notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Port details
dovecot-pigeonhole Sieve plugin for the Dovecot 'deliver' LDA and LMTP
0.5.15 mail on this many watch lists=14 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 0.5.13Version of this port present on the latest quarterly branch.
Maintainer: ler@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2017-08-07 21:44:12
Last Update: 2021-07-03 10:09:08
Commit Hash: 21a797e
People watching this port, also watch:: dovecot, nginx, postfix, ca_root_nss, rsync
License: LGPL21
Description:
SVNWeb : git : Homepage
pkg-plist: as obtained via: make generate-plist
Expand this list (113 items)
Collapse this list.
  1. @ldconfig
  2. /usr/local/share/licenses/dovecot-pigeonhole-0.5.15/catalog.mk
  3. /usr/local/share/licenses/dovecot-pigeonhole-0.5.15/LICENSE
  4. /usr/local/share/licenses/dovecot-pigeonhole-0.5.15/LGPL21
  5. lib/dovecot/settings/libmanagesieve_login_settings.a
  6. lib/dovecot/settings/libmanagesieve_login_settings.so
  7. lib/dovecot/settings/libmanagesieve_settings.a
  8. lib/dovecot/settings/libmanagesieve_settings.so
  9. libexec/dovecot/managesieve
  10. libexec/dovecot/managesieve-login
  11. bin/sieve-dump
  12. bin/sieve-filter
  13. bin/sieve-test
  14. bin/sievec
  15. include/dovecot/sieve/edit-mail.h
  16. include/dovecot/sieve/mail-raw.h
  17. include/dovecot/sieve/pigeonhole-config.h
  18. include/dovecot/sieve/pigeonhole-version.h
  19. include/dovecot/sieve/rfc2822.h
  20. include/dovecot/sieve/sieve-actions.h
  21. include/dovecot/sieve/sieve-address-parts.h
  22. include/dovecot/sieve/sieve-address-source.h
  23. include/dovecot/sieve/sieve-address.h
  24. include/dovecot/sieve/sieve-ast.h
  25. include/dovecot/sieve/sieve-binary-dumper.h
  26. include/dovecot/sieve/sieve-binary-private.h
  27. include/dovecot/sieve/sieve-binary.h
  28. include/dovecot/sieve/sieve-code-dumper.h
  29. include/dovecot/sieve/sieve-code.h
  30. include/dovecot/sieve/sieve-commands.h
  31. include/dovecot/sieve/sieve-common.h
  32. include/dovecot/sieve/sieve-comparators.h
  33. include/dovecot/sieve/sieve-config.h
  34. include/dovecot/sieve/sieve-dump.h
  35. include/dovecot/sieve/sieve-error-private.h
  36. include/dovecot/sieve/sieve-error.h
  37. include/dovecot/sieve/sieve-execute.h
  38. include/dovecot/sieve/sieve-ext-copy.h
  39. include/dovecot/sieve/sieve-ext-enotify.h
  40. include/dovecot/sieve/sieve-ext-environment.h
  41. include/dovecot/sieve/sieve-ext-imap4flags.h
  42. include/dovecot/sieve/sieve-ext-mailbox.h
  43. include/dovecot/sieve/sieve-ext-variables.h
  44. include/dovecot/sieve/sieve-extensions.h
  45. include/dovecot/sieve/sieve-generator.h
  46. include/dovecot/sieve/sieve-interpreter.h
  47. include/dovecot/sieve/sieve-lexer.h
  48. include/dovecot/sieve/sieve-limits.h
  49. include/dovecot/sieve/sieve-match-types.h
  50. include/dovecot/sieve/sieve-match.h
  51. include/dovecot/sieve/sieve-message.h
  52. include/dovecot/sieve/sieve-objects.h
  53. include/dovecot/sieve/sieve-parser.h
  54. include/dovecot/sieve/sieve-plugins.h
  55. include/dovecot/sieve/sieve-result.h
  56. include/dovecot/sieve/sieve-runtime-trace.h
  57. include/dovecot/sieve/sieve-runtime.h
  58. include/dovecot/sieve/sieve-script-private.h
  59. include/dovecot/sieve/sieve-script.h
  60. include/dovecot/sieve/sieve-settings.h
  61. include/dovecot/sieve/sieve-smtp.h
  62. include/dovecot/sieve/sieve-storage-private.h
  63. include/dovecot/sieve/sieve-storage.h
  64. include/dovecot/sieve/sieve-stringlist.h
  65. include/dovecot/sieve/sieve-types.h
  66. include/dovecot/sieve/sieve-validator.h
  67. include/dovecot/sieve/sieve.h
  68. lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.a
  69. lib/dovecot/doveadm/lib10_doveadm_sieve_plugin.so
  70. lib/dovecot/lib90_sieve_plugin.a
  71. lib/dovecot/lib90_sieve_plugin.so
  72. lib/dovecot/lib95_imap_filter_sieve_plugin.a
  73. lib/dovecot/lib95_imap_filter_sieve_plugin.so
  74. lib/dovecot/lib95_imap_sieve_plugin.a
  75. lib/dovecot/lib95_imap_sieve_plugin.so
  76. lib/dovecot/libdovecot-sieve.a
  77. lib/dovecot/libdovecot-sieve.so
  78. lib/dovecot/libdovecot-sieve.so.0
  79. lib/dovecot/libdovecot-sieve.so.0.0.0
  80. lib/dovecot/settings/libpigeonhole_settings.a
  81. lib/dovecot/settings/libpigeonhole_settings.so
  82. lib/dovecot/sieve/lib90_sieve_extprograms_plugin.a
  83. lib/dovecot/sieve/lib90_sieve_extprograms_plugin.so
  84. lib/dovecot/sieve/lib90_sieve_imapsieve_plugin.a
  85. lib/dovecot/sieve/lib90_sieve_imapsieve_plugin.so
  86. man/man1/doveadm-sieve.1.gz
  87. man/man1/sieve-dump.1.gz
  88. man/man1/sieve-filter.1.gz
  89. man/man1/sieve-test.1.gz
  90. man/man1/sievec.1.gz
  91. man/man1/sieved.1.gz
  92. man/man7/pigeonhole.7.gz
  93. share/aclocal/dovecot-pigeonhole.m4
  94. share/doc/dovecot/example-config/conf.d/20-managesieve.conf
  95. share/doc/dovecot/example-config/conf.d/90-sieve-extprograms.conf
  96. share/doc/dovecot/example-config/conf.d/90-sieve.conf
  97. share/doc/dovecot/example-config/sieve-ldap.conf
  98. share/doc/dovecot/sieve/extensions/duplicate.txt
  99. share/doc/dovecot/sieve/extensions/editheader.txt
  100. share/doc/dovecot/sieve/extensions/include.txt
  101. share/doc/dovecot/sieve/extensions/spamtest-virustest.txt
  102. share/doc/dovecot/sieve/extensions/vacation.txt
  103. share/doc/dovecot/sieve/extensions/vnd.dovecot.environment.txt
  104. share/doc/dovecot/sieve/extensions/vnd.dovecot.report.txt
  105. share/doc/dovecot/sieve/locations/dict.txt
  106. share/doc/dovecot/sieve/locations/file.txt
  107. share/doc/dovecot/sieve/locations/ldap.txt
  108. share/doc/dovecot/sieve/plugins/imap_filter_sieve.txt
  109. share/doc/dovecot/sieve/plugins/imapsieve.txt
  110. share/doc/dovecot/sieve/plugins/sieve_extprograms.txt
  111. @owner
  112. @group
  113. @mode
Collapse this list.
Dependency lines:
  • dovecot-pigeonhole>0:mail/dovecot-pigeonhole
To install the port: cd /usr/ports/mail/dovecot-pigeonhole/ && make install clean
To add the package, run one of these commands:
  • pkg install mail/dovecot-pigeonhole
  • pkg install dovecot-pigeonhole
PKGNAME: dovecot-pigeonhole
Flavors: there is no flavor information for this port.
distinfo:
Packages (timestamps in pop-ups are UTC):
dovecot-pigeonhole
ABIlatestquarterly
FreeBSD:11:aarch640.5.2_30.5.11
FreeBSD:11:amd640.5.150.5.15
FreeBSD:11:armv6-0.5.11
FreeBSD:11:i3860.5.150.5.15
FreeBSD:11:mips--
FreeBSD:11:mips64--
FreeBSD:12:aarch640.5.30.5.15
FreeBSD:12:amd640.5.150.5.15
FreeBSD:12:armv60.5.30.5.11
FreeBSD:12:armv70.5.30.5.11
FreeBSD:12:i3860.5.150.5.15
FreeBSD:12:mips--
FreeBSD:12:mips64--
FreeBSD:12:powerpc64-0.5.13
FreeBSD:13:aarch640.5.130.5.15
FreeBSD:13:amd640.5.150.5.15
FreeBSD:13:armv60.5.130.5.13
FreeBSD:13:armv70.5.130.5.13
FreeBSD:13:i3860.5.150.5.15
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc640.5.130.5.15
FreeBSD:14:aarch640.5.15-
FreeBSD:14:amd640.5.15-
FreeBSD:14:armv60.5.13-
FreeBSD:14:armv70.5.13-
FreeBSD:14:i3860.5.15-
FreeBSD:14:mips--
FreeBSD:14:mips64--
FreeBSD:14:powerpc640.5.13-
 

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. dovecot>=2.3.9 : mail/dovecot
Runtime dependencies:
  1. dovecot>=2.3.9 : mail/dovecot
There are no ports dependent upon this port

Configuration Options:
Options name:

USES:

pkg-message:
If installing:
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. http://pigeonhole.dovecot.org/releases/2.3/
Collapse this list.
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2018-04-01
    Affects: users of mail/dovecot and mail/dovecot-pigeonhole
    Author: adamw@FreeBSD.org
    Reason: 
      Dovecot has been upgraded to 2.3.1, and pigeonhole to 0.5.1. Most
      existing dovecot installations MUST be modified for 2.3, but for
      most users the modifications are simple.
    
      Modify your Dovecot conf.d/ files before spinning up 2.3.1. The
      upgrading instructions are detailed here:
    
      	https://wiki2.dovecot.org/Upgrading/2.3
    
    
Port Moves
  • port moved here from mail/dovecot-pigeonhole04 on 2019-02-04
    REASON: Has expired: End of Life upstream, use mail/dovecot-pigeonhole instead

  • port moved here from mail/dovecot2-pigeonhole on 2017-08-07
    REASON: Renamed to mail/dovecot-pigeonhole

  • port moved here from mail/dovecot2-antispam-plugin on 2017-07-31
    REASON: Has expired: Use pigeonhole instead. See https://wiki2.dovecot.org/HowTo/AntispamWithSieve

  • port moved here from mail/dovecot-antispam on 2017-07-31
    REASON: Has expired: Dovecot-1.x is deprecated. Use dovecot2 and dovecot2-antispam-plugin instead

  • port moved here from mail/dovecot-sieve on 2017-07-31
    REASON: Has expired: Dovecot-1.x is deprecated. Use dovecot2 and dovecot-pigeonhole instead

  • port moved here from mail/dovecot-managesieve on 2017-07-31
    REASON: Has expired: Dovecot-1.x is deprecated. Use dovecot2 and dovecot-pigeonhole instead

Number of commits found: 38

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
03 Jul 2021 10:09:08
 files touched by this commit commit hash:21a797ec8c62a66c2e44c7e99acbf3063ec113aa  0.5.15
pi search for other commits by this committer
mail/dovecot-*: update 2.3.13 -> 2.3.15 and related ports

PR:			256860
Approved by:		fluffy (ports-secteam)
Submitted by:		otis
Relnotes:		https://dovecot.org/pipermail/dovecot-news/2021-June/000457.html
			https://dovecot.org/pipermail/dovecot-news/2021-March/000455.html
			https://dovecot.org/pipermail/dovecot-news/2021-March/000456.html
			https://dovecot.org/pipermail/dovecot-news/2021-June/000458.html
Security:		CVE-2021-29157, CVE-2021-33515, CVE-2020-28200
Differential Revision:	https://reviews.freebsd.org/D30866
MFH:			2021Q3
06 Apr 2021 14:31:07
 files touched by this commit commit hash:305f148f482daf30dcf728039d03d019f88344eb  0.5.13 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
06 Jan 2021 14:58:35
Original commit files touched by this commit Revision:560527  0.5.13 This port version is marked as vulnerable.
pi search for other commits by this committer
mail/dovecot: update 2.3.11.3 -> 2.3.13, fix CVE in non-default config
mail/dovecot-pigeonhole: update 0.5.11 -> 0.5.13

- please note: option VPOPMAIl was removed from upstream

PR:		252415
Submitted by:	Evilham <contact@evilham.com>
Reviewed by:	fluffy
Approved by:	ler (maintainer)
MFH:		2021Q1
Relnotes:	https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
		https://dovecot.org/pipermail/dovecot-news/2021-January/000449.html
Security:	CVE-2020-24386, CVE-2020-25275
14 Aug 2020 00:27:43
Original commit files touched by this commit Revision:544857  0.5.11 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.11.3 and 0.5.11,
repectively.

dovecot changelog:
* CVE-2020-12100: Parsing mails with a large number of MIME parts could
  have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
* CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
* CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
* CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.
* Events: Fix inconsistency in events. See event documentation in
(Only the first 15 lines of the commit message are shown above View all of this commit message)
09 Mar 2020 18:16:21
Original commit files touched by this commit Revision:528112  0.5.10 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: upgrade to 0.5.10.

- just to keep version numbers consistent
- fix some issues caused by a recent commit.
06 Mar 2020 19:16:54
Original commit files touched by this commit Revision:527892  0.5.9_2 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot: update to 2.3.10.

ChangeLog:
* Disable retpoline migitations by default. These can cause severe
  performance regressions, so they should be only enabled when
  applicable.
* IMAP MOVE now commits transactions in batches of 1000 mails. This
  helps especially with lazy_expunge when moving a lot of mails. It
  mainly avoids situations where multiple IMAP sessions are running the
  same MOVE command and duplicating the mails in the lazy_expunge folder.
  With this change there can still be some duplication, but the MOVE
  always progresses forward. Also if the MOVE fails at some point, the
  changes up to the last 1000 mails are still committed instead of
  rolled back. Note that the COPY command behavior hasn't changed,
  because it is required by IMAP standard to be an atomic operation.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
13 Dec 2019 15:02:25
Original commit files touched by this commit Revision:520040  0.5.9_1 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot: upgrade to 2.3.9.2,

* CVE-2019-19722: Mails with group addresses in From or To fields caused
crash in push notification drivers.
- additional fix for blank headers

PORTREVISION bump for mail/dovecot-pigeonhole, mail/dovecot-fts-xapian
*NOT* requesting MFH as 2.3.9 is not in 2019Q4.

Security:	b7dc4dde-2e48-43f9-967a-c68461537cf2
Security:	CVS-2019-19722
04 Dec 2019 17:59:41
Original commit files touched by this commit Revision:519037  0.5.9 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.9, 0.5.9 respectively.

Bump PORTREVISION of mail/dovecot-fts-xapian for version change of dovecot.

Changelog:
Dovecot:
* Changed several event field names for consistency and to avoid
  conflicts in parent-child event relationships:
   * SMTP server command events: Renamed "name" to "cmd_name"
   * Events inheriting from a mailbox: Renamed "name" to "mailbox"
   * Server connection events have only "remote_ip", "remote_port",
     "local_ip" and "local_port".
   * Removed duplicate "client_ip", "ip" and "port".
   * Mail storage events: Removed "service" field.
     Use "service:<name>" category instead.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
08 Oct 2019 21:56:52
Original commit files touched by this commit Revision:514106  0.5.8 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.8 and 0.5.8 respectively.

release notes:
dovecot:
Changes

+ Added mail_delivery_started and mail_delivery_finished events, see
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
It shouldn't cause any user visible changes.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
28 Aug 2019 15:59:59
Original commit files touched by this commit Revision:510075  0.5.7.2 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot,mail/dovecot-pigeonhole: fix CVE-2019-11500

Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes. Found by Nick Roessler and Rafi Rubin.

MFH:		2019Q3
Security:	CVE-2019-11500
13 Aug 2019 22:29:43
Original commit files touched by this commit Revision:508882  0.5.7.1_1 This port version is marked as vulnerable.
mat search for other commits by this committer
onvert to UCL & cleanup pkg-message (categories l-m)
26 Jul 2019 20:46:57
Original commit files touched by this commit Revision:507372  0.5.7.1_1 This port version is marked as vulnerable.
gerald search for other commits by this committer
Bump PORTREVISION for ports depending on the canonical version of GCC
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.

PR:		238330
23 Jul 2019 14:26:56
Original commit files touched by this commit Revision:507215  0.5.7.1 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.7.1 and 0.5.7.1
respectively.

These releases fix the reported regressions in v2.3.7 & v0.5.7.

Dovecot core:
        - Fix TCP_NODELAY errors being logged on non-Linux OSes
        - lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
        - Remove wrongly added checks in namespace prefix checking

Pigeonhole:
        - dsync: Sieve script syncing failed if mailbox attributes weren't
          enabled.
12 Jul 2019 13:20:30
Original commit files touched by this commit Revision:506460  0.5.7 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot, mail/dovecot-pigeonhole: Update to 2.3.7 and 0.5.7 respectively.

dovecot changelog:
* fts-solr: Removed break-imap-search parameter
+ Added more events for the new statistics, see
  https://doc.dovecot.org/admin_manual/list_of_events/
+ mail-lua: Add IMAP metadata accessors, see
  https://doc.dovecot.org/admin_manual/lua/
+ Add event exporters that allow exporting raw events to log files and
  external systems, see
  https://doc.dovecot.org/configuration_manual/event_export/
+ SNIPPET is now PREVIEW and size has been increased to 200 characters.
+ Add body option to fts_enforced. This triggers building FTS index only
  on body search, and an error using FTS index fails the search rather
  than reads through all the mails.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
30 Apr 2019 21:33:30
Original commit files touched by this commit Revision:500569  0.5.6 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.6, 0.5.6 respectively.

Dovecot changelog:
* CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer
access when authentication was aborted by disconnecting.
* CVE-2019-11499: Submission-login crashed when authentication was started over
TLS secured channel and invalid authentication message was sent.
* auth: Support password grant with passdb oauth2.
+ Use system default CAs for outbound TLS connections.
+ Simplify array handling with new helper macros.
+ fts_solr: Enable configuring batch_size and soft_commit features.
- lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when
XCLIENT commands were sent infinitely to the remote server.
- lmtp/submission: Forwarded multi-line replies were erroneously sent as two
replies to the client.
- lib-smtp: client: Message was not guaranteed to contain CRLF consistently when
CHUNKING was used.
- fts_solr: Plugin was no longer compatible with Solr 7.
- Make it possible to disable certificate checking without setting
ssl_client_ca_* settings.
- pop3c: SSL support was broken.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
05 Mar 2019 23:34:13
Original commit files touched by this commit Revision:494752  0.5.5 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot and mail/dovecot-pigeonhole upgrade to 2.3.5 and 0.5.5 respectively

dovecot changelog:
+ Lua push notification driver: mail keywords and flags are provided in
MessageNew and MessageAppend events.
+ submission: Implement support for plugins.
+ auth: When auth_policy_log_only=yes, only log what the policy server response
would do without actually doing it.
+ auth: Always log policy server decisions with auth_verbose=yes
- v2.3.[34]: doveadm log errors: Output was missing user/session
- lda: Debug log lines could have shown slightly corrupted
- login proxy: Login processes may have crashed in various ways when
login_proxy_max_disconnect_delay was set.
- imap: Fix crash with Maildir+zlib if client disconnects during APPEND
- lmtp proxy: Fix potential assert-crash
- lmtp/submission: Fix crash when SMTP client transaction times out
- submission: Split large XCLIENT commands to 512 bytes per command, so Postfix
accepts them.
- submission: Fix crash when client sends invalid BURL command
(Only the first 15 lines of the commit message are shown above View all of this commit message)
12 Dec 2018 01:35:36
Original commit files touched by this commit Revision:487272  0.5.4_1 This port version is marked as vulnerable.
gerald search for other commits by this committer
Bump PORTREVISION for ports depending on the canonical version of GCC
defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.

PR:		231590
23 Nov 2018 15:12:44
Original commit files touched by this commit Revision:485675  0.5.4 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot update to 2.3.4, mail/dovecot-pigeonhole to 0.5.4

dovecot change log:
* The default postmaster_address is now "postmaster@<user domain or
   server hostname>". If username contains the @domain part, that's
   used. If not, then the server's hostname is used.
* "doveadm stats dump" now returns two decimals for the "avg" field.

+ Added push notification driver that uses a Lua script
+ Added new SQL, DNS and connection events.
   See https://wiki2.dovecot.org/Events
+ Added "doveadm mailbox cache purge" command.
+ Added events API support for Lua scripts
+ doveadm force-resync -f parameter performs "index fsck" while opening
   the index. This may be useful to fix some types of broken index files.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
01 Oct 2018 23:18:30
Original commit files touched by this commit Revision:481076  0.5.3 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot upgrade to 2.3.3, mail/dovecot-pigeonhole upgrade to 0.5.3.

dovecot changelog:
* doveconf hides more secrets now in the default output.
* ssl_dh setting is no longer enforced at startup. If it's not set and
   non-ECC DH key exchange happens, error is logged and client is
   disconnected.

+ Added log_debug=<filter> setting.
+ Added log_core_filter=<log filter> setting.
+ quota-clone: Write to dict asynchronously
+ --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ lmtp proxy: Support source_ip passdb extra field.
+ doveadm stats dump: Support more fields and output stddev by default.
+ push-notification: Add SSL support for OX backend.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
29 Jul 2018 22:18:46
Original commit files touched by this commit Revision:475857  0.5.2_3 This port version is marked as vulnerable.
gerald search for other commits by this committer
Bump PORTREVISION for ports depending on the canonical version of GCC
in the ports tree (via Mk/bsd.default-versions.mk and lang/gcc) which
has now moved from GCC 6 to GCC 7 by default.

This includes ports
 - featuring USE_GCC=yes or USE_GCC=any,
 - featuring USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and those
 - with USES=compiler specifying one of openmp, nestedfct, c11, c++0x,
   c++11-lib, c++11-lang, c++14-lang, c++17-lang, or gcc-c++11-lib.

PR:		222542
29 Jun 2018 19:05:16
Original commit files touched by this commit Revision:473575  0.5.2_2 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: bump PORTREVISION.
29 Jun 2018 19:03:59
Original commit files touched by this commit Revision:473574  0.5.2_1 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: add imap_filter_sieve.txt to Makefile(s)
29 Jun 2018 18:44:50
Original commit files touched by this commit Revision:473572  0.5.2_1 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: add missing doc file

Obtained from:	upstream github
29 Jun 2018 16:36:04
Original commit files touched by this commit Revision:473557  0.5.2 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot, mail/dovecot-pigeonhole: upgrade to 2.3.2 and 0.5.2 respectively

dovecot changelog:
v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as
well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are
already in https://repo.dovecot.org/

* old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while
   opening /proc/self/io. This may still cause security problems if the
   process is ptrace()d at the same time. Instead, open it while still
   running as root.
+ doveadm: Added mailbox cache decision&remove commands. See
   doveadm-mailbox(1) man page for details.
+ doveadm: Added rebuild attachments command for rebuilding
   $HasAttachment or $HasNoAttachment flags for matching mails. See
   doveadm-rebuild(1) man page for details.
+ cassandra: Use fallback_consistency on more types of errors
(Only the first 15 lines of the commit message are shown above View all of this commit message)
22 Apr 2018 21:35:38
Original commit files touched by this commit Revision:468060  0.5.1 This port version is marked as vulnerable.
dbaio search for other commits by this committer
Add mail/dovecot22 (v2.2.35) and mail/dovecot-pigeonhole04 (v0.4.23)

This brings back Dovecot 2.2.35 to the tree because there is an issue
with version 2.3.1 and replication in some scenarios [1].

Keep this version until this problem gets fixed upstream.

1 - https://www.dovecot.org/list/dovecot/2018-April/111477.html

Approved by:	adamw (maintainer of mail/dovecot)
Approved by:	ler   (maintainer of mail/dovecot-pigeonhole)
01 Apr 2018 17:10:31
Original commit files touched by this commit Revision:466172  0.5.1 This port version is marked as vulnerable.
adamw search for other commits by this committer
Update dovecot to 2.3.1, and dovecot-pigeonhole to 0.5.1

This is a very large update, and it WILL require manually
updating existing conf files, though the changes to do so
are not extensive. Updating instructions are here:

	https://wiki2.dovecot.org/Upgrading/2.3

Additionally there are various cleanups to the dovecot rc(8)
script, and support for a LUA scripting interface for dovecot.

The decision was made not to import the 2.3.0 or 2.3.0.1 releases
here, due to the number of existing bugs. ler and I have been
dogfooding it for months now, and all of the bugs I've encountered
are fixed in this 2.3.1 release.

This update is the result of many, many hours of collborative work
between ler and me, and the input of many people on the freebsd-ports
list.
20 Mar 2018 00:25:28
Original commit files touched by this commit Revision:465041  0.4.23 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: upgrade to 0.4.23:
- editheader extension: Corrected the stream position calculations
  performed while making the modified message available as a stream.
  Pigeonhole Sieve crashed in LMTP with an assertion panic when the
  Sieve editheader extension was used before the message was redirected.
  Experiments indicate that the problem occurred only with LMTP and that
  LDA is not affected.
- fileinto extension: Fix assert panic occurring when fileinto is used
  without being listed in the require line, while the copy extension is
  listed there. This is a very old bug.
- imapsieve plugin: Do not log an error for messages that disappear
  concurrently while applying Sieve scripts. This is a further
  improvement on the imapsieve fix in the previous release (which fixed
  a panic). This event is now logged as a debug message.
19 Mar 2018 15:06:05
Original commit files touched by this commit Revision:465012  0.4.22_1 This port version is marked as vulnerable.
adamw search for other commits by this committer
Update dovecot to 2.2.35, and bump pigeonhole

    - charset_alias: compile fails with Solaris Studio, reported by
      John Woods.
    - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
    - imapc: Don't try to add mails to index if they already exist there.
    - imapc: If email is modified in istream_opened hook, mail size isn't
      updated.
    - lib-dcrypt: When reading encrypted data, more data would not be
      read if buffer was not consumed causing panic or hang.
    - notify: When notify plugin is used and transaction commit fails in
      dsync, crash occurs.
    - sdbox: When delivering to a mailbox that is over quota, temp files
      are not cleaned up when saving or copying fails.
02 Mar 2018 18:05:18
Original commit files touched by this commit Revision:463423  0.4.22 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: upgrade to v0.4.22.

Changelog:
- Fixed filesystem path handling problem: sieve plugin could have
  assert-crashed with specific path lengths with: "Panic: file
  realpath.c: line 86 (path_normalize): assertion failed: (npath_pos +
  1 < npath + asize)".
- Sieve extprograms plugin: Large output from "execute" command crashed
  delivery. Fixed buffering issue in code that handles output from the
  external program.
- editheader extension: Extensively reworked the low-level
  implementation of adding and removing headers. This solves a few
  integer arithmetic problems reported by Clang runtime checks, but also
  improves code structure and reliability in general.
- imapsieve: Fix assert crash occurring when selected messages are
  expunged concurrently by the time Sieve filter is to be applied.
- imap4flags extension: Fix binary byte-code corruption occurring when
  the setflag, addflag, or removeflag command's flag-list is a variable.
- enotify extension: mailto method: Fixed parsing of mailto URI with
  only a header part.
- enotify extension: mailto method: Make sure "From:" header is set to a
  usable address and not "(null)".
- Fixed writing address headers to outgoing messages. It sometimes
  erroneously applied another layer of MIME header encoding.
28 Feb 2018 23:12:44
Original commit files touched by this commit Revision:463271  0.4.21_2 This port version is marked as vulnerable.
adamw search for other commits by this committer
Update dovecot to 2.2.34, and bump pigeonhole.

 * CVE-2017-15130: TLS SNI config lookups may lead to excessive
   memory usage, causing imap-login/pop3-login VSZ limit to be reached
   and the process restarted. This happens only if Dovecot config has
   local_name { } or local { } configuration blocks and attacker uses
   randomly generated SNI servernames.
 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
   leak memory contents to attacker. For example, these memory contents
   might contain parts of an email from another user if the same imap
   process is reused for multiple users. First discovered by Aleksandar
   Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
   via HackerOne.
 * CVE-2017-15132: Aborted SASL authentication leaks memory in login
   process.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
20 Oct 2017 15:00:36
Original commit files touched by this commit Revision:452533  0.4.21_1 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot: update to 2.2.33.2.

One more patch release with some fixes:

- doveadm: Fix crash in proxying (or dsync replication) if remote is
  running older than v2.2.33
- auth: Fix memory leak in %{ldap_dn}
- dict-sql: Fix data types to work correctly with Cassandra

bump dovecot-pigeonhole PORTREVISION as well.
12 Oct 2017 21:16:04
Original commit files touched by this commit Revision:451929  0.4.21 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: update to 0.4.21.

Changelog v0.4.21:

* redirect action: Always set the X-Sieve-Redirected-From header to
  sieve_user_email if configured. Before, it would use the envelope
  recipient instead if available, which makes no sense if the primary
  e-mail address is available.
+ vacation extension: Allow ignoring the envelope sender while composing
  the "To:" header for the reply. Normally, the "To:" header is composed
  from the address found in the "Sender", "Resent-From" or "From"
  headers that is equal to the envelope sender. If none is then found,
  the bare envelope sender is used. This change adds a new setting
  "sieve_vacation_to_header_ignore_envelope". With this setting enabled,
  the "To:" header is always composed from those headers in the source
(Only the first 15 lines of the commit message are shown above View all of this commit message)
11 Oct 2017 17:15:52
Original commit files touched by this commit Revision:451765  0.4.20_3 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot: upgrade to 2.2.33.1.

- dovecot-lda was logging to stderr instead of to the log file.
10 Oct 2017 15:45:35
Original commit files touched by this commit Revision:451707  0.4.20_2 This port version is marked as vulnerable.
adamw search for other commits by this committer
Update dovecot to 2.2.33, and bump pigeonhole.

* doveadm director commands wait for the changes to be visible in the
  whole ring before they return. This is especially useful in testing.
* Environments listed in import_environment setting are now set or
  preserved when executing standalone commands (e.g. doveadm)

+ doveadm proxy: Support proxying logs. Previously the logs were
  visible only in the backend's logs.
+ Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
+ Added a new notify_status plugin, which can be used to update dict
  with current status of a mailbox when it changes. See
  https://wiki2.dovecot.org/Plugins/NotifyStatus
+ Mailbox list index can be disabled for a namespace by appending
  ":LISTINDEX=" to location setting.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
10 Sep 2017 20:55:39
Original commit files touched by this commit Revision:449591  0.4.20_1 This port version is marked as vulnerable.
gerald search for other commits by this committer
Bump PORTREVISION for ports depending on the canonical version of GCC
(via Mk/bsd.default-versions.mk and lang/gcc) which has moved from
GCC 5.4 to GCC 6.4 under most circumstances.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c++11-lib, c++11-lang,
   c++14-lang, c++0x, c11, or gcc-c++11-lib.

PR:		219275
27 Aug 2017 14:34:22
Original commit files touched by this commit Revision:448822  0.4.20 This port version is marked as vulnerable.
ler search for other commits by this committer
mail/dovecot-pigeonhole: upgrade to 0.4.20.
Changelog v0.4.20:

+ Made the retention period for redirect duplicate identifiers
  configurable. For accounts that perform many redirects, the lda-dupes
  database could grow to impractical sizes. Changed the default
  retention period from 24 to 12 hours.
- sieve-filter: Fixed memory leak: forgot to clean up script binary at
  end of execution. Normally, this would merely be an inconsequential
  memory leak. However, when the script comes from an LDAP storage, this
  would cause io leak warnings.
- managesieve-login: Fixed handling of AUTHENTICATE command. A second
  authenticate command would be parsed wrong. This problem was caused by
  changes in the previous release.
- LDA Sieve plugin: Fixed minor memory leak caused by not cleaning up
  the sieve_discard script.
24 Aug 2017 16:49:23
Original commit files touched by this commit Revision:448697  0.4.19_2 This port version is marked as vulnerable.
adamw search for other commits by this committer
Update dovecot to 2.2.32, and bump pigeonhole.

* imapc: Info-level line is logged every time when successfully
  connected to the remote server. This includes local/remote IP/port,
  which can be useful for matching against external logs.
* config: Log a warning if plugin { key=no } is used explicitly.
  v2.3 will support "no" properly in plugin settings, but for now
  any value at all for a boolean plugin setting is treated as "yes",
  even if it's written as explicit "no". This change will now warn
  that it most likely won't work as intended.

+ Various optimizations to avoid accessing files/directories when it's
  not necessary. Especially avoid accessing mail root directories when
  INDEX directories point to a different filesystem.
+ mail_location can now include ITERINDEX parameter. This tells Dovecot
(Only the first 15 lines of the commit message are shown above View all of this commit message)
07 Aug 2017 21:44:01
Original commit files touched by this commit Revision:447519  0.4.19_1 This port version is marked as vulnerable.
adamw search for other commits by this committer
Rename dovecot2/dovecot2-pigeonhole to dovecot/dovecot-pigeonhole.

It might be necessary to manually remove and reinstall the package under
the new name.

Discussed with:	ler

Number of commits found: 38