From patchwork Wed Apr 12 15:56:47 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
X-Patchwork-Id: 750056
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3w37pN1XzTz9s86
	for <incoming@patchwork.ozlabs.org>;
	Thu, 13 Apr 2017 01:57:00 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id DB333869C9;
	Wed, 12 Apr 2017 15:56:57 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id M3Ff2Nsv8gwF; Wed, 12 Apr 2017 15:56:56 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 71DBB869B9;
	Wed, 12 Apr 2017 15:56:56 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	by ash.osuosl.org (Postfix) with ESMTP id 87B1B1C0589
	for <buildroot@lists.busybox.net>;
	Wed, 12 Apr 2017 15:56:54 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 809F4869B9
	for <buildroot@lists.busybox.net>;
	Wed, 12 Apr 2017 15:56:54 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Rt7NUUTR7PqL for <buildroot@lists.busybox.net>;
	Wed, 12 Apr 2017 15:56:53 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mailapp01.imgtec.com (mailapp01.imgtec.com [195.59.15.196])
	by fraxinus.osuosl.org (Postfix) with ESMTP id B53F68691C
	for <buildroot@buildroot.org>; Wed, 12 Apr 2017 15:56:53 +0000 (UTC)
Received: from HHMAIL01.hh.imgtec.org (unknown [10.100.10.19])
	by Forcepoint Email with ESMTPS id A6BBAF4842225
	for <buildroot@buildroot.org>; Wed, 12 Apr 2017 16:56:48 +0100 (IST)
Received: from vriera-linux.le.imgtec.org (192.168.154.96) by
	HHMAIL01.hh.imgtec.org (10.100.10.21) with Microsoft SMTP Server
	(TLS) id 14.3.294.0; Wed, 12 Apr 2017 16:56:52 +0100
From: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
To: <buildroot@buildroot.org>
Date: Wed, 12 Apr 2017 16:56:47 +0100
Message-ID: <20170412155647.15077-1-Vincent.Riera@imgtec.com>
X-Mailer: git-send-email 2.10.2
MIME-Version: 1.0
X-Originating-IP: [192.168.154.96]
Subject: [Buildroot] [PATCH] dovecot: bump version to 2.2.29.1 (security)
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Security fix:

  passdb/userdb dict: Don't double-expand %variables in keys. If dict
  was used as the authentication passdb, using specially crafted
  %variables in the username could be used to cause DoS (CVE-2017-2669)

Full ChangeLog 2.2.29 (including CVE fix):
  https://www.dovecot.org/list/dovecot-news/2017-April/000341.html

Full ChangeLog 2.2.29.1 (some fixes forgotten in the 2.2.29 release):

  https://www.dovecot.org/list/dovecot-news/2017-April/000344.html

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
---
 package/dovecot/dovecot.hash | 2 +-
 package/dovecot/dovecot.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/dovecot/dovecot.hash b/package/dovecot/dovecot.hash
index b52ea8d..46e7c5a 100644
--- a/package/dovecot/dovecot.hash
+++ b/package/dovecot/dovecot.hash
@@ -1,2 +1,2 @@
 # Locally computed after checking signature
-sha256 e0288f59e326ab87cb3881fdabadafe542f4dc7ab9996db13863a439ebbc1f25  dovecot-2.2.28.tar.gz
+sha256 ccfa9ffb7eb91e9e87c21c108324b911250c9ffa838bffb64b1caafadcb0f388  dovecot-2.2.29.1.tar.gz
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index a7f6de4..3f71f68 100644
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 DOVECOT_VERSION_MAJOR = 2.2
-DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).28
+DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).29.1
 DOVECOT_SITE = http://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
 DOVECOT_INSTALL_STAGING = YES
 DOVECOT_LICENSE = LGPL-2.1