* [Buildroot] [PATCH 1/2] package/dovecot: drop first patch
@ 2020-05-22 13:58 Fabrice Fontaine
2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Fabrice Fontaine @ 2020-05-22 13:58 UTC (permalink / raw)
To: buildroot
First patch is not needed since version 2.3.0 and
https://github.com/dovecot/core/commit/08259c1f206026ca9b9f4b4e97603943c6093def
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
.../0001-byteorder.h-fix-uclibc-build.patch | 32 -------------------
...Do-not-build-static-test-iostream-s.patch} | 0
package/dovecot/dovecot.mk | 2 +-
3 files changed, 1 insertion(+), 33 deletions(-)
delete mode 100644 package/dovecot/0001-byteorder.h-fix-uclibc-build.patch
rename package/dovecot/{0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch => 0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch} (100%)
diff --git a/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch b/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch
deleted file mode 100644
index b6d3ed3ec0..0000000000
--- a/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 902917880ca29f1007750a70cf46e7246b2d0a2a Mon Sep 17 00:00:00 2001
-From: Josef 'Jeff' Sipek <jeff.sipek@dovecot.fi>
-Date: Tue, 14 Nov 2017 06:01:21 +0100
-Subject: [PATCH] byteorder.h: fix uclibc build
-
-Patch suggested on upstream mailinglist:
-https://www.dovecot.org/pipermail/dovecot/2017-November/110019.html
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- src/lib/byteorder.h | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/lib/byteorder.h b/src/lib/byteorder.h
-index 2f5dc7c17..4ffe8da21 100644
---- a/src/lib/byteorder.h
-+++ b/src/lib/byteorder.h
-@@ -23,6 +23,11 @@
- #ifndef BYTEORDER_H
- #define BYTEORDER_H
-
-+#undef bswap_8
-+#undef bswap_16
-+#undef bswap_32
-+#undef bswap_64
-+
- /*
- * These prototypes exist to catch bugs in the code generating macros below.
- */
---
-2.11.0
-
diff --git a/package/dovecot/0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch b/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
similarity index 100%
rename from package/dovecot/0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
rename to package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index 9f89ce6354..86e101d80a 100644
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -14,7 +14,7 @@ DOVECOT_DEPENDENCIES = \
host-pkgconf \
$(if $(BR2_PACKAGE_LIBICONV),libiconv) \
openssl
-# 0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
+# 0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
DOVECOT_AUTORECONF = YES
# add host-gettext for AM_ICONV macro
DOVECOT_DEPENDENCIES += host-gettext
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1
2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine
@ 2020-05-22 13:58 ` Fabrice Fontaine
2020-05-22 19:02 ` Peter Korsgaard
2020-05-31 21:13 ` Peter Korsgaard
2020-05-22 19:01 ` [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Peter Korsgaard
2020-05-31 21:13 ` Peter Korsgaard
2 siblings, 2 replies; 6+ messages in thread
From: Fabrice Fontaine @ 2020-05-22 13:58 UTC (permalink / raw)
To: buildroot
- Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated
sending of malformed parameters to a NOOP command causes a NULL
Pointer Dereference and crash in submission-login, submission, or
lmtp.
- Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP
message triggers an unauthenticated use-after-free bug in
submission-login, submission, or lmtp, and can lead to a crash under
circumstances involving many newlines after a command.
- Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote
unauthenticated attackers can crash the lmtp or submission process by
sending mail with an empty localpart.
- Drop first patch (already in version) and so autoreconf
- Update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...-Do-not-build-static-test-iostream-s.patch | 30 -------------------
package/dovecot/dovecot.hash | 8 ++---
package/dovecot/dovecot.mk | 4 +--
3 files changed, 5 insertions(+), 37 deletions(-)
delete mode 100644 package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
diff --git a/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch b/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
deleted file mode 100644
index 686ed7383b..0000000000
--- a/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 40851dc3471809cabe8cc3f9b71980f8d82344ae Mon Sep 17 00:00:00 2001
-From: Bernd Kuhls <bernd.kuhls@t-online.de>
-Date: Sat, 4 Jan 2020 14:39:39 +0100
-Subject: [PATCH] lib-ssl-iostream: Do not build static test-iostream-ssl
-
-Fixes broken static build:
-https://dovecot.org/pipermail/dovecot/2019-October/117326.html
-
-Patch sent upstream: https://github.com/dovecot/core/pull/111
-
-Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
----
- src/lib-ssl-iostream/Makefile.am | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/lib-ssl-iostream/Makefile.am b/src/lib-ssl-iostream/Makefile.am
-index 94ead5cec..5aaea5d51 100644
---- a/src/lib-ssl-iostream/Makefile.am
-+++ b/src/lib-ssl-iostream/Makefile.am
-@@ -46,7 +46,6 @@ test_libs = \
- ../lib/liblib.la
-
- test_iostream_ssl_SOURCES = test-iostream-ssl.c
--test_iostream_ssl_LDFLAGS = -static
- test_iostream_ssl_LDADD = $(test_libs) $(SSL_LIBS) $(DLLIB)
- test_iostream_ssl_DEPENDENCIES = $(test_libs)
-
---
-2.20.1
-
diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash
index e61937495a..09295816d3 100644
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,5 +1,5 @@
# Locally computed after checking signature
-sha256 f89fb69423fc5bdc05955c8fc0607eab9e33511f9a643b721763db6156c49651 dovecot-2.3.9.3.tar.gz
-sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
-sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
-sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
+sha256 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c dovecot-2.3.10.1.tar.gz
+sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
+sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
+sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index 86e101d80a..59b52a3f84 100644
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.3
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).9.3
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).10.1
DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
@@ -14,8 +14,6 @@ DOVECOT_DEPENDENCIES = \
host-pkgconf \
$(if $(BR2_PACKAGE_LIBICONV),libiconv) \
openssl
-# 0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch
-DOVECOT_AUTORECONF = YES
# add host-gettext for AM_ICONV macro
DOVECOT_DEPENDENCIES += host-gettext
--
2.26.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: drop first patch
2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine
2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine
@ 2020-05-22 19:01 ` Peter Korsgaard
2020-05-31 21:13 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2020-05-22 19:01 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> First patch is not needed since version 2.3.0 and
> https://github.com/dovecot/core/commit/08259c1f206026ca9b9f4b4e97603943c6093def
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1
2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine
@ 2020-05-22 19:02 ` Peter Korsgaard
2020-05-31 21:13 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2020-05-22 19:02 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated
> sending of malformed parameters to a NOOP command causes a NULL
> Pointer Dereference and crash in submission-login, submission, or
> lmtp.
> - Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP
> message triggers an unauthenticated use-after-free bug in
> submission-login, submission, or lmtp, and can lead to a crash under
> circumstances involving many newlines after a command.
> - Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote
> unauthenticated attackers can crash the lmtp or submission process by
> sending mail with an empty localpart.
> - Drop first patch (already in version) and so autoreconf
> - Update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: drop first patch
2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine
2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine
2020-05-22 19:01 ` [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Peter Korsgaard
@ 2020-05-31 21:13 ` Peter Korsgaard
2 siblings, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2020-05-31 21:13 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> First patch is not needed since version 2.3.0 and
> https://github.com/dovecot/core/commit/08259c1f206026ca9b9f4b4e97603943c6093def
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1
2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine
2020-05-22 19:02 ` Peter Korsgaard
@ 2020-05-31 21:13 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2020-05-31 21:13 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated
> sending of malformed parameters to a NOOP command causes a NULL
> Pointer Dereference and crash in submission-login, submission, or
> lmtp.
> - Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP
> message triggers an unauthenticated use-after-free bug in
> submission-login, submission, or lmtp, and can lead to a crash under
> circumstances involving many newlines after a command.
> - Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote
> unauthenticated attackers can crash the lmtp or submission process by
> sending mail with an empty localpart.
> - Drop first patch (already in version) and so autoreconf
> - Update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-05-31 21:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine
2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine
2020-05-22 19:02 ` Peter Korsgaard
2020-05-31 21:13 ` Peter Korsgaard
2020-05-22 19:01 ` [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Peter Korsgaard
2020-05-31 21:13 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.