Update to Dovecot 1.0.10.
v1.0.8 and v1.0.9 were a bit bad releases. Hopefully one day I've managed to have written a proper test suite which can be run before doing any releases.. * Security hole with LDAP+auth cache: If base setting contained %variables they weren't included in auth cache key, which broke caching. This could have caused different users with same passwords to log in as each other. [pkgsrc: this was fixed in dovecot-1.0.9nb1] - LDAP: Fixed potential infinite looping when connection to LDAP server was lost and there were queued requests. - mbox: More changes to fix problems caused by v1.0.8 and v1.0.9. - Maildir: Fixed a UIDLIST_IS_LOCKED() assert-crash in some conditions (caused by changes in v1.0.9) - If protocols=none, don't require imap executables to exist
This commit is contained in:
ghen
parent
f09c8701b9
commit
24eeab8de1
3 changed files with 6 additions and 41 deletions
|
|
@ -1,7 +1,6 @@
|
|||
# $NetBSD: Makefile,v 1.109 2007/12/22 23:12:04 ghen Exp $
|
||||
# $NetBSD: Makefile,v 1.110 2008/01/01 20:47:57 ghen Exp $
|
||||
|
||||
DISTNAME= dovecot-1.0.9
|
||||
PKGREVISION= 1
|
||||
DISTNAME= dovecot-1.0.10
|
||||
CATEGORIES= mail
|
||||
MASTER_SITES= http://www.dovecot.org/releases/1.0/
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,9 @@
|
|||
$NetBSD: distinfo,v 1.76 2007/12/22 23:12:04 ghen Exp $
|
||||
$NetBSD: distinfo,v 1.77 2008/01/01 20:47:57 ghen Exp $
|
||||
|
||||
SHA1 (dovecot-1.0.9.tar.gz) = 87d89ff79d967c95ab8e59a1c1b3f710caffc290
|
||||
RMD160 (dovecot-1.0.9.tar.gz) = 535cf4c9672c8e44e751f5ffad911440707fc7d4
|
||||
Size (dovecot-1.0.9.tar.gz) = 1796543 bytes
|
||||
SHA1 (dovecot-1.0.10.tar.gz) = 7693b5be369e1b3f9ce13ebc29c3cb2ca814087e
|
||||
RMD160 (dovecot-1.0.10.tar.gz) = 6d5120e7173f399590da5d3f5eee3752125faa33
|
||||
Size (dovecot-1.0.10.tar.gz) = 1797790 bytes
|
||||
SHA1 (patch-aa) = 6258057d49add91f06d4dd51ded72e42f6774354
|
||||
SHA1 (patch-ab) = 5d45a1617dd5ee7ce07fe89b526a6fb273057bb5
|
||||
SHA1 (patch-ac) = 377da4719b5dca91a0b2fa7b3e11170cd2ea8d59
|
||||
SHA1 (patch-ag) = bd180441a0983ceccc898024370a3bdefdc11b1f
|
||||
SHA1 (patch-al) = 1a6151b7952360e2625a634ff3cbb30e09ef87c6
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
$NetBSD: patch-al,v 1.1 2007/12/22 23:12:04 ghen Exp $
|
||||
|
||||
If LDAP base contained variables, auth cache should have included
|
||||
them in the cache key.
|
||||
|
||||
http://www.dovecot.org/list/dovecot-news/2007-December/000057.html
|
||||
|
||||
--- src/auth/passdb-ldap.c.orig 2007-12-11 19:52:08.000000000 +0100
|
||||
+++ src/auth/passdb-ldap.c
|
||||
@@ -519,7 +519,8 @@ passdb_ldap_preinit(struct auth_passdb *
|
||||
conn->set.auth_bind ? "password" : NULL);
|
||||
module->module.cache_key =
|
||||
auth_cache_parse_key(auth_passdb->auth->pool,
|
||||
- conn->set.pass_filter);
|
||||
+ t_strconcat(conn->set.base,
|
||||
+ conn->set.pass_filter, NULL));
|
||||
module->module.default_pass_scheme = conn->set.default_pass_scheme;
|
||||
return &module->module;
|
||||
}
|
||||
$NetBSD: patch-al,v 1.1 2007/12/22 23:12:04 ghen Exp $
|
||||
|
||||
--- src/auth/userdb-ldap.c.orig 2007-12-11 19:52:08.000000000 +0100
|
||||
+++ src/auth/userdb-ldap.c
|
||||
@@ -231,7 +231,8 @@ userdb_ldap_preinit(struct auth_userdb *
|
||||
conn->user_attr_map, default_attr_map, NULL);
|
||||
module->module.cache_key =
|
||||
auth_cache_parse_key(auth_userdb->auth->pool,
|
||||
- conn->set.user_filter);
|
||||
+ t_strconcat(conn->set.base,
|
||||
+ conn->set.user_filter, NULL));
|
||||
return &module->module;
|
||||
}
|
||||
|
||||
Loading…
Reference in a new issue