Thursday, July 01, 2021

isync/mbsync: security update to 1.4.2

(portroach didn't show this...)

This is a maintenance & security release.

- fixed CVE-2021-3578: possible remote code execution
- fixed crash on invalid CAPABILITY response code
- tolerate INBOX mis-casing in Path setting

https://seclists.org/oss-sec/2021/q2/185

Tested/working on amd64.
OK?



Index: devel/quirks/Makefile
===================================================================
RCS file: /cvs/ports/devel/quirks/Makefile,v
retrieving revision 1.1270
diff -u -p -r1.1270 Makefile
--- devel/quirks/Makefile 20 Jun 2021 22:53:50 -0000 1.1270
+++ devel/quirks/Makefile 1 Jul 2021 08:02:53 -0000
@@ -5,7 +5,7 @@ CATEGORIES = devel databases
DISTFILES =

# API.rev
-PKGNAME = quirks-4.23
+PKGNAME = quirks-4.24
PKG_ARCH = *
MAINTAINER = Marc Espie <espie@openbsd.org>

Index: devel/quirks/files/Quirks.pm
===================================================================
RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
retrieving revision 1.1286
diff -u -p -r1.1286 Quirks.pm
--- devel/quirks/files/Quirks.pm 20 Jun 2021 22:53:50 -0000 1.1286
+++ devel/quirks/files/Quirks.pm 1 Jul 2021 08:03:43 -0000
@@ -1405,7 +1405,7 @@ my $cve = {
'lang/ruby/2.6,-main' => 'ruby->2.6,<2.6.2',
'mail/dovecot,-server' => 'dovecot-<2.3.10.1',
'mail/exim' => 'exim-<4.83',
- 'mail/isync' => 'isync-<1.3.5',
+ 'mail/isync' => 'isync-<1.4.2',
'mail/mailman' => 'mailman-<2.1.30',
'mail/p5-Mail-SpamAssassin' => 'p5-Mail-SpamAssassin-<3.4.4',
'mail/roundcubemail' => 'roundcubemail-<1.3.8',
Index: mail/isync/Makefile
===================================================================
RCS file: /cvs/ports/mail/isync/Makefile,v
retrieving revision 1.48
diff -u -p -r1.48 Makefile
--- mail/isync/Makefile 13 Mar 2021 14:20:55 -0000 1.48
+++ mail/isync/Makefile 1 Jul 2021 07:56:35 -0000
@@ -2,8 +2,7 @@

COMMENT= synchronize IMAP4 and maildir mailboxes

-DISTNAME= isync-1.4.1
-REVISION= 0
+DISTNAME= isync-1.4.2

CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=isync/}
Index: mail/isync/distinfo
===================================================================
RCS file: /cvs/ports/mail/isync/distinfo,v
retrieving revision 1.18
diff -u -p -r1.18 distinfo
--- mail/isync/distinfo 11 Mar 2021 12:58:20 -0000 1.18
+++ mail/isync/distinfo 1 Jul 2021 07:56:46 -0000
@@ -1,2 +1,2 @@
-SHA256 (isync-1.4.1.tar.gz) = DTbbtXuwbIu+ELtm9ArlQwlbFDRDIJtwNxZ75gBCAVA=
-SIZE (isync-1.4.1.tar.gz) = 336281
+SHA256 (isync-1.4.2.tar.gz) = GTXn7UEv1rWSiq6mVvKQqo0yIsX+2jFTSQOTTOR1U0M=
+SIZE (isync-1.4.2.tar.gz) = 336940
Index: mail/isync/patches/patch-src_drv_imap_c
===================================================================
RCS file: /cvs/ports/mail/isync/patches/patch-src_drv_imap_c,v
retrieving revision 1.8
diff -u -p -r1.8 patch-src_drv_imap_c
--- mail/isync/patches/patch-src_drv_imap_c 13 Mar 2021 14:20:55 -0000 1.8
+++ mail/isync/patches/patch-src_drv_imap_c 1 Jul 2021 07:56:55 -0000
@@ -14,7 +14,7 @@ Index: src/drv_imap.c
#ifdef HAVE_LIBSSL
enum { SSL_None, SSL_STARTTLS, SSL_IMAPS };

No comments:

Post a Comment