pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/mail
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 12 15:54:38 UTC 2020
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common PLIST buildlink3.mk distinfo
pkgsrc/mail/dovecot2-sqlite: Makefile
Log Message:
mail/dovocot2: update to 2.3.11.3
Update dovecot2 and related packages to 2.3.11.3.
v2.3.11.3 2020-07-29 Aki Tuomi <aki.tuomi%open-xchange.com@localhost>
- pop3-login: Login didn't handle commands in multiple IP packets properly.
This mainly affected large XCLIENT commands or a large SASL initial
response parameter in the AUTH command.
- pop3: pop3_deleted_flag setting was broken, causing:
Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
assertion failed: (range[count-1].seq2 <= max_seq)
v2.3.11.2 2020-07-13 Aki Tuomi <aki.tuomi%open-xchange.com@localhost>
- auth: Lua passdb/userdb leaks stack elements per call, eventually
causing the stack to become too deep and crashing the auth or
auth-worker process.
- lib-mail: v2.3.11 regression: MIME parts not returned correctly by
Dovecot MIME parser.
- pop3-login: Login would fail with "Input buffer full" if the initial
response for SASL was too long.
v2.3.11 2020-06-17 Aki Tuomi <aki.tuomi%open-xchange.com@localhost>
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in
https://doc.dovecot.org.
* imap_command_finished event's cmd_name field now contains "unknown"
for unknown commands. A new "cmd_input_name" field contains the
command name exactly as it was sent.
* lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*.
Note that these settings are mainly intended for testing and usually
shouldn't be changed.
* events: Renamed "index" event category to "mail-index".
* events: service:<name> category is now using the name from
configuration file.
* dns-client: service dns_client was renamed to dns-client.
* log: Prefixes generally use the service name from configuration file.
For example dict-async service will now use
"dict-async(pid): " log prefix instead of "dict(pid): "
* *-login: Changed logging done by proxying to use a consistent prefix
containing the IP address and port.
* *-login: Changed disconnection log messages to be slightly clearer.
+ dict: Add events for dictionaries.
+ lib-index: Finish logging with events.
+ oauth2: Support local validation of JWT tokens.
+ stats: Add support for dynamic histograms and grouping. See
https://doc.dovecot.org/configuration_manual/stats/.
+ imap: Implement RFC 8514: IMAP SAVEDATE
+ lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge
folder) adds a lot of data to dovecot.index.cache file, commit those
changes periodically to make them visible to other concurrent sessions
as well.
+ stats: Add OpenMetrics exporter for statistics. See
https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
+ stats: Support disabling stats-writer socket by setting
stats_writer_socket_path="".
- auth-worker: Process keeps slowly increasing its memory usage and
eventually dies with "out of memory" due to reaching vsz_limit.
- auth: Prevent potential timing attacks in authentication secret
comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result.
- auth: Several auth-mechanisms allowed input to be truncated by NUL
which can potentially lead to unintentional issues or even successful
logins which should have failed.
- auth: When auth policy returned a delay, auth_request_finished event
had policy_result=ok field instead of policy_result=delayed.
- auth: auth process crash when auth_policy_server_url is set to an
invalid URL.
- dict-ldap: Crash occurs if var_expand template expansion fails.
- dict: If dict client disconnected while iteration was still running,
dict process could have started using 100% CPU, although it was still
handling clients.
- doveadm: Running doveadm commands via proxying may hang, especially
when doveadm is printing a lot of output.
- imap: "MOVE * destfolder" goes to a loop copying the last mail to the
destination until the imap process dies due to running out of memory.
- imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite
loop.
- imap: SEARCH doesn't support $.
- lib-compress: Buffer over-read in zlib stream read.
- lib-dns: If DNS lookup times out, lib-dns can cause crash in calling
process.
- lib-index: Fixed several bugs in dovecot.index.cache handling that
could have caused cached data to be lost.
- lib-index: Writing to >=1 GB dovecot.index.cache files may cause
assert-crashes:
Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset):
assertion failed: (offset < 0x40000000)
- lib-ssl-iostream: Fix buggy OpenSSL error handling without
assert-crashing. If there is no error available, log it as an error
instead of crashing:
Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error):
assertion failed: (errno != 0)
- lib-ssl-iostream: ssl_key_password setting did not work.
- submission: A segfault crash may occur when the client or server
disconnects while a non-transaction command like NOOP or VRFY is still
being processed.
- virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes:
Panic: file cmd-copy.c: line 152 (fetch_and_copy): assertion failed:
(copy_ctx->copy_count == seq_range_count(©_ctx->saved_uids))
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 pkgsrc/mail/dovecot2/Makefile.common
cvs rdiff -u -r1.69 -r1.70 pkgsrc/mail/dovecot2/PLIST
cvs rdiff -u -r1.33 -r1.34 pkgsrc/mail/dovecot2/buildlink3.mk
cvs rdiff -u -r1.104 -r1.105 pkgsrc/mail/dovecot2/distinfo
cvs rdiff -u -r1.22 -r1.23 pkgsrc/mail/dovecot2-sqlite/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/mail/dovecot2/Makefile.common
diff -u pkgsrc/mail/dovecot2/Makefile.common:1.40 pkgsrc/mail/dovecot2/Makefile.common:1.41
--- pkgsrc/mail/dovecot2/Makefile.common:1.40 Mon May 18 14:20:46 2020
+++ pkgsrc/mail/dovecot2/Makefile.common Wed Aug 12 15:54:38 2020
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.40 2020/05/18 14:20:46 taca Exp $
+# $NetBSD: Makefile.common,v 1.41 2020/08/12 15:54:38 taca Exp $
#
# when updating to a new release, update ABI depends in
# the buildlink3.mk file as well, since the plugins' version
@@ -11,7 +11,7 @@
# used by mail/dovecot2-pgsql/Makefile
# used by mail/dovecot2-sqlite/Makefile
-DISTNAME= dovecot-2.3.10.1
+DISTNAME= dovecot-2.3.11.3
CATEGORIES= mail
MASTER_SITES= https://dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
Index: pkgsrc/mail/dovecot2/PLIST
diff -u pkgsrc/mail/dovecot2/PLIST:1.69 pkgsrc/mail/dovecot2/PLIST:1.70
--- pkgsrc/mail/dovecot2/PLIST:1.69 Sun Mar 15 22:52:04 2020
+++ pkgsrc/mail/dovecot2/PLIST Wed Aug 12 15:54:38 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.69 2020/03/15 22:52:04 adam Exp $
+@comment $NetBSD: PLIST,v 1.70 2020/08/12 15:54:38 taca Exp $
bin/doveadm
bin/doveconf
bin/dovecot-sysreport
@@ -27,6 +27,7 @@ include/dovecot/auth-master-connection.h
include/dovecot/auth-master.h
include/dovecot/auth-penalty.h
include/dovecot/auth-policy.h
+include/dovecot/auth-request-handler-private.h
include/dovecot/auth-request-handler.h
include/dovecot/auth-request-stats.h
include/dovecot/auth-request-var-expand.h
@@ -403,6 +404,7 @@ include/dovecot/mdbox-settings.h
include/dovecot/mdbox-storage-rebuild.h
include/dovecot/mdbox-storage.h
include/dovecot/mdbox-sync.h
+include/dovecot/mech-digest-md5-private.h
include/dovecot/mech-otp-skey-common.h
include/dovecot/mech-plain-common.h
include/dovecot/mech-scram.h
@@ -449,6 +451,7 @@ include/dovecot/ostream-null.h
include/dovecot/ostream-private.h
include/dovecot/ostream-rawlog.h
include/dovecot/ostream-unix.h
+include/dovecot/ostream-wrapper.h
include/dovecot/ostream-zlib.h
include/dovecot/ostream.h
include/dovecot/passdb-blocking.h
Index: pkgsrc/mail/dovecot2/buildlink3.mk
diff -u pkgsrc/mail/dovecot2/buildlink3.mk:1.33 pkgsrc/mail/dovecot2/buildlink3.mk:1.34
--- pkgsrc/mail/dovecot2/buildlink3.mk:1.33 Sat Jan 18 21:48:14 2020
+++ pkgsrc/mail/dovecot2/buildlink3.mk Wed Aug 12 15:54:38 2020
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.33 2020/01/18 21:48:14 jperkin Exp $
+# $NetBSD: buildlink3.mk,v 1.34 2020/08/12 15:54:38 taca Exp $
BUILDLINK_TREE+= dovecot
@@ -7,7 +7,7 @@ DOVECOT_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.dovecot+= dovecot>=2.2.0
# must match current package version for plugins to load
-BUILDLINK_ABI_DEPENDS.dovecot+= dovecot>=2.3.9.2nb1
+BUILDLINK_ABI_DEPENDS.dovecot+= dovecot>=2.3.11.3
BUILDLINK_PKGSRCDIR.dovecot?= ../../mail/dovecot2
pkgbase:= dovecot
Index: pkgsrc/mail/dovecot2/distinfo
diff -u pkgsrc/mail/dovecot2/distinfo:1.104 pkgsrc/mail/dovecot2/distinfo:1.105
--- pkgsrc/mail/dovecot2/distinfo:1.104 Mon May 18 14:20:46 2020
+++ pkgsrc/mail/dovecot2/distinfo Wed Aug 12 15:54:38 2020
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.104 2020/05/18 14:20:46 taca Exp $
+$NetBSD: distinfo,v 1.105 2020/08/12 15:54:38 taca Exp $
-SHA1 (dovecot-2.3.10.1.tar.gz) = d8afa71f3a7a2c2e406745ff43057ae94ed23871
-RMD160 (dovecot-2.3.10.1.tar.gz) = f68993644d14c4bae321e2525fb6c885724d8ebd
-SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06
-Size (dovecot-2.3.10.1.tar.gz) = 7226958 bytes
+SHA1 (dovecot-2.3.11.3.tar.gz) = 4a094ae503ded8ccea97cc06680fbb2e0f9c3171
+RMD160 (dovecot-2.3.11.3.tar.gz) = c44a9686a24127c95bd7c439e0548bd66481ab4e
+SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb
+Size (dovecot-2.3.11.3.tar.gz) = 7353412 bytes
SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611
SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b
Index: pkgsrc/mail/dovecot2-sqlite/Makefile
diff -u pkgsrc/mail/dovecot2-sqlite/Makefile:1.22 pkgsrc/mail/dovecot2-sqlite/Makefile:1.23
--- pkgsrc/mail/dovecot2-sqlite/Makefile:1.22 Tue Jun 2 08:24:14 2020
+++ pkgsrc/mail/dovecot2-sqlite/Makefile Wed Aug 12 15:54:38 2020
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.22 2020/06/02 08:24:14 adam Exp $
+# $NetBSD: Makefile,v 1.23 2020/08/12 15:54:38 taca Exp $
-PKGREVISION= 1
.include "../../mail/dovecot2/Makefile.common"
PKGNAME= ${DISTNAME:S/dovecot/dovecot-sqlite/}
Home |
Main Index |
Thread Index |
Old Index