From owner-svn-ports-head@FreeBSD.ORG Mon Apr 15 12:28:59 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 9327B4DD; Mon, 15 Apr 2013 12:28:59 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 73FC3D8D; Mon, 15 Apr 2013 12:28:59 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r3FCSxWZ011810; Mon, 15 Apr 2013 12:28:59 GMT (envelope-from bdrewery@svn.freebsd.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r3FCSwSk011807; Mon, 15 Apr 2013 12:28:58 GMT (envelope-from bdrewery@svn.freebsd.org) Message-Id: <201304151228.r3FCSwSk011807@svn.freebsd.org> From: Bryan Drewery Date: Mon, 15 Apr 2013 12:28:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r315802 - in head: mail/sieve-connect security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 12:28:59 -0000 Author: bdrewery Date: Mon Apr 15 12:28:58 2013 New Revision: 315802 URL: http://svnweb.freebsd.org/changeset/ports/315802 Log: - Update to 0.85 - Convert to new options framework sieve-connect was not actually verifying TLS certificate identities matched the expected hostname. Changes with new version: Fix TLS verification; find server by own hostname & SRV. * TLS hostname verification was not actually happening. * IO::Socket::SSL requirement bumped to 1.14 (was 0.97). * By default, if no server specified, before falling back to localhost try to use the current hostname and SRV records in DNS to figure out if Sieve is available. Checks for sieve, imaps & imap protocol SRV records and honours target==. to mean "no". * This works better with the Mozilla::PublicSuffix module installed. * Added ability to blacklist authentication mechanisms More info: http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html PR: ports/177859 Submitted by: "Alexey V. Degtyarev" (maintainer) Approved by: portmgr (implicit) Security: a2ff483f-a5c6-11e2-9601-000d601460a4 Modified: head/mail/sieve-connect/Makefile head/mail/sieve-connect/distinfo head/security/vuxml/vuln.xml Modified: head/mail/sieve-connect/Makefile ============================================================================== --- head/mail/sieve-connect/Makefile Mon Apr 15 12:14:06 2013 (r315801) +++ head/mail/sieve-connect/Makefile Mon Apr 15 12:28:58 2013 (r315802) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= sieve-connect -PORTVERSION= 0.84 +PORTVERSION= 0.85 CATEGORIES= mail MASTER_SITES= http://people.spodhuis.org/phil.pennock/software/ \ ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/ @@ -17,7 +17,8 @@ LICENSE_PERMS= dist-mirror dist-sell pkg RUN_DEPENDS= p5-Authen-SASL>=0:${PORTSDIR}/security/p5-Authen-SASL \ p5-IO-Socket-INET6>=0:${PORTSDIR}/net/p5-IO-Socket-INET6 \ - p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \ + p5-IO-Socket-SSL>=1.14:${PORTSDIR}/security/p5-IO-Socket-SSL \ + p5-Mozilla-PublicSuffix>=0:${PORTSDIR}/dns/p5-Mozilla-PublicSuffix \ p5-Net-DNS>=0:${PORTSDIR}/dns/p5-Net-DNS \ p5-ReadLine-Gnu>=0:${PORTSDIR}/devel/p5-ReadLine-Gnu \ p5-Term-ReadKey>=0:${PORTSDIR}/devel/p5-Term-ReadKey @@ -28,7 +29,9 @@ PLIST_FILES= bin/sieve-connect MAN1= sieve-connect.1 -.if !defined(NOPORTDOCS) +.include + +.if ${PORT_OPTIONS:MDOCS} PORTDOCS= ChangeLog README TODO .endif @@ -36,7 +39,7 @@ do-install: ${INSTALL_SCRIPT} ${WRKSRC}/sieve-connect ${PREFIX}/bin/sieve-connect ${INSTALL_MAN} ${WRKSRC}/sieve-connect.1 \ ${MANPREFIX}/man/man1/sieve-connect.1 -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR} .for _doc in ${PORTDOCS} ${INSTALL_DATA} ${WRKSRC}/${_doc} ${DOCSDIR}/${_doc} Modified: head/mail/sieve-connect/distinfo ============================================================================== --- head/mail/sieve-connect/distinfo Mon Apr 15 12:14:06 2013 (r315801) +++ head/mail/sieve-connect/distinfo Mon Apr 15 12:28:58 2013 (r315802) @@ -1,2 +1,2 @@ -SHA256 (sieve-connect-0.84.tar.bz2) = 3cda30c4f7fbbe3339a1dd934c989315e5a00c32ea203494d5c8dae77a36fa47 -SIZE (sieve-connect-0.84.tar.bz2) = 31737 +SHA256 (sieve-connect-0.85.tar.bz2) = 4d4e3eec881ab45f52b2275dade90478d7a6b47942695efb29227d1538a49e7f +SIZE (sieve-connect-0.85.tar.bz2) = 34323 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Apr 15 12:14:06 2013 (r315801) +++ head/security/vuxml/vuln.xml Mon Apr 15 12:28:58 2013 (r315802) @@ -51,6 +51,32 @@ Note: Please add new entries to the beg --> + + sieve-connect -- TLS hostname verification was not occurring + + + sieve-connect + 0.85 + + + + +

sieve-connect developer Phil Pennock reports:

+
+

sieve-connect was not actually verifying TLS certificate identities + matched the expected hostname.

+
+ + + + http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html + + + 2013-04-14 + 2013-04-15 + + + linux-flashplugin -- multiple vulnerabilities