CVS commit: pkgsrc/mail/dovecot2

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/dovecot2
From: "Hauke Fath" <hauke%netbsd.org@localhost>
Date: Fri, 29 Mar 2019 14:27:43 +0000

Module Name:    pkgsrc
Committed By:   hauke
Date:           Fri Mar 29 14:27:43 UTC 2019

Modified Files:
        pkgsrc/mail/dovecot2: Makefile.common distinfo

Log Message:
Security fix:

    * CVE-2019-7524: Missing input buffer size validation leads into
      arbitrary buffer overflow when reading fts or pop3 uidl header
      from Dovecot index. Exploiting this requires direct write access to
      the index files.


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/mail/dovecot2/Makefile.common
cvs rdiff -u -r1.89 -r1.90 pkgsrc/mail/dovecot2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/dovecot2/Makefile.common
diff -u pkgsrc/mail/dovecot2/Makefile.common:1.25 pkgsrc/mail/dovecot2/Makefile.common:1.26
--- pkgsrc/mail/dovecot2/Makefile.common:1.25   Tue Mar  5 16:51:03 2019
+++ pkgsrc/mail/dovecot2/Makefile.common        Fri Mar 29 14:27:43 2019
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.25 2019/03/05 16:51:03 hauke Exp $
+# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -11,9 +11,9 @@
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
 
-DISTNAME=      dovecot-2.3.5
+DISTNAME=      dovecot-2.3.5.1
 CATEGORIES=    mail
-MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://www.dovecot.org/

Index: pkgsrc/mail/dovecot2/distinfo
diff -u pkgsrc/mail/dovecot2/distinfo:1.89 pkgsrc/mail/dovecot2/distinfo:1.90
--- pkgsrc/mail/dovecot2/distinfo:1.89  Tue Mar  5 16:51:03 2019
+++ pkgsrc/mail/dovecot2/distinfo       Fri Mar 29 14:27:43 2019
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.89 2019/03/05 16:51:03 hauke Exp $
+$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $
 
-SHA1 (dovecot-2.3.5.tar.gz) = e03f2ad6d80afb1b23d4f82a5ced794e07f467b7
-RMD160 (dovecot-2.3.5.tar.gz) = 428b4351e7566dbdac8da41be890016bfc575ff7
-SHA512 (dovecot-2.3.5.tar.gz) = 10513c371aeadd52184daaf8dbb9a7559c6db55e34182bbb2c9539dae0897ddcc76f6fe2ce6a81c7ce0cb94c7f79438ae3bb0e7db8ed46615feb337b4078ecc6
-Size (dovecot-2.3.5.tar.gz) = 6970480 bytes
+SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230
+RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921
+SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a
+Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes
 SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index