commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-09-15 16:34:45
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.4249 (New)
Package is "dovecot23"
Tue Sep 15 16:34:45 2020 rev:33 rq:834633 version:2.3.11.3
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-09-08
22:49:20.903575387 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.4249/dovecot23.changes
2020-09-15 16:35:47.863028051 +0200
@@ -1,0 +2,8 @@
+Tue Sep 15 10:26:44 UTC 2020 - Arjen de Korte
+
+- add dovecot-2.3.11.3-gssapi-nul.patch:
+ Fix for bug introduced in v2.3.11.3. It appears GSSAPI can contain NUL.
+
+ https://github.com/dovecot/core/pull/133
+
+---
New:
dovecot-2.3.11.3-gssapi-nul.patch
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.0XuuRQ/_old 2020-09-15 16:35:49.887029988 +0200
+++ /var/tmp/diff_new_pack.0XuuRQ/_new 2020-09-15 16:35:49.891029992 +0200
@@ -149,6 +149,8 @@
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
# https://github.com/dovecot/core/pull/126
Patch2: allow-tls1.3-only.patch
+# https://github.com/dovecot/core/pull/133
+Patch3: dovecot-2.3.11.3-gssapi-nul.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -329,6 +331,7 @@
%patch -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++ dovecot-2.3.11.3-gssapi-nul.patch ++
>From aae316881127017af2ba20e478251132a05f7dc0 Mon Sep 17 00:00:00 2001
From: "Paul G. Banks"
Date: Sun, 16 Aug 2020 10:57:36 +0100
Subject: [PATCH] Fix: GSSAPI can contain NUL.
---
src/auth/mech-gssapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
index f29e48da88..966273d388 100644
--- a/src/auth/mech-gssapi.c
+++ b/src/auth/mech-gssapi.c
@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request)
const struct mech_module mech_gssapi = {
"GSSAPI",
- .flags = 0,
+ .flags = MECH_SEC_ALLOW_NULS,
.passdb_need = MECH_PASSDB_NEED_NOTHING,
mech_gssapi_auth_new,
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-09-08 22:48:59
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.3399 (New)
Package is "dovecot23"
Tue Sep 8 22:48:59 2020 rev:32 rq:832820 version:2.3.11.3
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-08-14
09:34:40.120439611 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.3399/dovecot23.changes
2020-09-08 22:49:20.903575387 +0200
@@ -1,0 +2,6 @@
+Mon Aug 31 15:25:03 UTC 2020 - Marcus Rueckert
+
+- libsodium is not strictly required, it is only required for the
+ argon password scheme. This is now no longer supported on sle12
+
+---
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.mfh6ku/_old 2020-09-08 22:49:22.011575926 +0200
+++ /var/tmp/diff_new_pack.mfh6ku/_new 2020-09-08 22:49:22.019575930 +0200
@@ -52,8 +52,10 @@
%bcond_withlzma
%endif
%if 0%{?suse_version} >= 1320
+%bcond_without argon
%bcond_without lz4
%else
+%bcond_withargon
%bcond_withlz4
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -71,7 +73,9 @@
%if %{with lz4}
BuildRequires: liblz4-devel
%endif
+%if %{with argon}
BuildRequires: libsodium-devel
+%endif
%if 0%{?suse_version} >= 1520
BuildRequires: libmysqlclient-devel
%else
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-08-14 09:33:47 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.3399 (New) Package is "dovecot23" Fri Aug 14 09:33:47 2020 rev:31 rq:826276 version:2.3.11.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-05-26 17:50:36.408049720 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.3399/dovecot23.changes 2020-08-14 09:34:40.120439611 +0200 @@ -1,0 +2,116 @@ +Wed Aug 12 13:57:05 UTC 2020 - Arjen de Korte + +- update to 2.3.11.3 and pigeonhole to 0.5.11 (boo#1174920 boo#1174922 boo#1174923) + + Dovecot 2.3.11.3 + - pop3-login: Login didn't handle commands in multiple IP packets properly. +This mainly affected large XCLIENT commands or a large SASL initial +response parameter in the AUTH command. + - pop3: pop3_deleted_flag setting was broken, causing: +Panic: file seq-range-array.c: line 472 (seq_range_array_invert): +assertion failed: (range[count-1].seq2 <= max_seq) + Dovecot 2.3.11.2 + - auth: Lua passdb/userdb leaks stack elements per call, eventually +causing the stack to become too deep and crashing the auth or +auth-worker process. + - lib-mail: v2.3.11 regression: MIME parts not returned correctly by +Dovecot MIME parser. + - pop3-login: Login would fail with "Input buffer full" if the initial +response for SASL was too long. + Dovecot 2.3.11 + * CVE-2020-12100: Parsing mails with a large number of MIME parts could +have resulted in excessive CPU usage or a crash due to running out of +stack memory. + * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check +message buffer size, which leads to reading past allocation which can +lead to crash. + * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an +address that has the empty quoted string as local-part causes the lmtp +service to crash. + * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts +zero-length message, which leads to assert-crash later on. + * Events: Fix inconsistency in events. See event documentation in +https://doc.dovecot.org. + * imap_command_finished event's cmd_name field now contains "unknown" +for unknown commands. A new "cmd_input_name" field contains the +command name exactly as it was sent. + * lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*. +Note that these settings are mainly intended for testing and usually +shouldn't be changed. + * events: Renamed "index" event category to "mail-index". + * events: service: category is now using the name from +configuration file. + * dns-client: service dns_client was renamed to dns-client. + * log: Prefixes generally use the service name from configuration file. +For example dict-async service will now use +"dict-async(pid): " log prefix instead of "dict(pid): " + * *-login: Changed logging done by proxying to use a consistent prefix +containing the IP address and port. + * *-login: Changed disconnection log messages to be slightly clearer. + + dict: Add events for dictionaries. + + lib-index: Finish logging with events. + + oauth2: Support local validation of JWT tokens. + + stats: Add support for dynamic histograms and grouping. See +https://doc.dovecot.org/configuration_manual/stats/. + + imap: Implement RFC 8514: IMAP SAVEDATE + + lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge +folder) adds a lot of data to dovecot.index.cache file, commit those +changes periodically to make them visible to other concurrent sessions +as well. + + stats: Add OpenMetrics exporter for statistics. See +https://doc.dovecot.org/configuration_manual/stats/openmetrics/. + + stats: Support disabling stats-writer socket by setting +stats_writer_socket_path="". + - auth-worker: Process keeps slowly increasing its memory usage and +eventually dies with "out of memory" due to reaching vsz_limit. + - auth: Prevent potential timing attacks in authentication secret +comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result. + - auth: Several auth-mechanisms allowed input to be truncated by NUL +which can potentially lead to unintentional issues or even successful +logins which should have failed. + - auth: When auth policy returned a delay, auth_request_finished event +had policy_result=ok field instead of policy_result=delayed. + - auth: auth process crash when auth_policy_server_url is set to an +invalid URL. + - dict-ldap: Crash occurs if var_expand template expansion fails. + - dict: If dict client disconnected while iteration was still running, +dict process could have started
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-05-26 17:50:29
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New)
Package is "dovecot23"
Tue May 26 17:50:29 2020 rev:30 rq:809014 version:2.3.10.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-05-19
14:49:41.740231275 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes
2020-05-26 17:50:36.408049720 +0200
@@ -1,0 +2,5 @@
+Tue May 19 12:04:55 UTC 2020 - Marcus Rueckert
+
+- update tls 1.3 patch to allow building with tls 1.0
+
+---
Other differences:
--
++ allow-tls1.3-only.patch ++
--- /var/tmp/diff_new_pack.G1315d/_old 2020-05-26 17:50:36.996051008 +0200
+++ /var/tmp/diff_new_pack.G1315d/_new 2020-05-26 17:50:36.996051008 +0200
@@ -1,20 +1,21 @@
-Index: dovecot-2.3.10/src/config/old-set-parser.c
+Index: dovecot-2.3.10.1/src/config/old-set-parser.c
===
dovecot-2.3.10.orig/src/config/old-set-parser.c
-+++ dovecot-2.3.10/src/config/old-set-parser.c
-@@ -171,7 +171,7 @@ static int ssl_protocols_to_min_protocol
-const char **error_r)
+--- dovecot-2.3.10.1.orig/src/config/old-set-parser.c
dovecot-2.3.10.1/src/config/old-set-parser.c
+@@ -172,6 +172,9 @@ static int ssl_protocols_to_min_protocol
{
static const char *protocol_versions[] = {
-- "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2",
-+ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3",
+ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2",
++#ifdef TLS1_3_VERSION
++"TLSv1.3",
++#endif
};
/* Array where -1 = disable, 0 = not found, 1 = enable */
int protos[N_ELEMENTS(protocol_versions)];
-Index: dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c
+Index: dovecot-2.3.10.1/src/lib-ssl-iostream/iostream-openssl-common.c
===
dovecot-2.3.10.orig/src/lib-ssl-iostream/iostream-openssl-common.c
-+++ dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c
+--- dovecot-2.3.10.1.orig/src/lib-ssl-iostream/iostream-openssl-common.c
dovecot-2.3.10.1/src/lib-ssl-iostream/iostream-openssl-common.c
@@ -9,6 +9,16 @@
#include
#include
@@ -32,12 +33,14 @@
/* openssl_min_protocol_to_options() scans this array for name and returns
version and opt. opt is used with SSL_set_options() and version is used
with
SSL_set_min_proto_version(). Using either method should enable the same
-@@ -23,6 +33,8 @@ static const struct {
+@@ -23,6 +33,10 @@ static const struct {
{ SSL_TXT_TLSV1_1, TLS1_1_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 },
{ SSL_TXT_TLSV1_2, TLS1_2_VERSION,
SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 },
++#ifdef TLS1_3_VERSION
+ { SSL_TXT_TLSV1_3, TLS1_3_VERSION,
+ SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
SSL_OP_NO_TLSv1_2 },
++#endif
};
int openssl_min_protocol_to_options(const char *min_protocol, long *opt_r,
int *version_r)
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-05-19 14:49:37
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New)
Package is "dovecot23"
Tue May 19 14:49:37 2020 rev:29 rq:807017 version:2.3.10.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-05-07
14:55:34.206410488 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes
2020-05-19 14:49:41.740231275 +0200
@@ -1,0 +2,14 @@
+Mon May 18 14:04:52 UTC 2020 - Michael Ströder
+
+- update to 2.3.10.1 with security fixes for
+ * CVE-2020-10957: lmtp/submission: A client can crash the server by
+sending a NOOP command with an invalid string parameter.
+(boo#1171457)
+ * CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
+commands can cause the server to access freed memory, which can lead
+to a server crash. (boo#1171458)
+ * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
+address that has the empty quoted string as local-part causes the
+lmtp service to crash. (boo#1171456)
+
+---
Old:
dovecot-2.3.10.tar.gz
dovecot-2.3.10.tar.gz.sig
New:
dovecot-2.3.10.1.tar.gz
dovecot-2.3.10.1.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.IJDnZ9/_old 2020-05-19 14:49:42.416232774 +0200
+++ /var/tmp/diff_new_pack.IJDnZ9/_new 2020-05-19 14:49:42.420232783 +0200
@@ -19,10 +19,10 @@
%global _lto_cflags %{nil}
Name: dovecot23
-Version:2.3.10
+Version:2.3.10.1
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.10
+%define dovecot_version 2.3.10.1
%define dovecot_pigeonhole_version 0.5.10
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
++ dovecot-2.3.10.tar.gz -> dovecot-2.3.10.1.tar.gz ++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.10.tar.gz
/work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot-2.3.10.1.tar.gz differ:
char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-05-07 14:55:28
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New)
Package is "dovecot23"
Thu May 7 14:55:28 2020 rev:28 rq:800837 version:2.3.10
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-03-16
10:19:49.119623414 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes
2020-05-07 14:55:34.206410488 +0200
@@ -1,0 +2,8 @@
+Wed Apr 29 21:25:30 UTC 2020 - Marcus Rueckert
+
+- add allow-tls1.3-only.patch:
+ Allow setting TLSv1.3 as minimum TLS version
+
+ https://github.com/dovecot/core/pull/126
+
+---
New:
allow-tls1.3-only.patch
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.Z9TPT6/_old 2020-05-07 14:55:36.214414035 +0200
+++ /var/tmp/diff_new_pack.Z9TPT6/_new 2020-05-07 14:55:36.214414035 +0200
@@ -143,6 +143,8 @@
Source12: dovecot23.keyring
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
+# https://github.com/dovecot/core/pull/126
+Patch2: allow-tls1.3-only.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -322,6 +324,7 @@
%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
+%patch2 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++ allow-tls1.3-only.patch ++
Index: dovecot-2.3.10/src/config/old-set-parser.c
===
--- dovecot-2.3.10.orig/src/config/old-set-parser.c
+++ dovecot-2.3.10/src/config/old-set-parser.c
@@ -171,7 +171,7 @@ static int ssl_protocols_to_min_protocol
const char **error_r)
{
static const char *protocol_versions[] = {
- "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2",
+ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3",
};
/* Array where -1 = disable, 0 = not found, 1 = enable */
int protos[N_ELEMENTS(protocol_versions)];
Index: dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c
===
--- dovecot-2.3.10.orig/src/lib-ssl-iostream/iostream-openssl-common.c
+++ dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c
@@ -9,6 +9,16 @@
#include
#include
+/*
+ * SSL_TXT_TLSV1_3 is not defined in the openssl headers up to 1.1.1g.
+ * Define it here as no other part of the code uses those defines.
+ *
+ * https://github.com/openssl/openssl/pull/6720
+ */
+#ifndef SSL_TXT_TLSV1_3
+#define SSL_TXT_TLSV1_3 "TLSv1.3"
+#endif
+
/* openssl_min_protocol_to_options() scans this array for name and returns
version and opt. opt is used with SSL_set_options() and version is used with
SSL_set_min_proto_version(). Using either method should enable the same
@@ -23,6 +33,8 @@ static const struct {
{ SSL_TXT_TLSV1_1, TLS1_1_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 },
{ SSL_TXT_TLSV1_2, TLS1_2_VERSION,
SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 },
+ { SSL_TXT_TLSV1_3, TLS1_3_VERSION,
+ SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
SSL_OP_NO_TLSv1_2 },
};
int openssl_min_protocol_to_options(const char *min_protocol, long *opt_r,
int *version_r)
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-03-16 10:19:02
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.3160 (New)
Package is "dovecot23"
Mon Mar 16 10:19:02 2020 rev:27 rq:785090 version:2.3.10
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-02-27
14:37:11.666014521 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.3160/dovecot23.changes
2020-03-16 10:19:49.119623414 +0100
@@ -1,0 +2,117 @@
+Fri Mar 6 11:14:00 UTC 2020 - Arjen de Korte
+
+- update to 2.3.10 and pigeonhole to 0.5.10
+
+ Dovecot 2.3.10
+ * Disable retpoline migitations by default. These can cause severe
+performance regressions, so they should be only enabled when
+applicable.
+ * IMAP MOVE now commits transactions in batches of 1000 mails. This
+helps especially with lazy_expunge when moving a lot of mails. It
+mainly avoids situations where multiple IMAP sessions are running the
+same MOVE command and duplicating the mails in the lazy_expunge folder.
+With this change there can still be some duplication, but the MOVE
+always progresses forward. Also if the MOVE fails at some point, the
+changes up to the last 1000 mails are still committed instead of
+rolled back. Note that the COPY command behavior hasn't changed,
+because it is required by IMAP standard to be an atomic operation.
+ * IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails.
+This helps especially with lazy_expunge when expunging a lot of mails
+(e.g. millions) to make sure that the progress always moves forward
+even if the process is killed.
+ * Autoexpunging now expunges mails in batches of 1000 mails. This helps
+especially with lazy_expunge when expunging a lot of mails
+(e.g. millions) to make sure that the progress always moves forward
+even if the process is killed.
+ + Add tool for generating sysreport called dovecot-sysreport.
+This generates a bundle of information usually needed for support
+requests.
+ + Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457).
+ + Add metric { group_by } setting. This allows automatically creating
+new metrics based on the fields you want to group statistics by.
+NOTE: This feature is considered experimental and syntax is subject
+to change in future release.
+ + auth: Support SCRAM-SHA-256 authentication mechanism.
+ + imap: Support the new IMAP STATUS=SIZE extension.
+ + Use TCP_QUICKACK to reduce latency for some TCP connections.
+ + quota-status: Made the service more robust against erroneous use with
+Postfix ACL policies other than smtpd_recipient_restrictions.
+ + Add "revision" field support to imap_id_send setting. Using
+"revision *" will send in IMAP ID command response the short commit
+hash of the Dovecot git source tree HEAD (same as in dovecot --version).
+ + IMAP ENVELOPE includes now all addresses when there are multiple
+headers (From, To, Cc, etc.) The standard way of having multiple
+addresses is to just list them all in a single header. It's
+non-standard to have multiple headers. However, since MTAs allow these
+mails to pass through and different software may handle them in
+different ways, it's better from security point of view to show all
+the addresses.
+ + Event filters now support using "field_name=" to match a field that
+doesn't exist or has an empty value. For example use "error=" to match
+only events that didn't fail.
+ - acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA
+commands.
+ - cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be
+treated as "uncertain write failure".
+ - dict-redis: Using quota_clone configured with dict-redis could have
+crashed when Redis responded slowly.
+ - fts-solr: The XML response parser fails to parse large/chunked responses
+correctly. This leads to spurious parse errors, most notably: "Error:
+fts_solr: received invalid uid '0'".
+ - imap-hibernate: Communication trouble with imap-master leads to
+segfault.
+ - imap-hibernate: Unhibernation retrying wasn't working.
+ - imap: Fixed auth lookup privilege problem when imap process was reused
+and user was being un-hibernated.
+ - Fix potential crash when copying/moving mails within the same folder.
+This happened only when there were a lot of fields in dovecot.index.cache.
+ - lib-index: Recreating dovecot.index.cache file could have crashed when
+merging bitmask fields.
+ - lib-index: Using public/shared folders with INDEXPVT configured to use
+private \Seen flags, trying to search seen/unseen in an empty folder
+crashes with segfault.
+ -
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-02-27 14:36:56
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.26092 (New)
Package is "dovecot23"
Thu Feb 27 14:36:56 2020 rev:26 rq:779422 version:2.3.9.3
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-02-13
10:14:02.400427813 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.26092/dovecot23.changes
2020-02-27 14:37:11.666014521 +0100
@@ -1,0 +2,8 @@
+Wed Feb 26 12:40:54 UTC 2020 - Dominique Leuenberger
+
+- Update dovecot-2.3.0-dont_use_etc_ssl_certs.patch: since we
+ change CERTDIR to /etc/ssl/private, it is rather evil to then err
+ out claiming /etc/ssl/certs would not exist. The error message
+ should mention the directory it tested for.
+
+---
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.ei2zjL/_old 2020-02-27 14:37:13.794018912 +0100
+++ /var/tmp/diff_new_pack.ei2zjL/_new 2020-02-27 14:37:13.798018921 +0100
@@ -1,7 +1,7 @@
#
# spec file for package dovecot23
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -127,7 +127,7 @@
%endif
Recommends: %{name}-fts = %{version}
Recommends: %{name}-fts-squat = %{version}
-Url:http://www.dovecot.org
+URL:http://www.dovecot.org
Source:
http://www.dovecot.org/releases/%{dovecot_branch}/%{pkg_name}-%{dovecot_version}.tar.gz
Source1:
http://pigeonhole.dovecot.org/releases/%{dovecot_branch}/%{dovecot_pigeonhole_source_dir}.tar.gz
Source2:dovecot-rpmlintrc
++ dovecot-2.3.0-dont_use_etc_ssl_certs.patch ++
--- /var/tmp/diff_new_pack.ei2zjL/_old 2020-02-27 14:37:13.874019077 +0100
+++ /var/tmp/diff_new_pack.ei2zjL/_new 2020-02-27 14:37:13.874019077 +0100
@@ -1,7 +1,7 @@
-Index: dovecot-2.3.7.2/doc/example-config/conf.d/10-ssl.conf
+Index: dovecot-2.3.9.3/doc/example-config/conf.d/10-ssl.conf
===
dovecot-2.3.7.2.orig/doc/example-config/conf.d/10-ssl.conf
-+++ dovecot-2.3.7.2/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.3.9.3.orig/doc/example-config/conf.d/10-ssl.conf
dovecot-2.3.9.3/doc/example-config/conf.d/10-ssl.conf
@@ -9,7 +9,7 @@
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
@@ -11,10 +11,10 @@
ssl_key = [CompilingSource.txt]
@@ -61,10 +66,10 @@
the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory
can be changed using the '--with-ssldir=DIR' configure option. Both can of
course be overridden from the configuration file.
-Index: dovecot-2.3.7.2/doc/wiki/SSL.CertificateCreation.txt
+Index: dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt
===
dovecot-2.3.7.2.orig/doc/wiki/SSL.CertificateCreation.txt
-+++ dovecot-2.3.7.2/doc/wiki/SSL.CertificateCreation.txt
+--- dovecot-2.3.9.3.orig/doc/wiki/SSL.CertificateCreation.txt
dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt
@@ -39,7 +39,7 @@ CN matches the connected host name, othe
invalid. It's also possible to use wildcards (eg. *.domain.com) in the host
name. They should work with most clients.
@@ -74,10 +79,10 @@
private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default
the certificate will expire in 365 days. If you wish to change any of these,
modify the mkcert.sh script.
-Index: dovecot-2.3.7.2/doc/wiki/SSL.DovecotConfiguration.txt
+Index: dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt
===
dovecot-2.3.7.2.orig/doc/wiki/SSL.DovecotConfiguration.txt
-+++ dovecot-2.3.7.2/doc/wiki/SSL.DovecotConfiguration.txt
+--- dovecot-2.3.9.3.orig/doc/wiki/SSL.DovecotConfiguration.txt
dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt
@@ -41,7 +41,7 @@ The most important SSL settings are (in
---%<-
ssl = yes
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-02-13 10:13:38
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.26092 (New)
Package is "dovecot23"
Thu Feb 13 10:13:38 2020 rev:25 rq:774042 version:2.3.9.3
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-01-12
23:25:40.094844622 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.26092/dovecot23.changes
2020-02-13 10:14:02.400427813 +0100
@@ -1,0 +2,8 @@
+Wed Feb 12 12:24:46 UTC 2020 - Arjen de Korte
+
+- update to 2.3.9.3
+ * CVE-2020-7046: Truncated UTF-8 can be used to DoS
+submission-login and lmtp processes.
+ * CVE-2020-7957: Specially crafted mail can crash snippet generation.
+
+---
Old:
dovecot-2.3.9.2.tar.gz
dovecot-2.3.9.2.tar.gz.sig
New:
dovecot-2.3.9.3.tar.gz
dovecot-2.3.9.3.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.AwZlch/_old 2020-02-13 10:14:03.28419 +0100
+++ /var/tmp/diff_new_pack.AwZlch/_new 2020-02-13 10:14:03.28419 +0100
@@ -19,10 +19,10 @@
%global _lto_cflags %{nil}
Name: dovecot23
-Version:2.3.9.2
+Version:2.3.9.3
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.9.2
+%define dovecot_version 2.3.9.3
%define dovecot_pigeonhole_version 0.5.9
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
++ dovecot-2.3.9.2.tar.gz -> dovecot-2.3.9.3.tar.gz ++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.9.2.tar.gz
/work/SRC/openSUSE:Factory/.dovecot23.new.26092/dovecot-2.3.9.3.tar.gz differ:
char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2020-01-12 23:23:45
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.6675 (New)
Package is "dovecot23"
Sun Jan 12 23:23:45 2020 rev:24 rq:763048 version:2.3.9.2
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-12-18
14:48:37.397946984 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.6675/dovecot23.changes
2020-01-12 23:25:40.094844622 +0100
@@ -1,0 +2,5 @@
+Sun Dec 22 19:51:09 UTC 2019 - Peter Varkoly
+
+- Adapt package changes in mysql-devel
+
+---
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.63vVNF/_old 2020-01-12 23:25:41.046844975 +0100
+++ /var/tmp/diff_new_pack.63vVNF/_new 2020-01-12 23:25:41.046844975 +0100
@@ -72,7 +72,11 @@
BuildRequires: liblz4-devel
%endif
BuildRequires: libsodium-devel
+%if 0%{?suse_version} >= 1520
+BuildRequires: libmysqlclient-devel
+%else
BuildRequires: mysql-devel
+%endif
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkgconfig
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-12-18 14:45:44 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.4691 (New) Package is "dovecot23" Wed Dec 18 14:45:44 2019 rev:23 rq:757626 version:2.3.9.2 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-11-15 22:40:23.148475350 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.4691/dovecot23.changes 2019-12-18 14:48:37.397946984 +0100 @@ -1,0 +2,116 @@ +Sat Dec 14 08:55:56 UTC 2019 - Michael Ströder + +- update to 2.3.9.2 with security fixes: + * CVE-2019-19722: Mails with group addresses in From or To +fields caused crash in push notification drivers. + * Mails with empty From/To headers can also cause crash +in push notification drivers. + +--- +Wed Dec 4 21:46:28 UTC 2019 - Michael Ströder + +- update to 2.3.9 and pigeonhole to 0.5.9 + + Dovecot 2.3.9 + * Changed several event field names for consistency and to avoid +conflicts in parent-child event relationships: + * SMTP server command events: Renamed "name" to "cmd_name" + * Events inheriting from a mailbox: Renamed "name" to "mailbox" + * Server connection events have only "remote_ip", "remote_port", + "local_ip" and "local_port". + * Removed duplicate "client_ip", "ip" and "port". + * Mail storage events: Removed "service" field. + Use "service:" category instead. + * HTTP client connection events: Renamed "host" to "dest_host" and + "port" to "dest_port" + * auth: Drop Postfix socketmap support. It hasn't been working +with recent Postfix versions for a while now. + * push-notification-lua: The "subject" field is now decoded to UTF8 +instead of kept as MIME-encoded. + + push-notification-lua: Added new "from_address", "from_display_name", +"to_address" and "to_display_name" fields. The display names are +decoded to UTF8. + + Added various new fields to existing events. +See http://doc.dovecot.net/admin_manual/list_of_events.html + + Add lmtp_add_received_header setting. It can be used to prevent LMTP +from adding "Received:" headers. + + doveadm: Support SSL/STARTTLS for proxied doveadm connections based on +doveadm_ssl setting and proxy ssl/tls settings. + + Log filters support now "service:", which matches all events for +the given service. It can also be used as a category. + + lib: Use libunwind to get abort backtraces with function names +where available. + + lmtp: When the LMTP proxy changes the username (from passdb lookup) +add an appropriate ORCPT parameter. + - lmtp: Add lmtp_client_workarounds setting to implement workarounds for +clients that send MAIL and RCPT commands with additional spaces before +the path and for clients that omit <> brackets around the path. +See example-config/conf.d/20-lmtp.conf. + - lda/lmtp: Invalid MAIL FROM addresses were rejcted too aggressively. +Now mails from addresses with unicode characters are delivered, but +their Return-Path header will be <> instead of the given MAIL FROM +address. + - lmtp: The lmtp_hdr_delivery_address setting is ignored. + - imap: imap_command_finished event's "args" and "human_args" parameters +were always empty. + - mbox: Seeking in zlib and bzip2 compressed input streams didn't work +correctly. + - imap-hibernate: Process crashed when client got destroyed while it was +attempted to be unhibernated, and the unhibernation fails. + - *-login: Proxying may have crashed if SSL handshake to the backend +failed immediately. This was unlikely to happen in normal operation. + - *-login: If TLS handshake to upstream server failed during proxying, +login process could crash due to invalid memory access. + - *-login: v2.3 regression: Using SASL authentication without initial +response may have caused SSL connections to hang. This happened often +at least with PHP's IMAP library. + - *-login: When login processes are flooded with authentication attempts +it starts logging errors about "Authentication server sent unknown id". +This is still expected. However, it also caused the login process to +disconnect from auth server and potentially log some user's password +in the error message. + - dict-sql: SQL prepared statements were not shared between sessions. +This resulted in creating a lot of prepared statements, which was +especially inefficient when using Cassandra backend with a lot of +Cassandra nodes. + - auth: auth_request_finished event didn't have success=yes parameter +set for successful authentications. + - auth: userdb dict - Trying to list users crashed.
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-11-15 22:39:40
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.26869 (New)
Package is "dovecot23"
Fri Nov 15 22:39:40 2019 rev:22 rq:748910 version:2.3.8
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-10-17
12:21:20.711314403 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.26869/dovecot23.changes
2019-11-15 22:40:23.148475350 +0100
@@ -1,0 +2,5 @@
+Fri Nov 8 12:20:14 UTC 2019 - Arjen de Korte
+
+- Disable Link Time Optimization (LTO) (boo#1156301)
+
+---
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.adELWp/_old 2019-11-15 22:40:23.972474963 +0100
+++ /var/tmp/diff_new_pack.adELWp/_new 2019-11-15 22:40:23.976474961 +0100
@@ -16,6 +16,8 @@
#
+%global _lto_cflags %{nil}
+
Name: dovecot23
Version:2.3.8
Release:0
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-10-17 12:21:18 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.2352 (New) Package is "dovecot23" Thu Oct 17 12:21:18 2019 rev:21 rq:738214 version:2.3.8 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-08-29 17:28:07.595262212 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.2352/dovecot23.changes 2019-10-17 12:21:20.711314403 +0200 @@ -1,0 +2,62 @@ +Tue Oct 8 17:31:00 UTC 2019 - Michael Ströder + +- update to 2.3.8 and pigeonhole to 0.5.8 + + Dovecot 2.3.8 + + Added mail_delivery_started and mail_delivery_finished events, see +https://doc.dovecot.org/admin_manual/list_of_events/ for details. + + dsync-replication: Don't replicate users who have "noreplicate" extra +field in userdb. + + doveadm service status: Show total number of processes created. + + When logging to syslog, use instance_name setting's value for the +ident. This commonly is added as a log prefix. + + Base64 encoding/decoding code was rewritten with additional features. +It shouldn't cause any user visible changes. + - v2.3.7 regression: If a folder only receives new mails without any +other mail access, dovecot.index.log keeps growing forever and +dovecot.index keeps being rewritten for every mail delivery. + - dsync-replication may lose keywords after syncing mails restored from +another replica. This only happened if the mail only had keywords and +no system flags. + - event filters: Non-textual event fields could not be filtered using +wildcards. + - auth: Scope parameter was missing from OAuth password grant +request. + - doveadm client-server communication may hang in some situations. +It is also using unnecessarily small TCP/IP packet sizes. + - doveadm who and kick did not flush protocol output correctly. + - imap: SETMETADATA with literal value would delete the metadata value +instead of updating it. + - imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the +caching decisions should be updated so that newly saved mails will +have the preview cached. + - With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid +permission bits in some files may have become dropped with some NFS +servers. Changed NFS flushing to now use chmod() instead of chown(). + - quota: warnings did not work if quota root was noenforcing + - acl: Global ACL file ignored the last line if it didn't end with LF. + - doveadm stats dump: With JSON formatter output numbers using the +number type instead of as strings + - lmtp_proxy: Ensure that real_* variables are correctly set when using +lmtp_proxy. + - event exporter: http-post driver had hardcoded timeout and did not +support DNS lookups or TLS connections. + - auth: Fix user iteration to work with userdb passwd with glibc v2.28. + - auth: auth service can crash if auth-policy JSON response is invalid +or returned too fast. + - In some rare situations "ps" output could have shown a lot of "?" +characters after Dovecot process titles. + - When dovecot.index.pvt is empty, an unnecessary error is logged: +Error: .../dovecot.index.pvt reset, view is now inconsistent + - SMTP address encoder duplicated initial double quote character when +the localpart of an address ended in '..'. For example +"user...@example.com" became ""user+.."@example.com in a +sieve redirect. + + Pigeonhole 0.5.8 + - Sieve may leak resources in rare cases when a redirect, vacation or +report action fails to send the message. This mainly applies when +Sieve is executed in IMAP context; i.e., for the IMAPSIEVE or +FILTER=SIEVE capabilities. + +--- Old: dovecot-2.3-pigeonhole-0.5.7.2.tar.gz dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig dovecot-2.3.7.2.tar.gz dovecot-2.3.7.2.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.8.tar.gz dovecot-2.3-pigeonhole-0.5.8.tar.gz.sig dovecot-2.3.8.tar.gz dovecot-2.3.8.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.Fa3VHo/_old 2019-10-17 12:21:21.695311935 +0200 +++ /var/tmp/diff_new_pack.Fa3VHo/_new 2019-10-17 12:21:21.699311925 +0200 @@ -17,11 +17,11 @@ Name: dovecot23 -Version:2.3.7.2 +Version:2.3.8 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.7.2 -%define dovecot_pigeonhole_version 0.5.7.2 +%define dovecot_version 2.3.8 +%define dovecot_pigeonhole_version 0.5.8 %define dovecot_branch 2.3 %define
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-08-29 17:28:03
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.7948 (New)
Package is "dovecot23"
Thu Aug 29 17:28:03 2019 rev:20 rq:726988 version:2.3.7.2
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-07-26
12:40:23.853906983 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.7948/dovecot23.changes
2019-08-29 17:28:07.595262212 +0200
@@ -1,0 +2,17 @@
+Wed Aug 28 16:57:12 UTC 2019 - Marcus Rueckert
+
+- update to 2.3.7.2
+ * CVE-2019-11500: IMAP protocol parser does not properly handle
+NUL byte when scanning data in quoted strings, leading to out
+of bounds heap memory writes. Found by Nick Roessler and Rafi
+Rubin. (boo#1145559)
+- update pigeonhole to 0.5.7.2
+ * CVE-2019-11500: ManageSieve protocol parser does not properly
+handle NUL byte when scanning data in quoted strings, leading
+to out of bounds heap memory writes. Found by Nick Roessler and
+Rafi Rubin. (boo#1145559)
+- refreshed patches to apply cleanly again:
+ dovecot-2.3.0-better_ssl_defaults.patch
+ dovecot-2.3.0-dont_use_etc_ssl_certs.patch
+
+---
Old:
dovecot-2.3-pigeonhole-0.5.7.1.tar.gz
dovecot-2.3-pigeonhole-0.5.7.1.tar.gz.sig
dovecot-2.3.7.1.tar.gz
dovecot-2.3.7.1.tar.gz.sig
New:
dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig
dovecot-2.3.7.2.tar.gz
dovecot-2.3.7.2.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.j75c5r/_old 2019-08-29 17:28:08.755262032 +0200
+++ /var/tmp/diff_new_pack.j75c5r/_new 2019-08-29 17:28:08.755262032 +0200
@@ -12,16 +12,16 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: dovecot23
-Version:2.3.7.1
+Version:2.3.7.2
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.7.1
-%define dovecot_pigeonhole_version 0.5.7.1
+%define dovecot_version 2.3.7.2
+%define dovecot_pigeonhole_version 0.5.7.2
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
++ dovecot-2.3-pigeonhole-0.5.7.1.tar.gz ->
dovecot-2.3-pigeonhole-0.5.7.2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.7.1/ChangeLog
new/dovecot-2.3-pigeonhole-0.5.7.2/ChangeLog
--- old/dovecot-2.3-pigeonhole-0.5.7.1/ChangeLog2019-07-23
12:20:56.0 +0200
+++ new/dovecot-2.3-pigeonhole-0.5.7.2/ChangeLog2019-08-26
12:38:11.0 +0200
@@ -1,3 +1,37 @@
+2019-08-23 09:48:58 +0300 Aki Tuomi (7372921a)
+
+Released 0.5.7.2
+
+
+M NEWS
+M configure.ac
+
+2019-05-17 10:39:25 +0300 Timo Sirainen
(4a299840)
+
+lib-managesieve: Make sure str_unescape() won't be writing past allocated
+memory
+
+The previous commit should already prevent this, but this makes sure it
+can't become broken in the future either. It makes the performance a tiny
+bit worse, but that's not practically noticeable.
+
+M src/lib-managesieve/managesieve-parser.c
+
+2019-05-10 19:43:55 +0300 Timo Sirainen
(7ce9990a)
+
+lib-managesieve: Don't accept strings with NULs
+
+ManageSieve doesn't allow NULs in strings.
+
+This fixes a bug with unescaping a string with NULs: str_unescape() could
+have been called for memory that points outside the allocated string,
+causing heap corruption. This could cause crashes or theoretically even
+result in remote code execution exploit.
+
+Found by Nick Roessler and Rafi Rubin
+
+M src/lib-managesieve/managesieve-parser.c
+
2019-07-22 14:02:50 +0300 Timo Sirainen
(db5c74be)
Released v0.5.7.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.7.1/NEWS
new/dovecot-2.3-pigeonhole-0.5.7.2/NEWS
--- old/dovecot-2.3-pigeonhole-0.5.7.1/NEWS 2019-07-23 12:20:46.0
+0200
+++ new/dovecot-2.3-pigeonhole-0.5.7.2/NEWS 2019-08-26 12:38:00.0
+0200
@@ -1,3 +1,9 @@
+v0.5.7.2 2019-08-28 Aki Tuomi
+
+ * CVE-2019-11500: ManageSieve protocol parser does not properly handle
+ NUL byte when scanning data in
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-07-26 12:40:22
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.4126 (New)
Package is "dovecot23"
Fri Jul 26 12:40:22 2019 rev:19 rq:718437 version:2.3.7.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-05-02
19:18:38.661562344 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.4126/dovecot23.changes
2019-07-26 12:40:23.853906983 +0200
@@ -1,0 +2,72 @@
+Tue Jul 23 20:06:59 UTC 2019 - Michael Ströder
+
+- update to 2.3.7.1 and pigeonhole to 0.5.7.1
+ Dovecot 2.3.7.1
+- Fix TCP_NODELAY errors being logged on non-Linux OSes
+- lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME
+- Remove wrongly added checks in namespace prefix checking
+ Pigeonhole 0.5.7.1
+- dsync: Sieve script syncing failed if mailbox attributes weren't enabled.
+ Dovecot 2.3.7
+* fts-solr: Removed break-imap-search parameter
++ Added more events for the new statistics, see
+ https://doc.dovecot.org/admin_manual/list_of_events/
++ mail-lua: Add IMAP metadata accessors, see
+ https://doc.dovecot.org/admin_manual/lua/
++ Add event exporters that allow exporting raw events to log files and
+ external systems, see
+ https://doc.dovecot.org/configuration_manual/event_export/
++ SNIPPET is now PREVIEW and size has been increased to 200 characters.
++ Add body option to fts_enforced. This triggers building FTS index only
+ on body search, and an error using FTS index fails the search rather
+ than reads through all the mails.
+- Submission/LMTP: Fixed crash when domain argument is invalid in a
+ second EHLO/LHLO command.
+- Copying/moving mails using Maildir format loses IMAP keywords in the
+ destination if the mail also has no system flags.
+- mail_attachment_detection_options=add-flags-on-save caused email body
+ to be unnecessarily opened when FETCHing mail headers that were
+ already cached.
+- mail attachment detection keywords not saved with maildir.
+- dovecot.index.cache may have grown excessively large in some
+ situations. This happened especially when using autoexpunging with
+ lazy_expunge folders. Also with mdbox format in general the cache file
+ wasn't recreated as often as it should have.
+- Autoexpunged mails weren't immediately deleted from the disk. Instead,
+ the deletion from disk happened the next time the folder was opened.
+ This could have caused unnecessary delays if the opening was done by
+ an interactive IMAP session.
+- Dovecot's TCP connections sometimes add extra 40ms latency due to not
+ enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't
+ affected, but everything else was. This delay wasn't always visible -
+ only in some situations with some message/packet sizes.
+- imapc: Fix various crash conditions
+- Dovecot builds were not always reproducible.
+- login-proxy: With shutdown_clients=no after config reload the
+ existing connections could no longer be listed or kicked with doveadm.
+- "doveadm proxy kick" with -f parameter caused a crash in some
+ situations.
+- Auth policy can cause segmentation fault crash during auth process
+ shutdown if all auth requests have not been finished.
+- Fix various minor bugs leading into incorrect behaviour in mailbox
+ list index handling. These rarely caused noticeable problems.
+- LDAP auth: Iteration accesses freed memory, possibly crashing
+ auth-worker
+- local_name { .. } filter in dovecot.conf does not correctly support
+ multiple names and wildcards were matched incorrectly.
+- replicator: dsync assert-crashes if it can't connect to remote TCP
+ server.
+- config: Memory leak in config process when ssl_dh setting wasn't
+ set and there was no ssl-parameters.dat file.
+ This caused config process to die once in a while
+ with "out of memory".
+
+---
+Mon May 20 14:25:49 UTC 2019 - Peter Varkoly
+
+- bsc#1134242 - upgrade from 42.3 to 15.1: dovecot shows Unknown
+ protocol 'SSLv2'
+ * remove !SSLv2 from existing ssl_protocols configuration
+during upgrade
+
+---
Old:
dovecot-2.3-pigeonhole-0.5.6.tar.gz
dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig
dovecot-2.3.6.tar.gz
dovecot-2.3.6.tar.gz.sig
New:
dovecot-2.3-pigeonhole-0.5.7.1.tar.gz
dovecot-2.3-pigeonhole-0.5.7.1.tar.gz.sig
dovecot-2.3.7.1.tar.gz
dovecot-2.3.7.1.tar.gz.sig
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-05-02 19:18:31
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.5148 (New)
Package is "dovecot23"
Thu May 2 19:18:31 2019 rev:18 rq:699690 version:2.3.6
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-04-19
18:38:46.763214914 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.5148/dovecot23.changes
2019-05-02 19:18:38.661562344 +0200
@@ -1,0 +2,51 @@
+Tue Apr 30 13:49:18 UTC 2019 - Marcus Rueckert
+
+- update pigeonhole to 0.5.6
+ + sieve: Redirect loop prevention is sometimes ineffective.
+Improve existing loop detection by also recognizing the
+X-Sieve-Redirected-From header in incoming messages and
+dropping redirect actions when it points to the sending
+account. This header is already added by the redirect action,
+so this improvement only adds an additional use of this header.
+ - sieve: Prevent execution of implicit keep upon temporary
+failure occurring at runtime.
+
+---
+Tue Apr 30 13:34:16 UTC 2019 - Marcus Rueckert
+
+- update to 2.3.6: (boo#1133624 boo#1133625)
+ * CVE-2019-11494: Submission-login crashed with signal 11 due to
+null pointer access when authentication was aborted by
+disconnecting.
+ * CVE-2019-11499: Submission-login crashed when authentication
+was started over TLS secured channel and invalid authentication
+message was sent.
+ * auth: Support password grant with passdb oauth2.
+ + Use system default CAs for outbound TLS connections.
+ + Simplify array handling with new helper macros.
+ + fts_solr: Enable configuring batch_size and soft_commit features.
+ - lmtp/submission: Fixed various bugs in XCLIENT handling,
+including a hang when XCLIENT commands were sent infinitely to
+the remote server.
+ - lmtp/submission: Forwarded multi-line replies were erroneously
+sent as two replies to the client.
+ - lib-smtp: client: Message was not guaranteed to contain CRLF
+consistently when CHUNKING was used.
+ - fts_solr: Plugin was no longer compatible with Solr 7.
+ - Make it possible to disable certificate checking without
+setting ssl_client_ca_* settings.
+ - pop3c: SSL support was broken.
+ - mysql: Closing connection twice lead to crash on some systems.
+ - auth: Multiple oauth2 passdbs crashed auth process on deinit.
+ - HTTP client connection errors infrequently triggered a
+segmentation fault when the connection was idle and not used
+for a particular client instance.
+- drop https://github.com/dovecot/core/commit/3c5101ffd.patch
+
+---
+Mon Apr 29 22:11:53 UTC 2019 - Marcus Rueckert
+
+- backport https://github.com/dovecot/core/commit/3c5101ffd.patch
+ [PATCH] driver-mysql: Avoid double-closing MySQL connection
+
+---
Old:
dovecot-2.3-pigeonhole-0.5.5.tar.gz
dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig
dovecot-2.3.5.2.tar.gz
dovecot-2.3.5.2.tar.gz.sig
New:
dovecot-2.3-pigeonhole-0.5.6.tar.gz
dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig
dovecot-2.3.6.tar.gz
dovecot-2.3.6.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.2FCLCQ/_old 2019-05-02 19:18:39.597563992 +0200
+++ /var/tmp/diff_new_pack.2FCLCQ/_new 2019-05-02 19:18:39.601563999 +0200
@@ -17,11 +17,11 @@
Name: dovecot23
-Version:2.3.5.2
+Version:2.3.6
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.5.2
-%define dovecot_pigeonhole_version 0.5.5
+%define dovecot_version 2.3.6
+%define dovecot_pigeonhole_version 0.5.6
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
++ dovecot-2.3-pigeonhole-0.5.5.tar.gz ->
dovecot-2.3-pigeonhole-0.5.6.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog
new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog
--- old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog 2019-03-05 12:53:28.0
+0100
+++ new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog 2019-04-30 14:26:49.0
+0200
@@ -1,11 +1,132 @@
-2019-03-05 13:48:57 +0200 Aki Tuomi (2483b085)
+2019-04-30 14:30:41 +0300 Aki Tuomi (92dc263a)
-Release v0.5.5 for Dovecot v2.3.5
+Released v0.5.6
M configure.ac
-2019-03-04 15:01:08
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-04-19 18:38:42
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.5536 (New)
Package is "dovecot23"
Fri Apr 19 18:38:42 2019 rev:17 rq:695556 version:2.3.5.2
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-04-04
15:27:27.338899173 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot23.changes
2019-04-19 18:38:46.763214914 +0200
@@ -1,0 +2,11 @@
+Thu Apr 18 11:40:06 UTC 2019 - Marcus Rueckert
+
+- update to 2.3.5.2 (boo#1132501)
+ * CVE-2019-10691: Trying to login with 8bit username containing
+invalid UTF8 input causes auth process to crash if auth policy
+is enabled. This could be used rather easily to cause a DoS.
+Similar crash also happens during mail delivery when using
+invalid UTF8 in From or Subject header when OX push
+notification driver is used.
+
+---
@@ -4 +15 @@
-- update to 2.3.5.1
+- update to 2.3.5.1 (boo#1130116)
Old:
dovecot-2.3.5.1.tar.gz
dovecot-2.3.5.1.tar.gz.sig
New:
dovecot-2.3.5.2.tar.gz
dovecot-2.3.5.2.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.UN8HQh/_old 2019-04-19 18:38:48.667217332 +0200
+++ /var/tmp/diff_new_pack.UN8HQh/_new 2019-04-19 18:38:48.671217337 +0200
@@ -17,10 +17,10 @@
Name: dovecot23
-Version:2.3.5.1
+Version:2.3.5.2
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.5.1
+%define dovecot_version 2.3.5.2
%define dovecot_pigeonhole_version 0.5.5
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
++ dovecot-2.3.5.1.tar.gz -> dovecot-2.3.5.2.tar.gz ++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.5.1.tar.gz
/work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot-2.3.5.2.tar.gz differ:
char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-04-04 15:22:16 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.3908 (New) Package is "dovecot23" Thu Apr 4 15:22:16 2019 rev:16 rq:689340 version:2.3.5.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-02-06 14:07:26.686648974 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.3908/dovecot23.changes 2019-04-04 15:27:27.338899173 +0200 @@ -1,0 +2,68 @@ +Thu Mar 28 12:36:55 UTC 2019 - Marcus Rueckert + +- update to 2.3.5.1 + * CVE-2019-7524: Missing input buffer size validation leads into +arbitrary buffer overflow when reading fts or pop3 uidl header +from Dovecot index. Exploiting this requires direct write +access to the index files. + +--- +Fri Mar 8 18:09:00 UTC 2019 - Marcus Rueckert + +- update to 2.3.5 + + Lua push notification driver: mail keywords and flags are +provided in MessageNew and MessageAppend events. + + submission: Implement support for plugins. + + auth: When auth_policy_log_only=yes, only log what the policy +server response would do without actually doing it. + + auth: Always log policy server decisions with auth_verbose=yes + - v2.3.[34]: doveadm log errors: Output was missing user/session + - lda: Debug log lines could have shown slightly corrupted + - login proxy: Login processes may have crashed in various ways +when login_proxy_max_disconnect_delay was set. + - imap: Fix crash with Maildir+zlib if client disconnects during +APPEND + - lmtp proxy: Fix potential assert-crash + - lmtp/submission: Fix crash when SMTP client transaction times +out + - submission: Split large XCLIENT commands to 512 bytes per +command, so Postfix accepts them. + - submission: Fix crash when client sends invalid BURL command + - submission: relay backend: VRFY command: Avoid forwarding 500 +and 502 replies back to client. + - lib-http: Fix potential assert-crash when DNS lookup fails + - lib-fts: Fix search query generation when one language ignores +a token (e.g. via stopwords). +- update pigeonhole to 0.5.5 + + IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting +which causes messages discarded by an IMAPSieve script to be +expunged immediately, rather than only being marked as +"\Deleted" (which is still the default behavior). + - IMAPSieve: Fix panic crash occurring when a COPY command copies +messages from a virtual mailbox where the source messages +originate from more than a single real mailbox. + - imap4flags extension: Fix deleting all keywords. When the +action resulted in all keywords being removed, no changes were +actually applied. + - variables extension: Fix truncation of UTF-8 variable content. +The maximum size of Sieve variables was enforced by truncating +the variable string content bluntly at the limit, but this does +not consider UTF-8 code point boundaries. This resulted in +broken UTF-8 strings. This problem also surfaced for variable +modifiers, such as the ":encodeurl" modifier provided by the +Sieve "enotify" extension. In that case, the resulting URI +escaping could also be truncated inappropriately. + - IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. +Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context +that modify the message, stored the message a second time, +rather than replacing the originally stored unmodified message. + - Fix segmentation fault occurring when both the +sieve_extprograms plugin (for the Sieve interpreter) and the +imap_filter_sieve plugin (for IMAP) are loaded at the same +time. A symbol was defined by both plugins, causing a clash +when both were loaded. +- drop patches which were backports + - 10048229...de42b54a.patch + - 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch + +--- Old: 10048229...de42b54a.patch 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch dovecot-2.3-pigeonhole-0.5.4.tar.gz dovecot-2.3-pigeonhole-0.5.4.tar.gz.sig dovecot-2.3.4.1.tar.gz dovecot-2.3.4.1.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.5.tar.gz dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig dovecot-2.3.5.1.tar.gz dovecot-2.3.5.1.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.UGxRLu/_old 2019-04-04 15:27:32.458901144 +0200 +++ /var/tmp/diff_new_pack.UGxRLu/_new 2019-04-04 15:27:32.466901146 +0200 @@ -17,11 +17,11 @@ Name: dovecot23
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-02-06 14:07:20
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.28833 (New)
Package is "dovecot23"
Wed Feb 6 14:07:20 2019 rev:15 rq:671912 version:2.3.4.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-01-24
14:12:02.843457140 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot23.changes
2019-02-06 14:07:26.686648974 +0100
@@ -1,0 +2,16 @@
+Tue Feb 5 13:45:52 UTC 2019 - Marcus Rueckert
+
+- update to 2.3.4.1 (boo#1123022)
+ * CVE-2019-3814: If imap/pop3/managesieve/submission client has
+trusted certificate with missing username field
+(ssl_cert_username_field), under some configurations Dovecot
+mistakenly trusts the username provided via authentication
+instead of failing.
+ * ssl_cert_username_field setting was ignored with external
+SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
+send the cert_username field. This may have allowed users with
+trusted certificate to specify any username in the
+authentication. This bug didn't affect Dovecot's Submission
+service.
+
+---
Old:
dovecot-2.3.4.tar.gz
dovecot-2.3.4.tar.gz.sig
New:
dovecot-2.3.4.1.tar.gz
dovecot-2.3.4.1.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.1ihflQ/_old 2019-02-06 14:07:28.218648694 +0100
+++ /var/tmp/diff_new_pack.1ihflQ/_new 2019-02-06 14:07:28.218648694 +0100
@@ -1,7 +1,7 @@
#
# spec file for package dovecot23
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,10 +17,10 @@
Name: dovecot23
-Version:2.3.4
+Version:2.3.4.1
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.4
+%define dovecot_version 2.3.4.1
%define dovecot_pigeonhole_version 0.5.4
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
++ dovecot-2.3.4.tar.gz -> dovecot-2.3.4.1.tar.gz ++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.4.tar.gz
/work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot-2.3.4.1.tar.gz differ:
char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-01-24 14:12:00
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.28833 (New)
Package is "dovecot23"
Thu Jan 24 14:12:00 2019 rev:14 rq:667410 version:2.3.4
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-12-07
14:38:30.302840323 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot23.changes
2019-01-24 14:12:02.843457140 +0100
@@ -1,0 +2,6 @@
+Thu Jan 17 21:57:42 UTC 2019 - Arjen de Korte
+
+- add buildrequires zlib-devel which used to be pulled in by other
+ buildrequires, but no longer is
+
+---
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.HFlHP2/_old 2019-01-24 14:12:04.007455798 +0100
+++ /var/tmp/diff_new_pack.HFlHP2/_new 2019-01-24 14:12:04.011455793 +0100
@@ -76,6 +76,7 @@
BuildRequires: pkgconfig
BuildRequires: postgresql-devel
BuildRequires: tcpd-devel
+BuildRequires: zlib-devel
%if %{with sqlite}
BuildRequires: sqlite-devel > 3
%endif
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-12-07 14:38:22
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.19453 (New)
Package is "dovecot23"
Fri Dec 7 14:38:22 2018 rev:13 rq:655862 version:2.3.4
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-12-04
20:57:44.896625425 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.19453/dovecot23.changes
2018-12-07 14:38:30.302840323 +0100
@@ -1,0 +2,6 @@
+Thu Dec 6 17:32:43 UTC 2018 - Marcus Rueckert
+
+- added 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch:
+ fix crash with mysql/mariadb
+
+---
New:
3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.TscDVg/_old 2018-12-07 14:38:31.614838697 +0100
+++ /var/tmp/diff_new_pack.TscDVg/_new 2018-12-07 14:38:31.618838692 +0100
@@ -137,6 +137,7 @@
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
Patch2: 10048229...de42b54a.patch
+Patch3: 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -317,6 +318,7 @@
%patch -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++ 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch ++
>From 3c5101ffdd2a8115e03ed7180d53578765dea4c9 Mon Sep 17 00:00:00 2001
From: Aki Tuomi
Date: Tue, 4 Dec 2018 14:40:04 +0200
Subject: [PATCH] driver-mysql: Avoid double-closing MySQL connection
Fixes double-free
---
src/lib-sql/driver-mysql.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/lib-sql/driver-mysql.c b/src/lib-sql/driver-mysql.c
index c87e825e4b..5dd1c3124f 100644
--- a/src/lib-sql/driver-mysql.c
+++ b/src/lib-sql/driver-mysql.c
@@ -173,7 +173,9 @@ static int driver_mysql_connect(struct sql_db *_db)
static void driver_mysql_disconnect(struct sql_db *_db)
{
struct mysql_db *db = (struct mysql_db *)_db;
- mysql_close(db->mysql);
+ if (db->mysql != NULL)
+ mysql_close(db->mysql);
+ db->mysql = NULL;
}
static int driver_mysql_parse_connect_string(struct mysql_db *db,
@@ -311,7 +313,9 @@ static void driver_mysql_deinit_v(struct sql_db *_db)
_db->no_reconnect = TRUE;
sql_db_set_state(>api, SQL_DB_STATE_DISCONNECTED);
- mysql_close(db->mysql);
+ if (db->mysql != NULL)
+ mysql_close(db->mysql);
+ db->mysql = NULL;
sql_connection_log_finished(_db);
event_unref(&_db->event);
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-12-04 20:57:36
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.19453 (New)
Package is "dovecot23"
Tue Dec 4 20:57:36 2018 rev:12 rq:653727 version:2.3.4
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-10-02
19:49:42.285688629 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.19453/dovecot23.changes
2018-12-04 20:57:44.896625425 +0100
@@ -1,0 +2,52 @@
+Sun Nov 25 00:17:08 UTC 2018 - Marcus Rueckert
+
+- added 10048229...de42b54a.patch:
+ Fix build failures on TW i586
+
+---
+Sat Nov 24 00:27:59 UTC 2018 - Marcus Rueckert
+
+- update to 2.3.4
+ * The default postmaster_address is now "postmaster@". If username contains the @domain part,
+that's used. If not, then the server's hostname is used.
+ * "doveadm stats dump" now returns two decimals for the "avg"
+field.
+ + Added push notification driver that uses a Lua script
+ + Added new SQL, DNS and connection events.
+See https://wiki2.dovecot.org/Events
+ + Added "doveadm mailbox cache purge" command.
+ + Added events API support for Lua scripts
+ + doveadm force-resync -f parameter performs "index fsck" while
+opening the index. This may be useful to fix some types of
+broken index files. This may become the default behavior in a
+later version.
+ - director: Kicking a user crashes if login process is very slow
+ - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed
+messages unless QUIT is sent.
+ - auth: Fix crypt() segfault with glibc-2.28+
+ - imap: Running UID FILTER script with errors assert-crashes
+ - dsync, pop3-migration: POP3 UIDLs weren't added to
+dovecot.index.cache while mails were saved.
+ - dict clients may have been using 100% CPU while waiting for
+dict server to finish commands.
+ - doveadm user: Fixed user listing via HTTP API
+ - All levels of Cassandra log messages were logged as Dovecot
+errors.
+ - http/smtp client may have crashed after SSL handshake
+ - Lua auth converted strings that looked like numbers into
+numbers.
+- update pigeonhole to 0.5.4
+ * Adjustments to several changes in Dovecot v2.3.4 make this
+Pigeonhole release dependent on that Dovecot release; it will
+not compile against older Dovecot versions. And, conversely,
+you need to upgrade Pigeonhole when upgrading Dovecot to
+v2.3.4.
+ * The changes regarding the default postmaster_address in Dovecot
+v2.3.4 mainly apply to Pigeonhole. The new default should work
+for all existing installations, thereby fixing several reported
+v2.3/v0.5 migration problems.
+ - IMAP FILTER=SIEVE capability: Fix assert crash occurring when running
+UID FILTER on a Sieve script with errors.
+
+---
Old:
dovecot-2.3-pigeonhole-0.5.3.tar.gz
dovecot-2.3-pigeonhole-0.5.3.tar.gz.sig
dovecot-2.3.3.tar.gz
dovecot-2.3.3.tar.gz.sig
New:
10048229...de42b54a.patch
dovecot-2.3-pigeonhole-0.5.4.tar.gz
dovecot-2.3-pigeonhole-0.5.4.tar.gz.sig
dovecot-2.3.4.tar.gz
dovecot-2.3.4.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.Waud7O/_old 2018-12-04 20:57:45.844624380 +0100
+++ /var/tmp/diff_new_pack.Waud7O/_new 2018-12-04 20:57:45.844624380 +0100
@@ -17,11 +17,11 @@
Name: dovecot23
-Version:2.3.3
+Version:2.3.4
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.3
-%define dovecot_pigeonhole_version 0.5.3
+%define dovecot_version 2.3.4
+%define dovecot_pigeonhole_version 0.5.4
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -136,6 +136,7 @@
Source12: dovecot23.keyring
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
+Patch2: 10048229...de42b54a.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -315,6 +316,7 @@
%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
+%patch2 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
@@ -593,6 +595,7 @@
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-10-02 19:49:09 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Tue Oct 2 19:49:09 2018 rev:11 rq:639470 version:2.3.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-07-22 23:05:45.368896767 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-10-02 19:49:42.285688629 +0200 @@ -1,0 +2,67 @@ +Mon Oct 1 22:55:38 UTC 2018 - Marcus Rueckert + +- update pigeonhole to 0.5.3 + - Fix assertion panic occurring when managesieve service fails to +open INBOX while saving a Sieve script. This was caused by a +lack of cleanup after failure. + - Fix specific messages causing an assert panic with actions that +compose a reply (e.g. vacation). With some rather weird input +from the original message, the header folding algorithm (as +used for composing the References header for the reply) got +confused, causing the panic. + - IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command +parsing. After finishing reading the Sieve script, the command +parsing sometimes didn't continue with the search arguments. +This is a time- critical bug that likely only occurs when the +Sieve script is sent in the next TCP frame. + +--- +Mon Oct 1 22:54:12 UTC 2018 - Marcus Rueckert + +- update to 2.3.3 + * doveconf hides more secrets now in the default output. + * ssl_dh setting is no longer enforced at startup. If it's not +set and non-ECC DH key exchange happens, error is logged and +client is disconnected. + + Added log_debug= setting. + + Added log_core_filter= setting. + + quota-clone: Write to dict asynchronously + + --enable-hardening attempts to use retpoline Spectre 2 +mitigations + + lmtp proxy: Support source_ip passdb extra field. + + doveadm stats dump: Support more fields and output stddev +by default. + + push-notification: Add SSL support for OX backend. + - NUL bytes in mail headers can cause truncated replies when +fetched. + - director: Conflicting host up/down state changes may in some +rare situations ended up in a loop of two directors constantly +overwriting each others' changes. + - director: Fix hang/crash when multiple doveadm commands are +being handled concurrently. + - director: Fix assert-crash if doveadm disconnects too early + - virtual plugin: Some searches used 100% CPU for many seconds + - dsync assert-crashed with acl plugin in some situations. + - mail_attachment_detection_options=add-flags-on-save +assert-crashed with some specific Sieve scripts. + - Mail snippet generation crashed with mails containing invalid +Content-Type:multipart header. + - Log prefix ordering was different for some log lines. + - quota: With noenforcing option current quota usage wasn't +updated. + - auth: Kerberos authentication against Samba assert-crashed. + - stats clients were unnecessarily chatty with the stats server. + - imapc: Fixed various assert-crashes when reconnecting to +server. + - lmtp, submission: Fix potential crash if client disconnects +while handling a command. + - quota: Fixed compiling with glibc-2.26 / support libtirpc. + - fts-solr: Empty search values resulted in 400 Bad Request +errors + - fts-solr: default_ns parameter couldn't be used + - submission server crashed if relay server returned over 7 lines +in a reply (e.g. to EHLO) +- dropped 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch: + included in update + +--- Old: 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch dovecot-2.3-pigeonhole-0.5.2.tar.gz dovecot-2.3-pigeonhole-0.5.2.tar.gz.sig dovecot-2.3.2.1.tar.gz dovecot-2.3.2.1.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.3.tar.gz dovecot-2.3-pigeonhole-0.5.3.tar.gz.sig dovecot-2.3.3.tar.gz dovecot-2.3.3.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.lxDFHx/_old 2018-10-02 19:49:43.005687877 +0200 +++ /var/tmp/diff_new_pack.lxDFHx/_new 2018-10-02 19:49:43.009687873 +0200 @@ -17,11 +17,11 @@ Name: dovecot23 -Version:2.3.2.1 +Version:2.3.3 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.2.1 -%define dovecot_pigeonhole_version 0.5.2 +%define dovecot_version 2.3.3 +%define dovecot_pigeonhole_version 0.5.3 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-07-22 23:05:43
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Sun Jul 22 23:05:43 2018 rev:10 rq:624423 version:2.3.2.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-07-13
10:21:09.262441315 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-07-22
23:05:45.368896767 +0200
@@ -1,0 +2,6 @@
+Fri Jul 13 21:23:16 UTC 2018 - mrueck...@suse.de
+
+- added
+
https://github.com/dovecot/core/commit/4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch
+
+---
New:
4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.Wo33Jh/_old 2018-07-22 23:05:46.084896501 +0200
+++ /var/tmp/diff_new_pack.Wo33Jh/_new 2018-07-22 23:05:46.088896500 +0200
@@ -136,6 +136,7 @@
Source12: dovecot23.keyring
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
+Patch2:
https://github.com/dovecot/core/commit/4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -315,6 +316,7 @@
%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
+%patch2 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++ 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch ++
>From 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e Mon Sep 17 00:00:00 2001
From: Aki Tuomi
Date: Thu, 24 May 2018 12:48:58 +
Subject: [PATCH] acl: Fix return value of acl_attribute_get_acl
If matching acl entry is not found, it must return 0
and not 1 because it did not find anything.
Fixes dsync: Panic: file mailbox-attribute.c: line 362
(mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL ||
value_r->value_stream != NULL)
Broken in 37c72fa0cd3f1d74d79b64afb3fb6da5ffd4fe3a
Found by @dl8bh
---
src/plugins/acl/acl-attributes.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/plugins/acl/acl-attributes.c b/src/plugins/acl/acl-attributes.c
index 2499a30f9c..f0d3177de4 100644
--- a/src/plugins/acl/acl-attributes.c
+++ b/src/plugins/acl/acl-attributes.c
@@ -60,7 +60,7 @@ static int acl_attribute_get_acl(struct mailbox *box, const
char *key,
struct acl_object_list_iter *iter;
struct acl_rights rights, wanted_rights;
const char *id;
- int ret;
+ int ret = 0;
i_zero(value_r);
@@ -88,11 +88,17 @@ static int acl_attribute_get_acl(struct mailbox *box, const
char *key,
rights.id_type == wanted_rights.id_type &&
null_strcmp(rights.identifier, wanted_rights.identifier) ==
0) {
value_r->value = acl_rights_export();
+ ret = 1;
break;
}
}
- if ((ret = acl_object_list_deinit()) < 0)
+ /* the return value here cannot be used, because this function
+ needs to return whether it actually matched something
+ or not */
+ if (acl_object_list_deinit() < 0) {
mail_storage_set_internal_error(box->storage);
+ ret = -1;
+ }
return ret;
}
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-07-13 10:21:03
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Fri Jul 13 10:21:03 2018 rev:9 rq:622091 version:2.3.2.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-07-09
13:31:13.982503637 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-07-13
10:21:09.262441315 +0200
@@ -1,0 +2,9 @@
+Wed Jul 11 14:17:57 UTC 2018 - mrueck...@suse.de
+
+- update to 2.3.2.1
+ - SSL/TLS servers may have crashed during client disconnection
+ - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
+sometimes assert-crashed.
+ - v2.3.2: "make check" may have crashed with 32bit systems
+
+---
Old:
dovecot-2.3.2.tar.gz
dovecot-2.3.2.tar.gz.sig
New:
dovecot-2.3.2.1.tar.gz
dovecot-2.3.2.1.tar.gz.sig
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.FjMtZC/_old 2018-07-13 10:21:10.426442707 +0200
+++ /var/tmp/diff_new_pack.FjMtZC/_new 2018-07-13 10:21:10.430442711 +0200
@@ -17,10 +17,10 @@
Name: dovecot23
-Version:2.3.2
+Version:2.3.2.1
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.2
+%define dovecot_version 2.3.2.1
%define dovecot_pigeonhole_version 0.5.2
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
++ dovecot-2.3.2.tar.gz -> dovecot-2.3.2.1.tar.gz ++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.2.tar.gz
/work/SRC/openSUSE:Factory/.dovecot23.new/dovecot-2.3.2.1.tar.gz differ: char
5, line 1
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-07-09 13:29:33 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Mon Jul 9 13:29:33 2018 rev:8 rq:621463 version:2.3.2 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-05-29 16:53:34.936932294 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-07-09 13:31:13.982503637 +0200 @@ -1,0 +2,93 @@ +Sat Jun 30 20:06:40 UTC 2018 - mrueck...@suse.de + +- update to 2.3.2 + * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE +while opening /proc/self/io. This may still cause security +problems if the process is ptrace()d at the same time. +Instead, open it while still running as root. + + doveadm: Added mailbox cache decision commands. See +doveadm-mailbox(1) man page for details. + + doveadm: Added rebuild attachments command for rebuilding +$HasAttachment or $HasNoAttachment flags for matching mails. +See doveadm-rebuild(1) man page for details. + + cassandra: Use fallback_consistency on more types of errors + + lmtp proxy: Support outgoing SSL/TLS connections + + lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings. + + submission: Add support for rawlog_dir + + submission: Add submission_client_workarounds setting. + + lua auth: Add password_verify() function and additional fields +in auth request. + - doveadm-server: TCP connections are hanging when there is a lot +of network output. This especially caused hangs in +dsync-replication. + - Using multiple type=shared mdbox namespaces crashed + - mail_fsync setting was ignored. It was always set to +"optimized". + - lua auth: Fix potential crash at deinit + - SSL/TLS servers may have crashed if client disconnected during +handshake. + - SSL/TLS servers: Don't send extraneous certificates to client +when alt certs are used. + - lda, lmtp: Return-Path header without '<' may have +assert-crashed. + - lda, lmtp: Unencoded UTF-8 in email address headers may +assert-crash + - lda: -f parameter didn't allow empty/null/domainless address + - lmtp, submission: Message size limit was hardcoded to 40 MB. +Exceeding it caused the connection to get dropped during +transfer. + - lmtp: Fix potential crash when delivery fails at DATA stage + - lmtp: login_greeting setting was ignored + - Fix to work with OpenSSL v1.0.2f + - systemd unit restrictions were too strict by default + - Fix potential crashes when a lot of log output was produced + - SMTP client may have assert-crashed when sending mail + - IMAP COMPRESS: Send "end of compression" marker when +disconnecting. + - cassandra: Fix consistency=quorum to work + - dsync: Lock file generation failed if home directory didn't +exist + - Snippet generation for HTML mails didn't ignore +inside blockquotes, producing strange looking snippets. + - imapc: Fix assert-crash if getting disconnected and after +reconnection all mails in the selected mailbox are gone. + - pop3c: Handle unexpected server disconnections without +assert-crash + - fts: Fixes to indexing mails via virtual mailboxes. + - fts: If mails contained NUL characters, the text around it +wasn't indexed. + - Obsolete dovecot.index.cache offsets were sometimes used. +Trying to fetch a field that was just added to cache file may +not have always found it. +- update pigeonhole to 0.5.2 + + Implement plugin for the a vendor-defined IMAP capability +called "FILTER=SIEVE". It adds the ability to manually invoke +Sieve filtering in IMAP. More information can be found in +doc/plugins/imap_filter_sieve.txt. + - The Sieve addess test caused an assertion panic for invalid +addresses with UTF-8 codepoints in the localpart. Fixed by +properly detecting invalid addresses with UTF-8 codepoints in +the localpart and skipping these like other invalid addresses +while iterating addresses for the address test. + - Make the length of the subject header for the vacation response +configurable and enforce the limit in UTF-8 codepoints rather +than bytes. The subject header for a vacation response was +statically truncated to 256 bytes, which is too limited for +multi-byte UTF-8 characters. + - Sieve editheader extension: Fix assertion panic occurring when +it is used to manipulate a message header with a very large +header field. + - Properly abort execution of the sieve_discard script upon +error. Before, the LDA Sieve plugin attempted to execute the +sieve_discard script when an error occurs. This can lead to the +message being lost. + - Fix the interaction between quota and
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-05-29 16:53:33
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Tue May 29 16:53:33 2018 rev:7 rq:612867 version:2.3.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-04-11
14:05:22.507461895 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-05-29
16:53:34.936932294 +0200
@@ -1,0 +2,12 @@
+Sun May 27 09:31:02 UTC 2018 - mrueck...@suse.de
+
+- added 847790d5aab84df38256a6f9b4849af0eb408419.patch:
+ Fix crash for over quota users
+
+---
+Thu May 24 09:42:48 UTC 2018 - kbabi...@suse.com
+
+- Use OpenPGP signatures provided upstream
+- Added dovecot23.keyring, which contains the keys from the upstream projects
+
+---
New:
847790d5aab84df38256a6f9b4849af0eb408419.patch
dovecot-2.3-pigeonhole-0.5.1.tar.gz.sig
dovecot-2.3.1.tar.gz.sig
dovecot23.keyring
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.d5Avug/_old 2018-05-29 16:53:35.716903599 +0200
+++ /var/tmp/diff_new_pack.d5Avug/_new 2018-05-29 16:53:35.720903452 +0200
@@ -131,10 +131,14 @@
Source7:dovecot-2.1-pigeonhole.configfiles
Source8:dovecot-2.2-pigeonhole.configfiles
Source9:dovecot-2.3-pigeonhole.configfiles
+Source10:
http://www.dovecot.org/releases/%{dovecot_branch}/%{pkg_name}-%{dovecot_version}.tar.gz.sig
+Source11:
http://pigeonhole.dovecot.org/releases/%{dovecot_branch}/%{dovecot_pigeonhole_source_dir}.tar.gz.sig
+Source12: dovecot23.keyring
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
Patch2: 35497604d80090a02619024aeec069b32568e4b4.diff
Patch3: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff
+Patch4: 847790d5aab84df38256a6f9b4849af0eb408419.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -316,6 +320,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++ 847790d5aab84df38256a6f9b4849af0eb408419.patch ++
>From 847790d5aab84df38256a6f9b4849af0eb408419 Mon Sep 17 00:00:00 2001
From: Stephan Bosch
Date: Mon, 14 May 2018 23:56:21 +0200
Subject: [PATCH] lmtp: Fix segfault occurring when a user turns out to be over
quota at DATA transfer.
The LMTP recipient context was not updated with the final recipient address when
the RCPT command was accepted. This left a dangling struct smtp_address pointer
which triggered the segfault when used.
---
src/lmtp/lmtp-common.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lmtp/lmtp-common.c b/src/lmtp/lmtp-common.c
index b3f13dec41..39ed6c1b4f 100644
--- a/src/lmtp/lmtp-common.c
+++ b/src/lmtp/lmtp-common.c
@@ -22,6 +22,7 @@ void lmtp_recipient_finish(struct lmtp_recipient *rcpt,
{
trcpt->context = rcpt;
+ rcpt->path = trcpt->path;
rcpt->rcpt = trcpt;
rcpt->index = index;
rcpt->rcpt_cmd = NULL;
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-04-11 14:03:30
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Wed Apr 11 14:03:30 2018 rev:6 rq:595501 version:2.3.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-03-29
11:57:11.866936561 +0200
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-04-11
14:05:22.507461895 +0200
@@ -1,0 +2,7 @@
+Tue Apr 10 15:46:04 UTC 2018 - vark...@suse.com
+
+- bnc#1088911 - dovecot23 can not build ond s390
+ add: 35497604d80090a02619024aeec069b32568e4b4.diff
+ add: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff
+
+---
New:
35497604d80090a02619024aeec069b32568e4b4.diff
5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.n7H6iQ/_old 2018-04-11 14:05:23.751416648 +0200
+++ /var/tmp/diff_new_pack.n7H6iQ/_new 2018-04-11 14:05:23.751416648 +0200
@@ -133,6 +133,8 @@
Source9:dovecot-2.3-pigeonhole.configfiles
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
+Patch2: 35497604d80090a02619024aeec069b32568e4b4.diff
+Patch3: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -312,6 +314,8 @@
%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++ 35497604d80090a02619024aeec069b32568e4b4.diff ++
diff --git a/src/lib/murmurhash3.c b/src/lib/murmurhash3.c
index 45dcc22fd1..6f6133bd5c 100644
--- a/src/lib/murmurhash3.c
+++ b/src/lib/murmurhash3.c
@@ -23,7 +23,7 @@
static inline uint32_t getblock32(const uint32_t *p, int i)
{
- return p[i];
+ return le32_to_cpu(p[i]);
}
//-
@@ -94,6 +94,8 @@ void murmurhash3_32 (const void *key, size_t len, uint32_t
seed,
h1 = fmix32(h1);
+ h1 = cpu32_to_be(h1);
+
memcpy(out, , sizeof(h1));
}
@@ -103,7 +105,7 @@ void murmurhash3_32 (const void *key, size_t len, uint32_t
seed,
static inline uint64_t getblock64(const uint64_t *p, int i)
{
- return p[i];
+ return le64_to_cpu(p[i]);
}
static inline uint64_t fmix64(uint64_t k)
@@ -206,6 +208,9 @@ void murmurhash3_128(const void *key, size_t len, uint32_t
seed,
h1 += h2;
h2 += h1;
+ h1 = cpu64_to_be(h1);
+ h2 = cpu64_to_be(h2);
+
memcpy(out, , sizeof(h1));
memcpy(out+sizeof(h1), , sizeof(h2));
}
@@ -323,6 +328,11 @@ void murmurhash3_128(const void *key, size_t len, uint32_t
seed,
h1 += h2; h1 += h3; h1 += h4;
h2 += h1; h3 += h1; h4 += h1;
+ h1 = cpu32_to_be(h1);
+ h2 = cpu32_to_be(h2);
+ h3 = cpu32_to_be(h3);
+ h4 = cpu32_to_be(h4);
+
memcpy(out, , sizeof(h1));
memcpy(out+sizeof(h1), , sizeof(h2));
memcpy(out+sizeof(h1)*2, , sizeof(h3));
diff --git a/src/lib/test-murmurhash3.c b/src/lib/test-murmurhash3.c
index 9da3d28e3c..2a60d9840b 100644
--- a/src/lib/test-murmurhash3.c
+++ b/src/lib/test-murmurhash3.c
@@ -7,7 +7,7 @@ struct murmur3_test_vectors {
const char *input;
size_t len;
uint32_t seed;
- uint32_t result[4]; /* fits all results */
+ uint8_t result[MURMURHASH3_128_RESULTBYTES]; /* fits all results */
};
static void test_murmurhash3_algorithm(const char *name,
@@ -30,23 +30,23 @@ static void test_murmurhash3_algorithm(const char *name,
static void test_murmurhash3_32(void)
{
struct murmur3_test_vectors vectors[] = {
- { "", 0, 0, { 0, 0, 0, 0}},
- { "", 0, 0x1, { 0x514E28B7, 0, 0, 0 }},
- { "", 0, 0x, { 0x81F16F39, 0, 0, 0 }},
- { "\0\0\0\0", 4, 0, { 0x2362F9DE, 0, 0, 0 }},
- { "", 4, 0x9747b28c, { 0x5A97808A, 0, 0, 0 }},
- { "aaa", 3, 0x9747b28c, { 0x283E0130, 0, 0, 0 }},
- { "aa", 2, 0x9747b28c, { 0x5D211726, 0, 0, 0 }},
- { "a", 1, 0x9747b28c, { 0x7FA09EA6, 0, 0, 0 }},
- { "abcd", 4, 0x9747b28c, { 0xF0478627, 0, 0, 0 }},
- { "abc", 3, 0x9747b28c, { 0xC84A62DD, 0, 0, 0 }},
- { "ab", 2, 0x9747b28c, { 0x74875592, 0, 0, 0 }},
- { "Hello,
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-03-29 11:57:08
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Thu Mar 29 11:57:08 2018 rev:5 rq:591874 version:2.3.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-03-14
19:40:11.210753321 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-03-29
11:57:11.866936561 +0200
@@ -1,0 +2,77 @@
+Wed Mar 28 09:02:33 UTC 2018 - mrueck...@suse.de
+
+- update pigeonhole to 0.5.1
+ - Explicitly disallow UTF-8 in localpart in addresses parsed from
+Sieve script.
+ - editheader extension: Corrected the stream position
+calculations performed while making the modified message
+available as a stream. Pigeonhole Sieve crashed in LMTP with
+an assertion panic when the Sieve editheader extension was used
+before the message was redirected. Experiments indicate that
+the problem occurred only with LMTP and that LDA is not
+affected.
+ - fileinto extension: Fix assert panic occurring when fileinto is
+used without being listed in the require line, while the copy
+extension is listed there. This is a very old bug.
+ - imapsieve plugin: Do not assert crash or log an error for
+messages that disappear concurrently while applying Sieve
+scripts. This event is now logged as a debug message.
+ - Sieve extprograms plugin: Large output from "execute" command
+crashed delivery. Fixed buffering issue in code that handles
+output from the external program.
+
+---
+Tue Mar 27 18:28:48 UTC 2018 - mrueck...@suse.de
+
+- update to 2.3.1
+ * Submission server support improvements and bug fixes
+- Lots of bug fixes to submission server
+ * API CHANGE: array_idx_modifiable will no longer allocate space
+- Particularly affects how you should check MODULE_CONTEXT
+ result, or use REQUIRE_MODULE_CONTEXT.
+ + mail_attachment_detection_options setting controls when
+$HasAttachment and $HasNoAttachment keywords are set for mails.
+ + imap: Support fetching body snippets using FETCH (SNIPPET) or
+(SNIPPET (LAZY=FUZZY))
+ + fs-compress: Automatically detect whether input is compressed
+or not. Prefix the compression algorithm with "maybe-" to
+enable the detection, for example: "compress:maybe-gz:6:..."
+ + Added settings to change dovecot.index* files' optimization
+behavior. See https://wiki2.dovecot.org/IndexFiles#Settings
+ + Auth cache can now utilize auth workers to do password hash
+verification by setting
+auth_cache_verify_password_with_worker=yes.
+ + Added charset_alias plugin. See
+https://wiki2.dovecot.org/Plugins/CharsetAlias
+ + imap_logout_format and pop3_logout_format settings now support
+all of the generic variables (e.g. %{rip}, %{session}, etc.)
+ + Added auth_policy_check_before_auth,
+auth_policy_check_after_auth and auth_policy_report_after_auth
+settings.
+ + master: Support HAProxy PP2_TYPE_SSL command and set "secured"
+variable appropriately
+ - Invalid UCS4 escape in HTML can cause crashes
+ - imap: IMAP COMPRESS -enabled client crashes on disconnect
+ - lmtp: Fix crash when user is over quota
+ - lib-lda: Parsing Return-Path header address fails when it
+contains CFWS
+ - auth: SASL with Exim fails for AUTH commands without an initial
+response
+ - imap: SPECIAL-USE capability isn't automatically added
+ - auth: LDAP subqueries do not support standard auth variables in
+var-expand
+ - auth: SHA256-CRYPT and SHA512-CRYPT schemes do not work
+ - lib-index: mail_always/never_cache_fields are not used for
+existing cache files
+ - imap: Fetching headers leaks memory if search doesn't find any
+mails
+ - lmtp: ORCPT support in RCPT TO
+ - imap-login: Process sometimes ends up in infinite loop
+ - sdbox: Rolled back save/copy transaction doesn't delete temp
+files
+ - mail: lock_method=dotlock causes crashes
+- drop patches which are included in the update
+ 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch
+ dovecot-2.3.0.1-over-quota-lmtp-crash.patch
+
+---
Old:
23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch
dovecot-2.3-pigeonhole-0.5.0.1.tar.gz
dovecot-2.3.0.1-over-quota-lmtp-crash.patch
dovecot-2.3.0.1.tar.gz
New:
dovecot-2.3-pigeonhole-0.5.1.tar.gz
dovecot-2.3.1.tar.gz
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.CrWkoe/_old 2018-03-29 11:57:12.670907537 +0200
+++
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-03-14 19:39:48
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Wed Mar 14 19:39:48 2018 rev:4 rq:586348 version:2.3.0.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-03-07
10:39:51.243275430 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-03-14
19:40:11.210753321 +0100
@@ -1,0 +2,15 @@
+Tue Mar 13 10:40:48 UTC 2018 - dims...@opensuse.org
+
+- Fix License tag.
+
+---
+Wed Mar 7 12:25:51 UTC 2018 - mrueck...@suse.de
+
+- added 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch
+
+---
+Wed Mar 7 12:10:44 UTC 2018 - mrueck...@suse.de
+
+- update license to SPDX-3
+
+---
@@ -24 +39 @@
-attacker uses randomly generated SNI servernames.
+attacker uses randomly generated SNI servernames. (boo#1082828)
@@ -30,0 +46 @@
+(boo#1082826)
@@ -32 +48 @@
-login process.
+login process. (boo#1075608)
New:
23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.BhY94t/_old 2018-03-14 19:40:12.970690805 +0100
+++ /var/tmp/diff_new_pack.BhY94t/_new 2018-03-14 19:40:13.002689668 +0100
@@ -134,8 +134,9 @@
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
Patch2: dovecot-2.3.0.1-over-quota-lmtp-crash.patch
+Patch3: 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
-License:BSD-3-Clause and LGPL-2.1+ and MIT
+License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
%description
@@ -314,6 +315,7 @@
%patch -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
++ 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch ++
>From 23da0fa1b30cc11bcc1d467674a0950c527e9ff1 Mon Sep 17 00:00:00 2001
From: Timo Sirainen
Date: Sat, 6 Jan 2018 21:22:11 +0200
Subject: [PATCH] ostream-zlib: Ignore missing finish if parent stream is
ignoring errors
This fixes panic with imap_zlib plugin when client enables the IMAP COMPRESS
extension and disconnects:
Panic: file ostream-zlib.c: line 36 (o_stream_zlib_close): assertion failed:
(zstream->ostream.finished || zstream->ostream.ostream.stream_errno != 0)
---
src/lib-compression/ostream-zlib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib-compression/ostream-zlib.c
b/src/lib-compression/ostream-zlib.c
index 848ecb7b89..e0b9a91416 100644
--- a/src/lib-compression/ostream-zlib.c
+++ b/src/lib-compression/ostream-zlib.c
@@ -33,7 +33,8 @@ static void o_stream_zlib_close(struct iostream_private
*stream,
struct zlib_ostream *zstream = (struct zlib_ostream *)stream;
i_assert(zstream->ostream.finished ||
-zstream->ostream.ostream.stream_errno != 0);
+zstream->ostream.ostream.stream_errno != 0 ||
+zstream->ostream.error_handling_disabled);
(void)deflateEnd(>zs);
if (close_parent)
o_stream_close(zstream->ostream.parent);
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-03-07 10:39:34
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Wed Mar 7 10:39:34 2018 rev:3 rq:583681 version:2.3.0.1
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-01-10
23:35:43.722444855 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-03-07
10:39:51.243275430 +0100
@@ -1,0 +2,41 @@
+Tue Mar 6 19:28:49 UTC 2018 - mrueck...@suse.de
+
+- update pigeonhole to 0.5.0.1
+ - imap4flags extension: Fix binary corruption occurring when
+setflag/addflag/removeflag flag-list is a variable.
+ - sieve-extprograms plugin: Fix segfault occurring when used in
+IMAPSieve context.
+- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+
+---
+Tue Mar 6 17:54:58 UTC 2018 - mrueck...@suse.de
+
+- pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch
+
+---
+Tue Mar 6 13:48:50 UTC 2018 - mrueck...@suse.de
+
+- update to 2.3.0.1
+ * CVE-2017-15130: TLS SNI config lookups may lead to excessive
+memory usage, causing imap-login/pop3-login VSZ limit to be
+reached and the process restarted. This happens only if Dovecot
+config has local_name { } or local { } configuration blocks and
+attacker uses randomly generated SNI servernames.
+ * CVE-2017-14461: Parsing invalid email addresses may cause a
+crash or leak memory contents to attacker. For example, these
+memory contents might contain parts of an email from another
+user if the same imap process is reused for multiple users.
+First discovered by Aleksandar Nikolic of Cisco Talos.
+Independently also discovered by "flxflndy" via HackerOne.
+ * CVE-2017-15132: Aborted SASL authentication leaks memory in
+login process.
+ * Linux: Core dumping is no longer enabled by default via
+PR_SET_DUMPABLE, because this may allow attackers to bypass
+chroot/group restrictions. Found by cPanel Security Team.
+Nowadays core dumps can be safely enabled by using "sysctl -w
+fs.suid_dumpable=2". If the old behaviour is wanted, it can
+still be enabled by setting:
+import_environment=$import_environment PR_SET_DUMPABLE=1
+ - imap-login with SSL/TLS connections may end up in infinite loop
+
+---
Old:
321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
dovecot-2.3-pigeonhole-0.5.0.tar.gz
dovecot-2.3.0.tar.gz
New:
dovecot-2.3-pigeonhole-0.5.0.1.tar.gz
dovecot-2.3.0.1-over-quota-lmtp-crash.patch
dovecot-2.3.0.1.tar.gz
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.uzV0Z7/_old 2018-03-07 10:39:53.467195212 +0100
+++ /var/tmp/diff_new_pack.uzV0Z7/_new 2018-03-07 10:39:53.471195067 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package dovecot22
+# spec file for package dovecot23
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,11 +17,11 @@
Name: dovecot23
-Version:2.3.0
+Version:2.3.0.1
Release:0
%define pkg_name dovecot
-%define dovecot_version 2.3.0
-%define dovecot_pigeonhole_version 0.5.0
+%define dovecot_version 2.3.0.1
+%define dovecot_pigeonhole_version 0.5.0.1
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -133,7 +133,7 @@
Source9:dovecot-2.3-pigeonhole.configfiles
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
-Patch2:
https://github.com/stephanbosch/pigeonhole-core/commit/321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
+Patch2: dovecot-2.3.0.1-over-quota-lmtp-crash.patch
Summary:IMAP and POP3 Server Written Primarily with Security in Mind
License:BSD-3-Clause and LGPL-2.1+ and MIT
Group: Productivity/Networking/Email/Servers
@@ -310,12 +310,10 @@
dovecot tree.
%prep
-%setup -q -n %{pkg_name}-ce-%{dovecot_version} -a 1
+%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
-pushd %{dovecot_pigeonhole_source_dir}
%patch2 -p1
-popd
gzip -9v ChangeLog
# Fix plugins dir.
sed -i
commit dovecot23 for openSUSE:Factory
Hello community,
here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2018-01-10 23:35:42
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new (New)
Package is "dovecot23"
Wed Jan 10 23:35:42 2018 rev:2 rq:562901 version:2.3.0
Changes:
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-01-09
14:51:38.644159733 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-01-10
23:35:43.722444855 +0100
@@ -1,0 +2,9 @@
+Mon Dec 25 22:39:53 UTC 2017 - jeng...@inai.de
+
+- Replace %__-type macro indirections.
+ Replace xargs rm by built in -delete of find(1).
+- Run ldconfig directly via %post -p.
+- Check for users in %pre before creating them, and do not suppress
+ errors about it.
+
+---
Other differences:
--
++ dovecot23.spec ++
--- /var/tmp/diff_new_pack.nnlw9s/_old 2018-01-10 23:35:44.502408258 +0100
+++ /var/tmp/diff_new_pack.nnlw9s/_new 2018-01-10 23:35:44.502408258 +0100
@@ -316,9 +316,9 @@
pushd %{dovecot_pigeonhole_source_dir}
%patch2 -p1
popd
-%{__gzip} -9v ChangeLog
+gzip -9v ChangeLog
# Fix plugins dir.
-%{__sed} -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
+sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf
%build
export CFLAGS="%{optflags}"
@@ -389,11 +389,11 @@
%makeinstall -C %{dovecot_pigeonhole_source_dir}
sieve_docdir=%{dovecot_pigeonhole_docdir}
# clean up unused files, as much as I would like to use -delete ... the old
find on sles9 doesnt support it
-find %{buildroot}%{_libdir}/%{pkg_name}/ -type f -name \*.la -print0 | xargs
-r0 rm -fv
-find %{buildroot}%{_libdir}/%{pkg_name}/ -type f -name \*.a -print0 | xargs
-r0 rm -fv
+find %{buildroot}%{_libdir}/%{pkg_name}/ -type f \
+ '(' -name \*.la -o -name \*.a ')' -print -delete
# create /var directories
-%{__install} -m 0755 -Dd \
+install -m 0755 -Dd \
%{buildroot}%{_var}/run/%{pkg_name}/login/ \
%{buildroot}%{_var}/lib/%{pkg_name}/
@@ -414,7 +414,7 @@
popd
# additional docs for the main package
-%{__install} -m 0644 \
+install -m 0644 \
AUTHORS ChangeLog* COPYING* NEWS TODO README* \
%if %{with solr}
doc/*.xml \
@@ -422,9 +422,9 @@
%{buildroot}%{_docdir}/%{pkg_name}/
# install sieve docs
-%{__install} -m 0755 -Dd %{buildroot}%{dovecot_pigeonhole_docdir}
+install -m 0755 -Dd %{buildroot}%{dovecot_pigeonhole_docdir}
pushd %{dovecot_pigeonhole_source_dir}
-%__sed -i 's/\r$//' doc/rfc/*
+sed -i 's/\r$//' doc/rfc/*
cp -av AUTHORS COPYING* INSTALL NEWS README TODO \
examples/ doc/rfc/ doc/devel \
%{buildroot}%{dovecot_pigeonhole_docdir}/
@@ -446,9 +446,13 @@
%pre
test -n "$FIRST_ARG" || FIRST_ARG=$1
-/usr/sbin/groupadd -r %{pkg_name} >/dev/null 2>&1 || :
-/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "User for Dovecot imapd"
-d %{_var}/run/%{pkg_name} %{pkg_name} >/dev/null 2>&1 || :
-/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "User for Dovecot login"
-d %{_var}/run/%{pkg_name} dovenull >/dev/null 2>&1 || :
+getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
+getent passwd %{pkg_name} >/dev/null || \
+ /usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \
+ -c "User for Dovecot imapd" -d %{_var}/run/%{pkg_name} %{pkg_name}
+getent passwd dovenull >/dev/null || \
+ /usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \
+ -c "User for Dovecot login" -d %{_var}/run/%{pkg_name} dovenull
# do not let dovecot run during upgrade rhbz#134325
if [ "$FIRST_ARG" -ge "1" ]; then
rm -f %restart_flag
@@ -469,8 +473,7 @@
%endif
fi
-%post
-/sbin/ldconfig
+%post -p /sbin/ldconfig
%postun
test -n "$FIRST_ARG" || FIRST_ARG=$1
