svn commit: r535778 - head/mail/dovecot
Larry Rosenman
ler at FreeBSD.org
Mon May 18 19:28:53 UTC 2020
Author: ler
Date: Mon May 18 19:28:52 2020
New Revision: 535778
URL: https://svnweb.freebsd.org/changeset/ports/535778
Log:
mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash.
Clean up some REINPLACE warnings whilst we're here.
MFH: 2020Q2
Security: 37d106a8-15a4-483e-8247-fcb68b16eaf8
Security: CVE-2020-10957
Security: CVE-2020-10958
Security: CVE-2020-10967
Modified:
head/mail/dovecot/Makefile
head/mail/dovecot/distinfo
Modified: head/mail/dovecot/Makefile
==============================================================================
--- head/mail/dovecot/Makefile Mon May 18 19:06:10 2020 (r535777)
+++ head/mail/dovecot/Makefile Mon May 18 19:28:52 2020 (r535778)
@@ -8,8 +8,7 @@
######################################################################
PORTNAME= dovecot
-PORTVERSION= 2.3.10
-PORTREVISION= 3
+PORTVERSION= 2.3.10.1
CATEGORIES= mail
MASTER_SITES= https://dovecot.org/releases/2.3/
@@ -134,17 +133,12 @@ CPPFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC}
LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB}
post-patch:
- @${REINPLACE_CMD} -e 's,/etc/dovecot,${PREFIX}/etc/dovecot,g; \
- s,sysconfdir=/etc,sysconfdir=${PREFIX}/etc,g' \
- ${WRKSRC}/doc/example-config/*.conf ${WRKSRC}/doc/example-config/conf.d/*
@${REINPLACE_CMD} -e '/^LIBS =/s/$$/ @LTLIBICONV@/' \
${WRKSRC}/src/lib-mail/Makefile.in
# Install the sample config files into ETCDIR/example-config/
@${REINPLACE_CMD} -e '/^exampledir =/s|\$$(docdir)|${ETCDIR}|' \
${WRKSRC}/doc/example-config/Makefile.in \
${WRKSRC}/doc/example-config/conf.d/Makefile.in
- @${REINPLACE_CMD} -e 's|/usr/bin|${LOCALBASE}/bin|' \
- ${WRKSRC}/src/plugins/fts/decode2text.sh
post-patch-LUA-on:
@${REINPLACE_CMD} -e '/^libdovecot_lua_la_DEPENDENCIES =/ s|LUA_LIBS|true|' \
Modified: head/mail/dovecot/distinfo
==============================================================================
--- head/mail/dovecot/distinfo Mon May 18 19:06:10 2020 (r535777)
+++ head/mail/dovecot/distinfo Mon May 18 19:28:52 2020 (r535778)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1583508975
-SHA256 (dovecot-2.3.10.tar.gz) = 473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5
-SIZE (dovecot-2.3.10.tar.gz) = 7222241
+TIMESTAMP = 1589829060
+SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c
+SIZE (dovecot-2.3.10.1.tar.gz) = 7226958
More information about the svn-ports-all
mailing list