Dovecot-2.2.16 Security Issue: CVE-2015-3420.

Update to apr-1.5.2. git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@15905 af4574ff-66df-0310-9fd7-8a98e5e911e0
2025-02-03 14:47:17 +08:00 · 2015-04-30 16:47:53 +00:00 · 2015-04-30 16:47:53 +00:00 · 2c5dfc2de6
commit 2c5dfc2de6
parent 288e723dbb
4 changed files with 31 additions and 7 deletions
--- a/general/genlib/apr.xml
+++ b/general/genlib/apr.xml
@ -8,10 +8,10 @@
    "http://archive.apache.org/dist/apr/apr-&apr-version;.tar.bz2">
  <!ENTITY apr-download-ftp
    "ftp://ftp.mirrorservice.org/sites/ftp.apache.org/apr/apr-&apr-version;.tar.bz2">
-  <!ENTITY apr-md5sum        "5486180ec5a23efb5cae6d4292b300ab">
-  <!ENTITY apr-size          "800 KB">
-  <!ENTITY apr-buildsize     "12 MB (additional 2 MB for the tests)">
-  <!ENTITY apr-time          "0.3 SBU (1.1 with tests)">
+  <!ENTITY apr-md5sum        "4e9769f3349fe11fc0a5e1b224c236aa">
+  <!ENTITY apr-size          "808 KB">
+  <!ENTITY apr-buildsize     "13 MB (additional 3 MB for the tests)">
+  <!ENTITY apr-time          "0.2 SBU (1.1 with tests)">
 ]>

 <sect1 id="apr" xreflabel="Apr-&apr-version;">
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@ -44,6 +44,20 @@

 -->

+    <listitem>
+      <para>April 30th, 2015</para>
+      <itemizedlist>
+        <listitem>
+          <para>[fernando] - Update to apr-1.5.2. Fixes
+          <ulink url="&blfs-ticket-root;6445">#6445</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[fernando] - Dovecot-2.2.16 Security Issue: CVE-2015-3420. Fixes
+          <ulink url="&blfs-ticket-root;6444">#6444</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
    <listitem>
      <para>April 29th, 2015</para>
      <itemizedlist>
--- a/packages.ent
+++ b/packages.ent
@ -68,7 +68,7 @@

 <!-- Part III -->
 <!-- Chapter 9 -->
-<!ENTITY apr-version                  "1.5.1">
+<!ENTITY apr-version                  "1.5.2">
 <!ENTITY apr-util-version             "1.5.4">
 <!ENTITY aspell-version               "0.60.6.1">

--- a/server/mail/dovecot.xml
+++ b/server/mail/dovecot.xml
@ -38,7 +38,7 @@
      easily extensible with plugins.
    </para>

-    &lfs77_checked;
+    &lfs77_checked; &gcc5_checked;

    <bridgehead renderas="sect3">Package Information</bridgehead>
    <itemizedlist spacing="compact">
@ -74,6 +74,15 @@
      </listitem>
    </itemizedlist>

+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing='compact'>
+      <listitem>
+        <para>Required patch: <ulink
+        url="&patch-root;/dovecot-&dovecot-version;-CVE_2015_3420-1.patch"/>
+        </para>
+      </listitem>
+    </itemizedlist>
+
    <bridgehead renderas="sect3">Dovecot Dependencies</bridgehead>

    <bridgehead renderas="sect4">Optional</bridgehead>
@ -116,7 +125,8 @@ useradd -c "Dovecot login user" -d /dev/null -u 43 \
      commands:
    </para>

-<screen><userinput>./configure --prefix=/usr \
+<screen><userinput>patch -Np1 -i ../dovecot-&dovecot-version;-CVE_2015_3420-1.patch &amp;&amp;
+./configure --prefix=/usr \
            --sysconfdir=/etc \
            --localstatedir=/var \
            --docdir=/usr/share/doc/dovecot-&dovecot-version; \