projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3fb7eda)
package/dovecot: security bump to version 2.3.4
authorBernd Kuhls <bernd.kuhls@t-online.de>
Thu, 1 Mar 2018 19:41:51 +0000 (20:41 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 1 Mar 2018 20:37:38 +0000 (21:37 +0100)
Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Removed patch applied upstream:
https://github.com/dovecot/core/commit/a008617e811673064fd657acf517dc4a12493d29

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch [deleted file] patch | blob | history
package/dovecot/dovecot.hash patch | blob | history
package/dovecot/dovecot.mk patch | blob | history

diff --git a/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch b/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch
deleted file mode 100644 (file)
index babccd3..0000000
--- a/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001
-From: Timo Sirainen <timo.sirainen@dovecot.fi>
-Date: Mon, 18 Dec 2017 16:50:51 +0200
-Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort()
-
-This caused memory leaks when authentication was aborted. For example
-with IMAP:
-
-a AUTHENTICATE PLAIN
-*
-
-Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021
-
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
----
- src/lib-auth/auth-client-request.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
-index 480fb42b3..046f7c307 100644
---- a/src/lib-auth/auth-client-request.c
-+++ b/src/lib-auth/auth-client-request.c
-@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request)
-       auth_client_send_cancel(request->conn->client, request->id);
-       call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
-+      pool_unref(&request->pool);
- }
- unsigned int auth_client_request_get_id(struct auth_client_request *request)
--- 
-2.11.0
-
diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash
index 33163d6d8c26a660acbf7b275afa287f30b35bc5..fef0746089f380dbeb2458f24f8498d324278e24 100644 (file)
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,5 +1,5 @@
 # Locally computed after checking signature
-sha256 fe1e3b78609a56ee22fc209077e4b75348fa1bbd54c46f52bde2472a4c4cee84  dovecot-2.2.33.2.tar.gz
+sha256 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353  dovecot-2.2.34.tar.gz
 sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8  COPYING
 sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LGPL
 sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97  COPYING.MIT
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index 71a76c2818391fd4785362a8e2600a2c4948e6c8..e1b4bb21b8f870bf9c323f1c2ac8a6084325cda5 100644 (file)
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 DOVECOT_VERSION_MAJOR = 2.2
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).33.2
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).34
 DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015