svn commit: r535786 - branches/2020Q2/mail/dovecot
Larry Rosenman
ler at FreeBSD.org
Mon May 18 20:50:15 UTC 2020
Author: ler
Date: Mon May 18 20:50:14 2020
New Revision: 535786
URL: https://svnweb.freebsd.org/changeset/ports/535786
Log:
MFH: r529013 r535778
mail/dovecot: use libexttextcat for lucene.
PR: 244932
Submitted by: igorz at yandex.ru
mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash.
Clean up some REINPLACE warnings whilst we're here.
Security: 37d106a8-15a4-483e-8247-fcb68b16eaf8
Security: CVE-2020-10957
Security: CVE-2020-10958
Security: CVE-2020-10967
Approved by: ports-secteam (joneum)
Modified:
branches/2020Q2/mail/dovecot/Makefile
branches/2020Q2/mail/dovecot/distinfo
Directory Properties:
branches/2020Q2/ (props changed)
Modified: branches/2020Q2/mail/dovecot/Makefile
==============================================================================
--- branches/2020Q2/mail/dovecot/Makefile Mon May 18 20:22:24 2020 (r535785)
+++ branches/2020Q2/mail/dovecot/Makefile Mon May 18 20:50:14 2020 (r535786)
@@ -134,17 +134,12 @@ CPPFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC}
LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB}
post-patch:
- @${REINPLACE_CMD} -e 's,/etc/dovecot,${PREFIX}/etc/dovecot,g; \
- s,sysconfdir=/etc,sysconfdir=${PREFIX}/etc,g' \
- ${WRKSRC}/doc/example-config/*.conf ${WRKSRC}/doc/example-config/conf.d/*
@${REINPLACE_CMD} -e '/^LIBS =/s/$$/ @LTLIBICONV@/' \
${WRKSRC}/src/lib-mail/Makefile.in
# Install the sample config files into ETCDIR/example-config/
@${REINPLACE_CMD} -e '/^exampledir =/s|\$$(docdir)|${ETCDIR}|' \
${WRKSRC}/doc/example-config/Makefile.in \
${WRKSRC}/doc/example-config/conf.d/Makefile.in
- @${REINPLACE_CMD} -e 's|/usr/bin|${LOCALBASE}/bin|' \
- ${WRKSRC}/src/plugins/fts/decode2text.sh
post-patch-LUA-on:
@${REINPLACE_CMD} -e '/^libdovecot_lua_la_DEPENDENCIES =/ s|LUA_LIBS|true|' \
Modified: branches/2020Q2/mail/dovecot/distinfo
==============================================================================
--- branches/2020Q2/mail/dovecot/distinfo Mon May 18 20:22:24 2020 (r535785)
+++ branches/2020Q2/mail/dovecot/distinfo Mon May 18 20:50:14 2020 (r535786)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1583508975
-SHA256 (dovecot-2.3.10.tar.gz) = 473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5
-SIZE (dovecot-2.3.10.tar.gz) = 7222241
+TIMESTAMP = 1589829060
+SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c
+SIZE (dovecot-2.3.10.1.tar.gz) = 7226958
More information about the svn-ports-branches
mailing list