diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2020-05-20 19:15:13 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2020-05-20 19:15:13 +0000 |
commit | f6113bbe5a5d95e359c27a85655c61a2974cf13a (patch) | |
tree | 95966e42d57b77daaf754fda0cae4facd19b389b | |
parent | 7976c36fe33118224f7f55f17e1546c2d569b71e (diff) | |
download | pkgsrc-f6113bbe5a5d95e359c27a85655c61a2974cf13a.tar.gz |
Pullup ticket #6203 - requested by taca
mail/dovecot2: security fix
Revisions pulled up:
- mail/dovecot2/Makefile.common 1.40
- mail/dovecot2/distinfo 1.104
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 18 14:20:47 UTC 2020
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common distinfo
pkgsrc/mail/dovecot2-sqlite: Makefile
Log Message:
mail/dovecot2: update to 2.3.10.1
Update dovecot2 to 2.3.10.1.
v2.3.10.1 2020-05-18 Aki Tuomi <aki.tuomi@open-xchange.com>
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
-rw-r--r-- | mail/dovecot2/Makefile.common | 6 | ||||
-rw-r--r-- | mail/dovecot2/distinfo | 10 |
2 files changed, 8 insertions, 8 deletions
diff --git a/mail/dovecot2/Makefile.common b/mail/dovecot2/Makefile.common index fdc772d9ddb..5d1b76f7b07 100644 --- a/mail/dovecot2/Makefile.common +++ b/mail/dovecot2/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.39 2020/03/15 22:52:04 adam Exp $ +# $NetBSD: Makefile.common,v 1.39.2.1 2020/05/20 19:15:13 bsiegert Exp $ # # when updating to a new release, update ABI depends in # the buildlink3.mk file as well, since the plugins' version @@ -11,9 +11,9 @@ # used by mail/dovecot2-pgsql/Makefile # used by mail/dovecot2-sqlite/Makefile -DISTNAME= dovecot-2.3.10 +DISTNAME= dovecot-2.3.10.1 CATEGORIES= mail -MASTER_SITES= https://dovecot.org/releases/${PKGVERSION_NOREV:R}/ +MASTER_SITES= https://dovecot.org/releases/${PKGVERSION_NOREV:R:R}/ MAINTAINER= adam@NetBSD.org HOMEPAGE= https://www.dovecot.org/ diff --git a/mail/dovecot2/distinfo b/mail/dovecot2/distinfo index 302d09b53d0..f6f9bda1844 100644 --- a/mail/dovecot2/distinfo +++ b/mail/dovecot2/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.103 2020/03/15 22:52:04 adam Exp $ +$NetBSD: distinfo,v 1.103.2.1 2020/05/20 19:15:13 bsiegert Exp $ -SHA1 (dovecot-2.3.10.tar.gz) = cf0d572b640bec519c3c771716d0b32148dc2bd4 -RMD160 (dovecot-2.3.10.tar.gz) = c4892cc02b7a414a23a03c6adb03acc115c0796b -SHA512 (dovecot-2.3.10.tar.gz) = 73e10d7d1e616d6599eb53f2d2d1ac0f0f2e6e84019faac5cd525e833da44839a7e483635b61d432e3254a9e5f6f90915bec8940c584210341085241949dffa2 -Size (dovecot-2.3.10.tar.gz) = 7222241 bytes +SHA1 (dovecot-2.3.10.1.tar.gz) = d8afa71f3a7a2c2e406745ff43057ae94ed23871 +RMD160 (dovecot-2.3.10.1.tar.gz) = f68993644d14c4bae321e2525fb6c885724d8ebd +SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 +Size (dovecot-2.3.10.1.tar.gz) = 7226958 bytes SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b |