On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
Due to DMARC issues some people have failed to receive the latest security information, so here it is repeated for both releases:

2.3.4.1

https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig
<https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig>
Binary packages in https://repo.dovecot.org/

    * CVE-2019-3814: If imap/pop3/managesieve/submission client has
      trusted certificate with missing username field
      (ssl_cert_username_field), under some configurations Dovecot
      mistakenly trusts the username provided via authentication instead
      of failing.
    * ssl_cert_username_field setting was ignored with external SMTP AUTH,
      because none of the MTAs (Postfix, Exim) currently send the
      cert_username field. This may have allowed users with trusted
      certificate to specify any username in the authentication. This bug
      didn't affect Dovecot's Submission service.

FreeBSD-11.2 (amd64):

gmake[2]: Entering directory '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../src/lib -I../../src/lib-dns -I../../src/lib-test -I../../src/lib-settings -I../../src/lib-ssl-iostream -DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\" -DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\" -DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\" -DBINDIR=\""/opt/dovecot2.3/bin"\"   -std=gnu99 -g -O2 -fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I/usr/local/include   -MT test-event-stats.o -MD -MP -MF .deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
test-event-stats.c: In function 'kill_stats_child':
test-event-stats.c:101:2: warning: implicit declaration of function 'kill' [-Wimplicit-function-declaration]
  (void)kill(stats_pid, SIGKILL);
  ^
test-event-stats.c:101:24: error: 'SIGKILL' undeclared (first use in this function)
  (void)kill(stats_pid, SIGKILL);
                        ^
test-event-stats.c:101:24: note: each undeclared identifier is reported only once for each function it appears in
gmake[2]: *** [Makefile:638: test-event-stats.o] Error 1
gmake[2]: Leaving directory '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
gmake[1]: *** [Makefile:565: install-recursive] Error 1
gmake[1]: Leaving directory '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'
gmake: *** [Makefile:683: install-recursive] Error 1

 


FreeBSD-9.3:

gmake[3]: Entering directory '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
gcc -DHAVE_CONFIG_H -I. -I../..  -I../../src/lib -I../../src/lib-dns -I../../src/lib-test -I../../src/lib-settings -I../../src/lib-ssl-iostream -DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\" -DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\" -DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\" -DBINDIR=\""/opt/dovecot2.3/bin"\"   -std=gnu99 -g -O2 -fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I/usr/local/include   -MT test-event-stats.o -MD -MP -MF .deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
test-event-stats.c: In function 'kill_stats_child':
test-event-stats.c:101: warning: implicit declaration of function 'kill'
test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this function)
test-event-stats.c:101: error: (Each undeclared identifier is reported only once
test-event-stats.c:101: error: for each function it appears in.)
test-event-stats.c: In function 'test_no_merging2':
test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_no_merging3':
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events2':
test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_skip_parents':
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events_skip_parents':
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned int', but argument 6 has type 'uint64_t'
Makefile:638: recipe for target 'test-event-stats.o' failed
gmake[3]: *** [test-event-stats.o] Error 1
gmake[3]: Leaving directory '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
Makefile:565: recipe for target 'all-recursive' failed
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'
Makefile:683: recipe for target 'all-recursive' failed
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory '/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1'
Makefile:527: recipe for target 'all' failed
gmake: *** [all] Error 2
[wash@gw ~/Tools/Dovecot/2.3/dovecot-2.3.4.1]$




FreeBSD-8.4:

Making all in lib-master
source='test-event-stats.c' object='test-event-stats.o' libtool=no  DEPDIR=.deps depmode=none /bin/bash ../../depcomp  gcc -DHAVE_CONFIG_H -I. -I../..  -I../../src/lib  -I../../src/lib-dns  -I../../src/lib-test  -I../../src/lib-settings  -I../../src/lib-ssl-iostream  -DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"  -DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"  -DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"  -DBINDIR=\""/opt/dovecot2.3/bin"\"    -std=gnu99 -g -O2 -fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2 -I/usr/local/include -c -o test-event-stats.o test-event-stats.c
test-event-stats.c: In function 'kill_stats_child':
test-event-stats.c:101: warning: implicit declaration of function 'kill'
test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this function)
test-event-stats.c:101: error: (Each undeclared identifier is reported only once
test-event-stats.c:101: error: for each function it appears in.)
test-event-stats.c: In function 'test_no_merging2':
test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_no_merging3':
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events2':
test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_skip_parents':
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events_skip_parents':
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned int', but argument 6 has type 'uint64_t'
*** Error code 1

Stop.
make: stopped in /usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master
*** Error code 1

Stop.
make: stopped in /usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src
*** Error code 1

Stop.
make: stopped in /home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1
Makefile:527: recipe for target 'all' failed
gmake: *** [all] Error 1
(23:18:46 <~/Tools/Dovecot/2.3/dovecot-2.3.4.1>) 0 $

 

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)