Hello community,
here is the log from the commit of package dovecot22 for openSUSE:Factory
checked in at 2017-06-28 10:36:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot22 (Old)
and /work/SRC/openSUSE:Factory/.dovecot22.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot22"
Wed Jun 28 10:36:48 2017 rev:30 rq:506445 version:2.2.31
Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot22/dovecot22.changes 2017-06-08
16:38:52.918962241 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot22.new/dovecot22.changes 2017-06-28
10:36:52.666357270 +0200
@@ -1,0 +2,73 @@
+Mon Jun 26 10:33:17 UTC 2017 - mrueck...@suse.de
+
+- added dovecot-2.2.31-dhparams_fips_mode.patch (boo#1045662)
+ - make sure we do not generate dhparams smaller than 2048 in fips
+ mode
+
+-------------------------------------------------------------------
+Fri Jun 23 10:55:41 UTC 2017 - mrueck...@suse.de
+
+- update to 2.2.31
+ * LMTP: Removed "(Dovecot)" from added Received headers. Some
+ installations want to hide it, and there's not really any good
+ reason for anyone to have it.
+ + Add ssl_alt_cert and ssl_alt_key settings to add support for
+ having both RSA and ECDSA certificates.
+ + dsync/imapc, pop3-migration plugin: Strip trailing whitespace
+ from headers when matching mails. This helps with migrations
+ from Zimbra.
+ + acl: Add acl_globals_only setting to disable looking up
+ per-mailbox dovecot-acl files.
+ + Parse invalid message addresses better. This mainly affects the
+ generated IMAP ENVELOPE replies.
+ - v2.2.30 wasn't fixing corrupted dovecot.index.cache files
+ properly. It could have deleted wrong mail's cache or
+ assert-crashed.
+ - v2.2.30 mail-crypt-acl plugin was assert-crashing
+ - v2.2.30 welcome plugin wasn't working
+ - Various fixes to handling mailbox listing. Especially related
+ to handling nonexistent autocreated/autosubscribed mailboxes
+ and ACLs.
+ - Global ACL file was parsed as if it was local ACL file. This
+ caused some of the ACL rule interactions to not work exactly as
+ intended.
+ - auth: forward_* fields didn't work properly: Only the first
+ forward field was working, and only if the first passdb lookup
+ succeeded.
+ - Using mail_sort_max_read_count sometimes caused "Broken sort-*
+ indexes, resetting" errors.
+ - Using mail_sort_max_read_count may have caused very high CPU
+ usage.
+ - Message address parsing could have crashed on invalid input.
+ - imapc_features=fetch-headers wasn't always working correctly
+ and caused the full header to be fetched.
+ - imapc: Various bugfixes related to connection failure handling.
+ - quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
+ expunging mails.
+ - quota=count: quota_warning = -storage=.. was never executed
+ - quota=count: Add support for "ns" parameter
+ - dsync: Fix incremental syncing for mails that don't have Date
+ or Message-ID headers.
+ - imap: Fix hang when client sends pipelined SEARCH +
+ EXPUNGE/CLOSE/LOGOUT.
+ - oauth2: Token validation didn't accept empty server responses.
+ - imap: NOTIFY command has been almost completely broken since
+ the beginning. I guess nobody has been trying to use it.
+- update pigeonhole to 0.4.19
+ * This release adjusts Pigeonhole to several changes in the
+ Dovecot API, making it depend on Dovecot v2.2.31. Previous
+ versions of Pigeonhole will produce compile warnings with the
+ recent Dovecot releases (but still work ok).
+ - Fixed bug in handling of implicit keep in some cases. Implicit
+ side-effects, such as assigned flags, were not always applied
+ correctly. This is in essence a very old bug, but it was
+ exposed by recent changes.
+ - include extension: Fixed segfault that (sometimes) occurred
+ when the global script location was left unconfigured.
+- drop 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch:
+ included in pigeonhole 0.4.19
+- refreshed patches to apply cleanly again:
+ dovecot-2.2.18-better_ssl_defaults.patch
+ dovecot-2.2.18-dont_use_etc_ssl_certs.patch
+
+-------------------------------------------------------------------
@@ -12 +85 @@
-- update to 2.2.30.1
+- update to 2.2.30.1 (boo# 1044110)
Old:
----
3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch
dovecot-2.2-pigeonhole-0.4.18.tar.gz
dovecot-2.2.30.2.tar.gz
New:
----
dovecot-2.2-pigeonhole-0.4.19.tar.gz
dovecot-2.2.31-dhparams_fips_mode.patch
dovecot-2.2.31.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dovecot22.spec ++++++
--- /var/tmp/diff_new_pack.KrjoQk/_old 2017-06-28 10:36:53.578228264 +0200
+++ /var/tmp/diff_new_pack.KrjoQk/_new 2017-06-28 10:36:53.582227699 +0200
@@ -17,11 +17,11 @@
Name: dovecot22
-Version: 2.2.30.2
+Version: 2.2.31
Release: 0
%define pkg_name dovecot
-%define dovecot_version 2.2.30.2
-%define dovecot_pigeonhole_version 0.4.18
+%define dovecot_version 2.2.31
+%define dovecot_pigeonhole_version 0.4.19
%define dovecot_branch 2.2
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -128,7 +128,7 @@
Source7: dovecot-2.2-pigeonhole.configfiles
Patch: dovecot-2.2.18-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.2.18-better_ssl_defaults.patch
-Patch2: 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch
+Patch2: dovecot-2.2.31-dhparams_fips_mode.patch
Summary: IMAP and POP3 Server Written Primarily with Security in Mind
License: BSD-3-Clause and LGPL-2.1+ and MIT
Group: Productivity/Networking/Email/Servers
@@ -308,9 +308,7 @@
%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
-pushd %{dovecot_pigeonhole_source_dir}
%patch2 -p1
-popd
%{__gzip} -9v ChangeLog
# Fix plugins dir.
%{__sed} -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++++++ dovecot-2.2-pigeonhole-0.4.18.tar.gz ->
dovecot-2.2-pigeonhole-0.4.19.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/NEWS
new/dovecot-2.2-pigeonhole-0.4.19/NEWS
--- old/dovecot-2.2-pigeonhole-0.4.18/NEWS 2017-04-12 02:09:45.000000000
+0200
+++ new/dovecot-2.2-pigeonhole-0.4.19/NEWS 2017-06-26 20:54:55.000000000
+0200
@@ -1,3 +1,15 @@
+v0.4.19 26-06-2017 Stephan Bosch <step...@rename-it.nl>
+
+ * This release adjusts Pigeonhole to several changes in the Dovecot API,
+ making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole
will
+ produce compile warnings with the recent Dovecot releases (but still
work
+ ok).
+ - Fixed bug in handling of implicit keep in some cases. Implicit
side-effects,
+ such as assigned flags, were not always applied correctly. This is in
+ essence a very old bug, but it was exposed by recent changes.
+ - include extension: Fixed segfault that (sometimes) occurred when the
global
+ script location was left unconfigured.
+
v0.4.18 12-04-2017 Stephan Bosch <step...@rename-it.nl>
+ imapsieve plugin: Implemented the copy_source_after rule action. When
this
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/configure
new/dovecot-2.2-pigeonhole-0.4.19/configure
--- old/dovecot-2.2-pigeonhole-0.4.18/configure 2017-04-12 01:41:10.000000000
+0200
+++ new/dovecot-2.2-pigeonhole-0.4.19/configure 2017-06-26 20:55:04.000000000
+0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for Pigeonhole 0.4.18.
+# Generated by GNU Autoconf 2.69 for Pigeonhole 0.4.19.
#
# Report bugs to <dove...@dovecot.org>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='Pigeonhole'
PACKAGE_TARNAME='dovecot-2.2-pigeonhole'
-PACKAGE_VERSION='0.4.18'
-PACKAGE_STRING='Pigeonhole 0.4.18'
+PACKAGE_VERSION='0.4.19'
+PACKAGE_STRING='Pigeonhole 0.4.19'
PACKAGE_BUGREPORT='dove...@dovecot.org'
PACKAGE_URL=''
@@ -1392,7 +1392,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Pigeonhole 0.4.18 to adapt to many kinds of systems.
+\`configure' configures Pigeonhole 0.4.19 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1463,7 +1463,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Pigeonhole 0.4.18:";;
+ short | recursive ) echo "Configuration of Pigeonhole 0.4.19:";;
esac
cat <<\_ACEOF
@@ -1582,7 +1582,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Pigeonhole configure 0.4.18
+Pigeonhole configure 0.4.19
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1951,7 +1951,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Pigeonhole $as_me 0.4.18, which was
+It was created by Pigeonhole $as_me 0.4.19, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2841,7 +2841,7 @@
# Define the identity of the package.
PACKAGE='dovecot-2.2-pigeonhole'
- VERSION='0.4.18'
+ VERSION='0.4.19'
# Some tools Automake needs.
@@ -12875,7 +12875,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Pigeonhole $as_me 0.4.18, which was
+This file was extended by Pigeonhole $as_me 0.4.19, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -12941,7 +12941,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Pigeonhole config.status 0.4.18
+Pigeonhole config.status 0.4.19
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/configure.ac
new/dovecot-2.2-pigeonhole-0.4.19/configure.ac
--- old/dovecot-2.2-pigeonhole-0.4.18/configure.ac 2017-04-12
01:40:10.000000000 +0200
+++ new/dovecot-2.2-pigeonhole-0.4.19/configure.ac 2017-06-26
20:52:37.000000000 +0200
@@ -2,7 +2,7 @@
# Be sure to update ABI version also if anything changes that might require
# recompiling plugins. Most importantly that means if any structs are changed.
-AC_INIT([Pigeonhole], [0.4.18], [dove...@dovecot.org],
[dovecot-2.2-pigeonhole])
+AC_INIT([Pigeonhole], [0.4.19], [dove...@dovecot.org],
[dovecot-2.2-pigeonhole])
AC_DEFINE_UNQUOTED([PIGEONHOLE_ABI_VERSION], "0.4.ABIv2($PACKAGE_VERSION)",
[Pigeonhole ABI version])
AC_CONFIG_AUX_DIR([.])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/pigeonhole-version.h
new/dovecot-2.2-pigeonhole-0.4.19/pigeonhole-version.h
--- old/dovecot-2.2-pigeonhole-0.4.18/pigeonhole-version.h 2017-04-12
02:10:55.000000000 +0200
+++ new/dovecot-2.2-pigeonhole-0.4.19/pigeonhole-version.h 2017-06-22
21:32:24.000000000 +0200
@@ -1,6 +1,6 @@
#ifndef PIGEONHOLE_VERSION_H
#define PIGEONHOLE_VERSION_H
-#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (29cc74d)"
+#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (e5c7051)"
#endif /* PIGEONHOLE_VERSION_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-binary.c
new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-binary.c
---
old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-binary.c
2017-01-23 18:18:09.000000000 +0100
+++
new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-binary.c
2017-06-22 21:32:06.000000000 +0200
@@ -316,7 +316,7 @@
/* Can we find the script dependency ? */
storage = ext_include_get_script_storage
- (ext, location, str_c(script_name), NULL);
+ (ext, location, str_c(script_name), &error);
if ( storage == NULL ) {
/* No, recompile */
// FIXME: handle ':optional' in this case
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-common.c
new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-common.c
---
old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-common.c
2017-01-23 18:18:09.000000000 +0100
+++
new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-common.c
2017-06-22 21:32:06.000000000 +0200
@@ -160,7 +160,8 @@
sieve_sys_info(svinst, "include: sieve_global is
unconfigured; "
"include of `:global' script `%s' is therefore
not possible",
str_sanitize(script_name, 80));
- *error_r = SIEVE_ERROR_NOT_FOUND;
+ if ( error_r != NULL )
+ *error_r = SIEVE_ERROR_NOT_FOUND;
return NULL;
}
if ( ctx->global_storage == NULL ) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-extensions.c
new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-extensions.c
--- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-extensions.c
2017-01-23 18:18:09.000000000 +0100
+++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-extensions.c
2017-06-22 21:31:36.000000000 +0200
@@ -331,6 +331,7 @@
/* Call unload handler */
if ( ext->def != NULL && ext->def->unload != NULL )
ext->def->unload(ext);
+ ext->context = NULL;
}
static void sieve_extension_registry_init(struct sieve_instance *svinst)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-result.c
new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-result.c
--- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-result.c
2017-01-23 18:19:31.000000000 +0100
+++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-result.c
2017-05-24 17:02:41.000000000 +0200
@@ -969,7 +969,14 @@
rac = rac->next;
}
+ } else if ( !rollback ) {
+ act_keep.location = kac->action.location;
+ act_keep.mail = kac->action.mail;
+ if ( kac->seffects != NULL )
+ rsef_first = kac->seffects->first_effect;
+ }
+ if (rsef_first == NULL) {
/* Apply any implicit side effects if applicable */
if ( !rollback &&
hash_table_is_created(result->action_contexts) ) {
struct sieve_result_action_context *actctx;
@@ -980,11 +987,6 @@
if ( actctx != NULL && actctx->seffects != NULL )
rsef_first = actctx->seffects->first_effect;
}
- } else if ( !rollback ) {
- act_keep.location = kac->action.location;
- act_keep.mail = kac->action.mail;
- if ( kac->seffects != NULL )
- rsef_first = kac->seffects->first_effect;
}
/* Start keep action */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve-tool/sieve-tool.c
new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve-tool/sieve-tool.c
--- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve-tool/sieve-tool.c
2017-02-20 11:07:25.000000000 +0100
+++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve-tool/sieve-tool.c
2017-06-22 21:31:51.000000000 +0200
@@ -551,6 +551,7 @@
ehandler = sieve_stderr_ehandler_create(svinst, 0);
sieve_error_handler_accept_infolog(ehandler, TRUE);
+ sieve_error_handler_accept_debuglog(ehandler, svinst->debug);
if ( (sbin = sieve_open
(svinst, filename, NULL, ehandler, 0, NULL)) == NULL ) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/managesieve-login/client.c
new/dovecot-2.2-pigeonhole-0.4.19/src/managesieve-login/client.c
--- old/dovecot-2.2-pigeonhole-0.4.18/src/managesieve-login/client.c
2017-04-08 11:07:30.000000000 +0200
+++ new/dovecot-2.2-pigeonhole-0.4.19/src/managesieve-login/client.c
2017-06-16 15:20:29.000000000 +0200
@@ -206,11 +206,6 @@
static bool client_handle_input(struct managesieve_client *client)
{
- const struct managesieve_arg *args = NULL;
- const char *msg;
- int ret = 1;
- bool fatal;
-
i_assert(!client->common.authenticating);
if (client->cmd_finished) {
@@ -251,8 +246,22 @@
else
client->skip_line = TRUE;
}
+ return client->common.v.input_next_cmd(&client->common);
+}
+
+static bool managesieve_client_input_next_cmd(struct client *_client)
+{
+ struct managesieve_client *client =
+ (struct managesieve_client *)_client;
+ const struct managesieve_arg *args = NULL;
+ const char *msg;
+ int ret = 1;
+ bool fatal;
- if ( client->cmd != NULL && !client->cmd_parsed_args ) {
+ if (client->cmd == NULL) {
+ /* unknown command */
+ ret = -1;
+ } else if ( !client->cmd_parsed_args ) {
unsigned int arg_count =
( client->cmd->preparsed_args > 0 ?
client->cmd->preparsed_args : 0 );
switch (managesieve_parser_read_args(client->parser, arg_count,
0, &args)) {
@@ -274,6 +283,7 @@
/* not enough data */
return FALSE;
}
+ i_assert(args != NULL);
if (arg_count == 0 ) {
/* we read the entire line - skip over the CRLF */
@@ -291,18 +301,12 @@
if ( args[0].type != MANAGESIEVE_ARG_EOL )
ret = -1;
}
- }
-
- if (client->cmd == NULL) {
- ret = -1;
- client->cmd_finished = TRUE;
- } else {
if (ret > 0)
ret = client->cmd->func(client, args);
- if (ret != 0)
- client->cmd_finished = TRUE;
}
+ if (ret != 0)
+ client->cmd_finished = TRUE;
if (ret < 0) {
if (++client->common.bad_counter >= CLIENT_MAX_BAD_COMMANDS) {
client_send_bye(&client->common,
@@ -390,6 +394,8 @@
client_send_ok(client, client->set->login_greeting);
o_stream_uncork(client->output);
+
+ client->banner_sent = TRUE;
}
static void managesieve_client_starttls(struct client *client)
@@ -512,6 +518,9 @@
managesieve_proxy_parse_line,
managesieve_proxy_error,
managesieve_proxy_get_state,
+ client_common_send_raw_data,
+ managesieve_client_input_next_cmd,
+ client_common_default_free,
};
static const struct login_binary managesieve_login_binary = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve-plugin.c
new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve-plugin.c
--- old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve-plugin.c
2016-05-15 12:40:19.000000000 +0200
+++ new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve-plugin.c
2017-05-24 17:02:41.000000000 +0200
@@ -25,8 +25,8 @@
url = mail_user_plugin_getenv(user, "imapsieve_url");
// FIXME: parse the URL and report error if it is bad
if (url != NULL && strncasecmp(url, "sieve:", 6) == 0) {
- str_append(client->capability_string, " IMAPSIEVE=");
- str_append(client->capability_string, url);
+ client_add_capability(client, t_strconcat(
+ "IMAPSIEVE=", url, NULL));
} else {
url = NULL;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve.c
new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve.c
--- old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve.c
2017-04-03 20:13:17.000000000 +0200
+++ new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve.c
2017-05-24 16:59:30.000000000 +0200
@@ -581,8 +581,7 @@
struct sieve_binary *sbin = scripts[i].binary;
cpflags = 0;
- exflags = SIEVE_EXECUTE_FLAG_DEFER_KEEP |
- SIEVE_EXECUTE_FLAG_NO_ENVELOPE;
+ exflags = SIEVE_EXECUTE_FLAG_NO_ENVELOPE;
user_script = ( script == isrun->user_script );
last_script = script;
@@ -661,8 +660,7 @@
}
/* Finish execution */
- exflags = SIEVE_EXECUTE_FLAG_DEFER_KEEP |
- SIEVE_EXECUTE_FLAG_NO_ENVELOPE;
+ exflags = SIEVE_EXECUTE_FLAG_NO_ENVELOPE;
ehandler = (isrun->user_ehandler != NULL ?
isrun->user_ehandler : isieve->master_ehandler);
if ( compile_error == SIEVE_ERROR_TEMP_FAILURE ) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/dovecot-2.2-pigeonhole-0.4.18/src/sieve-tools/sieve-filter.c
new/dovecot-2.2-pigeonhole-0.4.19/src/sieve-tools/sieve-filter.c
--- old/dovecot-2.2-pigeonhole-0.4.18/src/sieve-tools/sieve-filter.c
2017-02-20 11:07:25.000000000 +0100
+++ new/dovecot-2.2-pigeonhole-0.4.19/src/sieve-tools/sieve-filter.c
2017-06-22 21:31:51.000000000 +0200
@@ -502,6 +502,7 @@
ehandler = sieve_stderr_ehandler_create(svinst, 0);
sieve_system_ehandler_set(ehandler);
sieve_error_handler_accept_infolog(ehandler, verbose);
+ sieve_error_handler_accept_debuglog(ehandler, svinst->debug);
/* Compile main sieve script */
if ( force_compile ) {
++++++ dovecot-2.2.18-better_ssl_defaults.patch ++++++
--- /var/tmp/diff_new_pack.KrjoQk/_old 2017-06-28 10:36:54.058160368 +0200
+++ /var/tmp/diff_new_pack.KrjoQk/_new 2017-06-28 10:36:54.058160368 +0200
@@ -1,7 +1,7 @@
-Index: dovecot-2.2.29.1/doc/example-config/conf.d/10-ssl.conf
+Index: dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf
===================================================================
---- dovecot-2.2.29.1.orig/doc/example-config/conf.d/10-ssl.conf
-+++ dovecot-2.2.29.1/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.2.31.rc1.orig/doc/example-config/conf.d/10-ssl.conf
++++ dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf
@@ -9,8 +9,8 @@
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
@@ -39,13 +39,13 @@
# no_ticket - Disable SSL session tickets.
#ssl_options =
+ssl_options = no_compression
-Index: dovecot-2.2.29.1/src/lib-master/master-service-ssl-settings.c
+Index: dovecot-2.2.31.rc1/src/lib-master/master-service-ssl-settings.c
===================================================================
---- dovecot-2.2.29.1.orig/src/lib-master/master-service-ssl-settings.c
-+++ dovecot-2.2.29.1/src/lib-master/master-service-ssl-settings.c
-@@ -43,7 +43,7 @@ static const struct master_service_ssl_s
- .ssl_cert = "",
- .ssl_key = "",
+--- dovecot-2.2.31.rc1.orig/src/lib-master/master-service-ssl-settings.c
++++ dovecot-2.2.31.rc1/src/lib-master/master-service-ssl-settings.c
+@@ -47,7 +47,7 @@ static const struct master_service_ssl_s
+ .ssl_alt_cert = "",
+ .ssl_alt_key = "",
.ssl_key_password = "",
- .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
+ .ssl_cipher_list =
"ALL:!LOW:!SSLv2:!EXP:!aNULL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
++++++ dovecot-2.2.18-dont_use_etc_ssl_certs.patch ++++++
--- /var/tmp/diff_new_pack.KrjoQk/_old 2017-06-28 10:36:54.074158104 +0200
+++ /var/tmp/diff_new_pack.KrjoQk/_new 2017-06-28 10:36:54.078157539 +0200
@@ -1,7 +1,7 @@
-Index: dovecot-2.2.27/doc/example-config/conf.d/10-ssl.conf
+Index: dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf
===================================================================
---- dovecot-2.2.27.orig/doc/example-config/conf.d/10-ssl.conf
-+++ dovecot-2.2.27/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.2.31.rc1.orig/doc/example-config/conf.d/10-ssl.conf
++++ dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf
@@ -9,7 +9,7 @@
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
@@ -11,10 +11,10 @@
ssl_key = </etc/ssl/private/dovecot.pem
# If key file is password protected, give the password here. Alternatively
-Index: dovecot-2.2.27/doc/man/doveconf.1.in
+Index: dovecot-2.2.31.rc1/doc/man/doveconf.1.in
===================================================================
---- dovecot-2.2.27.orig/doc/man/doveconf.1.in
-+++ dovecot-2.2.27/doc/man/doveconf.1.in
+--- dovecot-2.2.31.rc1.orig/doc/man/doveconf.1.in
++++ dovecot-2.2.31.rc1/doc/man/doveconf.1.in
@@ -126,7 +126,7 @@ Dump settings in simplified machine pars
.TP
.B \-x
@@ -31,10 +31,10 @@
-.BR dsync (1)
\ No newline at end of file
+.BR dsync (1)
-Index: dovecot-2.2.27/doc/mkcert.sh
+Index: dovecot-2.2.31.rc1/doc/mkcert.sh
===================================================================
---- dovecot-2.2.27.orig/doc/mkcert.sh
-+++ dovecot-2.2.27/doc/mkcert.sh
+--- dovecot-2.2.31.rc1.orig/doc/mkcert.sh
++++ dovecot-2.2.31.rc1/doc/mkcert.sh
@@ -8,10 +8,10 @@ OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
@@ -48,11 +48,11 @@
KEYFILE=$KEYDIR/dovecot.pem
if [ ! -d $CERTDIR ]; then
-Index: dovecot-2.2.27/doc/wiki/CompilingSource.txt
+Index: dovecot-2.2.31.rc1/doc/wiki/CompilingSource.txt
===================================================================
---- dovecot-2.2.27.orig/doc/wiki/CompilingSource.txt
-+++ dovecot-2.2.27/doc/wiki/CompilingSource.txt
-@@ -141,7 +141,7 @@ non-standard path. Make sure you have th
+--- dovecot-2.2.31.rc1.orig/doc/wiki/CompilingSource.txt
++++ dovecot-2.2.31.rc1/doc/wiki/CompilingSource.txt
+@@ -142,7 +142,7 @@ non-standard path. Make sure you have th
installed, and if it is not in the standard location, set 'CPPFLAGS' and
'LDFLAGS' as shown in <the first section above.> [CompilingSource.txt]
@@ -61,10 +61,10 @@
the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory
can be changed using the '--with-ssldir=DIR' configure option. Both can of
course be overridden from the configuration file.
-Index: dovecot-2.2.27/doc/wiki/SSL.CertificateCreation.txt
+Index: dovecot-2.2.31.rc1/doc/wiki/SSL.CertificateCreation.txt
===================================================================
---- dovecot-2.2.27.orig/doc/wiki/SSL.CertificateCreation.txt
-+++ dovecot-2.2.27/doc/wiki/SSL.CertificateCreation.txt
+--- dovecot-2.2.31.rc1.orig/doc/wiki/SSL.CertificateCreation.txt
++++ dovecot-2.2.31.rc1/doc/wiki/SSL.CertificateCreation.txt
@@ -39,7 +39,7 @@ CN matches the connected host name, othe
invalid. It's also possible to use wildcards (eg. *.domain.com) in the host
name. They should work with most clients.
@@ -74,10 +74,10 @@
private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default
the certificate will expire in 365 days. If you wish to change any of these,
modify the mkcert.sh script.
-Index: dovecot-2.2.27/doc/wiki/SSL.DovecotConfiguration.txt
+Index: dovecot-2.2.31.rc1/doc/wiki/SSL.DovecotConfiguration.txt
===================================================================
---- dovecot-2.2.27.orig/doc/wiki/SSL.DovecotConfiguration.txt
-+++ dovecot-2.2.27/doc/wiki/SSL.DovecotConfiguration.txt
+--- dovecot-2.2.31.rc1.orig/doc/wiki/SSL.DovecotConfiguration.txt
++++ dovecot-2.2.31.rc1/doc/wiki/SSL.DovecotConfiguration.txt
@@ -6,7 +6,7 @@ The most important SSL settings are (in
---%<-------------------------------------------------------------------------
ssl = yes
++++++ dovecot-2.2.31-dhparams_fips_mode.patch ++++++
diff --git a/src/lib-ssl-iostream/iostream-openssl-params.c
b/src/lib-ssl-iostream/iostream-openssl-params.c
index 5fdaa30de..edfc81ac3 100644
--- a/src/lib-ssl-iostream/iostream-openssl-params.c
+++ b/src/lib-ssl-iostream/iostream-openssl-params.c
@@ -44,9 +44,14 @@ generate_dh_parameters(int bitsize, buffer_t *output, const
char **error_r)
int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length,
const char **error_r)
{
- if (generate_dh_parameters(512, output, error_r) < 0)
+ unsigned int minimal_dh_size = 512;
+ if (FIPS_mode() > 0) {
+ minimal_dh_size = 2048;
+ i_warning("FIPS mode detected. Setting minimum DH params size
from 512 to 2048. Accepting SSL connections after first start might take
longer.");
+ };
+ if (generate_dh_parameters(minimal_dh_size, output, error_r) < 0)
return -1;
- if (dh_length != 512) {
+ if (dh_length > minimal_dh_size) {
if (generate_dh_parameters(dh_length, output, error_r) < 0)
return -1;
}
++++++ dovecot-2.2-pigeonhole-0.4.18.tar.gz -> dovecot-2.2.31.tar.gz ++++++
++++ 1056839 lines of diff (skipped)
