Merge pull request #67639 from andir/19.03/dovecot

[19.03] dovecot apply CVE-2019-11500 patches
NixOS · Aug 29, 2019 · 147bd88 · 147bd88
2 parents 0715f2f + b788227
commit 147bd88
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/pkgs/servers/mail/dovecot/default.nix b/pkgs/servers/mail/dovecot/default.nix
@@ -55,6 +55,18 @@ stdenv.mkDerivation rec {
       sha256 = "1di6adkd8f6gjkpf8aiqxzwvscsq188qqah6b7r23q9j3zlv47mv";
     })
 
+    (fetchpatch {
+      name = "CVE-2019-11500-1.patch";
+      url = https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b.patch;
+      sha256 = "0cn0sk5giaf2z26zp53cj9h0xcbj347ad6zgp2k377fphn9yjcc5";
+    })
+
+    (fetchpatch {
+      name = "CVE-2019-11500-2.patch";
+      url = https://github.com/dovecot/core/commit/f904cbdfec25582bc5e2a7435bf82ff769f2526a.patch;
+      sha256 = "1dcp8axbpcib837n2x54xxylyglbh2zh9bf0y3vpvmapya162s1a";
+    })
+
   ];
 
   configureFlags = [

diff --git a/pkgs/servers/mail/dovecot/plugins/pigeonhole/default.nix b/pkgs/servers/mail/dovecot/plugins/pigeonhole/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, dovecot, openssl }:
+{ stdenv, fetchurl, dovecot, openssl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "dovecot-pigeonhole-${version}";
@@ -11,6 +11,19 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ dovecot openssl ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-11500-1.patch";
+      url = https://github.com/dovecot/pigeonhole/commit/7ce9990a5e6ba59e89b7fe1c07f574279aed922c.patch;
+      sha256 = "07l4m2wkqn910zb8d477q6asryfqzhbhxl4fl0w89s763maiam9v";
+    })
+    (fetchpatch {
+      name = "CVE-2019-11500-2.patch";
+      url = https://github.com/dovecot/pigeonhole/commit/4a299840cdb51f61f8d1ebc0210b19c40dfbc1cc.patch;
+      sha256 = "1p7jl3fcxr63yrgj5m11sbmbfnibrx5v9aifscn1wq858jnn8myf";
+    })
+  ];
+
   preConfigure = ''
     substituteInPlace src/managesieve/managesieve-settings.c --replace \
       ".executable = \"managesieve\"" \