pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mail/dovecot2
Module Name: pkgsrc
Committed By: taca
Date: Thu Mar 1 11:13:14 UTC 2018
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo
Log Message:
mail/dovecot2: update to 2.3.0.1
Small patch release to fix the worst bugs in v2.3.0. v2.3.1 is coming in about a month with a lot more changes.
* CVE-2017-15130: TLS SNI config lookups may lead to excessive
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted. This happens only if Dovecot config has
local_name { } or local { } configuration blocks and attacker uses
randomly generated SNI servernames.
* CVE-2017-14461: Parsing invalid email addresses may cause a crash or
leak memory contents to attacker. For example, these memory contents
might contain parts of an email from another user if the same imap
process is reused for multiple users. First discovered by Aleksandar
Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
via HackerOne.
* CVE-2017-15132: Aborted SASL authentication leaks memory in login
process.
* Linux: Core dumping is no longer enabled by default via
PR_SET_DUMPABLE, because this may allow attackers to bypass
chroot/group restrictions. Found by cPanel Security Team. Nowadays
core dumps can be safely enabled by using "sysctl -w
fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
enabled by setting:
import_environment=$import_environment PR_SET_DUMPABLE=1
- imap-login with SSL/TLS connections may end up in infinite loop
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/mail/dovecot2/Makefile.common
cvs rdiff -u -r1.58 -r1.59 pkgsrc/mail/dovecot2/PLIST
cvs rdiff -u -r1.81 -r1.82 pkgsrc/mail/dovecot2/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/dovecot2/Makefile.common
diff -u pkgsrc/mail/dovecot2/Makefile.common:1.17 pkgsrc/mail/dovecot2/Makefile.common:1.18
--- pkgsrc/mail/dovecot2/Makefile.common:1.17 Wed Jan 24 15:16:49 2018
+++ pkgsrc/mail/dovecot2/Makefile.common Thu Mar 1 11:13:14 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.17 2018/01/24 15:16:49 jperkin Exp $
+# $NetBSD: Makefile.common,v 1.18 2018/03/01 11:13:14 taca Exp $
#
# when updating to a new release, update ABI depends in
# the buildlink3.mk file as well, since the plugins' version
@@ -7,9 +7,9 @@
# used by mail/dovecot2/Makefile
# used by mail/dovecot2/Makefile.plugin
-DISTNAME= dovecot-2.3.0
+DISTNAME= dovecot-2.3.0.1
CATEGORIES= mail
-MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
MAINTAINER= adam%NetBSD.org@localhost
HOMEPAGE= http://www.dovecot.org/
@@ -18,7 +18,6 @@ LICENSE= mit AND gnu-lgpl-v2.1 AND modif
DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo
PATCHDIR= ${.CURDIR}/../../mail/dovecot2/patches
-WRKSRC= ${WRKDIR}/${DISTNAME:S/dovecot/dovecot-ce/}
USE_LIBTOOL= yes
USE_TOOLS+= gmake pkg-config rpcgen
Index: pkgsrc/mail/dovecot2/PLIST
diff -u pkgsrc/mail/dovecot2/PLIST:1.58 pkgsrc/mail/dovecot2/PLIST:1.59
--- pkgsrc/mail/dovecot2/PLIST:1.58 Tue Jan 2 15:52:44 2018
+++ pkgsrc/mail/dovecot2/PLIST Thu Mar 1 11:13:14 2018
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.58 2018/01/02 15:52:44 fhajny Exp $
+@comment $NetBSD: PLIST,v 1.59 2018/03/01 11:13:14 taca Exp $
bin/doveadm
bin/doveconf
bin/dsync
@@ -765,6 +765,7 @@ share/doc/dovecot/wiki/Design.Dcrypt.txt
share/doc/dovecot/wiki/Design.DoveadmProtocol.HTTP.txt
share/doc/dovecot/wiki/Design.DoveadmProtocol.txt
share/doc/dovecot/wiki/Design.Dsync.txt
+share/doc/dovecot/wiki/Design.Events.txt
share/doc/dovecot/wiki/Design.Indexes.Cache.txt
share/doc/dovecot/wiki/Design.Indexes.MailIndexApi.txt
share/doc/dovecot/wiki/Design.Indexes.MainIndex.txt
@@ -904,6 +905,7 @@ share/doc/dovecot/wiki/Pigeonhole.Sieve.
share/doc/dovecot/wiki/Pigeonhole.txt
share/doc/dovecot/wiki/Plugins.Apparmor.txt
share/doc/dovecot/wiki/Plugins.Autocreate.txt
+share/doc/dovecot/wiki/Plugins.CharsetAlias.txt
share/doc/dovecot/wiki/Plugins.Compress.txt
share/doc/dovecot/wiki/Plugins.Expire.txt
share/doc/dovecot/wiki/Plugins.FTS.Lucene.txt
Index: pkgsrc/mail/dovecot2/distinfo
diff -u pkgsrc/mail/dovecot2/distinfo:1.81 pkgsrc/mail/dovecot2/distinfo:1.82
--- pkgsrc/mail/dovecot2/distinfo:1.81 Thu Jan 4 00:22:02 2018
+++ pkgsrc/mail/dovecot2/distinfo Thu Mar 1 11:13:14 2018
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.81 2018/01/04 00:22:02 maya Exp $
+$NetBSD: distinfo,v 1.82 2018/03/01 11:13:14 taca Exp $
-SHA1 (dovecot-2.3.0.tar.gz) = e5772a317f2df99329cd9c1289adfbc552fa6b84
-RMD160 (dovecot-2.3.0.tar.gz) = f78c06acc7e729fd1d80d7128df8a44a67bdf391
-SHA512 (dovecot-2.3.0.tar.gz) = 8d8591e371ba2ebf8d3c1561af49b970d8351c4acdde8a97ff0ab403bf4cad6e4d96e9556c9be747a85085552449cab4c52bb41bda36e1a822594ec87661ce7f
-Size (dovecot-2.3.0.tar.gz) = 6635541 bytes
+SHA1 (dovecot-2.3.0.1.tar.gz) = 911440fa278c7204b1257f4d861e7de123bf5305
+RMD160 (dovecot-2.3.0.1.tar.gz) = 6745d03a4b8d860476e2e7aacf91dd757b906037
+SHA512 (dovecot-2.3.0.1.tar.gz) = 2b30c46c1660f425f6303a15cf638388439fd7a8065c91d28caf41d9a6403a4fccb530df3f69037a634bc3b0b9e498037da6b0b93c176f5e3b5808907d3f759d
+Size (dovecot-2.3.0.1.tar.gz) = 6499984 bytes
SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b
Home |
Main Index |
Thread Index |
Old Index