mail/dovecot: upgrade to 2.3.4.1

* CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. * ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field. This may have allowed users with trusted certificate to specify any username in the authentication. This bug didn't affect Dovecot's Submission service. PR: 235523 Submitted by: pascal.christen@hostpoint.ch MFH: 2019Q1 Security: 1340fcc1-2953-11e9-bc44-a4badb296695 Security: CVE-2019-3814
svn path=/head/; revision=492245
2025-07-18 17:59:20 -04:00 · 2019-02-05 14:50:38 +00:00 · 2019-02-05 14:50:38 +00:00 · a434efa6bf · 2021-03-31 03:12:20 +00:00
commit a434efa6bf
parent 8d7524fee3
2 changed files with 4 additions and 5 deletions
--- a/mail/dovecot/Makefile
+++ b/mail/dovecot/Makefile
@ -7,8 +7,7 @@
 ######################################################################

 PORTNAME=	dovecot
-PORTVERSION=	2.3.4
-PORTREVISION=	5
+PORTVERSION=	2.3.4.1
 CATEGORIES=	mail ipv6
 MASTER_SITES=	https://www.dovecot.org/releases/2.3/

--- a/mail/dovecot/distinfo
+++ b/mail/dovecot/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1542984255
-SHA256 (dovecot-2.3.4.tar.gz) = d91b76eff8df6185c1799f1b279f780105bdeeea27e3286b42f4cab18efbef05
-SIZE (dovecot-2.3.4.tar.gz) = 6924178
+TIMESTAMP = 1549377600
+SHA256 (dovecot-2.3.4.1.tar.gz) = b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07
+SIZE (dovecot-2.3.4.1.tar.gz) = 6925073