From owner-svn-ports-all@freebsd.org Fri Aug 14 00:27:46 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3CF473B05B3; Fri, 14 Aug 2020 00:27:46 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BSPR60qPYz42pV; Fri, 14 Aug 2020 00:27:46 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D5F0325AB5; Fri, 14 Aug 2020 00:27:45 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 07E0Rjg3007473; Fri, 14 Aug 2020 00:27:45 GMT (envelope-from ler@FreeBSD.org) Received: (from ler@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 07E0Rhep007464; Fri, 14 Aug 2020 00:27:43 GMT (envelope-from ler@FreeBSD.org) Message-Id: <202008140027.07E0Rhep007464@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ler set sender to ler@FreeBSD.org using -f From: Larry Rosenman Date: Fri, 14 Aug 2020 00:27:43 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r544857 - in head/mail: dovecot dovecot-pigeonhole dovecot/files X-SVN-Group: ports-head X-SVN-Commit-Author: ler X-SVN-Commit-Paths: in head/mail: dovecot dovecot-pigeonhole dovecot/files X-SVN-Commit-Revision: 544857 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2020 00:27:46 -0000 Author: ler Date: Fri Aug 14 00:27:43 2020 New Revision: 544857 URL: https://svnweb.freebsd.org/changeset/ports/544857 Log: mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.11.3 and 0.5.11, repectively. dovecot changelog: * CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory. * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash. * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts zero-length message, which leads to assert-crash later on. * Events: Fix inconsistency in events. See event documentation in https://doc.dovecot.org. * imap_command_finished event's cmd_name field now contains "unknown" for unknown commands. A new "cmd_input_name" field contains the command name exactly as it was sent. * lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*. Note that these settings are mainly intended for testing and usually shouldn't be changed. * events: Renamed "index" event category to "mail-index". * events: service: category is now using the name from configuration file. * dns-client: service dns_client was renamed to dns-client. * log: Prefixes generally use the service name from configuration file. For example dict-async service will now use "dict-async(pid): " log prefix instead of "dict(pid): " * *-login: Changed logging done by proxying to use a consistent prefix containing the IP address and port. * *-login: Changed disconnection log messages to be slightly clearer. + dict: Add events for dictionaries. + lib-index: Finish logging with events. + oauth2: Support local validation of JWT tokens. + stats: Add support for dynamic histograms and grouping. See https://doc.dovecot.org/configuration_manual/stats/. + imap: Implement RFC 8514: IMAP SAVEDATE + lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge folder) adds a lot of data to dovecot.index.cache file, commit those changes periodically to make them visible to other concurrent sessions as well. + stats: Add OpenMetrics exporter for statistics. See https://doc.dovecot.org/configuration_manual/stats/openmetrics/. + stats: Support disabling stats-writer socket by setting stats_writer_socket_path="". - auth-worker: Process keeps slowly increasing its memory usage and eventually dies with "out of memory" due to reaching vsz_limit. - auth: Prevent potential timing attacks in authentication secret comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result. - auth: Several auth-mechanisms allowed input to be truncated by NUL which can potentially lead to unintentional issues or even successful logins which should have failed. - auth: When auth policy returned a delay, auth_request_finished event had policy_result=ok field instead of policy_result=delayed. - auth: auth process crash when auth_policy_server_url is set to an invalid URL. - auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process. - dict-ldap: Crash occurs if var_expand template expansion fails. - dict: If dict client disconnected while iteration was still running, dict process could have started using 100% CPU, although it was still handling clients. - doveadm: Running doveadm commands via proxying may hang, especially when doveadm is printing a lot of output. - imap: "MOVE * destfolder" goes to a loop copying the last mail to the destination until the imap process dies due to running out of memory. - imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite loop. - imap: SEARCH doesn't support $. - lib-compress: Buffer over-read in zlib stream read. - lib-dns: If DNS lookup times out, lib-dns can cause crash in calling process. - lib-index: Fixed several bugs in dovecot.index.cache handling that could have caused cached data to be lost. - lib-index: Writing to >=1 GB dovecot.index.cache files may cause assert-crashes: Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset): assertion failed: (offset < 0x40000000) - lib-mail: v2.3.11 regression: MIME parts not returned correctly by Dovecot MIME parser. - lib-ssl-iostream: Fix buggy OpenSSL error handling without assert-crashing. If there is no error available, log it as an error instead of crashing: Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error): assertion failed: (errno != 0) - lib-ssl-iostream: ssl_key_password setting did not work. - pop3-login: Login didn't handle commands in multiple IP packets properly. This mainly affected large XCLIENT commands or a large SASL initial response parameter in the AUTH command. - pop3: pop3_deleted_flag setting was broken, causing: Panic: file seq-range-array.c: line 472 (seq_range_array_invert): assertion failed: (range[count-1].seq2 <= max_seq) - pop3-login: Login would fail with "Input buffer full" if the initial response for SASL was too long. - submission: A segfault crash may occur when the client or server disconnects while a non-transaction command like NOOP or VRFY is still being processed. - virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes: Panic: file cmd-copy.c: line 152 (fetch_and_copy): assertion failed: (copy_ctx->copy_count == seq_range_count(©_ctx->saved_uids)) pigeonhole changelog: * managesieve: managesieve_max_line_length setting is now a "size" type instead of just number of bytes. This allows using e.g. "64k" as the value. - lib-sieve: When folding white space is used in the Message-ID header, it is not stripped away correctly before the message ID value is used, causing e.g. garbled log lines at delivery. PR: 248640 PR: 248644 Submitted by: juraj@lutter.sk Reported by: juraj@lutter.sk MFH: 2020Q3 Security: 87a07de1-e55e-4d51-bb64-8d117829a26a Security: CVE-2020-12100 Security: CVE-2020-12673 Security: CVE-2020-10967 Security: CVE-2020-12674 Deleted: head/mail/dovecot/files/patch-src_lib-master_master-service.c Modified: head/mail/dovecot-pigeonhole/Makefile head/mail/dovecot-pigeonhole/distinfo head/mail/dovecot/Makefile head/mail/dovecot/distinfo head/mail/dovecot/files/patch-configure head/mail/dovecot/files/patch-src_lib-fts_fts-filter-stemmer-snowball.c head/mail/dovecot/files/patch-src_plugins_fts-lucene_SnowballFilter.h head/mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c head/mail/dovecot/pkg-plist Modified: head/mail/dovecot-pigeonhole/Makefile ============================================================================== --- head/mail/dovecot-pigeonhole/Makefile Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot-pigeonhole/Makefile Fri Aug 14 00:27:43 2020 (r544857) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= dovecot-pigeonhole -PORTVERSION= 0.5.10 +PORTVERSION= 0.5.11 CATEGORIES= mail MASTER_SITES= http://pigeonhole.dovecot.org/releases/${DOVECOTVERSION}/ DISTNAME= ${PORTNAME:C/-/-${DOVECOTVERSION}-/}-${PORTVERSION} Modified: head/mail/dovecot-pigeonhole/distinfo ============================================================================== --- head/mail/dovecot-pigeonhole/distinfo Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot-pigeonhole/distinfo Fri Aug 14 00:27:43 2020 (r544857) @@ -1,3 +1,3 @@ -TIMESTAMP = 1583764476 -SHA256 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = 48c89cc9f3caa9c5f2454f9dcca74fe251a99749a38062bfab7e5017d329605e -SIZE (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = 1899237 +TIMESTAMP = 1597360057 +SHA256 (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 0b972a441f680545ddfacd2f41fb2a705fb03249d46ed5ce7e01fe68b6cfb5f0 +SIZE (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 1912411 Modified: head/mail/dovecot/Makefile ============================================================================== --- head/mail/dovecot/Makefile Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot/Makefile Fri Aug 14 00:27:43 2020 (r544857) @@ -8,8 +8,7 @@ ###################################################################### PORTNAME= dovecot -PORTVERSION= 2.3.10.1 -PORTREVISION= 2 +PORTVERSION= 2.3.11.3 CATEGORIES= mail MASTER_SITES= https://dovecot.org/releases/2.3/ @@ -18,6 +17,8 @@ COMMENT= Secure, fast and powerful IMAP and POP3 serve LICENSE= LGPL21 MIT LICENSE_COMB= dual + +LIB_DEPENDS= libzstd.so:archivers/zstd USES= cpe iconv libtool pkgconfig ssl USE_RC_SUBR= dovecot Modified: head/mail/dovecot/distinfo ============================================================================== --- head/mail/dovecot/distinfo Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot/distinfo Fri Aug 14 00:27:43 2020 (r544857) @@ -1,3 +1,3 @@ -TIMESTAMP = 1589829060 -SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c -SIZE (dovecot-2.3.10.1.tar.gz) = 7226958 +TIMESTAMP = 1597259906 +SHA256 (dovecot-2.3.11.3.tar.gz) = d3d9ea9010277f57eb5b9f4166a5d2ba539b172bd6d5a2b2529a6db524baafdc +SIZE (dovecot-2.3.11.3.tar.gz) = 7353412 Modified: head/mail/dovecot/files/patch-configure ============================================================================== --- head/mail/dovecot/files/patch-configure Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot/files/patch-configure Fri Aug 14 00:27:43 2020 (r544857) @@ -1,6 +1,6 @@ ---- configure.orig 2020-03-05 17:36:02.000000000 +0300 -+++ configure 2020-03-23 13:27:59.882228000 +0300 -@@ -28652,13 +28652,13 @@ +--- configure.orig 2020-08-12 12:20:51 UTC ++++ configure +@@ -28901,13 +28901,13 @@ fi if test $want_stemmer != no; then Modified: head/mail/dovecot/files/patch-src_lib-fts_fts-filter-stemmer-snowball.c ============================================================================== --- head/mail/dovecot/files/patch-src_lib-fts_fts-filter-stemmer-snowball.c Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot/files/patch-src_lib-fts_fts-filter-stemmer-snowball.c Fri Aug 14 00:27:43 2020 (r544857) @@ -1,4 +1,4 @@ ---- src/lib-fts/fts-filter-stemmer-snowball.c.orig +--- src/lib-fts/fts-filter-stemmer-snowball.c.orig 2020-08-12 12:20:41 UTC +++ src/lib-fts/fts-filter-stemmer-snowball.c @@ -6,7 +6,7 @@ Modified: head/mail/dovecot/files/patch-src_plugins_fts-lucene_SnowballFilter.h ============================================================================== --- head/mail/dovecot/files/patch-src_plugins_fts-lucene_SnowballFilter.h Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot/files/patch-src_plugins_fts-lucene_SnowballFilter.h Fri Aug 14 00:27:43 2020 (r544857) @@ -1,4 +1,4 @@ ---- src/plugins/fts-lucene/SnowballFilter.h.orig +--- src/plugins/fts-lucene/SnowballFilter.h.orig 2020-08-12 12:20:41 UTC +++ src/plugins/fts-lucene/SnowballFilter.h @@ -8,7 +8,7 @@ #define _lucene_analysis_snowball_filter_ @@ -8,3 +8,4 @@ +#include "CLucene/snowball/libstemmer.h" CL_NS_DEF2(analysis,snowball) + Modified: head/mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c ============================================================================== --- head/mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c Fri Aug 14 00:27:43 2020 (r544857) @@ -1,6 +1,6 @@ ---- src/plugins/fts-solr/solr-connection.c.orig 2019-04-30 12:25:06 UTC +--- src/plugins/fts-solr/solr-connection.c.orig 2020-08-12 12:20:41 UTC +++ src/plugins/fts-solr/solr-connection.c -@@ -156,7 +156,7 @@ int solr_connection_init(const struct fts_solr_setting +@@ -103,7 +103,7 @@ int solr_connection_init(const struct fts_solr_setting http_set.ssl = ssl_client_set; http_set.debug = solr_set->debug; http_set.rawlog_dir = solr_set->rawlog_dir; @@ -8,4 +8,4 @@ + solr_http_client = http_client_init_private(&http_set); } - conn->xml_parser = XML_ParserCreate("UTF-8"); + *conn_r = conn; Modified: head/mail/dovecot/pkg-plist ============================================================================== --- head/mail/dovecot/pkg-plist Fri Aug 14 00:14:16 2020 (r544856) +++ head/mail/dovecot/pkg-plist Fri Aug 14 00:27:43 2020 (r544857) @@ -93,6 +93,7 @@ include/dovecot/auth-master.h include/dovecot/auth-penalty.h include/dovecot/auth-policy.h include/dovecot/auth-request-handler.h +include/dovecot/auth-request-handler-private.h include/dovecot/auth-request-stats.h include/dovecot/auth-request-var-expand.h include/dovecot/auth-request.h @@ -468,6 +469,7 @@ include/dovecot/mdbox-settings.h include/dovecot/mdbox-storage-rebuild.h include/dovecot/mdbox-storage.h include/dovecot/mdbox-sync.h +include/dovecot/mech-digest-md5-private.h include/dovecot/mech-otp-skey-common.h include/dovecot/mech-plain-common.h include/dovecot/mech-scram.h @@ -514,6 +516,7 @@ include/dovecot/ostream-null.h include/dovecot/ostream-private.h include/dovecot/ostream-rawlog.h include/dovecot/ostream-unix.h +include/dovecot/ostream-wrapper.h include/dovecot/ostream-zlib.h include/dovecot/ostream.h include/dovecot/passdb-blocking.h