Received: by mail.netbsd.org (Postfix, from userid 605) id DCE4984D26; Sun, 12 May 2019 21:31:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 2856884D26 for ; Sun, 12 May 2019 21:31:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 7Eh2Cj-gg5T2 for ; Sun, 12 May 2019 21:31:15 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 5F67B8508E for ; Sun, 12 May 2019 20:29:57 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 59AF6FB16; Sun, 12 May 2019 20:29:57 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_155769299778470" MIME-Version: 1.0 Date: Sun, 12 May 2019 20:29:57 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2019Q1] pkgsrc/mail/dovecot2 To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20190512202957.59AF6FB16@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_155769299778470 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: spz Date: Sun May 12 20:29:57 UTC 2019 Modified Files: pkgsrc/mail/dovecot2 [pkgsrc-2019Q1]: Makefile.common PLIST distinfo Log Message: Pullup ticket #5956 - requested by taca mail/dovecot2: security update Revisions pulled up: - mail/dovecot2/Makefile.common 1.27-1.28 - mail/dovecot2/PLIST 1.65 - mail/dovecot2/distinfo 1.91-1.92 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: adam Date: Fri Apr 19 05:35:04 UTC 2019 Modified Files: pkgsrc/mail/dovecot2: Makefile.common distinfo pkgsrc/mail/dovecot2-sqlite: Makefile Log Message: dovecot2: updated to 2.3.5.2 v2.3.5.2 * CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/dovecot2/Makefile.common cvs rdiff -u -r1.90 -r1.91 pkgsrc/mail/dovecot2/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Tue Apr 30 15:21:06 UTC 2019 Modified Files: pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo Log Message: mail/dovecot2: update to 2.3.6 Update dovecot2 and dovecot-{gssapi,ldap,mysql,pgsql,sqlite} to 2.3.6. v2.3.6 2019-04-30 Aki Tuomi * CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. * CVE-2019-11499: Submission-login crashed when authentication was started over TLS secured channel and invalid authentication message was sent. * auth: Support password grant with passdb oauth2. + Use system default CAs for outbound TLS connections. + Simplify array handling with new helper macros. + fts_solr: Enable configuring batch_size and soft_commit features. - lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when XCLIENT commands were sent infinitely to the remote server. - lmtp/submission: Forwarded multi-line replies were erroneously sent as two replies to the client. - lib-smtp: client: Message was not guaranteed to contain CRLF consistently when CHUNKING was used. - fts_solr: Plugin was no longer compatible with Solr 7. - Make it possible to disable certificate checking without setting ssl_client_ca_* settings. - pop3c: SSL support was broken. - mysql: Closing connection twice lead to crash on some systems. - auth: Multiple oauth2 passdbs crashed auth process on deinit. - HTTP client connection errors infrequently triggered a segmentation fault when the connection was idle and not used for a particular client instance. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 pkgsrc/mail/dovecot2/Makefile.common cvs rdiff -u -r1.64 -r1.65 pkgsrc/mail/dovecot2/PLIST cvs rdiff -u -r1.91 -r1.92 pkgsrc/mail/dovecot2/distinfo To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.26.2.1 pkgsrc/mail/dovecot2/Makefile.common cvs rdiff -u -r1.64 -r1.64.2.1 pkgsrc/mail/dovecot2/PLIST cvs rdiff -u -r1.90 -r1.90.2.1 pkgsrc/mail/dovecot2/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_155769299778470 Content-Disposition: inline Content-Length: 2979 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/mail/dovecot2/Makefile.common diff -u pkgsrc/mail/dovecot2/Makefile.common:1.26 pkgsrc/mail/dovecot2/Makefile.common:1.26.2.1 --- pkgsrc/mail/dovecot2/Makefile.common:1.26 Fri Mar 29 14:27:43 2019 +++ pkgsrc/mail/dovecot2/Makefile.common Sun May 12 20:29:57 2019 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $ +# $NetBSD: Makefile.common,v 1.26.2.1 2019/05/12 20:29:57 spz Exp $ # # when updating to a new release, update ABI depends in # the buildlink3.mk file as well, since the plugins' version @@ -11,9 +11,9 @@ # used by mail/dovecot2-pgsql/Makefile # used by mail/dovecot2-sqlite/Makefile -DISTNAME= dovecot-2.3.5.1 +DISTNAME= dovecot-2.3.6 CATEGORIES= mail -MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/ +MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/ MAINTAINER= adam@NetBSD.org HOMEPAGE= http://www.dovecot.org/ Index: pkgsrc/mail/dovecot2/PLIST diff -u pkgsrc/mail/dovecot2/PLIST:1.64 pkgsrc/mail/dovecot2/PLIST:1.64.2.1 --- pkgsrc/mail/dovecot2/PLIST:1.64 Tue Mar 5 16:51:03 2019 +++ pkgsrc/mail/dovecot2/PLIST Sun May 12 20:29:57 2019 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.64 2019/03/05 16:51:03 hauke Exp $ +@comment $NetBSD: PLIST,v 1.64.2.1 2019/05/12 20:29:57 spz Exp $ bin/doveadm bin/doveconf bin/dsync @@ -729,6 +729,8 @@ share/doc/dovecot/documentation.txt share/doc/dovecot/dovecot-openssl.cnf share/doc/dovecot/mkcert.sh share/doc/dovecot/securecoding.txt +share/doc/dovecot/solr-config-7.7.0.xml +share/doc/dovecot/solr-schema-7.7.0.xml share/doc/dovecot/solr-schema.xml share/doc/dovecot/thread-refs.txt share/doc/dovecot/wiki/ACL.txt Index: pkgsrc/mail/dovecot2/distinfo diff -u pkgsrc/mail/dovecot2/distinfo:1.90 pkgsrc/mail/dovecot2/distinfo:1.90.2.1 --- pkgsrc/mail/dovecot2/distinfo:1.90 Fri Mar 29 14:27:43 2019 +++ pkgsrc/mail/dovecot2/distinfo Sun May 12 20:29:57 2019 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $ +$NetBSD: distinfo,v 1.90.2.1 2019/05/12 20:29:57 spz Exp $ -SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230 -RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921 -SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a -Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes +SHA1 (dovecot-2.3.6.tar.gz) = 7b939bb83bca6d2bbc932d33d5b450bd66d9d124 +RMD160 (dovecot-2.3.6.tar.gz) = 584e72ed6d8901960aa2ba48c0d3716db4222e95 +SHA512 (dovecot-2.3.6.tar.gz) = ec28af2efcbd4ab534298c3342709251074dcdb0f0f4bcad0d24b996b273387e2ce557d7ab54abafb69be3ed7dd61f25c82b9710d78156932e2eff7f941c9eb2 +Size (dovecot-2.3.6.tar.gz) = 6980135 bytes SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b --_----------=_155769299778470--