From: Arkadiusz Miśkiewicz Date: Tue, 5 Jan 2021 11:30:08 +0000 (+0100) Subject: - up to 2.3.13; fixes CVE-2020-24386 X-Git-Tag: auto/th/dovecot-2.3.13-1 X-Git-Url: http://git.pld-linux.org/?a=commitdiff_plain;h=refs%2Ftags%2Fauto%2Fth%2Fdovecot-2.3.13-1;p=packages%2Fdovecot.git - up to 2.3.13; fixes CVE-2020-24386 --- diff --git a/dovecot.spec b/dovecot.spec index 50af188..1911a11 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -12,13 +12,13 @@ Summary: IMAP and POP3 server written with security primarily in mind Summary(pl.UTF-8): Serwer IMAP i POP3 pisany głównie z myślą o bezpieczeństwie Name: dovecot -Version: 2.3.11.3 -Release: 2 +Version: 2.3.13 +Release: 1 Epoch: 1 License: MIT (libraries), LGPL v2.1 (the rest) Group: Networking/Daemons Source0: http://dovecot.org/releases/2.3/%{name}-%{version}.tar.gz -# Source0-md5: f06f2272fad04e7b0207f8d00a291f66 +# Source0-md5: f512bf1a4dac9ac994fddfb6bc5068ff Source1: %{name}.pamd Source2: %{name}.init Source3: %{name}.sysconfig @@ -26,7 +26,6 @@ Source4: %{name}.tmpfiles Patch0: %{name}-config.patch Patch1: %{name}-rpath.patch Patch2: %{name}-shebang.patch -Patch3: tests.patch URL: http://dovecot.org/ BuildRequires: autoconf BuildRequires: automake @@ -165,7 +164,6 @@ Pakiet programistyczny do tworzenia wtyczek dla Dovecota. %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 %{__sed} -i 's,/usr/lib/dovecot,%{_libdir}/dovecot,g' doc/example-config/*.conf doc/example-config/conf.d/*.conf @@ -300,7 +298,7 @@ if [ "$i" -eq 1 ]; then echo "Please verify contents of %{_sysconfdir}/%{name}/* files." fi -%triggerpostun -- %{name} < 1:2.2.4-2 +# < 1:2.2.4-2 %systemd_trigger dovecot.service dovecot.socket %files diff --git a/tests.patch b/tests.patch deleted file mode 100644 index 9b515e8..0000000 --- a/tests.patch +++ /dev/null @@ -1,49 +0,0 @@ -commit a744f282947907c794bd23838775b9124c90b11d -Author: Aki Tuomi -Date: Thu Aug 13 19:13:04 2020 +0300 - - auth: test-mech - Fix APOP challenge format - -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index cf0537003..0a030a2be 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -196,8 +196,8 @@ test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_ - { - string_t *apop_challenge = t_str_new(128); - -- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(), -- connect_uid, process_start_time+10); -+ str_printfa(apop_challenge,"<%lx.%lx.%"PRIxTIME_T".", (unsigned long)getpid(), -+ (unsigned long)connect_uid, process_start_time+10); - str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26); - *len_r = apop_challenge->used; - return apop_challenge->data; -commit 68817df1ef029913e9fab9f4da75ba8150c65eb6 -Author: Aki Tuomi -Date: Thu Aug 13 19:13:49 2020 +0300 - - auth: test-mech - Fix type mismatch - -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index 0a030a2be..0a22ff46d 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct auth_request *request, - } - - static inline const unsigned char * --test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) -+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r) - { - string_t *apop_challenge = t_str_new(128); - -@@ -323,7 +323,7 @@ static void test_mechs(void) - struct test_case *test_case = &tests[running_test]; - const struct mech_module *mech = test_case->mech; - struct auth_request *request; -- const char *testname = t_strdup_printf("auth mech %s %d/%lu", -+ const char *testname = t_strdup_printf("auth mech %s %d/%zu", - mech->mech_name, - running_test+1, - N_ELEMENTS(tests));