NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/dovecot: security bump to version 2.3.4

Browse Source 
Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Removed patch applied upstream:
a008617e81

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Bernd Kuhls 2018-03-01 20:41:51 +01:00 committed by Peter Korsgaard
parent 3fb7edaf98
commit 7c970b06ea
3 changed files with 2 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch
View File

@ -1,33 +0,0 @@
From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Mon, 18 Dec 2017 16:50:51 +0200
Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort()
This caused memory leaks when authentication was aborted. For example
with IMAP:
a AUTHENTICATE PLAIN
*
Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/lib-auth/auth-client-request.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 480fb42b3..046f7c307 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request)
auth_client_send_cancel(request->conn->client, request->id);
call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
+ pool_unref(&request->pool);
}
unsigned int auth_client_request_get_id(struct auth_client_request *request)
--
2.11.0

2
package/dovecot/dovecot.hash
View File

@ -1,5 +1,5 @@
# Locally computed after checking signature
sha256 fe1e3b78609a56ee22fc209077e4b75348fa1bbd54c46f52bde2472a4c4cee84 dovecot-2.2.33.2.tar.gz
sha256 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353 dovecot-2.2.34.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT

2
package/dovecot/dovecot.mk
View File

@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.2
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).33.2
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).34
DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015