Update dovecot to 2.2.34, and bump pigeonhole.

 * CVE-2017-15130: TLS SNI config lookups may lead to excessive
   memory usage, causing imap-login/pop3-login VSZ limit to be reached
   and the process restarted. This happens only if Dovecot config has
   local_name { } or local { } configuration blocks and attacker uses
   randomly generated SNI servernames.
 * CVE-2017-14461: Parsing invalid email addresses may cause a crash or
   leak memory contents to attacker. For example, these memory contents
   might contain parts of an email from another user if the same imap
   process is reused for multiple users. First discovered by Aleksandar
   Nikolic of Cisco Talos. Independently also discovered by "flxflndy"
   via HackerOne.
 * CVE-2017-15132: Aborted SASL authentication leaks memory in login
   process.
 * Linux: Core dumping is no longer enabled by default via
   PR_SET_DUMPABLE, because this may allow attackers to bypass
   chroot/group restrictions. Found by cPanel Security Team. Nowadays
   core dumps can be safely enabled by using "sysctl -w
   fs.suid_dumpable=2". If the old behaviour is wanted, it can still be
   enabled by setting:
   import_environment=$import_environment PR_SET_DUMPABLE=1
 * doveconf output now includes the hostname.

 + mail_attachment_detection_options setting controls when
   $HasAttachment and $HasNoAttachment keywords are set for mails.
 + imap: Support fetching body snippets using FETCH (SNIPPET) or
   (SNIPPET (LAZY=FUZZY))
 + fs-compress: Automatically detect whether input is compressed or not.
   Prefix the compression algorithm with "maybe-" to enable the
   detection, for example: "compress:maybe-gz:6:..."
 + Added settings to change dovecot.index* files' optimization behavior.
   See https://wiki2.dovecot.org/IndexFiles#Settings
 + Auth cache can now utilize auth workers to do password hash
   verification by setting auth_cache_verify_password_with_worker=yes.
 + Added charset_alias plugin. See
   https://wiki2.dovecot.org/Plugins/CharsetAlias
 + imap_logout_format and pop3_logout_format settings now support all of
   the generic variables (e.g. %{rip}, %{session}, etc.)
 + Added auth_policy_check_before_auth, auth_policy_check_after_auth
   and auth_policy_report_after_auth settings.
 - v2.2.33: doveadm-server: Various fixes related to log handling.
 - v2.2.33: doveadm failed when trying to access UNIX socket that didn't
   require authentication.
 - v2.2.33: doveadm log reopen stopped working
 - v2.2.30+: IMAP stopped advertising SPECIAL-USE capability
 - v2.2.30+: IMAP stopped sending untagged OK/NO storage notifications
 - replication: dsync sends unnecessary replication notification for
   changes it does internally. NOTE: Folder creates, renames, deletes
   and subscribes still trigger unnecessary replication notifications,
   but these should be rather rare.
 - mail_always/never_cache_fields setting changes weren't applied for
   existing dovecot.index.cache files.
 - Fix compiling and other problems with OpenSSL v1.1
 - auth policy: With master user logins, lookup using login username.
 - FTS reindexed all mails unnecessarily after loss of
   dovecot.index.cache file
 - mdbox rebuild repeatedly fails with "missing map extension"
 - SSL connections may have been hanging with imapc or doveadm client.
 - cassandra: Using protocol v3 (Cassandra v2.1) caused memory leaks and
   also timestamps weren't set to queries.
 - fs-crypt silently ignored public/private keys specified in
   configuration (mail_crypt_global_public/private_key) and just
   emitted plaintext output.
 - lock_method=dotlock caused crashes
 - imapc: Reconnection may cause crashes and other errors

MFH:		2018Q1
Security:	CVE-2017-14461
Security:	CVE-2017-15130
Security:	CVE-2017-15132

8 files changed, 9 insertions, 53 deletions

diff --git a/mail/dovecot-pigeonhole/Makefile b/mail/dovecot-pigeonhole/Makefile
index 1ecab215cb48..15795a01b4a2 100644
--- a/mail/dovecot-pigeonhole/Makefile
+++ b/mail/dovecot-pigeonhole/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	dovecot-pigeonhole
 PORTVERSION=	0.4.21
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	mail
 MASTER_SITES=	http://pigeonhole.dovecot.org/releases/${DOVECOTVERSION}/
 DISTNAME=	${PORTNAME:C/-/-${DOVECOTVERSION}-/}-${PORTVERSION}
diff --git a/mail/dovecot/Makefile b/mail/dovecot/Makefile
index 160e4f57eaf3..1c1148917cb0 100644
--- a/mail/dovecot/Makefile
+++ b/mail/dovecot/Makefile
@@ -12,8 +12,7 @@
 ######################################################################
 
 PORTNAME=	dovecot
-PORTVERSION=	2.2.33.2
-PORTREVISION=	4
+PORTVERSION=	2.2.34
 CATEGORIES=	mail ipv6
 MASTER_SITES=	https://www.dovecot.org/releases/2.2/
 
diff --git a/mail/dovecot/distinfo b/mail/dovecot/distinfo
index e56b47c8f501..b4de8d9db0af 100644
--- a/mail/dovecot/distinfo
+++ b/mail/dovecot/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1508511506
-SHA256 (dovecot-2.2.33.2.tar.gz) = fe1e3b78609a56ee22fc209077e4b75348fa1bbd54c46f52bde2472a4c4cee84
-SIZE (dovecot-2.2.33.2.tar.gz) = 6131086
+TIMESTAMP = 1519859066
+SHA256 (dovecot-2.2.34.tar.gz) = 5e92a4325409e66b343f6aaa67174b8921ce83d0df792c6eeb0b7b7e2c808353
+SIZE (dovecot-2.2.34.tar.gz) = 6181270
diff --git a/mail/dovecot/files/patch-src_doveadm_Makefile.am b/mail/dovecot/files/patch-src_doveadm_Makefile.am
deleted file mode 100644
index 0d00ca745c13..000000000000
--- a/mail/dovecot/files/patch-src_doveadm_Makefile.am
+++ /dev/null
@@ -1,13 +0,0 @@
---- src/doveadm/Makefile.am.orig	2017-10-11 17:29:32 UTC
-+++ src/doveadm/Makefile.am
-@@ -180,8 +180,8 @@ test_libs = \
- 	../lib/liblib.la
- test_deps = $(noinst_LTLIBRARIES) $(test_libs)
- 
--test_doveadm_util_SOURCES = test-doveadm-util.c
--test_doveadm_util_LDADD = doveadm-util.o $(test_libs) $(MODULE_LIBS)
-+test_doveadm_util_SOURCES = doveadm-util.c test-doveadm-util.c
-+test_doveadm_util_LDADD = $(test_libs) $(MODULE_LIBS)
- test_doveadm_util_DEPENDENCIES = $(test_deps)
- 
- check: check-am check-test
diff --git a/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c b/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c
deleted file mode 100644
index ea72b475af69..000000000000
--- a/mail/dovecot/files/patch-src_lib-auth_auth-client-request.c
+++ /dev/null
@@ -1,12 +0,0 @@
---- src/lib-auth/auth-client-request.c.orig	2017-10-05 17:10:44 UTC
-+++ src/lib-auth/auth-client-request.c
-@@ -180,6 +180,9 @@ void auth_client_request_abort(struct auth_client_requ
- 
- 	auth_client_send_cancel(request->conn->client, request->id);
- 	call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
-+	/* remove the request */
-+	auth_server_connection_remove_request(request->conn, request->id);
-+ 	pool_unref(&request->pool);
- }
- 
- unsigned int auth_client_request_get_id(struct auth_client_request *request)
diff --git a/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c b/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c
deleted file mode 100644
index 69fa39426051..000000000000
--- a/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.c
+++ /dev/null
@@ -1,13 +0,0 @@
---- src/lib-auth/auth-server-connection.c.orig	2017-10-05 17:10:44 UTC
-+++ src/lib-auth/auth-server-connection.c
-@@ -481,3 +481,10 @@ auth_server_connection_add_request(struct auth_server_
- 	hash_table_insert(conn->requests, POINTER_CAST(id), request);
- 	return id;
- }
-+
-+void auth_server_connection_remove_request(struct auth_server_connection *conn,
-+					   unsigned int id)
-+{
-+	i_assert(conn->handshake_received);
-+	hash_table_remove(conn->requests, POINTER_CAST(id));
-+}
diff --git a/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h b/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h
deleted file mode 100644
index e331bbdd2d61..000000000000
--- a/mail/dovecot/files/patch-src_lib-auth_auth-server-connection.h
+++ /dev/null
@@ -1,9 +0,0 @@
---- src/lib-auth/auth-server-connection.h.orig	2017-10-05 17:10:44 UTC
-+++ src/lib-auth/auth-server-connection.h
-@@ -38,4 +38,6 @@ void auth_server_connection_disconnect(struct auth_ser
- unsigned int
- auth_server_connection_add_request(struct auth_server_connection *conn,
- 				   struct auth_client_request *request);
-+void auth_server_connection_remove_request(struct auth_server_connection *conn,
-+					   unsigned int id);
- #endif
diff --git a/mail/dovecot/pkg-plist b/mail/dovecot/pkg-plist
index 36b30c8fd807..b9d0e480f6e4 100644
--- a/mail/dovecot/pkg-plist
+++ b/mail/dovecot/pkg-plist
@@ -76,6 +76,7 @@ include/dovecot/bits.h
 include/dovecot/bsearch-insert-pos.h
 include/dovecot/buffer.h
 include/dovecot/byteorder.h
+include/dovecot/charset-utf8-private.h
 include/dovecot/charset-utf8.h
 include/dovecot/child-wait.h
 include/dovecot/client-common.h
@@ -310,6 +311,7 @@ include/dovecot/istream-seekable.h
 include/dovecot/istream-sized.h
 include/dovecot/istream-tee.h
 include/dovecot/istream-timeout.h
+include/dovecot/istream-try.h
 include/dovecot/istream-unix.h
 include/dovecot/istream-zlib.h
 include/dovecot/istream.h
@@ -622,6 +624,8 @@ lib/dovecot/lib15_notify_plugin.a
 lib/dovecot/lib15_notify_plugin.so
 lib/dovecot/lib20_autocreate_plugin.a
 lib/dovecot/lib20_autocreate_plugin.so
+lib/dovecot/lib20_charset_alias_plugin.a
+lib/dovecot/lib20_charset_alias_plugin.so
 lib/dovecot/lib20_expire_plugin.a
 lib/dovecot/lib20_expire_plugin.so
 lib/dovecot/lib20_fts_plugin.a