svn commit: r535778 - head/mail/dovecot

Mon May 18 19:28:53 UTC 2020

Author: ler
Date: Mon May 18 19:28:52 2020
New Revision: 535778
URL: https://svnweb.freebsd.org/changeset/ports/535778

Log:
  mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.
  
  - CVE-2020-10957: lmtp/submission: A client can crash the server by
    sending a NOOP command with an invalid string parameter. This occurs
    particularly for a parameter that doesn't start with a double quote.
    This applies to all SMTP services, including submission-login, which
    makes it possible to crash the submission service without
    authentication.
  - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
    commands can cause the server to access freed memory, which can lead
    to a server crash. This happens when the server closes the connection
    with a "421 Too many invalid commands" error. The bad command limit
    depends on the service (lmtp or submission) and varies between 10 to
    20 bad commands.
  - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
    address that has the empty quoted string as local-part causes the
    lmtp service to crash.
  
  Clean up some REINPLACE warnings whilst we're here.
  
  MFH:		2020Q2
  Security:	37d106a8-15a4-483e-8247-fcb68b16eaf8
  Security:	CVE-2020-10957
  Security:	CVE-2020-10958
  Security:	CVE-2020-10967

Modified:
  head/mail/dovecot/Makefile
  head/mail/dovecot/distinfo

Modified: head/mail/dovecot/Makefile
==============================================================================

--- head/mail/dovecot/Makefile	Mon May 18 19:06:10 2020	(r535777)
+++ head/mail/dovecot/Makefile	Mon May 18 19:28:52 2020	(r535778)
@@ -8,8 +8,7 @@
 ######################################################################
 
 PORTNAME=	dovecot
-PORTVERSION=	2.3.10
-PORTREVISION=	3
+PORTVERSION=	2.3.10.1
 CATEGORIES=	mail
 MASTER_SITES=	https://dovecot.org/releases/2.3/
 
@@ -134,17 +133,12 @@ CPPFLAGS+=	-I${LOCALBASE}/include -I${OPENSSLINC}
 LDFLAGS+=	-L${LOCALBASE}/lib -L${OPENSSLLIB}
 
 post-patch:
-	@${REINPLACE_CMD} -e 's,/etc/dovecot,${PREFIX}/etc/dovecot,g; \
-		s,sysconfdir=/etc,sysconfdir=${PREFIX}/etc,g' \
-		${WRKSRC}/doc/example-config/*.conf ${WRKSRC}/doc/example-config/conf.d/*
 	@${REINPLACE_CMD} -e '/^LIBS =/s/$$/ @LTLIBICONV@/' \
 		${WRKSRC}/src/lib-mail/Makefile.in
 # Install the sample config files into ETCDIR/example-config/
 	@${REINPLACE_CMD} -e '/^exampledir =/s|\$$(docdir)|${ETCDIR}|' \
 		${WRKSRC}/doc/example-config/Makefile.in \
 		${WRKSRC}/doc/example-config/conf.d/Makefile.in
-	@${REINPLACE_CMD} -e 's|/usr/bin|${LOCALBASE}/bin|' \
-		${WRKSRC}/src/plugins/fts/decode2text.sh
 
 post-patch-LUA-on:
 	@${REINPLACE_CMD} -e '/^libdovecot_lua_la_DEPENDENCIES =/ s|LUA_LIBS|true|' \

Modified: head/mail/dovecot/distinfo
==============================================================================
--- head/mail/dovecot/distinfo	Mon May 18 19:06:10 2020	(r535777)
+++ head/mail/dovecot/distinfo	Mon May 18 19:28:52 2020	(r535778)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1583508975
-SHA256 (dovecot-2.3.10.tar.gz) = 473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5
-SIZE (dovecot-2.3.10.tar.gz) = 7222241
+TIMESTAMP = 1589829060
+SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c
+SIZE (dovecot-2.3.10.1.tar.gz) = 7226958
