Date: Sat, 17 Aug 2024 03:07:57 +0300 From: Vladimir Druzenko <vvd@freebsd.org> To: Kevin Bowling <kevin.bowling@kev009.com> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: =?UTF-8?Q?Re=3A_git=3A_72dd8d2ee676_-_main_-_mail/dovecot=3A_update?= =?UTF-8?B?IDIuMy4yMSDihpIgMi4zLjIxLjEgKGZpeGVzIDIgQ1ZFcyk=?= Message-ID: <46cd3411-017c-4efa-8f75-e1e3acecce09@freebsd.org> In-Reply-To: <CAK7dMtDpKJjLYheA77QY_5TKG2uEsLWtcGwSz%2Bqp4%2BNYuwDqNg@mail.gmail.com> References: <202408161835.47GIZuZJ084942@gitrepo.freebsd.org> <CAK7dMtD6gZ0dHhu8edEs%2BH1wEdKbeE4%2B6L%2BRDCbBRuHj5WJ5fA@mail.gmail.com> <5b4df306-2998-4f98-b5fa-8bf168cd011a@freebsd.org> <CAK7dMtDpKJjLYheA77QY_5TKG2uEsLWtcGwSz%2Bqp4%2BNYuwDqNg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------Teuv0lammVk4eexxWmDMRHnx
Content-Type: multipart/mixed; boundary="------------KA5DVnYPQoR1fTl21UFvFt8O";
protected-headers="v1"
From: Vladimir Druzenko <vvd@freebsd.org>
To: Kevin Bowling <kevin.bowling@kev009.com>
Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org,
dev-commits-ports-main@freebsd.org
Message-ID: <46cd3411-017c-4efa-8f75-e1e3acecce09@freebsd.org>
Subject: =?UTF-8?Q?Re=3A_git=3A_72dd8d2ee676_-_main_-_mail/dovecot=3A_update?=
=?UTF-8?B?IDIuMy4yMSDihpIgMi4zLjIxLjEgKGZpeGVzIDIgQ1ZFcyk=?=
References: <202408161835.47GIZuZJ084942@gitrepo.freebsd.org>
<CAK7dMtD6gZ0dHhu8edEs+H1wEdKbeE4+6L+RDCbBRuHj5WJ5fA@mail.gmail.com>
<5b4df306-2998-4f98-b5fa-8bf168cd011a@freebsd.org>
<CAK7dMtDpKJjLYheA77QY_5TKG2uEsLWtcGwSz+qp4+NYuwDqNg@mail.gmail.com>
In-Reply-To: <CAK7dMtDpKJjLYheA77QY_5TKG2uEsLWtcGwSz+qp4+NYuwDqNg@mail.gmail.com>
--------------KA5DVnYPQoR1fTl21UFvFt8O
Content-Type: multipart/mixed; boundary="------------LONJWmpCWqzi49EAi0s0BDdf"
--------------LONJWmpCWqzi49EAi0s0BDdf
Content-Type: multipart/alternative;
boundary="------------1P33U1C77Ovr6KRss6WUrSsD"
--------------1P33U1C77Ovr6KRss6WUrSsD
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
MTcuMDguMjAyNCAwMTowMywgS2V2aW4gQm93bGluZyDQv9C40YjQtdGCOg0KPiBPbiBGcmks
IEF1ZyAxNiwgMjAyNCBhdCAyOjU34oCvUE0gVmxhZGltaXIgRHJ1emVua28gPHZ2ZEBmcmVl
YnNkLm9yZz4gDQo+IHdyb3RlOg0KPg0KPiAgICAgMTYuMDguMjAyNCAyMjowMywgS2V2aW4g
Qm93bGluZyDQv9C40YjQtdGCOg0KPiAgICAgPiBDVkVzIHNob3VsZCBjb21lIHdpdGggYW4g
dXBkYXRlIHRvIHNlY3VyaXR5L3Z1eG1sL3Z1bG4vMjAyNC54bWwNCj4NCj4gICAgIEkgZG9u
J3Qga25vdyBob3cgdG8gZG8gdGhpcyBjb3JyZWN0bHkuDQo+DQo+DQo+IFlvdSBzaG91bGQg
c2VlayBoZWxwIG9yIGFic3RhaW4gZnJvbSBkb2luZyBzZWN1cml0eSB1cGRhdGVzIHRoZW4u
wqAgSXQgDQo+IGlzIGp1c3QgYW4geG1sIGZpbGUgdGhhdCB5b3UgdXBkYXRlLCB0aGUgd2lr
aSANCj4gaHR0cHM6Ly93aWtpLmZyZWVic2Qub3JnL1Z1WE1MDQo+IMKgYW5kIHRoZSBsaW5r
IGluc2lkZSB0byB0aGUgUEhCIGhhdmUgYWxsIG5lY2Vzc2FyeSBpbnN0cnVjdGlvbnMuDQo+
DQpJIHdvdWxkbid0IGRvIHRoYXQsIGJ1dCBsZXJAIChtYWludGFpbmVyKSBpcyBpbiBob3Nw
aXRhbCBhbmQgYXNrZWQgdG8gDQp1cGRhdGUgaGlzIHBvcnQuDQpBbHNvLCBJIHVzZSBkb3Zl
Y290IHNvIEkgY2FuIHRlc3QgaXQgaW4gcmVhbCB3b3JrIGJlZm9yZSBjb21taXR0aW5nLCAN
CndoaWNoIEkgZGlkLg0KDQpJZiB5b3UgY2FuIGFuZCBhcmUgd2lsbGluZyB0byBoZWxwLCB0
aGVuIGp1c3QgaGVscC4gSnVzdCBsaWtlIHdlIGFsbCANCmhlbHAgd2l0aCB1cGRhdGluZyBw
b3J0cyBmcm9tIG1haW50YWluZXJzIHdpdGhvdXQgY29tbWl0IGJpdHMgb3IgZml4aW5nIA0K
YnJva2VuIHBvcnRzIGJ1aWxkcy4NCg0KUGVhY2UuDQoNCj4NCj4gICAgID4gT24gRnJpLCBB
dWcgMTYsIDIwMjQgYXQgMTE6MzbigK9BTSBWbGFkaW1pciBEcnV6ZW5rbw0KPiAgICAgPHZ2
ZEBmcmVlYnNkLm9yZz4gd3JvdGU6DQo+ICAgICA+PiBUaGUgYnJhbmNoIG1haW4gaGFzIGJl
ZW4gdXBkYXRlZCBieSB2dmQ6DQo+ICAgICA+Pg0KPiAgICAgPj4gVVJMOg0KPiAgICAgaHR0
cHM6Ly9jZ2l0LkZyZWVCU0Qub3JnL3BvcnRzL2NvbW1pdC8/aWQ9NzJkZDhkMmVlNjc2MGVk
OWEwZjIyZmIyYzJlNzUwZDU4NzU1MThkNA0KPiAgICAgPGh0dHBzOi8vY2dpdC5GcmVlQlNE
Lm9yZy9wb3J0cy9jb21taXQvP2lkPTcyZGQ4ZDJlZTY3NjBlZDlhMGYyMmZiMmMyZTc1MGQ1
ODc1NTE4ZDQ+DQo+ICAgICA+Pg0KPiAgICAgPj4gY29tbWl0IDcyZGQ4ZDJlZTY3NjBlZDlh
MGYyMmZiMmMyZTc1MGQ1ODc1NTE4ZDQNCj4gICAgID4+IEF1dGhvcjrCoCDCoCDCoFZsYWRp
bWlyIERydXplbmtvIDx2dmRARnJlZUJTRC5vcmc+DQo+ICAgICA+PiBBdXRob3JEYXRlOiAy
MDI0LTA4LTE2IDE4OjMxOjA0ICswMDAwDQo+ICAgICA+PiBDb21taXQ6wqAgwqAgwqBWbGFk
aW1pciBEcnV6ZW5rbyA8dnZkQEZyZWVCU0Qub3JnPg0KPiAgICAgPj4gQ29tbWl0RGF0ZTog
MjAyNC0wOC0xNiAxODozMTowNCArMDAwMA0KPiAgICAgPj4NCj4gICAgID4+wqAgwqAgwqAg
bWFpbC9kb3ZlY290OiB1cGRhdGUgMi4zLjIxIOKGkiAyLjMuMjEuMSAoZml4ZXMgMiBDVkVz
KQ0KPiAgICAgPj4NCj4gICAgID4+wqAgwqAgwqAgLSBDVkUtMjAyNC0yMzE4NDogQSBsYXJn
ZSBudW1iZXIgb2YgYWRkcmVzcyBoZWFkZXJzIGluDQo+ICAgICBlbWFpbCByZXN1bHRlZA0K
PiAgICAgPj7CoCDCoCDCoCDCoCBpbiBleGNlc3NpdmUgQ1BVIHVzYWdlLg0KPiAgICAgPj7C
oCDCoCDCoCAtIENWRS0yMDI0LTIzMTg1OiBBYm5vcm1hbGx5IGxhcmdlIGVtYWlsIGhlYWRl
cnMgYXJlIG5vdw0KPiAgICAgdHJ1bmNhdGVkIG9yDQo+ICAgICA+PsKgIMKgIMKgIMKgIGRp
c2NhcmRlZCwgd2l0aCBhIGxpbWl0IG9mIDEwTUIgb24gYSBzaW5nbGUgaGVhZGVyIGFuZA0K
PiAgICAgNTBNQiBmb3IgYWxsDQo+ICAgICA+PsKgIMKgIMKgIMKgIHRoZSBoZWFkZXJzIG9m
IGFsbCB0aGUgcGFydHMgb2YgYW4gZW1haWwuDQo+ICAgICA+PsKgIMKgIMKgIC0gb2F1dGgy
OiBEb3ZlY290IHdvdWxkIHNlbmQgY2xpZW50X2lkIGFuZCBjbGllbnRfc2VjcmV0DQo+ICAg
ICBhcyBQT1NUIHBhcmFtZXRlcnMNCj4gICAgID4+wqAgwqAgwqAgwqAgdG8gaW50cm9zcGVj
dGlvbiBzZXJ2ZXIuIFRoZXNlIG5lZWQgdG8gYmUgb3B0aW9uYWxseSBpbg0KPiAgICAgQmFz
aWMgYXV0aA0KPiAgICAgPj7CoCDCoCDCoCDCoCBpbnN0ZWFkIGFzIHJlcXVpcmVkIGJ5IE9J
REMgc3BlY2lmaWNhdGlvbi4NCj4gICAgID4+wqAgwqAgwqAgLSBvYXV0aDI6IEpXVCBrZXkg
dHlwZSBjaGVjayB3YXMgdG9vIHN0cmljdC4NCj4gICAgID4+wqAgwqAgwqAgLSBvYXV0aDI6
IEpXVCB0b2tlbiBhdWRpZW5jZSB3YXMgbm90IHZhbGlkYXRlZCBhZ2FpbnN0DQo+ICAgICBj
bGllbnRfaWQgYXMNCj4gICAgID4+wqAgwqAgwqAgwqAgcmVxdWlyZWQgYnkgT0lEQyBzcGVj
aWZpY2F0aW9uLg0KPiAgICAgPj7CoCDCoCDCoCAtIG9hdXRoMjogWE9BVVRIMiBhbmQgT0FV
VEhCRUFSRVIgbWVjaGFuaXNtcyB3ZXJlIG5vdA0KPiAgICAgZ2l2aW5nIG91dA0KPiAgICAg
Pj7CoCDCoCDCoCDCoCBwcm90b2NvbCBzcGVjaWZpYyBlcnJvciBtZXNzYWdlIG9uIGFsbCBl
cnJvcnMuIFRoaXMNCj4gICAgIGJyb2tlIE9JREMgZGlzY292ZXJ5Lg0KPiAgICAgPj7CoCDC
oCDCoCAtIG9hdXRoMjogSldUIGF1ZCB2YWxpZGF0aW9uIHdhcyBub3QgcGVyZm9ybWVkIGlm
IGF1ZCB3YXMNCj4gICAgIG1pc3NpbmcNCj4gICAgID4+wqAgwqAgwqAgwqAgZnJvbSB0b2tl
biwgYnV0IHdhcyBjb25maWd1cmVkIG9uIERvdmVjb3QuDQo+ICAgICA+Pg0KPiAgICAgaHR0
cHM6Ly9kb3ZlY290Lm9yZy9tYWlsbWFuMy9oeXBlcmtpdHR5L2xpc3QvZG92ZWNvdC1uZXdz
QGRvdmVjb3Qub3JnL3RocmVhZC8yQ1NWTDU2TEZQQVhWTFdNR1hFSVdaTDczNlBTWUhQNS8N
Cj4gICAgID4+DQo+ICAgICA+PsKgIMKgIMKgIFBSOsKgIMKgIMKgIMKgIMKgIMKgIMKgMjgw
ODY2DQo+ICAgICA+PsKgIMKgIMKgIEFwcHJvdmVkIGJ5OsKgIMKgIGxlciAobWFpbnRhaW5l
cikNCj4gICAgID4+wqAgwqAgwqAgTUZIOsKgIMKgIMKgIMKgIMKgIMKgIDIwMjRRMw0KPiAg
ICAgPj4gLS0tDQo+ICAgICA+PsKgIMKgbWFpbC9kb3ZlY290L01ha2VmaWxlIHwgNCArLS0t
DQo+ICAgICA+PsKgIMKgbWFpbC9kb3ZlY290L2Rpc3RpbmZvIHwgNiArKystLS0NCj4gICAg
ID4+wqAgwqAyIGZpbGVzIGNoYW5nZWQsIDQgaW5zZXJ0aW9ucygrKSwgNiBkZWxldGlvbnMo
LSkNCj4gICAgID4+DQo+ICAgICA+PiBkaWZmIC0tZ2l0IGEvbWFpbC9kb3ZlY290L01ha2Vm
aWxlIGIvbWFpbC9kb3ZlY290L01ha2VmaWxlDQo+ICAgICA+PiBpbmRleCBjNzg5ZGEwYTIy
OTQuLjQ0ZjQyYjI3Zjk0ZiAxMDA2NDQNCj4gICAgID4+IC0tLSBhL21haWwvZG92ZWNvdC9N
YWtlZmlsZQ0KPiAgICAgPj4gKysrIGIvbWFpbC9kb3ZlY290L01ha2VmaWxlDQo+ICAgICA+
PiBAQCAtOSw4ICs5LDcgQEANCj4gICAgID4+DQo+ICAgICDCoCMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMN
Cj4gICAgID4+DQo+ICAgICA+PsKgIMKgUE9SVE5BTUU9wqAgwqAgwqAgZG92ZWNvdA0KPiAg
ICAgPj4gLVBPUlRWRVJTSU9OPcKgIMKgMi4zLjIxDQo+ICAgICA+PiAtUE9SVFJFVklTSU9O
PcKgIDYNCj4gICAgID4+ICtESVNUVkVSU0lPTj3CoCDCoDIuMy4yMS4xDQo+ICAgICA+PsKg
IMKgQ0FURUdPUklFUz3CoCDCoCBtYWlsDQo+ICAgICA+PsKgIMKgTUFTVEVSX1NJVEVTPSBo
dHRwczovL2RvdmVjb3Qub3JnL3JlbGVhc2VzLzIuMy8NCj4gICAgID4+DQo+ICAgICA+PiBA
QCAtMjcsNyArMjYsNiBAQCBVU0VTPcKgIMKgIMKgIMKgIMKgY3BlIGljb252IGxpYnRvb2wg
cGtnY29uZmlnIHNzbA0KPiAgICAgPj7CoCDCoFVTRV9SQ19TVUJSPcKgIMKgZG92ZWNvdA0K
PiAgICAgPj4NCj4gICAgID4+wqAgwqBHTlVfQ09ORklHVVJFPSB5ZXMNCj4gICAgID4+IC1H
TlVfQ09ORklHVVJFX01BTlBSRUZJWD3CoCDCoCDCoCDCoCR7UFJFRklYfS9zaGFyZQ0KPiAg
ICAgPj7CoCDCoENPTkZJR1VSRV9BUkdTPcKgIMKgIMKgIMKgIC0tbG9jYWxzdGF0ZWRpcj0v
dmFyIFwNCj4gICAgID4+wqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgLS13aXRoLWRvY3Mg
XA0KPiAgICAgPj7CoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCAtLXdpdGgtc3NsPW9wZW5z
c2wgXA0KPiAgICAgPj4gZGlmZiAtLWdpdCBhL21haWwvZG92ZWNvdC9kaXN0aW5mbyBiL21h
aWwvZG92ZWNvdC9kaXN0aW5mbw0KPiAgICAgPj4gaW5kZXggZTllNGM2ODNlNDZjLi45N2Y3
N2I3OGE0MjcgMTAwNjQ0DQo+ICAgICA+PiAtLS0gYS9tYWlsL2RvdmVjb3QvZGlzdGluZm8N
Cj4gICAgID4+ICsrKyBiL21haWwvZG92ZWNvdC9kaXN0aW5mbw0KPiAgICAgPj4gQEAgLTEs
MyArMSwzIEBADQo+ICAgICA+PiAtVElNRVNUQU1QID0gMTY5NTEzMzI2NA0KPiAgICAgPj4g
LVNIQTI1NiAoZG92ZWNvdC0yLjMuMjEudGFyLmd6KSA9DQo+ICAgICAwNWIxMTA5M2E3MWMy
MzdjMmVmMzA5YWQ1ODc1MTA3MjFjYzkzYmJlZTY4MjgyNTE1NDlmYzE1ODZjMzY1MDJkDQo+
ICAgICA+PiAtU0laRSAoZG92ZWNvdC0yLjMuMjEudGFyLmd6KSA9IDc4MzcyNDINCj4gICAg
ID4+ICtUSU1FU1RBTVAgPSAxNzIzODI5NzMyDQo+ICAgICA+PiArU0hBMjU2IChkb3ZlY290
LTIuMy4yMS4xLnRhci5neikgPQ0KPiAgICAgMmQ5MGExNzhjNDI5NzYxMTA4OGJmN2RhYWU1
NDkyYTNiYzNkNWFiNjMyOGMzYTAzMmViNDI1ZDJjMjQ5MDk3ZQ0KPiAgICAgPj4gK1NJWkUg
KGRvdmVjb3QtMi4zLjIxLjEudGFyLmd6KSA9IDc4NDIwNDQNCj4NCj4NCj4gICAgIC0tIA0K
PiAgICAgQmVzdCByZWdhcmRzLA0KPiAgICAgVmxhZGltaXIgRHJ1emVua28NCj4NCg0KLS0g
DQpCZXN0IHJlZ2FyZHMsDQpWbGFkaW1pciBEcnV6ZW5rbw0KDQo=
--------------1P33U1C77Ovr6KRss6WUrSsD
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
</head>
<body>
<div class=3D"moz-cite-prefix">17.08.2024 01:03, Kevin Bowling =D0=BF=
=D0=B8=D1=88=D0=B5=D1=82:<br>
</div>
<blockquote type=3D"cite"
cite=3D"mid:CAK7dMtDpKJjLYheA77QY_5TKG2uEsLWtcGwSz+qp4+NYuwDqNg@mail.gmai=
l.com">
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3DU=
TF-8">
<div>On Fri, Aug 16, 2024 at 2:57=E2=80=AFPM Vladimir Druzenko <=
<a
href=3D"mailto:vvd@freebsd.org" moz-do-not-send=3D"true"
class=3D"moz-txt-link-freetext">vvd@freebsd.org</a>> wrote:
<div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote"
style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style=
:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">16.08.2024
22:03, Kevin Bowling =D0=BF=D0=B8=D1=88=D0=B5=D1=82:<br>
> CVEs should come with an update to
security/vuxml/vuln/2024.xml<br>
<br>
I don't know how to do this correctly.<br>
</blockquote>
<div dir=3D"auto"><br>
</div>
<div dir=3D"auto">You should seek help or abstain from doing
security updates then.=C2=A0 It is just an xml file that you
update, the wiki=C2=A0<a href=3D"https://wiki.freebsd.org/VuX=
ML"
moz-do-not-send=3D"true" class=3D"moz-txt-link-freetext">ht=
tps://wiki.freebsd.org/VuXML</a><br>
=C2=A0and the link inside to the PHB have all necessary
instructions.</div>
<div dir=3D"auto"><br>
</div>
</div>
</div>
</blockquote>
<p>I wouldn't do that, but ler@ (maintainer) is in hospital and
asked to update his port.<br>
Also, I use dovecot so I can test it in real work before
committing, which I did.<br>
<br>
If you can and are willing to help, then just help. Just like we
all help with updating ports from maintainers without commit bits
or fixing broken ports builds.</p>
<p>Peace.</p>
<blockquote type=3D"cite"
cite=3D"mid:CAK7dMtDpKJjLYheA77QY_5TKG2uEsLWtcGwSz+qp4+NYuwDqNg@mail.gmai=
l.com">
<div>
<div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote"
style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style=
:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><br>
> On Fri, Aug 16, 2024 at 11:36=E2=80=AFAM Vladimir Druzen=
ko <<a
href=3D"mailto:vvd@freebsd.org" target=3D"_blank"
moz-do-not-send=3D"true" class=3D"moz-txt-link-freetext">vv=
d@freebsd.org</a>>
wrote:<br>
>> The branch main has been updated by vvd:<br>
>><br>
>> URL: <a
href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D72dd8d2ee6760ed9a0f22=
fb2c2e750d5875518d4"
rel=3D"noreferrer" target=3D"_blank" moz-do-not-send=3D"tru=
e">https://cgit.FreeBSD.org/ports/commit/?id=3D72dd8d2ee6760ed9a0f22fb2c2=
e750d5875518d4</a><br>
>><br>
>> commit 72dd8d2ee6760ed9a0f22fb2c2e750d5875518d4<br>
>> Author:=C2=A0 =C2=A0 =C2=A0Vladimir Druzenko
<a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:vvd@FreeBSD=
=2Eorg"><vvd@FreeBSD.org></a><br>
>> AuthorDate: 2024-08-16 18:31:04 +0000<br>
>> Commit:=C2=A0 =C2=A0 =C2=A0Vladimir Druzenko
<a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:vvd@FreeBSD=
=2Eorg"><vvd@FreeBSD.org></a><br>
>> CommitDate: 2024-08-16 18:31:04 +0000<br>
>><br>
>>=C2=A0 =C2=A0 =C2=A0 mail/dovecot: update 2.3.21 =E2=86=
=92 2.3.21.1 (fixes
2 CVEs)<br>
>><br>
>>=C2=A0 =C2=A0 =C2=A0 - CVE-2024-23184: A large number=
of address
headers in email resulted<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 in excessive CPU usage.<b=
r>
>>=C2=A0 =C2=A0 =C2=A0 - CVE-2024-23185: Abnormally lar=
ge email
headers are now truncated or<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 discarded, with a limit o=
f 10MB on a single
header and 50MB for all<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 the headers of all the pa=
rts of an email.<br>
>>=C2=A0 =C2=A0 =C2=A0 - oauth2: Dovecot would send cli=
ent_id and
client_secret as POST parameters<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 to introspection server. =
These need to be
optionally in Basic auth<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 instead as required by OI=
DC specification.<br>
>>=C2=A0 =C2=A0 =C2=A0 - oauth2: JWT key type check was=
too strict.<br>
>>=C2=A0 =C2=A0 =C2=A0 - oauth2: JWT token audience was=
not validated
against client_id as<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 required by OIDC specific=
ation.<br>
>>=C2=A0 =C2=A0 =C2=A0 - oauth2: XOAUTH2 and OAUTHBEARE=
R mechanisms
were not giving out<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 protocol specific error m=
essage on all
errors. This broke OIDC discovery.<br>
>>=C2=A0 =C2=A0 =C2=A0 - oauth2: JWT aud validation was=
not performed
if aud was missing<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 from token, but was confi=
gured on Dovecot.<br>
>>=C2=A0 =C2=A0 =C2=A0 <a
href=3D"https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot=
=2Eorg/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/"
rel=3D"noreferrer" target=3D"_blank" moz-do-not-send=3D"tru=
e"
class=3D"moz-txt-link-freetext">https://dovecot.org/mailman=
3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL=
736PSYHP5/</a><br>
>><br>
>>=C2=A0 =C2=A0 =C2=A0 PR:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0280866<br>
>>=C2=A0 =C2=A0 =C2=A0 Approved by:=C2=A0 =C2=A0 ler (m=
aintainer)<br>
>>=C2=A0 =C2=A0 =C2=A0 MFH:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 2024Q3<br>
>> ---<br>
>>=C2=A0 =C2=A0mail/dovecot/Makefile | 4 +---<br>
>>=C2=A0 =C2=A0mail/dovecot/distinfo | 6 +++---<br>
>>=C2=A0 =C2=A02 files changed, 4 insertions(+), 6 dele=
tions(-)<br>
>><br>
>> diff --git a/mail/dovecot/Makefile
b/mail/dovecot/Makefile<br>
>> index c789da0a2294..44f42b27f94f 100644<br>
>> --- a/mail/dovecot/Makefile<br>
>> +++ b/mail/dovecot/Makefile<br>
>> @@ -9,8 +9,7 @@<br>
>>=C2=A0
=C2=A0#######################################################=
###############<br>
>><br>
>>=C2=A0 =C2=A0PORTNAME=3D=C2=A0 =C2=A0 =C2=A0 dovecot<=
br>
>> -PORTVERSION=3D=C2=A0 =C2=A02.3.21<br>
>> -PORTREVISION=3D=C2=A0 6<br>
>> +DISTVERSION=3D=C2=A0 =C2=A02.3.21.1<br>
>>=C2=A0 =C2=A0CATEGORIES=3D=C2=A0 =C2=A0 mail<br>
>>=C2=A0 =C2=A0MASTER_SITES=3D=C2=A0 <a
href=3D"https://dovecot.org/releases/2.3/" rel=3D"noreferre=
r"
target=3D"_blank" moz-do-not-send=3D"true"
class=3D"moz-txt-link-freetext">https://dovecot.org/release=
s/2.3/</a><br>
>><br>
>> @@ -27,7 +26,6 @@ USES=3D=C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0cpe iconv libtool
pkgconfig ssl<br>
>>=C2=A0 =C2=A0USE_RC_SUBR=3D=C2=A0 =C2=A0dovecot<br>
>><br>
>>=C2=A0 =C2=A0GNU_CONFIGURE=3D yes<br>
>> -GNU_CONFIGURE_MANPREFIX=3D=C2=A0 =C2=A0 =C2=A0 =C2=A0=
${PREFIX}/share<br>
>>=C2=A0 =C2=A0CONFIGURE_ARGS=3D=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 --localstatedir=3D/var \<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 --with-docs \<br>
>>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 --with-ssl=3Dopenssl \<br>
>> diff --git a/mail/dovecot/distinfo
b/mail/dovecot/distinfo<br>
>> index e9e4c683e46c..97f77b78a427 100644<br>
>> --- a/mail/dovecot/distinfo<br>
>> +++ b/mail/dovecot/distinfo<br>
>> @@ -1,3 +1,3 @@<br>
>> -TIMESTAMP =3D 1695133264<br>
>> -SHA256 (dovecot-2.3.21.tar.gz) =3D
05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c365=
02d<br>
>> -SIZE (dovecot-2.3.21.tar.gz) =3D 7837242<br>
>> +TIMESTAMP =3D 1723829732<br>
>> +SHA256 (dovecot-2.3.21.1.tar.gz) =3D
2d90a178c4297611088bf7daae5492a3bc3d5ab6328c3a032eb425d2c2490=
97e<br>
>> +SIZE (dovecot-2.3.21.1.tar.gz) =3D 7842044<br>
<br>
<br>
-- <br>
Best regards,<br>
Vladimir Druzenko<br>
<br>
</blockquote>
</div>
</div>
</blockquote>
<p><br>
</p>
<pre class=3D"moz-signature" cols=3D"72">--=20
Best regards,
Vladimir Druzenko</pre>
</body>
</html>
--------------1P33U1C77Ovr6KRss6WUrSsD--
--------------LONJWmpCWqzi49EAi0s0BDdf
Content-Type: application/pgp-keys; name="OpenPGP_0x8006FAABBF942F73.asc"
Content-Disposition: attachment; filename="OpenPGP_0x8006FAABBF942F73.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEZEmcEhYJKwYBBAHaRw8BAQdAzzVRU/u5Oe4kUEFSvaiRoAPwsXMi4uBnfKqF
TOIxjaDNI1ZsYWRpbWlyIERydXplbmtvIDx2dmRAZnJlZWJzZC5vcmc+wo8EExYI
ADcWIQQJVt5Qnq2dfk5hjMKABvqrv5QvcwUCZEmcEgUJBaOagAIbAwQLCQgHBRUI
CQoLBRYCAwEAAAoJEIAG+qu/lC9z/qcBALviJppCfpN8fLj5HfnQ75ARS/RvOL+b
PHB422uv9PFOAP982mg4uqoYr1BvSVqmrtB7/oxkqReIeieBIkyBTM97As44BGRJ
nBMSCisGAQQBl1UBBQEBB0D41GJgPsXUyWQckRf725z8CsGADMjlIpJbVhWUQLi4
fwMBCAfCfgQYFggAJhYhBAlW3lCerZ1+TmGMwoAG+qu/lC9zBQJkSZwTBQkFo5qA
AhsMAAoJEIAG+qu/lC9z4bgA/jGNXk0cGGKii1lXk55Gwh2EQhC4pLxQe/36TZiR
29IBAP40fSUJOJ41IS0d8k6d5DQ0E9BJuRf+1S5AzsAUz0rmBQ=3D=3D
=3Dx+2b
-----END PGP PUBLIC KEY BLOCK-----
--------------LONJWmpCWqzi49EAi0s0BDdf--
--------------KA5DVnYPQoR1fTl21UFvFt8O--
--------------Teuv0lammVk4eexxWmDMRHnx
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQQJVt5Qnq2dfk5hjMKABvqrv5QvcwUCZr/p3QUDAAAAAAAKCRCABvqrv5Qvc2Vv
AQCwNnWJJK4L6W41CROAkxmg0W6EhAxvFSKudZ3BRB0LtwD9FqrdjdQW/Ju3hc4GdKh8NFBaMtmG
MZypqUrx5xWyoAU=
=xI0F
-----END PGP SIGNATURE-----
--------------Teuv0lammVk4eexxWmDMRHnx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46cd3411-017c-4efa-8f75-e1e3acecce09>