This version publishes some security patches for the 2.3 line. Testing build on poudriere before adding a patch here.
Created attachment 221272 [details] vuxml: add entry for dovecot 2.3.13
Created attachment 221273 [details] dovecot: update to 2.3.13 I tested this port by building it with poudriere. Only build test: DOCS LIBWRAP VPOPMAIL LDAP Build + runtime test: DOCS LIBWRAP LDAP. It looks like some headers have disappeared that are related to VPOPMAIL, but I wouldn't know how to test if that affects the port negatively when using that OPTION, I did test that it still builds and compared current pkg-plist with the output for make makeplist.
VPOPMAIL support was dropped upstream so feel free to remove the option. LGTM, Dima on behalf of the ports-secteam@
Created #252435 to track removal of the VPOPMAIL OPTION.
(In reply to Evilham from comment #4) Why? It is a part of update and should be applied in one diff
Created attachment 221292 [details] dovecot: update to 2.3.13 remove VPOPMAIL OPTION Because I was in a rush and had missed the removal in 2.3.13 release notes; thank you for pointing that out. Taking a fresh look at this again, I noticed the note about bumping revision for mail/dovecot-fts-xapian and mail/dovecot-pigeonhole (it links to PR 146029). Since there was also a dovecot-pigeonhole release, I added that to the PR. Release notes: https://dovecot.org/pipermail/dovecot-news/2021-January/000449.html
A commit references this bug: Author: pi Date: Wed Jan 6 14:11:36 UTC 2021 New revision: 560521 URL: https://svnweb.freebsd.org/changeset/ports/560521 Log: security/vuxml: add dovecot CVE-2020-24386 PR: 252415 Submitted by: Evilham <contact@evilham.com> Relnotes: https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html Changes: head/security/vuxml/vuln.xml
maintainer approval received by mail
A commit references this bug: Author: pi Date: Wed Jan 6 14:58:37 UTC 2021 New revision: 560527 URL: https://svnweb.freebsd.org/changeset/ports/560527 Log: mail/dovecot: update 2.3.11.3 -> 2.3.13, fix CVE in non-default config mail/dovecot-pigeonhole: update 0.5.11 -> 0.5.13 - please note: option VPOPMAIl was removed from upstream PR: 252415 Submitted by: Evilham <contact@evilham.com> Reviewed by: fluffy Approved by: ler (maintainer) MFH: 2021Q1 Relnotes: https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html https://dovecot.org/pipermail/dovecot-news/2021-January/000449.html Security: CVE-2020-24386, CVE-2020-25275 Changes: head/UPDATING head/mail/dovecot/Makefile head/mail/dovecot/distinfo head/mail/dovecot/pkg-plist head/mail/dovecot-fts-xapian/Makefile head/mail/dovecot-pigeonhole/Makefile head/mail/dovecot-pigeonhole/distinfo
A commit references this bug: Author: pi Date: Wed Jan 6 15:02:17 UTC 2021 New revision: 560528 URL: https://svnweb.freebsd.org/changeset/ports/560528 Log: MFH: r560527 mail/dovecot: update 2.3.11.3 -> 2.3.13, fix CVE in non-default config mail/dovecot-pigeonhole: update 0.5.11 -> 0.5.13 - please note: option VPOPMAIl was removed from upstream PR: 252415 Submitted by: Evilham <contact@evilham.com> Reviewed by: fluffy Approved by: ler (maintainer) Relnotes: https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html https://dovecot.org/pipermail/dovecot-news/2021-January/000449.html Security: CVE-2020-24386, CVE-2020-25275 Approved by: ports-secteam (fluffy) Changes: _U branches/2021Q1/ branches/2021Q1/UPDATING branches/2021Q1/mail/dovecot/Makefile branches/2021Q1/mail/dovecot/distinfo branches/2021Q1/mail/dovecot/pkg-plist branches/2021Q1/mail/dovecot-fts-xapian/Makefile branches/2021Q1/mail/dovecot-pigeonhole/Makefile branches/2021Q1/mail/dovecot-pigeonhole/distinfo
Committed, thanks!