|non port: mail/dovecot/files/patch-src_plugins_fts-solr_solr-connection.c
Number of commits found: 4
Sat, 3 Jul 2021
21a797e (Only the first 10 of 11 ports in this commit are shown above. )
mail/dovecot-*: update 2.3.13 -> 2.3.15 and related ports
Approved by: fluffy (ports-secteam)
Submitted by: otis
Security: CVE-2021-29157, CVE-2021-33515, CVE-2020-28200
Differential Revision: https://reviews.freebsd.org/D30866
Fri, 14 Aug 2020
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 220.127.116.11 and 0.5.11,
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in(Only the first 15 lines of the commit message are shown above )
Tue, 30 Apr 2019
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.6, 0.5.6 respectively.
* CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer
access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was started over
TLS secured channel and invalid authentication message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when
XCLIENT commands were sent infinitely to the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously sent as two
replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF consistently when
CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without setting
- pop3c: SSL support was broken.(Only the first 15 lines of the commit message are shown above )
Wed, 2 Jan 2019
mail/dovecot: Pick up a mailinglist patch for solr/tika separation.
solr and tika currently use the same http client connection. Upstream
made the attached patches in response to my (ler@) bug report.
Obtained from: upstream mailing list.
Number of commits found: 4