CVS commit: pkgsrc/mail/dovecot

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/dovecot
From: Geert Hendrickx <ghen%netbsd.org@localhost>
Date: Sun, 9 Mar 2008 11:58:17 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   ghen
Date:           Sun Mar  9 11:58:17 UTC 2008

Modified Files:
        pkgsrc/mail/dovecot: Makefile distinfo

Log Message:
Update to Dovecot 1.0.13.

Note that the changes for the security hole fix were quite large. I tested with
several auth configurations myself and they seemed to work, but it's possible I
left a bug somewhere in there breaking someone's configuration. So make sure to
test that it works after upgrading.

Of course it would be really nice if Dovecot had a proper test suite where
testing all configurations could be automated and run before each release. I've
already started this with my imaptest tool (http://imapwiki.org/ImapTest), but
it only does IMAP tests and a lot of things are still missing. Some help would
be nice here.

        * Fixed a security hole in blocking passdbs (MySQL always. PAM, passwd
          and shadow if blocking=yes) where user could specify extra fields
          in the password. The main problem here is when specifying
          "skip_password_check" introduced in v1.0.11 for fixing master user
          logins, allowing the user to log in as anyone without a valid
          password.

        - mail_privileged_group was broken in some systems (OS X, Solaris?)
        - IMAP THREAD: Fixed some correctness problems


To generate a diff of this commit:
cvs rdiff -r1.114 -r1.115 pkgsrc/mail/dovecot/Makefile
cvs rdiff -r1.79 -r1.80 pkgsrc/mail/dovecot/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/devel/m17n-lib
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/devel/m17n-lib
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index