From d8d3b259d77102c8ec2fa44bffbfa6a5c0d1fd2a Mon Sep 17 00:00:00 2001 From: Lee Starnes Date: Tue, 5 Jan 2021 14:31:29 +0000 Subject: user/dovecot: security bump to 2.3.13 - Fix CVE-2020-25275 and CVE-2020-24386 - apop.patch is no longer needed - Added patch to handle hardcoded message differing with musl --- user/dovecot/apop.patch | 40 ---------------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 user/dovecot/apop.patch (limited to 'user/dovecot/apop.patch') diff --git a/user/dovecot/apop.patch b/user/dovecot/apop.patch deleted file mode 100644 index a75c770e5..000000000 --- a/user/dovecot/apop.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d1c5d356f36aaf9c32708cc6960fcaebe1cf6e63 Mon Sep 17 00:00:00 2001 -From: Paul Howarth -Date: Sun, 16 Aug 2020 20:32:03 +0100 -Subject: [PATCH] Fix APOP test failure on 32-bit systems - -The challenge timestamp is read as a hex number in mech_apop_auth_initial() -so it should be written as hex, not decimal. - -Also fix compiler warnings for 32-bit architectures. ---- - src/auth/test-mech.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index cf05370035..db9f85ccfc 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -192,11 +192,11 @@ static void test_mech_handle_challenge(struct auth_request *request, - } - - static inline const unsigned char * --test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) -+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r) - { - string_t *apop_challenge = t_str_new(128); - -- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(), -+ str_printfa(apop_challenge,"<%lx.%u.%"PRIxTIME_T"", (unsigned long) getpid(), - connect_uid, process_start_time+10); - str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26); - *len_r = apop_challenge->used; -@@ -323,7 +323,7 @@ static void test_mechs(void) - struct test_case *test_case = &tests[running_test]; - const struct mech_module *mech = test_case->mech; - struct auth_request *request; -- const char *testname = t_strdup_printf("auth mech %s %d/%lu", -+ const char *testname = t_strdup_printf("auth mech %s %d/%zu", - mech->mech_name, - running_test+1, - N_ELEMENTS(tests)); -- cgit v1.2.3-70-g09d2