summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLarry Rosenman <ler@FreeBSD.org>2020-05-18 19:28:52 +0000
committerLarry Rosenman <ler@FreeBSD.org>2020-05-18 19:28:52 +0000
commit6acbbd56d34fef38fd6c7bfee324a82f131fae66 (patch)
treec38b1b36b491eea876a957f7ba27c20e1aeee36e
parent6362c0a065bf73b0718d1471110e09532caff805 (diff)
downloadfreebsd-ports-6acbbd56d34fef38fd6c7bfee324a82f131fae66.zip
mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.
- CVE-2020-10957: lmtp/submission: A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication. - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands. - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash. Clean up some REINPLACE warnings whilst we're here. MFH: 2020Q2 Security: 37d106a8-15a4-483e-8247-fcb68b16eaf8 Security: CVE-2020-10957 Security: CVE-2020-10958 Security: CVE-2020-10967
-rw-r--r--mail/dovecot/Makefile8
-rw-r--r--mail/dovecot/distinfo6
2 files changed, 4 insertions, 10 deletions
diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile
index ab2f6033c767..86fa4ca7b5fb 100644
--- a/mail/dovecot/Makefile
+++ b/mail/dovecot/Makefile
@@ -8,8 +8,7 @@
######################################################################
PORTNAME= dovecot
-PORTVERSION= 2.3.10
-PORTREVISION= 3
+PORTVERSION= 2.3.10.1
CATEGORIES= mail
MASTER_SITES= https://dovecot.org/releases/2.3/
@@ -134,17 +133,12 @@ CPPFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC}
LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB}
post-patch:
- @${REINPLACE_CMD} -e 's,/etc/dovecot,${PREFIX}/etc/dovecot,g; \
- s,sysconfdir=/etc,sysconfdir=${PREFIX}/etc,g' \
- ${WRKSRC}/doc/example-config/*.conf ${WRKSRC}/doc/example-config/conf.d/*
@${REINPLACE_CMD} -e '/^LIBS =/s/$$/ @LTLIBICONV@/' \
${WRKSRC}/src/lib-mail/Makefile.in
# Install the sample config files into ETCDIR/example-config/
@${REINPLACE_CMD} -e '/^exampledir =/s|\$$(docdir)|${ETCDIR}|' \
${WRKSRC}/doc/example-config/Makefile.in \
${WRKSRC}/doc/example-config/conf.d/Makefile.in
- @${REINPLACE_CMD} -e 's|/usr/bin|${LOCALBASE}/bin|' \
- ${WRKSRC}/src/plugins/fts/decode2text.sh
post-patch-LUA-on:
@${REINPLACE_CMD} -e '/^libdovecot_lua_la_DEPENDENCIES =/ s|LUA_LIBS|true|' \
diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo
index d67258e0401b..4a9e9595f87c 100644
--- a/mail/dovecot/distinfo
+++ b/mail/dovecot/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1583508975
-SHA256 (dovecot-2.3.10.tar.gz) = 473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5
-SIZE (dovecot-2.3.10.tar.gz) = 7222241
+TIMESTAMP = 1589829060
+SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c
+SIZE (dovecot-2.3.10.1.tar.gz) = 7226958