diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-04-15 12:28:58 +0000 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-04-15 12:28:58 +0000 |
| commit | 1e02c1f16f5334278ac680960fb470125e1e21bc (patch) | |
| tree | ff9a3379f838aeb7f471dc6acc2880c5cccc96c1 | |
| parent | b43fb3c17259a469b9af35984111fa36954f3670 (diff) | |
| download | ports-1e02c1f16f5334278ac680960fb470125e1e21bc.tar.gz ports-1e02c1f16f5334278ac680960fb470125e1e21bc.zip | |
- Update to 0.85
- Convert to new options framework
sieve-connect was not actually verifying TLS certificate identities matched
the expected hostname. Changes with new version:
Fix TLS verification; find server by own hostname & SRV.
* TLS hostname verification was not actually happening.
* IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
* By default, if no server specified, before falling back to localhost try to
use the current hostname and SRV records in DNS to figure out if Sieve is
available. Checks for sieve, imaps & imap protocol SRV records and honours
target==. to mean "no".
* This works better with the Mozilla::PublicSuffix module installed.
* Added ability to blacklist authentication mechanisms
More info:
http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html
PR: ports/177859
Submitted by: "Alexey V. Degtyarev" <alexey@renatasystems.org> (maintainer)
Approved by: portmgr (implicit)
Security: a2ff483f-a5c6-11e2-9601-000d601460a4
Notes
Notes:
svn path=/head/; revision=315802
| -rw-r--r-- | mail/sieve-connect/Makefile | 11 | ||||
| -rw-r--r-- | mail/sieve-connect/distinfo | 4 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 26 |
3 files changed, 35 insertions, 6 deletions
diff --git a/mail/sieve-connect/Makefile b/mail/sieve-connect/Makefile index c1a3b4a3f9a2..a7bcc6c61adf 100644 --- a/mail/sieve-connect/Makefile +++ b/mail/sieve-connect/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= sieve-connect -PORTVERSION= 0.84 +PORTVERSION= 0.85 CATEGORIES= mail MASTER_SITES= http://people.spodhuis.org/phil.pennock/software/ \ ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/ @@ -17,7 +17,8 @@ LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept RUN_DEPENDS= p5-Authen-SASL>=0:${PORTSDIR}/security/p5-Authen-SASL \ p5-IO-Socket-INET6>=0:${PORTSDIR}/net/p5-IO-Socket-INET6 \ - p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \ + p5-IO-Socket-SSL>=1.14:${PORTSDIR}/security/p5-IO-Socket-SSL \ + p5-Mozilla-PublicSuffix>=0:${PORTSDIR}/dns/p5-Mozilla-PublicSuffix \ p5-Net-DNS>=0:${PORTSDIR}/dns/p5-Net-DNS \ p5-ReadLine-Gnu>=0:${PORTSDIR}/devel/p5-ReadLine-Gnu \ p5-Term-ReadKey>=0:${PORTSDIR}/devel/p5-Term-ReadKey @@ -28,7 +29,9 @@ PLIST_FILES= bin/sieve-connect MAN1= sieve-connect.1 -.if !defined(NOPORTDOCS) +.include <bsd.port.options.mk> + +.if ${PORT_OPTIONS:MDOCS} PORTDOCS= ChangeLog README TODO .endif @@ -36,7 +39,7 @@ do-install: ${INSTALL_SCRIPT} ${WRKSRC}/sieve-connect ${PREFIX}/bin/sieve-connect ${INSTALL_MAN} ${WRKSRC}/sieve-connect.1 \ ${MANPREFIX}/man/man1/sieve-connect.1 -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR} .for _doc in ${PORTDOCS} ${INSTALL_DATA} ${WRKSRC}/${_doc} ${DOCSDIR}/${_doc} diff --git a/mail/sieve-connect/distinfo b/mail/sieve-connect/distinfo index 8af6dd6e54d9..e1ef0de94f6b 100644 --- a/mail/sieve-connect/distinfo +++ b/mail/sieve-connect/distinfo @@ -1,2 +1,2 @@ -SHA256 (sieve-connect-0.84.tar.bz2) = 3cda30c4f7fbbe3339a1dd934c989315e5a00c32ea203494d5c8dae77a36fa47 -SIZE (sieve-connect-0.84.tar.bz2) = 31737 +SHA256 (sieve-connect-0.85.tar.bz2) = 4d4e3eec881ab45f52b2275dade90478d7a6b47942695efb29227d1538a49e7f +SIZE (sieve-connect-0.85.tar.bz2) = 34323 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6accd13dfd78..d020151e3c7e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,32 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a2ff483f-a5c6-11e2-9601-000d601460a4"> + <topic>sieve-connect -- TLS hostname verification was not occurring</topic> + <affects> + <package> + <name>sieve-connect</name> + <range><lt>0.85</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>sieve-connect developer Phil Pennock reports:</p> + <blockquote cite="http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html"> + <p>sieve-connect was not actually verifying TLS certificate identities + matched the expected hostname.</p> + </blockquote> + </body> + </description> + <references> + <url>http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html</url> + </references> + <dates> + <discovery>2013-04-14</discovery> + <entry>2013-04-15</entry> + </dates> + </vuln> + <vuln vid="15236023-a21b-11e2-a460-208984377b34"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects> |