Subject: CVS commit: [pkgsrc-2018Q4] pkgsrc/mail
From: Benny Siegert
Date: 2019-02-18 15:50:56
Message id: 20190218145056.52245FB16@cvs.NetBSD.org
Log Message:
Pullup ticket #5915 - requested by taca
mail-dovecot2: security fix

Revisions pulled up:
- mail/dovecot2-sqlite/Makefile                                 1.17
- mail/dovecot2/Makefile.common                                 1.24
- mail/dovecot2/distinfo                                        1.88

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb  6 01:41:28 UTC 2019

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common distinfo

   Log Message:
   mail/dovecot2: update to 2.3.4.1

   v2.3.4.1 2019-02-05  Aki Tuomi <aki.tuomi@open-xchange.com>

   	* CVE-2019-3814: If imap/pop3/managesieve/submission client has
   	  trusted certificate with missing username field
   	  (ssl_cert_username_field), under some configurations Dovecot
   	  mistakenly trusts the username provided via authentication instead
   	  of failing.
   	* ssl_cert_username_field setting was ignored with external SMTP AUTH,
   	  because none of the MTAs (Postfix, Exim) currently send the
   	  cert_username field. This may have allowed users with trusted
   	  certificate to specify any username in the authentication. This bug
   	  didn't affect Dovecot's Submission service.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb  6 01:42:16 UTC 2019

   Modified Files:
   	pkgsrc/mail/dovecot2-sqlite: Makefile

   Log Message:
   mail/dovecot2-sqlite: reset PKGREVISION

   Reset PKGREVISION with update to 2.3.4.1.
Files:
RevisionActionfile
1.23.2.1modifypkgsrc/mail/dovecot2/Makefile.common
1.87.2.1modifypkgsrc/mail/dovecot2/distinfo
1.16.2.1modifypkgsrc/mail/dovecot2-sqlite/Makefile