dovecot2: updated to 2.3.5.2 v2.3.5.2 * CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject header when OX push notification driver is used.diff -r1.26 -r1.27 pkgsrc/mail/dovecot2/Makefile.common
(adam)
@@ -1,27 +1,27 @@ | @@ -1,27 +1,27 @@ | |||
1 | # $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $ | 1 | # $NetBSD: Makefile.common,v 1.27 2019/04/19 05:35:03 adam Exp $ | |
2 | # | 2 | # | |
3 | # when updating to a new release, update ABI depends in | 3 | # when updating to a new release, update ABI depends in | |
4 | # the buildlink3.mk file as well, since the plugins' version | 4 | # the buildlink3.mk file as well, since the plugins' version | |
5 | # must match (see PR 49563). | 5 | # must match (see PR 49563). | |
6 | # | 6 | # | |
7 | # used by mail/dovecot2/Makefile | 7 | # used by mail/dovecot2/Makefile | |
8 | # used by mail/dovecot2-gssapi/Makefile | 8 | # used by mail/dovecot2-gssapi/Makefile | |
9 | # used by mail/dovecot2-ldap/Makefile | 9 | # used by mail/dovecot2-ldap/Makefile | |
10 | # used by mail/dovecot2-mysql/Makefile | 10 | # used by mail/dovecot2-mysql/Makefile | |
11 | # used by mail/dovecot2-pgsql/Makefile | 11 | # used by mail/dovecot2-pgsql/Makefile | |
12 | # used by mail/dovecot2-sqlite/Makefile | 12 | # used by mail/dovecot2-sqlite/Makefile | |
13 | 13 | |||
14 | DISTNAME= dovecot-2.3.5.1 | 14 | DISTNAME= dovecot-2.3.5.2 | |
15 | CATEGORIES= mail | 15 | CATEGORIES= mail | |
16 | MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/ | 16 | MASTER_SITES= https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/ | |
17 | 17 | |||
18 | MAINTAINER= adam@NetBSD.org | 18 | MAINTAINER= adam@NetBSD.org | |
19 | HOMEPAGE= http://www.dovecot.org/ | 19 | HOMEPAGE= http://www.dovecot.org/ | |
20 | COMMENT= Secure IMAP and POP3 server | 20 | COMMENT= Secure IMAP and POP3 server | |
21 | LICENSE= mit AND gnu-lgpl-v2.1 AND modified-bsd | 21 | LICENSE= mit AND gnu-lgpl-v2.1 AND modified-bsd | |
22 | 22 | |||
23 | DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo | 23 | DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo | |
24 | PATCHDIR= ${.CURDIR}/../../mail/dovecot2/patches | 24 | PATCHDIR= ${.CURDIR}/../../mail/dovecot2/patches | |
25 | 25 | |||
26 | USE_LIBTOOL= yes | 26 | USE_LIBTOOL= yes | |
27 | USE_TOOLS+= gmake pkg-config rpcgen | 27 | USE_TOOLS+= gmake pkg-config rpcgen |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | $NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $ | 1 | $NetBSD: distinfo,v 1.91 2019/04/19 05:35:04 adam Exp $ | |
2 | 2 | |||
3 | SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230 | 3 | SHA1 (dovecot-2.3.5.2.tar.gz) = 501740dd5e3d299115cdc04798efb546c33b3d9d | |
4 | RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921 | 4 | RMD160 (dovecot-2.3.5.2.tar.gz) = 30af7bb381740968ac515915c77e4dd804f0febe | |
5 | SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a | 5 | SHA512 (dovecot-2.3.5.2.tar.gz) = 041ec1c33c6accb5c89d96d7ab2f7dd59795f496c17faea1906e7977983e4a387aa855a238376515c09532731634d9d42e6d6be22659062855241847ea0213d5 | |
6 | Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes | 6 | Size (dovecot-2.3.5.2.tar.gz) = 6953228 bytes | |
7 | SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666 | 7 | SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666 | |
8 | SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e | 8 | SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e | |
9 | SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b | 9 | SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b | |
10 | SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498 | 10 | SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498 | |
11 | SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7 | 11 | SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7 | |
12 | SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc | 12 | SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc | |
13 | SHA1 (patch-src_lib_connection.h) = c147511f4ff50e4b5a048c3a363f0af90ee4c6ad | 13 | SHA1 (patch-src_lib_connection.h) = c147511f4ff50e4b5a048c3a363f0af90ee4c6ad | |
14 | SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af | 14 | SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af |
@@ -1,16 +1,15 @@ | @@ -1,16 +1,15 @@ | |||
1 | # $NetBSD: Makefile,v 1.18 2019/04/03 00:32:51 ryoon Exp $ | 1 | # $NetBSD: Makefile,v 1.19 2019/04/19 05:35:04 adam Exp $ | |
2 | 2 | |||
3 | PKGREVISION= 1 | |||
4 | .include "../../mail/dovecot2/Makefile.common" | 3 | .include "../../mail/dovecot2/Makefile.common" | |
5 | 4 | |||
6 | PKGNAME= ${DISTNAME:S/dovecot/dovecot-sqlite/} | 5 | PKGNAME= ${DISTNAME:S/dovecot/dovecot-sqlite/} | |
7 | COMMENT+= (SQLite plugin) | 6 | COMMENT+= (SQLite plugin) | |
8 | 7 | |||
9 | CONFIGURE_ARGS+= --with-sql=plugin | 8 | CONFIGURE_ARGS+= --with-sql=plugin | |
10 | CONFIGURE_ARGS+= --with-sqlite | 9 | CONFIGURE_ARGS+= --with-sqlite | |
11 | 10 | |||
12 | INSTALLATION_DIRS+= lib/dovecot/auth lib/dovecot/dict | 11 | INSTALLATION_DIRS+= lib/dovecot/auth lib/dovecot/dict | |
13 | 12 | |||
14 | do-install: | 13 | do-install: | |
15 | cd ${WRKSRC} && ${LIBTOOL} --mode=install ${INSTALL_LIB} \ | 14 | cd ${WRKSRC} && ${LIBTOOL} --mode=install ${INSTALL_LIB} \ | |
16 | src/lib-sql/libdriver_sqlite.la \ | 15 | src/lib-sql/libdriver_sqlite.la \ |