Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 2314C84D27
	for <pkgsrc-changes@NetBSD.org>; Wed, 20 Sep 2023 18:32:16 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id a8_StyVKiqQ8 for <pkgsrc-changes@netbsd.org>;
	Wed, 20 Sep 2023 18:32:15 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 0617784CCA
	for <pkgsrc-changes@NetBSD.org>; Wed, 20 Sep 2023 18:32:15 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id F311FFBDB; Wed, 20 Sep 2023 18:32:14 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1695234734288760"
MIME-Version: 1.0
Date: Wed, 20 Sep 2023 18:32:14 +0000
From: "Juraj Lutter" <otis@netbsd.org>
Subject: CVS commit: pkgsrc/mail/dovecot2
To: pkgsrc-changes@NetBSD.org
Approved: commit_and_comment
Reply-To: otis@netbsd.org
X-Mailer: log_accum
Message-Id: <20230920183214.F311FFBDB@cvs.NetBSD.org>

This is a multi-part message in MIME format.

--_----------=_1695234734288760
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	otis
Date:		Wed Sep 20 18:32:14 UTC 2023

Modified Files:
	pkgsrc/mail/dovecot2: Makefile.common PLIST distinfo

Log Message:
mail/dovecot2: Update to 2.3.21

Changelog:
* lib-oauth2: Allow JWT tokens to be validated with missing typ field.
  The typ field is left out by some key issuers to conserve space,
  notably kubernetes. Now missing typ is tolerated, but if present, it
  still must be "jwt".
+ auth: Auth passdb and userdb reply can contain "event_<name>=value"
  which will be added to login event and mail user event respectively.
+ lib-master: Set process title during various initialization stages to
  clearly describe what the process is waiting on.
+ lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
  by 0..30% based on username's hash to reduce the chance of load spikes.
+ lib-storage: The temp file scan has been moved from the open of the
  mailbox to the close, to reduce the latency perceived by users.
+ stats: If metric has fields specified, all these fields are
  exported as counters to prometheus exposition.
  See https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
- *-login: Processes might have crashed when a SSL connection disconnects
  uncleanly.
- acl: When plugin was loaded \HasChildren and \HasNoChildren flags
  were calculated incorrectly for mailboxes containing '*' and '%'
  in their names.
- auth: Crash occured if a connection to PostgreSQL database server
  failed during startup.
- auth: Logins with invalid passwords (e.g. unknown scheme) in passdb
  were failing with "password mismatch" instead of "internal error".
- auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol
  specific error message on all errors. This especially broke OIDC
  discovery.
- dbox: When last_temp_file_scan header wasn't set (especially after
  dsync migration), the next mailbox open always triggers the temp file
  scan. This could have caused a load spike after migrations. Fixed by
  using the mailbox directory's atime when the header isn't set, which
  usually moves the scan time into the future.
- dict-redis: A crash would occur on transaction rollback.
- dsync: Infinite loop causing out of memory would occur when handling
  mailbox deletion from remote end and hierarchy separators would differ.
- dsync: Incremental dsync failed for folder names ending with '%',
  unless BROKENCHAR was set. Also folder names with '%' elsewhere in
  them caused each incremental dsync to unnecessarily rename the folder
  to a temporary name and back. v2.3.19 regression.
- imap-hibernate: If an IMAP client unhibernation timed out with
  "(version received)", the unhibernation could still have successfully
  finished later on and continued working normally. This was rather
  confusing, because imap-hibernate already logged that the client got
  disconnected. Avoid this by forcing the connection to shutdown on
  unhibernation timeout.
- imapc: Crashed when a folder mapped through the virtual plugin
  disappears from the storage.
- imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously
  selected mailbox could have been processed as if they belonged to the
  new mailbox currently being selected. This could have caused warnings.
- lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have
  disconnected HTTP clients before the response is fully sent. This
  happened only on busy servers where kernel's socket buffers were
  rather full.
- lib-http: Fixed a potential crash on http-server if a client
  disconnected early. v2.3.18 regression.
- lib-index: Index file corruption could have caused a crash. Fixes:
  Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set):
  assertion failed: (min_file_seq <= max_file_seq).
- lib-index: Purging an existing >1GB cache file can crash. Now cache
  files still above 1GB after purging are removed. Fixes:
  Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset):
  assertion failed: (offset < 0x40000000)
- lib-lua: A HTTP client could not resolve DNS names in mail processes,
  because it expected "the dns-client" socket to exist in the current
  directory.
- lib-oauth2: Dovecot would send client_id and client_secret as POST
  parameters to the introspection server. These need to be optionally in
  Basic auth instead.
- lib-oauth2: JWT aud validation was not performed if aud was missing
  from a token, but was configured on Dovecot.
- lib-oauth2: JWT key type check was too strict.
- lib-oauth2: JWT token audience was not validated against client_id as
  required by the specification.
- lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused
  CRL check failures for outgoing SSL/TLS connections, although it was
  supposed to affect checking CRLs only for client-side SSL
  certificates. v2.3.17 regression.
- lib-sql: MySQL driver leaked memory when connection failed.
- lib-storage: Various fixes when running into out of disk space.
- master: Service idle_kill setting didn't work properly on busy
  servers. It was very unlikely that any process was idling long enough
  to become killed. Also the idle_kill handling code was using quite a
  lot of CPU on the master process when there were a lot of processes
  (e.g. imap). The new behavior is to track the lowest number of idling
  processes every idle_kill time interval and then kill that many idling
  processes.
- mdbox: Temp file scan was done for always empty directories.
- mdbox: The fdatasync() call was done in wrong parent directory when
  writing mails. Also on a failure it crashed instead of logging an error.
- notify_status: The plugin crashes if any user initialization fails.
- pop3: Sending command with the ':' character caused an assert-crash.
  v2.3.18 regression. Fixes: Panic: event_reason_code_prefix(): name has ':'
- stats: Fix panic when a nonexistent event exporter was referenced while
  adding a new metric dynamically via doveadm stats add. This produces
  a proper error now.
- stats: If process exported a lot of events and then exited, some of
  the last events may have become lost.
- stats: Invalid Prometheus label names were created with specific
  histogram group_by configurations. Prometheus rejected these labels.
- welcome: The plugin didn't execute in some situations that created
  INBOX but didn't open it, e.g. if GETMETADATA was used before the
  INBOX was opened.


To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 pkgsrc/mail/dovecot2/Makefile.common
cvs rdiff -u -r1.76 -r1.77 pkgsrc/mail/dovecot2/PLIST
cvs rdiff -u -r1.120 -r1.121 pkgsrc/mail/dovecot2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1695234734288760
Content-Disposition: inline
Content-Length: 2700
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/mail/dovecot2/Makefile.common
diff -u pkgsrc/mail/dovecot2/Makefile.common:1.51 pkgsrc/mail/dovecot2/Makefile.common:1.52
--- pkgsrc/mail/dovecot2/Makefile.common:1.51	Sun Jan  1 15:43:42 2023
+++ pkgsrc/mail/dovecot2/Makefile.common	Wed Sep 20 18:32:14 2023
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.51 2023/01/01 15:43:42 adam Exp $
+# $NetBSD: Makefile.common,v 1.52 2023/09/20 18:32:14 otis Exp $
 #
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
@@ -11,7 +11,7 @@
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
 
-DISTNAME=	dovecot-2.3.20
+DISTNAME=	dovecot-2.3.21
 CATEGORIES=	mail
 MASTER_SITES=	https://dovecot.org/releases/${PKGVERSION_NOREV:R}/
 

Index: pkgsrc/mail/dovecot2/PLIST
diff -u pkgsrc/mail/dovecot2/PLIST:1.76 pkgsrc/mail/dovecot2/PLIST:1.77
--- pkgsrc/mail/dovecot2/PLIST:1.76	Wed May 11 09:26:57 2022
+++ pkgsrc/mail/dovecot2/PLIST	Wed Sep 20 18:32:14 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.76 2022/05/11 09:26:57 adam Exp $
+@comment $NetBSD: PLIST,v 1.77 2023/09/20 18:32:14 otis Exp $
 bin/doveadm
 bin/doveconf
 bin/dovecot-sysreport
@@ -447,6 +447,7 @@ include/dovecot/ostream-dot.h
 include/dovecot/ostream-encrypt.h
 include/dovecot/ostream-failure-at.h
 include/dovecot/ostream-file-private.h
+include/dovecot/ostream-final-trickle.h
 include/dovecot/ostream-hash.h
 include/dovecot/ostream-metawrap.h
 include/dovecot/ostream-multiplex.h

Index: pkgsrc/mail/dovecot2/distinfo
diff -u pkgsrc/mail/dovecot2/distinfo:1.120 pkgsrc/mail/dovecot2/distinfo:1.121
--- pkgsrc/mail/dovecot2/distinfo:1.120	Sun Jan  1 15:43:42 2023
+++ pkgsrc/mail/dovecot2/distinfo	Wed Sep 20 18:32:14 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.120 2023/01/01 15:43:42 adam Exp $
+$NetBSD: distinfo,v 1.121 2023/09/20 18:32:14 otis Exp $
 
-BLAKE2s (dovecot-2.3.20.tar.gz) = 0977cd66fe91430070820e93a1f4c3863acccc48db7ff8c190b4b2777d8e3add
-SHA512 (dovecot-2.3.20.tar.gz) = 20c5a9cacf2c22d99d46400b666206e5b153c35286c205eec5df4d2ce0c88cf29ea15df81716794fd75837f6d67dfa4037096cf4bb66f524877a9a0a6bb282c8
-Size (dovecot-2.3.20.tar.gz) = 7805735 bytes
+BLAKE2s (dovecot-2.3.21.tar.gz) = 8279638bc72f97d9787b454e814dbe008b8d40aeed07019dca58ed5e7e2772fb
+SHA512 (dovecot-2.3.21.tar.gz) = 2d463c38639c3fd3d617ee5b1a4e4d0c11362339c4d4d62a5a90164a8b10bc58919545679bbf379139bdb743fdb013033abfddc1fc6401eb8099463cdc2401ca
+Size (dovecot-2.3.21.tar.gz) = 7837242 bytes
 SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611
 SHA1 (patch-ab) = 685ab3d0e21515bf157e9897ebdebf484f0ece96
 SHA1 (patch-ae) = c1e76d75fab4b13d3b9b33af800bac18c90989da


--_----------=_1695234734288760--