Date: Mon, 18 May 2020 20:50:14 +0000 (UTC) From: Larry Rosenman <ler@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r535786 - branches/2020Q2/mail/dovecot Message-ID: <202005182050.04IKoEPV086624@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ler Date: Mon May 18 20:50:14 2020 New Revision: 535786 URL: https://svnweb.freebsd.org/changeset/ports/535786 Log: MFH: r529013 r535778 mail/dovecot: use libexttextcat for lucene. PR: 244932 Submitted by: igorz@yandex.ru mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities. - CVE-2020-10957: lmtp/submission: A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication. - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands. - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. Clean up some REINPLACE warnings whilst we're here. Security: 37d106a8-15a4-483e-8247-fcb68b16eaf8 Security: CVE-2020-10957 Security: CVE-2020-10958 Security: CVE-2020-10967 Approved by: ports-secteam (joneum) Modified: branches/2020Q2/mail/dovecot/Makefile branches/2020Q2/mail/dovecot/distinfo Directory Properties: branches/2020Q2/ (props changed) Modified: branches/2020Q2/mail/dovecot/Makefile ============================================================================== --- branches/2020Q2/mail/dovecot/Makefile Mon May 18 20:22:24 2020 (r535785) +++ branches/2020Q2/mail/dovecot/Makefile Mon May 18 20:50:14 2020 (r535786) @@ -134,17 +134,12 @@ CPPFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC} LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB} post-patch: - @${REINPLACE_CMD} -e 's,/etc/dovecot,${PREFIX}/etc/dovecot,g; \ - s,sysconfdir=/etc,sysconfdir=${PREFIX}/etc,g' \ - ${WRKSRC}/doc/example-config/*.conf ${WRKSRC}/doc/example-config/conf.d/* @${REINPLACE_CMD} -e '/^LIBS =/s/$$/ @LTLIBICONV@/' \ ${WRKSRC}/src/lib-mail/Makefile.in # Install the sample config files into ETCDIR/example-config/ @${REINPLACE_CMD} -e '/^exampledir =/s|\$$(docdir)|${ETCDIR}|' \ ${WRKSRC}/doc/example-config/Makefile.in \ ${WRKSRC}/doc/example-config/conf.d/Makefile.in - @${REINPLACE_CMD} -e 's|/usr/bin|${LOCALBASE}/bin|' \ - ${WRKSRC}/src/plugins/fts/decode2text.sh post-patch-LUA-on: @${REINPLACE_CMD} -e '/^libdovecot_lua_la_DEPENDENCIES =/ s|LUA_LIBS|true|' \ Modified: branches/2020Q2/mail/dovecot/distinfo ============================================================================== --- branches/2020Q2/mail/dovecot/distinfo Mon May 18 20:22:24 2020 (r535785) +++ branches/2020Q2/mail/dovecot/distinfo Mon May 18 20:50:14 2020 (r535786) @@ -1,3 +1,3 @@ -TIMESTAMP = 1583508975 -SHA256 (dovecot-2.3.10.tar.gz) = 473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5 -SIZE (dovecot-2.3.10.tar.gz) = 7222241 +TIMESTAMP = 1589829060 +SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c +SIZE (dovecot-2.3.10.1.tar.gz) = 7226958
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005182050.04IKoEPV086624>