Created attachment 179790 [details] Patch to version 3.0.2 Update to 3.0.2. Message from developer: The most important reason for the release was a SECURITY FIX: don't allow to delete protected aliases (CVE-2017-5930, PR#23). Thanks to Janfred @github for the report and the pull request! Besides that, the following non-security bugs were fixed: - fix VacationHandler for PostgreSQL - AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with lots of mailboxes - allow switching between dovecot: password schemes while still accepting passwords hashed using the previous dovecot: scheme - FetchmailHandler: use a valid date as default for 'date' - fix date formatting in non-english languages when using PostgreSQL - debian packaging: improve dependencies, remove old templates_c/ files - various small fixes Updates from 3.0 should be boring, you don't even need to run setup.php.
Created attachment 179792 [details] poudriere build log on 10.3
Created attachment 179793 [details] poudriere build log on 11.0
Thank you. Please MFH.
Comment on attachment 179790 [details] Patch to version 3.0.2 Approved.
A commit references this bug: Author: krion Date: Fri Feb 10 17:33:53 UTC 2017 New revision: 433819 URL: https://svnweb.freebsd.org/changeset/ports/433819 Log: Update mail/postfixadmin to 3.0.2 (security fix) SECURITY FIX: don't allow to delete protected aliases (CVE-2017-5930, PR#23). Following non-security bugs were fixed: - Fix VacationHandler for PostgreSQL - AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with +lots of mailboxes - Allow switching between dovecot: password schemes while still accepting passwords hashed using the previous dov +ecot: scheme - FetchmailHandler: use a valid date as default for 'date' - Fix date formatting in non-english languages when using PostgreSQL PR: 216932 Submitted by: lukasz@wasikowski.net Approved by: maintainer, mat (mentor) Differential Revision: https://reviews.freebsd.org/D9521 Changes: head/mail/postfixadmin/Makefile head/mail/postfixadmin/distinfo
Kirill, do you intend to merge this to quarterly?
(In reply to Adam Weinberger from comment #6) Adam, I will inform ports-secteam@ about it first, as I forgot to put Security: CVE-YYYY-NNNN in the commit log message body
A commit references this bug: Author: krion Date: Mon Feb 13 10:48:24 UTC 2017 New revision: 433982 URL: https://svnweb.freebsd.org/changeset/ports/433982 Log: MFH: r433819 Update mail/postfixadmin to 3.0.2 (security fix) SECURITY FIX: don't allow to delete protected aliases (CVE-2017-5930, PR#23). Following non-security bugs were fixed: - Fix VacationHandler for PostgreSQL - AliasHandler: restrict mailbox subquery to allowed and specified domains to improve performance on setups with +lots of mailboxes - Allow switching between dovecot: password schemes while still accepting passwords hashed using the previous dov +ecot: scheme - FetchmailHandler: use a valid date as default for 'date' - Fix date formatting in non-english languages when using PostgreSQL PR: 216932 Submitted by: lukasz@wasikowski.net Approved by: maintainer, mat (mentor) Differential Revision: https://reviews.freebsd.org/D9521 Approved by: ports-secteam Changes: _U branches/2017Q1/ branches/2017Q1/mail/postfixadmin/Makefile branches/2017Q1/mail/postfixadmin/distinfo