[dovecot/f16] dovecot updated to 2.0.21

Michal Hlavinka mhlavink at fedoraproject.org
Tue Jul 3 09:52:35 UTC 2012 

commit 4280d7235199d2ef182a6a8dce900efab43acc74
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Tue Jul 3 11:52:33 2012 +0200

    dovecot updated to 2.0.21
    
    - imap-login: Memory leak fixed
    - imap: Non-UTF8 input on SEARCH command parameters could have crashed
    - auth: Fixed crash with DIGEST-MD5 when attempting to do master user
      login without master passdbs.
    - sdbox: Don't use more fds than necessary when copying mails.
    - mdbox kept the user's storage locked a bit longer than it needed to

 .gitignore                            |    1 +
 dovecot-2.0.21-postreleasefixes.patch |   52 +++++++++++++++++++++++++++++++++
 dovecot.spec                          |   13 +++++++-
 sources                               |    2 +-
 4 files changed, 66 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 140392a..711d43f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,3 +37,4 @@ pigeonhole-snap0592366457df.tar.bz2
 /dovecot-2.0.19.tar.gz
 /dovecot-2.0-pigeonhole-0.2.6.tar.gz
 /dovecot-2.0.20.tar.gz
+/dovecot-2.0.21.tar.gz
diff --git a/dovecot-2.0.21-postreleasefixes.patch b/dovecot-2.0.21-postreleasefixes.patch
new file mode 100644
index 0000000..ca85b2b
--- /dev/null
+++ b/dovecot-2.0.21-postreleasefixes.patch
@@ -0,0 +1,52 @@
+message parser: Fixed infinite loop when parsing a specific message.
+login proxy: Previous memory leak fix caused Dovecot to access freed memory.
+diff -r 066c1acd272b -r 7720fb368e40 src/lib-mail/message-parser.c
+--- a/src/lib-mail/message-parser.c	Tue Jun 12 00:04:01 2012 +0300
++++ b/src/lib-mail/message-parser.c	Wed Jun 20 02:21:54 2012 +0300
+@@ -151,7 +151,10 @@
+ 		}
+ 	}
+ 
+-	ctx->want_count = 1;
++	if (!*full_r) {
++		/* reset number of wanted characters if we actually got them */
++		ctx->want_count = 1;
++	}
+ 	return 1;
+ }
+ 
+
+
+diff -r 7720fb368e40 -r 2440e656ed9f src/login-common/ssl-proxy-openssl.c
+--- a/src/login-common/ssl-proxy-openssl.c	Wed Jun 20 02:21:54 2012 +0300
++++ b/src/login-common/ssl-proxy-openssl.c	Sun Jun 24 01:03:52 2012 +0300
+@@ -715,6 +715,7 @@
+ 	const char *dnsname;
+ 	bool dns_names = FALSE;
+ 	unsigned int i, count;
++	int ret;
+ 
+ 	cert = SSL_get_peer_certificate(ssl);
+ 	i_assert(cert != NULL);
+@@ -732,14 +733,15 @@
+ 		}
+ 	}
+ 	sk_GENERAL_NAME_pop_free(gnames, GENERAL_NAME_free);
+-	X509_free(cert);
+ 
+ 	/* verify against CommonName only when there wasn't any DNS
+ 	   SubjectAltNames */
+ 	if (dns_names)
+-		return i < count ? 0 : -1;
+-
+-	return strcmp(get_cname(cert), verify_name) == 0 ? 0 : -1;
++		ret = i < count ? 0 : -1;
++	else
++		ret = strcmp(get_cname(cert), verify_name) == 0 ? 0 : -1;
++	X509_free(cert);
++	return ret;
+ }
+ 
+ int ssl_proxy_cert_match_name(struct ssl_proxy *proxy, const char *verify_name)
+
+
diff --git a/dovecot.spec b/dovecot.spec
index 87aa0ee..1a569ae 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -1,7 +1,7 @@
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
-Version: 2.0.20
+Version: 2.0.21
 Release: 1%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
@@ -25,6 +25,7 @@ Source14: dovecot.conf.5
 Patch1: dovecot-2.0-defaultconfig.patch
 Patch2: dovecot-1.0.beta2-mkcert-permissions.patch
 Patch3: dovecot-1.0.rc7-mkcert-paths.patch
+Patch4: dovecot-2.0.21-postreleasefixes.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
@@ -107,6 +108,7 @@ This package provides the development files for dovecot.
 %patch1 -p1 -b .default-settings
 %patch2 -p1 -b .mkcert-permissions
 %patch3 -p1 -b .mkcert-paths
+%patch4 -p1 -b .postreleasefixes
 
 %build
 #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules
@@ -403,6 +405,15 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Tue Jul 03 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.21-1
+- dovecot updated to 2.0.21
+- imap-login: Memory leak fixed
+- imap: Non-UTF8 input on SEARCH command parameters could have crashed
+- auth: Fixed crash with DIGEST-MD5 when attempting to do master user
+  login without master passdbs.
+- sdbox: Don't use more fds than necessary when copying mails.
+- mdbox kept the user's storage locked a bit longer than it needed to
+
 * Tue Apr 10 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.20-1
 - dovecot updated to 2.0.20
 - doveadm import didn't import messages' flags
diff --git a/sources b/sources
index b16f6af..f8797a1 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-e67c16c5b7ca68244ae88569ab57903f  dovecot-2.0.20.tar.gz
+b19d29dcd865c86de76b9ad3d7d3af03  dovecot-2.0.21.tar.gz
 be2aacc447b26e14eb90324116af70aa  dovecot-2.0-pigeonhole-0.2.6.tar.gz

More information about the scm-commits mailing list