Path to this page:
Subject: CVS commit: [pkgsrc-2019Q2] pkgsrc/mail/dovecot2
From: Benny Siegert
Date: 2019-09-08 19:11:50
Message id: 20190908171150.EED9FFBF4@cvs.NetBSD.org
Log Message:
Pullup ticket #6041 - requested by taca
mail/dovecot2: security fix
Revisions pulled up:
- mail/dovecot2/Makefile 1.98-1.100
- mail/dovecot2/Makefile.common 1.30-1.33
- mail/dovecot2/PLIST 1.66
- mail/dovecot2/buildlink3.mk 1.31-1.32
- mail/dovecot2/distinfo 1.93-1.97
- mail/dovecot2/options.mk 1.12
- mail/dovecot2/patches/patch-aa 1.7
- mail/dovecot2/patches/patch-src_lib_ostream-file.c deleted
---
Module Name: pkgsrc
Committed By: triaxx
Date: Wed Jul 3 05:51:54 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: options.mk
Log Message:
dovecot2: remove gnutls option that is currently broken
Fix PR pkg/54337
---
Module Name: pkgsrc
Committed By: triaxx
Date: Wed Jul 3 06:09:22 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile Makefile.common buildlink3.mk distinfo
pkgsrc/mail/dovecot2/patches: patch-aa
Log Message:
dovecot2: update blk3 to follow gnutls disabling
Do not bump revision since binary cannot be altered
pkgsrc changes:
---------------
* make blk3 conform to options.mk
* move BUILD_DEFS (pkglint WARN--)
* comment an explicit patch (pkglint ERROR--)
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jul 18 13:38:18 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common PLIST buildlink3.mk distinfo
Log Message:
mail/dovecot2:
Update dovecot2 to 2.3.7.
Changes
-------
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
external systems, see
https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
on body search, and an error using FTS index fails the search rather
than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
destination if the mail also has no system flags.
- mail_attachment_detection_options=3Dadd-flags-on-save caused email body
to be unnecessarily opened when FETCHing mail headers that were
already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
situations. This happened especially when using autoexpunging with
lazy_expunge folders. Also with mdbox format in general the cache file
wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
the deletion from disk happened the next time the folder was opened.
This could have caused unnecessary delays if the opening was done by
an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
affected, but everything else was. This delay wasn't always visible -
only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=3Dno after config reload the
existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
situations.
- Auth policy can cause segmentation fault crash during auth process
shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
server.
- config: Memory leak in config process when ssl_dh setting wasn't
set and there was no ssl-parameters.dat file.
This caused config process to die once in a while
with "out of memory".
---
Module Name: pkgsrc
Committed By: hauke
Date: Fri Jul 19 15:13:31 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile distinfo
Added Files:
pkgsrc/mail/dovecot2/patches: patch-src_lib_ostream-file.c
Log Message:
Silence Error: file_ostream.net_set_tcp_nodelay(, TRUE) failed
Patch from upstream -head via FreeBSD
\
<https://svnweb.freebsd.org/ports/head/mail/dovecot/files/patch-src_lib_ostream-file.c?view=markup&pathrev=506487>
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239172>
---
Module Name: pkgsrc
Committed By: taca
Date: Tue Jul 23 15:11:24 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/mail/dovecot2/patches: patch-src_lib_ostream-file.c
Log Message:
mail/dovecot2: update to 2.3.7.1
v2.3.7.1 2019-07-23 Timo Sirainen <timo.sirainen@open-xchange.com>
- Fix TCP_NODELAY errors being logged on non-Linux OSes
- lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
- Remove wrongly added checks in namespace prefix checking
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Aug 29 01:05:20 UTC 2019
Modified Files:
pkgsrc/mail/dovecot2: Makefile.common distinfo
Log Message:
mail/dovecot2: update to 2.3.7.2
Update dovecot2 and related packages to 2.3.7.2.
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes. Found by Nick Roessler and Rafi Rubin.
Files: