summaryrefslogtreecommitdiff
path: root/source/n/dovecot
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2019-05-01 19:49:49 +0000
committerEric Hameleers <alien@slackware.com>2019-05-02 08:59:46 +0200
commit142b0e6d20ea4d01d0fbf3b0a2329d6c4c98842c (patch)
tree7898be0d2599fb77e7a149360a2b87b76299257a /source/n/dovecot
parentd20b8960352742059551ee7c8b5bc041616d9349 (diff)
downloadcurrent-142b0e6d20ea4d01d0fbf3b0a2329d6c4c98842c.tar.gz
Wed May 1 19:49:49 UTC 201920190501194949
ap/tmux-2.9a-x86_64-1.txz: Upgraded. n/dovecot-2.3.6-x86_64-1.txz: Upgraded. This update fixes two security issues: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting. Submission-login crashed when authentication was started over TLS secured channel and invalid authentication message was sent. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11494 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11499 (* Security fix *) n/php-7.2.18-x86_64-1.txz: Upgraded. This update fixes bugs and a security issue Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036 (* Security fix *) xfce/exo-0.12.5-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/dovecot')
-rwxr-xr-xsource/n/dovecot/dovecot.SlackBuild4
-rw-r--r--source/n/dovecot/fix-mysql-double-free.patch36
2 files changed, 1 insertions, 39 deletions
diff --git a/source/n/dovecot/dovecot.SlackBuild b/source/n/dovecot/dovecot.SlackBuild
index 5e9b7a5c..c2721fbf 100755
--- a/source/n/dovecot/dovecot.SlackBuild
+++ b/source/n/dovecot/dovecot.SlackBuild
@@ -2,7 +2,7 @@
# Copyright 2006, 2010 Alan Hicks, Lizella, GA
# Copyright 2013, 2014, 2015, 2016, 2017 Mario Preksavec, Zagreb, Croatia
-# Copyright 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2017, 2018, 2019 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -101,8 +101,6 @@ zcat $CWD/dovecot.default.shadow.auth.diff.gz | patch -p1 --verbose || exit 1
# any need to send people to /usr/doc. Also, make sure that TLS is recommended.
zcat $CWD/dovecot.config.README.diff.gz | patch -p1 --verbose || exit 1
-zcat $CWD/fix-mysql-double-free.patch.gz | patch -p1 --verbose || exit 1
-
chown -R root:root .
find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
diff --git a/source/n/dovecot/fix-mysql-double-free.patch b/source/n/dovecot/fix-mysql-double-free.patch
deleted file mode 100644
index 47842f70..00000000
--- a/source/n/dovecot/fix-mysql-double-free.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 3c5101ffdd2a8115e03ed7180d53578765dea4c9 Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@dovecot.fi>
-Date: Tue, 4 Dec 2018 14:40:04 +0200
-Subject: [PATCH] driver-mysql: Avoid double-closing MySQL connection
-
-Fixes double-free
----
- src/lib-sql/driver-mysql.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/lib-sql/driver-mysql.c b/src/lib-sql/driver-mysql.c
-index c87e825e4b..5dd1c3124f 100644
---- a/src/lib-sql/driver-mysql.c
-+++ b/src/lib-sql/driver-mysql.c
-@@ -173,7 +173,9 @@ static int driver_mysql_connect(struct sql_db *_db)
- static void driver_mysql_disconnect(struct sql_db *_db)
- {
- struct mysql_db *db = (struct mysql_db *)_db;
-- mysql_close(db->mysql);
-+ if (db->mysql != NULL)
-+ mysql_close(db->mysql);
-+ db->mysql = NULL;
- }
-
- static int driver_mysql_parse_connect_string(struct mysql_db *db,
-@@ -311,7 +313,9 @@ static void driver_mysql_deinit_v(struct sql_db *_db)
- _db->no_reconnect = TRUE;
- sql_db_set_state(&db->api, SQL_DB_STATE_DISCONNECTED);
-
-- mysql_close(db->mysql);
-+ if (db->mysql != NULL)
-+ mysql_close(db->mysql);
-+ db->mysql = NULL;
-
- sql_connection_log_finished(_db);
- event_unref(&_db->event);