diff --git a/dovecot-2.3.4.1.tar.gz b/dovecot-2.3.4.1.tar.gz new file mode 100644 index 0000000..a476618 --- /dev/null +++ b/dovecot-2.3.4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07 +size 6925073 diff --git a/dovecot-2.3.4.1.tar.gz.sig b/dovecot-2.3.4.1.tar.gz.sig new file mode 100644 index 0000000..de29adc --- /dev/null +++ b/dovecot-2.3.4.1.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlxZb8EXHGRvdmVjb3Qt +Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGwOBAAm9ck9yken0ArzR0njXywornz +ftUrEflzkEESqVxFVGF7i4ZPxa1Dfrpb5QedIBcdFp1sV1sALSh5HH5k43TV+yBY +r7trHu8kJSOmFE4KoHst9Y6bewu3Rg5Bh2v5XBaaY6A9ADjdJNamT4AAqDDI2f6Q +f27P/O+34bvgCI7Ol1VezFXlNagBtcSBAtPTqfqdILqW/H0oV1J21gmBGTT6u6Z8 +aPyf060U46GZWjHBQDoZRq0NUSIYf8H7qdubEbt0kCifWFuT1LjmvLRbQv3Wxp5m +H0QjzWejVun9AX6MG5mZCzmIn+q30ArUG9EJ4tAAzvsCUqywvpbjjuU2wULGJJNz +oEAEVIXp84yxXUavnr+DFevh2yruVHZUj16lwF98u29IWiSwFfhZZsyc+jXuwiDm +WYl/KfOL3ACBakcPxdMyVTwghKBAA9xH0DXAsPTyIrxwmNgn48d/wiQtmtsYVAYb +HlYtooee4KptiXL9Eq/kAz7oAPrVdhZxqT48CRh6Cd6dfWtGXNQIMdXVt/7T2ygJ +sC/wpziKEy+BE1J/NSuCOgGNcIQij0VJvl9rnldpxACzNQ0CGaJfKv7/LPF2bO5o +LED+rFOFfK3IOGxZgr5euQPIVVn7DxAZaIoEumwYW3YO46BJlSB+9XN20YVqH4vY +jyPHxVeZN6q7RvlP498= +=HaCn +-----END PGP SIGNATURE----- diff --git a/dovecot-2.3.4.tar.gz b/dovecot-2.3.4.tar.gz deleted file mode 100644 index b740975..0000000 --- a/dovecot-2.3.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d91b76eff8df6185c1799f1b279f780105bdeeea27e3286b42f4cab18efbef05 -size 6924178 diff --git a/dovecot-2.3.4.tar.gz.sig b/dovecot-2.3.4.tar.gz.sig deleted file mode 100644 index 62d6dae..0000000 --- a/dovecot-2.3.4.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAlv3480XHGRvdmVjb3Qt -Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaF1mg//SA1Wstc+qX+LT+EzE1wqQuQR -3aZPQI0e0T9DNggsDVifXtFUfbFBUhKX5r/dJxletbkZG5ymqHxdNMA43dLhiuAl -wx0lXqEqanzyH+yDBC+dCXpfjw3ldu359edlFpwiGc1B+UfsxLBON6Kseh3W3/us -0bkcDaFYmuhtPmKj3LdRWrURC5GJcDHaL639SfqL5A2J57Ah1OIh0YxWntImoYU7 -0eT6sGD5x/9HIkWtkZoGkn+Gm0hRXVPkeOQ2SmizqWiU4nxr9FCZdvb8rhCGeEVt -0WZJANbpsKdKSXpxP7bdV+ivpUD6CorTT4apBhZSf049ZiuIueaxrWU1zaem2t1P -cP1MGq+liZz0ZH+GPJtnAx45Gzx1SG1rBdQmBUOLnu1/v5S+NMsG+Wc0cdXMmxAF -e7yCeRxeAvzbaKmvkVAESlonvCoh8bLdzE0XqibCRcWgGTCs1iVs3yQBSrDxii5x -6KYiLe+r1YHH6cbMKC+ddPpuY1ybIXNo5kdLmCnUt2qOJQt2NDDH3FVHLeQFluTM -q7ORNhmwNHlIeR01jBDvwrr1FIKPxYNTcigGQrVFQh3eLToYayXcnuFG3PgZwoI0 -zmTex70vEVrr1Ru8K9NTbsQKLu13CjGGVhenBQDj4C06P/fPLnXDYBkdVIkflQYA -XFEAHqhpTKi0b5n0mQQ= -=JHB0 ------END PGP SIGNATURE----- diff --git a/dovecot23.changes b/dovecot23.changes index 66644c3..e95b623 100644 --- a/dovecot23.changes +++ b/dovecot23.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Tue Feb 5 13:45:52 UTC 2019 - Marcus Rueckert + +- update to 2.3.4.1 (boo#1123022) + * CVE-2019-3814: If imap/pop3/managesieve/submission client has + trusted certificate with missing username field + (ssl_cert_username_field), under some configurations Dovecot + mistakenly trusts the username provided via authentication + instead of failing. + * ssl_cert_username_field setting was ignored with external + SMTP AUTH, because none of the MTAs (Postfix, Exim) currently + send the cert_username field. This may have allowed users with + trusted certificate to specify any username in the + authentication. This bug didn't affect Dovecot's Submission + service. + ------------------------------------------------------------------- Thu Jan 17 21:57:42 UTC 2019 - Arjen de Korte diff --git a/dovecot23.spec b/dovecot23.spec index 7fbc729..fbf9431 100644 --- a/dovecot23.spec +++ b/dovecot23.spec @@ -1,7 +1,7 @@ # # spec file for package dovecot23 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,10 +17,10 @@ Name: dovecot23 -Version: 2.3.4 +Version: 2.3.4.1 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.4 +%define dovecot_version 2.3.4.1 %define dovecot_pigeonhole_version 0.5.4 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}