On Tue, Feb 05, 2019 at 11:18:45PM +0300, Odhiambo Washington via dovecot
wrote:
wrote:
Due to DMARC issues some people have failed to receive the latest
security
information, so here it is repeated for both releases:
2.3.4.1
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
trusted certificate with missing username field
(ssl_cert_username_field), under some configurations Dovecot
mistakenly trusts the username provided via authentication
instead
of failing.
* ssl_cert_username_field setting was ignored with external SMTP
AUTH,
because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This
bug
didn't affect Dovecot's Submission service.
FreeBSD-11.2 (amd64):
gmake[2]: Entering directory
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-dns
-I../../src/lib-test -I../../src/lib-settings
-I../../src/lib-ssl-iostream
-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"
-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"
-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"
-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2
-fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime
-Wstrict-aliasing=2 -I/usr/local/include -MT test-event-stats.o -MD -MP
-MF .deps/test-event-stats.Tpo -c -o test-event-stats.o
test-event-stats.c
test-event-stats.c: In function 'kill_stats_child':
test-event-stats.c:101:2: warning: implicit declaration of function
'kill'
[-Wimplicit-function-declaration]
(void)kill(stats_pid, SIGKILL);
^
test-event-stats.c:101:24: error: 'SIGKILL' undeclared (first use in this
function)
(void)kill(stats_pid, SIGKILL);
^
test-event-stats.c:101:24: note: each undeclared identifier is reported
only once for each function it appears in
gmake[2]: *** [Makefile:638: test-event-stats.o] Error 1
gmake[2]: Leaving directory
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
gmake[1]: *** [Makefile:565: install-recursive] Error 1
gmake[1]: Leaving directory
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'
gmake: *** [Makefile:683: install-recursive] Error 1
>
>
FreeBSD-9.3:
gmake[3]: Entering directory
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-dns
-I../../src/lib-test -I../../src/lib-settings
-I../../src/lib-ssl-iostream
-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"
-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"
-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"
-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2 -fstack-protector
-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2
-I/usr/local/include -MT test-event-stats.o -MD -MP -MF
.deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
test-event-stats.c: In function 'kill_stats_child':
test-event-stats.c:101: warning: implicit declaration of function 'kill'
test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this
function)
test-event-stats.c:101: error: (Each undeclared identifier is reported
only
once
test-event-stats.c:101: error: for each function it appears in.)
test-event-stats.c: In function 'test_no_merging2':
test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_no_merging3':
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
int', but argument 4 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events2':
test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_skip_parents':
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
int', but argument 4 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events_skip_parents':
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
int', but argument 4 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
int', but argument 6 has type 'uint64_t'
Makefile:638: recipe for target 'test-event-stats.o' failed
gmake[3]: *** [test-event-stats.o] Error 1
gmake[3]: Leaving directory
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
Makefile:565: recipe for target 'all-recursive' failed
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'
Makefile:683: recipe for target 'all-recursive' failed
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1'
Makefile:527: recipe for target 'all' failed
gmake: *** [all] Error 2
[wash@gw ~/Tools/Dovecot/2.3/dovecot-2.3.4.1]$
>
>
>
FreeBSD-8.4:
Making all in lib-master
source='test-event-stats.c' object='test-event-stats.o' libtool=no
DEPDIR=.deps depmode=none /bin/bash ../../depcomp gcc -DHAVE_CONFIG_H
-I.
-I../.. -I../../src/lib -I../../src/lib-dns -I../../src/lib-test
-I../../src/lib-settings -I../../src/lib-ssl-iostream
-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"
-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"
-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"
-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2 -fstack-protector
-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2
-I/usr/local/include -c -o test-event-stats.o test-event-stats.c
test-event-stats.c: In function 'kill_stats_child':
test-event-stats.c:101: warning: implicit declaration of function 'kill'
test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this
function)
test-event-stats.c:101: error: (Each undeclared identifier is reported
only
once
test-event-stats.c:101: error: for each function it appears in.)
test-event-stats.c: In function 'test_no_merging2':
test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_no_merging3':
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
int', but argument 4 has type 'uint64_t'
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events2':
test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c: In function 'test_skip_parents':
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
int', but argument 4 has type 'uint64_t'
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
int', but argument 6 has type 'uint64_t'
test-event-stats.c: In function 'test_merge_events_skip_parents':
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
int', but argument 2 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
int', but argument 4 has type 'uint64_t'
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
int', but argument 6 has type 'uint64_t'
*** Error code 1
Stop.
make: stopped in
/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master
*** Error code 1
Stop.
make: stopped in /usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src
*** Error code 1
Stop.
make: stopped in /home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1
Makefile:527: recipe for target 'all' failed
gmake: *** [all] Error 1
(23:18:46 <~/Tools/Dovecot/2.3/dovecot-2.3.4.1>) 0 $
>
>
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)