svn commit: r535786 - branches/2020Q2/mail/dovecot

Mon May 18 20:50:15 UTC 2020

Author: ler
Date: Mon May 18 20:50:14 2020
New Revision: 535786
URL: https://svnweb.freebsd.org/changeset/ports/535786

Log:
  MFH: r529013 r535778
  
  mail/dovecot: use libexttextcat for lucene.
  
  PR:		244932
  Submitted by:	igorz at yandex.ru
  
  mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.
  
  - CVE-2020-10957: lmtp/submission: A client can crash the server by
    sending a NOOP command with an invalid string parameter. This occurs
    particularly for a parameter that doesn't start with a double quote.
    This applies to all SMTP services, including submission-login, which
    makes it possible to crash the submission service without
    authentication.
  - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
    commands can cause the server to access freed memory, which can lead
    to a server crash. This happens when the server closes the connection
    with a "421 Too many invalid commands" error. The bad command limit
    depends on the service (lmtp or submission) and varies between 10 to
    20 bad commands.
  - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
    address that has the empty quoted string as local-part causes the
    lmtp service to crash.
  
  Clean up some REINPLACE warnings whilst we're here.
  
  Security:	37d106a8-15a4-483e-8247-fcb68b16eaf8
  Security:	CVE-2020-10957
  Security:	CVE-2020-10958
  Security:	CVE-2020-10967
  
  Approved by:	ports-secteam (joneum)

Modified:
  branches/2020Q2/mail/dovecot/Makefile
  branches/2020Q2/mail/dovecot/distinfo
Directory Properties:
  branches/2020Q2/   (props changed)

Modified: branches/2020Q2/mail/dovecot/Makefile
==============================================================================

--- branches/2020Q2/mail/dovecot/Makefile	Mon May 18 20:22:24 2020	(r535785)
+++ branches/2020Q2/mail/dovecot/Makefile	Mon May 18 20:50:14 2020	(r535786)
@@ -134,17 +134,12 @@ CPPFLAGS+=	-I${LOCALBASE}/include -I${OPENSSLINC}
 LDFLAGS+=	-L${LOCALBASE}/lib -L${OPENSSLLIB}
 
 post-patch:
-	@${REINPLACE_CMD} -e 's,/etc/dovecot,${PREFIX}/etc/dovecot,g; \
-		s,sysconfdir=/etc,sysconfdir=${PREFIX}/etc,g' \
-		${WRKSRC}/doc/example-config/*.conf ${WRKSRC}/doc/example-config/conf.d/*
 	@${REINPLACE_CMD} -e '/^LIBS =/s/$$/ @LTLIBICONV@/' \
 		${WRKSRC}/src/lib-mail/Makefile.in
 # Install the sample config files into ETCDIR/example-config/
 	@${REINPLACE_CMD} -e '/^exampledir =/s|\$$(docdir)|${ETCDIR}|' \
 		${WRKSRC}/doc/example-config/Makefile.in \
 		${WRKSRC}/doc/example-config/conf.d/Makefile.in
-	@${REINPLACE_CMD} -e 's|/usr/bin|${LOCALBASE}/bin|' \
-		${WRKSRC}/src/plugins/fts/decode2text.sh
 
 post-patch-LUA-on:
 	@${REINPLACE_CMD} -e '/^libdovecot_lua_la_DEPENDENCIES =/ s|LUA_LIBS|true|' \

Modified: branches/2020Q2/mail/dovecot/distinfo
==============================================================================
--- branches/2020Q2/mail/dovecot/distinfo	Mon May 18 20:22:24 2020	(r535785)
+++ branches/2020Q2/mail/dovecot/distinfo	Mon May 18 20:50:14 2020	(r535786)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1583508975
-SHA256 (dovecot-2.3.10.tar.gz) = 473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5
-SIZE (dovecot-2.3.10.tar.gz) = 7222241
+TIMESTAMP = 1589829060
+SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c
+SIZE (dovecot-2.3.10.1.tar.gz) = 7226958
