From 32ce2c0794c9411f33f2a7547b53c8ac32d7f298 Mon Sep 17 00:00:00 2001 From: sthen Date: Thu, 2 May 2019 22:06:13 +0000 Subject: [PATCH] update to Dovecot 2.3.6, from Brad: - CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. - CVE-2019-11499: Submission-login crashed when authentication was started over TLS secured channel and invalid authentication message was sent. --- mail/dovecot/Makefile | 5 ++--- mail/dovecot/distinfo | 4 ++-- mail/dovecot/patches/patch-doc_example-config_Makefile_in | 3 ++- .../patches/patch-doc_example-config_conf_d_10-mail_conf | 3 ++- .../patch-doc_example-config_conf_d_10-master_conf | 8 +++++--- .../patches/patch-doc_example-config_conf_d_10-ssl_conf | 8 +++++--- .../patches/patch-doc_example-config_conf_d_Makefile_in | 3 ++- .../patch-doc_example-config_conf_d_auth-system_conf_ext | 8 +++++--- .../dovecot/patches/patch-doc_example-config_dovecot_conf | 8 +++++--- mail/dovecot/patches/patch-doc_mkcert_sh | 8 +++++--- .../patches/patch-src_auth_password-scheme-crypt_c | 7 ++++--- mail/dovecot/pkg/PLIST-server | 4 +++- 12 files changed, 42 insertions(+), 27 deletions(-) diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile index 2a0c9a68984..df7a278b533 100644 --- a/mail/dovecot/Makefile +++ b/mail/dovecot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.276 2019/05/01 13:41:20 danj Exp $ +# $OpenBSD: Makefile,v 1.277 2019/05/02 22:06:13 sthen Exp $ COMMENT-server= compact IMAP/POP3 server COMMENT-ldap= LDAP authentication / dictionary support for Dovecot @@ -6,8 +6,7 @@ COMMENT-mysql= MySQL authentication / dictionary support for Dovecot COMMENT-postgresql= PostgreSQL authentication / dictionary support for Dovecot V_MAJOR= 2.3 -V_DOVECOT= 2.3.5.2 -REVISION-server= 0 +V_DOVECOT= 2.3.6 DISTNAME= dovecot-${V_DOVECOT} PKGNAME= dovecot-${V_DOVECOT} diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo index ac2d2d98fcd..67861ba6cec 100644 --- a/mail/dovecot/distinfo +++ b/mail/dovecot/distinfo @@ -1,2 +1,2 @@ -SHA256 (dovecot-2.3.5.2.tar.gz) = uhTkGu/YGoaKNbg7y1QZQRYQZCTTdpBRm1Dqg8DzG/I= -SIZE (dovecot-2.3.5.2.tar.gz) = 6953228 +SHA256 (dovecot-2.3.6.tar.gz) = 7R2Nwb7q6cbHPerHOmLvGf6SYvv/2GYEo/aQRS9VNsc= +SIZE (dovecot-2.3.6.tar.gz) = 6980135 diff --git a/mail/dovecot/patches/patch-doc_example-config_Makefile_in b/mail/dovecot/patches/patch-doc_example-config_Makefile_in index 38ffc6733f7..8c0beff8f82 100644 --- a/mail/dovecot/patches/patch-doc_example-config_Makefile_in +++ b/mail/dovecot/patches/patch-doc_example-config_Makefile_in @@ -1,4 +1,5 @@ -$OpenBSD: patch-doc_example-config_Makefile_in,v 1.19 2019/03/06 21:53:07 sthen Exp $ +$OpenBSD: patch-doc_example-config_Makefile_in,v 1.20 2019/05/02 22:06:13 sthen Exp $ + Index: doc/example-config/Makefile.in --- doc/example-config/Makefile.in.orig +++ doc/example-config/Makefile.in diff --git a/mail/dovecot/patches/patch-doc_example-config_conf_d_10-mail_conf b/mail/dovecot/patches/patch-doc_example-config_conf_d_10-mail_conf index 0bc5dd17731..6b47147f523 100644 --- a/mail/dovecot/patches/patch-doc_example-config_conf_d_10-mail_conf +++ b/mail/dovecot/patches/patch-doc_example-config_conf_d_10-mail_conf @@ -1,4 +1,5 @@ -$OpenBSD: patch-doc_example-config_conf_d_10-mail_conf,v 1.9 2018/10/24 19:42:36 sthen Exp $ +$OpenBSD: patch-doc_example-config_conf_d_10-mail_conf,v 1.10 2019/05/02 22:06:13 sthen Exp $ + Index: doc/example-config/conf.d/10-mail.conf --- doc/example-config/conf.d/10-mail.conf.orig Mon Jun 18 14:15:32 2018 +++ doc/example-config/conf.d/10-mail.conf Sun Oct 21 15:56:45 2018 diff --git a/mail/dovecot/patches/patch-doc_example-config_conf_d_10-master_conf b/mail/dovecot/patches/patch-doc_example-config_conf_d_10-master_conf index 3d76c017b81..6c440779bf3 100644 --- a/mail/dovecot/patches/patch-doc_example-config_conf_d_10-master_conf +++ b/mail/dovecot/patches/patch-doc_example-config_conf_d_10-master_conf @@ -1,6 +1,8 @@ -$OpenBSD: patch-doc_example-config_conf_d_10-master_conf,v 1.2 2012/01/07 12:14:21 sthen Exp $ ---- doc/example-config/conf.d/10-master.conf.orig Thu Dec 30 10:42:54 2010 -+++ doc/example-config/conf.d/10-master.conf Tue Mar 22 15:23:22 2011 +$OpenBSD: patch-doc_example-config_conf_d_10-master_conf,v 1.3 2019/05/02 22:06:13 sthen Exp $ + +Index: doc/example-config/conf.d/10-master.conf +--- doc/example-config/conf.d/10-master.conf.orig ++++ doc/example-config/conf.d/10-master.conf @@ -8,11 +8,11 @@ # Login user is internally used by login processes. This is the most untrusted diff --git a/mail/dovecot/patches/patch-doc_example-config_conf_d_10-ssl_conf b/mail/dovecot/patches/patch-doc_example-config_conf_d_10-ssl_conf index 855ddb45974..abf9889fb2b 100644 --- a/mail/dovecot/patches/patch-doc_example-config_conf_d_10-ssl_conf +++ b/mail/dovecot/patches/patch-doc_example-config_conf_d_10-ssl_conf @@ -1,6 +1,8 @@ -$OpenBSD: patch-doc_example-config_conf_d_10-ssl_conf,v 1.1 2011/05/23 22:54:38 sthen Exp $ ---- doc/example-config/conf.d/10-ssl.conf.orig Thu Mar 10 14:39:31 2011 -+++ doc/example-config/conf.d/10-ssl.conf Thu Mar 10 14:40:01 2011 +$OpenBSD: patch-doc_example-config_conf_d_10-ssl_conf,v 1.2 2019/05/02 22:06:13 sthen Exp $ + +Index: doc/example-config/conf.d/10-ssl.conf +--- doc/example-config/conf.d/10-ssl.conf.orig ++++ doc/example-config/conf.d/10-ssl.conf @@ -9,7 +9,7 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed diff --git a/mail/dovecot/patches/patch-doc_example-config_conf_d_Makefile_in b/mail/dovecot/patches/patch-doc_example-config_conf_d_Makefile_in index 553dd5ecaf3..bb0ecc1b00d 100644 --- a/mail/dovecot/patches/patch-doc_example-config_conf_d_Makefile_in +++ b/mail/dovecot/patches/patch-doc_example-config_conf_d_Makefile_in @@ -1,4 +1,5 @@ -$OpenBSD: patch-doc_example-config_conf_d_Makefile_in,v 1.19 2019/03/06 21:53:07 sthen Exp $ +$OpenBSD: patch-doc_example-config_conf_d_Makefile_in,v 1.20 2019/05/02 22:06:13 sthen Exp $ + Index: doc/example-config/conf.d/Makefile.in --- doc/example-config/conf.d/Makefile.in.orig +++ doc/example-config/conf.d/Makefile.in diff --git a/mail/dovecot/patches/patch-doc_example-config_conf_d_auth-system_conf_ext b/mail/dovecot/patches/patch-doc_example-config_conf_d_auth-system_conf_ext index 03bb0d62660..48972a9d7fd 100644 --- a/mail/dovecot/patches/patch-doc_example-config_conf_d_auth-system_conf_ext +++ b/mail/dovecot/patches/patch-doc_example-config_conf_d_auth-system_conf_ext @@ -1,6 +1,8 @@ -$OpenBSD: patch-doc_example-config_conf_d_auth-system_conf_ext,v 1.2 2018/10/24 19:42:36 sthen Exp $ ---- doc/example-config/conf.d/auth-system.conf.ext.orig Mon Jun 18 14:15:32 2018 -+++ doc/example-config/conf.d/auth-system.conf.ext Sun Oct 21 15:56:45 2018 +$OpenBSD: patch-doc_example-config_conf_d_auth-system_conf_ext,v 1.3 2019/05/02 22:06:13 sthen Exp $ + +Index: doc/example-config/conf.d/auth-system.conf.ext +--- doc/example-config/conf.d/auth-system.conf.ext.orig ++++ doc/example-config/conf.d/auth-system.conf.ext @@ -7,12 +7,12 @@ # PAM is typically used with either userdb passwd or userdb static. # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM diff --git a/mail/dovecot/patches/patch-doc_example-config_dovecot_conf b/mail/dovecot/patches/patch-doc_example-config_dovecot_conf index f03a2f79c7a..a6ef4ebb93e 100644 --- a/mail/dovecot/patches/patch-doc_example-config_dovecot_conf +++ b/mail/dovecot/patches/patch-doc_example-config_dovecot_conf @@ -1,6 +1,8 @@ -$OpenBSD: patch-doc_example-config_dovecot_conf,v 1.4 2013/08/13 00:29:58 brad Exp $ ---- doc/example-config/dovecot.conf.orig Mon Jan 7 02:50:26 2013 -+++ doc/example-config/dovecot.conf Tue Apr 23 02:03:41 2013 +$OpenBSD: patch-doc_example-config_dovecot_conf,v 1.5 2019/05/02 22:06:13 sthen Exp $ + +Index: doc/example-config/dovecot.conf +--- doc/example-config/dovecot.conf.orig ++++ doc/example-config/dovecot.conf @@ -30,7 +30,7 @@ #listen = *, :: diff --git a/mail/dovecot/patches/patch-doc_mkcert_sh b/mail/dovecot/patches/patch-doc_mkcert_sh index 80f525047d0..28b1c7608fc 100644 --- a/mail/dovecot/patches/patch-doc_mkcert_sh +++ b/mail/dovecot/patches/patch-doc_mkcert_sh @@ -1,6 +1,8 @@ -$OpenBSD: patch-doc_mkcert_sh,v 1.8 2016/12/04 21:36:02 sthen Exp $ ---- doc/mkcert.sh.orig Tue Nov 29 17:35:50 2016 -+++ doc/mkcert.sh Tue Nov 29 20:53:21 2016 +$OpenBSD: patch-doc_mkcert_sh,v 1.9 2019/05/02 22:06:13 sthen Exp $ + +Index: doc/mkcert.sh +--- doc/mkcert.sh.orig ++++ doc/mkcert.sh @@ -6,19 +6,13 @@ umask 077 OPENSSL=${OPENSSL-openssl} diff --git a/mail/dovecot/patches/patch-src_auth_password-scheme-crypt_c b/mail/dovecot/patches/patch-src_auth_password-scheme-crypt_c index 2a2e85d3474..75d1bb001d4 100644 --- a/mail/dovecot/patches/patch-src_auth_password-scheme-crypt_c +++ b/mail/dovecot/patches/patch-src_auth_password-scheme-crypt_c @@ -1,4 +1,4 @@ -$OpenBSD: patch-src_auth_password-scheme-crypt_c,v 1.5 2018/10/24 19:42:36 sthen Exp $ +$OpenBSD: patch-src_auth_password-scheme-crypt_c,v 1.6 2019/05/02 22:06:13 sthen Exp $ Dovecot supports various password schemes, e.g. {MD5}, {SHA1}, {SSHA512}, {CRYPT}, etc. This is used in two cases: @@ -29,8 +29,9 @@ This patch re-allows CRYPT as a supported scheme. On OpenBSD it will encrypt as blowfish, on other OS it will encrypt as DES. Verification will work with whichever password formats are supported by the OS. ---- src/auth/password-scheme-crypt.c.orig Mon Jun 18 14:15:32 2018 -+++ src/auth/password-scheme-crypt.c Mon Oct 22 08:36:56 2018 +Index: src/auth/password-scheme-crypt.c +--- src/auth/password-scheme-crypt.c.orig ++++ src/auth/password-scheme-crypt.c @@ -149,7 +149,12 @@ static const struct { const char *salt; const char *expected; diff --git a/mail/dovecot/pkg/PLIST-server b/mail/dovecot/pkg/PLIST-server index 494ee57c75d..92d14b1e348 100644 --- a/mail/dovecot/pkg/PLIST-server +++ b/mail/dovecot/pkg/PLIST-server @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST-server,v 1.70 2019/03/06 21:53:07 sthen Exp $ +@comment $OpenBSD: PLIST-server,v 1.71 2019/05/02 22:06:13 sthen Exp $ @conflict dovecot-sqlite-* @pkgpath mail/dovecot @pkgpath mail/dovecot,-server,bdb @@ -760,6 +760,8 @@ share/aclocal/dovecot.m4 share/doc/dovecot/ share/doc/dovecot/documentation.txt share/doc/dovecot/securecoding.txt +share/doc/dovecot/solr-config-7.7.0.xml +share/doc/dovecot/solr-schema-7.7.0.xml share/doc/dovecot/solr-schema.xml share/doc/dovecot/thread-refs.txt share/doc/dovecot/wiki/