diff options
author | Larry Rosenman <ler@FreeBSD.org> | 2020-05-18 19:28:52 +0000 |
---|---|---|
committer | Larry Rosenman <ler@FreeBSD.org> | 2020-05-18 19:28:52 +0000 |
commit | 6acbbd56d34fef38fd6c7bfee324a82f131fae66 (patch) | |
tree | c38b1b36b491eea876a957f7ba27c20e1aeee36e /mail/dovecot | |
parent | 6362c0a065bf73b0718d1471110e09532caff805 (diff) | |
download | freebsd-ports-6acbbd56d34fef38fd6c7bfee324a82f131fae66.zip |
mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.
- CVE-2020-10957: lmtp/submission: A client can crash the server by
sending a NOOP command with an invalid string parameter. This occurs
particularly for a parameter that doesn't start with a double quote.
This applies to all SMTP services, including submission-login, which
makes it possible to crash the submission service without
authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
commands can cause the server to access freed memory, which can lead
to a server crash. This happens when the server closes the connection
with a "421 Too many invalid commands" error. The bad command limit
depends on the service (lmtp or submission) and varies between 10 to
20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the
lmtp service to crash.
Clean up some REINPLACE warnings whilst we're here.
MFH: 2020Q2
Security: 37d106a8-15a4-483e-8247-fcb68b16eaf8
Security: CVE-2020-10957
Security: CVE-2020-10958
Security: CVE-2020-10967
Diffstat (limited to 'mail/dovecot')
-rw-r--r-- | mail/dovecot/Makefile | 8 | ||||
-rw-r--r-- | mail/dovecot/distinfo | 6 |
2 files changed, 4 insertions, 10 deletions
diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile index ab2f6033c767..86fa4ca7b5fb 100644 --- a/mail/dovecot/Makefile +++ b/mail/dovecot/Makefile @@ -8,8 +8,7 @@ ###################################################################### PORTNAME= dovecot -PORTVERSION= 2.3.10 -PORTREVISION= 3 +PORTVERSION= 2.3.10.1 CATEGORIES= mail MASTER_SITES= https://dovecot.org/releases/2.3/ @@ -134,17 +133,12 @@ CPPFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC} LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB} post-patch: - @${REINPLACE_CMD} -e 's,/etc/dovecot,${PREFIX}/etc/dovecot,g; \ - s,sysconfdir=/etc,sysconfdir=${PREFIX}/etc,g' \ - ${WRKSRC}/doc/example-config/*.conf ${WRKSRC}/doc/example-config/conf.d/* @${REINPLACE_CMD} -e '/^LIBS =/s/$$/ @LTLIBICONV@/' \ ${WRKSRC}/src/lib-mail/Makefile.in # Install the sample config files into ETCDIR/example-config/ @${REINPLACE_CMD} -e '/^exampledir =/s|\$$(docdir)|${ETCDIR}|' \ ${WRKSRC}/doc/example-config/Makefile.in \ ${WRKSRC}/doc/example-config/conf.d/Makefile.in - @${REINPLACE_CMD} -e 's|/usr/bin|${LOCALBASE}/bin|' \ - ${WRKSRC}/src/plugins/fts/decode2text.sh post-patch-LUA-on: @${REINPLACE_CMD} -e '/^libdovecot_lua_la_DEPENDENCIES =/ s|LUA_LIBS|true|' \ diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo index d67258e0401b..4a9e9595f87c 100644 --- a/mail/dovecot/distinfo +++ b/mail/dovecot/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1583508975 -SHA256 (dovecot-2.3.10.tar.gz) = 473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5 -SIZE (dovecot-2.3.10.tar.gz) = 7222241 +TIMESTAMP = 1589829060 +SHA256 (dovecot-2.3.10.1.tar.gz) = 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c +SIZE (dovecot-2.3.10.1.tar.gz) = 7226958 |