Thu Mar 1 11:13:14 2018 UTC ()
mail/dovecot2: update to 2.3.0.1

Small patch release to fix the worst bugs in v2.3.0. v2.3.1 is coming in about a month with a lot more changes.

 * CVE-2017-15130: TLS SNI config lookups may lead to excessive
   memory usage, causing imap-login/pop3-login VSZ limit to be reached
   and the process restarted. This happens only if Dovecot config has
   local_name { } or local { } configuration blocks and attacker uses
   randomly generated SNI servernames.
 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
   leak memory contents to attacker. For example, these memory contents
   might contain parts of an email from another user if the same imap
   process is reused for multiple users. First discovered by Aleksandar
   Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
   via HackerOne.
 * CVE-2017-15132: Aborted SASL authentication leaks memory in login
   process.
 * Linux: Core dumping is no longer enabled by default via
   PR_SET_DUMPABLE, because this may allow attackers to bypass
   chroot/group restrictions. Found by cPanel Security Team. Nowadays
   core dumps can be safely enabled by using "sysctl -w
   fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
   enabled by setting:
   import_environment=$import_environment PR_SET_DUMPABLE=1
 - imap-login with SSL/TLS connections may end up in infinite loop


(taca)
diff -r1.17 -r1.18 pkgsrc/mail/dovecot2/Makefile.common
diff -r1.58 -r1.59 pkgsrc/mail/dovecot2/PLIST
diff -r1.81 -r1.82 pkgsrc/mail/dovecot2/distinfo
cvs diff -r1.17 -r1.18 pkgsrc/mail/dovecot2/Makefile.common (expand / switch to unified diff)

--- pkgsrc/mail/dovecot2/Makefile.common 2018/01/24 15:16:49 1.17
+++ pkgsrc/mail/dovecot2/Makefile.common 2018/03/01 11:13:14 1.18
@@ -1,34 +1,33 @@ @@ -1,34 +1,33 @@
1# $NetBSD: Makefile.common,v 1.17 2018/01/24 15:16:49 jperkin Exp $ 1# $NetBSD: Makefile.common,v 1.18 2018/03/01 11:13:14 taca Exp $
2# 2#
3# when updating to a new release, update ABI depends in 3# when updating to a new release, update ABI depends in
4# the buildlink3.mk file as well, since the plugins' version 4# the buildlink3.mk file as well, since the plugins' version
5# must match (see PR 49563). 5# must match (see PR 49563).
6# 6#
7# used by mail/dovecot2/Makefile 7# used by mail/dovecot2/Makefile
8# used by mail/dovecot2/Makefile.plugin 8# used by mail/dovecot2/Makefile.plugin
9 9
10DISTNAME= dovecot-2.3.0 10DISTNAME= dovecot-2.3.0.1
11CATEGORIES= mail 11CATEGORIES= mail
12MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/ 12MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
13 13
14MAINTAINER= adam@NetBSD.org 14MAINTAINER= adam@NetBSD.org
15HOMEPAGE= http://www.dovecot.org/ 15HOMEPAGE= http://www.dovecot.org/
16COMMENT= Secure IMAP and POP3 server 16COMMENT= Secure IMAP and POP3 server
17LICENSE= mit AND gnu-lgpl-v2.1 AND modified-bsd 17LICENSE= mit AND gnu-lgpl-v2.1 AND modified-bsd
18 18
19DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo 19DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo
20PATCHDIR= ${.CURDIR}/../../mail/dovecot2/patches 20PATCHDIR= ${.CURDIR}/../../mail/dovecot2/patches
21WRKSRC= ${WRKDIR}/${DISTNAME:S/dovecot/dovecot-ce/} 
22 21
23USE_LIBTOOL= yes 22USE_LIBTOOL= yes
24USE_TOOLS+= gmake pkg-config rpcgen 23USE_TOOLS+= gmake pkg-config rpcgen
25GNU_CONFIGURE= yes 24GNU_CONFIGURE= yes
26 25
27.include "../../mk/bsd.prefs.mk" 26.include "../../mk/bsd.prefs.mk"
28 27
29CONFIGURE_ARGS+= --localstatedir=${VARBASE} 28CONFIGURE_ARGS+= --localstatedir=${VARBASE}
30CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 29CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
31CONFIGURE_ARGS+= --with-ssldir=${SSLDIR} 30CONFIGURE_ARGS+= --with-ssldir=${SSLDIR}
32CONFIGURE_ARGS+= --without-gssapi 31CONFIGURE_ARGS+= --without-gssapi
33CONFIGURE_ARGS+= --without-ldap 32CONFIGURE_ARGS+= --without-ldap
34 33
cvs diff -r1.58 -r1.59 pkgsrc/mail/dovecot2/PLIST (expand / switch to unified diff)

--- pkgsrc/mail/dovecot2/PLIST 2018/01/02 15:52:44 1.58
+++ pkgsrc/mail/dovecot2/PLIST 2018/03/01 11:13:14 1.59
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.58 2018/01/02 15:52:44 fhajny Exp $ 1@comment $NetBSD: PLIST,v 1.59 2018/03/01 11:13:14 taca Exp $
2bin/doveadm 2bin/doveadm
3bin/doveconf 3bin/doveconf
4bin/dsync 4bin/dsync
5include/dovecot/access-lookup.h 5include/dovecot/access-lookup.h
6include/dovecot/acl-api-private.h 6include/dovecot/acl-api-private.h
7include/dovecot/acl-api.h 7include/dovecot/acl-api.h
8include/dovecot/acl-cache.h 8include/dovecot/acl-cache.h
9include/dovecot/acl-global-file.h 9include/dovecot/acl-global-file.h
10include/dovecot/acl-lookup-dict.h 10include/dovecot/acl-lookup-dict.h
11include/dovecot/acl-plugin.h 11include/dovecot/acl-plugin.h
12include/dovecot/acl-storage.h 12include/dovecot/acl-storage.h
13include/dovecot/anvil-client.h 13include/dovecot/anvil-client.h
14include/dovecot/aqueue.h 14include/dovecot/aqueue.h
@@ -755,26 +755,27 @@ share/doc/dovecot/wiki/ConfigFile.txt @@ -755,26 +755,27 @@ share/doc/dovecot/wiki/ConfigFile.txt
755share/doc/dovecot/wiki/Debugging.Authentication.txt 755share/doc/dovecot/wiki/Debugging.Authentication.txt
756share/doc/dovecot/wiki/Debugging.ProcessTracing.txt 756share/doc/dovecot/wiki/Debugging.ProcessTracing.txt
757share/doc/dovecot/wiki/Debugging.Rawlog.txt 757share/doc/dovecot/wiki/Debugging.Rawlog.txt
758share/doc/dovecot/wiki/Debugging.Thunderbird.txt 758share/doc/dovecot/wiki/Debugging.Thunderbird.txt
759share/doc/dovecot/wiki/Design.Arrays.txt 759share/doc/dovecot/wiki/Design.Arrays.txt
760share/doc/dovecot/wiki/Design.AuthProcess.txt 760share/doc/dovecot/wiki/Design.AuthProcess.txt
761share/doc/dovecot/wiki/Design.AuthProtocol.txt 761share/doc/dovecot/wiki/Design.AuthProtocol.txt
762share/doc/dovecot/wiki/Design.Buffers.txt 762share/doc/dovecot/wiki/Design.Buffers.txt
763share/doc/dovecot/wiki/Design.Code.txt 763share/doc/dovecot/wiki/Design.Code.txt
764share/doc/dovecot/wiki/Design.Dcrypt.txt 764share/doc/dovecot/wiki/Design.Dcrypt.txt
765share/doc/dovecot/wiki/Design.DoveadmProtocol.HTTP.txt 765share/doc/dovecot/wiki/Design.DoveadmProtocol.HTTP.txt
766share/doc/dovecot/wiki/Design.DoveadmProtocol.txt 766share/doc/dovecot/wiki/Design.DoveadmProtocol.txt
767share/doc/dovecot/wiki/Design.Dsync.txt 767share/doc/dovecot/wiki/Design.Dsync.txt
 768share/doc/dovecot/wiki/Design.Events.txt
768share/doc/dovecot/wiki/Design.Indexes.Cache.txt 769share/doc/dovecot/wiki/Design.Indexes.Cache.txt
769share/doc/dovecot/wiki/Design.Indexes.MailIndexApi.txt 770share/doc/dovecot/wiki/Design.Indexes.MailIndexApi.txt
770share/doc/dovecot/wiki/Design.Indexes.MainIndex.txt 771share/doc/dovecot/wiki/Design.Indexes.MainIndex.txt
771share/doc/dovecot/wiki/Design.Indexes.TransactionLog.txt 772share/doc/dovecot/wiki/Design.Indexes.TransactionLog.txt
772share/doc/dovecot/wiki/Design.Indexes.txt 773share/doc/dovecot/wiki/Design.Indexes.txt
773share/doc/dovecot/wiki/Design.InputStreams.txt 774share/doc/dovecot/wiki/Design.InputStreams.txt
774share/doc/dovecot/wiki/Design.Lua.txt 775share/doc/dovecot/wiki/Design.Lua.txt
775share/doc/dovecot/wiki/Design.MailProcess.txt 776share/doc/dovecot/wiki/Design.MailProcess.txt
776share/doc/dovecot/wiki/Design.Memory.txt 777share/doc/dovecot/wiki/Design.Memory.txt
777share/doc/dovecot/wiki/Design.OutputStreams.txt 778share/doc/dovecot/wiki/Design.OutputStreams.txt
778share/doc/dovecot/wiki/Design.Plugins.txt 779share/doc/dovecot/wiki/Design.Plugins.txt
779share/doc/dovecot/wiki/Design.Processes.txt 780share/doc/dovecot/wiki/Design.Processes.txt
780share/doc/dovecot/wiki/Design.Storage.ErrorHandling.txt 781share/doc/dovecot/wiki/Design.Storage.ErrorHandling.txt
@@ -894,26 +895,27 @@ share/doc/dovecot/wiki/Pigeonhole.Sieve. @@ -894,26 +895,27 @@ share/doc/dovecot/wiki/Pigeonhole.Sieve.
894share/doc/dovecot/wiki/Pigeonhole.Sieve.Extensions.Vacation.txt 895share/doc/dovecot/wiki/Pigeonhole.Sieve.Extensions.Vacation.txt
895share/doc/dovecot/wiki/Pigeonhole.Sieve.Extensions.txt 896share/doc/dovecot/wiki/Pigeonhole.Sieve.Extensions.txt
896share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.Extdata.txt 897share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.Extdata.txt
897share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.Extprograms.txt 898share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.Extprograms.txt
898share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.IMAPSieve.txt 899share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.IMAPSieve.txt
899share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.Pipe.txt 900share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.Pipe.txt
900share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.txt 901share/doc/dovecot/wiki/Pigeonhole.Sieve.Plugins.txt
901share/doc/dovecot/wiki/Pigeonhole.Sieve.Troubleshooting.txt 902share/doc/dovecot/wiki/Pigeonhole.Sieve.Troubleshooting.txt
902share/doc/dovecot/wiki/Pigeonhole.Sieve.Usage.txt 903share/doc/dovecot/wiki/Pigeonhole.Sieve.Usage.txt
903share/doc/dovecot/wiki/Pigeonhole.Sieve.txt 904share/doc/dovecot/wiki/Pigeonhole.Sieve.txt
904share/doc/dovecot/wiki/Pigeonhole.txt 905share/doc/dovecot/wiki/Pigeonhole.txt
905share/doc/dovecot/wiki/Plugins.Apparmor.txt 906share/doc/dovecot/wiki/Plugins.Apparmor.txt
906share/doc/dovecot/wiki/Plugins.Autocreate.txt 907share/doc/dovecot/wiki/Plugins.Autocreate.txt
 908share/doc/dovecot/wiki/Plugins.CharsetAlias.txt
907share/doc/dovecot/wiki/Plugins.Compress.txt 909share/doc/dovecot/wiki/Plugins.Compress.txt
908share/doc/dovecot/wiki/Plugins.Expire.txt 910share/doc/dovecot/wiki/Plugins.Expire.txt
909share/doc/dovecot/wiki/Plugins.FTS.Lucene.txt 911share/doc/dovecot/wiki/Plugins.FTS.Lucene.txt
910share/doc/dovecot/wiki/Plugins.FTS.Solr.txt 912share/doc/dovecot/wiki/Plugins.FTS.Solr.txt
911share/doc/dovecot/wiki/Plugins.FTS.Squat.txt 913share/doc/dovecot/wiki/Plugins.FTS.Squat.txt
912share/doc/dovecot/wiki/Plugins.FTS.txt 914share/doc/dovecot/wiki/Plugins.FTS.txt
913share/doc/dovecot/wiki/Plugins.LastLogin.txt 915share/doc/dovecot/wiki/Plugins.LastLogin.txt
914share/doc/dovecot/wiki/Plugins.Lazyexpunge.txt 916share/doc/dovecot/wiki/Plugins.Lazyexpunge.txt
915share/doc/dovecot/wiki/Plugins.Listescape.txt 917share/doc/dovecot/wiki/Plugins.Listescape.txt
916share/doc/dovecot/wiki/Plugins.MailCrypt.txt 918share/doc/dovecot/wiki/Plugins.MailCrypt.txt
917share/doc/dovecot/wiki/Plugins.MailFilter.txt 919share/doc/dovecot/wiki/Plugins.MailFilter.txt
918share/doc/dovecot/wiki/Plugins.MailLog.txt 920share/doc/dovecot/wiki/Plugins.MailLog.txt
919share/doc/dovecot/wiki/Plugins.MailboxAlias.txt 921share/doc/dovecot/wiki/Plugins.MailboxAlias.txt
cvs diff -r1.81 -r1.82 pkgsrc/mail/dovecot2/distinfo (expand / switch to unified diff)

--- pkgsrc/mail/dovecot2/distinfo 2018/01/04 00:22:02 1.81
+++ pkgsrc/mail/dovecot2/distinfo 2018/03/01 11:13:14 1.82
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1$NetBSD: distinfo,v 1.81 2018/01/04 00:22:02 maya Exp $ 1$NetBSD: distinfo,v 1.82 2018/03/01 11:13:14 taca Exp $
2 2
3SHA1 (dovecot-2.3.0.tar.gz) = e5772a317f2df99329cd9c1289adfbc552fa6b84 3SHA1 (dovecot-2.3.0.1.tar.gz) = 911440fa278c7204b1257f4d861e7de123bf5305
4RMD160 (dovecot-2.3.0.tar.gz) = f78c06acc7e729fd1d80d7128df8a44a67bdf391 4RMD160 (dovecot-2.3.0.1.tar.gz) = 6745d03a4b8d860476e2e7aacf91dd757b906037
5SHA512 (dovecot-2.3.0.tar.gz) = 8d8591e371ba2ebf8d3c1561af49b970d8351c4acdde8a97ff0ab403bf4cad6e4d96e9556c9be747a85085552449cab4c52bb41bda36e1a822594ec87661ce7f 5SHA512 (dovecot-2.3.0.1.tar.gz) = 2b30c46c1660f425f6303a15cf638388439fd7a8065c91d28caf41d9a6403a4fccb530df3f69037a634bc3b0b9e498037da6b0b93c176f5e3b5808907d3f759d
6Size (dovecot-2.3.0.tar.gz) = 6635541 bytes 6Size (dovecot-2.3.0.1.tar.gz) = 6499984 bytes
7SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666 7SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
8SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e 8SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
9SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b 9SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b
10SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498 10SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498
11SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7 11SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7
12SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc 12SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc
13SHA1 (patch-src_lib_connection.h) = c749dd1517902b6602f81e41bb90c6288a571487 13SHA1 (patch-src_lib_connection.h) = c749dd1517902b6602f81e41bb90c6288a571487
14SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af 14SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af