Index: mail/dovecot/Makefile =================================================================== --- mail/dovecot/Makefile (revision 460466) +++ mail/dovecot/Makefile (working copy) @@ -13,7 +13,7 @@ PORTNAME= dovecot PORTVERSION= 2.2.33.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= mail ipv6 MASTER_SITES= https://www.dovecot.org/releases/2.2/ Index: mail/dovecot/files/patch-src_lib-auth_auth-client-request.c =================================================================== --- mail/dovecot/files/patch-src_lib-auth_auth-client-request.c (revision 460466) +++ mail/dovecot/files/patch-src_lib-auth_auth-client-request.c (working copy) @@ -1,10 +1,18 @@ ---- src/lib-auth/auth-client-request.c.orig 2017-10-05 17:10:44 UTC +# +Ref: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22 +Security: CVE-2017-15132 + +Fix memory leak. + +--- src/lib-auth/auth-client-request.c.orig 2018-02-01 02:10:16 UTC +++ src/lib-auth/auth-client-request.c -@@ -180,6 +180,7 @@ void auth_client_request_abort(struct auth_client_requ +@@ -180,6 +180,9 @@ void auth_client_request_abort(struct au auth_client_send_cancel(request->conn->client, request->id); call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); -+ pool_unref(&request->pool); ++ /* remove the request */ ++ auth_server_connection_remove_request(request->conn, request->id); ++ pool_unref(&request->pool); } unsigned int auth_client_request_get_id(struct auth_client_request *request) Index: mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c =================================================================== --- mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c (nonexistent) +++ mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c (working copy) @@ -0,0 +1,19 @@ +# +Ref: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22 +Security: CVE-2017-15132 + +Fix memory leak. + +--- src/lib-auth/auth-server-connection.c.orig 2017-10-05 17:10:44 UTC ++++ src/lib-auth/auth-server-connection.c +@@ -481,3 +481,10 @@ auth_server_connection_add_request(struc + hash_table_insert(conn->requests, POINTER_CAST(id), request); + return id; + } ++ ++void auth_server_connection_remove_request(struct auth_server_connection *conn, ++ unsigned int id) ++{ ++ i_assert(conn->handshake_received); ++ hash_table_remove(conn->requests, POINTER_CAST(id)); ++} Index: mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h =================================================================== --- mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h (nonexistent) +++ mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h (working copy) @@ -0,0 +1,15 @@ +# +Ref: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22 +Security: CVE-2017-15132 + +Fix memory leak. + +--- src/lib-auth/auth-server-connection.h.orig 2017-10-05 17:10:44 UTC ++++ src/lib-auth/auth-server-connection.h +@@ -38,4 +38,6 @@ void auth_server_connection_disconnect(s + unsigned int + auth_server_connection_add_request(struct auth_server_connection *conn, + struct auth_client_request *request); ++void auth_server_connection_remove_request(struct auth_server_connection *conn, ++ unsigned int id); + #endif