<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 05 February 2019 at 22:18 Odhiambo Washington via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
On Tue, 5 Feb 2019 at 20:32, Aki Tuomi via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
</div>
<div>
wrote:
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
Due to DMARC issues some people have failed to receive the latest security
</div>
<div>
information, so here it is repeated for both releases:
</div>
</blockquote>
<blockquote type="cite">
<div>
2.3.4.1
</div>
</blockquote>
<blockquote type="cite">
<div>
<a href="https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz" rel="noopener" target="_blank">https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz</a>
</div>
<div>
<a href="https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig" rel="noopener" target="_blank">https://dovecot.org/releases/2.3/dovecot-2.3.4.1.tar.gz.sig</a>
</div>
<div>
<
<a href="https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig" rel="noopener" target="_blank">https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig</a>>
</div>
<div>
Binary packages in
<a href="https://repo.dovecot.org/" rel="noopener" target="_blank">https://repo.dovecot.org/</a>
</div>
</blockquote>
<blockquote type="cite">
<div>
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
</div>
<div>
trusted certificate with missing username field
</div>
<div>
(ssl_cert_username_field), under some configurations Dovecot
</div>
<div>
mistakenly trusts the username provided via authentication instead
</div>
<div>
of failing.
</div>
<div>
* ssl_cert_username_field setting was ignored with external SMTP AUTH,
</div>
<div>
because none of the MTAs (Postfix, Exim) currently send the
</div>
<div>
cert_username field. This may have allowed users with trusted
</div>
<div>
certificate to specify any username in the authentication. This bug
</div>
<div>
didn't affect Dovecot's Submission service.
</div>
</blockquote>
<div>
<br>
</div>
<div>
FreeBSD-11.2 (amd64):
</div>
<div>
<br>
</div>
<div>
gmake[2]: Entering directory
</div>
<div>
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
</div>
<div>
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-dns
</div>
<div>
-I../../src/lib-test -I../../src/lib-settings -I../../src/lib-ssl-iostream
</div>
<div>
-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"
</div>
<div>
-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"
</div>
<div>
-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"
</div>
<div>
-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2
</div>
<div>
-fstack-protector-strong -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W
</div>
<div>
-Wmissing-prototypes -Wmissing-declarations -Wpointer-arith
</div>
<div>
-Wchar-subscripts -Wformat=2 -Wbad-function-cast -fno-builtin-strftime
</div>
<div>
-Wstrict-aliasing=2 -I/usr/local/include -MT test-event-stats.o -MD -MP
</div>
<div>
-MF .deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
</div>
<div>
test-event-stats.c: In function 'kill_stats_child':
</div>
<div>
test-event-stats.c:101:2: warning: implicit declaration of function 'kill'
</div>
<div>
[-Wimplicit-function-declaration]
</div>
<div>
(void)kill(stats_pid, SIGKILL);
</div>
<div>
^
</div>
<div>
test-event-stats.c:101:24: error: 'SIGKILL' undeclared (first use in this
</div>
<div>
function)
</div>
<div>
(void)kill(stats_pid, SIGKILL);
</div>
<div>
^
</div>
<div>
test-event-stats.c:101:24: note: each undeclared identifier is reported
</div>
<div>
only once for each function it appears in
</div>
<div>
gmake[2]: *** [Makefile:638: test-event-stats.o] Error 1
</div>
<div>
gmake[2]: Leaving directory
</div>
<div>
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
</div>
<div>
gmake[1]: *** [Makefile:565: install-recursive] Error 1
</div>
<div>
gmake[1]: Leaving directory
</div>
<div>
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'
</div>
<div>
gmake: *** [Makefile:683: install-recursive] Error 1
</div>
<div>
<br>
</div>
<div></div>
</blockquote>
<div>
Yes. 2.3 4.1 has only single fix.
</div>
<div>
<br>
</div>
<div>
Aki
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div></div>
<div>
FreeBSD-9.3:
</div>
<div>
<br>
</div>
<div>
gmake[3]: Entering directory
</div>
<div>
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
</div>
<div>
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-dns
</div>
<div>
-I../../src/lib-test -I../../src/lib-settings -I../../src/lib-ssl-iostream
</div>
<div>
-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"
</div>
<div>
-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"
</div>
<div>
-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"
</div>
<div>
-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2 -fstack-protector
</div>
<div>
-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes
</div>
<div>
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
</div>
<div>
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2
</div>
<div>
-I/usr/local/include -MT test-event-stats.o -MD -MP -MF
</div>
<div>
.deps/test-event-stats.Tpo -c -o test-event-stats.o test-event-stats.c
</div>
<div>
test-event-stats.c: In function 'kill_stats_child':
</div>
<div>
test-event-stats.c:101: warning: implicit declaration of function 'kill'
</div>
<div>
test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this
</div>
<div>
function)
</div>
<div>
test-event-stats.c:101: error: (Each undeclared identifier is reported only
</div>
<div>
once
</div>
<div>
test-event-stats.c:101: error: for each function it appears in.)
</div>
<div>
test-event-stats.c: In function 'test_no_merging2':
</div>
<div>
test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_no_merging3':
</div>
<div>
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 4 has type 'uint64_t'
</div>
<div>
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 6 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_merge_events2':
</div>
<div>
test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_skip_parents':
</div>
<div>
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 4 has type 'uint64_t'
</div>
<div>
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 6 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_merge_events_skip_parents':
</div>
<div>
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 4 has type 'uint64_t'
</div>
<div>
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 6 has type 'uint64_t'
</div>
<div>
Makefile:638: recipe for target 'test-event-stats.o' failed
</div>
<div>
gmake[3]: *** [test-event-stats.o] Error 1
</div>
<div>
gmake[3]: Leaving directory
</div>
<div>
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master'
</div>
<div>
Makefile:565: recipe for target 'all-recursive' failed
</div>
<div>
gmake[2]: *** [all-recursive] Error 1
</div>
<div>
gmake[2]: Leaving directory
</div>
<div>
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src'
</div>
<div>
Makefile:683: recipe for target 'all-recursive' failed
</div>
<div>
gmake[1]: *** [all-recursive] Error 1
</div>
<div>
gmake[1]: Leaving directory
</div>
<div>
'/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1'
</div>
<div>
Makefile:527: recipe for target 'all' failed
</div>
<div>
gmake: *** [all] Error 2
</div>
<div>
[wash@gw ~/Tools/Dovecot/2.3/dovecot-2.3.4.1]$
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
FreeBSD-8.4:
</div>
<div>
<br>
</div>
<div>
Making all in lib-master
</div>
<div>
source='test-event-stats.c' object='test-event-stats.o' libtool=no
</div>
<div>
DEPDIR=.deps depmode=none /bin/bash ../../depcomp gcc -DHAVE_CONFIG_H -I.
</div>
<div>
-I../.. -I../../src/lib -I../../src/lib-dns -I../../src/lib-test
</div>
<div>
-I../../src/lib-settings -I../../src/lib-ssl-iostream
</div>
<div>
-DPKG_RUNDIR=\""/opt/dovecot2.3/var/run/dovecot"\"
</div>
<div>
-DPKG_STATEDIR=\""/opt/dovecot2.3/var/lib/dovecot"\"
</div>
<div>
-DSYSCONFDIR=\""/opt/dovecot2.3/etc/dovecot"\"
</div>
<div>
-DBINDIR=\""/opt/dovecot2.3/bin"\" -std=gnu99 -g -O2 -fstack-protector
</div>
<div>
-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Wall -W -Wmissing-prototypes
</div>
<div>
-Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2
</div>
<div>
-Wbad-function-cast -fno-builtin-strftime -Wstrict-aliasing=2
</div>
<div>
-I/usr/local/include -c -o test-event-stats.o test-event-stats.c
</div>
<div>
test-event-stats.c: In function 'kill_stats_child':
</div>
<div>
test-event-stats.c:101: warning: implicit declaration of function 'kill'
</div>
<div>
test-event-stats.c:101: error: 'SIGKILL' undeclared (first use in this
</div>
<div>
function)
</div>
<div>
test-event-stats.c:101: error: (Each undeclared identifier is reported only
</div>
<div>
once
</div>
<div>
test-event-stats.c:101: error: for each function it appears in.)
</div>
<div>
test-event-stats.c: In function 'test_no_merging2':
</div>
<div>
test-event-stats.c:361: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_no_merging3':
</div>
<div>
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 4 has type 'uint64_t'
</div>
<div>
test-event-stats.c:387: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 6 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_merge_events2':
</div>
<div>
test-event-stats.c:452: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_skip_parents':
</div>
<div>
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 4 has type 'uint64_t'
</div>
<div>
test-event-stats.c:484: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 6 has type 'uint64_t'
</div>
<div>
test-event-stats.c: In function 'test_merge_events_skip_parents':
</div>
<div>
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 2 has type 'uint64_t'
</div>
<div>
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 4 has type 'uint64_t'
</div>
<div>
test-event-stats.c:526: warning: format '%lu' expects type 'long unsigned
</div>
<div>
int', but argument 6 has type 'uint64_t'
</div>
<div>
*** Error code 1
</div>
<div>
<br>
</div>
<div>
Stop.
</div>
<div>
make: stopped in
</div>
<div>
/usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src/lib-master
</div>
<div>
*** Error code 1
</div>
<div>
<br>
</div>
<div>
Stop.
</div>
<div>
make: stopped in /usr/home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1/src
</div>
<div>
*** Error code 1
</div>
<div>
<br>
</div>
<div>
Stop.
</div>
<div>
make: stopped in /home/wash/Tools/Dovecot/2.3/dovecot-2.3.4.1
</div>
<div>
Makefile:527: recipe for target 'all' failed
</div>
<div>
gmake: *** [all] Error 1
</div>
<div>
(23:18:46 <~/Tools/Dovecot/2.3/dovecot-2.3.4.1>) 0 $
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
--
</div>
<div>
Best regards,
</div>
<div>
Odhiambo WASHINGTON,
</div>
<div>
Nairobi,KE
</div>
<div>
+254 7 3200 0004/+254 7 2274 3223
</div>
<div>
"Oh, the cruft.", grep ^[^#] :-)
</div>
</blockquote>
<div>
<br>
</div>
<div class="io-ox-signature">
---
<br>Aki Tuomi
</div>
</body>
</html>