[pkgsrc/trunk]: pkgsrc/mail/dovecot2 mail/dovecot2: update to 2.3.0.1

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/mail/dovecot2 mail/dovecot2: update to 2.3.0.1
From: taca <taca%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 08:51:39 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/dc3a6e92f922
branches:  trunk
changeset: 376395:dc3a6e92f922
user:      taca <taca%pkgsrc.org@localhost>
date:      Thu Mar 01 11:13:14 2018 +0000

description:
mail/dovecot2: update to 2.3.0.1

Small patch release to fix the worst bugs in v2.3.0. v2.3.1 is coming in about a month with a lot more changes.

 * CVE-2017-15130: TLS SNI config lookups may lead to excessive
   memory usage, causing imap-login/pop3-login VSZ limit to be reached
   and the process restarted. This happens only if Dovecot config has
   local_name { } or local { } configuration blocks and attacker uses
   randomly generated SNI servernames.
 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
   leak memory contents to attacker. For example, these memory contents
   might contain parts of an email from another user if the same imap
   process is reused for multiple users. First discovered by Aleksandar
   Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
   via HackerOne.
 * CVE-2017-15132: Aborted SASL authentication leaks memory in login
   process.
 * Linux: Core dumping is no longer enabled by default via
   PR_SET_DUMPABLE, because this may allow attackers to bypass
   chroot/group restrictions. Found by cPanel Security Team. Nowadays
   core dumps can be safely enabled by using "sysctl -w
   fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
   enabled by setting:
   import_environment=$import_environment PR_SET_DUMPABLE=1
 - imap-login with SSL/TLS connections may end up in infinite loop

diffstat:

 mail/dovecot2/Makefile.common |   7 +++----
 mail/dovecot2/PLIST           |   4 +++-
 mail/dovecot2/distinfo        |  10 +++++-----
 3 files changed, 11 insertions(+), 10 deletions(-)

diffs (72 lines):

diff -r 7b68f9930d54 -r dc3a6e92f922 mail/dovecot2/Makefile.common
--- a/mail/dovecot2/Makefile.common     Thu Mar 01 09:00:31 2018 +0000
+++ b/mail/dovecot2/Makefile.common     Thu Mar 01 11:13:14 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.17 2018/01/24 15:16:49 jperkin Exp $
+# $NetBSD: Makefile.common,v 1.18 2018/03/01 11:13:14 taca Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -7,9 +7,9 @@
 # used by mail/dovecot2/Makefile
 # used by mail/dovecot2/Makefile.plugin
 
-DISTNAME=      dovecot-2.3.0
+DISTNAME=      dovecot-2.3.0.1
 CATEGORIES=    mail
-MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://www.dovecot.org/
@@ -18,7 +18,6 @@
 
 DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo
 PATCHDIR=      ${.CURDIR}/../../mail/dovecot2/patches
-WRKSRC=                ${WRKDIR}/${DISTNAME:S/dovecot/dovecot-ce/}
 
 USE_LIBTOOL=           yes
 USE_TOOLS+=            gmake pkg-config rpcgen
diff -r 7b68f9930d54 -r dc3a6e92f922 mail/dovecot2/PLIST
--- a/mail/dovecot2/PLIST       Thu Mar 01 09:00:31 2018 +0000
+++ b/mail/dovecot2/PLIST       Thu Mar 01 11:13:14 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.58 2018/01/02 15:52:44 fhajny Exp $
+@comment $NetBSD: PLIST,v 1.59 2018/03/01 11:13:14 taca Exp $
 bin/doveadm
 bin/doveconf
 bin/dsync
@@ -765,6 +765,7 @@
 share/doc/dovecot/wiki/Design.DoveadmProtocol.HTTP.txt
 share/doc/dovecot/wiki/Design.DoveadmProtocol.txt
 share/doc/dovecot/wiki/Design.Dsync.txt
+share/doc/dovecot/wiki/Design.Events.txt
 share/doc/dovecot/wiki/Design.Indexes.Cache.txt
 share/doc/dovecot/wiki/Design.Indexes.MailIndexApi.txt
 share/doc/dovecot/wiki/Design.Indexes.MainIndex.txt
@@ -904,6 +905,7 @@
 share/doc/dovecot/wiki/Pigeonhole.txt
 share/doc/dovecot/wiki/Plugins.Apparmor.txt
 share/doc/dovecot/wiki/Plugins.Autocreate.txt
+share/doc/dovecot/wiki/Plugins.CharsetAlias.txt
 share/doc/dovecot/wiki/Plugins.Compress.txt
 share/doc/dovecot/wiki/Plugins.Expire.txt
 share/doc/dovecot/wiki/Plugins.FTS.Lucene.txt
diff -r 7b68f9930d54 -r dc3a6e92f922 mail/dovecot2/distinfo
--- a/mail/dovecot2/distinfo    Thu Mar 01 09:00:31 2018 +0000
+++ b/mail/dovecot2/distinfo    Thu Mar 01 11:13:14 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.81 2018/01/04 00:22:02 maya Exp $
+$NetBSD: distinfo,v 1.82 2018/03/01 11:13:14 taca Exp $
 
-SHA1 (dovecot-2.3.0.tar.gz) = e5772a317f2df99329cd9c1289adfbc552fa6b84
-RMD160 (dovecot-2.3.0.tar.gz) = f78c06acc7e729fd1d80d7128df8a44a67bdf391
-SHA512 (dovecot-2.3.0.tar.gz) = 8d8591e371ba2ebf8d3c1561af49b970d8351c4acdde8a97ff0ab403bf4cad6e4d96e9556c9be747a85085552449cab4c52bb41bda36e1a822594ec87661ce7f
-Size (dovecot-2.3.0.tar.gz) = 6635541 bytes
+SHA1 (dovecot-2.3.0.1.tar.gz) = 911440fa278c7204b1257f4d861e7de123bf5305
+RMD160 (dovecot-2.3.0.1.tar.gz) = 6745d03a4b8d860476e2e7aacf91dd757b906037
+SHA512 (dovecot-2.3.0.1.tar.gz) = 2b30c46c1660f425f6303a15cf638388439fd7a8065c91d28caf41d9a6403a4fccb530df3f69037a634bc3b0b9e498037da6b0b93c176f5e3b5808907d3f759d
+Size (dovecot-2.3.0.1.tar.gz) = 6499984 bytes
 SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b

Prev by Date: [pkgsrc/trunk]: pkgsrc/fonts/py-fonttools py-fonttools: updated to 3.23.0
Next by Date: [pkgsrc/trunk]: pkgsrc/doc doc: update dovecot2-* packages to 2.0.3.1
Previous by Thread: [pkgsrc/trunk]: pkgsrc/fonts/py-fonttools py-fonttools: updated to 3.23.0
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: update dovecot2-* packages to 2.0.3.1
Indexes:

Home | Main Index | Thread Index | Old Index