CVS commit: pkgsrc/mail

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Mon, 19 Aug 2024 09:29:57 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Aug 19 09:29:57 UTC 2024

Modified Files:
        pkgsrc/mail/dovecot2: Makefile Makefile.common distinfo
        pkgsrc/mail/dovecot2-ldap: Makefile
        pkgsrc/mail/dovecot2-sqlite: Makefile

Log Message:
dovecot2: updated to 2.3.21.1

v2.3.21.1

- CVE-2024-23184: A large number of address headers in email resulted
  in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
  discarded, with a limit of 10MB on a single header and 50MB for all
  the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
  to introspection server. These need to be optionally in Basic auth
  instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
  required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
  protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
  from token, but was configured on Dovecot.


To generate a diff of this commit:
cvs rdiff -u -r1.111 -r1.112 pkgsrc/mail/dovecot2/Makefile
cvs rdiff -u -r1.52 -r1.53 pkgsrc/mail/dovecot2/Makefile.common
cvs rdiff -u -r1.123 -r1.124 pkgsrc/mail/dovecot2/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/mail/dovecot2-ldap/Makefile
cvs rdiff -u -r1.35 -r1.36 pkgsrc/mail/dovecot2-sqlite/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/dovecot2/Makefile
diff -u pkgsrc/mail/dovecot2/Makefile:1.111 pkgsrc/mail/dovecot2/Makefile:1.112
--- pkgsrc/mail/dovecot2/Makefile:1.111 Tue Oct 24 22:09:42 2023
+++ pkgsrc/mail/dovecot2/Makefile       Mon Aug 19 09:29:56 2024
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.111 2023/10/24 22:09:42 wiz Exp $
+# $NetBSD: Makefile,v 1.112 2024/08/19 09:29:56 adam Exp $
 
-PKGREVISION= 1
 .include "../../mail/dovecot2/Makefile.common"
 
 RCD_SCRIPTS=           dovecot

Index: pkgsrc/mail/dovecot2/Makefile.common
diff -u pkgsrc/mail/dovecot2/Makefile.common:1.52 pkgsrc/mail/dovecot2/Makefile.common:1.53
--- pkgsrc/mail/dovecot2/Makefile.common:1.52   Wed Sep 20 18:32:14 2023
+++ pkgsrc/mail/dovecot2/Makefile.common        Mon Aug 19 09:29:56 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.52 2023/09/20 18:32:14 otis Exp $
+# $NetBSD: Makefile.common,v 1.53 2024/08/19 09:29:56 adam Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -11,9 +11,9 @@
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
 
-DISTNAME=      dovecot-2.3.21
+DISTNAME=      dovecot-2.3.21.1
 CATEGORIES=    mail
-MASTER_SITES=  https://dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES=  https://dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      https://www.dovecot.org/

Index: pkgsrc/mail/dovecot2/distinfo
diff -u pkgsrc/mail/dovecot2/distinfo:1.123 pkgsrc/mail/dovecot2/distinfo:1.124
--- pkgsrc/mail/dovecot2/distinfo:1.123 Fri Nov 17 20:48:01 2023
+++ pkgsrc/mail/dovecot2/distinfo       Mon Aug 19 09:29:56 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.123 2023/11/17 20:48:01 schmonz Exp $
+$NetBSD: distinfo,v 1.124 2024/08/19 09:29:56 adam Exp $
 
-BLAKE2s (dovecot-2.3.21.tar.gz) = 8279638bc72f97d9787b454e814dbe008b8d40aeed07019dca58ed5e7e2772fb
-SHA512 (dovecot-2.3.21.tar.gz) = 2d463c38639c3fd3d617ee5b1a4e4d0c11362339c4d4d62a5a90164a8b10bc58919545679bbf379139bdb743fdb013033abfddc1fc6401eb8099463cdc2401ca
-Size (dovecot-2.3.21.tar.gz) = 7837242 bytes
+BLAKE2s (dovecot-2.3.21.1.tar.gz) = d2db50e1ac61deb8e5ef69829eb5ceb2d09892cb836f333d37e8e45852951bd9
+SHA512 (dovecot-2.3.21.1.tar.gz) = 9de6ce3a579ef2040248b692874a6d64a732bb735a9cee3144604927cad49690c4b0e29f7ecf3af23190d56f30956d955d13acd5d352534df62fbdfde4b60f9f
+Size (dovecot-2.3.21.1.tar.gz) = 7842044 bytes
 SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611
 SHA1 (patch-ab) = 685ab3d0e21515bf157e9897ebdebf484f0ece96
 SHA1 (patch-ae) = c1e76d75fab4b13d3b9b33af800bac18c90989da

Index: pkgsrc/mail/dovecot2-ldap/Makefile
diff -u pkgsrc/mail/dovecot2-ldap/Makefile:1.7 pkgsrc/mail/dovecot2-ldap/Makefile:1.8
--- pkgsrc/mail/dovecot2-ldap/Makefile:1.7      Tue Oct 24 22:09:42 2023
+++ pkgsrc/mail/dovecot2-ldap/Makefile  Mon Aug 19 09:29:56 2024
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.7 2023/10/24 22:09:42 wiz Exp $
+# $NetBSD: Makefile,v 1.8 2024/08/19 09:29:56 adam Exp $
 
-PKGREVISION= 1
 .include "../../mail/dovecot2/Makefile.common"
 
 PKGNAME=       ${DISTNAME:S/dovecot/dovecot-ldap/}

Index: pkgsrc/mail/dovecot2-sqlite/Makefile
diff -u pkgsrc/mail/dovecot2-sqlite/Makefile:1.35 pkgsrc/mail/dovecot2-sqlite/Makefile:1.36
--- pkgsrc/mail/dovecot2-sqlite/Makefile:1.35   Wed May 29 16:33:20 2024
+++ pkgsrc/mail/dovecot2-sqlite/Makefile        Mon Aug 19 09:29:56 2024
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.35 2024/05/29 16:33:20 adam Exp $
+# $NetBSD: Makefile,v 1.36 2024/08/19 09:29:56 adam Exp $
 
-PKGREVISION= 3
 .include "../../mail/dovecot2/Makefile.common"
 
 PKGNAME=       ${DISTNAME:S/dovecot/dovecot-sqlite/}

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/mail/dovecot2-pigeonhole
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/mail/dovecot2-pigeonhole
Indexes:

Home | Main Index | Thread Index | Old Index