[Buildroot] [PATCH 1/1] package/dovecot: security bump to version 2.3.4

Bernd Kuhls bernd.kuhls at t-online.de
Thu Mar 1 19:41:51 UTC 2018


Fixes CVE-2017-15130, CVE-2017-14461 & CVE-2017-15132:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html

Removed patch applied upstream:
https://github.com/dovecot/core/commit/a008617e811673064fd657acf517dc4a12493d29

Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
---
 ...x-memory-leak-in-auth_client_request_abor.patch | 33 ----------------------
 package/dovecot/dovecot.hash                       |  2 +-
 package/dovecot/dovecot.mk                         |  2 +-
 3 files changed, 2 insertions(+), 35 deletions(-)
 delete mode 100644 package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch

diff --git a/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch b/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch
deleted file mode 100644
index babccd3acf..0000000000
--- a/package/dovecot/0002-lib-auth-Fix-memory-leak-in-auth_client_request_abor.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001
-From: Timo Sirainen <timo.sirainen at dovecot.fi>
-Date: Mon, 18 Dec 2017 16:50:51 +0200
-Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort()
-
-This caused memory leaks when authentication was aborted. For example
-with IMAP:
-
-a AUTHENTICATE PLAIN
-*
-
-Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021
-
-Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
----
- src/lib-auth/auth-client-request.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
-index 480fb42b3..046f7c307 100644
---- a/src/lib-auth/auth-client-request.c
-+++ b/src/lib-auth/auth-client-request.c
-@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request)
- 
- 	auth_client_send_cancel(request->conn->client, request->id);
- 	call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
-+	pool_unref(&request->pool);
- }
- 
- unsigned int auth_client_request_get_id(struct auth_client_request *request)
--- 
-2.11.0
-
diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash
index 33163d6d8c..fef0746089 100644
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,5 +1,5 @@
 # Locally computed after checking signature
-sha256 fe1e3b78609a56ee22fc209077e4b75348fa1bbd54c46f52bde2472a4c4cee84  dovecot-2.2.33.2.tar.gz
+sha256 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353  dovecot-2.2.34.tar.gz
 sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8  COPYING
 sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LGPL
 sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97  COPYING.MIT
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index 71a76c2818..e1b4bb21b8 100644
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 DOVECOT_VERSION_MAJOR = 2.2
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).33.2
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).34
 DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
-- 
2.11.0



More information about the buildroot mailing list