The NetBSD Project

CVS log for pkgsrc/mail/dovecot2-sqlite/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / mail / dovecot2-sqlite

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.34 / (download) - annotate - [select for diffs], Wed Nov 8 13:19:55 2023 UTC (3 months, 3 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, HEAD
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

*: recursive bump for icu 74.1

Revision 1.33 / (download) - annotate - [select for diffs], Wed Apr 19 08:10:40 2023 UTC (10 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)

revbump after textproc/icu update

Revision 1.32 / (download) - annotate - [select for diffs], Sun Jan 1 15:43:42 2023 UTC (14 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1
Changes since 1.31: +1 -2 lines
Diff to previous 1.31 (colored)

dovecot2: updated to 2.3.20

v2.3.20

+ Add dsync_features=no-header-hashes. When this setting is enabled and
  one dsync side doesn't support mail GUIDs (i.e. imapc), there is no
  fallback to using header hashes. Instead, dsync assumes that all mails
  with identical IMAP UIDs contains the same mail contents. This can
  significantly improve dsync performance with some IMAP servers that
  don't support caching Date/Message-ID headers.
+ lua: HTTP client has more settings now, see
  https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client
+ replicator: "doveadm replicator status" command now outputs when the
  next sync is expected for the user.
- LAYOUT=index: duplicate GUIDs were not cleaned out. Also the list
  recovery was not optimal.
- auth: Assert crash would occur when iterating multiple userdb
  backends.
- director: Logging into director using master user with
  auth_master_user_separator character redirected user to a wrong
  backend, unless master_user_separator setting was also set to the same
  value. Merged these into auth_master_user_separator.
- dsync: Couldn't always fix folder GUID conflicts automatically with
  Maildir format. This resulted in replication repeatedly failing
  with "Remote lost mailbox GUID".
- dsync: Failed to migrate INBOX when using namespace prefix=INBOX/,
  resulting in "Remote lost mailbox GUID" errors.
- dsync: INBOX was created too early with namespace prefix=INBOX/,
  resulting a GUID conflict. This may have been resolved automatically,
  but not always.
- dsync: v2.3.18 regression: Wrong imapc password with dsync caused
  Panic: file lib-event.c: line 506 (event_pop_global):
  assertion failed: (event == current_global_event)
- imapc: Requesting STATUS for a mailbox with imapc and INDEXPVT
  configured did not return correct (private) unseen counts.
- lib-dict: Process would crash when committing data to redis without
  dict proxy.
- lib-mail: Corrupted cached BODYSTRUCTURE caused panic during FETCH.
  Fixes: Panic: file message-part-data.c: line 579 (message_part_is_attachment):
  assertion failed: (data != NULL). v2.3.13 regression.
- lib-storage: mail_attribute_dict with dict-sql failed when it tried to
  lookup empty dict keys.
- lib: ioloop-kqueue was missing include breaking some BSD builds.
- lua-http: Dovecot Lua HTTP client could not resolve DNS names in mail
  processes, because it expected "dns-client" socket to exist in the
  current directory.
- oauth2: Using %{oauth2:name} variables could cause useless
  introspections.
- pop3: Sending POP3 command with ':' character caused an assert-crash.
  v2.3.18 regression.
- replicator: Replication queue had various issues, potentially causing
  replication requests to become stuck.
- stats: Invalid Prometheus label names were created with specific

v0.5.20 of Pigeonhole
* No changes - release done to keep version numbers synced.

Revision 1.31 / (download) - annotate - [select for diffs], Wed Nov 23 16:20:32 2022 UTC (15 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)

massive revision bump after textproc/icu update

Revision 1.30 / (download) - annotate - [select for diffs], Wed May 11 09:26:57 2022 UTC (21 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.29: +1 -2 lines
Diff to previous 1.29 (colored)

dovecot2: updated to 2.3.19

v2.3.19

+ Added mail_user_session_finished event, which is emitted when the mail
  user session is finished (e.g. imap, pop3, lmtp). It also includes
  fields with some process statistics information.
  See https://doc.dovecot.org/admin_manual/list_of_events/ for more
  information.
+ Added process_shutdown_filter setting. When an event matches the filter,
  the process will be shutdown after the current connection(s) have
  finished. This is intended to reduce memory usage of long-running imap
  processes that keep a lot of memory allocated instead of freeing it to
  the OS.
+ auth: Add cache hit indicator to auth passdb/userdb finished events.
  See https://doc.dovecot.org/admin_manual/list_of_events/ for more
  information.
+ doveadm deduplicate: Performance is improved significantly.
+ imapc: COPY commands were sent one mail at a time to the remote IMAP
  server. Now the copying is buffered, so multiple mails can be copied
  with a single COPY command.
+ lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
  https://doc.dovecot.org/admin_manual/lua/ for more information.
- auth: Cache lookup would use incorrect cache key after username change.
- auth: Improve handling unexpected LDAP connection errors/hangs.
  Try to fix up these cases by reconnecting to the LDAP server and
  aborting LDAP requests earlier.
- auth: Process crashed if userdb iteration was attempted while auth-workers
  were already full handling auth requests.
- auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
  introspection requests.
- dict: Timeouts may have been leaked at deinit.
- director: Ring may have become unstable if a backend's tag was changed.
  It could also have caused director process to crash.
- doveadm kick: Numeric parameter was treated as IP address.
- doveadm: Proxying can panic when flushing print output. Fixes
  Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
  (ioloop == current_ioloop).
- doveadm sync: BROKENCHAR was wrongly changed to '_' character when
  migrating mailboxes. This was set by default to %, so any mailbox
  names containing % characters were modified to "_25".
- imapc: Copying or moving mails with doveadm to an imapc mailbox could
  have produced "Error: Syncing mailbox '[...]' failed" Errors. The
  operation itself succeeded but attempting to sync the destination
  mailbox failed.
- imapc: Prevent index log synchronization errors when two or more imapc
  sessions are adding messages to the same mailbox index files, i.e.
  INDEX=MEMORY is not used.
- indexer: Process was slowly leaking memory for each indexing request.
- lib-fts: fts header filters caused binary content to be sent to the
  indexer with non-default configuration.
- doveadm-server: Process could hang in some situations when printing
  output to TCP client, e.g. when printing doveadm sync state.
- lib-index: dovecot.index.log files were often read and parsed entirely,
  rather than only the parts that were actually necessary. This mainly
  increased CPU usage.
- lmtp-proxy: Session ID forwarding would cause same session IDs being
  used when delivering same mail to multiple backends.
- log: Log prefix update may have been lost if log process was busy.
  This could have caused log prefixes to be empty or in some cases
  reused between sessions, i.e. log lines could have been logged for the
  wrong user/session.
- mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
  Panic: Module context mail_crypt_user_module missing.
- mail_crypt: When LMTP was delivering mails to both recipients with mail
  encryption enabled and not enabled, the non-encrypted recipients may
  have gotten mails encrypted anyway. This happened when the first
  recipient was encrypted (mail_crypt_save_version=2) and the 2nd
  recipient was not encrypted (mail_crypt_save_version=0).
- pop3: Session would crash if empty line was sent.
- stats: HTTP server leaked memory.
- submission-login: Long credentials, such as OAUTH2 tokens, were refused
  during SASL interactive due to submission server applying line length
  limits.
- submission-login: When proxying to remote host, authentication was not
  using interactive SASL when logging in using long credentials such as
  OAUTH2 tokens. This caused authentication to fail due to line length
  constraints in SMTP protocol.
- submission: Terminating the client connection with QUIT command after
  mail transaction is started with MAIL command and before it is
  finished with DATA/BDAT can cause a segfault crash.
- virtual: doveadm search queries with mailbox-guid as the only parameter
  crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records):
  assertion failed: (result != 0)

Revision 1.29 / (download) - annotate - [select for diffs], Mon Apr 18 19:11:33 2022 UTC (22 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

revbump for textproc/icu update

Revision 1.28 / (download) - annotate - [select for diffs], Wed Dec 8 16:05:27 2021 UTC (2 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.27: +2 -1 lines
Diff to previous 1.27 (colored)

revbump for icu and libffi

Revision 1.27 / (download) - annotate - [select for diffs], Mon Jun 21 15:32:33 2021 UTC (2 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.26: +1 -2 lines
Diff to previous 1.26 (colored)

mail/dovecot: update to 2.3.15

Security release.

v2.3.15 2021-06-21  Aki Tuomi <aki.tuomi@open-xchange.com>

* CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
  JWT tokens. This may be used to supply attacker controlled keys to
  validate tokens, if attacker has local access.
* CVE-2021-33515: On-path attacker could have injected plaintext commands
  before STARTTLS negotiation that would be executed after STARTTLS
  finished with the client.
* Disconnection log messages are now more standardized across services.
  They also always now start with "Disconnected" prefix.
* Dovecot now depends on libsystemd for systemd integration.
* Removed support for Lua 5.2. Use version 5.1 or 5.3 instead.
* config: Some settings are now marked as "hidden". It's discouraged to
  change these settings. They will no longer be visible in doveconf
  output, except if they have been changed or if doveconf -s parameter
  is used. See https://doc.dovecot.org/settings/advanced/ for details.
* imap-compress: Compression level is now algorithm specific.
  See https://doc.dovecot.org/settings/plugin/compress-plugin/
* indexer-worker: Convert "Indexed" info logs to an event named
  "indexer_worker_indexing_finished". See
  https://doc.dovecot.org/admin_manual/list_of_events/#indexer-worker-indexing-finished
+ Add TSLv1.3 support to min_protocols.
+ Allow configuring ssl_cipher_suites. (for TLSv1.3+)
+ acl: Add acl_ignore_namespace setting which allows to entirely ignore
  ACLs for the listed namespaces.
+ imap: Support official RFC8970 preview/snippet syntax. Old methods of
  retrieving preview information via IMAP commands ("SNIPPET and PREVIEW
  with explicit algorithm selection") have been deprecated.
+ imapc: Support INDEXPVT for imapc storage to enable private
  message flags for cluster wide shared mailboxes.
+ lib-storage: Add new events: mail_opened, mail_expunge_requested,
  mail_expunged, mail_cache_lookup_finished. See
  https://doc.dovecot.org/admin_manual/list_of_events/#mail
+ zlib, imap-compression, fs-compress: Support compression levels that
  the algorithm supports. Before, we would allow hardcoded value between
  1 to 9 and would default to 6. Now we allow using per-algorithm value
  range and default to whatever default the algorithm specifies.
- *-login: Commands pipelined together with and just after the authenticate
  command cause these commands to be executed twice. This applies to all
  protocols that involve user login, which currently comprises of imap,
  pop3, submisision and managesieve.
- *-login: Processes are supposed to disconnect the oldest non-logged in
  connection when process_limit was reached. This didn't actually happen
  with the default "high-security mode" (with service_count=1) where each
  connection is handled by a separate process.
- *-login: When login process reaches client/process limits, oldest
  client connections are disconnected. If one of these was still doing
  anvil lookup, this caused a crash. This could happen only if the login
  process limits were very low or if the server was overloaded.
- Fixed building with link time optimizations (-flto).
- auth: Userdb iteration with passwd driver does not always return all
  users with some nss drivers.
- dsync: Shared INBOX not synced when "mail_shared_explicit_inbox" was
  disabled. If a user has a shared mailbox which is another user's INBOX,
  dsync didn't include the mailbox in syncing unless explicit naming is
  enabled with "mail_shared_explicit_inbox" set to "yes".
- dsync: Shared namespaces were not synced with "-n" flag.
- dsync: Syncing shared INBOX failed if mail_attribute_dict was not set.
  If a user has a shared mailbox that is another user's INBOX, dsync
  failed to export the mailbox if mail attributes are disabled.
- fts-solr, fts-tika: Using both Solr FTS and Tika may have caused HTTP
  requests to assert-crash: Panic: file http-client-request.c: line 1232
  (http_client_request_send_more): assertion failed: (req->payload_input != NULL)
- fts-tika: 5xx errors returned by Tika server as indexing failures.
  However, Tika can return 5xx for some attachments every time.
  So the 5xx error should be retried once, but treated as success if it
  happens on the retry as well. v2.3 regression.
- fts-tika: v2.3.11 regression: Indexing messages with fts-tika may have
  resulted in Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts):
  assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
- imap: SETMETADATA could not be used to unset metadata values.
  Instead NIL was handled as a "NIL" string. v2.3.14 regression.
- imap: IMAP BINARY FETCH crashes at least on empty base64 body:
  Panic: file index-mail-binary.c: line 358 (blocks_count_lines):
  assertion failed: (block_count == 0 || block_idx+1 == block_count)
- imap: If IMAP client using the NOTIFY command was disconnected while
  sending FETCH notifications to the client, imap could crash with
  Panic: Trying to close mailbox INBOX with open transactions.
- imap: Using IMAP COMPRESS extension can cause IMAP connection to hang
  when IMAP commands are >8 kB long.
- imapc: If remote server sent BYE but didn't immediately disconnect, it
  could cause infinite busy-loop.
- lib-index: Corrupted cache record size in dovecot.index.cache file
  could have caused a crash (segfault) when accessing it.
- lib-oauth2: JWT token time validation now works correctly with
  32-bit systems.
- lib-ssl-iostream: Checking hostnames against an SSL certificate was
  case-sensitive.
- lib-storage: Corrupted mime.parts in dovecot.index.cache may have
  resulted in Panic: file imap-bodystructure.c: line 206 (part_write_body):
  assertion failed: (text == ((part->flags & MESSAGE_PART_FLAG_TEXT) != 0))
- lib-storage: Index rebuilding (e.g. via doveadm force-resync) didn't
  preserve the "hdr-pop3-uidl" header. Because of this, the next pop3
  session could have accessed all of the emails' metadata to read their
  POP3 UIDL (opening dbox files).
- listescape: When using the listescape plugin and a shared namespace
  the plugin didn't work properly anymore resulting in errors like:
  "Invalid mailbox name: Name must not have '/' character."
- lmtp: Connection crashes if connection gets disconnected due to
  multiple bad commands and the last bad command is BDAT.
- lmtp: The Dovecot-specific LMTP parameter XRCPTFORWARD was blindly
  forwarded by LMTP proxy without checking that the backend has support.
  This caused a command parameter error from the backend if it was
  running an older Dovecot release. This could only occur in more complex
  setups where the message was proxied twice; when the proxy generated
  the XRCPTFORWARD parameter itself the problem did not occur, so this
  only happened when it was forwarded.
- lmtp: The LMTP proxy crashes with a panic when the remote server
  replies with an error while the mail is still being forwarded through
  a DATA/BDAT command.
- lmtp: Username may have been missing from lmtp log line prefixes when
  it was performing autoexpunging.
- master: Dovecot would incorrectly fail with haproxy 2.0.14 service
  checks.
- master: Systemd service: Dovecot announces readiness for accepting
  connections earlier than it should. The following environment variables
  are now imported automatically and can be omitted from
  import_environment setting: NOTIFY_SOCKET LISTEN_FDS LISTEN_PID.
- master: service { process_min_avail } was launching processes too
  slowly when master was forking a lot of processes.
- util: Make the health-check.sh example script POSIX shell compatible.

Revision 1.26 / (download) - annotate - [select for diffs], Wed Apr 21 11:42:08 2021 UTC (2 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)

revbump for textproc/icu

Revision 1.24.2.1 / (download) - annotate - [select for diffs], Mon Jan 4 17:34:04 2021 UTC (3 years, 1 month ago) by bsiegert
Branch: pkgsrc-2020Q4
Changes since 1.24: +1 -2 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)

Pullup ticket #6391 - requested by taca
mail/dovecot2: security fix

Revisions pulled up:
- mail/dovecot2-gssapi/Makefile                                 1.7
- mail/dovecot2-sqlite/Makefile                                 1.25
- mail/dovecot2/Makefile                                        1.106
- mail/dovecot2/Makefile.common                                 1.42
- mail/dovecot2/PLIST                                           1.71
- mail/dovecot2/buildlink3.mk                                   1.36
- mail/dovecot2/distinfo                                        1.107
- mail/dovecot2/patches/patch-src_auth_mech-gssapi.c            deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Jan  4 14:57:19 UTC 2021

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile Makefile.common PLIST buildlink3.mk
   	    distinfo
   	pkgsrc/mail/dovecot2-gssapi: Makefile
   	pkgsrc/mail/dovecot2-sqlite: Makefile
   Removed Files:
   	pkgsrc/mail/dovecot2/patches: patch-src_auth_mech-gssapi.c

   Log Message:
   mail/dovecot2: update to 2.3.13

   Update mail/dovecot2 pacakge to 2.3.13, including security fixes.

   v2.3.13 2021-01-04	Aki Tuomi <aki.tuomi@open-xchange.com>

   	* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
   	  allow logged in user to access other people's emails and filesystem
   	  information.
   	* Metric filter and global event filter variable syntax changed to a
   	  SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/
   	* auth: Added new aliases for %{variables}. Usage of the old ones is
   	  possible, but discouraged.
   	* auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
   	  mechanism and related password schemes.
   	* auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
   	* auth: Removed postfix postmap socket
   	+ auth: Added new fields for auth server events. These fields are now
   	  also available for all auth events. See
   	  https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server
   	  for details.
   	+ imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
   	  and imap_client_unhibernate_retried events. See
   	  https://doc.dovecot.org/admin_manual/list_of_events/ for details.
   	+ lib-index: Added new mail_index_recreated event. See
   	  https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
   	+ lib-sql: Support TLS options for cassandra driver. This requires
   	  cpp-driver v2.15 (or later) to work reliably.
   	+ lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
   	  added to existing mails if mail_attachment_detection_option=add-flags
   	  and it can be done inexpensively.
   	+ login proxy: Added login_proxy_max_reconnects setting (default 3) to
   	  control how many reconnections are attempted.
   	+ login proxy: imap/pop3/submission/managesieve proxying now supports
   	  reconnection retrying on more than just connect() failure. Any error
   	  except a non-temporary authentication failure will result in reconnect
   	  attempts.
   	- auth: Lua passdb/userdb leaks stack elements per call, eventually
   	  causing the stack to become too deep and crashing the auth or
   	  auth-worker process.
   	- auth: SASL authentication PLAIN mechanism could be used to trigger
   	  read buffer overflow. However, this doesn't seem to be exploitable in
   	  any way.
   	- auth: v2.3.11 regression: GSSAPI authentication fails because dovecot
   	  disallows NUL bytes for it.
   	- dict: Process used too much CPU when iterating keys, because each key
   	  used a separate write() syscall.
   	- doveadm-server: Crash could occur if logging was done outside command
   	  handling. For example http-client could have done debug logging
   	  afterwards, resulting in either segfault or
   	  Panic: file http-client.c: line 642 (http_client_context_close):
   	  assertion failed: (cctx->clients_list == NULL).
   	- doveadm-server: v2.3.11 regression: Trying to connect to doveadm server
   	  process via starttls assert-crashed if there were no ssl=yes listeners:
   	  Panic: file master-service-ssl.c: line 22 (master_service_ssl_init):
   	  assertion failed: (service->ssl_ctx_initialized).
   	- fts-solr: HTTP requests may have assert-crashed:
   	  Panic: file http-client-request.c: line 1232 (http_client_request_send_more):
   	  assertion failed: (req->payload_input != NULL)
   	- imap: IMAP NOTIFY could crash with a segmentation fault due to a bad
   	  configuration that causes errors. Sending the error responses to the
   	  client can cause the segmentation fault. This can for example happen
   	  when several namespaces use the same mail storage location.
   	- imap: IMAP NOTIFY used on a shared namespace that doesn't actually
   	  exist (e.g. public namespace for a nonexistent user) can crash with a panic:
   	  Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0
   	- imap: IMAP session can crash with QRESYNC extension if many changes
   	  are done before asking for expunged mails since last sync.
   	- imap: Process might hang indefinitely if client disconnects after
   	  sending some long-running commands pipelined, for example FETCH+LOGOUT.
   	- lib-compress: Mitigate crashes when configuring a not compiled in
   	  compression. Errors with compression configuration now distinguish
   	  between not supported and unknown.
   	- lib-compression: Using xz/lzma compression in v2.3.11 could have
   	  written truncated output in some situations. This would result in
   	  "Broken pipe" read errors when trying to read it back.
   	- lib-compression: zstd compression could have crashed in some situations:
   	  Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking)
   	- lib-dict: dict client could have crashed in some rare situations when
   	  iterating keys.
   	- lib-http: Fix several assert-crashes in HTTP client.
   	- lib-index: v2.3.11 regression: When mails were expunged at the same
   	  time as lots of new content was being saved to the cache (e.g. cache
   	  file was lost and is being re-filled) a deadlock could occur with
   	  dovecot.index.cache / dovecot.index.log.
   	- lib-index: v2.3.11 regression: dovecot.index.cache file was being
   	  purged (rewritten) too often when it had a field that hadn't been
   	  accessed for over 1 month, but less than 2 months. Every cache file
   	  change caused a purging in this situation.
   	- lib-mail: MIME parts were not returned correctly by Dovecot MIME parser.
   	  Regression caused by fixing CVE-2020-12100.
   	- lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
   	  was written in a way that may have caused confusion for both IMAP
   	  clients and Dovecot itself when parsing it. The truncated part is now
   	  written out using application/octet-stream MIME type.
   	- lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the
   	  10000th MIME part was message/rfc822 (or if parent was multipart/digest):
   	  Panic: file message-parser.c: line 167 (message_part_append):
   	  assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts).
   	- lib-oauth2: Dovecot incorrectly required oauth2 server introspection
   	  reply to contain username with invalid token.
   	- lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has
   	  deprecated APIs disabled.
   	- lib-storage: When mail's size is different from the cached one (in
   	  dovecot.index.cache or Maildir S=size in the filename), this is
   	  handled by logging "Cached message size smaller/larger than expected"
   	  error. However, in some situations this also ended up crashing with:
   	  Panic: file istream.c: line 315 (i_stream_read_memarea):
   	  assertion failed: (old_size <= _stream->pos - _stream->skip).
   	- lib-storage: v2.3 regression: Copying/moving mails was taking much more
   	  memory than before. This was mainly visible when copying/moving
   	  thousands of mails in a single transaction.
   	- lib-storage: v2.3.11 regression: Searching messages assert-crashed
   	  (without FTS): Panic: file message-parser.c: line 174 (message_part_finish):
   	  assertion failed: (ctx->nested_parts_count > 0).
   	- lib: Dovecot v2.3 moved signal handlers around in ioloops,
   	  causing more CPU usage than in v2.2.
   	- lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted
   	  in error if it happened to be at read boundary. Any NUL characters and
   	  '\u0000' will now result in parsing error instead of silently
   	  truncating the data.
   	- lmtp, submission: Server may hang if SSL client connection disconnects
   	  during the delivery. If this happened repeated, it could have ended
   	  up reaching process_limit and preventing any further lmtp/submission
   	  deliveries.
   	- lmtp: Proxy does not always properly log TLS connection problems as
   	  errors; in some cases, only a debug message is logged if enabled.
   	- lmtp: The LMTP service can hang when commands are pipelined. This can
   	  particularly occur when one command in the middle of the pipeline fails.
   	  One example of this occurs for proxied LMTP transactions in which the
   	  final DATA or BDAT command is pipelined after a failing RCPT command.
   	- login-proxy: The login_source_ips setting has no effect, and therefore
   	  the proxy source IPs are not cycled through as they should be.
   	- master: Process was using 100% CPU in some situations when a broken
   	  service was being throttled.
   	- pop3-login: POP3 login would fail with "Input buffer full" if the
   	  initial response for SASL was too long.
   	- stats: Crash would occur when generating openmetrics data for metrics
   	  using aggregating functions.

Revision 1.25 / (download) - annotate - [select for diffs], Mon Jan 4 14:57:19 2021 UTC (3 years, 1 month ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.24: +1 -2 lines
Diff to previous 1.24 (colored)

mail/dovecot2: update to 2.3.13

Update mail/dovecot2 pacakge to 2.3.13, including security fixes.


v2.3.13 2021-01-04	Aki Tuomi <aki.tuomi@open-xchange.com>

	* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
	  allow logged in user to access other people's emails and filesystem
	  information.
	* Metric filter and global event filter variable syntax changed to a
	  SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/
	* auth: Added new aliases for %{variables}. Usage of the old ones is
	  possible, but discouraged.
	* auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
	  mechanism and related password schemes.
	* auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
	* auth: Removed postfix postmap socket
	+ auth: Added new fields for auth server events. These fields are now
	  also available for all auth events. See
	  https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server
	  for details.
	+ imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
	  and imap_client_unhibernate_retried events. See
	  https://doc.dovecot.org/admin_manual/list_of_events/ for details.
	+ lib-index: Added new mail_index_recreated event. See
	  https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
	+ lib-sql: Support TLS options for cassandra driver. This requires
	  cpp-driver v2.15 (or later) to work reliably.
	+ lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
	  added to existing mails if mail_attachment_detection_option=add-flags
	  and it can be done inexpensively.
	+ login proxy: Added login_proxy_max_reconnects setting (default 3) to
	  control how many reconnections are attempted.
	+ login proxy: imap/pop3/submission/managesieve proxying now supports
	  reconnection retrying on more than just connect() failure. Any error
	  except a non-temporary authentication failure will result in reconnect
	  attempts.
	- auth: Lua passdb/userdb leaks stack elements per call, eventually
	  causing the stack to become too deep and crashing the auth or
	  auth-worker process.
	- auth: SASL authentication PLAIN mechanism could be used to trigger
	  read buffer overflow. However, this doesn't seem to be exploitable in
	  any way.
	- auth: v2.3.11 regression: GSSAPI authentication fails because dovecot
	  disallows NUL bytes for it.
	- dict: Process used too much CPU when iterating keys, because each key
	  used a separate write() syscall.
	- doveadm-server: Crash could occur if logging was done outside command
	  handling. For example http-client could have done debug logging
	  afterwards, resulting in either segfault or
	  Panic: file http-client.c: line 642 (http_client_context_close):
	  assertion failed: (cctx->clients_list == NULL).
	- doveadm-server: v2.3.11 regression: Trying to connect to doveadm server
	  process via starttls assert-crashed if there were no ssl=yes listeners:
	  Panic: file master-service-ssl.c: line 22 (master_service_ssl_init):
	  assertion failed: (service->ssl_ctx_initialized).
	- fts-solr: HTTP requests may have assert-crashed:
	  Panic: file http-client-request.c: line 1232 (http_client_request_send_more):
	  assertion failed: (req->payload_input != NULL)
	- imap: IMAP NOTIFY could crash with a segmentation fault due to a bad
	  configuration that causes errors. Sending the error responses to the
	  client can cause the segmentation fault. This can for example happen
	  when several namespaces use the same mail storage location.
	- imap: IMAP NOTIFY used on a shared namespace that doesn't actually
	  exist (e.g. public namespace for a nonexistent user) can crash with a panic:
	  Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: Opened in (null):0
	- imap: IMAP session can crash with QRESYNC extension if many changes
	  are done before asking for expunged mails since last sync.
	- imap: Process might hang indefinitely if client disconnects after
	  sending some long-running commands pipelined, for example FETCH+LOGOUT.
	- lib-compress: Mitigate crashes when configuring a not compiled in
	  compression. Errors with compression configuration now distinguish
	  between not supported and unknown.
	- lib-compression: Using xz/lzma compression in v2.3.11 could have
	  written truncated output in some situations. This would result in
	  "Broken pipe" read errors when trying to read it back.
	- lib-compression: zstd compression could have crashed in some situations:
	  Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion failed: (!stream->blocking)
	- lib-dict: dict client could have crashed in some rare situations when
	  iterating keys.
	- lib-http: Fix several assert-crashes in HTTP client.
	- lib-index: v2.3.11 regression: When mails were expunged at the same
	  time as lots of new content was being saved to the cache (e.g. cache
	  file was lost and is being re-filled) a deadlock could occur with
	  dovecot.index.cache / dovecot.index.log.
	- lib-index: v2.3.11 regression: dovecot.index.cache file was being
	  purged (rewritten) too often when it had a field that hadn't been
	  accessed for over 1 month, but less than 2 months. Every cache file
	  change caused a purging in this situation.
	- lib-mail: MIME parts were not returned correctly by Dovecot MIME parser.
	  Regression caused by fixing CVE-2020-12100.
	- lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
	  was written in a way that may have caused confusion for both IMAP
	  clients and Dovecot itself when parsing it. The truncated part is now
	  written out using application/octet-stream MIME type.
	- lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the
	  10000th MIME part was message/rfc822 (or if parent was multipart/digest):
	  Panic: file message-parser.c: line 167 (message_part_append):
	  assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts).
	- lib-oauth2: Dovecot incorrectly required oauth2 server introspection
	  reply to contain username with invalid token.
	- lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has
	  deprecated APIs disabled.
	- lib-storage: When mail's size is different from the cached one (in
	  dovecot.index.cache or Maildir S=size in the filename), this is
	  handled by logging "Cached message size smaller/larger than expected"
	  error. However, in some situations this also ended up crashing with:
	  Panic: file istream.c: line 315 (i_stream_read_memarea):
	  assertion failed: (old_size <= _stream->pos - _stream->skip).
	- lib-storage: v2.3 regression: Copying/moving mails was taking much more
	  memory than before. This was mainly visible when copying/moving
	  thousands of mails in a single transaction.
	- lib-storage: v2.3.11 regression: Searching messages assert-crashed
	  (without FTS): Panic: file message-parser.c: line 174 (message_part_finish):
	  assertion failed: (ctx->nested_parts_count > 0).
	- lib: Dovecot v2.3 moved signal handlers around in ioloops,
	  causing more CPU usage than in v2.2.
	- lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted
	  in error if it happened to be at read boundary. Any NUL characters and
	  '\u0000' will now result in parsing error instead of silently
	  truncating the data.
	- lmtp, submission: Server may hang if SSL client connection disconnects
	  during the delivery. If this happened repeated, it could have ended
	  up reaching process_limit and preventing any further lmtp/submission
	  deliveries.
	- lmtp: Proxy does not always properly log TLS connection problems as
	  errors; in some cases, only a debug message is logged if enabled.
	- lmtp: The LMTP service can hang when commands are pipelined. This can
	  particularly occur when one command in the middle of the pipeline fails.
	  One example of this occurs for proxied LMTP transactions in which the
	  final DATA or BDAT command is pipelined after a failing RCPT command.
	- login-proxy: The login_source_ips setting has no effect, and therefore
	  the proxy source IPs are not cycled through as they should be.
	- master: Process was using 100% CPU in some situations when a broken
	  service was being throttled.
	- pop3-login: POP3 login would fail with "Input buffer full" if the
	  initial response for SASL was too long.
	- stats: Crash would occur when generating openmetrics data for metrics
	  using aggregating functions.

Revision 1.24 / (download) - annotate - [select for diffs], Thu Nov 5 09:08:35 2020 UTC (3 years, 3 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base
Branch point for: pkgsrc-2020Q4
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored)

*: Recursive revbump from textproc/icu-68.1

Revision 1.22.2.1 / (download) - annotate - [select for diffs], Mon Aug 24 19:03:13 2020 UTC (3 years, 6 months ago) by bsiegert
Branch: pkgsrc-2020Q2
Changes since 1.22: +1 -2 lines
Diff to previous 1.22 (colored) next main 1.23 (colored)

Pullup ticket #6303 - requested by taca
mail/dovecot2: security fix

Revisions pulled up:
- mail/dovecot2-sqlite/Makefile                                 1.23
- mail/dovecot2/Makefile.common                                 1.41
- mail/dovecot2/PLIST                                           1.70
- mail/dovecot2/buildlink3.mk                                   1.34
- mail/dovecot2/distinfo                                        1.105

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Aug 12 15:54:38 UTC 2020

   Modified Files:
           pkgsrc/mail/dovecot2: Makefile.common PLIST buildlink3.mk distinfo
           pkgsrc/mail/dovecot2-sqlite: Makefile

   Log Message:
   mail/dovocot2: update to 2.3.11.3

   Update dovecot2 and related packages to 2.3.11.3.

   v2.3.11.3 2020-07-29    Aki Tuomi <aki.tuomi@open-xchange.com>

           - pop3-login: Login didn't handle commands in multiple IP packets properly.
             This mainly affected large XCLIENT commands or a large SASL initial
             response parameter in the AUTH command.
           - pop3: pop3_deleted_flag setting was broken, causing:
             Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
             assertion failed: (range[count-1].seq2 <= max_seq)

   v2.3.11.2 2020-07-13    Aki Tuomi <aki.tuomi@open-xchange.com>

           - auth: Lua passdb/userdb leaks stack elements per call, eventually
             causing the stack to become too deep and crashing the auth or
             auth-worker process.
           - lib-mail: v2.3.11 regression: MIME parts not returned correctly by
             Dovecot MIME parser.
           - pop3-login: Login would fail with "Input buffer full" if the initial
             response for SASL was too long.

   v2.3.11 2020-06-17  Aki Tuomi <aki.tuomi@open-xchange.com>

           * CVE-2020-12100: Parsing mails with a large number of MIME parts could
             have resulted in excessive CPU usage or a crash due to running out of
             stack memory.
           * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
             message buffer size, which leads to reading past allocation which can
             lead to crash.
           * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
             zero-length message, which leads to assert-crash later on.
           * Events: Fix inconsistency in events. See event documentation in
             https://doc.dovecot.org.
           * imap_command_finished event's cmd_name field now contains "unknown"
             for unknown commands. A new "cmd_input_name" field contains the
             command name exactly as it was sent.
           * lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*.
             Note that these settings are mainly intended for testing and usually
             shouldn't be changed.
           * events: Renamed "index" event category to "mail-index".
           * events: service:<name> category is now using the name from
             configuration file.
           * dns-client: service dns_client was renamed to dns-client.
           * log: Prefixes generally use the service name from configuration file.
             For example dict-async service will now use
             "dict-async(pid): " log prefix instead of "dict(pid): "
           * *-login: Changed logging done by proxying to use a consistent prefix
             containing the IP address and port.
           * *-login: Changed disconnection log messages to be slightly clearer.
           + dict: Add events for dictionaries.
           + lib-index: Finish logging with events.
           + oauth2: Support local validation of JWT tokens.
           + stats: Add support for dynamic histograms and grouping. See
             https://doc.dovecot.org/configuration_manual/stats/.
           + imap: Implement RFC 8514: IMAP SAVEDATE
           + lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge
             folder) adds a lot of data to dovecot.index.cache file, commit those
             changes periodically to make them visible to other concurrent sessions
             as well.
           + stats: Add OpenMetrics exporter for statistics. See
             https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
           + stats: Support disabling stats-writer socket by setting
             stats_writer_socket_path="".
           - auth-worker: Process keeps slowly increasing its memory usage and
             eventually dies with "out of memory" due to reaching vsz_limit.
           - auth: Prevent potential timing attacks in authentication secret
             comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result.
           - auth: Several auth-mechanisms allowed input to be truncated by NUL
             which can potentially lead to unintentional issues or even successful
             logins which should have failed.
           - auth: When auth policy returned a delay, auth_request_finished event
             had policy_result=ok field instead of policy_result=delayed.
           - auth: auth process crash when auth_policy_server_url is set to an
             invalid URL.
           - dict-ldap: Crash occurs if var_expand template expansion fails.
           - dict: If dict client disconnected while iteration was still running,
             dict process could have started using 100% CPU, although it was still
             handling clients.
           - doveadm: Running doveadm commands via proxying may hang, especially
             when doveadm is printing a lot of output.
           - imap: "MOVE * destfolder" goes to a loop copying the last mail to the
             destination until the imap process dies due to running out of memory.
           - imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite
             loop.
           - imap: SEARCH doesn't support $.
           - lib-compress: Buffer over-read in zlib stream read.
           - lib-dns: If DNS lookup times out, lib-dns can cause crash in calling
             process.
           - lib-index: Fixed several bugs in dovecot.index.cache handling that
             could have caused cached data to be lost.
           - lib-index: Writing to >=1 GB dovecot.index.cache files may cause
             assert-crashes:
             Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset):
             assertion failed: (offset < 0x40000000)
           - lib-ssl-iostream: Fix buggy OpenSSL error handling without
             assert-crashing. If there is no error available, log it as an error
             instead of crashing:
             Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error):
             assertion failed: (errno != 0)
           - lib-ssl-iostream: ssl_key_password setting did not work.
           - submission: A segfault crash may occur when the client or server
             disconnects while a non-transaction command like NOOP or VRFY is still
             being processed.
           - virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes:
             Panic: file cmd-copy.c: line 152 (fetch_and_copy): assertion failed:
             (copy_ctx->copy_count == seq_range_count(&copy_ctx->saved_uids))

Revision 1.23 / (download) - annotate - [select for diffs], Wed Aug 12 15:54:38 2020 UTC (3 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.22: +1 -2 lines
Diff to previous 1.22 (colored)

mail/dovocot2: update to 2.3.11.3

Update dovecot2 and related packages to 2.3.11.3.

v2.3.11.3 2020-07-29	Aki Tuomi <aki.tuomi@open-xchange.com>

	- pop3-login: Login didn't handle commands in multiple IP packets properly.
	  This mainly affected large XCLIENT commands or a large SASL initial
	  response parameter in the AUTH command.
	- pop3: pop3_deleted_flag setting was broken, causing:
	  Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
	  assertion failed: (range[count-1].seq2 <= max_seq)

v2.3.11.2 2020-07-13	Aki Tuomi <aki.tuomi@open-xchange.com>

	- auth: Lua passdb/userdb leaks stack elements per call, eventually
	  causing the stack to become too deep and crashing the auth or
	  auth-worker process.
	- lib-mail: v2.3.11 regression: MIME parts not returned correctly by
	  Dovecot MIME parser.
	- pop3-login: Login would fail with "Input buffer full" if the initial
	  response for SASL was too long.

v2.3.11 2020-06-17  Aki Tuomi <aki.tuomi@open-xchange.com>

	* CVE-2020-12100: Parsing mails with a large number of MIME parts could
	  have resulted in excessive CPU usage or a crash due to running out of
	  stack memory.
	* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
	  message buffer size, which leads to reading past allocation which can
	  lead to crash.
	* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
	  zero-length message, which leads to assert-crash later on.
	* Events: Fix inconsistency in events. See event documentation in
	  https://doc.dovecot.org.
	* imap_command_finished event's cmd_name field now contains "unknown"
	  for unknown commands. A new "cmd_input_name" field contains the
	  command name exactly as it was sent.
	* lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*.
	  Note that these settings are mainly intended for testing and usually
	  shouldn't be changed.
	* events: Renamed "index" event category to "mail-index".
	* events: service:<name> category is now using the name from
	  configuration file.
	* dns-client: service dns_client was renamed to dns-client.
	* log: Prefixes generally use the service name from configuration file.
	  For example dict-async service will now use
	  "dict-async(pid): " log prefix instead of "dict(pid): "
	* *-login: Changed logging done by proxying to use a consistent prefix
	  containing the IP address and port.
	* *-login: Changed disconnection log messages to be slightly clearer.
	+ dict: Add events for dictionaries.
	+ lib-index: Finish logging with events.
	+ oauth2: Support local validation of JWT tokens.
	+ stats: Add support for dynamic histograms and grouping. See
	  https://doc.dovecot.org/configuration_manual/stats/.
	+ imap: Implement RFC 8514: IMAP SAVEDATE
	+ lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge
	  folder) adds a lot of data to dovecot.index.cache file, commit those
	  changes periodically to make them visible to other concurrent sessions
	  as well.
	+ stats: Add OpenMetrics exporter for statistics. See
	  https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
	+ stats: Support disabling stats-writer socket by setting
	  stats_writer_socket_path="".
	- auth-worker: Process keeps slowly increasing its memory usage and
	  eventually dies with "out of memory" due to reaching vsz_limit.
	- auth: Prevent potential timing attacks in authentication secret
	  comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result.
	- auth: Several auth-mechanisms allowed input to be truncated by NUL
	  which can potentially lead to unintentional issues or even successful
	  logins which should have failed.
	- auth: When auth policy returned a delay, auth_request_finished event
	  had policy_result=ok field instead of policy_result=delayed.
	- auth: auth process crash when auth_policy_server_url is set to an
	  invalid URL.
	- dict-ldap: Crash occurs if var_expand template expansion fails.
	- dict: If dict client disconnected while iteration was still running,
	  dict process could have started using 100% CPU, although it was still
	  handling clients.
	- doveadm: Running doveadm commands via proxying may hang, especially
	  when doveadm is printing a lot of output.
	- imap: "MOVE * destfolder" goes to a loop copying the last mail to the
	  destination until the imap process dies due to running out of memory.
	- imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite
	  loop.
	- imap: SEARCH doesn't support $.
	- lib-compress: Buffer over-read in zlib stream read.
	- lib-dns: If DNS lookup times out, lib-dns can cause crash in calling
	  process.
	- lib-index: Fixed several bugs in dovecot.index.cache handling that
	  could have caused cached data to be lost.
	- lib-index: Writing to >=1 GB dovecot.index.cache files may cause
	  assert-crashes:
	  Panic: file mail-index-util.c: line 37 (mail_index_uint32_to_offset):
	  assertion failed: (offset < 0x40000000)
	- lib-ssl-iostream: Fix buggy OpenSSL error handling without
	  assert-crashing. If there is no error available, log it as an error
	  instead of crashing:
	  Panic: file iostream-openssl.c: line 599 (openssl_iostream_handle_error):
	  assertion failed: (errno != 0)
	- lib-ssl-iostream: ssl_key_password setting did not work.
	- submission: A segfault crash may occur when the client or server
	  disconnects while a non-transaction command like NOOP or VRFY is still
	  being processed.
	- virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes:
	  Panic: file cmd-copy.c: line 152 (fetch_and_copy): assertion failed:
	  (copy_ctx->copy_count == seq_range_count(&copy_ctx->saved_uids))

Revision 1.22 / (download) - annotate - [select for diffs], Tue Jun 2 08:24:14 2020 UTC (3 years, 9 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base
Branch point for: pkgsrc-2020Q2
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)

Revbump for icu

Revision 1.21 / (download) - annotate - [select for diffs], Mon May 18 14:20:46 2020 UTC (3 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.20: +1 -2 lines
Diff to previous 1.20 (colored)

mail/dovecot2: update to 2.3.10.1

Update dovecot2 to 2.3.10.1.


v2.3.10.1  2020-05-18  Aki Tuomi <aki.tuomi@open-xchange.com>

- CVE-2020-10957: lmtp/submission: A client can crash the server by
  sending a NOOP command with an invalid string parameter. This occurs
  particularly for a parameter that doesn't start with a double quote.
  This applies to all SMTP services, including submission-login, which
  makes it possible to crash the submission service without
  authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
  commands can cause the server to access freed memory, which can lead
  to a server crash. This happens when the server closes the connection
  with a "421 Too many invalid commands" error. The bad command limit
  depends on the service (lmtp or submission) and varies between 10 to
  20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.

Revision 1.20 / (download) - annotate - [select for diffs], Sun Apr 12 08:28:56 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
Changes since 1.19: +2 -1 lines
Diff to previous 1.19 (colored)

Recursive revision bump after textproc/icu update

Revision 1.19 / (download) - annotate - [select for diffs], Fri Apr 19 05:35:04 2019 UTC (4 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.18: +1 -2 lines
Diff to previous 1.18 (colored)

dovecot2: updated to 2.3.5.2

v2.3.5.2
* CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is
  enabled. This could be used rather easily to cause a DoS. Similar
  crash also happens during mail delivery when using invalid UTF8 in
  From or Subject header when OX push notification driver is used.

Revision 1.18 / (download) - annotate - [select for diffs], Wed Apr 3 00:32:51 2019 UTC (4 years, 11 months ago) by ryoon
Branch: MAIN
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored)

Recursive revbump from textproc/icu

Revision 1.16.2.1 / (download) - annotate - [select for diffs], Mon Feb 18 14:50:56 2019 UTC (5 years ago) by bsiegert
Branch: pkgsrc-2018Q4
Changes since 1.16: +1 -2 lines
Diff to previous 1.16 (colored) next main 1.17 (colored)

Pullup ticket #5915 - requested by taca
mail-dovecot2: security fix

Revisions pulled up:
- mail/dovecot2-sqlite/Makefile                                 1.17
- mail/dovecot2/Makefile.common                                 1.24
- mail/dovecot2/distinfo                                        1.88

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb  6 01:41:28 UTC 2019

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common distinfo

   Log Message:
   mail/dovecot2: update to 2.3.4.1

   v2.3.4.1 2019-02-05  Aki Tuomi <aki.tuomi@open-xchange.com>

   	* CVE-2019-3814: If imap/pop3/managesieve/submission client has
   	  trusted certificate with missing username field
   	  (ssl_cert_username_field), under some configurations Dovecot
   	  mistakenly trusts the username provided via authentication instead
   	  of failing.
   	* ssl_cert_username_field setting was ignored with external SMTP AUTH,
   	  because none of the MTAs (Postfix, Exim) currently send the
   	  cert_username field. This may have allowed users with trusted
   	  certificate to specify any username in the authentication. This bug
   	  didn't affect Dovecot's Submission service.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb  6 01:42:16 UTC 2019

   Modified Files:
   	pkgsrc/mail/dovecot2-sqlite: Makefile

   Log Message:
   mail/dovecot2-sqlite: reset PKGREVISION

   Reset PKGREVISION with update to 2.3.4.1.

Revision 1.17 / (download) - annotate - [select for diffs], Wed Feb 6 01:42:16 2019 UTC (5 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.16: +1 -2 lines
Diff to previous 1.16 (colored)

mail/dovecot2-sqlite: reset PKGREVISION

Reset PKGREVISION with update to 2.3.4.1.

Revision 1.16 / (download) - annotate - [select for diffs], Sun Dec 9 18:52:35 2018 UTC (5 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base
Branch point for: pkgsrc-2018Q4
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)

revbump after updating textproc/icu

Revision 1.15 / (download) - annotate - [select for diffs], Fri Nov 30 18:43:10 2018 UTC (5 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)

dovecot2: updated to 2.3.4

2.3.4:
 * The default postmaster_address is now "postmaster@<user domain or
   server hostname>". If username contains the @domain part, that's
   used. If not, then the server's hostname is used.
 * "doveadm stats dump" now returns two decimals for the "avg" field.

 + Added push notification driver that uses a Lua script
 + Added new SQL, DNS and connection events.
   See https://wiki2.dovecot.org/Events
 + Added "doveadm mailbox cache purge" command.
 + Added events API support for Lua scripts
 + doveadm force-resync -f parameter performs "index fsck" while opening
   the index. This may be useful to fix some types of broken index files.
   This may become the default behavior in a later version.
 - director: Kicking a user crashes if login process is very slow
 - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed messages
   unless QUIT is sent.
 - auth: Fix crypt() segfault with glibc-2.28+
 - imap: Running UID FILTER script with errors assert-crashes
 - dsync, pop3-migration: POP3 UIDLs weren't added to
   dovecot.index.cache while mails were saved.
 - dict clients may have been using 100% CPU while waiting for dict
   server to finish commands.
 - doveadm user: Fixed user listing via HTTP API
 - All levels of Cassandra log messages were logged as Dovecot errors.
 - http/smtp client may have crashed after SSL handshake
 - Lua auth converted strings that looked like numbers into numbers.

Revision 1.14 / (download) - annotate - [select for diffs], Tue Oct 23 16:29:18 2018 UTC (5 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.13: +1 -2 lines
Diff to previous 1.13 (colored)

dovecot2: updated to 2.3.3

2.3.3:
* doveconf hides more secrets now in the default output.
* ssl_dh setting is no longer enforced at startup. If it's not set and
  non-ECC DH key exchange happens, error is logged and client is
  disconnected.

+ Added log_debug=<filter> setting.
+ Added log_core_filter=<log filter> setting.
+ quota-clone: Write to dict asynchronously
+ --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ lmtp proxy: Support source_ip passdb extra field.
+ doveadm stats dump: Support more fields and output stddev by default.
+ push-notification: Add SSL support for OX backend.
- NUL bytes in mail headers can cause truncated replies when fetched.
- director: Conflicting host up/down state changes may in some rare
  situations ended up in a loop of two directors constantly overwriting
  each others' changes.
- director: Fix hang/crash when multiple doveadm commands are being
  handled concurrently.
- director: Fix assert-crash if doveadm disconnects too early
- virtual plugin: Some searches used 100% CPU for many seconds
- dsync assert-crashed with acl plugin in some situations.
- mail_attachment_detection_options=add-flags-on-save assert-crashed
  with some specific Sieve scripts.
- Mail snippet generation crashed with mails containing invalid
  Content-Type:multipart header.
- Log prefix ordering was different for some log lines.
- quota: With noenforcing option current quota usage wasn't updated.
- auth: Kerberos authentication against Samba assert-crashed.
- stats clients were unnecessarily chatty with the stats server.
- imapc: Fixed various assert-crashes when reconnecting to server.
- lmtp, submission: Fix potential crash if client disconnects while
  handling a command.
- quota: Fixed compiling with glibc-2.26 / support libtirpc.
- fts-solr: Empty search values resulted in 400 Bad Request errors
- fts-solr: default_ns parameter couldn't be used
- submission server crashed if relay server returned over 7 lines in
  a reply (e.g. to EHLO)

Revision 1.13 / (download) - annotate - [select for diffs], Fri Jul 20 03:34:19 2018 UTC (5 years, 7 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 (colored)

Recursive revbump from textproc/icu-62.1

Revision 1.12 / (download) - annotate - [select for diffs], Sat Jul 14 20:15:33 2018 UTC (5 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.11: +1 -2 lines
Diff to previous 1.11 (colored)

dovecot2: updated to 2.3.2.1

v2.3.2 still had a few unexpected bugs:
- SSL/TLS servers may have crashed during client disconnection
- lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
  sometimes assert-crashed.
- v2.3.2: "make check" may have crashed with 32bit systems

v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/
* old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
  opening /proc/self/io. This may still cause security problems if the
  process is ptrace()d at the same time. Instead, open it while still
  running as root.
+ doveadm: Added mailbox cache decision&remove commands. See
  doveadm-mailbox(1) man page for details.
+ doveadm: Added rebuild attachments command for rebuilding
  $HasAttachment or $HasNoAttachment flags for matching mails. See
  doveadm-rebuild(1) man page for details.
+ cassandra: Use fallback_consistency on more types of errors
+ lmtp proxy: Support outgoing SSL/TLS connections
+ lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings.
+ submission: Add support for rawlog_dir
+ submission: Add submission_client_workarounds setting.
+ lua auth: Add password_verify() function and additional fields in
  auth request.
- doveadm-server: TCP connections are hanging when there is a lot of
  network output. This especially caused hangs in dsync-replication.
- Using multiple type=shared mdbox namespaces crashed
- mail_fsync setting was ignored. It was always set to "optimized".
- lua auth: Fix potential crash at deinit
- SSL/TLS servers may have crashed if client disconnected during
  handshake.
- SSL/TLS servers: Don't send extraneous certificates to client when
  alt certs are used.
- lda, lmtp: Return-Path header without '<' may have assert-crashed.
- lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
- lda: -f parameter didn't allow empty/null/domainless address
- lmtp, submission: Message size limit was hardcoded to 40 MB.
  Exceeding it caused the connection to get dropped during transfer.
- lmtp: Fix potential crash when delivery fails at DATA stage
- lmtp: login_greeting setting was ignored
- Fix to work with OpenSSL v1.0.2f
- systemd unit restrictions were too strict by default
- Fix potential crashes when a lot of log output was produced
- SMTP client may have assert-crashed when sending mail
- IMAP COMPRESS: Send "end of compression" marker when disconnecting.
- cassandra: Fix consistency=quorum to work
- dsync: Lock file generation failed if home directory didn't exist
- Snippet generation for HTML mails didn't ignore &entities inside
  blockquotes, producing strange looking snippets.
- imapc: Fix assert-crash if getting disconnected and after
  reconnection all mails in the selected mailbox are gone.
- pop3c: Handle unexpected server disconnections without assert-crash
- fts: Fixes to indexing mails via virtual mailboxes.
- fts: If mails contained NUL characters, the text around it wasn't
  indexed.
- Obsolete dovecot.index.cache offsets were sometimes used. Trying to
  fetch a field that was just added to cache file may not have always
  found it.

Revision 1.11 / (download) - annotate - [select for diffs], Sat Apr 14 07:34:30 2018 UTC (5 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2
Changes since 1.10: +2 -1 lines
Diff to previous 1.10 (colored)

revbump after icu update

Revision 1.9.2.1 / (download) - annotate - [select for diffs], Fri Mar 2 21:24:18 2018 UTC (6 years ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)

Pullup ticket #5713 - requested by taca
mail/dovecot2-ldap: security update
mail/dovecot2-sqlite: security update
mail/dovecot2: security update

Revisions pulled up:
- mail/dovecot2-ldap/Makefile                                   1.2
- mail/dovecot2-sqlite/Makefile                                 1.10
- mail/dovecot2/Makefile.common                                 1.16-1.18
- mail/dovecot2/PLIST                                           1.58-1.59
- mail/dovecot2/buildlink3.mk                                   1.26
- mail/dovecot2/distinfo                                        1.80-1.82
- mail/dovecot2/patches/patch-ab                                1.5
- mail/dovecot2/patches/patch-ae                                1.2
- mail/dovecot2/patches/patch-src_old-stats_mail-stats.h        1.1
- mail/dovecot2/patches/patch-src_plugins_quota_quota-fs.c      deleted
- mail/dovecot2/patches/patch-src_stats_mail-stats.h            deleted

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	fhajny
   Date:		Tue Jan  2 15:52:44 UTC 2018

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo
   	pkgsrc/mail/dovecot2-ldap: Makefile
   	pkgsrc/mail/dovecot2-sqlite: Makefile
   	pkgsrc/mail/dovecot2/patches: patch-ab patch-ae
   	    patch-src_plugins_quota_quota-fs.c
   Added Files:
   	pkgsrc/mail/dovecot2/patches: patch-src_old-stats_mail-stats.h
   Removed Files:
   	pkgsrc/mail/dovecot2/patches: patch-src_stats_mail-stats.h

   Log Message:
   Update mail/dovecot2* to 2.3.0.

   Some of the larger changes:

   * Various setting changes, see https://wiki2.dovecot.org/Upgrading/2.3
   * Logging rewrite started: Logging is now based on hierarchical events.
     This makes it possible to do various things, like: 1) giving
     consistent log prefixes, 2) enabling debug logging with finer
     granularity, 3) provide logs in more machine readable formats
     (e.g. json). Everything isn't finished yet, especially a lot of the
     old logging code still needs to be translated to the new way.
   * Statistics rewrite started: Stats are now based on (log) events.
     It's possible to gather statistics about any event that is logged.
     See http://wiki2.dovecot.org/Statistics for details
   * ssl_dh setting replaces the old generated ssl-parameters.dat
   * IMAP: When BINARY FETCH finds a broken mails, send [PARSE] error
     instead of [UNKNOWNCTE]
   * Linux: core dumping via PR_SET_DUMPABLE is no longer enabled by
     default due to potential security reasons (found by cPanel Security
     Team).
   + Added support for SMTP submission proxy server, which includes
     support for BURL and CHUNKING extension.
   + LMTP rewrite. Supports now CHUNKING extension and mixing of
     local/proxy recipients.
   + auth: Support libsodium to add support for ARGON2I and ARGON2ID
     password schemes.
   + auth: Support BLF-CRYPT password scheme in all platforms
   + auth: Added LUA scripting support for passdb/userdb.
     See https://wiki2.dovecot.org/AuthDatabase/Lua
   - Input streams are more reliable now when there are errors or when
     the maximum buffer size is reached. Previously in some situations
     this could have caused Dovecot to try to read already freed memory.
   - Output streams weren't previously handling failures when writing a
     trailer at the end of the stream. This mainly affected encrypt and
     zlib compress ostreams, which could have silently written truncated
     files if the last write happened to fail (which shouldn't normally
     have ever happened).
   - virtual plugin: Fixed panic when fetching mails from virtual
     mailboxes with IMAP BINARY extension.
   - doveadm-server: Fix potential hangs with SSL connections
   - doveadm proxy: Reading commands' output from v2.2.33+ servers could
     have caused the output to be corrupted or caused a crash.
   - Many other smaller fixes


   To generate a diff of this commit:
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/mail/dovecot2/Makefile.common
   cvs rdiff -u -r1.57 -r1.58 pkgsrc/mail/dovecot2/PLIST
   cvs rdiff -u -r1.79 -r1.80 pkgsrc/mail/dovecot2/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/dovecot2-ldap/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/mail/dovecot2-sqlite/Makefile
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/mail/dovecot2/patches/patch-ab
   cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/mail/dovecot2/patches/patch-ae
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/mail/dovecot2/patches/patch-src_old-stats_mail-stats.h
   cvs rdiff -u -r1.6 -r1.7 \
       pkgsrc/mail/dovecot2/patches/patch-src_plugins_quota_quota-fs.c
   cvs rdiff -u -r1.2 -r0 \
       pkgsrc/mail/dovecot2/patches/patch-src_stats_mail-stats.h

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	maya
   Date:		Thu Jan  4 00:22:02 UTC 2018

   Modified Files:
   	pkgsrc/mail/dovecot2: distinfo
   Removed Files:
   	pkgsrc/mail/dovecot2/patches: patch-src_plugins_quota_quota-fs.c

   Log Message:
   dovecot2: remove now redundant patch.

   Heads up by jzu, thanks.


   To generate a diff of this commit:
   cvs rdiff -u -r1.80 -r1.81 pkgsrc/mail/dovecot2/distinfo
   cvs rdiff -u -r1.7 -r0 \
       pkgsrc/mail/dovecot2/patches/patch-src_plugins_quota_quota-fs.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	fhajny
   Date:		Mon Jan  8 13:03:15 UTC 2018

   Modified Files:
   	pkgsrc/mail/dovecot2: buildlink3.mk

   Log Message:
   mail/dovecot2: bump ABI dependency to 2.3.0 for dovecot2-pigeonhole.


   To generate a diff of this commit:
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/mail/dovecot2/buildlink3.mk

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Wed Jan 24 15:16:49 UTC 2018

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common

   Log Message:
   dovecot2: Don't automatically add compiler security features.


   To generate a diff of this commit:
   cvs rdiff -u -r1.16 -r1.17 pkgsrc/mail/dovecot2/Makefile.common

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Mar  1 11:13:14 UTC 2018

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo

   Log Message:
   mail/dovecot2: update to 2.3.0.1

   Small patch release to fix the worst bugs in v2.3.0. v2.3.1 is coming in about a month with a lot more changes.

    * CVE-2017-15130: TLS SNI config lookups may lead to excessive
      memory usage, causing imap-login/pop3-login VSZ limit to be reached
      and the process restarted. This happens only if Dovecot config has
      local_name { } or local { } configuration blocks and attacker uses
      randomly generated SNI servernames.
    * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
      leak memory contents to attacker. For example, these memory contents
      might contain parts of an email from another user if the same imap
      process is reused for multiple users. First discovered by Aleksandar
      Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
      via HackerOne.
    * CVE-2017-15132: Aborted SASL authentication leaks memory in login
      process.
    * Linux: Core dumping is no longer enabled by default via
      PR_SET_DUMPABLE, because this may allow attackers to bypass
      chroot/group restrictions. Found by cPanel Security Team. Nowadays
      core dumps can be safely enabled by using "sysctl -w
      fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
      enabled by setting:
      import_environment=$import_environment PR_SET_DUMPABLE=1
    - imap-login with SSL/TLS connections may end up in infinite loop


   To generate a diff of this commit:
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/mail/dovecot2/Makefile.common
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/mail/dovecot2/PLIST
   cvs rdiff -u -r1.81 -r1.82 pkgsrc/mail/dovecot2/distinfo

Revision 1.10 / (download) - annotate - [select for diffs], Tue Jan 2 15:52:44 2018 UTC (6 years, 2 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)

Update mail/dovecot2* to 2.3.0.

Some of the larger changes:

* Various setting changes, see https://wiki2.dovecot.org/Upgrading/2.3
* Logging rewrite started: Logging is now based on hierarchical events.
  This makes it possible to do various things, like: 1) giving
  consistent log prefixes, 2) enabling debug logging with finer
  granularity, 3) provide logs in more machine readable formats
  (e.g. json). Everything isn't finished yet, especially a lot of the
  old logging code still needs to be translated to the new way.
* Statistics rewrite started: Stats are now based on (log) events.
  It's possible to gather statistics about any event that is logged.
  See http://wiki2.dovecot.org/Statistics for details
* ssl_dh setting replaces the old generated ssl-parameters.dat
* IMAP: When BINARY FETCH finds a broken mails, send [PARSE] error
  instead of [UNKNOWNCTE]
* Linux: core dumping via PR_SET_DUMPABLE is no longer enabled by
  default due to potential security reasons (found by cPanel Security
  Team).
+ Added support for SMTP submission proxy server, which includes
  support for BURL and CHUNKING extension.
+ LMTP rewrite. Supports now CHUNKING extension and mixing of
  local/proxy recipients.
+ auth: Support libsodium to add support for ARGON2I and ARGON2ID
  password schemes.
+ auth: Support BLF-CRYPT password scheme in all platforms
+ auth: Added LUA scripting support for passdb/userdb.
  See https://wiki2.dovecot.org/AuthDatabase/Lua
- Input streams are more reliable now when there are errors or when
  the maximum buffer size is reached. Previously in some situations
  this could have caused Dovecot to try to read already freed memory.
- Output streams weren't previously handling failures when writing a
  trailer at the end of the stream. This mainly affected encrypt and
  zlib compress ostreams, which could have silently written truncated
  files if the last write happened to fail (which shouldn't normally
  have ever happened).
- virtual plugin: Fixed panic when fetching mails from virtual
  mailboxes with IMAP BINARY extension.
- doveadm-server: Fix potential hangs with SSL connections
- doveadm proxy: Reading commands' output from v2.2.33+ servers could
  have caused the output to be corrupted or caused a crash.
- Many other smaller fixes

Revision 1.9 / (download) - annotate - [select for diffs], Thu Nov 30 16:45:29 2017 UTC (6 years, 3 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)

Revbump after textproc/icu update

Revision 1.8 / (download) - annotate - [select for diffs], Thu Oct 12 10:34:28 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.7: +1 -3 lines
Diff to previous 1.7 (colored)

dovecot2: update to 2.2.33.1

v2.2.33.1:
- dovecot-lda was logging to stderr instead of to the log file.

v2.2.33:
* doveadm director commands wait for the changes to be visible in the
  whole ring before they return. This is especially useful in testing.
* Environments listed in import_environment setting are now set or
  preserved when executing standalone commands (e.g. doveadm)

+ doveadm proxy: Support proxying logs. Previously the logs were
  visible only in the backend's logs.
+ Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ Added a new notify_status plugin, which can be used to update dict
  with current status of a mailbox when it changes. See
  https://wiki2.dovecot.org/Plugins/NotifyStatus
+ Mailbox list index can be disabled for a namespace by appending
  ":LISTINDEX=" to location setting.
+ dsync/imapc: Added dsync_hashed_headers setting to specify which
  headers are used to match emails.
+ pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore
  mails that are visible in POP3 but not IMAP. This could happen if
  new mails were delivered during the migration run.
+ pop3-migration: Further improvements to help with Zimbra
+ pop3-migration: Cache POP3 UIDLs in imapc's dovecot.index.cache
  if indexes are enabled. These are used to optimize incremental syncs.
+ cassandra, dict-sql: Use prepared statements if protocol version>3.
+ auth: Added %{ldap_dn} variable for passdb/userdb ldap
- acl: The "create" (k) permission in global acl-file was sometimes
  ignored, allowing users to create mailboxes when they shouldn't have.
- sdbox: Mails were always opened when expunging, unless
  mail_attachment_fs was explicitly set to empty.
- lmtp/doveadm proxy: hostip passdb field was ignored, which caused
  unnecessary DNS lookups if host field wasn't an IP
- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO
- quota_clone: Update also when quota is unlimited (broken in v2.2.31)
- mbox, zlib: Fix assert-crash when accessing compressed mbox
- doveadm director kick -f parameter didn't work
- doveadm director flush <host> resulted flushing all hosts, if <host>
  wasn't an IP address.
- director: Various fixes to handling backend/director changes at
  abnormal times, especially while ring was unsynced. These could have
  resulted in crashes, non-optimal behavior or ignoring some of the
  changes.
- director: Use less CPU in imap-login processes when moving/kicking
  many users.
- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs
  when lmtp_rcpt_check_quota=yes
- doveadm sync -1 fails when local mailboxes exist that do not exist
  remotely. This commonly happened when lazy_expunge mailbox was
  autocreated when incremental sync expunged mails.
- pop3: rawlog_dir setting didn't work

Revision 1.7 / (download) - annotate - [select for diffs], Mon Sep 18 09:53:26 2017 UTC (6 years, 5 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

revbump for requiring ICU 59.x

Revision 1.6 / (download) - annotate - [select for diffs], Sat Apr 22 21:03:42 2017 UTC (6 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)

Revbump after icu update

Revision 1.4.4.1 / (download) - annotate - [select for diffs], Thu Apr 13 15:04:30 2017 UTC (6 years, 10 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)

Pullup ticket #5274 - requested by taca
mail/dovecot2: security fix
mail/dovecot2-sqlite: security fix

Revisions pulled up:
- mail/dovecot2-sqlite/Makefile                                 1.5
- mail/dovecot2/Makefile.common                                 1.6
- mail/dovecot2/PLIST                                           1.53
- mail/dovecot2/distinfo                                        1.72

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Apr 13 01:59:08 UTC 2017

   Modified Files:
   	pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo
   	pkgsrc/mail/dovecot2-sqlite: Makefile

   Log Message:
   Update dovecot2 to 2.2.29.1.  This release contains security fixes.

   v2.2.29.1 2017-04-12  Timo Sirainen <tss@iki.fi>

   	- imapc reconnection fix was forgotten from 2.2.29 release, which also
   	  made "make check" fail in a unit test
   	- dict-sql: Merging multiple UPDATEs to a single statement wasn't
   	  actually working.
   	- Fixed building with vpopmail

   v2.2.29 2017-04-10  Timo Sirainen <tss@iki.fi>

   	* passdb/userdb dict: Don't double-expand %variables in keys. If dict
   	  was used as the authentication passdb, using specially crafted
   	  %variables in the username could be used to cause DoS (CVE-2017-2669)
   	* When Dovecot encounters an internal error, it logs the real error and
   	  usually logs another line saying what function failed. Previously the
   	  second log line's error message was a rather uninformative "Internal
   	  error occurred. Refer to server log for more information." Now the
   	  real error message is duplicated in this second log line.
   	* lmtp: If a delivery has multiple recipients, run autoexpunging only
   	  for the last recipient. This avoids a problem where a long
   	  autoexpunge run causes LMTP client to timeout between the DATA
   	  replies, resulting in duplicate mail deliveries.
   	* config: Don't stop the process due to idling. Otherwise the
   	  configuration is reloaded when the process restarts.
   	* mail_log plugin: Differentiate autoexpunges from regular expunges
   	* imapc: Use LOGOUT to cleanly disconnect from server.
   	* lib-http: Internal status codes (>9000) are no longer visible in logs
   	* director: Log vhost count changes and HOST-UP/DOWNte autoexpunges from regular expunges
   	* imapc: Use LOGOUT to cleanly disconnect from server.
   	* lib-http: Internal status codes (>9000) are no longer visible in logs
   	* director: Log vhost count changes and HOST-UP/DOWN

   + quota: Add plugin { quota_max_mail_size } setting to limit the
   	  maximum individual mail size that can be saved.
   	+ imapc: Add imapc_features=delay-login. If set, connecting to the
   	  remote IMAP server isn't done until it's necessary.
   	+ imapc: Add imapc_connection_retry_count and
   	  imapc_connection_retry_interval settings.
   	+ imap, pop3, indexer-worker: Add (deinit) to process title before
   	  autoexpunging runs.
   + Added %{encrypt} and %{decrypt} variables
   	+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
   	+ imap/pop3-login: All forward_* extra fields returned by passdb are
   	  sent to the next hop when proxying using ID/XCLIENT commands. On the
   	  receiving side these fields are imported and sent to auth process
   	  where they're accessible via %{passdb:forward_*}. This is done only
   	  if the sending IP address matches login_trusted_networks.
   	+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
   	  auth process. %{client_id} expands to it in auth process. The ID
   	  string is also sent to the next hop when proxying.
   	+ passdb imap: Use ssl_client_ca_* settings for CA validation.
   	- fts-tika: Fixed crash when parsing attachment without
   	  Content-Disposition header. Broken by 2.2.28.
   	- trash plugin was broken in 2.2.28
   	- auth: When passdb/userdb lookups were done via auth-workers, too much
   	  data was added to auth cache. This could have resulted in wrong
   	  replies when using multiple passdbs/userdbs.
   	- auth: passdb { skip & mechanisms } were ignored for the first passdb
   	- oauth2: Various fixes, including fixes to crashes
   	- dsync: Large Sieve scripts (or other large metadata) weren't always
   	  synced.
   - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
   	- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
   	- doveadm: Exit codes weren't preserved when proxying commands via
   	  doveadm-server. Almost all errors used exit code 75 (tempfail).
   	- ACLs weren't applied to not-yet-existing autocreated mailboxes.
   	- Fixed a potential crash when parsing a broken message header.
   	- cassandra: Fallback consistency settings weren't working correctly.
   	- doveadm director status <user>: "Initial config" was always empty
   	- imapc: Various reconnection fixes.

Revision 1.5 / (download) - annotate - [select for diffs], Thu Apr 13 01:59:08 2017 UTC (6 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 (colored)

Update dovecot2 to 2.2.29.1.  This release contains security fixes.

v2.2.29.1 2017-04-12  Timo Sirainen <tss@iki.fi>

	- imapc reconnection fix was forgotten from 2.2.29 release, which also
	  made "make check" fail in a unit test
	- dict-sql: Merging multiple UPDATEs to a single statement wasn't
	  actually working.
	- Fixed building with vpopmail

v2.2.29 2017-04-10  Timo Sirainen <tss@iki.fi>

	* passdb/userdb dict: Don't double-expand %variables in keys. If dict
	  was used as the authentication passdb, using specially crafted
	  %variables in the username could be used to cause DoS (CVE-2017-2669)
	* When Dovecot encounters an internal error, it logs the real error and
	  usually logs another line saying what function failed. Previously the
	  second log line's error message was a rather uninformative "Internal
	  error occurred. Refer to server log for more information." Now the
	  real error message is duplicated in this second log line.
	* lmtp: If a delivery has multiple recipients, run autoexpunging only
	  for the last recipient. This avoids a problem where a long
	  autoexpunge run causes LMTP client to timeout between the DATA
	  replies, resulting in duplicate mail deliveries.
	* config: Don't stop the process due to idling. Otherwise the
	  configuration is reloaded when the process restarts.
	* mail_log plugin: Differentiate autoexpunges from regular expunges
	* imapc: Use LOGOUT to cleanly disconnect from server.
	* lib-http: Internal status codes (>9000) are no longer visible in logs
	* director: Log vhost count changes and HOST-UP/DOWN

	+ quota: Add plugin { quota_max_mail_size } setting to limit the
	  maximum individual mail size that can be saved.
	+ imapc: Add imapc_features=delay-login. If set, connecting to the
	  remote IMAP server isn't done until it's necessary.
	+ imapc: Add imapc_connection_retry_count and
	  imapc_connection_retry_interval settings.
	+ imap, pop3, indexer-worker: Add (deinit) to process title before
	  autoexpunging runs.
	+ Added %{encrypt} and %{decrypt} variables
	+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
	+ imap/pop3-login: All forward_* extra fields returned by passdb are
	  sent to the next hop when proxying using ID/XCLIENT commands. On the
	  receiving side these fields are imported and sent to auth process
	  where they're accessible via %{passdb:forward_*}. This is done only
	  if the sending IP address matches login_trusted_networks.
	+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
	  auth process. %{client_id} expands to it in auth process. The ID
	  string is also sent to the next hop when proxying.
	+ passdb imap: Use ssl_client_ca_* settings for CA validation.
	- fts-tika: Fixed crash when parsing attachment without
	  Content-Disposition header. Broken by 2.2.28.
	- trash plugin was broken in 2.2.28
	- auth: When passdb/userdb lookups were done via auth-workers, too much
	  data was added to auth cache. This could have resulted in wrong
	  replies when using multiple passdbs/userdbs.
	- auth: passdb { skip & mechanisms } were ignored for the first passdb
	- oauth2: Various fixes, including fixes to crashes
	- dsync: Large Sieve scripts (or other large metadata) weren't always
	  synced.
	- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
	- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
	- doveadm: Exit codes weren't preserved when proxying commands via
	  doveadm-server. Almost all errors used exit code 75 (tempfail).
	- ACLs weren't applied to not-yet-existing autocreated mailboxes.
	- Fixed a potential crash when parsing a broken message header.
	- cassandra: Fallback consistency settings weren't working correctly.
	- doveadm director status <user>: "Initial config" was always empty
	- imapc: Various reconnection fixes.

Revision 1.4 / (download) - annotate - [select for diffs], Mon Dec 12 14:22:03 2016 UTC (7 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2016Q4-base, pkgsrc-2016Q4
Branch point for: pkgsrc-2017Q1
Changes since 1.3: +1 -2 lines
Diff to previous 1.3 (colored)

Revert "Specify readline requirement on 30 packages"

Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.

Revision 1.3 / (download) - annotate - [select for diffs], Sun Dec 4 05:17:32 2016 UTC (7 years, 2 months ago) by ryoon
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)

Recursive revbump from textproc/icu 58.1

Revision 1.2 / (download) - annotate - [select for diffs], Sun Dec 4 03:51:16 2016 UTC (7 years, 2 months ago) by marino
Branch: MAIN
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)

Specify readline requirement on 30 packages

Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline

The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Jul 18 15:03:06 2016 UTC (7 years, 7 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3

Split off dovecot2-{gssapi,ldap,mysql,pgsql,sqlite} as separate
packages, remove respective options.mk parts.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>