Re: Release notify (2.2.36.1 and 2.3.4.1)

Aki Tuomi via dovecot Tue, 05 Feb 2019 12:25:27 -0800

On 05 February 2019 at 22:18 Odhiambo Washington via dovecot < dovecot@dovecot.org> wrote:

On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot < dovecot@dovecot.org>

wrote:

Due to DMARC issues some people have failed to receive the latest security

information, so here it is repeated for both releases:

2.3.4.1

https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz

https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig

< https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig>

Binary packages in https://repo.dovecot.org/

* CVE-2019-3814: If imap/pop3/managesieve/submission client has

trusted certificate with missing username field

(ssl_cert_username_field), under some configurations Dovecot

mistakenly trusts the username provided via authentication instead

of failing.

* ssl_cert_username_field setting was ignored with external SMTP AUTH,

because none of the MTAs (Postfix, Exim) currently send the

cert_username field. This may have allowed users with trusted

certificate to specify any username in the authentication. This bug

didn't affect Dovecot's Submission service.

FreeBSD-11.2 (amd64):

gmake[2]: Entering directory

'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-dns

-I../../src/lib-test -I../../src/lib-settings -I../../src/lib-ssl-iostream

-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"

-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"

-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"

-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2

-fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W

-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith

-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime

-Wstrict-aliasing=2 -I/usr/local/include -MT test-event-stats.o -MD -MP

-MF .deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c

test-event-stats.c: In function 'kill_stats_child':

test-event-stats.c:101:2: warning: implicit declaration of function 'kill'

[-Wimplicit-function-declaration]

(void)kill(stats_pid, SIGKILL);

^

test-event-stats.c:101:24: error: 'SIGKILL' undeclared (first use in this

function)

(void)kill(stats_pid, SIGKILL);

^

test-event-stats.c:101:24: note: each undeclared identifier is reported

only once for each function it appears in

gmake[2]: *** [Makefile:638: test-event-stats.o] Error 1

gmake[2]: Leaving directory

'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'

gmake[1]: *** [Makefile:565: install-recursive] Error 1

gmake[1]: Leaving directory

'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'

gmake: *** [Makefile:683: install-recursive] Error 1

Yes. 2.3 4.1 has only single fix.

Aki

FreeBSD-9.3:

gmake[3]: Entering directory

'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-dns

-I../../src/lib-test -I../../src/lib-settings -I../../src/lib-ssl-iostream

-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"

-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"

-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"

-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2 -fstack-protector

-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes

-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2

-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2

-I/usr/local/include -MT test-event-stats.o -MD -MP -MF

.deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c

test-event-stats.c: In function 'kill_stats_child':

test-event-stats.c:101: warning: implicit declaration of function 'kill'

test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this

function)

test-event-stats.c:101: error: (Each undeclared identifier is reported only

once

test-event-stats.c:101: error: for each function it appears in.)

test-event-stats.c: In function 'test_no_merging2':

test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c: In function 'test_no_merging3':

test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned

int', but argument 4 has type 'uint64_t'

test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned

int', but argument 6 has type 'uint64_t'

test-event-stats.c: In function 'test_merge_events2':

test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c: In function 'test_skip_parents':

test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned

int', but argument 4 has type 'uint64_t'

test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned

int', but argument 6 has type 'uint64_t'

test-event-stats.c: In function 'test_merge_events_skip_parents':

test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned

int', but argument 4 has type 'uint64_t'

test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned

int', but argument 6 has type 'uint64_t'

Makefile:638: recipe for target 'test-event-stats.o' failed

gmake[3]: *** [test-event-stats.o] Error 1

gmake[3]: Leaving directory

'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'

Makefile:565: recipe for target 'all-recursive' failed

gmake[2]: *** [all-recursive] Error 1

gmake[2]: Leaving directory

'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'

Makefile:683: recipe for target 'all-recursive' failed

gmake[1]: *** [all-recursive] Error 1

gmake[1]: Leaving directory

'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1'

Makefile:527: recipe for target 'all' failed

gmake: *** [all] Error 2

[wash@gw ~/Tools/Dovecot/2.3/dovecot-2.3.4.1]$

FreeBSD-8.4:

Making all in lib-master

source='test-event-stats.c' object='test-event-stats.o' libtool=no

DEPDIR=.deps depmode=none /bin/bash ../../depcomp gcc -DHAVE_CONFIG_H -I.

-I../.. -I../../src/lib -I../../src/lib-dns -I../../src/lib-test

-I../../src/lib-settings -I../../src/lib-ssl-iostream

-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"

-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"

-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"

-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2 -fstack-protector

-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes

-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2

-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2

-I/usr/local/include -c -o test-event-stats.o test-event-stats.c

test-event-stats.c: In function 'kill_stats_child':

test-event-stats.c:101: warning: implicit declaration of function 'kill'

test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this

function)

test-event-stats.c:101: error: (Each undeclared identifier is reported only

once

test-event-stats.c:101: error: for each function it appears in.)

test-event-stats.c: In function 'test_no_merging2':

test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c: In function 'test_no_merging3':

test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned

int', but argument 4 has type 'uint64_t'

test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned

int', but argument 6 has type 'uint64_t'

test-event-stats.c: In function 'test_merge_events2':

test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c: In function 'test_skip_parents':

test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned

int', but argument 4 has type 'uint64_t'

test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned

int', but argument 6 has type 'uint64_t'

test-event-stats.c: In function 'test_merge_events_skip_parents':

test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned

int', but argument 2 has type 'uint64_t'

test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned

int', but argument 4 has type 'uint64_t'

test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned

int', but argument 6 has type 'uint64_t'

*** Error code 1

Stop.

make: stopped in

/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master

*** Error code 1

Stop.

make: stopped in /usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src

*** Error code 1

Stop.

make: stopped in /home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1

Makefile:527: recipe for target 'all' failed

gmake: *** [all] Error 1

(23:18:46 <~/Tools/Dovecot/2.3/dovecot-2.3.4.1>) 0 $

--

Best regards,

Odhiambo WASHINGTON,

Nairobi,KE

+254 7 3200 0004/+254 7 2274 3223

"Oh, the cruft.", grep ^[^#] :-)

---
Aki Tuomi

Re: Release notify (2.2.36.1 and 2.3.4.1)

Reply via email to