From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1000900-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id DB4241382C5
	for <garchives@archives.gentoo.org>; Thu,  1 Feb 2018 01:19:01 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 17A05E0AA3;
	Thu,  1 Feb 2018 01:19:01 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id D9B20E0AA3
	for <gentoo-commits@lists.gentoo.org>; Thu,  1 Feb 2018 01:19:00 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 15BA3335C60
	for <gentoo-commits@lists.gentoo.org>; Thu,  1 Feb 2018 01:18:59 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A14891C3
	for <gentoo-commits@lists.gentoo.org>; Thu,  1 Feb 2018 01:18:57 +0000 (UTC)
From: "Thomas Deutschmann" <whissi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org>
Message-ID: <1517447897.e3acd4d22b48eca30b27ce4694e4ae1de51fba40.whissi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-mail/dovecot/, net-mail/dovecot/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild net-mail/dovecot/dovecot-2.3.0-r3.ebuild net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch
X-VCS-Directories: net-mail/dovecot/files/ net-mail/dovecot/
X-VCS-Committer: whissi
X-VCS-Committer-Name: Thomas Deutschmann
X-VCS-Revision: e3acd4d22b48eca30b27ce4694e4ae1de51fba40
X-VCS-Branch: master
Date: Thu,  1 Feb 2018 01:18:57 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: e2c343f6-0cb5-402b-8269-bb064e13febd
X-Archives-Hash: 43fdbfdf1a9dcfac3905caa7e22090cc

commit:     e3acd4d22b48eca30b27ce4694e4ae1de51fba40
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  1 01:18:17 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Feb  1 01:18:17 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3acd4d2

net-mail/dovecot: bump, fixup for problem caused by patch for CVE-2017-15132

Dovecot login process would crash after few minutes of idle after
consecutive aborted logins when patch for CVE-2017-15132 was applied.

Bug: https://bugs.gentoo.org/644214
Package-Manager: Portage-2.3.21, Repoman-2.3.6

 net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild        | 292 +++++++++++++++++++++
 net-mail/dovecot/dovecot-2.3.0-r3.ebuild           | 289 ++++++++++++++++++++
 .../dovecot-2.2.33.2-CVE-2017-15132-fixup.patch    |  37 +++
 3 files changed, 618 insertions(+)

diff --git a/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild b/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild
new file mode 100644
index 00000000000..3ff57c442d7
--- /dev/null
+++ b/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild
@@ -0,0 +1,292 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit ssl-cert systemd user versionator
+
+MY_P="${P/_/.}"
+major_minor="$(get_version_component_range 1-2)"
+sieve_version="0.4.21"
+if [[ ${PV} == *_rc* ]] ; then
+	rc_dir="rc/"
+else
+	rc_dir=""
+fi
+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz
+	sieve? (
+	https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	)
+	managesieve? (
+	https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	) "
+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"
+HOMEPAGE="http://www.dovecot.org/"
+
+SLOT="0"
+LICENSE="LGPL-2.1 MIT"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86"
+
+IUSE_DOVECOT_AUTH="kerberos ldap mysql pam postgres sqlite vpopmail"
+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib"
+IUSE_DOVECOT_OTHER="caps doc ipv6 libressl lucene managesieve selinux sieve solr +ssl static-libs suid tcpd textcat"
+
+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"
+
+DEPEND="bzip2? ( app-arch/bzip2 )
+	caps? ( sys-libs/libcap )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )
+	lucene? ( >=dev-cpp/clucene-2.3 )
+	lzma? ( app-arch/xz-utils )
+	lz4? ( app-arch/lz4 )
+	mysql? ( virtual/mysql )
+	pam? ( virtual/pam )
+	postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] )
+	selinux? ( sec-policy/selinux-dovecot )
+	solr? ( net-misc/curl dev-libs/expat )
+	sqlite? ( dev-db/sqlite:* )
+	ssl? (
+		!libressl? ( dev-libs/openssl:0 )
+		libressl? ( dev-libs/libressl )
+	)
+	tcpd? ( sys-apps/tcp-wrappers )
+	textcat? ( app-text/libexttextcat )
+	vpopmail? ( net-mail/vpopmail )
+	zlib? ( sys-libs/zlib )
+	virtual/libiconv
+	dev-libs/icu:="
+
+RDEPEND="${DEPEND}
+	net-mail/mailbase"
+
+# Dovecot does not support building without ssl.  Force it for now
+REQUIRED_USE="ssl"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	if use managesieve && ! use sieve; then
+		ewarn "managesieve USE flag selected but sieve USE flag unselected"
+		ewarn "sieve USE flag will be turned on"
+	fi
+	# default internal user
+	enewgroup dovecot 97
+	enewuser dovecot 97 -1 /dev/null dovecot
+	# default login user
+	enewuser dovenull -1 -1 /dev/null
+	# add "mail" group for suid'ing. Better security isolation.
+	if use suid; then
+		enewgroup mail
+	fi
+}
+
+src_prepare() {
+	eapply -p0 "${FILESDIR}/${PN}-10-ssl.patch"
+	eapply "${FILESDIR}/${PN}-2.2.33.2-CVE-2017-15132.patch"
+	eapply "${FILESDIR}/${PN}-2.2.33.2-CVE-2017-15132-fixup.patch"
+	eapply_user
+}
+
+src_configure() {
+	local conf=""
+
+	if use postgres || use mysql || use sqlite; then
+		conf="${conf} --with-sql"
+	fi
+
+	# turn valgrind tests off. Bug #340791
+	VALGRIND=no econf \
+		--localstatedir="${EPREFIX}/var" \
+		--runstatedir="${EPREFIX}/run" \
+		--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \
+		--without-stemmer \
+		--disable-rpath \
+		--with-icu \
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+		$( use_with bzip2 bzlib ) \
+		$( use_with caps libcap ) \
+		$( use_with kerberos gssapi ) \
+		$( use_with ldap ) \
+		$( use_with lucene ) \
+		$( use_with lz4 ) \
+		$( use_with lzma ) \
+		$( use_with mysql ) \
+		$( use_with pam ) \
+		$( use_with postgres pgsql ) \
+		$( use_with sqlite ) \
+		$( use_with solr ) \
+		$( use_with ssl ) \
+		$( use_with tcpd libwrap ) \
+		$( use_with textcat ) \
+		$( use_with vpopmail ) \
+		$( use_with zlib ) \
+		$( use_enable static-libs static ) \
+		${conf}
+
+	if use sieve || use managesieve ; then
+		# The sieve plugin needs this file to be build to determine the plugin
+		# directory and the list of libraries to link to.
+		emake dovecot-config
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		econf \
+			$( use_enable static-libs static ) \
+			--localstatedir="${EPREFIX}/var" \
+			--enable-shared \
+			--with-dovecot="../${MY_P}" \
+			$( use_with managesieve )
+	fi
+}
+
+src_compile() {
+	default
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"
+	fi
+}
+
+src_test() {
+	default
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		default
+	fi
+}
+
+src_install () {
+	default
+
+	# insecure:
+	# use suid && fperms u+s /usr/libexec/dovecot/deliver
+	# better:
+	if use suid;then
+		einfo "Changing perms to allow deliver to be suided"
+		fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+		fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+	fi
+
+	newinitd "${FILESDIR}"/dovecot.init-r4 dovecot
+
+	rm -rf "${ED}"/usr/share/doc/dovecot
+
+	dodoc AUTHORS NEWS README TODO
+	dodoc doc/*.{txt,cnf,xml,sh}
+	docinto example-config
+	dodoc doc/example-config/*.{conf,ext}
+	docinto example-config/conf.d
+	dodoc doc/example-config/conf.d/*.{conf,ext}
+	docinto wiki
+	dodoc doc/wiki/*
+	doman doc/man/*.{1,7}
+
+	# Create the dovecot.conf file from the dovecot-example.conf file that
+	# the dovecot folks nicely left for us....
+	local conf="${ED}/etc/dovecot/dovecot.conf"
+	local confd="${ED}/etc/dovecot/conf.d"
+
+	insinto /etc/dovecot
+	doins doc/example-config/*.{conf,ext}
+	insinto /etc/dovecot/conf.d
+	doins doc/example-config/conf.d/*.{conf,ext}
+	fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext
+	rm -f "${confd}/../README"
+
+	# .maildir is the Gentoo default
+	local mail_location="maildir:~/.maildir"
+	sed -i -e \
+		"s|#mail_location =|mail_location = ${mail_location}|" \
+		"${confd}/10-mail.conf" \
+		|| die "failed to update mail location settings in 10-mail.conf"
+
+	# We're using pam files (imap and pop3) provided by mailbase
+	if use pam; then
+		sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \
+			"${confd}/auth-system.conf.ext" \
+			|| die "failed to update PAM settings in auth-system.conf.ext"
+		# mailbase does not provide a sieve pam file
+		use managesieve && dosym imap /etc/pam.d/sieve
+		sed -i -e \
+			's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update PAM settings in 10-auth.conf"
+	fi
+
+	# Disable ipv6 if necessary
+	if ! use ipv6; then
+		sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \
+			|| die "failed to update listen settings in dovecot.conf"
+	fi
+
+	# Update ssl cert locations
+	if use ssl; then
+		sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \
+		|| die "ssl conf failed"
+		sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \
+			-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \
+			"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"
+	fi
+
+	# Install SQL configuration
+	if use mysql || use postgres; then
+		sed -i -e \
+			's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \
+			"${confd}/10-auth.conf" || die "failed to update SQL settings in \
+			10-auth.conf"
+	fi
+
+	# Install LDAP configuration
+	if use ldap; then
+		sed -i -e \
+			's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update ldap settings in 10-auth.conf"
+	fi
+
+	if use vpopmail; then
+		sed -i -e \
+			's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update vpopmail settings in 10-auth.conf"
+	fi
+
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake DESTDIR="${ED}" install
+		sed -i -e \
+			's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \
+			|| die "failed to update sieve settings in 15-lda.conf"
+		rm -rf "${ED}"/usr/share/doc/dovecot
+		docinto example-config/conf.d
+		dodoc doc/example-config/conf.d/*.conf
+		insinto /etc/dovecot/conf.d
+		doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf
+		use managesieve && doins doc/example-config/conf.d/20-managesieve.conf
+		docinto sieve/rfc
+		dodoc doc/rfc/*.txt
+		docinto sieve/devel
+		dodoc doc/devel/DESIGN
+		docinto plugins
+		dodoc doc/plugins/*.txt
+		docinto extensions
+		dodoc doc/extensions/*.txt
+		docinto locations
+		dodoc doc/locations/*.txt
+		doman doc/man/*.{1,7}
+	fi
+
+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
+}
+
+pkg_postinst() {
+	if use ssl; then
+	# Let's not make a new certificate if we already have one
+		if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \
+		-e "${ROOT}"/etc/ssl/dovecot/server.key ]];	then
+			einfo "Creating SSL	certificate"
+			SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"
+			install_cert /etc/ssl/dovecot/server
+		fi
+	fi
+
+	elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes."
+}

diff --git a/net-mail/dovecot/dovecot-2.3.0-r3.ebuild b/net-mail/dovecot/dovecot-2.3.0-r3.ebuild
new file mode 100644
index 00000000000..df9749698c3
--- /dev/null
+++ b/net-mail/dovecot/dovecot-2.3.0-r3.ebuild
@@ -0,0 +1,289 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+# do not add a ssl USE flag.  ssl is mandatory
+SSL_DEPS_SKIP=1
+inherit ssl-cert systemd user versionator
+
+MY_P="${P/_/.}"
+MY_S="${PN}-ce-${PV}"
+major_minor="$(get_version_component_range 1-2)"
+sieve_version="0.5.0.1"
+if [[ ${PV} == *_rc* ]] ; then
+	rc_dir="rc/"
+else
+	rc_dir=""
+fi
+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz
+	sieve? (
+	https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	)
+	managesieve? (
+	https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz
+	) "
+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"
+HOMEPAGE="http://www.dovecot.org/"
+
+SLOT="0"
+LICENSE="LGPL-2.1 MIT"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86"
+
+IUSE_DOVECOT_AUTH="kerberos ldap lua mysql pam postgres sqlite vpopmail"
+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib"
+IUSE_DOVECOT_OTHER="argon2 caps doc ipv6 libressl lucene managesieve selinux sieve solr static-libs suid tcpd textcat"
+
+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"
+
+DEPEND="argon2? ( dev-libs/libsodium )
+	bzip2? ( app-arch/bzip2 )
+	caps? ( sys-libs/libcap )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )
+	lua? ( dev-lang/lua:* )
+	lucene? ( >=dev-cpp/clucene-2.3 )
+	lzma? ( app-arch/xz-utils )
+	lz4? ( app-arch/lz4 )
+	mysql? ( virtual/mysql )
+	pam? ( virtual/pam )
+	postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] )
+	selinux? ( sec-policy/selinux-dovecot )
+	solr? ( net-misc/curl dev-libs/expat )
+	sqlite? ( dev-db/sqlite:* )
+	!libressl? ( dev-libs/openssl:0 )
+	libressl? ( dev-libs/libressl )
+	tcpd? ( sys-apps/tcp-wrappers )
+	textcat? ( app-text/libexttextcat )
+	vpopmail? ( net-mail/vpopmail )
+	zlib? ( sys-libs/zlib )
+	virtual/libiconv
+	dev-libs/icu:="
+
+RDEPEND="${DEPEND}
+	net-mail/mailbase"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132.patch
+	"${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132-fixup.patch
+)
+
+S=${WORKDIR}/${MY_S}
+
+pkg_setup() {
+	if use managesieve && ! use sieve; then
+		ewarn "managesieve USE flag selected but sieve USE flag unselected"
+		ewarn "sieve USE flag will be turned on"
+	fi
+	# default internal user
+	enewgroup dovecot 97
+	enewuser dovecot 97 -1 /dev/null dovecot
+	# default login user
+	enewuser dovenull -1 -1 /dev/null
+	# add "mail" group for suid'ing. Better security isolation.
+	if use suid; then
+		enewgroup mail
+	fi
+}
+
+src_configure() {
+	local conf=""
+
+	if use postgres || use mysql || use sqlite; then
+		conf="${conf} --with-sql"
+	fi
+
+	# turn valgrind tests off. Bug #340791
+	VALGRIND=no econf \
+		--with-rundir="${EPREFIX}/run/dovecot" \
+		--with-statedir="${EPREFIX}/var/lib/dovecot" \
+		--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \
+		--without-stemmer \
+		--disable-rpath \
+		--without-libbsd \
+		--with-icu \
+		--with-ssl \
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+		$( use_with argon2 sodium ) \
+		$( use_with bzip2 bzlib ) \
+		$( use_with caps libcap ) \
+		$( use_with kerberos gssapi ) \
+		$( use_with lua ) \
+		$( use_with ldap ) \
+		$( use_with lucene ) \
+		$( use_with lz4 ) \
+		$( use_with lzma ) \
+		$( use_with mysql ) \
+		$( use_with pam ) \
+		$( use_with postgres pgsql ) \
+		$( use_with sqlite ) \
+		$( use_with solr ) \
+		$( use_with tcpd libwrap ) \
+		$( use_with textcat ) \
+		$( use_with vpopmail ) \
+		$( use_with zlib ) \
+		$( use_enable static-libs static ) \
+		${conf}
+
+	if use sieve || use managesieve ; then
+		# The sieve plugin needs this file to be build to determine the plugin
+		# directory and the list of libraries to link to.
+		emake dovecot-config
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		econf \
+			$( use_enable static-libs static ) \
+			--localstatedir="${EPREFIX}/var" \
+			--enable-shared \
+			--with-dovecot="../${MY_S}" \
+			$( use_with managesieve )
+	fi
+}
+
+src_compile() {
+	default
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"
+	fi
+}
+
+src_test() {
+	default
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		default
+	fi
+}
+
+src_install () {
+	default
+
+	# insecure:
+	# use suid && fperms u+s /usr/libexec/dovecot/deliver
+	# better:
+	if use suid;then
+		einfo "Changing perms to allow deliver to be suided"
+		fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+		fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"
+	fi
+
+	newinitd "${FILESDIR}"/dovecot.init-r4 dovecot
+
+	rm -rf "${ED}"/usr/share/doc/dovecot
+
+	dodoc AUTHORS NEWS README TODO
+	dodoc doc/*.{txt,cnf,xml,sh}
+	docinto example-config
+	dodoc doc/example-config/*.{conf,ext}
+	docinto example-config/conf.d
+	dodoc doc/example-config/conf.d/*.{conf,ext}
+	docinto wiki
+	dodoc doc/wiki/*
+	doman doc/man/*.{1,7}
+
+	# Create the dovecot.conf file from the dovecot-example.conf file that
+	# the dovecot folks nicely left for us....
+	local conf="${ED}/etc/dovecot/dovecot.conf"
+	local confd="${ED}/etc/dovecot/conf.d"
+
+	insinto /etc/dovecot
+	doins doc/example-config/*.{conf,ext}
+	insinto /etc/dovecot/conf.d
+	doins doc/example-config/conf.d/*.{conf,ext}
+	fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext
+	rm -f "${confd}/../README"
+
+	# .maildir is the Gentoo default
+	local mail_location="maildir:~/.maildir"
+	sed -i -e \
+		"s|#mail_location =|mail_location = ${mail_location}|" \
+		"${confd}/10-mail.conf" \
+		|| die "failed to update mail location settings in 10-mail.conf"
+
+	# We're using pam files (imap and pop3) provided by mailbase
+	if use pam; then
+		sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \
+			"${confd}/auth-system.conf.ext" \
+			|| die "failed to update PAM settings in auth-system.conf.ext"
+		# mailbase does not provide a sieve pam file
+		use managesieve && dosym imap /etc/pam.d/sieve
+		sed -i -e \
+			's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update PAM settings in 10-auth.conf"
+	fi
+
+	# Disable ipv6 if necessary
+	if ! use ipv6; then
+		sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \
+			|| die "failed to update listen settings in dovecot.conf"
+	fi
+
+	# Update ssl cert locations
+	sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \
+		|| die "ssl conf failed"
+	sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \
+		-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \
+		"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"
+
+	# Install SQL configuration
+	if use mysql || use postgres; then
+		sed -i -e \
+			's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \
+			"${confd}/10-auth.conf" || die "failed to update SQL settings in \
+			10-auth.conf"
+	fi
+
+	# Install LDAP configuration
+	if use ldap; then
+		sed -i -e \
+			's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update ldap settings in 10-auth.conf"
+	fi
+
+	if use vpopmail; then
+		sed -i -e \
+			's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \
+			"${confd}/10-auth.conf" \
+			|| die "failed to update vpopmail settings in 10-auth.conf"
+	fi
+
+	if use sieve || use managesieve ; then
+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"
+		emake DESTDIR="${ED}" install
+		sed -i -e \
+			's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \
+			|| die "failed to update sieve settings in 15-lda.conf"
+		rm -rf "${ED}"/usr/share/doc/dovecot
+		docinto example-config/conf.d
+		dodoc doc/example-config/conf.d/*.conf
+		insinto /etc/dovecot/conf.d
+		doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf
+		use managesieve && doins doc/example-config/conf.d/20-managesieve.conf
+		docinto sieve/rfc
+		dodoc doc/rfc/*.txt
+		docinto sieve/devel
+		dodoc doc/devel/DESIGN
+		docinto plugins
+		dodoc doc/plugins/*.txt
+		docinto extensions
+		dodoc doc/extensions/*.txt
+		docinto locations
+		dodoc doc/locations/*.txt
+		doman doc/man/*.{1,7}
+	fi
+
+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete
+}
+
+pkg_postinst() {
+	# Let's not make a new certificate if we already have one
+	if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \
+		-e "${ROOT}"/etc/ssl/dovecot/server.key ]];	then
+		einfo "Creating SSL	certificate"
+		SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"
+		install_cert /etc/ssl/dovecot/server
+	fi
+
+	elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes."
+}

diff --git a/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch
new file mode 100644
index 00000000000..c30acf1fd6e
--- /dev/null
+++ b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch
@@ -0,0 +1,37 @@
+Upstream: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22
+
+Link: http://seclists.org/oss-sec/2018/q1/119
+
+--- a/src/lib-auth/auth-client-request.c
++++ b/src/lib-auth/auth-client-request.c
+@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request)
+ 
+ 	auth_client_send_cancel(request->conn->client, request->id);
+ 	call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);
++	/* remove the request */
++	auth_server_connection_remove_request(request->conn, request->id);
+ 	pool_unref(&request->pool);
+ }
+ 
+--- a/src/lib-auth/auth-server-connection.c
++++ b/src/lib-auth/auth-server-connection.c
+@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,
+ 	hash_table_insert(conn->requests, POINTER_CAST(id), request);
+ 	return id;
+ }
++
++void auth_server_connection_remove_request(struct auth_server_connection *conn,
++					   unsigned int id)
++{
++	i_assert(conn->handshake_received);
++	hash_table_remove(conn->requests, POINTER_CAST(id));
++}
+--- a/src/lib-auth/auth-server-connection.h
++++ b/src/lib-auth/auth-server-connection.h
+@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,
+ unsigned int
+ auth_server_connection_add_request(struct auth_server_connection *conn,
+ 				   struct auth_client_request *request);
++void auth_server_connection_remove_request(struct auth_server_connection *conn,
++					   unsigned int id);
+ #endif