Revision 439856

MFH: r438222 r438323 r438365 r439618 r439854

This contains updates to both dovecot2 and dovecot2-pigeonhole that
fix bugs and, in dovecot2, a CVE.

Update dovecot to 2.2.29, and bump PORTREVISION for the plugins. Add a
warning to the pkg-message that security.bsd.see_other_uids/gids should
not be enabled if dovecot is storing mail for multiple users concurrently
(PR 218392, submitted by topical).

 * passdb/userdb dict: Don't double-expand %variables in keys. If dict
   was used as the authentication passdb, using specially crafted
   %variables in the username could be used to cause DoS (CVE-2017-2669)
 * When Dovecot encounters an internal error, it logs the real error and
   usually logs another line saying what function failed. Previously the
   second log line's error message was a rather uninformative "Internal
   error occurred. Refer to server log for more information." Now the
   real error message is duplicated in this second log line.
 * lmtp: If a delivery has multiple recipients, run autoexpunging only
   for the last recipient. This avoids a problem where a long
   autoexpunge run causes LMTP client to timeout between the DATA
   replies, resulting in duplicate mail deliveries.
 * config: Don't stop the process due to idling. Otherwise the
   configuration is reloaded when the process restarts.
 * mail_log plugin: Differentiate autoexpunges from regular expunges
 * imapc: Use LOGOUT to cleanly disconnect from server.
 * lib-http: Internal status codes (>9000) are no longer visible in logs
 * director: Log vhost count changes and HOST-UP/DOWN

 + quota: Add plugin { quota_max_mail_size } setting to limit the
   maximum individual mail size that can be saved.
 + imapc: Add imapc_features=delay-login. If set, connecting to the
   remote IMAP server isn't done until it's necessary.
 + imapc: Add imapc_connection_retry_count and
   imapc_connection_retry_interval settings.
 + imap, pop3, indexer-worker: Add (deinit) to process title before
   autoexpunging runs.
 + Added %{encrypt} and %{decrypt} variables
 + imap/pop3 proxy: Log proxy state in errors as human-readable string.
 + imap/pop3-login: All forward_* extra fields returned by passdb are
   sent to the next hop when proxying using ID/XCLIENT commands. On the
   receiving side these fields are imported and sent to auth process
   where they're accessible via %{passdb:forward_*}. This is done only
   if the sending IP address matches login_trusted_networks.
 + imap-login: If imap_id_retain=yes, send the IMAP ID string to
   auth process. %{client_id} expands to it in auth process. The ID
   string is also sent to the next hop when proxying.
 + passdb imap: Use ssl_client_ca_* settings for CA validation.
 - fts-tika: Fixed crash when parsing attachment without
   Content-Disposition header. Broken by 2.2.28. (fixed in FreeBSD ports)
 - trash plugin was broken in 2.2.28 (fixed in FreeBSD ports)
 - auth: When passdb/userdb lookups were done via auth-workers, too much
   data was added to auth cache. This could have resulted in wrong
   replies when using multiple passdbs/userdbs.
 - auth: passdb { skip & mechanisms } were ignored for the first passdb
 - oauth2: Various fixes, including fixes to crashes
 - dsync: Large Sieve scripts (or other large metadata) weren't always
   synced.
 - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent
 - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix
 - doveadm: Exit codes weren't preserved when proxying commands via
   doveadm-server. Almost all errors used exit code 75 (tempfail).
 - ACLs weren't applied to not-yet-existing autocreated mailboxes.
 - Fixed a potential crash when parsing a broken message header.
 - cassandra: Fallback consistency settings weren't working correctly.
 - doveadm director status <user>: "Initial config" was always empty
 - imapc: Various reconnection fixes.

Upgrade mail/dovecot2-pigeonhole to 0.4.18.

Changelog v0.4.18:

+ imapsieve plugin: Implemented the copy_source_after rule action. When
  this is enabled for a mailbox rule, the specified Sieve script is
  executed for the message in the source mailbox during a "COPY" event.
  This happens only after the Sieve script that is executed for the
  corresponding message in the destination mailbox finishes running
  successfully.
+ imapsieve plugin: Added non-standard Sieve environment items for the
  source and destination mailbox.
- multiscript: The execution of the discard script had an implicit
  "keep", rather than an implicit "discard".

Approved by:	adamw (mentor)
Differential Revision:	https://reviews.freebsd.org/D10366

Update to 2.2.29.1.

  - imapc reconnection fix was forgotten from 2.2.29 release, which also
    made "make check" fail in a unit test
  - dict-sql: Merging multiple UPDATEs to a single statement wasn't
    actually working.
  - Fixed building with vpopmail

Upon continuing the deferred implicit keep, the implicit side-effects
(such as imap flags) were not applied.

Obtained from:	https://github.com/dovecot/pigeonhole/commit/3e1a17a286ab0e084577fc267a442cb12aed1cbc
Approved by: adamw (mentor, implicit)

Add an alread-upstreamed patch to fix dovecot-auth wedging with
NTLM authentication.

PR:		218693
Submitted by:	Andriy Syrovenko
Obtained from:	https://github.com/dovecot/core/commit/a319c3201bff1ea7bae3e7ab1fae42e9c4759056

Approved by:	ports-secteam (feld)