[ 00:27 ler  ]

• 544857 mail/dovecot-pigeonhole/Makefile
• 544857 mail/dovecot-pigeonhole/distinfo
• 544857 mail/dovecot/Makefile
• 544857 mail/dovecot/distinfo
• 544857 mail/dovecot/files/patch-configure
• 544857 mail/dovecot/files/patch-src_lib-fts_fts-filter-stemmer-snowball.c
• 544857 mail/dovecot/files/patch-src_lib-master_master-service.c
• 544857 mail/dovecot/files/patch-src_plugins_fts-lucene_SnowballFilter.h
• 544857 mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c
• 544857 mail/dovecot/pkg-plist

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.11.3 and 0.5.11,
repectively.

dovecot changelog:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in

(Only the first 15 lines of the commit message are shown above )

[ 17:59 ler  ]

• 519037 mail/dovecot-fts-xapian/Makefile
• 519037 mail/dovecot-pigeonhole/Makefile
• 519037 mail/dovecot-pigeonhole/distinfo
• 519037 mail/dovecot-pigeonhole/pkg-plist
• 519037 mail/dovecot/Makefile
• 519037 mail/dovecot/distinfo
• 519037 mail/dovecot/files/patch-src_lib-master_master-service.c
• 519037 mail/dovecot/files/patch-src_lib_net.c
• 519037 mail/dovecot/files/patch-src_master_main.c
• 519037 mail/dovecot/pkg-plist

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.9, 0.5.9 respectively.

Bump PORTREVISION of mail/dovecot-fts-xapian for version change of dovecot.

Changelog:
Dovecot:
* Changed several event field names for consistency and to avoid
  conflicts in parent-child event relationships:
   * SMTP server command events: Renamed "name" to "cmd_name"
   * Events inheriting from a mailbox: Renamed "name" to "mailbox"
   * Server connection events have only "remote_ip", "remote_port",
     "local_ip" and "local_port".
   * Removed duplicate "client_ip", "ip" and "port".
   * Mail storage events: Removed "service" field.
     Use "service:<name>" category instead.

(Only the first 15 lines of the commit message are shown above )

[ 17:55 ler  ]

• 489516 mail/dovecot/files/patch-src_lib-master_master-service.c

mail/dovecot: Fix previous commit.

I missed a character typing the patch.

Pointy Hat: ler

[ 17:46 ler  ]

• 489515 mail/dovecot/Makefile
• 489515 mail/dovecot/files/patch-src_lib-master_master-service.c

mail/dovecot: Pick up mailing list patch for imap-preauth vs. stats-writer.

see the dovecot mailing list thread on imap-preauth and stats-writer between
Stephan Bosch and a FreeBSD user

Obtained from:	upstream mailing list.