Received: by mail.netbsd.org (Postfix, from userid 605) id 66BD284D6F; Fri, 19 Apr 2019 05:35:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id E068684D64 for ; Fri, 19 Apr 2019 05:35:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id VTIDmJJXVwwY for ; Fri, 19 Apr 2019 05:35:04 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 4FF5484D32 for ; Fri, 19 Apr 2019 05:35:04 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 437C4FB16; Fri, 19 Apr 2019 05:35:04 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_155565210450750" MIME-Version: 1.0 Date: Fri, 19 Apr 2019 05:35:04 +0000 From: "Adam Ciarcinski" Subject: CVS commit: pkgsrc/mail To: pkgsrc-changes@NetBSD.org Reply-To: adam@netbsd.org X-Mailer: log_accum Message-Id: <20190419053504.437C4FB16@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_155565210450750 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: adam Date: Fri Apr 19 05:35:04 UTC 2019 Modified Files: pkgsrc/mail/dovecot2: Makefile.common distinfo pkgsrc/mail/dovecot2-sqlite: Makefile Log Message: dovecot2: updated to 2.3.5.2 v2.3.5.2 * CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/dovecot2/Makefile.common cvs rdiff -u -r1.90 -r1.91 pkgsrc/mail/dovecot2/distinfo cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/dovecot2-sqlite/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_155565210450750 Content-Disposition: inline Content-Length: 2609 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/mail/dovecot2/Makefile.common diff -u pkgsrc/mail/dovecot2/Makefile.common:1.26 pkgsrc/mail/dovecot2/Makefile.common:1.27 --- pkgsrc/mail/dovecot2/Makefile.common:1.26 Fri Mar 29 14:27:43 2019 +++ pkgsrc/mail/dovecot2/Makefile.common Fri Apr 19 05:35:03 2019 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $ +# $NetBSD: Makefile.common,v 1.27 2019/04/19 05:35:03 adam Exp $ # # when updating to a new release, update ABI depends in # the buildlink3.mk file as well, since the plugins' version @@ -11,7 +11,7 @@ # used by mail/dovecot2-pgsql/Makefile # used by mail/dovecot2-sqlite/Makefile -DISTNAME= dovecot-2.3.5.1 +DISTNAME= dovecot-2.3.5.2 CATEGORIES= mail MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/ Index: pkgsrc/mail/dovecot2/distinfo diff -u pkgsrc/mail/dovecot2/distinfo:1.90 pkgsrc/mail/dovecot2/distinfo:1.91 --- pkgsrc/mail/dovecot2/distinfo:1.90 Fri Mar 29 14:27:43 2019 +++ pkgsrc/mail/dovecot2/distinfo Fri Apr 19 05:35:04 2019 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $ +$NetBSD: distinfo,v 1.91 2019/04/19 05:35:04 adam Exp $ -SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230 -RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921 -SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a -Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes +SHA1 (dovecot-2.3.5.2.tar.gz) = 501740dd5e3d299115cdc04798efb546c33b3d9d +RMD160 (dovecot-2.3.5.2.tar.gz) = 30af7bb381740968ac515915c77e4dd804f0febe +SHA512 (dovecot-2.3.5.2.tar.gz) = 041ec1c33c6accb5c89d96d7ab2f7dd59795f496c17faea1906e7977983e4a387aa855a238376515c09532731634d9d42e6d6be22659062855241847ea0213d5 +Size (dovecot-2.3.5.2.tar.gz) = 6953228 bytes SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b Index: pkgsrc/mail/dovecot2-sqlite/Makefile diff -u pkgsrc/mail/dovecot2-sqlite/Makefile:1.18 pkgsrc/mail/dovecot2-sqlite/Makefile:1.19 --- pkgsrc/mail/dovecot2-sqlite/Makefile:1.18 Wed Apr 3 00:32:51 2019 +++ pkgsrc/mail/dovecot2-sqlite/Makefile Fri Apr 19 05:35:04 2019 @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.18 2019/04/03 00:32:51 ryoon Exp $ +# $NetBSD: Makefile,v 1.19 2019/04/19 05:35:04 adam Exp $ -PKGREVISION= 1 .include "../../mail/dovecot2/Makefile.common" PKGNAME= ${DISTNAME:S/dovecot/dovecot-sqlite/} --_----------=_155565210450750--