From 28dac82f7bd3b7ab56bf37a8742901b6aaccde617249f0eb04e7d74eb76d4cfa Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Mon, 18 May 2020 16:25:27 +0000
Subject: [PATCH] Accepting request 806987 from
 home:stroeder:branches:server:mail

update to 2.3.10.1 with security fixes

OBS-URL: https://build.opensuse.org/request/show/806987
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=71
---
 dovecot-2.3.10.1.tar.gz     |  3 +++
 dovecot-2.3.10.1.tar.gz.sig | 17 +++++++++++++++++
 dovecot-2.3.10.tar.gz       |  3 ---
 dovecot-2.3.10.tar.gz.sig   | 17 -----------------
 dovecot23.changes           | 13 +++++++++++++
 dovecot23.spec              |  4 ++--
 6 files changed, 35 insertions(+), 22 deletions(-)
 create mode 100644 dovecot-2.3.10.1.tar.gz
 create mode 100644 dovecot-2.3.10.1.tar.gz.sig
 delete mode 100644 dovecot-2.3.10.tar.gz
 delete mode 100644 dovecot-2.3.10.tar.gz.sig

diff --git a/dovecot-2.3.10.1.tar.gz b/dovecot-2.3.10.1.tar.gz
new file mode 100644
index 0000000..e491099
--- /dev/null
+++ b/dovecot-2.3.10.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c
+size 7226958
diff --git a/dovecot-2.3.10.1.tar.gz.sig b/dovecot-2.3.10.1.tar.gz.sig
new file mode 100644
index 0000000..27b4c75
--- /dev/null
+++ b/dovecot-2.3.10.1.tar.gz.sig
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAl7CQmQXHGRvdmVjb3Qt
+Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGKng/+KOljo/BTYEBFL+rn38eDhhZC
+nCzbAJZl6GOYMnrN0vuEExJoQ7B9Bqy4HlO0iFsYXyD7nsOVpsfyF9z8tkk0RYCd
+PLxUCuzMrQml1af9kygghm03/PUflfsV/zu3cBzh3vy0Bygflhrr+CVWjAvauD5y
+DFGjULHZhJnNm1PG2Wwk/2Unr8MI9erXY4TG0b2hGgTxV6orZoLj1MyhPKdmVM6n
+LXYwrkhnK+RGIwISJKZVdYHAiFO7XNVgpw9gQtKff+Vs3Sa9aA2F1cGJ2Y0p+azb
++wQFLObGy/Rn87pQRkI3KPo9er3QCEwOfQQmECCnk4Aj/qhwnu7OEMrz3kj3IlLU
+uWOjzfIro0STiFqUnpZnFYVzTYgGmVUV/6mYkiYFdiVhRBPqQ2TTCsPlWPF8LXGo
+9epFAzpuCjBP+hhfrFP03CLF5B6BvDx76bB1hTacJJr1McAP4Cw7UTB9WzSEU8BX
+X5I3BAnCL8VJ73hHFWL/Wju7h45pYmd4TV0t0ZPUOIP9HonfB2BvEfLZZfMcHcEN
+QkVAmqpO2td7M7B8e6zo5+URZ0RVasuoTFlMwNcvzPCt5XdfxY/WMH9FAzJ5Kbdo
+U7Vte4WMyTsS8msfIMUwn9hH7xtwoNz9CSQ/vFcCDb+zANG18TC2uNXzjYNoFzib
+yYeoSMY2wtd2cz2GxD4=
+=2qVX
+-----END PGP SIGNATURE-----
diff --git a/dovecot-2.3.10.tar.gz b/dovecot-2.3.10.tar.gz
deleted file mode 100644
index a76cdee..0000000
--- a/dovecot-2.3.10.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:473184723d854a4d1dbd99c11a7b9f65156ca5fe6ecf85d9a44b5127e6f871c5
-size 7222241
diff --git a/dovecot-2.3.10.tar.gz.sig b/dovecot-2.3.10.tar.gz.sig
deleted file mode 100644
index 6b20c05..0000000
--- a/dovecot-2.3.10.tar.gz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAl5iGhcXHGRvdmVjb3Qt
-Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaG8kw//S73W3/HVISbRzIS78lyaeJmC
-aRnbjbJ+RGbaUy1LG9vP7wWyYcpGGbApnizeecpkZN/vWgFkmobvOS5rdSP0ITUZ
-7VG3nG1IfKpkpGqffDNKCSkMblF5LZ9BGa948seplyKi1uRWtK8oUl95Has9RyqJ
-P7z+dl2RJPjJiK1e9tYIr6Y9bRR8EcZJlzOr7a8gDKiI6ugeqzds7aiLwiW6f5wL
-fOKjKgExTxZeRJF0inOGaYEhx4M5g5NAn6y7OuUYqXdPcTW5mRDq3mDmftmtdAJZ
-RMxJ1ATr01iWo/3wcORHMqCqlR8HzaGPs75rpZolxWrYtVIFPS5RIqFhG7IcbrT7
-101jEHsacx9TtzkL9z6Rm3qHsfiSqeSyE7J+4nj2Dbe88JxsXm8L6JgwPxuA9qzg
-CKvqbwaS0YssP1X0DpxJd2IYzxhGsC6bR9vEIui6N88Aeda17dLHymCdS4Idy5FE
-UqIPJOu2u57Nr6yIeRsYDtbuQUOOFu9RjKBefyWTK9CkibtVsPbtcoHIJl5wSWMA
-4SByZMW5YibeMEjv4Q9bAFUAZz/z74n8nXuYJzHnpbLllO5RL7prY+jCh4C3+tUH
-abr3Ze9F8kAl2NEb3EL/mJtTvr+xdQRdk5UD6pghDFhjkXhWCG0nydX4Om7YnSrl
-PxBREzaF+0V81+2dC34=
-=k0ms
------END PGP SIGNATURE-----
diff --git a/dovecot23.changes b/dovecot23.changes
index 9ac3dd8..c67ca45 100644
--- a/dovecot23.changes
+++ b/dovecot23.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon May 18 14:04:52 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- update to 2.3.10.1 with security fixes for
+  * CVE-2020-10957: lmtp/submission: A client can crash the server by
+    sending a NOOP command with an invalid string parameter.
+  * CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
+    commands can cause the server to access freed memory, which can lead
+    to a server crash.
+  * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
+    address that has the empty quoted string as local-part causes the
+    lmtp service to crash.
+
 -------------------------------------------------------------------
 Wed Apr 29 21:25:30 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
 
diff --git a/dovecot23.spec b/dovecot23.spec
index 7116f5d..33a256a 100644
--- a/dovecot23.spec
+++ b/dovecot23.spec
@@ -19,10 +19,10 @@
 %global _lto_cflags %{nil}
 
 Name:           dovecot23
-Version:        2.3.10
+Version:        2.3.10.1
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.10
+%define dovecot_version 2.3.10.1
 %define dovecot_pigeonhole_version 0.5.10
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}