graphics/poppler: bump dependent ports

mail/dovecot: Fix build with option ICU (full text search plugin) after update
icu to 76.1

ld: error: undefined symbol: u_strFromUTF8Lenient
>>> referenced by fts-icu.c
>>>               .libs/fts-icu.o:(fts_icu_utf8_to_utf16)
>>> referenced by fts-icu.c
>>>               .libs/fts-icu.o:(fts_icu_utf8_to_utf16)

ld: error: undefined symbol: u_errorName
>>> referenced by fts-icu.c
>>>               .libs/fts-icu.o:(fts_icu_utf8_to_utf16)
>>> referenced by fts-icu.c
>>>               .libs/fts-icu.o:(fts_icu_utf16_to_utf8)
>>> referenced by fts-icu.c
>>>               .libs/fts-icu.o:(fts_icu_translate)
>>> referenced 3 more times

PR:		284832
Approved by:	ler (maintainer, implicit)

mail/dovecot: update upgrading URL

PR: 284280

mail/dovecot: add mysql & pgsql flavors

Add database flavors for dovecot

mail/dovecot: add patch from upstream to silence "time moved forwards"

Patch from Timo Sirainen (via dovecot list)

PR:	280929
Reported by: trashcan@ellael.org

mail/dovecot: pet portclippy

PR: 	280866
Reported by:	vvd

mail/dovecot: update 2.3.21 → 2.3.21.1 (fixes 2 CVEs)

- CVE-2024-23184: A large number of address headers in email resulted
  in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
  discarded, with a limit of 10MB on a single header and 50MB for all
  the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
  to introspection server. These need to be optionally in Basic auth
  instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
  required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
  protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
  from token, but was configured on Dovecot.
https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/

PR:		280866
Approved by:	ler (maintainer)
MFH:		2024Q3

mail/dovecot: remove extra call to doveconf in rc.d script

PR:	279867
Reported by: Siva Mahadevan <me@svmhdvn.name>

mail/dovecot: make the rc script service jails aware

PR:		279670
Approved by:	maintainer

mail/dovecot: Move manpages to share/man

PR:		277401
Approved by:	portmgr (blanket)

graphics/poppler: bump consumers of graphics/poppler

Bump after rupdate in 478df79a3071b399f648107456cf371587e84a3f

mail/dovecot: add LDAP as a default option

PR:	276741
Requested by: seichan-ml@wakhok.ne.jp

graphics/poppler: bump revision of consumers

devel/icu: update to 74.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-74-1
Reported by:	GitHub (watch releases)
PR:		274317
Exp-run by:	antoine (incomplete)
Approved by:	fluffy

mail/{dovecot,dovecot-pigeonhole}: Update to latest stable releases

* Update mail/dovecot to 2.3.21.
* Update mail/dovecot-pigeonhole to 0.5.21.
* Bump PORTREVISION of dependencies.

ReleaseNotes:	https://dovecot.org/mailman3/archives/list/dovecot-news@dovecot.org/thread/Y5SJWAIAVEAQ2KKSWJM7VSJUUFRMFAH5/
PR:		273946
Approved by:	maintainer timeout

mail/dovecot: add mail/dovecot-xaps to portrevision bump list

PR:		270566
Approved by:	ler (maintainer timeout)

devel/icu: update to 73.1

- Temporarily switch to GitHub auto archive (release artifacts are N/A atm)

Changes:	https://github.com/unicode-org/icu/releases/tag/release-73-1
Reported by:	GitHub (watch releases)
PR:		270422
Exp-run by:	antoine

Mk/**ldap.mk: Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

mail/dovecot: fix build

- patch-src_lib_ioloop-notify-kqueue.c: patch already applied.

mail/dovecot: fix build with clang 15

During an exp-run for llvm 15 (see bug 265425), it turned out that
mail/dovecot failed to build with clang 15:

  ioloop-notify-kqueue.c:70:2: error: call to undeclared function
'i_gettimeofday'; ISO C99 and later do not support implicit function
declarations [-Wimplicit-function-declaration]
          i_gettimeofday(&ioloop_timeval);
          ^
  ioloop-notify-kqueue.c:70:2: note: did you mean 'gettimeofday'?
  /usr/include/sys/time.h:617:5: note: 'gettimeofday' declared here
  int     gettimeofday(struct timeval *, struct timezone *);
          ^
  ...
  --- test-mail-index-transaction-update.o ---
  test-mail-index-transaction-update.c:633:14: warning: comparison of function
'timezone' equal to a null pointer is always false
[-Wtautological-pointer-compare]

mail/dovecot: update to 2.3.20

mail/dovecot-pigeonhole: bump to 0.5.20
mail/dovecot-fts-*, mail/dovecot-coi: bump portrevision

mail/dovecot: ChanggLog:
+ Add dsync_features=no-header-hashes. When this setting is enabled and
  one dsync side doesn't support mail GUIDs (i.e. imapc), there is no
  fallback to using header hashes. Instead, dsync assumes that all mails
  with identical IMAP UIDs contains the same mail contents. This can
  significantly improve dsync performance with some IMAP servers that
  don't support caching Date/Message-ID headers.
+ lua: HTTP client has more settings now, see
  https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client
+ replicator: "doveadm replicator status" command now outputs when the

devel/icu: update to 72.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-72-1
Reported by:	GitHub (watch releases)
PR:		266582
Exp-run by:	antoine

mail/dovecot: add mail/dovecot-fts-flatcurve to list

PR: 266911

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

mail: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ashish@FreeBSD.org>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam David <adam@FreeBSD.org>
  *  Adam McDougall <mcdouga9@egr.msu.edu>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Akinori MUSHA aka knu <knu@idaemons.org>
  *  Alex Deiter <tiamat@komi.mts.ru>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Dupre <sysadmin@alexdupre.com>
  *  Alex Perel <veers@disturbed.net>

mail/dovecot: update to 2.3.19.1

Due to a severe bug in doveadm deduplicate, we are releasing patch
release 2.3.19.1.

mail/dovecot, mail/dovecot-pigeonhole: Upgrade to 2.3.19, 0.5.19

Dovecot Changelog:
+ Added mail_user_session_finished event, which is emitted when the mail
  user session is finished (e.g. imap, pop3, lmtp). It also includes
  fields with some process statistics information.
  See https://doc.dovecot.org/admin_manual/list_of_events/ for more
  information.
+ Added process_shutdown_filter setting. When an event matches the filter,
  the process will be shutdown after the current connection(s) have
  finished. This is intended to reduce memory usage of long-running imap
  processes that keep a lot of memory allocated instead of freeing it to
  the OS.
+ auth: Add cache hit indicator to auth passdb/userdb finished events.
  See https://doc.dovecot.org/admin_manual/list_of_events/ for more

mail/dovecot: add mail/dovecot-coi to the warning

mail/dovecot-fts-elastic: New FTS plugin for dovecot

PR: 263382
Reported By: bgupta@kde.org

Revert "mail/dovecot: Add FLAVORs for CDB, LDAP, MYSQL, PGSQL, and SQLITE3"

Flavors currently breaks mail/dovecot-pigeonhole,
mail/dovecot-fts-xapian, mail/dovecot-fts-flatcurve.

nc & I (ler) will work to see if we can come to a better way to do this

This reverts commit 0dd69d0adfd2ef48dc949bb2325c2c534117fc29.

mail/dovecot: Add FLAVORs for CDB, LDAP, MYSQL, PGSQL, and SQLITE3

PR:		254164
Approved by:	maintainer timeout (>1 year)

devel/icu: update to 71.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-71-1
Reported by:	GitHub (watch releases)
PR:		262654
Exp-run by:	antoine
Approved by:	fluffy

mail/dovecot, mail/dovecot-pigeonhole: update to 2.3.18, 0.5.18 respectively

Dovecot ChangeLog:
* Removed mail_cache_lookup_finished event. This event wasn't especially
  useful, but it increased CPU usage significantly.
* fts: Don't index inline base64 encoded content in FTS indexes using
  the generic tokenizer. This reduces the FTS index sizes by removing
  input that is very unlikely to be searched for. See
  https://doc.dovecot.org/configuration_manual/fts/tokenization for
  details on how base64 is detected. Only applies when using libfts.
* lmtp: Session IDs are now preserved through proxied connections, so
  LMTP sessions can be tracked. This slightly changes the LMTP session
  ID format by appending ":Tn" (transaction), ":Pn" (proxy connection)
  and ":Rn" (recipient) counters after the session ID prefix.
+ Events now have "reason_code" field, which can provide a list of

devel/icu: update to 70.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-70-1
Reported by:	GitHub (watch releases)
PR:		258794
Exp-run by:	antoine

mail/dovecot: mail/dovecot-pigeonhole: upgrade to 2.3.17, 0.5.17

ChangeLogs:
dovecot:
* Dovecot now logs a warning if time seems to jump forward at least
  100 milliseconds.
* dict: Lines logged by the dict process now contain the dict name as
  the prefix.
* lib-index: mail_cache_fields, mail_always_cache_fields and
  mail_never_cache_fields now verifies that the listed header names are
  valid. Especially the UTF8 "–" character has sometimes been wrongly
  used instead of the ASCII "-".
+ *-login: Added login_proxy_rawlog_dir setting to capture
  rawlogs between proxy and backend.
+ dict: The server process now keeps the last 10 idle dict backends

mail/dovecot: update to 2.3.16

mail/dovecot-pigeonhole: update to 0.5.16

ChangeLogs:
https://dovecot.org/pipermail/dovecot-news/2021-August/000463.html
https://dovecot.org/pipermail/dovecot-news/2021-August/000464.html

mail/dovecot-*: update 2.3.13 -> 2.3.15 and related ports

PR:			256860
Approved by:		fluffy (ports-secteam)
Submitted by:		otis
Relnotes:		https://dovecot.org/pipermail/dovecot-news/2021-June/000457.html
			https://dovecot.org/pipermail/dovecot-news/2021-March/000455.html
			https://dovecot.org/pipermail/dovecot-news/2021-March/000456.html
			https://dovecot.org/pipermail/dovecot-news/2021-June/000458.html
Security:		CVE-2021-29157, CVE-2021-33515, CVE-2020-28200
Differential Revision:	https://reviews.freebsd.org/D30866
MFH:			2021Q3

devel/icu: update to 69.1

Changes:	https://github.com/unicode-org/icu/releases/tag/release-69-1
Reported by:	GitHub (watch releases)

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

Remove occurrences of %%LUA_LIBDIR%%.

Differential Revision:	https://reviews.freebsd.org/D29138

Remove redundant option descriptions that match the default ones

(ignoring case)

Reported by:	danfe (for net/mosquitto), portscan

mail/dovecot: unbreak build with lua54

Reported by:	poudriere failure
Approved by:	portmgr blanket (fix build)
MFH:		2021Q1

mail/dovecot: update 2.3.11.3 -> 2.3.13, fix CVE in non-default config
mail/dovecot-pigeonhole: update 0.5.11 -> 0.5.13

- please note: option VPOPMAIl was removed from upstream

PR:		252415
Submitted by:	Evilham <contact@evilham.com>
Reviewed by:	fluffy
Approved by:	ler (maintainer)
MFH:		2021Q1
Relnotes:	https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
		https://dovecot.org/pipermail/dovecot-news/2021-January/000449.html
Security:	CVE-2020-24386, CVE-2020-25275

devel/icu: update to 68.1

Changes:	http://site.icu-project.org/download/68
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/
Reported by:	GitHub (watch releases)

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.11.3 and 0.5.11,
repectively.

dovecot changelog:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in

mail/dovecot: fix example config *.conf.ext REINPLACE missed in r537587.

PR:		246963
Submitted by:	kfv@irbug.org
MFH:		2020Q2

mail/dovecot: restore the REINPLACE_CMD for the example config.

Overzealous removal.

PR:		246947
Submitted by:	gwbr0601@yahoo.de
Pointy Hat To:	ler

mail/dovecot: Upgrade to 2.3.10.1, fixing multiple vulnerabilities.

- CVE-2020-10957: lmtp/submission: A client can crash the server by
  sending a NOOP command with an invalid string parameter. This occurs
  particularly for a parameter that doesn't start with a double quote.
  This applies to all SMTP services, including submission-login, which
  makes it possible to crash the submission service without
  authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
  commands can cause the server to access freed memory, which can lead
  to a server crash. This happens when the server closes the connection
  with a "421 Too many invalid commands" error. The bad command limit
  depends on the service (lmtp or submission) and varies between 10 to
  20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the
  lmtp service to crash.

Clean up some REINPLACE warnings whilst we're here.

MFH:		2020Q2
Security:	37d106a8-15a4-483e-8247-fcb68b16eaf8
Security:	CVE-2020-10957
Security:	CVE-2020-10958
Security:	CVE-2020-10967

devel/icu: update to 67.1

Changes:	http://site.icu-project.org/download/67
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/
Reported by:	GitHub (watch releases)

mail/dovecot: use libexttextcat for lucene.

PR:		244932
Submitted by:	igorz@yandex.ru

devel/icu: update to 66.1

Changes:	http://site.icu-project.org/download/66
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/

mail/dovecot: update to 2.3.10.

ChangeLog:
* Disable retpoline migitations by default. These can cause severe
  performance regressions, so they should be only enabled when
  applicable.
* IMAP MOVE now commits transactions in batches of 1000 mails. This
  helps especially with lazy_expunge when moving a lot of mails. It
  mainly avoids situations where multiple IMAP sessions are running the
  same MOVE command and duplicating the mails in the lazy_expunge folder.
  With this change there can still be some duplication, but the MOVE
  always progresses forward. Also if the MOVE fails at some point, the
  changes up to the last 1000 mails are still committed instead of
  rolled back. Note that the COPY command behavior hasn't changed,
  because it is required by IMAP standard to be an atomic operation.

mail/dovecot: upgrade to 2.3.9.3

Changelog:
    * CVE-2020-7046: Truncated UTF-8 can be used to DoS
      submission-login and lmtp processes.
    * CVE-2020-7957: Specially crafted mail can crash snippet generation.

MFH:		2020Q1
Security:	CVE-2020-7046
Security:	CVE-2020-7957
Security:	74db0d02-b140-4c32-aac6-1f1e81e1ad30

mail/dovecot: upgrade to 2.3.9.2,

* CVE-2019-19722: Mails with group addresses in From or To fields caused
crash in push notification drivers.
- additional fix for blank headers

PORTREVISION bump for mail/dovecot-pigeonhole, mail/dovecot-fts-xapian
*NOT* requesting MFH as 2.3.9 is not in 2019Q4.

Security:	b7dc4dde-2e48-43f9-967a-c68461537cf2
Security:	CVS-2019-19722

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.9, 0.5.9 respectively.

Bump PORTREVISION of mail/dovecot-fts-xapian for version change of dovecot.

Changelog:
Dovecot:
* Changed several event field names for consistency and to avoid
  conflicts in parent-child event relationships:
   * SMTP server command events: Renamed "name" to "cmd_name"
   * Events inheriting from a mailbox: Renamed "name" to "mailbox"
   * Server connection events have only "remote_ip", "remote_port",
     "local_ip" and "local_port".
   * Removed duplicate "client_ip", "ip" and "port".
   * Mail storage events: Removed "service" field.
     Use "service:<name>" category instead.

mail/dovecot: include mention of security.bsd.hardlink_check_{g,u}id in
pkg-message.

PR:		242223
Submitted by:	tphilipp@potion-studios.com

mail/dovecot: revert removing patch that is still needed.

PR:		240607

Revert changes that crept in by accident

Reported by:	fluffy
Pointy hat:	bapt

mail/dovecot: really fix LUA=off.

Pointy Hat To: ler

mail/dovecot: fix breakage when LUA is NOT selected.

PR:		241144
Submitted by:	matthias.pfaller@familie-pfaller.de
Reported by:	many
Pointy Hat To: ler

Drop the ipv6 virtual category for m* category as it is not relevant anymore

dovecot-fts-xapian: Bump portrevision after dovecot upgrade
Add a note to the dovecot port about the requirement to bump the portrevision
each time dovecot is updated

PR:		241147
Reported by:	Matthias Pfaller <matthias.pfaller@familie-pfaller.de>

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.8 and 0.5.8 respectively.

release notes:
dovecot:
Changes

+ Added mail_delivery_started and mail_delivery_finished events, see
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
It shouldn't cause any user visible changes.

devel/icu: update to 65.1

Changes:	http://site.icu-project.org/download/65
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/

mail/dovecot: remove no longer needed patch file.

PR:		240607
Submitted by:	paul.le.gauret@gmail.com

mail/dovecot,mail/dovecot-pigeonhole: fix CVE-2019-11500

Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

MFH:		2019Q3
Security:	CVE-2019-11500

onvert to UCL & cleanup pkg-message (categories l-m)

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.7.1 and 0.5.7.1
respectively.

These releases fix the reported regressions in v2.3.7 & v0.5.7.

Dovecot core:
        - Fix TCP_NODELAY errors being logged on non-Linux OSes
        - lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
        - Remove wrongly added checks in namespace prefix checking

Pigeonhole:
        - dsync: Sieve script syncing failed if mailbox attributes weren't
          enabled.

mail/dovecot: [PATCH] lib-storage: Namespace prefix shouldn't be included in all
 mailbox name validity checks

Obtained from:	upstream github.

mail/dovecot: One should actually TEST their patches.

Fix previous commit.

Pointy Hat To: ler

mail/dovecot: stop whining about TCP_NODELAY errors.

[PATCH] lib: ostream-file: Don't log any errors when setting
 TCP_NODELAY

It's likely never useful to log the error, and it seems more and more
unexpected errors just keep popping up.

Obtained from:	upstream git.

mail/dovecot: stop spamming the log with EINVAL.

PR:		239172
Submitted by:	zillion1@o2.pl
Obtained from:	dovecot mailing list.

mail/dovecot, mail/dovecot-pigeonhole: Update to 2.3.7 and 0.5.7 respectively.

dovecot changelog:
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
  https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
  https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
  external systems, see
  https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
  on body search, and an error using FTS index fails the search rather
  than reads through all the mails.

mail/dovecot: remove obsolete patch.

no PORTREVISION bump, as it doesn't change the package.

Reported by:	herbert@gojira.at

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.6, 0.5.6 respectively.

Dovecot changelog:
* CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer
access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was started over
TLS secured channel and invalid authentication message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when
XCLIENT commands were sent infinitely to the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously sent as two
replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF consistently when
CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without setting
ssl_client_ca_* settings.
- pop3c: SSL support was broken.

mail/dovecot: upgrade to 2.3.5.2

* CVE-2019-10691: Trying to login with 8bit username containing
      invalid UTF8 input causes auth process to crash if auth policy is
      enabled. This could be used rather easily to cause a DoS. Similar
      crash also happens during mail delivery when using invalid UTF8 in
      From or Subject header when OX push notification driver is used.

MFH:		2019Q2
Security:	CVE-2019-10691

mail/dovecot: upgrade to 2.3.5.1.

    * CVE-2019-7524: Missing input buffer size validation leads into
      arbitrary buffer overflow when reading fts or pop3 uidl header
      from Dovecot index. Exploiting this requires direct write access to
      the index files.

MFH:		2019Q1
Security:	CVE-2019-7524

devel/icu: update to 64.1

Changes:	http://site.icu-project.org/download/64
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/
PR:		236325
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D19479

mail/dovecot and mail/dovecot-pigeonhole upgrade to 2.3.5 and 0.5.5 respectively

dovecot changelog:
+ Lua push notification driver: mail keywords and flags are provided in
MessageNew and MessageAppend events.
+ submission: Implement support for plugins.
+ auth: When auth_policy_log_only=yes, only log what the policy server response
would do without actually doing it.
+ auth: Always log policy server decisions with auth_verbose=yes
- v2.3.[34]: doveadm log errors: Output was missing user/session
- lda: Debug log lines could have shown slightly corrupted
- login proxy: Login processes may have crashed in various ways when
login_proxy_max_disconnect_delay was set.
- imap: Fix crash with Maildir+zlib if client disconnects during APPEND
- lmtp proxy: Fix potential assert-crash
- lmtp/submission: Fix crash when SMTP client transaction times out
- submission: Split large XCLIENT commands to 512 bytes per command, so Postfix
accepts them.
- submission: Fix crash when client sends invalid BURL command

mail/dovecot: upgrade to 2.3.4.1

    * CVE-2019-3814: If imap/pop3/managesieve/submission client has
      trusted certificate with missing username field
      (ssl_cert_username_field), under some configurations Dovecot
      mistakenly trusts the username provided via authentication instead
      of failing.
    * ssl_cert_username_field setting was ignored with external SMTP AUTH,
      because none of the MTAs (Postfix, Exim) currently send the
      cert_username field. This may have allowed users with trusted
      certificate to specify any username in the authentication. This bug
      didn't affect Dovecot's Submission service.

PR:		235523
Submitted by:	pascal.christen@hostpoint.ch
MFH:		2019Q1
Security:	1340fcc1-2953-11e9-bc44-a4badb296695
Security:	CVE-2019-3814

mail/dovecot: Fix previous commit.

I missed a character typing the patch.

Pointy Hat: ler

mail/dovecot: Pick up mailing list patch for imap-preauth vs. stats-writer.

see the dovecot mailing list thread on imap-preauth and stats-writer between
Stephan Bosch and a FreeBSD user

Obtained from:	upstream mailing list.

mail/dovecot: Pick up a mailinglist patch for solr/tika separation.

solr and tika currently use the same http client connection.  Upstream
made the attached patches in response to my (ler@) bug report.

Obtained from:	upstream mailing list.

mail/dovecot: Add upstream patch to fix a double free in MySQL.

Obtained
from:	https://github.com/dovecot/core/commit/3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch

mail/dovecot: add option to support libsodium

- libsodium option to support security/libsodium based crypts
- pet portlint
- fix LUA option pkg-plist issues

mail/dovecot: pick up patch from upstream to quiet format warnings.

Obtained
from:	https://github.com/dovecot/core/commit/de42b54aaf165d4f62b45be864dde36bdbbc4276

mail/dovecot update to 2.3.4, mail/dovecot-pigeonhole to 0.5.4

dovecot change log:
* The default postmaster_address is now "postmaster@<user domain or
   server hostname>". If username contains the @domain part, that's
   used. If not, then the server's hostname is used.
* "doveadm stats dump" now returns two decimals for the "avg" field.

+ Added push notification driver that uses a Lua script
+ Added new SQL, DNS and connection events.
   See https://wiki2.dovecot.org/Events
+ Added "doveadm mailbox cache purge" command.
+ Added events API support for Lua scripts
+ doveadm force-resync -f parameter performs "index fsck" while opening
   the index. This may be useful to fix some types of broken index files.

mail/dovcecot: fix thinko in previous update.  Don't print config always

PR:		232803
Submitted by:	oleg@pcbtech.ru

mail/dovecot: give better error message(s) when there are configuration errors.

PR:		232785
Submitted by:	prj@rootwyrm.com

devel/icu: update to 63.1

Changes:	http://site.icu-project.org/download/63
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/
PR:		232300
Exp-run by:	antoine

mail/dovecot: don't pick up libsodium if installed.

PR:		232236
Submitted by:	d8zNeCFG@aon.at

mail/dovecot upgrade to 2.3.3, mail/dovecot-pigeonhole upgrade to 0.5.3.

dovecot changelog:
* doveconf hides more secrets now in the default output.
* ssl_dh setting is no longer enforced at startup. If it's not set and
   non-ECC DH key exchange happens, error is logged and client is
   disconnected.

+ Added log_debug=<filter> setting.
+ Added log_core_filter=<log filter> setting.
+ quota-clone: Write to dict asynchronously
+ --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ lmtp proxy: Support source_ip passdb extra field.
+ doveadm stats dump: Support more fields and output stddev by default.
+ push-notification: Add SSL support for OX backend.

mail/dovecot, mail/dovecot22: suppress harmless error message when the symlink
in /var/run/dovecot
to the config file doesn't exist.

PR:		225078
Reported by:	pkubaj@anongoth.pl
Reviewed by:	adamw
MFH:		2018Q3

mail/dovecot: upgrade to 2.3.2.1.
v2.3.2 still had a few unexpected bugs:

- SSL/TLS servers may have crashed during client disconnection
- lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
   sometimes assert-crashed.
- v2.3.2: "make check" may have crashed with 32bit systems

mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.2 and 0.5.2 respectively

dovecot changelog:
v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as
well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are
already in https://repo.dovecot.org/

* old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
   opening /proc/self/io. This may still cause security problems if the
   process is ptrace()d at the same time. Instead, open it while still
   running as root.
+ doveadm: Added mailbox cache decision&remove commands. See
   doveadm-mailbox(1) man page for details.
+ doveadm: Added rebuild attachments command for rebuilding
   $HasAttachment or $HasNoAttachment flags for matching mails. See
   doveadm-rebuild(1) man page for details.
+ cassandra: Use fallback_consistency on more types of errors

devel/icu: update to 62.1

Changes:	http://site.icu-project.org/download/62
ABI:		https://abi-laboratory.pro/tracker/timeline/icu4c/
PR:		229359
Exp-run by:	antoine (only 10.4)

mail/dovecot{,22} add BEFORE: mail to RC script

PR:	228998
Submitted by:	ohauer@FreeBSD.org

mail/dovecot: fix "2.3.1 Replication is throwing scary errors"

make makepatch for cleanliness
Submitted by:	remko
Reported by:	remko
Obtained from:	upstream