Fri Apr 19 05:35:04 2019 UTC ()

dovecot2: updated to 2.3.5.2

v2.3.5.2
* CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is
  enabled. This could be used rather easily to cause a DoS. Similar
  crash also happens during mail delivery when using invalid UTF8 in
  From or Subject header when OX push notification driver is used.


(adam)

diff -r1.26 -r1.27 pkgsrc/mail/dovecot2/Makefile.common
diff -r1.90 -r1.91 pkgsrc/mail/dovecot2/distinfo
diff -r1.18 -r1.19 pkgsrc/mail/dovecot2-sqlite/Makefile

--- pkgsrc/mail/dovecot2/Makefile.common 2019/03/29 14:27:43 1.26
+++ pkgsrc/mail/dovecot2/Makefile.common 2019/04/19 05:35:03 1.27

 @@ -1,27 +1,27 @@
-# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $
+# $NetBSD: Makefile.common,v 1.27 2019/04/19 05:35:03 adam Exp $
+#
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
 # must match (see PR 49563).
+#
 # used by mail/dovecot2/Makefile
 # used by mail/dovecot2-gssapi/Makefile
 # used by mail/dovecot2-ldap/Makefile
 # used by mail/dovecot2-mysql/Makefile
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
-DISTNAME=	dovecot-2.3.5.1
+DISTNAME=	dovecot-2.3.5.2
 CATEGORIES=	mail
 MASTER_SITES=	https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 MAINTAINER=	adam@NetBSD.org
 HOMEPAGE=	http://www.dovecot.org/
 COMMENT=	Secure IMAP and POP3 server
 LICENSE=	mit AND gnu-lgpl-v2.1 AND modified-bsd
 DISTINFO_FILE=	${.CURDIR}/../../mail/dovecot2/distinfo
 PATCHDIR=	${.CURDIR}/../../mail/dovecot2/patches
 USE_LIBTOOL=		yes
 USE_TOOLS+=		gmake pkg-config rpcgen

--- pkgsrc/mail/dovecot2/distinfo 2019/03/29 14:27:43 1.90
+++ pkgsrc/mail/dovecot2/distinfo 2019/04/19 05:35:04 1.91

 @@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $
+$NetBSD: distinfo,v 1.91 2019/04/19 05:35:04 adam Exp $
-SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230
+SHA1 (dovecot-2.3.5.2.tar.gz) = 501740dd5e3d299115cdc04798efb546c33b3d9d
-RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921
+RMD160 (dovecot-2.3.5.2.tar.gz) = 30af7bb381740968ac515915c77e4dd804f0febe
-SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a
+SHA512 (dovecot-2.3.5.2.tar.gz) = 041ec1c33c6accb5c89d96d7ab2f7dd59795f496c17faea1906e7977983e4a387aa855a238376515c09532731634d9d42e6d6be22659062855241847ea0213d5
-Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes
+Size (dovecot-2.3.5.2.tar.gz) = 6953228 bytes
 SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b
 SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498
 SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7
 SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc
 SHA1 (patch-src_lib_connection.h) = c147511f4ff50e4b5a048c3a363f0af90ee4c6ad
 SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af

--- pkgsrc/mail/dovecot2-sqlite/Makefile 2019/04/03 00:32:51 1.18
+++ pkgsrc/mail/dovecot2-sqlite/Makefile 2019/04/19 05:35:04 1.19

 @@ -1,16 +1,15 @@
-# $NetBSD: Makefile,v 1.18 2019/04/03 00:32:51 ryoon Exp $
+# $NetBSD: Makefile,v 1.19 2019/04/19 05:35:04 adam Exp $
 PKGREVISION= 1
 .include "../../mail/dovecot2/Makefile.common"
 PKGNAME=	${DISTNAME:S/dovecot/dovecot-sqlite/}
 COMMENT+=	(SQLite plugin)
 CONFIGURE_ARGS+=	--with-sql=plugin
 CONFIGURE_ARGS+=	--with-sqlite
 INSTALLATION_DIRS+=	lib/dovecot/auth lib/dovecot/dict
 do-install:
 	cd ${WRKSRC} && ${LIBTOOL} --mode=install ${INSTALL_LIB} 	\
 		src/lib-sql/libdriver_sqlite.la 			\