/config/all-settings.c 2019-12-15 19:49:42.764650074 +0100 +@@ -1080,7 +1080,7 @@ + .last_valid_gid = 0, + + .mail_plugins = "", +- .mail_plugin_dir = MODULEDIR, ++ .mail_plugin_dir = "/etc/dovecot/modules", + + .mail_log_prefix = "%s(%u)<%{pid}><%{session}>: ", + +@@ -3849,7 +3849,7 @@ + .login_log_format = "%$: %s", + .login_access_sockets = "", + .login_proxy_notify_path = "proxy-notify", +- .login_plugin_dir = MODULEDIR"/login", ++ .login_plugin_dir = "/etc/dovecot/modules""/login", + .login_plugins = "", + .login_proxy_max_disconnect_delay = 0, + .director_username_hash = "%u", +@@ -4058,7 +4058,7 @@ + .login_trusted_networks = "", + + .mail_plugins = "", +- .mail_plugin_dir = MODULEDIR, ++ .mail_plugin_dir = "/etc/dovecot/modules", + }; + static const struct setting_parser_info *lmtp_setting_dependencies[] = { + &lda_setting_parser_info, +@@ -4823,7 +4823,7 @@ + .base_dir = PKG_RUNDIR, + .libexec_dir = PKG_LIBEXECDIR, + .mail_plugins = "", +- .mail_plugin_dir = MODULEDIR, ++ .mail_plugin_dir = "/etc/dovecot/modules", + .mail_temp_dir = "/tmp", + .auth_debug = FALSE, + .auth_socket_path = "auth-userdb", +diff -ru dovecot-2.3.9.2.orig/src/config/config-parser.c dovecot-2.3.9.2/src/config/config-parser.c +--- dovecot-2.3.9.2.orig/src/config/config-parser.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/config/config-parser.c 2019-12-15 19:46:52.102597505 +0100 +@@ -1077,7 +1077,7 @@ + + i_zero(&mod_set); + mod_set.abi_version = DOVECOT_ABI_VERSION; +- modules = module_dir_load(CONFIG_MODULE_DIR, NULL, &mod_set); ++ modules = module_dir_load("/etc/dovecot/modules/settings", NULL, &mod_set); + module_dir_init(modules); + + i_array_init(&new_roots, 64); +diff -ru dovecot-2.3.9.2.orig/src/dict/main.c dovecot-2.3.9.2/src/dict/main.c +--- dovecot-2.3.9.2.orig/src/dict/main.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/dict/main.c 2019-12-15 19:46:52.102597505 +0100 +@@ -104,7 +104,7 @@ + mod_set.abi_version = DOVECOT_ABI_VERSION; + mod_set.require_init_funcs = TRUE; + +- modules = module_dir_load(DICT_MODULE_DIR, NULL, &mod_set); ++ modules = module_dir_load("/etc/dovecot/modules/dict", NULL, &mod_set); + module_dir_init(modules); + + /* Register only after loading modules. They may contain SQL drivers, +diff -ru dovecot-2.3.9.2.orig/src/doveadm/doveadm-settings.c dovecot-2.3.9.2/src/doveadm/doveadm-settings.c +--- dovecot-2.3.9.2.orig/src/doveadm/doveadm-settings.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/doveadm/doveadm-settings.c 2019-12-15 19:47:29.525812499 +0100 +@@ -89,7 +89,7 @@ + .base_dir = PKG_RUNDIR, + .libexec_dir = PKG_LIBEXECDIR, + .mail_plugins = "", +- .mail_plugin_dir = MODULEDIR, ++ .mail_plugin_dir = "/etc/dovecot/modules", + .mail_temp_dir = "/tmp", + .auth_debug = FALSE, + .auth_socket_path = "auth-userdb", +diff -ru dovecot-2.3.9.2.orig/src/doveadm/doveadm-util.c dovecot-2.3.9.2/src/doveadm/doveadm-util.c +--- dovecot-2.3.9.2.orig/src/doveadm/doveadm-util.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/doveadm/doveadm-util.c 2019-12-15 19:52:32.003844670 +0100 +@@ -33,7 +33,7 @@ + mod_set.debug = doveadm_debug; + mod_set.ignore_dlopen_errors = TRUE; + +- modules = module_dir_load_missing(modules, DOVEADM_MODULEDIR, ++ modules = module_dir_load_missing(modules, "/etc/dovecot/modules/doveadm", + NULL, &mod_set); + module_dir_init(modules); + } +@@ -58,7 +58,7 @@ + return FALSE; + } + +- dir = opendir(DOVEADM_MODULEDIR); ++ dir = opendir("/etc/dovecot/modules/doveadm"); + if (dir == NULL) + return FALSE; + +diff -ru dovecot-2.3.9.2.orig/src/lib-fs/fs-api.c dovecot-2.3.9.2/src/lib-fs/fs-api.c +--- dovecot-2.3.9.2.orig/src/lib-fs/fs-api.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/lib-fs/fs-api.c 2019-12-15 19:46:52.102597505 +0100 +@@ -114,7 +114,7 @@ + mod_set.abi_version = DOVECOT_ABI_VERSION; + mod_set.ignore_missing = TRUE; + +- fs_modules = module_dir_load_missing(fs_modules, MODULE_DIR, ++ fs_modules = module_dir_load_missing(fs_modules, "/etc/dovecot/modules", + module_name, &mod_set); + module_dir_init(fs_modules); + +diff -ru dovecot-2.3.9.2.orig/src/lib-ssl-iostream/iostream-ssl.c dovecot-2.3.9.2/src/lib-ssl-iostream/iostream-ssl.c +--- dovecot-2.3.9.2.orig/src/lib-ssl-iostream/iostream-ssl.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/lib-ssl-iostream/iostream-ssl.c 2019-12-15 19:46:52.102597505 +0100 +@@ -54,7 +54,7 @@ + mod_set.abi_version = DOVECOT_ABI_VERSION; + mod_set.setting_name = ""; + mod_set.require_init_funcs = TRUE; +- ssl_module = module_dir_load(MODULE_DIR, plugin_name, &mod_set); ++ ssl_module = module_dir_load("/etc/dovecot/modules", plugin_name, &mod_set); + if (module_dir_try_load_missing(&ssl_module, MODULE_DIR, plugin_name, + &mod_set, error_r) < 0) + return -1; +diff -ru dovecot-2.3.9.2.orig/src/lib-storage/mail-storage-settings.c dovecot-2.3.9.2/src/lib-storage/mail-storage-settings.c +--- dovecot-2.3.9.2.orig/src/lib-storage/mail-storage-settings.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/lib-storage/mail-storage-settings.c 2019-12-15 19:46:52.102597505 +0100 +@@ -337,7 +337,7 @@ + .last_valid_gid = 0, + + .mail_plugins = "", +- .mail_plugin_dir = MODULEDIR, ++ .mail_plugin_dir = "/etc/dovecot/modules", + + .mail_log_prefix = "%s(%u)<%{pid}><%{session}>: ", + +diff -ru dovecot-2.3.9.2.orig/src/lmtp/lmtp-settings.c dovecot-2.3.9.2/src/lmtp/lmtp-settings.c +--- dovecot-2.3.9.2.orig/src/lmtp/lmtp-settings.c 2019-12-13 14:12:00.000000000 +0100 ++++ dovecot-2.3.9.2/src/lmtp/lmtp-settings.c 2019-12-15 19:46:52.102597505 +0100 +@@ -95,7 +95,7 @@ + .login_trusted_networks = "", + + .mail_plugins = "", +- .mail_plugin_dir = MODULEDIR, ++ .mail_plugin_dir = "/etc/dovecot/modules", + }; + + static const struct setting_parser_info *lmtp_setting_dependencies[] = { diff --git a/pkgs/servers/mail/dovecot/default.nix b/pkgs/servers/mail/dovecot/default.nix index 35c274eff258..3aff9f53ce74 100644 --- a/pkgs/servers/mail/dovecot/default.nix +++ b/pkgs/servers/mail/dovecot/default.nix @@ -9,7 +9,7 @@ }: stdenv.mkDerivation rec { - name = "dovecot-2.3.8"; + name = "dovecot-2.3.9.2"; nativeBuildInputs = [ perl pkgconfig ]; buildInputs = @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://dovecot.org/releases/2.3/${name}.tar.gz"; - sha256 = "0jdng27hqqagjy6v7ymd0xflbv5dbc1rhh450nk39ar6pw1qsxy5"; + sha256 = "1yc6hi4hqg4hcc4495sf4m5f1lnargphi6dawj43if21vncgp127"; }; enableParallelBuilding = true; @@ -42,7 +42,7 @@ stdenv.mkDerivation rec { # Make dovecot look for plugins in /etc/dovecot/modules # so we can symlink plugins from several packages there. # The symlinking needs to be done in NixOS. - ./2.2.x-module_dir.patch + ./2.3.x-module_dir.patch ]; configureFlags = [