The port's maintainer has sent a more complete diff which I am going to
look at sign.
On 2021/06/22 10:56, Renaud Allard wrote:
> Hello,
>
> Here are some diffs to update dovecot and pigeonhole to solve the following
> CVE
>
> CVE-2021-33515: SMTP Submission service STARTTLS injection
> CVE-2021-29157: oauth2 JWT local validation path traversal
> CVE-2020-28200: Sieve excessive resource usage
>
> Best Regards
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/dovecot/Makefile,v
> retrieving revision 1.297
> diff -u -p -r1.297 Makefile
> --- Makefile 8 Mar 2021 17:56:18 -0000 1.297
> +++ Makefile 22 Jun 2021 08:52:06 -0000
> @@ -9,9 +9,8 @@ COMMENT-postgresql= PostgreSQL authentic
> # if backporting an update to stable, ensure all ports depending on
> # this are bumped and that -current is same/newer version than -stable
> V_MAJOR= 2.3
> -V_DOVECOT= 2.3.14
> +V_DOVECOT= 2.3.15
> EPOCH= 0
> -REVISION-server= 0
>
> DISTNAME= dovecot-${V_DOVECOT}
> PKGNAME= dovecot-${V_DOVECOT}
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/mail/dovecot/distinfo,v
> retrieving revision 1.156
> diff -u -p -r1.156 distinfo
> --- distinfo 8 Mar 2021 13:08:27 -0000 1.156
> +++ distinfo 22 Jun 2021 08:52:06 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (dovecot-2.3.14.tar.gz) = yLPX868eVYo/8PlwMJ1AE6TTzhNvjAKlOjsF80W5o0o=
> -SIZE (dovecot-2.3.14.tar.gz) = 7483769
> +SHA256 (dovecot-2.3.15.tar.gz) = IbvdXUWVepkTPei35xgT7Lc9lHbInfxjR56RArNVNZA=
> +SIZE (dovecot-2.3.15.tar.gz) = 7608561
> Index: pkg/PLIST-server
> ===================================================================
> RCS file: /cvs/ports/mail/dovecot/pkg/PLIST-server,v
> retrieving revision 1.82
> diff -u -p -r1.82 PLIST-server
> --- pkg/PLIST-server 8 Mar 2021 17:56:18 -0000 1.82
> +++ pkg/PLIST-server 22 Jun 2021 08:52:06 -0000
> @@ -80,6 +80,7 @@ include/dovecot/config-parser.h
> include/dovecot/config-request.h
> include/dovecot/config.h
> include/dovecot/connection.h
> +include/dovecot/cpu-limit.h
> include/dovecot/crc32.h
> include/dovecot/data-stack.h
> include/dovecot/db-checkpassword.h
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/dovecot-pigeonhole/Makefile,v
> retrieving revision 1.76
> diff -u -p -r1.76 Makefile
> --- Makefile 8 Mar 2021 13:08:49 -0000 1.76
> +++ Makefile 22 Jun 2021 08:52:25 -0000
> @@ -2,7 +2,7 @@
>
> COMMENT= Sieve mail filtering for Dovecot
>
> -V_SIEVE= 0.5.14
> +V_SIEVE= 0.5.15
> V_DOVECOT= 2.3
>
> DISTNAME= dovecot-${V_DOVECOT}-pigeonhole-${V_SIEVE}
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/mail/dovecot-pigeonhole/distinfo,v
> retrieving revision 1.44
> diff -u -p -r1.44 distinfo
> --- distinfo 8 Mar 2021 13:08:49 -0000 1.44
> +++ distinfo 22 Jun 2021 08:52:25 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (dovecot-2.3-pigeonhole-0.5.14.tar.gz) =
> aMoPeKPKprCQpGn0XDlcRM8W2o/LM0V1WxykNsn/stI=
> -SIZE (dovecot-2.3-pigeonhole-0.5.14.tar.gz) = 1910607
> +SHA256 (dovecot-2.3-pigeonhole-0.5.15.tar.gz) =
> 4UmPUM73TDUaV0dMxCOwCGJ6satgckuFkoPq1tAFUNA=
> +SIZE (dovecot-2.3-pigeonhole-0.5.15.tar.gz) = 1935601
