notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
All times are UTC
non port: mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c

Number of commits found: 4

Sat, 3 Jul 2021
[ 10:09 Kurt Jaeger (pi) search for other commits by this committer Author: Juraj Lutter ]    commit hash:21a797ec8c62a66c2e44c7e99acbf3063ec113aa  commit hash:21a797ec8c62a66c2e44c7e99acbf3063ec113aa  commit hash:21a797ec8c62a66c2e44c7e99acbf3063ec113aa  21a797e  (Only the first 10 of 11 ports in this commit are shown above. View all ports for this commit)
mail/dovecot-*: update 2.3.13 -> 2.3.15 and related ports

PR:			256860
Approved by:		fluffy (ports-secteam)
Submitted by:		otis
Security:		CVE-2021-29157, CVE-2021-33515, CVE-2020-28200
Differential Revision:
MFH:			2021Q3
Fri, 14 Aug 2020
[ 00:27 ler search for other commits by this committer ] Original commit   Revision:544857
mail/dovecot, mail/dovecot-pigeonhole: upgrade to and 0.5.11,

dovecot changelog:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Tue, 30 Apr 2019
[ 21:33 ler search for other commits by this committer ] Original commit   Revision:500569
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.6, 0.5.6 respectively.

Dovecot changelog:
* CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer
access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was started over
TLS secured channel and invalid authentication message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when
XCLIENT commands were sent infinitely to the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously sent as two
replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF consistently when
CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without setting
ssl_client_ca_* settings.
- pop3c: SSL support was broken.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
Wed, 2 Jan 2019
[ 22:30 ler search for other commits by this committer ] Original commit   Revision:489098
mail/dovecot: Pick up a mailinglist patch for solr/tika separation.

solr and tika currently use the same http client connection.  Upstream
made the attached patches in response to my (ler@) bug report.

Obtained from:	upstream mailing list.

Number of commits found: 4