./mail/dovecot2, Secure IMAP and POP3 server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.3.7nb1, Package name: dovecot-2.3.7nb1, Maintainer: adam

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems,
written with security primarily in mind. Dovecot is an excellent choice for both
small and large installations. It's fast, simple to set up, requires no special
administration and it uses very little memory.


Required to run:
[archivers/lz4]

Required to build:
[pkgtools/cwrappers]

Package options: kqueue, pam, ssl, tcpwrappers

Master sites:

SHA1: d45241cc649e30053720626cc422a6212a6d02d4
RMD160: d7774bf57fa57fc10d662a2e04be4ee432bf822f
Filesize: 6908.317 KB

Version history: (Expand)


CVS history: (Expand)


   2019-07-19 17:13:31 by Hauke Fath | Files touched by this commit (3)
Log message:
Silence Error: file_ostream.net_set_tcp_nodelay(, TRUE) failed

Patch from upstream -head via FreeBSD
<https://svnweb.freebsd.org/ports/head/mail/dovecot/files/patch-src_lib_ostream-file.c?view=markup&pathrev=506487>
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239172>
   2019-07-18 15:38:18 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
mail/dovecot2:

Update dovecot2 to 2.3.7.

Changes
-------

* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
  https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
  https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
  external systems, see
  https://doc.dovecot.org/configuration_m … nt_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
  on body search, and an error using FTS index fails the search rather
  than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
  second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
  destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
  to be unnecessarily opened when FETCHing mail headers that were
  already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
  situations. This happened especially when using autoexpunging with
  lazy_expunge folders. Also with mdbox format in general the cache file
  wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
  the deletion from disk happened the next time the folder was opened.
  This could have caused unnecessary delays if the opening was done by
  an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
  enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
  affected, but everything else was. This delay wasn't always visible -
  only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
  existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
  situations.
- Auth policy can cause segmentation fault crash during auth process
  shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
  list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
  auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
  multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
  server.
- config: Memory leak in config process when ssl_dh setting wasn't
  set and there was no ssl-parameters.dat file.
  This caused config process to die once in a while
  with "out of memory".
   2019-07-03 08:09:22 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (5) | Package updated
Log message:
dovecot2: update blk3 to follow gnutls disabling

Do not bump revision since binary cannot be altered

pkgsrc changes:
---------------
  * make blk3 conform to options.mk
  * move BUILD_DEFS (pkglint WARN--)
  * comment an explicit patch (pkglint ERROR--)
   2019-07-03 07:51:54 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1)
Log message:
dovecot2: remove gnutls option that is currently broken

Fix PR pkg/54337
   2019-06-10 00:10:45 by Nia Alarie | Files touched by this commit (1)
Log message:
dovecot2: HOMEPAGE is a permanent redirect to https.
   2019-04-30 17:21:06 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
mail/dovecot2: update to 2.3.6

Update dovecot2 and dovecot-{gssapi,ldap,mysql,pgsql,sqlite} to 2.3.6.

v2.3.6 2019-04-30  Aki Tuomi <aki.tuomi@open-xchange.com>

	* CVE-2019-11494: Submission-login crashed with signal 11 due to null
	  pointer access when authentication was aborted by disconnecting.
	* CVE-2019-11499: Submission-login crashed when authentication was
	  started over TLS secured channel and invalid authentication message
	  was sent.
	* auth: Support password grant with passdb oauth2.
	+ Use system default CAs for outbound TLS connections.
	+ Simplify array handling with new helper macros.
	+ fts_solr: Enable configuring batch_size and soft_commit features.
	- lmtp/submission: Fixed various bugs in XCLIENT handling, including a
	  hang when XCLIENT commands were sent infinitely to the remote server.
	- lmtp/submission: Forwarded multi-line replies were erroneously sent
	  as two replies to the client.
	- lib-smtp: client: Message was not guaranteed to contain CRLF
	  consistently when CHUNKING was used.
	- fts_solr: Plugin was no longer compatible with Solr 7.
	- Make it possible to disable certificate checking without
	  setting ssl_client_ca_* settings.
	- pop3c: SSL support was broken.
	- mysql: Closing connection twice lead to crash on some systems.
	- auth: Multiple oauth2 passdbs crashed auth process on deinit.
	- HTTP client connection errors infrequently triggered a segmentation
	  fault when the connection was idle and not used for a particular
	  client instance.
   2019-04-19 07:35:04 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
dovecot2: updated to 2.3.5.2

v2.3.5.2
* CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is
  enabled. This could be used rather easily to cause a DoS. Similar
  crash also happens during mail delivery when using invalid UTF8 in
  From or Subject header when OX push notification driver is used.
   2019-03-29 15:27:43 by Hauke Fath | Files touched by this commit (2)
Log message:
Security fix:

    * CVE-2019-7524: Missing input buffer size validation leads into
      arbitrary buffer overflow when reading fts or pop3 uidl header
      from Dovecot index. Exploiting this requires direct write access to
      the index files.