pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q1]: pkgsrc/mail Pullup ticket #5274 - requested by taca



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b6aebc863594
branches:  pkgsrc-2017Q1
changeset: 360236:b6aebc863594
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Apr 13 15:04:30 2017 +0000

description:
Pullup ticket #5274 - requested by taca
mail/dovecot2: security fix
mail/dovecot2-sqlite: security fix

Revisions pulled up:
- mail/dovecot2-sqlite/Makefile                                 1.5
- mail/dovecot2/Makefile.common                                 1.6
- mail/dovecot2/PLIST                                           1.53
- mail/dovecot2/distinfo                                        1.72

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Thu Apr 13 01:59:08 UTC 2017

   Modified Files:
        pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo
        pkgsrc/mail/dovecot2-sqlite: Makefile

   Log Message:
   Update dovecot2 to 2.2.29.1.  This release contains security fixes.

   v2.2.29.1 2017-04-12  Timo Sirainen <tss%iki.fi@localhost>

        - imapc reconnection fix was forgotten from 2.2.29 release, which also
          made "make check" fail in a unit test
        - dict-sql: Merging multiple UPDATEs to a single statement wasn't
          actually working.
        - Fixed building with vpopmail

   v2.2.29 2017-04-10  Timo Sirainen <tss%iki.fi@localhost>

        * passdb/userdb dict: Don't double-expand %variables in keys. If dict
          was used as the authentication passdb, using specially crafted
          %variables in the username could be used to cause DoS (CVE-2017-2669)
        * When Dovecot encounters an internal error, it logs the real error and
          usually logs another line saying what function failed. Previously the
          second log line's error message was a rather uninformative "Internal
          error occurred. Refer to server log for more information." Now the
          real error message is duplicated in this second log line.
        * lmtp: If a delivery has multiple recipients, run autoexpunging only
          for the last recipient. This avoids a problem where a long
          autoexpunge run causes LMTP client to timeout between the DATA
          replies, resulting in duplicate mail deliveries.
        * config: Don't stop the process due to idling. Otherwise the
          configuration is reloaded when the process restarts.
        * mail_log plugin: Differentiate autoexpunges from regular expunges
        * imapc: Use LOGOUT to cleanly disconnect from server.
        * lib-http: Internal status codes (>9000) are no longer visible in logs
        * director: Log vhost count changes and HOST-UP/DOWNte autoexpunges from regular expunges
        * imapc: Use LOGOUT to cleanly disconnect from server.
        * lib-http: Internal status codes (>9000) are no longer visible in logs
        * director: Log vhost count changes and HOST-UP/DOWN

   + quota: Add plugin { quota_max_mail_size } setting to limit the
          maximum individual mail size that can be saved.
        + imapc: Add imapc_features=delay-login. If set, connecting to the
          remote IMAP server isn't done until it's necessary.
        + imapc: Add imapc_connection_retry_count and
          imapc_connection_retry_interval settings.
        + imap, pop3, indexer-worker: Add (deinit) to process title before
          autoexpunging runs.
   + Added %{encrypt} and %{decrypt} variables
        + imap/pop3 proxy: Log proxy state in errors as human-readable string.
        + imap/pop3-login: All forward_* extra fields returned by passdb are
          sent to the next hop when proxying using ID/XCLIENT commands. On the
          receiving side these fields are imported and sent to auth process
          where they're accessible via %{passdb:forward_*}. This is done only
          if the sending IP address matches login_trusted_networks.
        + imap-login: If imap_id_retain=yes, send the IMAP ID string to
          auth process. %{client_id} expands to it in auth process. The ID
          string is also sent to the next hop when proxying.
        + passdb imap: Use ssl_client_ca_* settings for CA validation.
        - fts-tika: Fixed crash when parsing attachment without
          Content-Disposition header. Broken by 2.2.28.
        - trash plugin was broken in 2.2.28
        - auth: When passdb/userdb lookups were done via auth-workers, too much
          data was added to auth cache. This could have resulted in wrong
          replies when using multiple passdbs/userdbs.
        - auth: passdb { skip & mechanisms } were ignored for the first passdb
        - oauth2: Various fixes, including fixes to crashes
        - dsync: Large Sieve scripts (or other large metadata) weren't always
          synced.
   - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
        - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
        - doveadm: Exit codes weren't preserved when proxying commands via
          doveadm-server. Almost all errors used exit code 75 (tempfail).
        - ACLs weren't applied to not-yet-existing autocreated mailboxes.
        - Fixed a potential crash when parsing a broken message header.
        - cassandra: Fallback consistency settings weren't working correctly.
        - doveadm director status <user>: "Initial config" was always empty
        - imapc: Various reconnection fixes.

diffstat:

 mail/dovecot2-sqlite/Makefile |   3 +--
 mail/dovecot2/Makefile.common |   6 +++---
 mail/dovecot2/PLIST           |   6 +++++-
 mail/dovecot2/distinfo        |  10 +++++-----
 4 files changed, 14 insertions(+), 11 deletions(-)

diffs (88 lines):

diff -r 901dcabad4e9 -r b6aebc863594 mail/dovecot2-sqlite/Makefile
--- a/mail/dovecot2-sqlite/Makefile     Thu Apr 13 12:11:40 2017 +0000
+++ b/mail/dovecot2-sqlite/Makefile     Thu Apr 13 15:04:30 2017 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.4 2016/12/12 14:22:03 wiz Exp $
+# $NetBSD: Makefile,v 1.4.4.1 2017/04/13 15:04:30 bsiegert Exp $
 #
 
-PKGREVISION= 1
 .include "../../mail/dovecot2/Makefile.plugin"
 
 PKGNAME=               ${DISTNAME:S/dovecot/dovecot-sqlite/}
diff -r 901dcabad4e9 -r b6aebc863594 mail/dovecot2/Makefile.common
--- a/mail/dovecot2/Makefile.common     Thu Apr 13 12:11:40 2017 +0000
+++ b/mail/dovecot2/Makefile.common     Thu Apr 13 15:04:30 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.5 2017/03/18 07:14:46 adam Exp $
+# $NetBSD: Makefile.common,v 1.5.2.1 2017/04/13 15:04:31 bsiegert Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -9,9 +9,9 @@
 # used by mail/dovecot2-mysql/Makefile
 # used by mail/dovecot2-pgsql/Makefile
 
-DISTNAME=      dovecot-2.2.28
+DISTNAME=      dovecot-2.2.29.1
 CATEGORIES=    mail
-MASTER_SITES=  http://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES=  https://www.dovecot.org/releases/2.2/
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://www.dovecot.org/
diff -r 901dcabad4e9 -r b6aebc863594 mail/dovecot2/PLIST
--- a/mail/dovecot2/PLIST       Thu Apr 13 12:11:40 2017 +0000
+++ b/mail/dovecot2/PLIST       Thu Apr 13 15:04:30 2017 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.52 2017/03/18 07:14:46 adam Exp $
+@comment $NetBSD: PLIST,v 1.52.2.1 2017/04/13 15:04:31 bsiegert Exp $
 bin/doveadm
 bin/doveconf
 bin/dsync
@@ -150,6 +150,7 @@
 include/dovecot/hmac-cram-md5.h
 include/dovecot/hmac.h
 include/dovecot/home-expand.h
+include/dovecot/hook-build.h
 include/dovecot/hostpid.h
 include/dovecot/http-auth.h
 include/dovecot/http-client-private.h
@@ -538,9 +539,11 @@
 include/dovecot/userdb.h
 include/dovecot/utc-mktime.h
 include/dovecot/utc-offset.h
+include/dovecot/var-expand-private.h
 include/dovecot/var-expand.h
 include/dovecot/wildcard-match.h
 include/dovecot/write-full.h
+lib/dovecot/auth/lib20_auth_var_expand_crypt.la
 lib/dovecot/auth/libauthdb_imap.la
 lib/dovecot/doveadm/lib10_doveadm_acl_plugin.la
 lib/dovecot/doveadm/lib10_doveadm_expire_plugin.la
@@ -570,6 +573,7 @@
 lib/dovecot/lib20_push_notification_plugin.la
 lib/dovecot/lib20_quota_clone_plugin.la
 lib/dovecot/lib20_replication_plugin.la
+lib/dovecot/lib20_var_expand_crypt.la
 lib/dovecot/lib20_virtual_plugin.la
 lib/dovecot/lib20_zlib_plugin.la
 lib/dovecot/lib21_fts_squat_plugin.la
diff -r 901dcabad4e9 -r b6aebc863594 mail/dovecot2/distinfo
--- a/mail/dovecot2/distinfo    Thu Apr 13 12:11:40 2017 +0000
+++ b/mail/dovecot2/distinfo    Thu Apr 13 15:04:30 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.71 2017/03/18 07:14:46 adam Exp $
+$NetBSD: distinfo,v 1.71.2.1 2017/04/13 15:04:31 bsiegert Exp $
 
-SHA1 (dovecot-2.2.28.tar.gz) = ca417ebbfea30f71311a239e082adac81e989543
-RMD160 (dovecot-2.2.28.tar.gz) = 7d70d97e28fe5a4916b37278effabdaf3a7ecd03
-SHA512 (dovecot-2.2.28.tar.gz) = 3f40eb52413130dd47da98470d797ede63db3296923c2888b48f1a021e473cfcad064671ad804037d101990457ee57def30f2c27010ede2d758f3d3cfd8ef741
-Size (dovecot-2.2.28.tar.gz) = 5921992 bytes
+SHA1 (dovecot-2.2.29.1.tar.gz) = b9fab821e50337919ac617f1bb9d72e9aa9e8778
+RMD160 (dovecot-2.2.29.1.tar.gz) = 3fcfb72df0debe90fe7b7bd7bb98e8bba210857d
+SHA512 (dovecot-2.2.29.1.tar.gz) = 1e5ea6080ebe7dd4afe6fcfe8e98ed6d2ad2735655a18cc96e439dd044ccc3a1a6a80428bc746b4d6250820895d6a62121562e97e4b46c8b1cf88a19443bc111
+Size (dovecot-2.2.29.1.tar.gz) = 5972119 bytes
 SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
 SHA1 (patch-ab) = d637a64feec8e4eafacda149cf0193aa1b70a054
 SHA1 (patch-ae) = 51d8cb998cc2ded8bfc767710e465b752c50e656



Home | Main Index | Thread Index | Old Index