Hello community, here is the log from the commit of package dovecot22 for openSUSE:Factory checked in at 2017-06-28 10:36:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot22 (Old) and /work/SRC/openSUSE:Factory/.dovecot22.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot22" Wed Jun 28 10:36:48 2017 rev:30 rq:506445 version:2.2.31 Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot22/dovecot22.changes 2017-06-08 16:38:52.918962241 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot22.new/dovecot22.changes 2017-06-28 10:36:52.666357270 +0200 @@ -1,0 +2,73 @@ +Mon Jun 26 10:33:17 UTC 2017 - mrueck...@suse.de + +- added dovecot-2.2.31-dhparams_fips_mode.patch (boo#1045662) + - make sure we do not generate dhparams smaller than 2048 in fips + mode + +------------------------------------------------------------------- +Fri Jun 23 10:55:41 UTC 2017 - mrueck...@suse.de + +- update to 2.2.31 + * LMTP: Removed "(Dovecot)" from added Received headers. Some + installations want to hide it, and there's not really any good + reason for anyone to have it. + + Add ssl_alt_cert and ssl_alt_key settings to add support for + having both RSA and ECDSA certificates. + + dsync/imapc, pop3-migration plugin: Strip trailing whitespace + from headers when matching mails. This helps with migrations + from Zimbra. + + acl: Add acl_globals_only setting to disable looking up + per-mailbox dovecot-acl files. + + Parse invalid message addresses better. This mainly affects the + generated IMAP ENVELOPE replies. + - v2.2.30 wasn't fixing corrupted dovecot.index.cache files + properly. It could have deleted wrong mail's cache or + assert-crashed. + - v2.2.30 mail-crypt-acl plugin was assert-crashing + - v2.2.30 welcome plugin wasn't working + - Various fixes to handling mailbox listing. Especially related + to handling nonexistent autocreated/autosubscribed mailboxes + and ACLs. + - Global ACL file was parsed as if it was local ACL file. This + caused some of the ACL rule interactions to not work exactly as + intended. + - auth: forward_* fields didn't work properly: Only the first + forward field was working, and only if the first passdb lookup + succeeded. + - Using mail_sort_max_read_count sometimes caused "Broken sort-* + indexes, resetting" errors. + - Using mail_sort_max_read_count may have caused very high CPU + usage. + - Message address parsing could have crashed on invalid input. + - imapc_features=fetch-headers wasn't always working correctly + and caused the full header to be fetched. + - imapc: Various bugfixes related to connection failure handling. + - quota=imapc sent unnecessary FETCH RFC822.SIZE to server when + expunging mails. + - quota=count: quota_warning = -storage=.. was never executed + - quota=count: Add support for "ns" parameter + - dsync: Fix incremental syncing for mails that don't have Date + or Message-ID headers. + - imap: Fix hang when client sends pipelined SEARCH + + EXPUNGE/CLOSE/LOGOUT. + - oauth2: Token validation didn't accept empty server responses. + - imap: NOTIFY command has been almost completely broken since + the beginning. I guess nobody has been trying to use it. +- update pigeonhole to 0.4.19 + * This release adjusts Pigeonhole to several changes in the + Dovecot API, making it depend on Dovecot v2.2.31. Previous + versions of Pigeonhole will produce compile warnings with the + recent Dovecot releases (but still work ok). + - Fixed bug in handling of implicit keep in some cases. Implicit + side-effects, such as assigned flags, were not always applied + correctly. This is in essence a very old bug, but it was + exposed by recent changes. + - include extension: Fixed segfault that (sometimes) occurred + when the global script location was left unconfigured. +- drop 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch: + included in pigeonhole 0.4.19 +- refreshed patches to apply cleanly again: + dovecot-2.2.18-better_ssl_defaults.patch + dovecot-2.2.18-dont_use_etc_ssl_certs.patch + +------------------------------------------------------------------- @@ -12 +85 @@ -- update to 2.2.30.1 +- update to 2.2.30.1 (boo# 1044110) Old: ---- 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch dovecot-2.2-pigeonhole-0.4.18.tar.gz dovecot-2.2.30.2.tar.gz New: ---- dovecot-2.2-pigeonhole-0.4.19.tar.gz dovecot-2.2.31-dhparams_fips_mode.patch dovecot-2.2.31.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot22.spec ++++++ --- /var/tmp/diff_new_pack.KrjoQk/_old 2017-06-28 10:36:53.578228264 +0200 +++ /var/tmp/diff_new_pack.KrjoQk/_new 2017-06-28 10:36:53.582227699 +0200 @@ -17,11 +17,11 @@ Name: dovecot22 -Version: 2.2.30.2 +Version: 2.2.31 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.2.30.2 -%define dovecot_pigeonhole_version 0.4.18 +%define dovecot_version 2.2.31 +%define dovecot_pigeonhole_version 0.4.19 %define dovecot_branch 2.2 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole @@ -128,7 +128,7 @@ Source7: dovecot-2.2-pigeonhole.configfiles Patch: dovecot-2.2.18-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.2.18-better_ssl_defaults.patch -Patch2: 3e1a17a286ab0e084577fc267a442cb12aed1cbc.patch +Patch2: dovecot-2.2.31-dhparams_fips_mode.patch Summary: IMAP and POP3 Server Written Primarily with Security in Mind License: BSD-3-Clause and LGPL-2.1+ and MIT Group: Productivity/Networking/Email/Servers @@ -308,9 +308,7 @@ %setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %patch -p1 %patch1 -p1 -pushd %{dovecot_pigeonhole_source_dir} %patch2 -p1 -popd %{__gzip} -9v ChangeLog # Fix plugins dir. %{__sed} -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++++++ dovecot-2.2-pigeonhole-0.4.18.tar.gz -> dovecot-2.2-pigeonhole-0.4.19.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/NEWS new/dovecot-2.2-pigeonhole-0.4.19/NEWS --- old/dovecot-2.2-pigeonhole-0.4.18/NEWS 2017-04-12 02:09:45.000000000 +0200 +++ new/dovecot-2.2-pigeonhole-0.4.19/NEWS 2017-06-26 20:54:55.000000000 +0200 @@ -1,3 +1,15 @@ +v0.4.19 26-06-2017 Stephan Bosch <step...@rename-it.nl> + + * This release adjusts Pigeonhole to several changes in the Dovecot API, + making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole will + produce compile warnings with the recent Dovecot releases (but still work + ok). + - Fixed bug in handling of implicit keep in some cases. Implicit side-effects, + such as assigned flags, were not always applied correctly. This is in + essence a very old bug, but it was exposed by recent changes. + - include extension: Fixed segfault that (sometimes) occurred when the global + script location was left unconfigured. + v0.4.18 12-04-2017 Stephan Bosch <step...@rename-it.nl> + imapsieve plugin: Implemented the copy_source_after rule action. When this diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/configure new/dovecot-2.2-pigeonhole-0.4.19/configure --- old/dovecot-2.2-pigeonhole-0.4.18/configure 2017-04-12 01:41:10.000000000 +0200 +++ new/dovecot-2.2-pigeonhole-0.4.19/configure 2017-06-26 20:55:04.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Pigeonhole 0.4.18. +# Generated by GNU Autoconf 2.69 for Pigeonhole 0.4.19. # # Report bugs to <dove...@dovecot.org>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='Pigeonhole' PACKAGE_TARNAME='dovecot-2.2-pigeonhole' -PACKAGE_VERSION='0.4.18' -PACKAGE_STRING='Pigeonhole 0.4.18' +PACKAGE_VERSION='0.4.19' +PACKAGE_STRING='Pigeonhole 0.4.19' PACKAGE_BUGREPORT='dove...@dovecot.org' PACKAGE_URL='' @@ -1392,7 +1392,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Pigeonhole 0.4.18 to adapt to many kinds of systems. +\`configure' configures Pigeonhole 0.4.19 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1463,7 +1463,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Pigeonhole 0.4.18:";; + short | recursive ) echo "Configuration of Pigeonhole 0.4.19:";; esac cat <<\_ACEOF @@ -1582,7 +1582,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Pigeonhole configure 0.4.18 +Pigeonhole configure 0.4.19 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1951,7 +1951,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Pigeonhole $as_me 0.4.18, which was +It was created by Pigeonhole $as_me 0.4.19, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2841,7 +2841,7 @@ # Define the identity of the package. PACKAGE='dovecot-2.2-pigeonhole' - VERSION='0.4.18' + VERSION='0.4.19' # Some tools Automake needs. @@ -12875,7 +12875,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Pigeonhole $as_me 0.4.18, which was +This file was extended by Pigeonhole $as_me 0.4.19, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -12941,7 +12941,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Pigeonhole config.status 0.4.18 +Pigeonhole config.status 0.4.19 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/configure.ac new/dovecot-2.2-pigeonhole-0.4.19/configure.ac --- old/dovecot-2.2-pigeonhole-0.4.18/configure.ac 2017-04-12 01:40:10.000000000 +0200 +++ new/dovecot-2.2-pigeonhole-0.4.19/configure.ac 2017-06-26 20:52:37.000000000 +0200 @@ -2,7 +2,7 @@ # Be sure to update ABI version also if anything changes that might require # recompiling plugins. Most importantly that means if any structs are changed. -AC_INIT([Pigeonhole], [0.4.18], [dove...@dovecot.org], [dovecot-2.2-pigeonhole]) +AC_INIT([Pigeonhole], [0.4.19], [dove...@dovecot.org], [dovecot-2.2-pigeonhole]) AC_DEFINE_UNQUOTED([PIGEONHOLE_ABI_VERSION], "0.4.ABIv2($PACKAGE_VERSION)", [Pigeonhole ABI version]) AC_CONFIG_AUX_DIR([.]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/pigeonhole-version.h new/dovecot-2.2-pigeonhole-0.4.19/pigeonhole-version.h --- old/dovecot-2.2-pigeonhole-0.4.18/pigeonhole-version.h 2017-04-12 02:10:55.000000000 +0200 +++ new/dovecot-2.2-pigeonhole-0.4.19/pigeonhole-version.h 2017-06-22 21:32:24.000000000 +0200 @@ -1,6 +1,6 @@ #ifndef PIGEONHOLE_VERSION_H #define PIGEONHOLE_VERSION_H -#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (29cc74d)" +#define PIGEONHOLE_VERSION_FULL PIGEONHOLE_VERSION" (e5c7051)" #endif /* PIGEONHOLE_VERSION_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-binary.c new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-binary.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-binary.c 2017-01-23 18:18:09.000000000 +0100 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-binary.c 2017-06-22 21:32:06.000000000 +0200 @@ -316,7 +316,7 @@ /* Can we find the script dependency ? */ storage = ext_include_get_script_storage - (ext, location, str_c(script_name), NULL); + (ext, location, str_c(script_name), &error); if ( storage == NULL ) { /* No, recompile */ // FIXME: handle ':optional' in this case diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-common.c new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-common.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/plugins/include/ext-include-common.c 2017-01-23 18:18:09.000000000 +0100 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/plugins/include/ext-include-common.c 2017-06-22 21:32:06.000000000 +0200 @@ -160,7 +160,8 @@ sieve_sys_info(svinst, "include: sieve_global is unconfigured; " "include of `:global' script `%s' is therefore not possible", str_sanitize(script_name, 80)); - *error_r = SIEVE_ERROR_NOT_FOUND; + if ( error_r != NULL ) + *error_r = SIEVE_ERROR_NOT_FOUND; return NULL; } if ( ctx->global_storage == NULL ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-extensions.c new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-extensions.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-extensions.c 2017-01-23 18:18:09.000000000 +0100 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-extensions.c 2017-06-22 21:31:36.000000000 +0200 @@ -331,6 +331,7 @@ /* Call unload handler */ if ( ext->def != NULL && ext->def->unload != NULL ) ext->def->unload(ext); + ext->context = NULL; } static void sieve_extension_registry_init(struct sieve_instance *svinst) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-result.c new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-result.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve/sieve-result.c 2017-01-23 18:19:31.000000000 +0100 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve/sieve-result.c 2017-05-24 17:02:41.000000000 +0200 @@ -969,7 +969,14 @@ rac = rac->next; } + } else if ( !rollback ) { + act_keep.location = kac->action.location; + act_keep.mail = kac->action.mail; + if ( kac->seffects != NULL ) + rsef_first = kac->seffects->first_effect; + } + if (rsef_first == NULL) { /* Apply any implicit side effects if applicable */ if ( !rollback && hash_table_is_created(result->action_contexts) ) { struct sieve_result_action_context *actctx; @@ -980,11 +987,6 @@ if ( actctx != NULL && actctx->seffects != NULL ) rsef_first = actctx->seffects->first_effect; } - } else if ( !rollback ) { - act_keep.location = kac->action.location; - act_keep.mail = kac->action.mail; - if ( kac->seffects != NULL ) - rsef_first = kac->seffects->first_effect; } /* Start keep action */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve-tool/sieve-tool.c new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve-tool/sieve-tool.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/lib-sieve-tool/sieve-tool.c 2017-02-20 11:07:25.000000000 +0100 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/lib-sieve-tool/sieve-tool.c 2017-06-22 21:31:51.000000000 +0200 @@ -551,6 +551,7 @@ ehandler = sieve_stderr_ehandler_create(svinst, 0); sieve_error_handler_accept_infolog(ehandler, TRUE); + sieve_error_handler_accept_debuglog(ehandler, svinst->debug); if ( (sbin = sieve_open (svinst, filename, NULL, ehandler, 0, NULL)) == NULL ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/managesieve-login/client.c new/dovecot-2.2-pigeonhole-0.4.19/src/managesieve-login/client.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/managesieve-login/client.c 2017-04-08 11:07:30.000000000 +0200 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/managesieve-login/client.c 2017-06-16 15:20:29.000000000 +0200 @@ -206,11 +206,6 @@ static bool client_handle_input(struct managesieve_client *client) { - const struct managesieve_arg *args = NULL; - const char *msg; - int ret = 1; - bool fatal; - i_assert(!client->common.authenticating); if (client->cmd_finished) { @@ -251,8 +246,22 @@ else client->skip_line = TRUE; } + return client->common.v.input_next_cmd(&client->common); +} + +static bool managesieve_client_input_next_cmd(struct client *_client) +{ + struct managesieve_client *client = + (struct managesieve_client *)_client; + const struct managesieve_arg *args = NULL; + const char *msg; + int ret = 1; + bool fatal; - if ( client->cmd != NULL && !client->cmd_parsed_args ) { + if (client->cmd == NULL) { + /* unknown command */ + ret = -1; + } else if ( !client->cmd_parsed_args ) { unsigned int arg_count = ( client->cmd->preparsed_args > 0 ? client->cmd->preparsed_args : 0 ); switch (managesieve_parser_read_args(client->parser, arg_count, 0, &args)) { @@ -274,6 +283,7 @@ /* not enough data */ return FALSE; } + i_assert(args != NULL); if (arg_count == 0 ) { /* we read the entire line - skip over the CRLF */ @@ -291,18 +301,12 @@ if ( args[0].type != MANAGESIEVE_ARG_EOL ) ret = -1; } - } - - if (client->cmd == NULL) { - ret = -1; - client->cmd_finished = TRUE; - } else { if (ret > 0) ret = client->cmd->func(client, args); - if (ret != 0) - client->cmd_finished = TRUE; } + if (ret != 0) + client->cmd_finished = TRUE; if (ret < 0) { if (++client->common.bad_counter >= CLIENT_MAX_BAD_COMMANDS) { client_send_bye(&client->common, @@ -390,6 +394,8 @@ client_send_ok(client, client->set->login_greeting); o_stream_uncork(client->output); + + client->banner_sent = TRUE; } static void managesieve_client_starttls(struct client *client) @@ -512,6 +518,9 @@ managesieve_proxy_parse_line, managesieve_proxy_error, managesieve_proxy_get_state, + client_common_send_raw_data, + managesieve_client_input_next_cmd, + client_common_default_free, }; static const struct login_binary managesieve_login_binary = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve-plugin.c new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve-plugin.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve-plugin.c 2016-05-15 12:40:19.000000000 +0200 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve-plugin.c 2017-05-24 17:02:41.000000000 +0200 @@ -25,8 +25,8 @@ url = mail_user_plugin_getenv(user, "imapsieve_url"); // FIXME: parse the URL and report error if it is bad if (url != NULL && strncasecmp(url, "sieve:", 6) == 0) { - str_append(client->capability_string, " IMAPSIEVE="); - str_append(client->capability_string, url); + client_add_capability(client, t_strconcat( + "IMAPSIEVE=", url, NULL)); } else { url = NULL; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve.c new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/plugins/imapsieve/imap-sieve.c 2017-04-03 20:13:17.000000000 +0200 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/plugins/imapsieve/imap-sieve.c 2017-05-24 16:59:30.000000000 +0200 @@ -581,8 +581,7 @@ struct sieve_binary *sbin = scripts[i].binary; cpflags = 0; - exflags = SIEVE_EXECUTE_FLAG_DEFER_KEEP | - SIEVE_EXECUTE_FLAG_NO_ENVELOPE; + exflags = SIEVE_EXECUTE_FLAG_NO_ENVELOPE; user_script = ( script == isrun->user_script ); last_script = script; @@ -661,8 +660,7 @@ } /* Finish execution */ - exflags = SIEVE_EXECUTE_FLAG_DEFER_KEEP | - SIEVE_EXECUTE_FLAG_NO_ENVELOPE; + exflags = SIEVE_EXECUTE_FLAG_NO_ENVELOPE; ehandler = (isrun->user_ehandler != NULL ? isrun->user_ehandler : isieve->master_ehandler); if ( compile_error == SIEVE_ERROR_TEMP_FAILURE ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.2-pigeonhole-0.4.18/src/sieve-tools/sieve-filter.c new/dovecot-2.2-pigeonhole-0.4.19/src/sieve-tools/sieve-filter.c --- old/dovecot-2.2-pigeonhole-0.4.18/src/sieve-tools/sieve-filter.c 2017-02-20 11:07:25.000000000 +0100 +++ new/dovecot-2.2-pigeonhole-0.4.19/src/sieve-tools/sieve-filter.c 2017-06-22 21:31:51.000000000 +0200 @@ -502,6 +502,7 @@ ehandler = sieve_stderr_ehandler_create(svinst, 0); sieve_system_ehandler_set(ehandler); sieve_error_handler_accept_infolog(ehandler, verbose); + sieve_error_handler_accept_debuglog(ehandler, svinst->debug); /* Compile main sieve script */ if ( force_compile ) { ++++++ dovecot-2.2.18-better_ssl_defaults.patch ++++++ --- /var/tmp/diff_new_pack.KrjoQk/_old 2017-06-28 10:36:54.058160368 +0200 +++ /var/tmp/diff_new_pack.KrjoQk/_new 2017-06-28 10:36:54.058160368 +0200 @@ -1,7 +1,7 @@ -Index: dovecot-2.2.29.1/doc/example-config/conf.d/10-ssl.conf +Index: dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf =================================================================== ---- dovecot-2.2.29.1.orig/doc/example-config/conf.d/10-ssl.conf -+++ dovecot-2.2.29.1/doc/example-config/conf.d/10-ssl.conf +--- dovecot-2.2.31.rc1.orig/doc/example-config/conf.d/10-ssl.conf ++++ dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf @@ -9,8 +9,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed @@ -39,13 +39,13 @@ # no_ticket - Disable SSL session tickets. #ssl_options = +ssl_options = no_compression -Index: dovecot-2.2.29.1/src/lib-master/master-service-ssl-settings.c +Index: dovecot-2.2.31.rc1/src/lib-master/master-service-ssl-settings.c =================================================================== ---- dovecot-2.2.29.1.orig/src/lib-master/master-service-ssl-settings.c -+++ dovecot-2.2.29.1/src/lib-master/master-service-ssl-settings.c -@@ -43,7 +43,7 @@ static const struct master_service_ssl_s - .ssl_cert = "", - .ssl_key = "", +--- dovecot-2.2.31.rc1.orig/src/lib-master/master-service-ssl-settings.c ++++ dovecot-2.2.31.rc1/src/lib-master/master-service-ssl-settings.c +@@ -47,7 +47,7 @@ static const struct master_service_ssl_s + .ssl_alt_cert = "", + .ssl_alt_key = "", .ssl_key_password = "", - .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL", + .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH", ++++++ dovecot-2.2.18-dont_use_etc_ssl_certs.patch ++++++ --- /var/tmp/diff_new_pack.KrjoQk/_old 2017-06-28 10:36:54.074158104 +0200 +++ /var/tmp/diff_new_pack.KrjoQk/_new 2017-06-28 10:36:54.078157539 +0200 @@ -1,7 +1,7 @@ -Index: dovecot-2.2.27/doc/example-config/conf.d/10-ssl.conf +Index: dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf =================================================================== ---- dovecot-2.2.27.orig/doc/example-config/conf.d/10-ssl.conf -+++ dovecot-2.2.27/doc/example-config/conf.d/10-ssl.conf +--- dovecot-2.2.31.rc1.orig/doc/example-config/conf.d/10-ssl.conf ++++ dovecot-2.2.31.rc1/doc/example-config/conf.d/10-ssl.conf @@ -9,7 +9,7 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed @@ -11,10 +11,10 @@ ssl_key = </etc/ssl/private/dovecot.pem # If key file is password protected, give the password here. Alternatively -Index: dovecot-2.2.27/doc/man/doveconf.1.in +Index: dovecot-2.2.31.rc1/doc/man/doveconf.1.in =================================================================== ---- dovecot-2.2.27.orig/doc/man/doveconf.1.in -+++ dovecot-2.2.27/doc/man/doveconf.1.in +--- dovecot-2.2.31.rc1.orig/doc/man/doveconf.1.in ++++ dovecot-2.2.31.rc1/doc/man/doveconf.1.in @@ -126,7 +126,7 @@ Dump settings in simplified machine pars .TP .B \-x @@ -31,10 +31,10 @@ -.BR dsync (1) \ No newline at end of file +.BR dsync (1) -Index: dovecot-2.2.27/doc/mkcert.sh +Index: dovecot-2.2.31.rc1/doc/mkcert.sh =================================================================== ---- dovecot-2.2.27.orig/doc/mkcert.sh -+++ dovecot-2.2.27/doc/mkcert.sh +--- dovecot-2.2.31.rc1.orig/doc/mkcert.sh ++++ dovecot-2.2.31.rc1/doc/mkcert.sh @@ -8,10 +8,10 @@ OPENSSL=${OPENSSL-openssl} SSLDIR=${SSLDIR-/etc/ssl} OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} @@ -48,11 +48,11 @@ KEYFILE=$KEYDIR/dovecot.pem if [ ! -d $CERTDIR ]; then -Index: dovecot-2.2.27/doc/wiki/CompilingSource.txt +Index: dovecot-2.2.31.rc1/doc/wiki/CompilingSource.txt =================================================================== ---- dovecot-2.2.27.orig/doc/wiki/CompilingSource.txt -+++ dovecot-2.2.27/doc/wiki/CompilingSource.txt -@@ -141,7 +141,7 @@ non-standard path. Make sure you have th +--- dovecot-2.2.31.rc1.orig/doc/wiki/CompilingSource.txt ++++ dovecot-2.2.31.rc1/doc/wiki/CompilingSource.txt +@@ -142,7 +142,7 @@ non-standard path. Make sure you have th installed, and if it is not in the standard location, set 'CPPFLAGS' and 'LDFLAGS' as shown in <the first section above.> [CompilingSource.txt] @@ -61,10 +61,10 @@ the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory can be changed using the '--with-ssldir=DIR' configure option. Both can of course be overridden from the configuration file. -Index: dovecot-2.2.27/doc/wiki/SSL.CertificateCreation.txt +Index: dovecot-2.2.31.rc1/doc/wiki/SSL.CertificateCreation.txt =================================================================== ---- dovecot-2.2.27.orig/doc/wiki/SSL.CertificateCreation.txt -+++ dovecot-2.2.27/doc/wiki/SSL.CertificateCreation.txt +--- dovecot-2.2.31.rc1.orig/doc/wiki/SSL.CertificateCreation.txt ++++ dovecot-2.2.31.rc1/doc/wiki/SSL.CertificateCreation.txt @@ -39,7 +39,7 @@ CN matches the connected host name, othe invalid. It's also possible to use wildcards (eg. *.domain.com) in the host name. They should work with most clients. @@ -74,10 +74,10 @@ private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default the certificate will expire in 365 days. If you wish to change any of these, modify the mkcert.sh script. -Index: dovecot-2.2.27/doc/wiki/SSL.DovecotConfiguration.txt +Index: dovecot-2.2.31.rc1/doc/wiki/SSL.DovecotConfiguration.txt =================================================================== ---- dovecot-2.2.27.orig/doc/wiki/SSL.DovecotConfiguration.txt -+++ dovecot-2.2.27/doc/wiki/SSL.DovecotConfiguration.txt +--- dovecot-2.2.31.rc1.orig/doc/wiki/SSL.DovecotConfiguration.txt ++++ dovecot-2.2.31.rc1/doc/wiki/SSL.DovecotConfiguration.txt @@ -6,7 +6,7 @@ The most important SSL settings are (in ---%<------------------------------------------------------------------------- ssl = yes ++++++ dovecot-2.2.31-dhparams_fips_mode.patch ++++++ diff --git a/src/lib-ssl-iostream/iostream-openssl-params.c b/src/lib-ssl-iostream/iostream-openssl-params.c index 5fdaa30de..edfc81ac3 100644 --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -44,9 +44,14 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length, const char **error_r) { - if (generate_dh_parameters(512, output, error_r) < 0) + unsigned int minimal_dh_size = 512; + if (FIPS_mode() > 0) { + minimal_dh_size = 2048; + i_warning("FIPS mode detected. Setting minimum DH params size from 512 to 2048. Accepting SSL connections after first start might take longer."); + }; + if (generate_dh_parameters(minimal_dh_size, output, error_r) < 0) return -1; - if (dh_length != 512) { + if (dh_length > minimal_dh_size) { if (generate_dh_parameters(dh_length, output, error_r) < 0) return -1; } ++++++ dovecot-2.2-pigeonhole-0.4.18.tar.gz -> dovecot-2.2.31.tar.gz ++++++ ++++ 1056839 lines of diff (skipped)