Subject: CVS commit: [pkgsrc-2013Q3] pkgsrc/mail/dovecot2
From: Matthias Scheler
Date: 2013-12-08 12:27:57
Message id: 20131208112757.15A7196@cvs.netbsd.org

Log Message:
Pullup ticket #4265 - requested by taca
mail/dovecot2: security update

Revisions pulled up:
- mail/dovecot2/Makefile                                1.51,1.53 via patch
- mail/dovecot2/PLIST                                   1.28-1.29
- mail/dovecot2/distinfo                                1.39-1.40

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Oct  8 13:52:47 UTC 2013

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile PLIST distinfo

   Log Message:
   Changes 2.2.6:
   * acl: If public/shared namespace has a shared subscriptions file for
     all users, don't list subscription entries that are not visible to
     the user accessing it.
   + doveadm: Added "auth lookup" command for doing passdb lookup.
   + login_log_format_elements: Added %{orig_user}, %{orig_username}
     and %{orig_domain} expanding to the username exactly as sent by
     the client (before any changes auth process made).
   + Added ssl_prefer_server_ciphers setting.
   + auth_verbose_passwords: Log the password also for unknown users.
   + Linux: Added optional support for SO_REUSEPORT with
     inet_listener { reuse_port=yes }
   - director: v2.2.5 changes caused "SYNC lost" errors
   - dsync: Many fixes and error handling improvements
   - doveadm -A: Don't waste CPU by doing a separate config lookup
     for each user
   - Long-running ssl-params process no longer prevents Dovecot restart
   - mbox: Fixed mailbox_list_index=yes to work correctly

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed Nov  6 14:20:58 UTC 2013

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile PLIST distinfo

   Log Message:
   Changes 2.2.7:
   * Some usage of passdb checkpassword could have been exploitable by
     local users. You may need to modify your setup to keep it working.
     See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
   + auth: Added ability to truncate values logged by
     auth_verbose_passwords (see 10-logging.conf comment)
   + mdbox: Added "mdbox_deleted" storage, which can be used to access
     messages with refcount=0. For example: doveadm import
     mdbox_deleted:~/mdbox "" mailbox inbox subject oops
   + ssl-params: Added ssl_dh_parameters_length setting.
   - master process was doing a hostname.domain lookup for each created
     process, which may have caused a lot of unnecessary DNS lookups.
   - dsync: Syncing over 100 messages at once caused problems in some
     situations, causing messages to get new UIDs.
   - fts-solr: Different Solr hosts for different users didn't work.

Files:
RevisionActionfile
1.50.2.1modifypkgsrc/mail/dovecot2/Makefile
1.27.2.1modifypkgsrc/mail/dovecot2/PLIST
1.38.2.1modifypkgsrc/mail/dovecot2/distinfo