Log message:
mail/dovecot2: update to 2.3.9.2

Update doveot2 to 2.3.9.2, previous fix for CVE-2019-19722 was partial fix.

v2.3.9.2 2019-12-13  Aki Tuomi <aki.tuomi@open-xchange.com>

	- Mails with empty From/To headers can also cause crash
	  in push notification drivers.

Log message:
dovecot2: updated to 2.3.9.1

2.3.9.1:
* CVE-2019-19722: Mails with group addresses in From or To fields caused
  crash in push notification drivers.

Log message:
dovecot2: updated to 2.3.9

v2.3.9:
* Changed several event field names for consistency and to avoid
  conflicts in parent-child event relationships:
   * SMTP server command events: Renamed "name" to "cmd_name"
   * Events inheriting from a mailbox: Renamed "name" to \ 
"mailbox"
   * Server connection events have only "remote_ip", \ 
"remote_port",
     "local_ip" and "local_port".
   * Removed duplicate "client_ip", "ip" and "port".
   * Mail storage events: Removed "service" field.
     Use "service:<name>" category instead.
   * HTTP client connection events: Renamed "host" to \ 
"dest_host" and
     "port" to "dest_port"
* auth: Drop Postfix socketmap support. It hasn't been working
  with recent Postfix versions for a while now.
* push-notification-lua: The "subject" field is now decoded to UTF8
  instead of kept as MIME-encoded.
+ push-notification-lua: Added new "from_address", \ 
"from_display_name",
  "to_address" and "to_display_name" fields. The display \ 
names are
  decoded to UTF8.
+ Added various new fields to existing events.
  See http://doc.dovecot.net/admin_manual/list_of_events.html
+ Add lmtp_add_received_header setting. It can be used to prevent LMTP
  from adding "Received:" headers.
+ doveadm: Support SSL/STARTTLS for proxied doveadm connections based on
  doveadm_ssl setting and proxy ssl/tls settings.
+ Log filters support now "service:<name>", which matches all \ 
events for
  the given service. It can also be used as a category.
+ lib: Use libunwind to get abort backtraces with function names
  where available.
+ lmtp: When the LMTP proxy changes the username (from passdb lookup)
  add an appropriate ORCPT parameter.
- lmtp: Add lmtp_client_workarounds setting to implement workarounds for
  clients that send MAIL and RCPT commands with additional spaces before
  the path and for clients that omit <> brackets around the path.
  See example-config/conf.d/20-lmtp.conf.
- lda/lmtp: Invalid MAIL FROM addresses were rejcted too aggressively.
  Now mails from addresses with unicode characters are delivered, but
  their Return-Path header will be <> instead of the given MAIL FROM
  address.
- lmtp: The lmtp_hdr_delivery_address setting is ignored.
- imap: imap_command_finished event's "args" and \ 
"human_args" parameters
  were always empty.
- mbox: Seeking in zlib and bzip2 compressed input streams didn't work
  correctly.
- imap-hibernate: Process crashed when client got destroyed while it was
  attempted to be unhibernated, and the unhibernation fails.
- *-login: Proxying may have crashed if SSL handshake to the backend
  failed immediately. This was unlikely to happen in normal operation.
- *-login: If TLS handshake to upstream server failed during proxying,
  login process could crash due to invalid memory access.
- *-login: v2.3 regression: Using SASL authentication without initial
  response may have caused SSL connections to hang. This happened often
  at least with PHP's IMAP library.
- *-login: When login processes are flooded with authentication attempts
  it starts logging errors about "Authentication server sent unknown id".
  This is still expected. However, it also caused the login process to
  disconnect from auth server and potentially log some user's password
  in the error message.
- dict-sql: SQL prepared statements were not shared between sessions.
  This resulted in creating a lot of prepared statements, which was
  especially inefficient when using Cassandra backend with a lot of
  Cassandra nodes.
- auth: auth_request_finished event didn't have success=yes parameter
  set for successful authentications.
- auth: userdb dict - Trying to list users crashed.
- submission: Service could be configured to allow anonymous
  authentication mechanism and anonymous user access.
- LAYOUT=index: Corrupted dovecot.list.index caused folder creation to
  panic.
- doveadm: HTTP server crashes if request target starts with double "/".
- dsync: Remote dsync started hanging if the initial doveadm
  "dsync-server" command was sent in the same TCP packet as the
  following dsync handshake. v2.3.8 regression.
- lib: Several "input streams" had a bug that in some rare situations
  might cause it to access freed memory. This could lead to crashes or
  corruption.
  The only currently known effect of this is that using zlib plugin with
  external mail attachments (mail_attachment_dir) could cause fetching
  the mail to return a few bytes of garbage data at the beginning of the
  header. Note that the mail wasn't saved corrupted, but fetching it
  caused corrupted mail to be sent to the client.
- lib-storage: If a mail only has quoted content, use the quoted text
  for generating message snippet (IMAP PREVIEW) instead of returning
  empty snippet.
- lib-storage: When vsize header was rebuilt, newly calculated message
  sizes were added to dovecot.index.cache instead of being directly
  saved into vsize records in dovecot.index.
- lib: JSON generator was escaping UTF-8 characters unnecessarily.

Log message:
mail/dovecot2: update to 2.3.8

Update dovecot2 and friends to 2.3.8.

2.3.8 2019-10-08

Changes

+ Added mail_delivery_started and mail_delivery_finished events, see
  https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
  field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
  ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
  It shouldn't cause any user visible changes.
- v2.3.7 regression: If a folder only receives new mails without any
  other mail access, dovecot.index.log keeps growing forever and
  dovecot.index keeps being rewritten for every mail delivery.
- dsync-replication may lose keywords after syncing mails restored from
  another replica. This only happened if the mail only had keywords and no
  system flags.
- event filters: Non-textual event fields could not be filtered using
  wildcards.
- auth: Scope parameter was missing from OAuth password grant request.
- doveadm client-server communication may hang in some situations. It is
  also using unnecessarily small TCP/IP packet sizes.
- doveadm who and kick did not flush protocol output correctly.
- imap: SETMETADATA with literal value would delete the metadata value
  instead of updating it.
- imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the
  caching decisions should be updated so that newly saved mails will have
  the preview cached.
- With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid
  permission bits in some files may have become dropped with some NFS
  servers. Changed NFS flushing to now use chmod() instead of chown().
- quota: warnings did not work if quota root was noenforcing
- acl: Global ACL file ignored the last line if it didn't end with LF.
- doveadm stats dump: With JSON formatter output numbers using the
  number type instead of as strings
- lmtp_proxy: Ensure that real_* variables are correctly set when using
  lmtp_proxy.
- event exporter: http-post driver had hardcoded timeout and did not
  support DNS lookups or TLS connections.
- auth: Fix user iteration to work with userdb passwd with glibc v2.28.
- auth: auth service can crash if auth-policy JSON response is invalid
  or returned too fast.
- In some rare situations "ps" output could have shown a lot of \ 
"?"
  characters after Dovecot process titles.
- When dovecot.index.pvt is empty, an unnecessary error is logged:
  Error: .../dovecot.index.pvt reset, view is now inconsistent
- SMTP address encoder duplicated initial double quote character when
  the localpart of an address ended in '..'. For example
  "user+..@example.com" became ""user+.."@example.com in a
  sieve redirect.

Log message:
mail/dovecot2: update to 2.3.7.2

Update dovecot2 and related packages to 2.3.7.2.

Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

Log message:
mail/dovecot2: update to 2.3.7.1

v2.3.7.1 2019-07-23  Timo Sirainen <timo.sirainen@open-xchange.com>

	- Fix TCP_NODELAY errors being logged on non-Linux OSes
	- lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
	- Remove wrongly added checks in namespace prefix checking

Log message:
Silence Error: file_ostream.net_set_tcp_nodelay(, TRUE) failed

Patch from upstream -head via FreeBSD
<https://svnweb.freebsd.org/ports/head/mail/dovecot/files/patch-src_lib_ostream-file.c?view=markup&pathrev=506487>
<https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239172>

Log message:
mail/dovecot2:

Update dovecot2 to 2.3.7.

Changes
-------

* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
  https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
  https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
  external systems, see
  https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
  on body search, and an error using FTS index fails the search rather
  than reads through all the mails.
- Submission/LMTP: Fixed crash when domain argument is invalid in a
  second EHLO/LHLO command.
- Copying/moving mails using Maildir format loses IMAP keywords in the
  destination if the mail also has no system flags.
- mail_attachment_detection_options=add-flags-on-save caused email body
  to be unnecessarily opened when FETCHing mail headers that were
  already cached.
- mail attachment detection keywords not saved with maildir.
- dovecot.index.cache may have grown excessively large in some
  situations. This happened especially when using autoexpunging with
  lazy_expunge folders. Also with mdbox format in general the cache file
  wasn't recreated as often as it should have.
- Autoexpunged mails weren't immediately deleted from the disk. Instead,
  the deletion from disk happened the next time the folder was opened.
  This could have caused unnecessary delays if the opening was done by
  an interactive IMAP session.
- Dovecot's TCP connections sometimes add extra 40ms latency due to not
  enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
  affected, but everything else was. This delay wasn't always visible -
  only in some situations with some message/packet sizes.
- imapc: Fix various crash conditions
- Dovecot builds were not always reproducible.
- login-proxy: With shutdown_clients=no after config reload the
  existing connections could no longer be listed or kicked with doveadm.
- "doveadm proxy kick" with -f parameter caused a crash in some
  situations.
- Auth policy can cause segmentation fault crash during auth process
  shutdown if all auth requests have not been finished.
- Fix various minor bugs leading into incorrect behaviour in mailbox
  list index handling. These rarely caused noticeable problems.
- LDAP auth: Iteration accesses freed memory, possibly crashing
  auth-worker
- local_name { .. } filter in dovecot.conf does not correctly support
  multiple names and wildcards were matched incorrectly.
- replicator: dsync assert-crashes if it can't connect to remote TCP
  server.
- config: Memory leak in config process when ssl_dh setting wasn't
  set and there was no ssl-parameters.dat file.
  This caused config process to die once in a while
  with "out of memory".

Log message:
dovecot2: update blk3 to follow gnutls disabling

Do not bump revision since binary cannot be altered

pkgsrc changes:
---------------
  * make blk3 conform to options.mk
  * move BUILD_DEFS (pkglint WARN--)
  * comment an explicit patch (pkglint ERROR--)

Log message:
dovecot2: remove gnutls option that is currently broken

Fix PR pkg/54337