From owner-svn-ports-head@freebsd.org Wed Aug 28 16:00:00 2019 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6B417E0267; Wed, 28 Aug 2019 16:00:00 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46JVnD2BjVz4Mjw; Wed, 28 Aug 2019 16:00:00 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2E85B9A85; Wed, 28 Aug 2019 16:00:00 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x7SFxxCl008907; Wed, 28 Aug 2019 15:59:59 GMT (envelope-from ler@FreeBSD.org) Received: (from ler@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x7SFxxmd008904; Wed, 28 Aug 2019 15:59:59 GMT (envelope-from ler@FreeBSD.org) Message-Id: <201908281559.x7SFxxmd008904@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ler set sender to ler@FreeBSD.org using -f From: Larry Rosenman Date: Wed, 28 Aug 2019 15:59:59 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r510075 - in head/mail: dovecot dovecot-pigeonhole X-SVN-Group: ports-head X-SVN-Commit-Author: ler X-SVN-Commit-Paths: in head/mail: dovecot dovecot-pigeonhole X-SVN-Commit-Revision: 510075 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2019 16:00:00 -0000 Author: ler Date: Wed Aug 28 15:59:59 2019 New Revision: 510075 URL: https://svnweb.freebsd.org/changeset/ports/510075 Log: mail/dovecot,mail/dovecot-pigeonhole: fix CVE-2019-11500 Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. Found by Nick Roessler and Rafi Rubin. MFH: 2019Q3 Security: CVE-2019-11500 Modified: head/mail/dovecot-pigeonhole/Makefile head/mail/dovecot-pigeonhole/distinfo head/mail/dovecot/Makefile head/mail/dovecot/distinfo Modified: head/mail/dovecot-pigeonhole/Makefile ============================================================================== --- head/mail/dovecot-pigeonhole/Makefile Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot-pigeonhole/Makefile Wed Aug 28 15:59:59 2019 (r510075) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= dovecot-pigeonhole -PORTVERSION= 0.5.7.1 -PORTREVISION= 1 +PORTVERSION= 0.5.7.2 CATEGORIES= mail MASTER_SITES= http://pigeonhole.dovecot.org/releases/${DOVECOTVERSION}/ DISTNAME= ${PORTNAME:C/-/-${DOVECOTVERSION}-/}-${PORTVERSION} @@ -13,8 +12,8 @@ COMMENT= Sieve plugin for the Dovecot 'deliver' LDA an LICENSE= LGPL21 -BUILD_DEPENDS= dovecot>=2.3.6:mail/dovecot -RUN_DEPENDS= dovecot>=2.3.6:mail/dovecot +BUILD_DEPENDS= dovecot>=2.3.7:mail/dovecot +RUN_DEPENDS= dovecot>=2.3.7:mail/dovecot DOVECOTVERSION= 2.3 Modified: head/mail/dovecot-pigeonhole/distinfo ============================================================================== --- head/mail/dovecot-pigeonhole/distinfo Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot-pigeonhole/distinfo Wed Aug 28 15:59:59 2019 (r510075) @@ -1,3 +1,3 @@ -TIMESTAMP = 1563891950 -SHA256 (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 3270b24c1f75a7c144f54d6d08ce994176e39c2cdb3ac4dd80ad5e64aaaa2028 -SIZE (dovecot-2.3-pigeonhole-0.5.7.1.tar.gz) = 1857291 +TIMESTAMP = 1567007127 +SHA256 (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = d59d0c5c5225a126e5b98bf95d75e8dd368bdeeb3da2e9766dbe4fddaa9411b0 +SIZE (dovecot-2.3-pigeonhole-0.5.7.2.tar.gz) = 1857602 Modified: head/mail/dovecot/Makefile ============================================================================== --- head/mail/dovecot/Makefile Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot/Makefile Wed Aug 28 15:59:59 2019 (r510075) @@ -7,7 +7,7 @@ ###################################################################### PORTNAME= dovecot -PORTVERSION= 2.3.7.1 +PORTVERSION= 2.3.7.2 CATEGORIES= mail ipv6 MASTER_SITES= https://dovecot.org/releases/2.3/ Modified: head/mail/dovecot/distinfo ============================================================================== --- head/mail/dovecot/distinfo Wed Aug 28 15:58:09 2019 (r510074) +++ head/mail/dovecot/distinfo Wed Aug 28 15:59:59 2019 (r510075) @@ -1,3 +1,3 @@ -TIMESTAMP = 1563891542 -SHA256 (dovecot-2.3.7.1.tar.gz) = c5a51d6f76e6e9c843df69e52a364a4c65c4c60e0c51d992eaa45f22f71803c3 -SIZE (dovecot-2.3.7.1.tar.gz) = 7076500 +TIMESTAMP = 1567006255 +SHA256 (dovecot-2.3.7.2.tar.gz) = 666ce084760a47e601d49a9be3c7993c48789d332631e8dfb45f443b367b1260 +SIZE (dovecot-2.3.7.2.tar.gz) = 7076231