diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2019-05-05 23:06:21 +0200 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2019-05-06 09:01:20 +0000 |
| commit | 4cbff22201d9f2fb21d860bae0e62f3bf814ed45 (patch) | |
| tree | 306f5b0f7cac4d8085cc488d2d54dd0eefd1384b /main/dovecot | |
| parent | eae02a2a7af3c1eed3700c9c97fdb2522960d688 (diff) | |
| download | aports-4cbff22201d9f2fb21d860bae0e62f3bf814ed45.tar.bz2 aports-4cbff22201d9f2fb21d860bae0e62f3bf814ed45.tar.xz | |
main/dovecot: security upgrade to 2.3.6 (CVE-2019-11494, CVE-2019-11499)
Fixes #10387
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
Diffstat (limited to 'main/dovecot')
| -rw-r--r-- | main/dovecot/APKBUILD | 14 | ||||
| -rw-r--r-- | main/dovecot/mysql-fix-double-close.patch | 37 |
2 files changed, 8 insertions, 43 deletions
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD index 4fa96a3c45..58863d02fc 100644 --- a/main/dovecot/APKBUILD +++ b/main/dovecot/APKBUILD @@ -4,9 +4,9 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dovecot -pkgver=2.3.5.1 +pkgver=2.3.6 _pkgvermajor=2.3 -pkgrel=1 +pkgrel=0 _pigeonholever=0.5.5 _pigeonholevermajor=${_pigeonholever%.*} pkgdesc="IMAP and POP3 server" @@ -64,12 +64,15 @@ source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz default-config.patch dovecot.logrotate dovecot.initd - mysql-fix-double-close.patch " builddir="$srcdir/$pkgname-$pkgver" _builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever" # secfixes: +# 2.3.6-r0: +# - CVE-2019-11499 +# - CVE-2019-11494 +# - CVE-2019-10691 # 2.3.5.1-r0: # - CVE-2019-7524 # 2.3.4.1-r0: @@ -299,11 +302,10 @@ _submv() { done } -sha512sums="e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a dovecot-2.3.5.1.tar.gz +sha512sums="ec28af2efcbd4ab534298c3342709251074dcdb0f0f4bcad0d24b996b273387e2ce557d7ab54abafb69be3ed7dd61f25c82b9710d78156932e2eff7f941c9eb2 dovecot-2.3.6.tar.gz 21519fc9b1152a947b64ce4251e1a4bdbe003b48233b1856a32696f9c1e29f730268c56eb38f9431bbfac345e6cd42e8c78c87d0702f39ebf20c6d326dcdbb94 dovecot-2.3-pigeonhole-0.5.5.tar.gz fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch 794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch 0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch 9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate -d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd -07500fdc27e8e76f8325e7160e3ac0dfd80e3dcb6d310499ea3b7d6c7899809bbb76c01aec78c4b8b9bf80cd8260dbc26726a612357d30f3b3c8be80f77f9abd mysql-fix-double-close.patch" +d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd" diff --git a/main/dovecot/mysql-fix-double-close.patch b/main/dovecot/mysql-fix-double-close.patch deleted file mode 100644 index 5a8ab0eacb..0000000000 --- a/main/dovecot/mysql-fix-double-close.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3c5101ffdd2a8115e03ed7180d53578765dea4c9 Mon Sep 17 00:00:00 2001 -Patch-Origin: https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9 -From: Aki Tuomi <aki.tuomi@dovecot.fi> -Date: Tue, 4 Dec 2018 14:40:04 +0200 -Subject: [PATCH] driver-mysql: Avoid double-closing MySQL connection - -Fixes double-free ---- - src/lib-sql/driver-mysql.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/lib-sql/driver-mysql.c b/src/lib-sql/driver-mysql.c -index c87e825e4b..5dd1c3124f 100644 ---- a/src/lib-sql/driver-mysql.c -+++ b/src/lib-sql/driver-mysql.c -@@ -173,7 +173,9 @@ static int driver_mysql_connect(struct sql_db *_db) - static void driver_mysql_disconnect(struct sql_db *_db) - { - struct mysql_db *db = (struct mysql_db *)_db; -- mysql_close(db->mysql); -+ if (db->mysql != NULL) -+ mysql_close(db->mysql); -+ db->mysql = NULL; - } - - static int driver_mysql_parse_connect_string(struct mysql_db *db, -@@ -311,7 +313,9 @@ static void driver_mysql_deinit_v(struct sql_db *_db) - _db->no_reconnect = TRUE; - sql_db_set_state(&db->api, SQL_DB_STATE_DISCONNECTED); - -- mysql_close(db->mysql); -+ if (db->mysql != NULL) -+ mysql_close(db->mysql); -+ db->mysql = NULL; - - sql_connection_log_finished(_db); - event_unref(&_db->event); |