From 9d43579f2d7d517de3a67c41b2429b467c651514 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 28 Feb 2018 22:57:04 +0100 Subject: gnu: dovecot: Update to 2.3.0.1 [fixes CVE-2017-14461]. * gnu/packages/mail.scm (dovecot): Update to 2.3.0.1. [source]: Remove upstreamed patch. * gnu/packages/patches/dovecot-CVE-2017-15132.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/mail.scm | 5 ++-- gnu/packages/patches/dovecot-CVE-2017-15132.patch | 36 ----------------------- 3 files changed, 2 insertions(+), 40 deletions(-) delete mode 100644 gnu/packages/patches/dovecot-CVE-2017-15132.patch diff --git a/gnu/local.mk b/gnu/local.mk index 9cc00b844c..3d0bd38e50 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -618,7 +618,6 @@ dist_patch_DATA = \ %D%/packages/patches/docbook-xsl-nonrecursive-string-subst.patch \ %D%/packages/patches/doc++-include-directives.patch \ %D%/packages/patches/doc++-segfault-fix.patch \ - %D%/packages/patches/dovecot-CVE-2017-15132.patch \ %D%/packages/patches/doxygen-test.patch \ %D%/packages/patches/dvd+rw-tools-add-include.patch \ %D%/packages/patches/eigen-arm-neon-fixes.patch \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 9fbfddbec1..8d3544f908 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -1180,16 +1180,15 @@ (define-public exim (define-public dovecot (package (name "dovecot") - (version "2.3.0") + (version "2.3.0.1") (source (origin (method url-fetch) (uri (string-append "https://www.dovecot.org/releases/" (version-major+minor version) "/" name "-" version ".tar.gz")) - (patches (search-patches "dovecot-CVE-2017-15132.patch")) (sha256 (base32 - "10c5myzgys866c3x6jdr1s9x9pqnjd5vpyz8z384sph21m3wnq6y")))) + "0lzisrdgrj5qqwjb7bv99mf2aljm568r6g108yisp0s644z2nxxb")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/patches/dovecot-CVE-2017-15132.patch b/gnu/packages/patches/dovecot-CVE-2017-15132.patch deleted file mode 100644 index 32666b8557..0000000000 --- a/gnu/packages/patches/dovecot-CVE-2017-15132.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2017-15132: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132 - -Patch copied from upstream source repository: - -https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 - -From 1a29ed2f96da1be22fa5a4d96c7583aa81b8b060 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Mon, 18 Dec 2017 16:50:51 +0200 -Subject: [PATCH] lib-auth: Fix memory leak in auth_client_request_abort() - -This caused memory leaks when authentication was aborted. For example -with IMAP: - -a AUTHENTICATE PLAIN -* - -Broken by 9137c55411aa39d41c1e705ddc34d5bd26c65021 ---- - src/lib-auth/auth-client-request.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c -index 480fb42b30..046f7c307d 100644 ---- a/src/lib-auth/auth-client-request.c -+++ b/src/lib-auth/auth-client-request.c -@@ -186,6 +186,7 @@ void auth_client_request_abort(struct auth_client_request **_request) - - auth_client_send_cancel(request->conn->client, request->id); - call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); -+ pool_unref(&request->pool); - } - - unsigned int auth_client_request_get_id(struct auth_client_request *request) -- cgit v1.2.3