[Dovecot] Fixes CVE-2017-15132 - take 2

This commit is contained in:
andre.peters 2018-02-01 23:37:10 +01:00
parent c5f9b065f6
commit cf1e46723a
2 changed files with 4 additions and 2 deletions

View File

@ -65,7 +65,9 @@ RUN apt-get update && apt-get -y --no-install-recommends install \
RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz \
&& cd dovecot-$DOVECOT_VERSION \
&& sed '/call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);/a pool_unref(&request->pool);' src/lib-auth/auth-client-request.c \
&& curl -o src/lib-auth/auth-client-request.c https://mailcow.email/dovecot-patch1/auth-client-request.c \
&& curl -o src/lib-auth/auth-server-connection.c https://mailcow.email/dovecot-patch1/auth-server-connection.c \
&& curl -o src/lib-auth/auth-server-connection.h https://mailcow.email/dovecot-patch1/auth-server-connection.h \
&& ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
&& make -j3 \
&& make install \

View File

@ -163,7 +163,7 @@ services:
- sogo
dovecot-mailcow:
image: mailcow/dovecot:1.19
image: mailcow/dovecot:1.20
build: ./data/Dockerfiles/dovecot
cap_add:
- NET_BIND_SERVICE