Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1553869663221940"
MIME-Version: 1.0
Date: Fri, 29 Mar 2019 14:27:43 +0000
From: "Hauke Fath" <hauke@netbsd.org>
Subject: CVS commit: pkgsrc/mail/dovecot2
To: pkgsrc-changes@NetBSD.org
Reply-To: hauke@netbsd.org
Message-Id: <20190329142743.AB3C9FB16@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1553869663221940
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	hauke
Date:		Fri Mar 29 14:27:43 UTC 2019

Modified Files:
	pkgsrc/mail/dovecot2: Makefile.common distinfo

Log Message:
Security fix:

    * CVE-2019-7524: Missing input buffer size validation leads into
      arbitrary buffer overflow when reading fts or pop3 uidl header
      from Dovecot index. Exploiting this requires direct write access to
      the index files.


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 pkgsrc/mail/dovecot2/Makefile.common
cvs rdiff -u -r1.89 -r1.90 pkgsrc/mail/dovecot2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1553869663221940
Content-Disposition: inline
Content-Length: 2211
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/mail/dovecot2/Makefile.common
diff -u pkgsrc/mail/dovecot2/Makefile.common:1.25 pkgsrc/mail/dovecot2/Makefile.common:1.26
--- pkgsrc/mail/dovecot2/Makefile.common:1.25	Tue Mar  5 16:51:03 2019
+++ pkgsrc/mail/dovecot2/Makefile.common	Fri Mar 29 14:27:43 2019
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.25 2019/03/05 16:51:03 hauke Exp $
+# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -11,9 +11,9 @@
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
 
-DISTNAME=	dovecot-2.3.5
+DISTNAME=	dovecot-2.3.5.1
 CATEGORIES=	mail
-MASTER_SITES=	https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES=	https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 
 MAINTAINER=	adam@NetBSD.org
 HOMEPAGE=	http://www.dovecot.org/

Index: pkgsrc/mail/dovecot2/distinfo
diff -u pkgsrc/mail/dovecot2/distinfo:1.89 pkgsrc/mail/dovecot2/distinfo:1.90
--- pkgsrc/mail/dovecot2/distinfo:1.89	Tue Mar  5 16:51:03 2019
+++ pkgsrc/mail/dovecot2/distinfo	Fri Mar 29 14:27:43 2019
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.89 2019/03/05 16:51:03 hauke Exp $
+$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $
 
-SHA1 (dovecot-2.3.5.tar.gz) = e03f2ad6d80afb1b23d4f82a5ced794e07f467b7
-RMD160 (dovecot-2.3.5.tar.gz) = 428b4351e7566dbdac8da41be890016bfc575ff7
-SHA512 (dovecot-2.3.5.tar.gz) = 10513c371aeadd52184daaf8dbb9a7559c6db55e34182bbb2c9539dae0897ddcc76f6fe2ce6a81c7ce0cb94c7f79438ae3bb0e7db8ed46615feb337b4078ecc6
-Size (dovecot-2.3.5.tar.gz) = 6970480 bytes
+SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230
+RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921
+SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a
+Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes
 SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b


--_----------=_1553869663221940--