[pkgsrc/trunk]: pkgsrc/mail/dovecot2 Security fix:

[hauke <hauke%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ad840a5d674e
branches:  trunk
changeset: 393957:ad840a5d674e
user:      hauke <hauke%pkgsrc.org@localhost>
date:      Fri Mar 29 14:27:43 2019 +0000

description:
Security fix:

    * CVE-2019-7524: Missing input buffer size validation leads into
      arbitrary buffer overflow when reading fts or pop3 uidl header
      from Dovecot index. Exploiting this requires direct write access to
      the index files.

diffstat:

 mail/dovecot2/Makefile.common |   6 +++---
 mail/dovecot2/distinfo        |  10 +++++-----
 2 files changed, 8 insertions(+), 8 deletions(-)

diffs (39 lines):

diff -r 442edad19ece -r ad840a5d674e mail/dovecot2/Makefile.common
--- a/mail/dovecot2/Makefile.common     Fri Mar 29 12:38:49 2019 +0000
+++ b/mail/dovecot2/Makefile.common     Fri Mar 29 14:27:43 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.25 2019/03/05 16:51:03 hauke Exp $
+# $NetBSD: Makefile.common,v 1.26 2019/03/29 14:27:43 hauke Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -11,9 +11,9 @@
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
 
-DISTNAME=      dovecot-2.3.5
+DISTNAME=      dovecot-2.3.5.1
 CATEGORIES=    mail
-MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES=  https://www.dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 
 MAINTAINER=    adam%NetBSD.org@localhost
 HOMEPAGE=      http://www.dovecot.org/
diff -r 442edad19ece -r ad840a5d674e mail/dovecot2/distinfo
--- a/mail/dovecot2/distinfo    Fri Mar 29 12:38:49 2019 +0000
+++ b/mail/dovecot2/distinfo    Fri Mar 29 14:27:43 2019 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.89 2019/03/05 16:51:03 hauke Exp $
+$NetBSD: distinfo,v 1.90 2019/03/29 14:27:43 hauke Exp $
 
-SHA1 (dovecot-2.3.5.tar.gz) = e03f2ad6d80afb1b23d4f82a5ced794e07f467b7
-RMD160 (dovecot-2.3.5.tar.gz) = 428b4351e7566dbdac8da41be890016bfc575ff7
-SHA512 (dovecot-2.3.5.tar.gz) = 10513c371aeadd52184daaf8dbb9a7559c6db55e34182bbb2c9539dae0897ddcc76f6fe2ce6a81c7ce0cb94c7f79438ae3bb0e7db8ed46615feb337b4078ecc6
-Size (dovecot-2.3.5.tar.gz) = 6970480 bytes
+SHA1 (dovecot-2.3.5.1.tar.gz) = 073ff93eeffc8166303ee3fb36b71c7a8d8a0230
+RMD160 (dovecot-2.3.5.1.tar.gz) = fc380f77e4a97808237a37697b3a11010e255921
+SHA512 (dovecot-2.3.5.1.tar.gz) = e87754461fb0b065acd0ff10dc955000a2fe5baffed69efaf328ce9268f90140e9de444bc68e0bd48b565c7622885a79b1f90ff3dd2335c0c2362d05d9e73e8a
+Size (dovecot-2.3.5.1.tar.gz) = 6953150 bytes
 SHA1 (patch-aa) = ea185011f0c1ee3aa1ff528e61f6f356fe385666
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b