From 14986c7295905f23f149df2bb68d50ea07d19fe7 Mon Sep 17 00:00:00 2001 From: Niclas Zeising Date: Mon, 29 Jan 2018 20:59:18 +0000 Subject: [PATCH] Add patch and fix CVE-2017-15132 Add upstream patch to fix CVE-2017-15132, memory leak in the log in process that can cause memory exhaustion. PR: 225446 Submitted by: Vladimir Krstulja Approved by: adamw (maintainer), swills (ports-secteam) MFH: 2018Q1 Security: 92b8b284-a3a2-41b1-956c-f9cf8b74f500 --- mail/dovecot/Makefile | 2 +- .../files/patch-src_lib-auth_auth-client-request.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 mail/dovecot/files/patch-src_lib-auth_auth-client-request.c diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile index 912c52ae9efd..e2b44792bce1 100644 --- a/mail/dovecot/Makefile +++ b/mail/dovecot/Makefile @@ -13,7 +13,7 @@ PORTNAME= dovecot PORTVERSION= 2.2.33.2 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= mail ipv6 MASTER_SITES= https://www.dovecot.org/releases/2.2/ diff --git a/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c b/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c new file mode 100644 index 000000000000..7cc94b62f148 --- /dev/null +++ b/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c @@ -0,0 +1,10 @@ +--- src/lib-auth/auth-client-request.c.orig 2017-10-05 17:10:44 UTC ++++ src/lib-auth/auth-client-request.c +@@ -180,6 +180,7 @@ void auth_client_request_abort(struct auth_client_requ + + auth_client_send_cancel(request->conn->client, request->id); + call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); ++ pool_unref(&request->pool); + } + + unsigned int auth_client_request_get_id(struct auth_client_request *request)