Now
pkgsrc-2013Q3 commitmail json YAML
pkgsrc/mail/dovecot2/Makefile@1.50.2.1
/
diff
pkgsrc/mail/dovecot2/PLIST@1.27.2.1 / diff
pkgsrc/mail/dovecot2/distinfo@1.38.2.1 / diff
pkgsrc/mail/dovecot2/PLIST@1.27.2.1 / diff
pkgsrc/mail/dovecot2/distinfo@1.38.2.1 / diff
Pullup ticket #4265 - requested by taca
mail/dovecot2: security update
Revisions pulled up:
- mail/dovecot2/Makefile 1.51,1.53 via patch
- mail/dovecot2/PLIST 1.28-1.29
- mail/dovecot2/distinfo 1.39-1.40
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Oct 8 13:52:47 UTC 2013
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.2.6:
* acl: If public/shared namespace has a shared subscriptions file for
all users, don't list subscription entries that are not visible to
the user accessing it.
+ doveadm: Added "auth lookup" command for doing passdb lookup.
+ login_log_format_elements: Added %{orig_user}, %{orig_username}
and %{orig_domain} expanding to the username exactly as sent by
the client (before any changes auth process made).
+ Added ssl_prefer_server_ciphers setting.
+ auth_verbose_passwords: Log the password also for unknown users.
+ Linux: Added optional support for SO_REUSEPORT with
inet_listener { reuse_port=yes }
- director: v2.2.5 changes caused "SYNC lost" errors
- dsync: Many fixes and error handling improvements
- doveadm -A: Don't waste CPU by doing a separate config lookup
for each user
- Long-running ssl-params process no longer prevents Dovecot restart
- mbox: Fixed mailbox_list_index=yes to work correctly
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Nov 6 14:20:58 UTC 2013
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.2.7:
* Some usage of passdb checkpassword could have been exploitable by
local users. You may need to modify your setup to keep it working.
See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
+ auth: Added ability to truncate values logged by
auth_verbose_passwords (see 10-logging.conf comment)
+ mdbox: Added "mdbox_deleted" storage, which can be used to access
messages with refcount=0. For example: doveadm import
mdbox_deleted:~/mdbox "" mailbox inbox subject oops
+ ssl-params: Added ssl_dh_parameters_length setting.
- master process was doing a hostname.domain lookup for each created
process, which may have caused a lot of unnecessary DNS lookups.
- dsync: Syncing over 100 messages at once caused problems in some
situations, causing messages to get new UIDs.
- fts-solr: Different Solr hosts for different users didn't work.
mail/dovecot2: security update
Revisions pulled up:
- mail/dovecot2/Makefile 1.51,1.53 via patch
- mail/dovecot2/PLIST 1.28-1.29
- mail/dovecot2/distinfo 1.39-1.40
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Oct 8 13:52:47 UTC 2013
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.2.6:
* acl: If public/shared namespace has a shared subscriptions file for
all users, don't list subscription entries that are not visible to
the user accessing it.
+ doveadm: Added "auth lookup" command for doing passdb lookup.
+ login_log_format_elements: Added %{orig_user}, %{orig_username}
and %{orig_domain} expanding to the username exactly as sent by
the client (before any changes auth process made).
+ Added ssl_prefer_server_ciphers setting.
+ auth_verbose_passwords: Log the password also for unknown users.
+ Linux: Added optional support for SO_REUSEPORT with
inet_listener { reuse_port=yes }
- director: v2.2.5 changes caused "SYNC lost" errors
- dsync: Many fixes and error handling improvements
- doveadm -A: Don't waste CPU by doing a separate config lookup
for each user
- Long-running ssl-params process no longer prevents Dovecot restart
- mbox: Fixed mailbox_list_index=yes to work correctly
---
Module Name: pkgsrc
Committed By: adam
Date: Wed Nov 6 14:20:58 UTC 2013
Modified Files:
pkgsrc/mail/dovecot2: Makefile PLIST distinfo
Log Message:
Changes 2.2.7:
* Some usage of passdb checkpassword could have been exploitable by
local users. You may need to modify your setup to keep it working.
See http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security
+ auth: Added ability to truncate values logged by
auth_verbose_passwords (see 10-logging.conf comment)
+ mdbox: Added "mdbox_deleted" storage, which can be used to access
messages with refcount=0. For example: doveadm import
mdbox_deleted:~/mdbox "" mailbox inbox subject oops
+ ssl-params: Added ssl_dh_parameters_length setting.
- master process was doing a hostname.domain lookup for each created
process, which may have caused a lot of unnecessary DNS lookups.
- dsync: Syncing over 100 messages at once caused problems in some
situations, causing messages to get new UIDs.
- fts-solr: Different Solr hosts for different users didn't work.