• https://dovecot.org/releases/2.3/ (Download)

• no_db
• no_ldap
• no_mysql
• no_postgresql

• (2022-06-18) Updated to version: dovecot-2.3.19.1
• (2022-05-13) Updated to version: dovecot-2.3.19
• (2022-02-05) Updated to version: dovecot-2.3.18
• (2021-12-08) Updated to version: dovecot-2.3.17.1
• (2021-08-07) Updated to version: dovecot-2.3.16
• (2021-06-22) Updated to version: dovecot-2.3.15
• (2021-03-08) Updated to version: dovecot-2.3.14
• (2021-01-08) Updated to version: dovecot-2.3.13
• (2020-08-12) Updated to version: dovecot-2.3.11.3
• (2020-05-19) Updated to version: dovecot-2.3.10.1

Log message:
list known dependencies in a comment in the Makefile as a reminder for
anyone doing commits to -stable (we don't have a good discovery mechanism
for what to rebuild for -stable packages, so PKGSPEC is ignored for that)..

Log message:
build Dovecot with icu4c support, tweak/ok brad

Log message:
update to Dovecot 2.3.16 / Dovecot-pigeonhole 0.5.16, from Brad

Log message:
update to Dovecot 2.3.15
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client.

Log message:
update to Dovecot 2.3.15
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client.

Log message:
add an @sample that I missed

Log message:
update to Dovecot 2.3.14, ok Brad
Note that some components have been removed in this release, summarised
below but check changelogs before updating. https://dovecot.org/doc/NEWS
* Remove autocreate, expire, snarf and mail-filter plugins.
expire and autocreate can be replaced by "autoexpunge" and "auto"
mailbox settings instead. mail-filter was a bit problematic anyway.
snarf is not often used.
* Remove cydir storage driver.
This was meant for benchmarking and stress testing index handling
and is not normally used in a real server.
* Remove XZ/LZMA write support. Read support will be removed in future release.
If you're using XZ/LZMA then disable it for writes in your configuration
(mailboxes can have a mixture of different types of compression, or some
and no compression) and plan to migrate your existing storage to either
no compression or alternative compression.

Log message:
Dovecot tweaks: depend on libstemmer/libexttextcat to build snowball filters,
fix paths to tools (pdftotext, etc) in decode2text.sh which can optionally be
used to index attachments. OK Brad.

Log message:
enable debug packages for Dovecot/-piugeonhole, suggested by anton@, ok brad

Log message:
add a gratuitous bump to dovecot-fts-xapian; dovecot plugins must be
built against the exact version and this is handled correctly by PKGSPEC
but the scripts used to decide which packages to build for -stable can't
cope with this
add warnings to all the ports known to have this type of version check

Log message:
add a gratuitous bump to dovecot-fts-xapian; dovecot plugins must be
built against the exact version and this is handled correctly by PKGSPEC
but the scripts used to decide which packages to build for -stable can't
cope with this
add warnings to all the ports known to have this type of version check

Log message:
update to Dovecot 2.3.13, ok Brad
* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
(IMAP hibernate is not used by default).
* Mail delivery / parsing crashed when the 10 000th MIME part was
message/rfc822 (or if parent was multipart/digest). This happened
due to earlier MIME parsing changes for CVE-2020-12100.
A number of other crash fixes are included.
https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html

Log message:
update to Dovecot 2.3.13, ok Brad

Log message:
Dovecot: add patch to avoid a null printf, from upstream
ok Brad

Log message:
update to Dovecot 2.3.11.3, ok Brad (maintainer)
includes some crash fixes, see https://github.com/dovecot/core/blob/2.3.11.3/NEWS

Log message:
Backport the diff between Dovecot 2.3.10 and 2.3.10.1 to 2.3.9 for 6.6-stable
OK Brad
DOV-3784, CVE-2020-10957: Sending malformed NOOP command causes
crash in submission, submission-login or lmtp service.
DOV-3875, CVE-2020-10958: Sending command followed by sufficient
number of newlines triggers a use-after-free bug that might crash
submission-login, submission or lmtp service.
DOV-1745, CVE-2020-10967: Sending mail with empty quoted localpart
causes submission or lmtp component to crash.

Log message:
MFC dovecot update to 2.3.10.1 for security fixes

Log message:
update to Dovecot 2.3.10.1, ok Brad
DOV-3784, CVE-2020-10957: Sending malformed NOOP command causes
crash in submission, submission-login or lmtp service.
DOV-3875, CVE-2020-10958: Sending command followed by sufficient
number of newlines triggers a use-after-free bug that might crash
submission-login, submission or lmtp service.
DOV-1745, CVE-2020-10967: Sending mail with empty quoted localpart
causes submission or lmtp component to crash.

Log message:
Make use of "find -exec {} +" (which is POSIX) and "find -delete"
(which is not) throughout the ports Makefiles.
* Replace find|xargs with find -exec {} +
* Replace -exec {} \; with -exec {} + if applicable.
* Use the -delete operator to remove files and empty directories.
* Combine and tweak some find(1) invocations while here.
ok kn@ rsadowski@ espie@

Log message:
dovecot: sync PLIST closer to what Brad had (I was confused as I had a local
update before he sent his). Keep dovecot-sysreport commented for now as it
requires GNU grep options.

Log message:
update to Dovecot 2.3.10, from Brad, plus I synced plist and wantlib

Log message:
update to Dovecot 2.3.9.3, from Brad (maintainer).
CVE-2020-7046
lib-smtp doesn't handle truncated command parameters properly, resulting
in infinite loop taking 100% CPU for the process. This happens for LMTP
(where it doesn't matter so much) and also for submission-login where
unauthenticated users can trigger it.
CVE-2020-7957
Snippet generation crashes if:
- message is large enough that message-parser returns multiple body blocks
- The first block(s) don't contain the full snippet (e.g. full of whitespace)
- input ends with '>'
Sending specially crafted email can cause mailbox to have permanently
unaccessible mail, or the mail can be stuck in delivery.

Log message:
update to Dovecot 2.3.9.3, from Brad (maintainer).
CVE-2020-7046
lib-smtp doesn't handle truncated command parameters properly, resulting
in infinite loop taking 100% CPU for the process. This happens for LMTP
(where it doesn't matter so much) and also for submission-login where
unauthenticated users can trigger it.
CVE-2020-7957
Snippet generation crashes if:
- message is large enough that message-parser returns multiple body blocks
- The first block(s) don't contain the full snippet (e.g. full of whitespace)
- input ends with '>'
Sending specially crafted email can cause mailbox to have permanently
unaccessible mail, or the mail can be stuck in delivery.

Log message:
update to Dovecot 2.3.9.2

Log message:
update to Dovecot 2.3.9.2 and pigeonhole 0.5.9, from Brad.
CVE-2019-19722

Log message:
update to Dovecot 2.3.8, from Brad

Log message:
update to Dovecot 2.3.7.2 / Dovecot Pigeonhole 0.5.7.2, from Brad
CVE-2019-11500 https://dovecot.org/pipermail/dovecot/2019-August/116873.html

Log message:
update to Dovecot 2.3.7.2 / Dovecot Pigeonhole 0.5.7.2, from Brad
CVE-2019-11500 https://dovecot.org/pipermail/dovecot/2019-August/116873.html

Log message:
Update to Dovecot 2.3.7.1 / Pigeonhole 0.5.7.1, these have a couple of
small post-2.3.7 fixes including one which fixes sync if sieve is in use
and mail_attribute_dict is not set. From Brad.

Log message:
oops, forgot to remove this patch when backing out

Log message:
Revert the Dovecot update for now, there are some problems with replication
e.g. https://www.mail-archive.com/dovecot@dovecot.org/msg78030.html

Log message:
update to Dovecot 2.3.7, from Brad

Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes

Log message:
MFC Dovecot updates; CVE-2019-11494 and CVE-2019-11499, from Brad

Log message:
update to Dovecot 2.3.6, from Brad:
- CVE-2019-11494: Submission-login crashed with signal 11 due to null
pointer access when authentication was aborted by disconnecting.
- CVE-2019-11499: Submission-login crashed when authentication was
started over TLS secured channel and invalid authentication message was
sent.

Log message:
Bump limit, from Hiltjo Posthuma
Remove mention about full-text search since the internal FTS indexer
was removed and it's out-of-process now. Requested by sthen@
No feedback from maintainer.

Log message:
security update to Dovecot 2.3.5.2, from Brad
CVE-2019-10691: Trying to login with 8bit username containing invalid
UTF8 input causes auth process to crash if auth policy is enabled. This
could be used rather easily to cause a DoS. Similar crash also happens
during mail delivery when using invalid UTF8 in From or Subject header
when OX push notification driver is used.

Log message:
update -stable to Dovecot 2.2.36.3, from Brad

Log message:
update to Dovecot 2.3.5.1, from Brad
CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files

Log message:
update to Dovecot 2.3.5, from Brad

Log message:
Remove USE_LIBTOOL=gnu, the test program that had compile failures with
base libtool is no longer present, and everything else seems fine. ok Brad.

Log message:
Update -stable to Dovecot 2.2.36.1 for CVE-2019-3814 and the
bug fixes in Dovecot and Dovecot-pigeonhole 0.4.24.1.
From Brad.

Log message:
update to Dovecot 2.3.4.1, fixing some issues with client certificates.
ok brad (maintainer)
* CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
* ssl_cert_username_field setting was ignored with external SMTP
AUTH, because none of the MTAs (Postfix, Exim) currently send the
cert_username field. This may have allowed users with trusted
certificate to specify any username in the authentication. This bug
didn't affect Dovecot's Submission service.

Log message:
dovecot patch tweak, from Brad (no package change):
Update to the patch from upstream and add use PRIu64 format patch.

Log message:
update to Dovecot 2.3.4, from Brad (maintainer)

Log message:
Update to dovecot-2.3.3. N.B. see https://wiki.dovecot.org/Upgrading/2.3
for required configuration changes, some settings especially ssl-related
have changed.
Initial diff from Renaud Allard, further changes from Brad.

Log message:
convert to PKGSTEM

Log message:
update to dovecot-2.2.36, from Brad

Log message:
update to Dovecot 2.2.35, ok brad

Log message:
Add ssl_protocols_to_min_protocol workaround from current.

Log message:
If SSL_CTX_set_min_proto_version is found, Dovecot enables some code to
convert ssl_protocols strings to min/max values. Patch to neuter the autoconf
check because this code doesn't work correctly (in particular it doesn't
handle strings with !SSLv2) and fallback to the old working code instead.
No reply to https://www.dovecot.org/pipermail/dovecot/2018-March/111260.html
but the code is different in Dovecot master/2.3 (it looks like they did it
this way in 2.2 so they could use the 1.1-api functions without config
changes, but it backfired).
ok Brad

Log message:
MFC update of Dovecot to 2.2.34, and dovecot-pigeonhole to 0.4.22 to match.
Dovecot security fixes: CVE-2017-15130 CVE-2017-14461 CVE-2017-15132

Log message:
security update to Dovecot 2.2.34. while there, also fix the default TLS
protocol string to avoid using !SSLv2 which is not supported. ok juanfra@ Brad
* CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage,
causing imap-login/pop3-login VSZ limit to be reached and the process
restarted. This happens only if Dovecot config has local_name { } or local
{ } configuration blocks and attacker uses randomly generated SNI servernames.
* CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak
memory contents to attacker. For example, these memory contents might contain
parts of an email from another user if the same imap process is reused for
multiple users.
* CVE-2017-15132: Aborted SASL authentication leaks memory in login process.

Log message:
Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d
daemon scripts and bump subpackages that contain the *.rc scripts.
discussed with and OK aja@
OK tb

Log message:
update to Dovecot 2.2.32, from Brad (and same diff here). (Amongst other
things, fixes a fairly annoying bug with replication not being able to
recover from index problems in some versions).

Log message:
bump LIBCXX/LIBECXX/COMPILER_LIBCXX ports.

Log message:
use COMPILER_LIBCXX where applicable

Log message:
update to dovecot-2.2.31, from Brad

Log message:
update to dovecot-2.2.30.1, from Brad

Log message:
bugfix update to Dovecot 2.2.29.1, from Brad

Log message:
update to Dovecot 2.2.29, from Brad.
* passdb/userdb dict: Don't double-expand %variables in keys. If dict
was used as the authentication passdb, using specially crafted
%variables in the username could be used to cause DoS (CVE-2017-2669)

Log message:
use LIBCXX

Log message:
backport fix for dovecot's trash plugin, "Panic: file mail-namespace.c:
line 709 (mail_namespace_find): assertion failed: (ns != NULL)". ok brad

Log message:
update to Dovecot 2.2.28, ok Brad

Log message:
Full package spec isn't needed in LIB_DEPENDS-xx/RUN_DEPENDS-xx for subpkgs
depending on the main package, because PKGSPEC is set. Mainly done to simplify
testing RCs. OK Brad (maintainer).

Log message:
update to dovecot-2.2.27, and use https HOMEPAGE. From Brad.
CVE-2016-8652 (the version in 6.0 isn't affected): "If auth-policy
component has been activated in Dovecot, then remote user can use
SASL authentication to crash auth component. Workaround is to disable
auth-policy component until fix is in place."

Log message:
move include/dovecot/ldap-client.h to PLIST-ldap, reported by brad and dhill,
based on a diff from dhill

Log message:
Patch Dovecot to handle openssl 1.1 api #ifdefs, e.g.
-+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
++#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
Looks good to jca.

Log message:
update to Dovecot 2.2.26.0, ok brad

Log message:
Cope with moving sqlite3 back to ports.

Log message:
replace libiconv module

Log message:
Second and last pass at pre-entively fixing ports that would break once
guenther's header pollution cleanup diff is in.

Log message:
oops, committed previous from wrong tree. noticed by nigel@

Log message:
drop -lpthread hack, no longer needed. ok brad

Log message:
update to Dovecot 2.2.24, from Brad.

Log message:
update to Dovecot 2.2.23, ok brad

Log message:
remove SHARED_ONLY from simple ports that use the gettext or libiconv module

Log message:
update to dovecot-2.2.22, from Brad

Log message:
Add a patch to re-allow the CRYPT password scheme in Dovecot. This scheme
checks the password against the stored hash using the OS crypt() function
and supports whichever schemes are supported by the OS, but currently
Dovecot makes some assumptions about hash format (to work around a
segfault when used on OpenBSD following removal of DES from crypt).
'doveadm pw -s CRYPT' (tool to generate hashed passwords) will now produce
bcrypt passwords rather than not allowing the scheme at all. More info in
the patch itself.  OK Brad.

Log message:
update to Dovecot 2.2.21, from Brad

Log message:
Fix "doveadm pw" crashing when using the crypt scheme since OpenBSD's
crypt() doesn't support DES now. From Brad.

Log message:
update to Dovecot 2.2.19, from Brad

Log message:
stop patching Dovecot's sample config files to enable client workarounds;
from Brad (maintainer).

Log message:
update to dovecot 2.2.18, from brad

Log message:
Update to Dovecot 2.2.16, from Brad (maintainer)

Log message:
link Dovecot's executables with -lpthread, allowing use of plugins which
use shared libraries that use threads (e.g. mysqlclient). ok brad@

Log message:
Update to Dovecot 2.2.15.
With some input from and ok sthen@

Log message:
Update to Dovecot 2.2.14.
ok sthen@

Log message:
Fix rc script mode/group, and adjust an #ifdef in a patch to use a specific
OpenBSD version. From Brad (maintainer).

Log message:
Add a krb5-config script to avoid patching the autoconf input files. From Brad.

Log message:
use correct group ownership for @sample'd /var/dovecot/login directory
ok Brad

Log message:
Fix packaging, cluebat from Ian McWilliam

Log message:
Update Dovecot in -stable to 1.2.17, rolling in previous backported patches
and fixing a few other bugs. From Brad, ok jasper@

Log message:
Switch Dovecot to using plugins for ldap/database support. From Brad,
with pkgpath/dependency marker tweaks from myself. Looks good to pea@.
This means we are now using subpackages rather than flavours; if upgrading
from a flavoured version, you will need to add the relevant module yourself.
e.g.: dovecot-$VER-ldap will be upgraded to dovecot-$VER, you must
pkg_add dovecot-ldap.

Log message:
Fix CVE-2011-1929
ok brad (maintainer), sthen@

Log message:
tweak CONFIGURE_ARGS, from Brad (it now accepts --without-foo which is
slightly clearer than --with-foo=no)

Log message:
bdb was in the DESCR too, pointed out by Brad

Log message:
- tweak @pkgpath markers
- use a shorter comment reminding to bump dovecot-pigeonhole for updates
(and place it next to the version variables)
- bdb support is no more, drop the flavour
ok Brad

Log message:
Update dovecot to 2.0.13, joint work between pea@, Brad and myself, ok pea@
This is a major update and configuration changes are required -
see http://wiki2.dovecot.org/Upgrading/2.0 for more

Log message:
Sanitize some @unexec/@extraunexec calls to rm: move them up in the
PLIST and delete everything under the @sample'd directory instead of the
directory itself to prevent a warning from pkg_delete(1) trying to
remove a non existing directory and to help preventing left-over files
and directories.
ok aja@

Log message:
Bump ports which should be using newer autoconf to 2.65;
config.h files checked.  From Brad.

Log message:
Drop the rc.local fragment from MESSAGE-server now we have an rc script.
Pointed out by Dorian Buettner, ok Brad.

Log message:
- add an rc script for Dovecot.
- adjust commented-out paths in sample config file so that sockets
used for certain optional features (e.g. the LDA) are placed in a
a directory which already exists.
ok+help from Brad

Log message:
- remove USE_GROFF=Yes, manpages checked by brad.
from brad (MAINTAINER)

Log message:
Some fixes from upstream:
- imap: Fixed a memory leak in ESEARCH.
- imap/pop3-login: Don't crash if passdb returns proxy field without host.
- lib-index: Added a missing sanity check for expunge-guid record's uid.
This fixes a non-self healing assert-crash.
- master: Delete also pipes from login_dir (left by v2.0).
From Brad (maintainer), ok ajacoutot@

Log message:
default db-* for db/v4 is incorrect, set PKGSPEC=db->=4,<5, bump packages
with erroneous depends.

Log message:
new depends

Log message:
update the managesieve plugin, from Brad.

Log message:
update Dovecot to 1.2.16, from Brad (maintainer).

Log message:
convert libiconv to new wantlib

Log message:
USE_GROFF=Yes

Log message:
update to newer sieve plugin, from Brad (maintainer)

Log message:
update to 1.2.15, from Brad

Log message:
Dovecot fixes from upstream via Brad.
- maildir: If uidlist isn't read, don't mark its UIDs as being known when
saving.
- maildir: Avoid unnecessary uidlist recreation during mail delivery.
- Removed "die after 3 EINTR write() failures to log".

Log message:
fixes from upstream via Brad;
- Fixed setgid() failure error message.
- imap: If selecting a mailbox fails, close the already selected mailbox.

Log message:
update Dovecot to 1.2.14, from Brad.
several fixes and adds support for IDLE notifications with the
virtual storage plugin.

Log message:
With the non-default-flavoured dovecot packages (ldap, etc), rather than
forcing the no_sieve flavour (and thus not using the managesieve patch),
instead just remove -sieve from the MULTI_PACKAGE list. Fixes managesieve
with various flavoured packages. Problem found and diff from Andrew Fresh
via Brad. ok (and dpb3 testing) naddy@.

Log message:
switch to the 1.2.13 managesieve diff, now it's been updated. from Brad.

Log message:
- Add a bug fix from upstream via Brad:
mbox: Fields weren't being added to cache file during message saving.
- Knock out the sieve subpackage if building with another flavor.
The object code was ending up linked to db/ldap libraries and thus
producing bad packages in bulk builds. This is a nasty hack from me
to fix packages until we have time to fix the linking and has a
big fat XXX next to it. Ok Brad (maintainer).

Log message:
update to 1.2.13, from Brad

Log message:
mbox: When generating envelope to From_-line, don't append a second
@owndomain if username already has one.
from upstream via Brad.

Log message:
Fix for mbox (Renaming mailbox under newly created dir didn't move
index directory). From upstream via Brad.

Log message:
2 fixes from upstream via Brad
- lib-charset: Don't assert-crash when iconv() skips lots of invalid input.
- lib-storage: When getting decoded headers, don't fail when MIME encoded-words
expand to LFs.

Log message:
update to 0.2.12 from Brad (maintainer)

Log message:
sync patches, no package change. from Brad.

Log message:
add a patch from upstream via Brad:
imap: If FETCH notices cached message size is wrong, mark cache corrupted

Log message:
Update sieve to 0.1.16
ok brad (maintainer), sthen@

Log message:
fix a crash in deliver, from upstream via Brad

Log message:
use newer autoconf, from Brad

Log message:
cherrypick another diff from upstream; from Brad:
pgsql: Don't leak memory if query returns multiple results.

Log message:
add a bugfix patch from upstream; from Brad

Log message:
when adding the managesieve patches, use patch -z.managesieve.orig
so update-patches doesn't pick them all up. ok Brad. no bump needed.

Log message:
MAJOR update to Dovecot 1.2.11
The old cmusieve is removed in favor of the new sieve implementation.
Be very careful when upgrading.
Small howto here: http://openbsd.raveland.org/ports/dovecot/UPGRADE_HOWTO
With tweaks from brad (maintainer) and sthen@: thanks
Lot of tests from Robert (robert at openbsd.pap.st), thanks !
ok brad (maintainer), sthen@

Log message:
fix the path to /usr/sbin/sendmail. ok Brad (maintainer), pea@, jasper@
(ports is still not fully open)

Log message:
make sure flavor-invariant packages really don't pick up any flavor

Log message:
MFC:
stability/bugfix update to 1.1.20
ok Brad jasper@

Log message:
Update to 1.1.20, from Brad.

Log message:
add two patches from upstream repo;
- maildir: Having a lot of keywords assert-crashed with "stack frame changed".
- master: When creating login processes, don't close any fds after dup2()s.
from Brad (maintainer).

Log message:
MFC:
- SECURITY update of dovecot-sieve (based on the Cyrus sieve library)
- bugfix update of dovecot
reminded by pea@, agree sthen@, ok Brad

Log message:
Add some patches from upstream. From Brad.

Log message:
MFC:
- SECURITY update of dovecot-sieve (based on the Cyrus sieve library)
- bugfix update of dovecot
originally from brad@, -stable diff partly from sthen@, thanks!
ok brad@ (MAINTAINER)

Log message:
- SECURITY update of dovecot-sieve (based on the Cyrus sieve library)
- bugfix update of dovecot
From Brad (maintainer).

Log message:
- let GSSAPI work again.
from remco@d-compu.dyndns.org.
ok brad (MAINTAINER)

Log message:
bugfix update to 1.1.18; from Brad.

Log message:
Bugfix update to 1.1.17; from Brad.

Log message:
1.1.16; bugfix update, from Brad. fixes a couple of crashes.

Log message:
maintenance update to 1.1.15, from Brad.

Log message:
use /dev/arandom; from Brad.

Log message:
maintenance update to 1.1.4, from Brad (maintainer)

Log message:
maintenance update to 1.1.13, from Brad

Log message:
maintenance update to Dovecot 1.1.12 plus a couple of post-release
patches from the upstream repo - from Brad (maintainer).

Log message:
log the correct filename in an error message; from upstream repo via Brad

Log message:
roll in fixes from upstream repo; from Brad.
- mail_index_lookup_first() didn't always find the result.
This caused SELECT not to return UNSEEN number always.
- Maildir: Fix to earlier >26 keywords handling change.
- i_stream_read(): Added a few more asserts.
- istream-tee: Minor cleanups, assert and a potential fix.

Log message:
maintenance update to 1.1.11, from Brad.

Log message:
Update to 1.1.10, from Brad - fixes some problems introduced by 1.1.9

Log message:
update to 1.1.9 and add a flavour add bdb dictionary support (allows
the expire plugin to work without a SQL database). From Brad (maintainer),
diff for bdb support from Michael Lechtermann.

Log message:
bugfix updates to 1.1.8 (Dovecot) and 1.1.6 (dovecot-sieve), from
Brad (maintainer).

Log message:
Update to Dovecot 1.1.7; A bug fix release.
ok sthen@

Log message:
Update to Dovecot 1.1.6; an important bug fix update.
ok sthen@

Log message:
Update to Dovecot 1.1.5.
ok sthen@

Log message:
Update to Dovecot 1.1.4.
ok sthen@

Log message:
Missing PKGNAME-sieve bump after COMMENT-sieve change.

Log message:
Update to Dovecot 1.1.3.
ok sthen@

Log message:
Add missing PREFIX marker to an example plugins path for LDA.
From Ingo Schwarze <schwarze at usta dot de>

Log message:
Upgrade to Dovecot 1.1.2.
ok jakob@

Log message:
Three fixes for Dovecot 1.0..
- Maildir: Group of the created shared directory wasn't set.
- Logging: Make sure we don't recurse infinitely when running out of memory.
- rfc822_parse_phrase(): Don't read outside data boundaries if input is empty.
From the Dovecot Mercurial repo.
ok sthen@

Log message:
Maildir: If there are multiple :2,<flags> in filename, use the last one
both getting and setting the flags.
From the Dovecot Mercurial repo.
ok sthen@

Log message:
upgrade to Dovecot 1.0.15. bug fix update.
ok sthen@

Log message:
Two fixes for Dovecot 1.0..
- Recreate dovecot-uidlist if updating it would shrink the file more than 25%.
- imap_get_base_subject_cased(): Subject trailers weren't removed correctly.
From the Dovecot Mercurial repo.
ok sthen@

Log message:
Maintenance update, recent patches are now rolled into the
distfile from upstream.  From Brad.

Log message:
update dovecot-sieve to new version, from Brad.

Log message:
Add fix from upstream repo, "mbox: If INBOX creation fails because
of EACCES, try with privileged group enabled."
http://hg.dovecot.org/dovecot-1.0/rev/932768a879c6
From Brad.

Log message:
Add some bug-fix patches; at this point in the Dovecot release cycle
most work is on 1.1, so it makes sense to add them locally for now.
- If SSL function fails and there are no errors, return "Unknown error"
instead of "Success" as the reason.
- Fixed a memory leak in ACL plugin.
- Send the success reply in one write.
- If remote disconnects, log "Connection closed: reason" just like IMAP does.
- STORE: Ignore flag changes for read-only (especially EXAMINEd) mailboxes.
- random_fill(): If read(/dev/urandom) returned EINTR, it could have written
random data before the given buffer.
- BODY/BODYSTRUCTURE fetch: Don't crash if we already had message parts
parsed.
From Brad, tested on various arch production servers.

Log message:
"allow_nets didn't work correctly with big endian machines."
From upstream:
http://hg.dovecot.org/dovecot-1.0/rev/71c02fdf1b59
via brad@

Log message:
cvs ate this patch.

Log message:
upgrade to Dovecot 1.0.13. security and bug fix update.
looks good jasper@

Log message:
dovecot 1.0.10; from MAINTAINER

Log message:
dovecot 1.0.9; from MAINTAINER

Log message:
update to dovecot 1.0.8, from MAINTAINER

Log message:
Dovecot 1.0.7 (bugfix release); from MAINTAINER

Log message:
update to Dovecot 1.0.6 (bugfix release); from MAINTAINER

Log message:
update to v1.0.5 (bugfix release)

Log message:
dovecot v1.0.4; from MAINTAINER

Log message:
Change Brads email address for now, so people can reach him instead of
getting bounces or 550s. Bump pkgnames. While here, remove quotes from
comments.
prompted by espie@

Log message:
dovecot 1.0.3; from maintainer

Log message:
MFC:
- upgrade dovecot-server to version 1.0.2 and dovecot-sieve to version 1.0.1 ;
fix several bugs
ok sturm@

Log message:
MFC:
- upgrade to version 1.0.2 ; fix several bugs
ok sturm@

Log message:
upgrade to v1.0.2, bugfix release; from brad@

Log message:
update to Dovecot 1.0.1, a bug fix release. from brad@

Log message:
update to dovecot 1.0.0
many bug and some security fixes
from brad

Log message:
update to dovecot 1.0.0
many bug and some security fixes
from brad

Log message:
update to dovecot 1.0.0
many bug and some security fixes
from brad

Log message:
update sieve plugin version

Log message:
Dovecot v1.0.0; from brad@

Log message:
another release candidate, mostly LDAP fixes; from brad@

Log message:
dovecot 1.0rc31; from brad@

Log message:
base64 checksums.

Log message:
dovecot 1.0 rc 28; from brad@

Log message:
add sqlite flavour; from brad@

Log message:
make dovecot-example_conf respect PREFIX again. broken many many moons ago.
ok maintainer

Log message:
dovecot 1.0 rc 27; from brad@

Log message:
version 1.0.rc22; from brad@

Log message:
dovecot 1.0.rc21 (from brad@)

Log message:
update to 1.0.rc19; from maintainer (brad@)

Log message:
upgrade to dovecot 1.0.rc17; from brad@

Log message:
- repair dependencies
- use BUILD_PKGPATH since this can be flavored
- add forgotten @pkgpath annotation
- bump all PKGNAMEs

Log message:
update to dovecot 1.0rc15
many bug fixes and at least one security fix
from brad

Log message:
update to dovecot 1.0rc15
many bug fixes and at least one security fix
from brad

Log message:
SECURITY:
Fixed an off-by-one buffer overflow in cache file handling. The
code is executed only with mmap_disable=yes and only if index files
are used (ie. INDEX=MEMORY is safe).
noticed by bernd

Log message:
SHARED_ONLY; from brad@

Log message:
default package

Log message:
add package for the sieve mail filter plugin; ok brad@

Log message:
upgrade to Dovecot 1.0rc15

Log message:
upgrade to Dovecot 1.0rc14

Log message:
Fix WANTLIB after openldap changes.

Log message:
upgrade to Dovecot 1.0rc13

Log message:
upgrade to Dovecot 1.0rc12

Log message:
upgrade to Dovecot 1.0rc11

Log message:
upgrade to Dovecot 1.0rc10

Log message:
upgrade to Dovecot 1.0rc9

Log message:
upgrade to Dovecot 1.0rc8

Log message:
fix a kqueue bug with the filesystem notification mechanism that could
potentially cause Dovecot to spin and chew up all of the available CPU
time.
>From Dovecot CVS.

Log message:
upgrade to Dovecot 1.0rc7
ok dlg@

Log message:
revert unapproved commit, the ports tree is locked

Log message:
upgrade to Dovecot 1.0rc5
ok marco@

Log message:
new lib specs

Log message:
bump PKGNAME.

Log message:
provide a useable config for mbox users by using fcntl for the write
locking method.

Log message:
Use perms of 755 instead of 700 for /var/dovecot.

Log message:
Use /etc/ssl as SYSCONFDIR can be changed by end user.
go ahead brad@

Log message:
disable kqueue for the file system notification method. as has been noted
on the dovecot list, there is a bug in this code which causes processes to
stay around after a client has disconnected.

Log message:
upgrade to Dovecot 1.0rc2
"That works way better." ok marco@

Log message:
Back out change with no review.
ok espie@, pvalchev@

Log message:
fix CONFIGURE_ARGS

Log message:
upgrade to Dovecot 1.0beta9

Log message:
update to dovecot 1.0.beta8
fixes a security hole with mboxes

Log message:
disable kqueue again.

Log message:
CVS missed this, checksums for beta8

Log message:
upgrade to Dovecot 1.0beta8

Log message:
second revision of the kqueue diff that should resolve an issue with
Dovecot imap processes' spinning and taking up all the available CPU time.
>From Vaclav Haisman on the Dovecot list.

Log message:
add a diff to fix the crashing issues exhibited when using kqueue() and
re-enable kqueue().
>From Vaclav Haisman on the Dovecot list.

Log message:
comment out the library archive and libtool wrapper for the new plugin.

Log message:
disable kqueue for now.

Log message:
upgrade to Dovecot 1.0beta7

Log message:
upgrade to Dovecot 1.0beta5

Log message:
upgrade to Dovecot 1.0beta4

Log message:
for some fairly rare unrecognized events print some additional info
when i_panic() is called to help with debugging.
>From Vaclav Haisman on the Dovecot list.

Log message:
Dovecot has code that is MIT licensed as well.

Log message:
upgrade to Dovecot 1.0beta3

Log message:
upgrade to Dovecot 1.0beta2

Log message:
patches for the kqueue code to fix a few issues.
From: <V dot Haisman at sh dot cvut dot cz>

Log message:
set pop3_uidl_format in the example config and enable various workarounds
for POP3/IMAP clients with issues such as OSX Mail/Outlook/Netscape/Thunderbird.

Log message:
fix a bug not allowing ssl_parameters_regenerate to be set on 64-bit archs.
>From Dovecot CVS

Log message:
upgrade to Dovecot 1.0beta1

Log message:
This is the real fix for the openldap problem. Sorry guys.
tested & ok alek@

Log message:
- Add sasl2 to LIB_DEPENDS in ldap FLAVOR. Caused by the last openldap update.
- Bump PKGNAME
"go ahead" espie@

Log message:
upgrade to Dovecot 1.0alpha4

Log message:
add a LDAP FLAVOR.

Log message:
upgrade to Dovecot 1.0alpha3

Log message:
upgrade to Dovecot 1.0alpha2

Log message:
upgrade to Dovecot 1.0alpha1

Log message:
spaces to tab

Log message:
add example config files.

Log message:
add a postgresql FLAVOR.
Based on similar diffs from chris@ and
Peter Galbavy <peter dot galbavy at knowtion dot net>

Log message:
MySQL FLAVOR.

Log message:
add a MySQL FLAVOR.
From: Johan Fredin <griffin at legonet dot org>

Log message:
- Fix libiconv detection
- Bump PKGNAME
ok brad@

Log message:
upgrade to Dovecot 0.99.14

Log message:
SIZE

Log message:
Add WANTLIB markers

Log message:
- Move notice from INSTALL to MESSAGE
- Replace (DE)INSTALL with @sample, @new(group|user)
- Bump PKGNAME
ok naddy@ brad@

Log message:
new style plists.

Log message:
new-style MODULES.

Log message:
upgrade to Dovecot 0.99.10.8

Log message:
upgrade to Dovecot 0.99.10.7

Log message:
remove some whitespace

Log message:
add a patch to unbreak being able to use symlinks with Maildir, bug introduced
in 0.99.10.6.
--
From: Dovecot author via Kevin Cramer <kcramer at siscom dot net>

Log message:
sync patches

Log message:
@extra and some cleaning

Log message:
upgrade to Dovecot 0.99.10.6
- takeover as MAINTAINER
--
ok MAINTAINER

Log message:
MFC:
upgrade to Dovecot 0.99.10.5
Dovecot 0.99.10.{4,5} fix some possible mail box corruption issues.

Log message:
MFC:
upgrade to Dovecot 0.99.10.5
Dovecot 0.99.10.{4,5} fix some possible mail box corruption issues.

Log message:
upgrade to Dovecot 0.99.10.5
--
ok MAINTAINER

Log message:
upgrade to Dovecot 0.99.10.4
--
ok MAINTAINER

Log message:
- initialize /var/dovecot/login via INSTALL to quell a warning about it
not existing (and thus be created by dovecot itself)
- incorporate upstream patch which prevents some partial BODY[part]
fetches from possibly returning data incorrectly
- bump PKGNAME

Log message:
fix three crashing bugs, bump PKGNAME
- searching address fields can crash sometimes
- auth process crashes if user doesn't have home directory set
- sme BODY and BODYSTRUCTURE replies missed data for message/rfc822 MIME
parts causing clients to break

Log message:
err on the side of caution and make "index_mmap_invalidate = yes" the
default to totally negate the chance of index corruption at the cost of
performance.  ok naddy@

Log message:
incorporate megadiff from the author which allows mmaping of index data
on openbsd, related to pr/3291.  bump PKGNAME