Hello community,
here is the log from the commit of package dovecot22 for openSUSE:Factory
checked in at 2016-11-19 12:50:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot22 (Old)
and /work/SRC/openSUSE:Factory/.dovecot22.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot22"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot22/dovecot22.changes 2016-10-13
11:32:41.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot22.new/dovecot22.changes 2016-11-19
12:50:09.000000000 +0100
@@ -1,0 +2,157 @@
+Fri Nov 11 16:29:51 UTC 2016 - mrueck...@suse.de
+
+- update to 2.2.26.0
+ - Fixed some compiling issues.
+ - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and
+ multiple passdbs.
+ - auth: Fixed crash when exporting to auth-worker passdb extra
+ fields that had empty values.
+ - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit
+ * master: Removed hardcoded 511 backlog limit for listen().
+ The kernel should limit this as needed.
+ * doveadm import: Source user is now initialized the same as
+ target user. Added -U parameter to override the source user.
+ * Mailbox names are no longer limited to 16 hierarchy levels.
+ We'll check another way to make sure mailbox names can't grow
+ larger than 4096 bytes.
+ + Added a concept of "alternative usernames" by returning user_*
+ extra field(s) in passdb. doveadm proxy list shows these alt
+ usernames in "doveadm proxy list" output. "doveadm
+ director&proxy kick" adds -f <passdb field> parameter. The alt
+ usernames don't have to be unique, so this allows creation of
+ user groups and kicking them in one command.
+ + auth: passdb/userdb dict allows now %variables in key settings.
+ + auth: If passdb returns noauthenticate=yes extra field, assume
+ that it only set extra fields and authentication wasn't
+ actually performed.
+ + auth: passdb static now supports password={scheme} prefix.
+ + auth, login_log_format_elements: Added %{local_name} variable,
+ which expands to TLS SNI hostname if given.
+ + imapc: Added imapc_max_line_length to limit maximum memory
+ usage.
+ + imap, pop3: Added rawlog_dir setting to store IMAP/POP3 traffic
+ logs. This replaces at least partially the rawlog plugin.
+ + dsync: Added dsync_features=empty-header-workaround setting.
+ This makes incremental dsyncs work better for servers that
+ randomly return empty headers for mails. When an empty header
+ is seen for an existing mail, dsync assumes that it matches the
+ local mail.
+ + doveadm sync/backup: Added -I <max size> parameter to skip too
+ large mails.
+ + doveadm sync/backup: Fixed -t parameter and added -e for
+ "end date".
+ + doveadm mailbox metadata: Added -s parameter to allow accessing
+ server metadata by using empty mailbox name.
+ + Added "doveadm service status" and "doveadm process status"
+ commands.
+ + director: Added director_flush_socket. See
+ http://wiki2.dovecot.org/Director#Flush_socket
+ + doveadm director flush: Users are now moved only max 100 at a
+ time to avoid load spikes. --max-parallel parameter overrides
+ this.
+ + Added FILE_LOCK_SLOW_WARNING_MSECS environment, which logs a
+ warning if any lock is waited on or kept for this many
+ milliseconds.
+ - master process's listener socket was leaked to all child
+ processes. This might have allowed untrusted processes to
+ capture and prevent "doveadm service stop" comands from
+ working.
+ - login proxy: Fixed crash when outgoing SSL connections were
+ hanging.
+ - auth: userdb fields weren't passed to auth-workers, so
+ %{userdb:*} from previous userdbs didn't work there.
+ - auth: Each userdb lookup from cache reset its TTL.
+ - auth: Fixed auth_bind=yes + sasl_bind=yes to work together
+ - auth: Blocking userdb lookups reset extra fields set by
+ previous userdbs.
+ - auth: Cache keys didn't include %{passdb:*} and %{userdb:*}
+ - auth-policy: Fixed crash due to using already-freed memory if
+ policy lookup takes longer than auth request exists.
+ - lib-auth: Unescape passdb/userdb extra fields. Mainly affected
+ returning extra fields with LFs or TABs.
+ - lmtp_user_concurrency_limit>0 setting was logging unnecessary
+ anvil errors.
+ - lmtp_user_concurrency_limit is now checked before quota check
+ with lmtp_rcpt_check_quota=yes to avoid unnecessary quota work.
+ - lmtp: %{userdb:*} variables didn't work in mail_log_prefix
+ - autoexpunge settings for mailboxes with wildcards didn't work
+ when namespace prefix was non-empty.
+ - Fixed writing >2GB to iostream-temp files (used by fs-compress,
+ fs-metawrap, doveadm-http)
+ - director: Ignore duplicates in director_servers setting.
+ - director: Many fixes related to connection handshaking, user
+ moving and error handling.
+ - director: Don't break with shutdown_clients=no
+ - zlib, IMAP BINARY: Fixed internal caching when accessing
+ multiple newly created mails. They all had UID=0 and the next
+ mail could have wrongly used the previously cached mail.
+ - doveadm stats reset wasn't reseting all the stats.
+ - auth_stats=yes: Don't update num_logins, since it doubles them
+ when using with mail stats.
+ - quota count: Fixed deadlocks when updating vsize header.
+ - dict-quota: Fixed crashes happening due to memory corruption.
+ - dict proxy: Fixed various timeout-related bugs.
+ - doveadm proxying: Fixed -A and -u wildcard handling.
+ - doveadm proxying: Fixed hangs and bugs related to printing.
+ - imap: Fixed wrongly triggering assert-crash in
+ client_check_command_hangs.
+ - imap proxy: Don't send ID command pipelined with
+ nopipelining=yes
+ - imap-hibernate: Don't execute quota_over_script or last_login
+ after un-hibernation.
+ - imap-hibernate: Don't un-hibernate if client sends DONE+IDLE in
+ one IP packet.
+ - imap-hibernate: Fixed various failures when un-hibernating.
+ - fts: fts_autoindex=yes was broken in 2.2.25 unless
+ fts_autoindex_exclude settings existed.
+ - fts-solr: Fixed searching multiple mailboxes (patch by x16a0)
+ - doveadm fetch body.snippet wasn't working in 2.2.25. Also fixed
+ a crash with certain emails.
+ - pop3-migration + dbox: Various fixes related to POP3 UIDL
+ optimization in 2.2.25.
+ - pop3-migration: Fixed "truncated email header" workaround.
+- update pigeonhole to 0.4.15
+ * Part of the Sieve extprograms implementation was moved to
+ Dovecot, which means that this release depends on Dovecot
+ v2.2.26+.
+ * ManageSieve: The PUTSCRIPT command now allows uploading empty
+ Sieve scripts. There was really no good reason to disallow
+ doing that.
+ + Sieve vnd.dovecot.report extension:
+ + Added a Dovecot-Reporting-User field to the report body,
+ which contains the e-mail address of the user sending the
+ report.
+ + Added support for configuring the "From:" address used in
+ the report.
+ + LDA sieve plugin: Implemented support for a "discard script"
+ that is run when the message is going to be discarded. This
+ allows doing something other than throwing the message away for
+ good.
+ + Sieve vnd.dovecot.environment extension:
+ Added vnd.dovecot.config.* environment items. These environment
+ items map to sieve_env_* settings from the plugin {} section in
+ the configuration. Such values can of course also be returned
+ from userdb.
+ + Sieve vacation extension: Use the Microsoft
+ X-Auto-Response-Suppress header to prevent unwanted responses
+ from and to (older) Microsoft products.
+ + ManageSieve: Added rawlog_dir setting to store ManageSieve
+ traffic logs. This replaces at least partially the rawlog
+ plugin (mimics similar IMAP/POP3 change).
+ - doveadm sieve plugin: synchronization: Prevent setting file
+ timestamps to unix epoch time. This occurred when Dovecot
+ passed the timestamp as 'unknown' during synchronization.
+ - Sieve exprograms plugin: Fixed spurious '+' sometimes returned
+ at the end of socket-based program output.
+ - imapsieve plugin: Fixed crash occurring in specific situations.
+ - Performed various fixes based on static analysis and Clang
+ warnings.
+- drop dovecot-2.2.25_ldap_bind.patch
+
+-------------------------------------------------------------------
+Fri Nov 11 13:56:04 UTC 2016 - mrueck...@suse.de
+
+- added dovecot-2.2.25-umask_for_mkcert.patch:
+ CVE-2016-4983 (bnc #984639)
+
+-------------------------------------------------------------------
Old:
----
dovecot-2.2-pigeonhole-0.4.15.tar.gz
dovecot-2.2.25.tar.gz
dovecot-2.2.25_ldap_bind.patch
New:
----
dovecot-2.2-pigeonhole-0.4.16.tar.gz
dovecot-2.2.25-umask_for_mkcert.patch
dovecot-2.2.26.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dovecot22.spec ++++++
--- /var/tmp/diff_new_pack.3TkSOT/_old 2016-11-19 12:50:11.000000000 +0100
+++ /var/tmp/diff_new_pack.3TkSOT/_new 2016-11-19 12:50:11.000000000 +0100
@@ -17,11 +17,11 @@
Name: dovecot22
-Version: 2.2.25
+Version: 2.2.26.0
Release: 0
%define pkg_name dovecot
-%define dovecot_version 2.2.25
-%define dovecot_pigeonhole_version 0.4.15
+%define dovecot_version 2.2.26.0
+%define dovecot_pigeonhole_version 0.4.16
%define dovecot_branch 2.2
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -126,7 +126,7 @@
Source7: dovecot-2.2-pigeonhole.configfiles
Patch: dovecot-2.2.18-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.2.18-better_ssl_defaults.patch
-Patch2: dovecot-2.2.25_ldap_bind.patch
+Patch2: dovecot-2.2.25-umask_for_mkcert.patch
Summary: IMAP and POP3 Server Written Primarily with Security in Mind
License: BSD-3-Clause and LGPL-2.1+ and MIT
Group: Productivity/Networking/Email/Servers
++++++ dovecot-2.2-pigeonhole-0.4.15.tar.gz ->
dovecot-2.2-pigeonhole-0.4.16.tar.gz ++++++
++++ 27870 lines of diff (skipped)
++++++ dovecot-2.2.25-umask_for_mkcert.patch ++++++
Index: dovecot-2.2.25/doc/mkcert.sh
===================================================================
--- dovecot-2.2.25.orig/doc/mkcert.sh
+++ dovecot-2.2.25/doc/mkcert.sh
@@ -3,6 +3,7 @@
# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.
+umask 077
OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
++++++ dovecot-2.2-pigeonhole-0.4.15.tar.gz -> dovecot-2.2.26.0.tar.gz ++++++
++++ 978276 lines of diff (skipped)
