* [Buildroot] [PATCH 1/2] package/dovecot: drop first patch @ 2020-05-22 13:58 Fabrice Fontaine 2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Fabrice Fontaine @ 2020-05-22 13:58 UTC (permalink / raw) To: buildroot First patch is not needed since version 2.3.0 and https://github.com/dovecot/core/commit/08259c1f206026ca9b9f4b4e97603943c6093def Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- .../0001-byteorder.h-fix-uclibc-build.patch | 32 ------------------- ...Do-not-build-static-test-iostream-s.patch} | 0 package/dovecot/dovecot.mk | 2 +- 3 files changed, 1 insertion(+), 33 deletions(-) delete mode 100644 package/dovecot/0001-byteorder.h-fix-uclibc-build.patch rename package/dovecot/{0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch => 0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch} (100%) diff --git a/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch b/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch deleted file mode 100644 index b6d3ed3ec0..0000000000 --- a/package/dovecot/0001-byteorder.h-fix-uclibc-build.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 902917880ca29f1007750a70cf46e7246b2d0a2a Mon Sep 17 00:00:00 2001 -From: Josef 'Jeff' Sipek <jeff.sipek@dovecot.fi> -Date: Tue, 14 Nov 2017 06:01:21 +0100 -Subject: [PATCH] byteorder.h: fix uclibc build - -Patch suggested on upstream mailinglist: -https://www.dovecot.org/pipermail/dovecot/2017-November/110019.html - -Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> ---- - src/lib/byteorder.h | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/lib/byteorder.h b/src/lib/byteorder.h -index 2f5dc7c17..4ffe8da21 100644 ---- a/src/lib/byteorder.h -+++ b/src/lib/byteorder.h -@@ -23,6 +23,11 @@ - #ifndef BYTEORDER_H - #define BYTEORDER_H - -+#undef bswap_8 -+#undef bswap_16 -+#undef bswap_32 -+#undef bswap_64 -+ - /* - * These prototypes exist to catch bugs in the code generating macros below. - */ --- -2.11.0 - diff --git a/package/dovecot/0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch b/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch similarity index 100% rename from package/dovecot/0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch rename to package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk index 9f89ce6354..86e101d80a 100644 --- a/package/dovecot/dovecot.mk +++ b/package/dovecot/dovecot.mk @@ -14,7 +14,7 @@ DOVECOT_DEPENDENCIES = \ host-pkgconf \ $(if $(BR2_PACKAGE_LIBICONV),libiconv) \ openssl -# 0002-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch +# 0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch DOVECOT_AUTORECONF = YES # add host-gettext for AM_ICONV macro DOVECOT_DEPENDENCIES += host-gettext -- 2.26.2 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine @ 2020-05-22 13:58 ` Fabrice Fontaine 2020-05-22 19:02 ` Peter Korsgaard 2020-05-31 21:13 ` Peter Korsgaard 2020-05-22 19:01 ` [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Peter Korsgaard 2020-05-31 21:13 ` Peter Korsgaard 2 siblings, 2 replies; 6+ messages in thread From: Fabrice Fontaine @ 2020-05-22 13:58 UTC (permalink / raw) To: buildroot - Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. - Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. - Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. - Drop first patch (already in version) and so autoreconf - Update indentation in hash file (two spaces) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- ...-Do-not-build-static-test-iostream-s.patch | 30 ------------------- package/dovecot/dovecot.hash | 8 ++--- package/dovecot/dovecot.mk | 4 +-- 3 files changed, 5 insertions(+), 37 deletions(-) delete mode 100644 package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch diff --git a/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch b/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch deleted file mode 100644 index 686ed7383b..0000000000 --- a/package/dovecot/0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 40851dc3471809cabe8cc3f9b71980f8d82344ae Mon Sep 17 00:00:00 2001 -From: Bernd Kuhls <bernd.kuhls@t-online.de> -Date: Sat, 4 Jan 2020 14:39:39 +0100 -Subject: [PATCH] lib-ssl-iostream: Do not build static test-iostream-ssl - -Fixes broken static build: -https://dovecot.org/pipermail/dovecot/2019-October/117326.html - -Patch sent upstream: https://github.com/dovecot/core/pull/111 - -Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> ---- - src/lib-ssl-iostream/Makefile.am | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/lib-ssl-iostream/Makefile.am b/src/lib-ssl-iostream/Makefile.am -index 94ead5cec..5aaea5d51 100644 ---- a/src/lib-ssl-iostream/Makefile.am -+++ b/src/lib-ssl-iostream/Makefile.am -@@ -46,7 +46,6 @@ test_libs = \ - ../lib/liblib.la - - test_iostream_ssl_SOURCES = test-iostream-ssl.c --test_iostream_ssl_LDFLAGS = -static - test_iostream_ssl_LDADD = $(test_libs) $(SSL_LIBS) $(DLLIB) - test_iostream_ssl_DEPENDENCIES = $(test_libs) - --- -2.20.1 - diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash index e61937495a..09295816d3 100644 --- a/package/dovecot/dovecot.hash +++ b/package/dovecot/dovecot.hash @@ -1,5 +1,5 @@ # Locally computed after checking signature -sha256 f89fb69423fc5bdc05955c8fc0607eab9e33511f9a643b721763db6156c49651 dovecot-2.3.9.3.tar.gz -sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING -sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL -sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT +sha256 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c dovecot-2.3.10.1.tar.gz +sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING +sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL +sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk index 86e101d80a..59b52a3f84 100644 --- a/package/dovecot/dovecot.mk +++ b/package/dovecot/dovecot.mk @@ -5,7 +5,7 @@ ################################################################################ DOVECOT_VERSION_MAJOR = 2.3 -DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).9.3 +DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).10.1 DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR) DOVECOT_INSTALL_STAGING = YES DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015 @@ -14,8 +14,6 @@ DOVECOT_DEPENDENCIES = \ host-pkgconf \ $(if $(BR2_PACKAGE_LIBICONV),libiconv) \ openssl -# 0001-lib-ssl-iostream-Do-not-build-static-test-iostream-s.patch -DOVECOT_AUTORECONF = YES # add host-gettext for AM_ICONV macro DOVECOT_DEPENDENCIES += host-gettext -- 2.26.2 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine @ 2020-05-22 19:02 ` Peter Korsgaard 2020-05-31 21:13 ` Peter Korsgaard 1 sibling, 0 replies; 6+ messages in thread From: Peter Korsgaard @ 2020-05-22 19:02 UTC (permalink / raw) To: buildroot >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > - Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated > sending of malformed parameters to a NOOP command causes a NULL > Pointer Dereference and crash in submission-login, submission, or > lmtp. > - Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP > message triggers an unauthenticated use-after-free bug in > submission-login, submission, or lmtp, and can lead to a crash under > circumstances involving many newlines after a command. > - Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote > unauthenticated attackers can crash the lmtp or submission process by > sending mail with an empty localpart. > - Drop first patch (already in version) and so autoreconf > - Update indentation in hash file (two spaces) > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine 2020-05-22 19:02 ` Peter Korsgaard @ 2020-05-31 21:13 ` Peter Korsgaard 1 sibling, 0 replies; 6+ messages in thread From: Peter Korsgaard @ 2020-05-31 21:13 UTC (permalink / raw) To: buildroot >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > - Fix CVE-2020-10957: In Dovecot before 2.3.10.1, unauthenticated > sending of malformed parameters to a NOOP command causes a NULL > Pointer Dereference and crash in submission-login, submission, or > lmtp. > - Fix CVE-2020-10958: In Dovecot before 2.3.10.1, a crafted SMTP/LMTP > message triggers an unauthenticated use-after-free bug in > submission-login, submission, or lmtp, and can lead to a crash under > circumstances involving many newlines after a command. > - Fix CVE-2020-10967: In Dovecot before 2.3.10.1, remote > unauthenticated attackers can crash the lmtp or submission process by > sending mail with an empty localpart. > - Drop first patch (already in version) and so autoreconf > - Update indentation in hash file (two spaces) > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2020.02.x, thanks. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: drop first patch 2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine 2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine @ 2020-05-22 19:01 ` Peter Korsgaard 2020-05-31 21:13 ` Peter Korsgaard 2 siblings, 0 replies; 6+ messages in thread From: Peter Korsgaard @ 2020-05-22 19:01 UTC (permalink / raw) To: buildroot >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > First patch is not needed since version 2.3.0 and > https://github.com/dovecot/core/commit/08259c1f206026ca9b9f4b4e97603943c6093def > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2020.02.x, thanks. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/2] package/dovecot: drop first patch 2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine 2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine 2020-05-22 19:01 ` [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Peter Korsgaard @ 2020-05-31 21:13 ` Peter Korsgaard 2 siblings, 0 replies; 6+ messages in thread From: Peter Korsgaard @ 2020-05-31 21:13 UTC (permalink / raw) To: buildroot >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > First patch is not needed since version 2.3.0 and > https://github.com/dovecot/core/commit/08259c1f206026ca9b9f4b4e97603943c6093def > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2020.02.x, thanks. -- Bye, Peter Korsgaard ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-05-31 21:13 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-05-22 13:58 [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Fabrice Fontaine 2020-05-22 13:58 ` [Buildroot] [PATCH 2/2] package/dovecot: security bump to version 2.3.10.1 Fabrice Fontaine 2020-05-22 19:02 ` Peter Korsgaard 2020-05-31 21:13 ` Peter Korsgaard 2020-05-22 19:01 ` [Buildroot] [PATCH 1/2] package/dovecot: drop first patch Peter Korsgaard 2020-05-31 21:13 ` Peter Korsgaard
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.