./mail/dovecot2, Secure IMAP and POP3 server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2019Q1, Version: 2.3.6, Package name: dovecot-2.3.6, Maintainer: adam

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems,
written with security primarily in mind. Dovecot is an excellent choice for both
small and large installations. It's fast, simple to set up, requires no special
administration and it uses very little memory.


Required to run:
[archivers/lz4]

Required to build:
[pkgtools/cwrappers]

Package options: kqueue, pam, ssl, tcpwrappers

Master sites:

SHA1: 7b939bb83bca6d2bbc932d33d5b450bd66d9d124
RMD160: 584e72ed6d8901960aa2ba48c0d3716db4222e95
Filesize: 6816.538 KB

Version history: (Expand)

CVS history: (Expand)


   2019-05-12 22:29:57 by S.P.Zeidler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #5956 - requested by taca
mail/dovecot2: security update

Revisions pulled up:
- mail/dovecot2/Makefile.common                                 1.27-1.28
- mail/dovecot2/PLIST                                           1.65
- mail/dovecot2/distinfo                                        1.91-1.92

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Fri Apr 19 05:35:04 UTC 2019

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common distinfo
   	pkgsrc/mail/dovecot2-sqlite: Makefile

   Log message:
   dovecot2: updated to 2.3.5.2

   v2.3.5.2
   * CVE-2019-10691: Trying to login with 8bit username containing
     invalid UTF8 input causes auth process to crash if auth policy is
     enabled. This could be used rather easily to cause a DoS. Similar
     crash also happens during mail delivery when using invalid UTF8 in
     From or Subject header when OX push notification driver is used.

   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/mail/dovecot2/Makefile.common
   cvs rdiff -u -r1.90 -r1.91 pkgsrc/mail/dovecot2/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Apr 30 15:21:06 UTC 2019

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo

   Log message:
   mail/dovecot2: update to 2.3.6

   Update dovecot2 and dovecot-{gssapi,ldap,mysql,pgsql,sqlite} to 2.3.6.

   v2.3.6 2019-04-30  Aki Tuomi <aki.tuomi@open-xchange.com>

   	* CVE-2019-11494: Submission-login crashed with signal 11 due to null
   	  pointer access when authentication was aborted by disconnecting.
   	* CVE-2019-11499: Submission-login crashed when authentication was
   	  started over TLS secured channel and invalid authentication message
   	  was sent.
   	* auth: Support password grant with passdb oauth2.
   	+ Use system default CAs for outbound TLS connections.
   	+ Simplify array handling with new helper macros.
   	+ fts_solr: Enable configuring batch_size and soft_commit features.
   	- lmtp/submission: Fixed various bugs in XCLIENT handling, including a
   	  hang when XCLIENT commands were sent infinitely to the remote server.
   	- lmtp/submission: Forwarded multi-line replies were erroneously sent
   	  as two replies to the client.
   	- lib-smtp: client: Message was not guaranteed to contain CRLF
   	  consistently when CHUNKING was used.
   	- fts_solr: Plugin was no longer compatible with Solr 7.
   	- Make it possible to disable certificate checking without
   	  setting ssl_client_ca_* settings.
   	- pop3c: SSL support was broken.
   	- mysql: Closing connection twice lead to crash on some systems.
   	- auth: Multiple oauth2 passdbs crashed auth process on deinit.
   	- HTTP client connection errors infrequently triggered a segmentation
   	  fault when the connection was idle and not used for a particular
   	  client instance.

   To generate a diff of this commit:
   cvs rdiff -u -r1.27 -r1.28 pkgsrc/mail/dovecot2/Makefile.common
   cvs rdiff -u -r1.64 -r1.65 pkgsrc/mail/dovecot2/PLIST
   cvs rdiff -u -r1.91 -r1.92 pkgsrc/mail/dovecot2/distinfo