Hello community, here is the log from the commit of package dovecot22 for openSUSE:Factory checked in at 2016-11-19 12:50:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot22 (Old) and /work/SRC/openSUSE:Factory/.dovecot22.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot22" Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot22/dovecot22.changes 2016-10-13 11:32:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot22.new/dovecot22.changes 2016-11-19 12:50:09.000000000 +0100 @@ -1,0 +2,157 @@ +Fri Nov 11 16:29:51 UTC 2016 - mrueck...@suse.de + +- update to 2.2.26.0 + - Fixed some compiling issues. + - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and + multiple passdbs. + - auth: Fixed crash when exporting to auth-worker passdb extra + fields that had empty values. + - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit + * master: Removed hardcoded 511 backlog limit for listen(). + The kernel should limit this as needed. + * doveadm import: Source user is now initialized the same as + target user. Added -U parameter to override the source user. + * Mailbox names are no longer limited to 16 hierarchy levels. + We'll check another way to make sure mailbox names can't grow + larger than 4096 bytes. + + Added a concept of "alternative usernames" by returning user_* + extra field(s) in passdb. doveadm proxy list shows these alt + usernames in "doveadm proxy list" output. "doveadm + director&proxy kick" adds -f <passdb field> parameter. The alt + usernames don't have to be unique, so this allows creation of + user groups and kicking them in one command. + + auth: passdb/userdb dict allows now %variables in key settings. + + auth: If passdb returns noauthenticate=yes extra field, assume + that it only set extra fields and authentication wasn't + actually performed. + + auth: passdb static now supports password={scheme} prefix. + + auth, login_log_format_elements: Added %{local_name} variable, + which expands to TLS SNI hostname if given. + + imapc: Added imapc_max_line_length to limit maximum memory + usage. + + imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic + logs. This replaces at least partially the rawlog plugin. + + dsync: Added dsync_features=empty-header-workaround setting. + This makes incremental dsyncs work better for servers that + randomly return empty headers for mails. When an empty header + is seen for an existing mail, dsync assumes that it matches the + local mail. + + doveadm sync/backup: Added -I <max size> parameter to skip too + large mails. + + doveadm sync/backup: Fixed -t parameter and added -e for + "end date". + + doveadm mailbox metadata: Added -s parameter to allow accessing + server metadata by using empty mailbox name. + + Added "doveadm service status" and "doveadm process status" + commands. + + director: Added director_flush_socket. See + http://wiki2.dovecot.org/Director#Flush_socket + + doveadm director flush: Users are now moved only max 100 at a + time to avoid load spikes. --max-parallel parameter overrides + this. + + Added FILE_LOCK_SLOW_WARNING_MSECS environment, which logs a + warning if any lock is waited on or kept for this many + milliseconds. + - master process's listener socket was leaked to all child + processes. This might have allowed untrusted processes to + capture and prevent "doveadm service stop" comands from + working. + - login proxy: Fixed crash when outgoing SSL connections were + hanging. + - auth: userdb fields weren't passed to auth-workers, so + %{userdb:*} from previous userdbs didn't work there. + - auth: Each userdb lookup from cache reset its TTL. + - auth: Fixed auth_bind=yes + sasl_bind=yes to work together + - auth: Blocking userdb lookups reset extra fields set by + previous userdbs. + - auth: Cache keys didn't include %{passdb:*} and %{userdb:*} + - auth-policy: Fixed crash due to using already-freed memory if + policy lookup takes longer than auth request exists. + - lib-auth: Unescape passdb/userdb extra fields. Mainly affected + returning extra fields with LFs or TABs. + - lmtp_user_concurrency_limit>0 setting was logging unnecessary + anvil errors. + - lmtp_user_concurrency_limit is now checked before quota check + with lmtp_rcpt_check_quota=yes to avoid unnecessary quota work. + - lmtp: %{userdb:*} variables didn't work in mail_log_prefix + - autoexpunge settings for mailboxes with wildcards didn't work + when namespace prefix was non-empty. + - Fixed writing >2GB to iostream-temp files (used by fs-compress, + fs-metawrap, doveadm-http) + - director: Ignore duplicates in director_servers setting. + - director: Many fixes related to connection handshaking, user + moving and error handling. + - director: Don't break with shutdown_clients=no + - zlib, IMAP BINARY: Fixed internal caching when accessing + multiple newly created mails. They all had UID=0 and the next + mail could have wrongly used the previously cached mail. + - doveadm stats reset wasn't reseting all the stats. + - auth_stats=yes: Don't update num_logins, since it doubles them + when using with mail stats. + - quota count: Fixed deadlocks when updating vsize header. + - dict-quota: Fixed crashes happening due to memory corruption. + - dict proxy: Fixed various timeout-related bugs. + - doveadm proxying: Fixed -A and -u wildcard handling. + - doveadm proxying: Fixed hangs and bugs related to printing. + - imap: Fixed wrongly triggering assert-crash in + client_check_command_hangs. + - imap proxy: Don't send ID command pipelined with + nopipelining=yes + - imap-hibernate: Don't execute quota_over_script or last_login + after un-hibernation. + - imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in + one IP packet. + - imap-hibernate: Fixed various failures when un-hibernating. + - fts: fts_autoindex=yes was broken in 2.2.25 unless + fts_autoindex_exclude settings existed. + - fts-solr: Fixed searching multiple mailboxes (patch by x16a0) + - doveadm fetch body.snippet wasn't working in 2.2.25. Also fixed + a crash with certain emails. + - pop3-migration + dbox: Various fixes related to POP3 UIDL + optimization in 2.2.25. + - pop3-migration: Fixed "truncated email header" workaround. +- update pigeonhole to 0.4.15 + * Part of the Sieve extprograms implementation was moved to + Dovecot, which means that this release depends on Dovecot + v2.2.26+. + * ManageSieve: The PUTSCRIPT command now allows uploading empty + Sieve scripts. There was really no good reason to disallow + doing that. + + Sieve vnd.dovecot.report extension: + + Added a Dovecot-Reporting-User field to the report body, + which contains the e-mail address of the user sending the + report. + + Added support for configuring the "From:" address used in + the report. + + LDA sieve plugin: Implemented support for a "discard script" + that is run when the message is going to be discarded. This + allows doing something other than throwing the message away for + good. + + Sieve vnd.dovecot.environment extension: + Added vnd.dovecot.config.* environment items. These environment + items map to sieve_env_* settings from the plugin {} section in + the configuration. Such values can of course also be returned + from userdb. + + Sieve vacation extension: Use the Microsoft + X-Auto-Response-Suppress header to prevent unwanted responses + from and to (older) Microsoft products. + + ManageSieve: Added rawlog_dir setting to store ManageSieve + traffic logs. This replaces at least partially the rawlog + plugin (mimics similar IMAP/POP3 change). + - doveadm sieve plugin: synchronization: Prevent setting file + timestamps to unix epoch time. This occurred when Dovecot + passed the timestamp as 'unknown' during synchronization. + - Sieve exprograms plugin: Fixed spurious '+' sometimes returned + at the end of socket-based program output. + - imapsieve plugin: Fixed crash occurring in specific situations. + - Performed various fixes based on static analysis and Clang + warnings. +- drop dovecot-2.2.25_ldap_bind.patch + +------------------------------------------------------------------- +Fri Nov 11 13:56:04 UTC 2016 - mrueck...@suse.de + +- added dovecot-2.2.25-umask_for_mkcert.patch: + CVE-2016-4983 (bnc #984639) + +------------------------------------------------------------------- Old: ---- dovecot-2.2-pigeonhole-0.4.15.tar.gz dovecot-2.2.25.tar.gz dovecot-2.2.25_ldap_bind.patch New: ---- dovecot-2.2-pigeonhole-0.4.16.tar.gz dovecot-2.2.25-umask_for_mkcert.patch dovecot-2.2.26.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot22.spec ++++++ --- /var/tmp/diff_new_pack.3TkSOT/_old 2016-11-19 12:50:11.000000000 +0100 +++ /var/tmp/diff_new_pack.3TkSOT/_new 2016-11-19 12:50:11.000000000 +0100 @@ -17,11 +17,11 @@ Name: dovecot22 -Version: 2.2.25 +Version: 2.2.26.0 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.2.25 -%define dovecot_pigeonhole_version 0.4.15 +%define dovecot_version 2.2.26.0 +%define dovecot_pigeonhole_version 0.4.16 %define dovecot_branch 2.2 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole @@ -126,7 +126,7 @@ Source7: dovecot-2.2-pigeonhole.configfiles Patch: dovecot-2.2.18-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.2.18-better_ssl_defaults.patch -Patch2: dovecot-2.2.25_ldap_bind.patch +Patch2: dovecot-2.2.25-umask_for_mkcert.patch Summary: IMAP and POP3 Server Written Primarily with Security in Mind License: BSD-3-Clause and LGPL-2.1+ and MIT Group: Productivity/Networking/Email/Servers ++++++ dovecot-2.2-pigeonhole-0.4.15.tar.gz -> dovecot-2.2-pigeonhole-0.4.16.tar.gz ++++++ ++++ 27870 lines of diff (skipped) ++++++ dovecot-2.2.25-umask_for_mkcert.patch ++++++ Index: dovecot-2.2.25/doc/mkcert.sh =================================================================== --- dovecot-2.2.25.orig/doc/mkcert.sh +++ dovecot-2.2.25/doc/mkcert.sh @@ -3,6 +3,7 @@ # Generates a self-signed certificate. # Edit dovecot-openssl.cnf before running this. +umask 077 OPENSSL=${OPENSSL-openssl} SSLDIR=${SSLDIR-/etc/ssl} OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} ++++++ dovecot-2.2-pigeonhole-0.4.15.tar.gz -> dovecot-2.2.26.0.tar.gz ++++++ ++++ 978276 lines of diff (skipped)