From 7c970b06ea4cfc235eefedd967551d165c1dd7ca Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Thu, 1 Mar 2018 20:41:51 +0100 Subject: [PATCH] package/dovecot: security bump to version 2.3.4 Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html Removed patch applied upstream: https://github.com/dovecot/core/commit/a008617e811673064fd657acf517dc4a12493d29 Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard --- ...ory-leak-in-auth_client_request_abor.patch | 33 ------------------- package/dovecot/dovecot.hash | 2 +- package/dovecot/dovecot.mk | 2 +- 3 files changed, 2 insertions(+), 35 deletions(-) delete mode 100644 package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch diff --git a/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch b/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch deleted file mode 100644 index babccd3acf..0000000000 --- a/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Mon, 18 Dec 2017 16:50:51 +0200 -Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort() - -This caused memory leaks when authentication was aborted. For example -with IMAP: - -a AUTHENTICATE PLAIN -* - -Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021 - -Signed-off-by: Peter Korsgaard ---- - src/lib-auth/auth-client-request.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c -index 480fb42b3..046f7c307 100644 ---- a/src/lib-auth/auth-client-request.c -+++ b/src/lib-auth/auth-client-request.c -@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request) - - auth_client_send_cancel(request->conn->client, request->id); - call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); -+ pool_unref(&request->pool); - } - - unsigned int auth_client_request_get_id(struct auth_client_request *request) --- -2.11.0 - diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash index 33163d6d8c..fef0746089 100644 --- a/package/dovecot/dovecot.hash +++ b/package/dovecot/dovecot.hash @@ -1,5 +1,5 @@ # Locally computed after checking signature -sha256 fe1e3b78609a56ee22fc209077e4b75348fa1bbd54c46f52bde2472a4c4cee84 dovecot-2.2.33.2.tar.gz +sha256 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353 dovecot-2.2.34.tar.gz sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk index 71a76c2818..e1b4bb21b8 100644 --- a/package/dovecot/dovecot.mk +++ b/package/dovecot/dovecot.mk @@ -5,7 +5,7 @@ ################################################################################ DOVECOT_VERSION_MAJOR = 2.2 -DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).33.2 +DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).34 DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR) DOVECOT_INSTALL_STAGING = YES DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015 -- 2.30.2