diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-05-01 19:49:49 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-05-02 08:59:46 +0200 |
commit | 142b0e6d20ea4d01d0fbf3b0a2329d6c4c98842c (patch) | |
tree | 7898be0d2599fb77e7a149360a2b87b76299257a /source/n/dovecot | |
parent | d20b8960352742059551ee7c8b5bc041616d9349 (diff) | |
download | current-142b0e6d20ea4d01d0fbf3b0a2329d6c4c98842c.tar.gz |
Wed May 1 19:49:49 UTC 201920190501194949
ap/tmux-2.9a-x86_64-1.txz: Upgraded.
n/dovecot-2.3.6-x86_64-1.txz: Upgraded.
This update fixes two security issues:
Submission-login crashed with signal 11 due to null pointer access when
authentication was aborted by disconnecting.
Submission-login crashed when authentication was started over TLS secured
channel and invalid authentication message was sent.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11499
(* Security fix *)
n/php-7.2.18-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue
Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
(* Security fix *)
xfce/exo-0.12.5-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/n/dovecot')
-rwxr-xr-x | source/n/dovecot/dovecot.SlackBuild | 4 | ||||
-rw-r--r-- | source/n/dovecot/fix-mysql-double-free.patch | 36 |
2 files changed, 1 insertions, 39 deletions
diff --git a/source/n/dovecot/dovecot.SlackBuild b/source/n/dovecot/dovecot.SlackBuild index 5e9b7a5c..c2721fbf 100755 --- a/source/n/dovecot/dovecot.SlackBuild +++ b/source/n/dovecot/dovecot.SlackBuild @@ -2,7 +2,7 @@ # Copyright 2006, 2010 Alan Hicks, Lizella, GA # Copyright 2013, 2014, 2015, 2016, 2017 Mario Preksavec, Zagreb, Croatia -# Copyright 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2017, 2018, 2019 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -101,8 +101,6 @@ zcat $CWD/dovecot.default.shadow.auth.diff.gz | patch -p1 --verbose || exit 1 # any need to send people to /usr/doc. Also, make sure that TLS is recommended. zcat $CWD/dovecot.config.README.diff.gz | patch -p1 --verbose || exit 1 -zcat $CWD/fix-mysql-double-free.patch.gz | patch -p1 --verbose || exit 1 - chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ diff --git a/source/n/dovecot/fix-mysql-double-free.patch b/source/n/dovecot/fix-mysql-double-free.patch deleted file mode 100644 index 47842f70..00000000 --- a/source/n/dovecot/fix-mysql-double-free.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 3c5101ffdd2a8115e03ed7180d53578765dea4c9 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi <aki.tuomi@dovecot.fi> -Date: Tue, 4 Dec 2018 14:40:04 +0200 -Subject: [PATCH] driver-mysql: Avoid double-closing MySQL connection - -Fixes double-free ---- - src/lib-sql/driver-mysql.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/lib-sql/driver-mysql.c b/src/lib-sql/driver-mysql.c -index c87e825e4b..5dd1c3124f 100644 ---- a/src/lib-sql/driver-mysql.c -+++ b/src/lib-sql/driver-mysql.c -@@ -173,7 +173,9 @@ static int driver_mysql_connect(struct sql_db *_db) - static void driver_mysql_disconnect(struct sql_db *_db) - { - struct mysql_db *db = (struct mysql_db *)_db; -- mysql_close(db->mysql); -+ if (db->mysql != NULL) -+ mysql_close(db->mysql); -+ db->mysql = NULL; - } - - static int driver_mysql_parse_connect_string(struct mysql_db *db, -@@ -311,7 +313,9 @@ static void driver_mysql_deinit_v(struct sql_db *_db) - _db->no_reconnect = TRUE; - sql_db_set_state(&db->api, SQL_DB_STATE_DISCONNECTED); - -- mysql_close(db->mysql); -+ if (db->mysql != NULL) -+ mysql_close(db->mysql); -+ db->mysql = NULL; - - sql_connection_log_finished(_db); - event_unref(&_db->event); |