MFH: r438222 r438323 r438365 r439618 r439854
This contains updates to both dovecot2 and dovecot2-pigeonhole that
fix bugs and, in dovecot2, a CVE.
Update dovecot to 2.2.29, and bump PORTREVISION for the plugins. Add a
warning to the pkg-message that security.bsd.see_other_uids/gids should
not be enabled if dovecot is storing mail for multiple users concurrently
(PR 218392, submitted by topical).
- passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (CVE-2017-2669)
- When Dovecot encounters an internal error, it logs the real error and usually logs another line saying what function failed. Previously the second log line's error message was a rather uninformative "Internal error occurred. Refer to server log for more information." Now the real error message is duplicated in this second log line.
- lmtp: If a delivery has multiple recipients, run autoexpunging only for the last recipient. This avoids a problem where a long autoexpunge run causes LMTP client to timeout between the DATA replies, resulting in duplicate mail deliveries.
- config: Don't stop the process due to idling. Otherwise the configuration is reloaded when the process restarts.
- mail_log plugin: Differentiate autoexpunges from regular expunges
- imapc: Use LOGOUT to cleanly disconnect from server.
- lib-http: Internal status codes (>9000) are no longer visible in logs
- director: Log vhost count changes and HOST-UP/DOWN
+ quota: Add plugin { quota_max_mail_size } setting to limit the maximum individual mail size that can be saved. + imapc: Add imapc_features=delay-login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapc_connection_retry_count and imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add (deinit) to process title before autoexpunging runs. + Added %{encrypt} and %{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human-readable string. + imap/pop3-login: All forward_* extra fields returned by passdb are sent to the next hop when proxying using ID/XCLIENT commands. On the receiving side these fields are imported and sent to auth process where they're accessible via %{passdb:forward_*}. This is done only if the sending IP address matches login_trusted_networks. + imap-login: If imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id} expands to it in auth process. The ID string is also sent to the next hop when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation. - fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28. (fixed in FreeBSD ports)
- trash plugin was broken in 2.2.28 (fixed in FreeBSD ports)
- auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs.
- auth: passdb { skip & mechanisms } were ignored for the first passdb
- oauth2: Various fixes, including fixes to crashes
- dsync: Large Sieve scripts (or other large metadata) weren't always synced.
- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
- doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail).
- ACLs weren't applied to not-yet-existing autocreated mailboxes.
- Fixed a potential crash when parsing a broken message header.
- cassandra: Fallback consistency settings weren't working correctly.
- doveadm director status <user>: "Initial config" was always empty
- imapc: Various reconnection fixes.
Upgrade mail/dovecot2-pigeonhole to 0.4.18.
Changelog v0.4.18:
+ imapsieve plugin: Implemented the copy_source_after rule action. When
this is enabled for a mailbox rule, the specified Sieve script is executed for the message in the source mailbox during a "COPY" event. This happens only after the Sieve script that is executed for the corresponding message in the destination mailbox finishes running successfully.
+ imapsieve plugin: Added non-standard Sieve environment items for the
source and destination mailbox.
- multiscript: The execution of the discard script had an implicit "keep", rather than an implicit "discard".
Approved by: adamw (mentor)
Differential Revision: https://reviews.freebsd.org/D10366
Update to 2.2.29.1.
- imapc reconnection fix was forgotten from 2.2.29 release, which also made "make check" fail in a unit test
- dict-sql: Merging multiple UPDATEs to a single statement wasn't actually working.
- Fixed building with vpopmail
Upon continuing the deferred implicit keep, the implicit side-effects
(such as imap flags) were not applied.
Obtained from: https://github.com/dovecot/pigeonhole/commit/3e1a17a286ab0e084577fc267a442cb12aed1cbc
Approved by: adamw (mentor, implicit)
Add an alread-upstreamed patch to fix dovecot-auth wedging with
NTLM authentication.
PR: 218693
Submitted by: Andriy Syrovenko
Obtained from: https://github.com/dovecot/core/commit/a319c3201bff1ea7bae3e7ab1fae42e9c4759056
Approved by: ports-secteam (feld)