pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2019Q1]: pkgsrc/mail/dovecot2 Pullup ticket #5956 - requested ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7a9471ca2d7a
branches:  pkgsrc-2019Q1
changeset: 334030:7a9471ca2d7a
user:      spz <spz%pkgsrc.org@localhost>
date:      Sun May 12 20:29:57 2019 +0000

description:
Pullup ticket #5956 - requested by taca
mail/dovecot2: security update

Revisions pulled up:
- mail/dovecot2/Makefile.common                                 1.27-1.28
- mail/dovecot2/PLIST                                           1.65
- mail/dovecot2/distinfo                                        1.91-1.92

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        adam
   Date:                Fri Apr 19 05:35:04 UTC 2019

   Modified Files:
        pkgsrc/mail/dovecot2: Makefile.common distinfo
        pkgsrc/mail/dovecot2-sqlite: Makefile

   Log Message:
   dovecot2: updated to 2.3.5.2

   v2.3.5.2
   * CVE-2019-10691: Trying to login with 8bit username containing
     invalid UTF8 input causes auth process to crash if auth policy is
     enabled. This could be used rather easily to cause a DoS. Similar
     crash also happens during mail delivery when using invalid UTF8 in
     From or Subject header when OX push notification driver is used.


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/dovecot2/Makefile.common
   cvs rdiff -u -r1.90 -r1.91 pkgsrc/mail/dovecot2/distinfo

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Apr 30 15:21:06 UTC 2019

   Modified Files:
        pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo

   Log Message:
   mail/dovecot2: update to 2.3.6

   Update dovecot2 and dovecot-{gssapi,ldap,mysql,pgsql,sqlite} to 2.3.6.

   v2.3.6 2019-04-30  Aki Tuomi <aki.tuomi%open-xchange.com@localhost>

        * CVE-2019-11494: Submission-login crashed with signal 11 due to null
          pointer access when authentication was aborted by disconnecting.
        * CVE-2019-11499: Submission-login crashed when authentication was
          started over TLS secured channel and invalid authentication message
          was sent.
        * auth: Support password grant with passdb oauth2.
        + Use system default CAs for outbound TLS connections.
        + Simplify array handling with new helper macros.
        + fts_solr: Enable configuring batch_size and soft_commit features.
        - lmtp/submission: Fixed various bugs in XCLIENT handling, including a
          hang when XCLIENT commands were sent infinitely to the remote server.
        - lmtp/submission: Forwarded multi-line replies were erroneously sent
          as two replies to the client.
        - lib-smtp: client: Message was not guaranteed to contain CRLF
          consistently when CHUNKING was used.
        - fts_solr: Plugin was no longer compatible with Solr 7.
        - Make it possible to disable certificate checking without
          setting ssl_client_ca_* settings.
        - pop3c: SSL support was broken.
        - mysql: Closing connection twice lead to crash on some systems.
        - auth: Multiple oauth2 passdbs crashed auth process on deinit.
        - HTTP client connection errors infrequently triggered a segmentation
          fault when the connection was idle and not used for a particular
          client instance.


   To generate a diff of this commit:
   cvs rdiff -u -r1.27 -r1.28 pkgsrc/mail/dovecot2/Makefile.common
   cvs rdiff -u -r1.64 -r1.65 pkgsrc/mail/dovecot2/PLIST
   cvs rdiff -u -r1.91 -r1.92 pkgsrc/mail/dovecot2/distinfo

diffstat:

 mail/dovecot2/Makefile.common |   6 +++---
 mail/dovecot2/PLIST           |   4 +++-
 mail/dovecot2/distinfo        |  10 +++++-----
 3 files changed, 11 insertions(+), 9 deletions(-)

diffs (57 lines):

diff -r cd5307db60bd -r 7a9471ca2d7a mail/dovecot2/Makefile.common
--- a/mail/dovecot2/Makefile.common     Sun May 12 20:19:19 2019 +0000
+++ b/mail/dovecot2/Makefile.common     Sun May 12 20:29:57 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $
+# $NetBSD: Makefile.common,v 1.26.2.1 2019/05/12 20:29:57 spz Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -11,9 +11,9 @@
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
 
-DISTNAME=      dovecot-2.3.5.1
+DISTNAME=      dovecot-2.3.6
 CATEGORIES=    mail
-MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
+MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://www.dovecot.org/
diff -r cd5307db60bd -r 7a9471ca2d7a mail/dovecot2/PLIST
--- a/mail/dovecot2/PLIST       Sun May 12 20:19:19 2019 +0000
+++ b/mail/dovecot2/PLIST       Sun May 12 20:29:57 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.64 2019/03/05 16:51:03 hauke Exp $
+@comment $NetBSD: PLIST,v 1.64.2.1 2019/05/12 20:29:57 spz Exp $
 bin/doveadm
 bin/doveconf
 bin/dsync
@@ -729,6 +729,8 @@
 share/doc/dovecot/dovecot-openssl.cnf
 share/doc/dovecot/mkcert.sh
 share/doc/dovecot/securecoding.txt
+share/doc/dovecot/solr-config-7.7.0.xml
+share/doc/dovecot/solr-schema-7.7.0.xml
 share/doc/dovecot/solr-schema.xml
 share/doc/dovecot/thread-refs.txt
 share/doc/dovecot/wiki/ACL.txt
diff -r cd5307db60bd -r 7a9471ca2d7a mail/dovecot2/distinfo
--- a/mail/dovecot2/distinfo    Sun May 12 20:19:19 2019 +0000
+++ b/mail/dovecot2/distinfo    Sun May 12 20:29:57 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $
+$NetBSD: distinfo,v 1.90.2.1 2019/05/12 20:29:57 spz Exp $
 
-SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230
-RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921
-SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a
-Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes
+SHA1 (dovecot-2.3.6.tar.gz) = 7b939bb83bca6d2bbc932d33d5b450bd66d9d124
+RMD160 (dovecot-2.3.6.tar.gz) = 584e72ed6d8901960aa2ba48c0d3716db4222e95
+SHA512 (dovecot-2.3.6.tar.gz) = ec28af2efcbd4ab534298c3342709251074dcdb0f0f4bcad0d24b996b273387e2ce557d7ab54abafb69be3ed7dd61f25c82b9710d78156932e2eff7f941c9eb2
+Size (dovecot-2.3.6.tar.gz) = 6980135 bytes
 SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b



Home | Main Index | Thread Index | Old Index