[dovecot/f16] dovecot updated to 2.0.21
Michal Hlavinka
mhlavink at fedoraproject.org
Tue Jul 3 09:52:35 UTC 2012
commit 4280d7235199d2ef182a6a8dce900efab43acc74
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Tue Jul 3 11:52:33 2012 +0200
dovecot updated to 2.0.21
- imap-login: Memory leak fixed
- imap: Non-UTF8 input on SEARCH command parameters could have crashed
- auth: Fixed crash with DIGEST-MD5 when attempting to do master user
login without master passdbs.
- sdbox: Don't use more fds than necessary when copying mails.
- mdbox kept the user's storage locked a bit longer than it needed to
.gitignore | 1 +
dovecot-2.0.21-postreleasefixes.patch | 52 +++++++++++++++++++++++++++++++++
dovecot.spec | 13 +++++++-
sources | 2 +-
4 files changed, 66 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 140392a..711d43f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,3 +37,4 @@ pigeonhole-snap0592366457df.tar.bz2
/dovecot-2.0.19.tar.gz
/dovecot-2.0-pigeonhole-0.2.6.tar.gz
/dovecot-2.0.20.tar.gz
+/dovecot-2.0.21.tar.gz
diff --git a/dovecot-2.0.21-postreleasefixes.patch b/dovecot-2.0.21-postreleasefixes.patch
new file mode 100644
index 0000000..ca85b2b
--- /dev/null
+++ b/dovecot-2.0.21-postreleasefixes.patch
@@ -0,0 +1,52 @@
+message parser: Fixed infinite loop when parsing a specific message.
+login proxy: Previous memory leak fix caused Dovecot to access freed memory.
+diff -r 066c1acd272b -r 7720fb368e40 src/lib-mail/message-parser.c
+--- a/src/lib-mail/message-parser.c Tue Jun 12 00:04:01 2012 +0300
++++ b/src/lib-mail/message-parser.c Wed Jun 20 02:21:54 2012 +0300
+@@ -151,7 +151,10 @@
+ }
+ }
+
+- ctx->want_count = 1;
++ if (!*full_r) {
++ /* reset number of wanted characters if we actually got them */
++ ctx->want_count = 1;
++ }
+ return 1;
+ }
+
+
+
+diff -r 7720fb368e40 -r 2440e656ed9f src/login-common/ssl-proxy-openssl.c
+--- a/src/login-common/ssl-proxy-openssl.c Wed Jun 20 02:21:54 2012 +0300
++++ b/src/login-common/ssl-proxy-openssl.c Sun Jun 24 01:03:52 2012 +0300
+@@ -715,6 +715,7 @@
+ const char *dnsname;
+ bool dns_names = FALSE;
+ unsigned int i, count;
++ int ret;
+
+ cert = SSL_get_peer_certificate(ssl);
+ i_assert(cert != NULL);
+@@ -732,14 +733,15 @@
+ }
+ }
+ sk_GENERAL_NAME_pop_free(gnames, GENERAL_NAME_free);
+- X509_free(cert);
+
+ /* verify against CommonName only when there wasn't any DNS
+ SubjectAltNames */
+ if (dns_names)
+- return i < count ? 0 : -1;
+-
+- return strcmp(get_cname(cert), verify_name) == 0 ? 0 : -1;
++ ret = i < count ? 0 : -1;
++ else
++ ret = strcmp(get_cname(cert), verify_name) == 0 ? 0 : -1;
++ X509_free(cert);
++ return ret;
+ }
+
+ int ssl_proxy_cert_match_name(struct ssl_proxy *proxy, const char *verify_name)
+
+
diff --git a/dovecot.spec b/dovecot.spec
index 87aa0ee..1a569ae 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -1,7 +1,7 @@
Summary: Secure imap and pop3 server
Name: dovecot
Epoch: 1
-Version: 2.0.20
+Version: 2.0.21
Release: 1%{?dist}
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
License: MIT and LGPLv2
@@ -25,6 +25,7 @@ Source14: dovecot.conf.5
Patch1: dovecot-2.0-defaultconfig.patch
Patch2: dovecot-1.0.beta2-mkcert-permissions.patch
Patch3: dovecot-1.0.rc7-mkcert-paths.patch
+Patch4: dovecot-2.0.21-postreleasefixes.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
@@ -107,6 +108,7 @@ This package provides the development files for dovecot.
%patch1 -p1 -b .default-settings
%patch2 -p1 -b .mkcert-permissions
%patch3 -p1 -b .mkcert-paths
+%patch4 -p1 -b .postreleasefixes
%build
#required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules
@@ -403,6 +405,15 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog
+* Tue Jul 03 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.21-1
+- dovecot updated to 2.0.21
+- imap-login: Memory leak fixed
+- imap: Non-UTF8 input on SEARCH command parameters could have crashed
+- auth: Fixed crash with DIGEST-MD5 when attempting to do master user
+ login without master passdbs.
+- sdbox: Don't use more fds than necessary when copying mails.
+- mdbox kept the user's storage locked a bit longer than it needed to
+
* Tue Apr 10 2012 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.20-1
- dovecot updated to 2.0.20
- doveadm import didn't import messages' flags
diff --git a/sources b/sources
index b16f6af..f8797a1 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-e67c16c5b7ca68244ae88569ab57903f dovecot-2.0.20.tar.gz
+b19d29dcd865c86de76b9ad3d7d3af03 dovecot-2.0.21.tar.gz
be2aacc447b26e14eb90324116af70aa dovecot-2.0-pigeonhole-0.2.6.tar.gz
More information about the scm-commits
mailing list