This will update mail/sieve-connect to latest version 0.85. Previously, sieve-connect was not actually verifying TLS certificate identities matched the expected hostname. Changes with new version: Fix TLS verification; find server by own hostname & SRV. * TLS hostname verification was not actually happening. * IO::Socket::SSL requirement bumped to 1.14 (was 0.97). * By default, if no server specified, before falling back to localhost try to use the current hostname and SRV records in DNS to figure out if Sieve is available. Checks for sieve, imaps & imap protocol SRV records and honours target==. to mean "no". * This works better with the Mozilla::PublicSuffix module installed. * Added ability to blacklist authentication mechanisms More info: http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html
Responsible Changed From-To: freebsd-ports-bugs->bdrewery I'll take it.
State Changed From-To: open->closed Committed. Thanks!
Author: bdrewery Date: Mon Apr 15 12:28:58 2013 New Revision: 315802 URL: http://svnweb.freebsd.org/changeset/ports/315802 Log: - Update to 0.85 - Convert to new options framework sieve-connect was not actually verifying TLS certificate identities matched the expected hostname. Changes with new version: Fix TLS verification; find server by own hostname & SRV. * TLS hostname verification was not actually happening. * IO::Socket::SSL requirement bumped to 1.14 (was 0.97). * By default, if no server specified, before falling back to localhost try to use the current hostname and SRV records in DNS to figure out if Sieve is available. Checks for sieve, imaps & imap protocol SRV records and honours target==. to mean "no". * This works better with the Mozilla::PublicSuffix module installed. * Added ability to blacklist authentication mechanisms More info: http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html PR: ports/177859 Submitted by: "Alexey V. Degtyarev" <alexey@renatasystems.org> (maintainer) Approved by: portmgr (implicit) Security: a2ff483f-a5c6-11e2-9601-000d601460a4 Modified: head/mail/sieve-connect/Makefile head/mail/sieve-connect/distinfo head/security/vuxml/vuln.xml Modified: head/mail/sieve-connect/Makefile ============================================================================== --- head/mail/sieve-connect/Makefile Mon Apr 15 12:14:06 2013 (r315801) +++ head/mail/sieve-connect/Makefile Mon Apr 15 12:28:58 2013 (r315802) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= sieve-connect -PORTVERSION= 0.84 +PORTVERSION= 0.85 CATEGORIES= mail MASTER_SITES= http://people.spodhuis.org/phil.pennock/software/ \ ftp://ftp.renatasystems.org/pub/FreeBSD/ports/distfiles/ @@ -17,7 +17,8 @@ LICENSE_PERMS= dist-mirror dist-sell pkg RUN_DEPENDS= p5-Authen-SASL>=0:${PORTSDIR}/security/p5-Authen-SASL \ p5-IO-Socket-INET6>=0:${PORTSDIR}/net/p5-IO-Socket-INET6 \ - p5-IO-Socket-SSL>=0:${PORTSDIR}/security/p5-IO-Socket-SSL \ + p5-IO-Socket-SSL>=1.14:${PORTSDIR}/security/p5-IO-Socket-SSL \ + p5-Mozilla-PublicSuffix>=0:${PORTSDIR}/dns/p5-Mozilla-PublicSuffix \ p5-Net-DNS>=0:${PORTSDIR}/dns/p5-Net-DNS \ p5-ReadLine-Gnu>=0:${PORTSDIR}/devel/p5-ReadLine-Gnu \ p5-Term-ReadKey>=0:${PORTSDIR}/devel/p5-Term-ReadKey @@ -28,7 +29,9 @@ PLIST_FILES= bin/sieve-connect MAN1= sieve-connect.1 -.if !defined(NOPORTDOCS) +.include <bsd.port.options.mk> + +.if ${PORT_OPTIONS:MDOCS} PORTDOCS= ChangeLog README TODO .endif @@ -36,7 +39,7 @@ do-install: ${INSTALL_SCRIPT} ${WRKSRC}/sieve-connect ${PREFIX}/bin/sieve-connect ${INSTALL_MAN} ${WRKSRC}/sieve-connect.1 \ ${MANPREFIX}/man/man1/sieve-connect.1 -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${DOCSDIR} .for _doc in ${PORTDOCS} ${INSTALL_DATA} ${WRKSRC}/${_doc} ${DOCSDIR}/${_doc} Modified: head/mail/sieve-connect/distinfo ============================================================================== --- head/mail/sieve-connect/distinfo Mon Apr 15 12:14:06 2013 (r315801) +++ head/mail/sieve-connect/distinfo Mon Apr 15 12:28:58 2013 (r315802) @@ -1,2 +1,2 @@ -SHA256 (sieve-connect-0.84.tar.bz2) = 3cda30c4f7fbbe3339a1dd934c989315e5a00c32ea203494d5c8dae77a36fa47 -SIZE (sieve-connect-0.84.tar.bz2) = 31737 +SHA256 (sieve-connect-0.85.tar.bz2) = 4d4e3eec881ab45f52b2275dade90478d7a6b47942695efb29227d1538a49e7f +SIZE (sieve-connect-0.85.tar.bz2) = 34323 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Apr 15 12:14:06 2013 (r315801) +++ head/security/vuxml/vuln.xml Mon Apr 15 12:28:58 2013 (r315802) @@ -51,6 +51,32 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a2ff483f-a5c6-11e2-9601-000d601460a4"> + <topic>sieve-connect -- TLS hostname verification was not occurring</topic> + <affects> + <package> + <name>sieve-connect</name> + <range><lt>0.85</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>sieve-connect developer Phil Pennock reports:</p> + <blockquote cite="http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html"> + <p>sieve-connect was not actually verifying TLS certificate identities + matched the expected hostname.</p> + </blockquote> + </body> + </description> + <references> + <url>http://mail.globnix.net/pipermail/sieve-connect-announce/2013/000005.html</url> + </references> + <dates> + <discovery>2013-04-14</discovery> + <entry>2013-04-15</entry> + </dates> + </vuln> + <vuln vid="15236023-a21b-11e2-a460-208984377b34"> <topic>linux-flashplugin -- multiple vulnerabilities</topic> <affects> _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"