Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2024-08-20 16:15:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.2698 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot23"
Tue Aug 20 16:15:09 2024 rev:54 rq:1194886 version:2.3.21.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2023-11-07
21:28:20.087880145 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.2698/dovecot23.changes
2024-08-20 16:15:32.391485938 +0200
@@ -1,0 +2,22 @@
+Wed Aug 14 19:09:12 UTC 2024 - Arjen de Korte <suse+bu...@de-korte.org>
+
+- update to 2.3.21.1 and pigeonhole 0.5.21.1
+
+ Dovecot 2.3.21.1
+ - CVE-2024-23184: A large number of address headers in email resulted
+ in excessive CPU usage. [boo#1229184]
+ - CVE-2024-23185: Abnormally large email headers are now truncated or
+ discarded, with a limit of 10MB on a single header and 50MB for all
+ the headers of all the parts of an email. [boo#1229183]
+ - oauth2: Dovecot would send client_id and client_secret as POST parameters
+ to introspection server. These need to be optionally in Basic auth
+ instead as required by OIDC specification.
+ - oauth2: JWT key type check was too strict.
+ - oauth2: JWT token audience was not validated against client_id as
+ required by OIDC specification.
+ - oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
+ protocol specific error message on all errors. This broke OIDC discovery.
+ - oauth2: JWT aud validation was not performed if aud was missing
+ from token, but was configured on Dovecot.
+
+-------------------------------------------------------------------
Old:
----
dovecot-2.3-pigeonhole-0.5.21.tar.gz
dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig
dovecot-2.3.21.tar.gz
dovecot-2.3.21.tar.gz.sig
New:
----
dovecot-2.3-pigeonhole-0.5.21.1.tar.gz
dovecot-2.3-pigeonhole-0.5.21.1.tar.gz.sig
dovecot-2.3.21.1.tar.gz
dovecot-2.3.21.1.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dovecot23.spec ++++++
--- /var/tmp/diff_new_pack.pU9oSF/_old 2024-08-20 16:15:33.063513848 +0200
+++ /var/tmp/diff_new_pack.pU9oSF/_new 2024-08-20 16:15:33.067514014 +0200
@@ -17,11 +17,11 @@
Name: dovecot23
-Version: 2.3.21
+Version: 2.3.21.1
Release: 0
%define pkg_name dovecot
-%define dovecot_version 2.3.21
-%define dovecot_pigeonhole_version 0.5.21
+%define dovecot_version 2.3.21.1
+%define dovecot_pigeonhole_version 0.5.21.1
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
++++++ dovecot-2.3-pigeonhole-0.5.21.tar.gz ->
dovecot-2.3-pigeonhole-0.5.21.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.21/ChangeLog
new/dovecot-2.3-pigeonhole-0.5.21.1/ChangeLog
--- old/dovecot-2.3-pigeonhole-0.5.21/ChangeLog 2023-09-14 15:18:37.000000000
+0200
+++ new/dovecot-2.3-pigeonhole-0.5.21.1/ChangeLog 2024-08-13
12:38:41.000000000 +0200
@@ -1,3 +1,27 @@
+2024-08-13 11:18:55 +0300 Aki Tuomi <aki.tu...@open-xchange.com> (49005e73)
+
+ configure: Set version to 0.5.21.1
+
+
+M configure.ac
+
+2024-08-13 11:18:44 +0300 Aki Tuomi <aki.tu...@open-xchange.com> (9ed3d6e7)
+
+ NEWS: Add news for 0.5.21.1
+
+
+M NEWS
+
+2023-10-10 11:32:20 +0300 Timo Sirainen <timo.sirai...@open-xchange.com>
(fc319df8)
+
+ lib-sieve: sieve-result - If mail store fails at commit, always fail the
+ delivery
+
+ If the mail store commit failed, the mail was not guaranteed to be saved.
We
+ don't want to lose mails, even if e.g. a forward had just succeeded.
+
+M src/lib-sieve/sieve-result.c
+
2023-08-30 15:48:42 +0300 Aki Tuomi <aki.tu...@open-xchange.com> (f6cd4b8e)
configure: Set version to 0.5.21
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.21/NEWS
new/dovecot-2.3-pigeonhole-0.5.21.1/NEWS
--- old/dovecot-2.3-pigeonhole-0.5.21/NEWS 2023-09-14 15:18:26.000000000
+0200
+++ new/dovecot-2.3-pigeonhole-0.5.21.1/NEWS 2024-08-13 12:38:30.000000000
+0200
@@ -1,3 +1,9 @@
+v0.5.21.1 2024-08-14 Aki Tuomi <aki.tu...@open-xchange.com>
+
+ - sieve: When saving to local storage failed after a successful action
+ in sieve (e.g. redirect, vacation), the mail was reported as
+ successfully delivered, although it was lost locally.
+
v0.5.21 2023-08-15 Aki Tuomi <aki.tu...@open-xchange.com>
- sieve: Using the deleteheader action on a message with a
broken/invalid
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.21/configure
new/dovecot-2.3-pigeonhole-0.5.21.1/configure
--- old/dovecot-2.3-pigeonhole-0.5.21/configure 2023-09-14 15:18:31.000000000
+0200
+++ new/dovecot-2.3-pigeonhole-0.5.21.1/configure 2024-08-13
12:38:36.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for Pigeonhole 0.5.21.
+# Generated by GNU Autoconf 2.69 for Pigeonhole 0.5.21.1.
#
# Report bugs to <dove...@dovecot.org>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='Pigeonhole'
PACKAGE_TARNAME='dovecot-2.3-pigeonhole'
-PACKAGE_VERSION='0.5.21'
-PACKAGE_STRING='Pigeonhole 0.5.21'
+PACKAGE_VERSION='0.5.21.1'
+PACKAGE_STRING='Pigeonhole 0.5.21.1'
PACKAGE_BUGREPORT='dove...@dovecot.org'
PACKAGE_URL=''
@@ -1422,7 +1422,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Pigeonhole 0.5.21 to adapt to many kinds of systems.
+\`configure' configures Pigeonhole 0.5.21.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1494,7 +1494,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Pigeonhole 0.5.21:";;
+ short | recursive ) echo "Configuration of Pigeonhole 0.5.21.1:";;
esac
cat <<\_ACEOF
@@ -1623,7 +1623,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Pigeonhole configure 0.5.21
+Pigeonhole configure 0.5.21.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1992,7 +1992,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Pigeonhole $as_me 0.5.21, which was
+It was created by Pigeonhole $as_me 0.5.21.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2877,7 +2877,7 @@
# Define the identity of the package.
PACKAGE='dovecot-2.3-pigeonhole'
- VERSION='0.5.21'
+ VERSION='0.5.21.1'
# Some tools Automake needs.
@@ -14244,7 +14244,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Pigeonhole $as_me 0.5.21, which was
+This file was extended by Pigeonhole $as_me 0.5.21.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -14310,7 +14310,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Pigeonhole config.status 0.5.21
+Pigeonhole config.status 0.5.21.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.21/configure.ac
new/dovecot-2.3-pigeonhole-0.5.21.1/configure.ac
--- old/dovecot-2.3-pigeonhole-0.5.21/configure.ac 2023-09-14
15:18:26.000000000 +0200
+++ new/dovecot-2.3-pigeonhole-0.5.21.1/configure.ac 2024-08-13
12:38:30.000000000 +0200
@@ -2,7 +2,7 @@
# Be sure to update ABI version also if anything changes that might require
# recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Pigeonhole], [0.5.21], [dove...@dovecot.org],
[dovecot-2.3-pigeonhole])
+AC_INIT([Pigeonhole], [0.5.21.1], [dove...@dovecot.org],
[dovecot-2.3-pigeonhole])
AC_DEFINE_UNQUOTED([PIGEONHOLE_ABI_VERSION], "0.5.ABIv21($PACKAGE_VERSION)",
[Pigeonhole ABI version])
AC_CONFIG_AUX_DIR([.])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.21/pigeonhole-version.h
new/dovecot-2.3-pigeonhole-0.5.21.1/pigeonhole-version.h
--- old/dovecot-2.3-pigeonhole-0.5.21/pigeonhole-version.h 2023-09-14
15:18:37.000000000 +0200
+++ new/dovecot-2.3-pigeonhole-0.5.21.1/pigeonhole-version.h 2024-08-13
12:38:41.000000000 +0200
@@ -1,6 +1,6 @@
#ifndef PIGEONHOLE_VERSION_H
#define PIGEONHOLE_VERSION_H
-#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (f6cd4b8e)"
+#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (49005e73)"
#endif /* PIGEONHOLE_VERSION_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.3-pigeonhole-0.5.21/src/lib-sieve/sieve-result.c
new/dovecot-2.3-pigeonhole-0.5.21.1/src/lib-sieve/sieve-result.c
--- old/dovecot-2.3-pigeonhole-0.5.21/src/lib-sieve/sieve-result.c
2023-09-14 15:18:26.000000000 +0200
+++ new/dovecot-2.3-pigeonhole-0.5.21.1/src/lib-sieve/sieve-result.c
2024-08-13 12:38:31.000000000 +0200
@@ -1274,6 +1274,7 @@
{
struct sieve_result_action *rac = aexec->action;
struct sieve_action *act = &rac->action;
+ const struct sieve_execute_env *exec_env = rexec->action_env.exec_env;
/* Skip actions that are already finalized. */
if (aexec->state >= SIEVE_ACTION_EXECUTION_STATE_FINALIZED)
@@ -1312,9 +1313,14 @@
/* This is bad; try to salvage as much as possible */
if (*commit_status == SIEVE_EXEC_OK) {
*commit_status = cstatus;
- if (!rexec->committed) {
- /* We haven't executed anything yet;
- continue as rollback */
+ if (!rexec->committed ||
+ exec_env->exec_status->store_failed) {
+ /* We haven't executed anything yet,
+ or storing mail locally failed;
+ continue as rollback. We generally
+ don't want to fail entirely, e.g.
+ a failed mail forward shouldn't
+ cause duplicate local deliveries. */
status = cstatus;
}
}
++++++ dovecot-2.3-pigeonhole-0.5.21.tar.gz -> dovecot-2.3.21.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3-pigeonhole-0.5.21.tar.gz
/work/SRC/openSUSE:Factory/.dovecot23.new.2698/dovecot-2.3.21.1.tar.gz differ:
char 12, line 1
