Pullup ticket 1585 - requested by ghen

security update for dovecot

Revisions pulled up:
- pkgsrc/mail/dovecot/Makefile			1.47, 1.48, 1.49, 1.51
- pkgsrc/mail/dovecot/PLIST			1.9, 1.10
- pkgsrc/mail/dovecot/distinfo			1.26, 1.27, 1.28, 1.29
- pkgsrc/mail/dovecot/patches/patch-aa		1.6
- pkgsrc/mail/dovecot/patches/patch-ab		1.12
- pkgsrc/mail/dovecot/patches/patch-ac		removed
- pkgsrc/mail/dovecot/patches/patch-ad		removed
- pkgsrc/mail/dovecot/patches/patch-ae		removed

   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Tue Apr  4 09:38:46 UTC 2006

   Modified Files:
   	pkgsrc/mail/dovecot: Makefile PLIST distinfo
   	pkgsrc/mail/dovecot/patches: patch-aa patch-ab
   Removed Files:
   	pkgsrc/mail/dovecot/patches: patch-ac patch-ad patch-ae

   Log Message:
   Update Dovecot from 1.0beta3 to 1.0beta5.  The beta4 release had SSL issues
   which were fixed again in beta5.

   patch-ac and patch-ad were taken from CVS and are not needed anymore.

   Changes in Dovecot 1.0beta4:
   	* Changed the default lock_method back to fcntl. Apparently flock
   	  gives problems with some systems.
   	* mbox: mailboxes beginning with '.' are now also listed
   	* Replaced mail_use_modules and mail_modules settings with mail_plugins
   	  and mail_plugin_dir. Now instead of loading all plugins from the
   	  directory, you'll have to give a list of plugins to load. If the
   	  plugin couldn't be loaded, the process exits instead of just
   	  ignoring the problem (this is important with ACL plugin).

   	+ Added support for "master users" who can log in as other people.
   	  The master username can be given either in authorization ID
   	  string with SASL PLAIN mechanism or by setting
   	  auth_master_user_separator and giving it within the normal username
   	  string.
   	+ Added ACL plugin with ACL file backend. This however doesn't mean
   	  that there yet exists a proper shared folder support. If master user
   	  logged in as someone else, the ACLs are checked as the master user.
   	+ Added some Dovecot extensions to checkpassword passdb, see ChangeLog
   	+ Updated passwd-file format to allow specifying any key=value fields
   	+ Maildir++ quota support and several quota fixes
   	+ passdb supporting extra fields: Added "allow_nets" option which takes
   	  a comma separated list of IPs/networks where to allow user to log in.
   	+ NFS: Handle ESTALE errors the best way we can
   	+ IMAP now writes to log when client disconnects
   	+ In shared mailboxes (if dovecot-shared file exists) \Seen flags are
   	  now kept only in index files, so as long as each user has a separate
   	  index file they have separate \Seen flags.
   	- Fixes to DIGEST-MD5 realm handling so it works with more clients
   	- BODYSTRUCTURE -> BODY conversion from cache file was broken with
   	  mails containing message/rfc822 parts.
   	- Fixed several memory leaks
   	- We could have sent client FETCH notifications about messages before
   	  telling about them with EXISTS
   	- Compiling fixes for Solaris and some other OSes
   	- Fixed problem with internal timeout handling code, which caused eg.
   	  outlook-idle workaround to break.
   	- If /dev/urandom didn't exist, we didn't seed OpenSSL's random number
   	  generator properly. Patch by Vilmos Nebehaj.
   	- Maildir: Recent flags weren't always immediately removed from mails
   	  when mailbox was opened.
   	- Several changes to SSL proxying code, hopefully making it work
   	  better.

   Changes in Dovecot 1.0beta5:
   	- Beta4's SSL proxying rewrite worked worse than I thought.
   	  Reverted it back to original code.
   	- Filesystem quota plugin now looks up the mount path correctly.
---
   Module Name:		pkgsrc
   Committed By:	xtraeme
   Date:		Wed Apr 12 18:19:16 UTC 2006

   Modified Files:
   	pkgsrc/mail/dovecot: Makefile distinfo

   Log Message:
   Update to 1.0beta6:

   v1.0.beta6 2006-04-12

           * The login and master usernames were reversed when using
             master_user_separator (now the order is UW-IMAP compatible).
           * Killing dovecot master process now kills all IMAP and POP3
             processes also.

           + -a parameter to dovecot prints now all settings that Dovecot uses.
             -n prints all settings that are different from defaults.
           + Added pop3_lock_session setting
           + %M modifier returns string's MD5 sum. Patch by Ben Winslow
           - PLAIN SASL authentication wasn't working properly, causing failed
             logins with some clients (broken in beta4)
           - Fixes to Maildir++ quota, should actually work now
           - Don't crash if passwd-file has entries without passwords
             (eg. deny=yes databases)
           - Fixed prefetch userdb to work nicely with other userdbs
           - If master process runs out of file descriptors, don't go to
             infinite loop (unlikely to have happened unless the OS's default
             fd limit was too low)
           - Fixed non-plaintext password lookups from LDAP. Patch by Lior Okman
           - %U modifier was actually lowercasing the string. Patch by
   	  Ben Winslow
---
   Module Name:		pkgsrc
   Committed By:	ghen
   Date:		Fri Apr 14 19:01:53 UTC 2006

   Modified Files:
   	pkgsrc/mail/dovecot: Makefile distinfo

   Log Message:
   Update dovecot to 1.0beta7:

   + Added shutdown_clients setting to control if existing imap/pop3 processes
     should be killed when master is.
   - Master login fixes, PLAIN authentication was still broken..
---
   Module Name:		pkgsrc
   Committed By:	grant
   Date:		Fri May 12 11:02:48 UTC 2006

   Modified Files:
   	pkgsrc/mail/dovecot: Makefile distinfo

   Log Message:
   update dovecot to 1.0beta8.

   changes since 1.0beta7:

           * Fixed a security hole with mbox: "1 LIST .. *" command could
             list all directories and files under the mbox root directory, so
             if your mails were stored in eg. /var/mail/%u/ directory, the
             command would list everything under /var/mail.
           + Unless nfs_check=no or mmap_disable=yes, check for the first login
             if the user's index directory exists in NFS mount. If so, refuse to
             run. This is done only on first login to avoid constant extra
             overhead.
           + If we have plugins set and imap_capability unset, figure out the
             IMAP capabilities automatically by running imap binary at startup.
             The generated capability list isn't updated until Dovecot is
             restarted completely, so if you add or remove IMAP plugins you
             should restart. If you have problems related to this, set
             imap_capabilities setting manually to work around it.
           + Added auth_username_format setting
           - pop3_lock_session setting wasn't really working
           - Lots of fixes related to quota handling. It's still not working
             perfectly though.
           - Lots of index handling fixes, especially with mmap_disable=yes
           - Maildir: saving mails could have sometimes caused "Append with UID
             n, but next_uid = m" errors
           - flock() locking never timeouted because ignoring SIGALRM caused the
             system call just to be restarted when SIGALRM occurred (probably not
             with all OSes though?)
           - kqueue: Fixed "Unrecognized event". Patch by Vaclav Haisman
---
   Module Name:		pkgsrc
   Committed By:	jwise
   Date:		Fri May 12 15:47:39 UTC 2006

   Modified Files:
   	pkgsrc/mail/dovecot: PLIST

   Log Message:
   Fix missing file (lib/dovecot/pop3/lib01_quota_plugin.so) in PLIST.

8 files changed, 41 insertions, 118 deletions

diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile
index a134f07d5c8..b88ee302e41 100644
--- a/mail/dovecot/Makefile
+++ b/mail/dovecot/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.46 2006/02/10 12:20:55 tv Exp $
+# $NetBSD: Makefile,v 1.46.2.1 2006/05/15 16:08:41 salo Exp $
 
-DISTNAME=		dovecot-1.0.beta3
+DISTNAME=		dovecot-1.0.beta8
 PKGNAME=		${DISTNAME:S/.beta/beta/}
-PKGREVISION=		1
 CATEGORIES=		mail
 MASTER_SITES=		http://www.dovecot.org/releases/
 
diff --git a/mail/dovecot/PLIST b/mail/dovecot/PLIST
index 11b6a170ea1..5cb7bc5fb25 100644
--- a/mail/dovecot/PLIST
+++ b/mail/dovecot/PLIST
@@ -1,16 +1,20 @@
-@comment $NetBSD: PLIST,v 1.8 2006/02/08 13:43:49 ghen Exp $
+@comment $NetBSD: PLIST,v 1.8.2.1 2006/05/15 16:08:41 salo Exp $
+lib/dovecot/imap/lib01_acl_plugin.so
 lib/dovecot/imap/lib01_convert_plugin.so
 lib/dovecot/imap/lib01_quota_plugin.so
 lib/dovecot/imap/lib01_zlib_plugin.la
 lib/dovecot/imap/lib02_imap_quota_plugin.la
 lib/dovecot/imap/lib02_trash_plugin.so
+lib/dovecot/lda/lib01_acl_plugin.so
 lib/dovecot/lda/lib01_convert_plugin.so
 lib/dovecot/lda/lib01_quota_plugin.so
 lib/dovecot/lda/lib02_trash_plugin.so
+lib/dovecot/lib01_acl_plugin.la
 lib/dovecot/lib01_convert_plugin.la
 lib/dovecot/lib01_quota_plugin.la
 lib/dovecot/lib02_trash_plugin.la
 lib/dovecot/pop3/lib01_convert_plugin.so
+lib/dovecot/pop3/lib01_quota_plugin.so
 libexec/dovecot/checkpassword-reply
 libexec/dovecot/dict
 libexec/dovecot/dovecot-auth
diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo
index 50d4e202df1..93c89f22a7d 100644
--- a/mail/dovecot/distinfo
+++ b/mail/dovecot/distinfo
@@ -1,10 +1,7 @@
-$NetBSD: distinfo,v 1.25 2006/03/13 09:35:27 ghen Exp $
+$NetBSD: distinfo,v 1.25.2.1 2006/05/15 16:08:41 salo Exp $
 
-SHA1 (dovecot-1.0.beta3.tar.gz) = a5d1fc471c88b96e0ef9d7296b25450a1d7a1419
-RMD160 (dovecot-1.0.beta3.tar.gz) = 180e694ee78b73e69995096e1598cca427f6c87d
-Size (dovecot-1.0.beta3.tar.gz) = 1360574 bytes
-SHA1 (patch-aa) = be37d7ed741930e683028e6ea626aa1d312a328e
-SHA1 (patch-ab) = 4fc3888eb96692e82364295e3aae75f48a042982
-SHA1 (patch-ac) = 27de0de32111e351cd547cb5a9847a15e4c991a0
-SHA1 (patch-ad) = c390d007c60b80a6456c42f3512afdea76e5e03c
-SHA1 (patch-ae) = b34743e2276eff0c1fc37e0fd622fdd598c0bca3
+SHA1 (dovecot-1.0.beta8.tar.gz) = fedd38c29a2bc396df386636ed5d8b65ecab0ff6
+RMD160 (dovecot-1.0.beta8.tar.gz) = 101a7011467691ba5f4a6f48e21d6d1dc5626c16
+Size (dovecot-1.0.beta8.tar.gz) = 1392106 bytes
+SHA1 (patch-aa) = b2d48d991cb57f1ae99617d26a5d9f30fcdc4700
+SHA1 (patch-ab) = a674cc1cb195e31f7c8cd1cd2735c69e3562fca7
diff --git a/mail/dovecot/patches/patch-aa b/mail/dovecot/patches/patch-aa
index af042b31a89..8b2b22db542 100644
--- a/mail/dovecot/patches/patch-aa
+++ b/mail/dovecot/patches/patch-aa
@@ -1,13 +1,13 @@
-$NetBSD: patch-aa,v 1.5 2006/02/06 15:54:37 ghen Exp $
+$NetBSD: patch-aa,v 1.5.2.1 2006/05/15 16:08:41 salo Exp $
 
---- Makefile.in.orig	2006-01-31 11:12:20.000000000 +0100
+--- Makefile.in.orig	2006-03-15 10:47:59.000000000 +0100
 +++ Makefile.in
-@@ -212,7 +212,7 @@ SUBDIRS = \
+@@ -214,7 +214,7 @@ SUBDIRS = \
  	$(DOCS)
  
  confdir = $(sysconfdir)
 -conf_DATA = dovecot-example.conf
 +conf_DATA = 
  EXTRA_DIST = \
- 	dovecot.spec \
- 	dovecot.spec.in \
+ 	COPYING.LGPL \
+ 	COPYING.MIT \
diff --git a/mail/dovecot/patches/patch-ab b/mail/dovecot/patches/patch-ab
index 353f2f4368f..d008d9cec26 100644
--- a/mail/dovecot/patches/patch-ab
+++ b/mail/dovecot/patches/patch-ab
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.11 2006/03/13 09:35:27 ghen Exp $
+$NetBSD: patch-ab,v 1.11.2.1 2006/05/15 16:08:41 salo Exp $
 
---- dovecot-example.conf.orig	2006-02-06 16:39:00.000000000 +0100
+--- dovecot-example.conf.orig	2006-03-15 10:47:59.000000000 +0100
 +++ dovecot-example.conf
-@@ -5,17 +5,14 @@
+@@ -7,17 +7,14 @@
  # value inside quotes, eg.: key = "# char and trailing whitespace  "
  
  # Default values are shown after each value, it's not required to uncomment
@@ -22,7 +22,7 @@ $NetBSD: patch-ab,v 1.11 2006/03/13 09:35:27 ghen Exp $
  
  # IP or host address where to listen in for connections. It's not currently
  # possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
-@@ -31,7 +28,7 @@
+@@ -43,7 +40,7 @@
  #ssl_listen =
  
  # Disable SSL/TLS support.
@@ -31,7 +31,7 @@ $NetBSD: patch-ab,v 1.11 2006/03/13 09:35:27 ghen Exp $
  
  # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
  # dropping root privileges, so keep the key file unreadable by anyone but
-@@ -420,19 +417,19 @@
+@@ -432,19 +429,19 @@
  
  protocol imap {
    # Login executable location.
@@ -55,16 +55,16 @@ $NetBSD: patch-ab,v 1.11 2006/03/13 09:35:27 ghen Exp $
  
    # Maximum IMAP command line length in bytes. Some clients generate very long
    # command lines with huge mailboxes, so you may need to raise this if you get
-@@ -441,7 +438,7 @@ protocol imap {
- 
-   # Support for dynamically loadable modules.
-   #mail_use_modules = no
--  #mail_modules = /usr/lib/dovecot/imap
-+  #mail_modules = @PREFIX@/lib/dovecot/imap
+@@ -454,7 +451,7 @@ protocol imap {
+   # Support for dynamically loadable plugins. mail_plugins is a space separated
+   # list of plugins to load.
+   #mail_plugins = 
+-  #mail_plugin_dir = /usr/lib/dovecot/imap
++  #mail_plugin_dir = @PREFIX@/lib/dovecot/imap
  
    # Send IMAP capabilities in greeting message. This makes it unnecessary for
    # clients to request it with CAPABILITY command, so it saves one round-trip.
-@@ -481,10 +478,10 @@ protocol imap {
+@@ -494,10 +491,10 @@ protocol imap {
  
  protocol pop3 {
    # Login executable location.
@@ -77,16 +77,16 @@ $NetBSD: patch-ab,v 1.11 2006/03/13 09:35:27 ghen Exp $
  
    # Don't try to set mails non-recent or seen with POP3 sessions. This is
    # mostly intended to reduce disk I/O. With maildir it doesn't move files
-@@ -535,7 +532,7 @@ protocol pop3 {
- 
-   # Support for dynamically loadable modules.
-   #mail_use_modules = no
--  #mail_modules = /usr/lib/dovecot/pop3
-+  #mail_modules = @PREFIX@/lib/dovecot/pop3
+@@ -549,7 +546,7 @@ protocol pop3 {
+   # Support for dynamically loadable plugins. mail_plugins is a space separated
+   # list of plugins to load.
+   #mail_plugins = 
+-  #mail_plugin_dir = /usr/lib/dovecot/pop3
++  #mail_plugin_dir = @PREFIX@/lib/dovecot/pop3
  
    # Workarounds for various client bugs:
    #   outlook-no-nuls:
-@@ -553,7 +550,7 @@ protocol pop3 {
+@@ -567,7 +564,7 @@ protocol pop3 {
  ##
  
  # Executable location
@@ -95,16 +95,16 @@ $NetBSD: patch-ab,v 1.11 2006/03/13 09:35:27 ghen Exp $
  
  # Set max. process size in megabytes.
  #auth_process_size = 256
-@@ -642,7 +639,7 @@ auth default {
-   # Note that PAM can only be used to verify if user's password is correct,
-   # so it can't be used as userdb. If you don't want to use a separate user
+@@ -664,7 +661,7 @@ auth default {
    # database (passwd usually), you can use static userdb.
+   # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
+   # authentication to actually work.
 -  passdb pam {
 +  #passdb pam {
      # [session=yes] [cache_key=<key>] [<service name>]
      #
      # session=yes makes Dovecot open and immediately close PAM session. Some
-@@ -666,13 +663,13 @@ auth default {
+@@ -688,13 +685,13 @@ auth default {
      #   args = session=yes *
      #   args = cache_key=%u dovecot
      #args = dovecot
diff --git a/mail/dovecot/patches/patch-ac b/mail/dovecot/patches/patch-ac
deleted file mode 100644
index 154b1d57329..00000000000
--- a/mail/dovecot/patches/patch-ac
+++ /dev/null
@@ -1,41 +0,0 @@
-$NetBSD: patch-ac,v 1.3 2006/02/12 02:47:32 grant Exp $
-
---- configure.orig	2006-02-08 21:13:57.000000000 +1100
-+++ configure
-@@ -27710,7 +27710,7 @@ pkg_failed=no
- echo "$as_me:$LINENO: checking for SSL" >&5
- echo $ECHO_N "checking for SSL... $ECHO_C" >&6
- 
--if test -n "$PKG_CONFIG"; then
-+#if test -n "$PKG_CONFIG"; then
-     if test -n "$SSL_CFLAGS"; then
-         pkg_cv_SSL_CFLAGS="$SSL_CFLAGS"
-     else
-@@ -27725,10 +27725,10 @@ else
-   pkg_failed=yes
- fi
-     fi
--else
--	pkg_failed=untried
--fi
--if test -n "$PKG_CONFIG"; then
-+#else
-+#	pkg_failed=untried
-+#fi
-+#if test -n "$PKG_CONFIG"; then
-     if test -n "$SSL_LIBS"; then
-         pkg_cv_SSL_LIBS="$SSL_LIBS"
-     else
-@@ -27743,9 +27743,9 @@ else
-   pkg_failed=yes
- fi
-     fi
--else
--	pkg_failed=untried
--fi
-+#else
-+#	pkg_failed=untried
-+#fi
- 
- 
- 
diff --git a/mail/dovecot/patches/patch-ad b/mail/dovecot/patches/patch-ad
deleted file mode 100644
index 91b4bf8d10a..00000000000
--- a/mail/dovecot/patches/patch-ad
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD: patch-ad,v 1.3 2006/02/12 02:47:32 grant Exp $
-
---- src/lib-sql/Makefile.in.orig	2006-02-08 21:13:53.000000000 +1100
-+++ src/lib-sql/Makefile.in
-@@ -470,12 +470,16 @@ sql-drivers-register.c: Makefile
- 	echo '/* this file automatically generated by Makefile */' >$@
- 	echo '#include "lib.h"' >>$@
- 	echo '#include "sql-api.h"' >>$@
--	for i in $(sql_drivers) ; do \
-+	for i in $(sql_drivers) null; do \
-+	  if [ "$${i}" != "null" ]; then \
- 		echo "extern struct sql_db driver_$${i}_db;" >>$@ ; \
-+	  fi \
- 	done
- 	echo 'void sql_drivers_register_all(void) {' >>$@
--	for i in $(sql_drivers) ; do \
-+	for i in $(sql_drivers) null; do \
-+	  if [ "$${i}" != "null" ]; then \
- 		echo "sql_driver_register(&driver_$${i}_db);" >>$@ ; \
-+	  fi \
- 	done
- 	echo '}' >>$@
- 
diff --git a/mail/dovecot/patches/patch-ae b/mail/dovecot/patches/patch-ae
deleted file mode 100644
index 45e56192f7c..00000000000
--- a/mail/dovecot/patches/patch-ae
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2006/02/12 19:13:49 markd Exp $
-
---- src/auth/mech-gssapi.c.orig	2006-01-10 15:46:10.000000000 +1300
-+++ src/auth/mech-gssapi.c
-@@ -138,7 +138,7 @@ static OM_uint32 obtain_service_credenti
- 		return major_status;
- 	}
- 
--	gss_release_name(&minor_status, gss_principal);
-+	gss_release_name(&minor_status, &gss_principal);
- 
- 	return major_status;
- }