svn commit: r315802 - in head: mail/sieve-connect security/vuxml
Bryan Drewery
bdrewery at FreeBSD.org
Mon Apr 15 12:28:59 UTC 2013
Author: bdrewery
Date: Mon Apr 15 12:28:58 2013
New Revision: 315802
URL: http://svnweb.freebsd.org/changeset/ports/315802
Log:
- Update to 0.85
- Convert to new options framework
sieve-connect was not actually verifying TLS certificate identities matched
the expected hostname. Changes with new version:
Fix TLS verification; find server by own hostname & SRV.
* TLS hostname verification was not actually happening.
* IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
* By default, if no server specified, before falling back to localhost try to
use the current hostname and SRV records in DNS to figure out if Sieve is
available. Checks for sieve, imaps & imap protocol SRV records and honours
target==. to mean "no".
* This works better with the Mozilla::PublicSuffix module installed.
* Added ability to blacklist authentication mechanisms
More info:
http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html
PR: ports/177859
Submitted by: "Alexey V. Degtyarev" <alexey at renatasystems.org> (maintainer)
Approved by: portmgr (implicit)
Security: a2ff483f-a5c6-11e2-9601-000d601460a4
Modified:
head/mail/sieve-connect/Makefile
head/mail/sieve-connect/distinfo
head/security/vuxml/vuln.xml
Modified: head/mail/sieve-connect/Makefile
==============================================================================
--- head/mail/sieve-connect/Makefile Mon Apr 15 12:14:06 2013 (r315801)
+++ head/mail/sieve-connect/Makefile Mon Apr 15 12:28:58 2013 (r315802)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= sieve-connect
-PORTVERSION= 0.84
+PORTVERSION= 0.85
CATEGORIES= mail
MASTER_SITES= http://people.spodhuis.org/phil.pennock/software/ \
ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/
@@ -17,7 +17,8 @@ LICENSE_PERMS= dist-mirror dist-sell pkg
RUN_DEPENDS= p5-Authen-SASL>=0:${PORTSDIR}/security/p5-Authen-SASL \
p5-IO-Socket-INET6>=0:${PORTSDIR}/net/p5-IO-Socket-INET6 \
- p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \
+ p5-IO-Socket-SSL>=1.14:${PORTSDIR}/security/p5-IO-Socket-SSL \
+ p5-Mozilla-PublicSuffix>=0:${PORTSDIR}/dns/p5-Mozilla-PublicSuffix \
p5-Net-DNS>=0:${PORTSDIR}/dns/p5-Net-DNS \
p5-ReadLine-Gnu>=0:${PORTSDIR}/devel/p5-ReadLine-Gnu \
p5-Term-ReadKey>=0:${PORTSDIR}/devel/p5-Term-ReadKey
@@ -28,7 +29,9 @@ PLIST_FILES= bin/sieve-connect
MAN1= sieve-connect.1
-.if !defined(NOPORTDOCS)
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MDOCS}
PORTDOCS= ChangeLog README TODO
.endif
@@ -36,7 +39,7 @@ do-install:
${INSTALL_SCRIPT} ${WRKSRC}/sieve-connect ${PREFIX}/bin/sieve-connect
${INSTALL_MAN} ${WRKSRC}/sieve-connect.1 \
${MANPREFIX}/man/man1/sieve-connect.1
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
${MKDIR} ${DOCSDIR}
.for _doc in ${PORTDOCS}
${INSTALL_DATA} ${WRKSRC}/${_doc} ${DOCSDIR}/${_doc}
Modified: head/mail/sieve-connect/distinfo
==============================================================================
--- head/mail/sieve-connect/distinfo Mon Apr 15 12:14:06 2013 (r315801)
+++ head/mail/sieve-connect/distinfo Mon Apr 15 12:28:58 2013 (r315802)
@@ -1,2 +1,2 @@
-SHA256 (sieve-connect-0.84.tar.bz2) = 3cda30c4f7fbbe3339a1dd934c989315e5a00c32ea203494d5c8dae77a36fa47
-SIZE (sieve-connect-0.84.tar.bz2) = 31737
+SHA256 (sieve-connect-0.85.tar.bz2) = 4d4e3eec881ab45f52b2275dade90478d7a6b47942695efb29227d1538a49e7f
+SIZE (sieve-connect-0.85.tar.bz2) = 34323
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Apr 15 12:14:06 2013 (r315801)
+++ head/security/vuxml/vuln.xml Mon Apr 15 12:28:58 2013 (r315802)
@@ -51,6 +51,32 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a2ff483f-a5c6-11e2-9601-000d601460a4">
+ <topic>sieve-connect -- TLS hostname verification was not occurring</topic>
+ <affects>
+ <package>
+ <name>sieve-connect</name>
+ <range><lt>0.85</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>sieve-connect developer Phil Pennock reports:</p>
+ <blockquote cite="http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html">
+ <p>sieve-connect was not actually verifying TLS certificate identities
+ matched the expected hostname.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html</url>
+ </references>
+ <dates>
+ <discovery>2013-04-14</discovery>
+ <entry>2013-04-15</entry>
+ </dates>
+ </vuln>
+
<vuln vid="15236023-a21b-11e2-a460-208984377b34">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list