commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-09-15 16:34:45 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.4249 (New) Package is "dovecot23" Tue Sep 15 16:34:45 2020 rev:33 rq:834633 version:2.3.11.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-09-08 22:49:20.903575387 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.4249/dovecot23.changes 2020-09-15 16:35:47.863028051 +0200 @@ -1,0 +2,8 @@ +Tue Sep 15 10:26:44 UTC 2020 - Arjen de Korte + +- add dovecot-2.3.11.3-gssapi-nul.patch: + Fix for bug introduced in v2.3.11.3. It appears GSSAPI can contain NUL. + + https://github.com/dovecot/core/pull/133 + +--- New: dovecot-2.3.11.3-gssapi-nul.patch Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.0XuuRQ/_old 2020-09-15 16:35:49.887029988 +0200 +++ /var/tmp/diff_new_pack.0XuuRQ/_new 2020-09-15 16:35:49.891029992 +0200 @@ -149,6 +149,8 @@ Patch1: dovecot-2.3.0-better_ssl_defaults.patch # https://github.com/dovecot/core/pull/126 Patch2: allow-tls1.3-only.patch +# https://github.com/dovecot/core/pull/133 +Patch3: dovecot-2.3.11.3-gssapi-nul.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -329,6 +331,7 @@ %patch -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++ dovecot-2.3.11.3-gssapi-nul.patch ++ >From aae316881127017af2ba20e478251132a05f7dc0 Mon Sep 17 00:00:00 2001 From: "Paul G. Banks" Date: Sun, 16 Aug 2020 10:57:36 +0100 Subject: [PATCH] Fix: GSSAPI can contain NUL. --- src/auth/mech-gssapi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c index f29e48da88..966273d388 100644 --- a/src/auth/mech-gssapi.c +++ b/src/auth/mech-gssapi.c @@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request) const struct mech_module mech_gssapi = { "GSSAPI", - .flags = 0, + .flags = MECH_SEC_ALLOW_NULS, .passdb_need = MECH_PASSDB_NEED_NOTHING, mech_gssapi_auth_new,
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-09-08 22:48:59 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.3399 (New) Package is "dovecot23" Tue Sep 8 22:48:59 2020 rev:32 rq:832820 version:2.3.11.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-08-14 09:34:40.120439611 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.3399/dovecot23.changes 2020-09-08 22:49:20.903575387 +0200 @@ -1,0 +2,6 @@ +Mon Aug 31 15:25:03 UTC 2020 - Marcus Rueckert + +- libsodium is not strictly required, it is only required for the + argon password scheme. This is now no longer supported on sle12 + +--- Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.mfh6ku/_old 2020-09-08 22:49:22.011575926 +0200 +++ /var/tmp/diff_new_pack.mfh6ku/_new 2020-09-08 22:49:22.019575930 +0200 @@ -52,8 +52,10 @@ %bcond_withlzma %endif %if 0%{?suse_version} >= 1320 +%bcond_without argon %bcond_without lz4 %else +%bcond_withargon %bcond_withlz4 %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -71,7 +73,9 @@ %if %{with lz4} BuildRequires: liblz4-devel %endif +%if %{with argon} BuildRequires: libsodium-devel +%endif %if 0%{?suse_version} >= 1520 BuildRequires: libmysqlclient-devel %else
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-08-14 09:33:47 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.3399 (New) Package is "dovecot23" Fri Aug 14 09:33:47 2020 rev:31 rq:826276 version:2.3.11.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-05-26 17:50:36.408049720 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.3399/dovecot23.changes 2020-08-14 09:34:40.120439611 +0200 @@ -1,0 +2,116 @@ +Wed Aug 12 13:57:05 UTC 2020 - Arjen de Korte + +- update to 2.3.11.3 and pigeonhole to 0.5.11 (boo#1174920 boo#1174922 boo#1174923) + + Dovecot 2.3.11.3 + - pop3-login: Login didn't handle commands in multiple IP packets properly. +This mainly affected large XCLIENT commands or a large SASL initial +response parameter in the AUTH command. + - pop3: pop3_deleted_flag setting was broken, causing: +Panic: file seq-range-array.c: line 472 (seq_range_array_invert): +assertion failed: (range[count-1].seq2 <= max_seq) + Dovecot 2.3.11.2 + - auth: Lua passdb/userdb leaks stack elements per call, eventually +causing the stack to become too deep and crashing the auth or +auth-worker process. + - lib-mail: v2.3.11 regression: MIME parts not returned correctly by +Dovecot MIME parser. + - pop3-login: Login would fail with "Input buffer full" if the initial +response for SASL was too long. + Dovecot 2.3.11 + * CVE-2020-12100: Parsing mails with a large number of MIME parts could +have resulted in excessive CPU usage or a crash due to running out of +stack memory. + * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check +message buffer size, which leads to reading past allocation which can +lead to crash. + * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an +address that has the empty quoted string as local-part causes the lmtp +service to crash. + * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts +zero-length message, which leads to assert-crash later on. + * Events: Fix inconsistency in events. See event documentation in +https://doc.dovecot.org. + * imap_command_finished event's cmd_name field now contains "unknown" +for unknown commands. A new "cmd_input_name" field contains the +command name exactly as it was sent. + * lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*. +Note that these settings are mainly intended for testing and usually +shouldn't be changed. + * events: Renamed "index" event category to "mail-index". + * events: service: category is now using the name from +configuration file. + * dns-client: service dns_client was renamed to dns-client. + * log: Prefixes generally use the service name from configuration file. +For example dict-async service will now use +"dict-async(pid): " log prefix instead of "dict(pid): " + * *-login: Changed logging done by proxying to use a consistent prefix +containing the IP address and port. + * *-login: Changed disconnection log messages to be slightly clearer. + + dict: Add events for dictionaries. + + lib-index: Finish logging with events. + + oauth2: Support local validation of JWT tokens. + + stats: Add support for dynamic histograms and grouping. See +https://doc.dovecot.org/configuration_manual/stats/. + + imap: Implement RFC 8514: IMAP SAVEDATE + + lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge +folder) adds a lot of data to dovecot.index.cache file, commit those +changes periodically to make them visible to other concurrent sessions +as well. + + stats: Add OpenMetrics exporter for statistics. See +https://doc.dovecot.org/configuration_manual/stats/openmetrics/. + + stats: Support disabling stats-writer socket by setting +stats_writer_socket_path="". + - auth-worker: Process keeps slowly increasing its memory usage and +eventually dies with "out of memory" due to reaching vsz_limit. + - auth: Prevent potential timing attacks in authentication secret +comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result. + - auth: Several auth-mechanisms allowed input to be truncated by NUL +which can potentially lead to unintentional issues or even successful +logins which should have failed. + - auth: When auth policy returned a delay, auth_request_finished event +had policy_result=ok field instead of policy_result=delayed. + - auth: auth process crash when auth_policy_server_url is set to an +invalid URL. + - dict-ldap: Crash occurs if var_expand template expansion fails. + - dict: If dict client disconnected while iteration was still running, +dict process could have started
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-05-26 17:50:29 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New) Package is "dovecot23" Tue May 26 17:50:29 2020 rev:30 rq:809014 version:2.3.10.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-05-19 14:49:41.740231275 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes 2020-05-26 17:50:36.408049720 +0200 @@ -1,0 +2,5 @@ +Tue May 19 12:04:55 UTC 2020 - Marcus Rueckert + +- update tls 1.3 patch to allow building with tls 1.0 + +--- Other differences: -- ++ allow-tls1.3-only.patch ++ --- /var/tmp/diff_new_pack.G1315d/_old 2020-05-26 17:50:36.996051008 +0200 +++ /var/tmp/diff_new_pack.G1315d/_new 2020-05-26 17:50:36.996051008 +0200 @@ -1,20 +1,21 @@ -Index: dovecot-2.3.10/src/config/old-set-parser.c +Index: dovecot-2.3.10.1/src/config/old-set-parser.c === dovecot-2.3.10.orig/src/config/old-set-parser.c -+++ dovecot-2.3.10/src/config/old-set-parser.c -@@ -171,7 +171,7 @@ static int ssl_protocols_to_min_protocol -const char **error_r) +--- dovecot-2.3.10.1.orig/src/config/old-set-parser.c dovecot-2.3.10.1/src/config/old-set-parser.c +@@ -172,6 +172,9 @@ static int ssl_protocols_to_min_protocol { static const char *protocol_versions[] = { -- "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", -+ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", + "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", ++#ifdef TLS1_3_VERSION ++"TLSv1.3", ++#endif }; /* Array where -1 = disable, 0 = not found, 1 = enable */ int protos[N_ELEMENTS(protocol_versions)]; -Index: dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c +Index: dovecot-2.3.10.1/src/lib-ssl-iostream/iostream-openssl-common.c === dovecot-2.3.10.orig/src/lib-ssl-iostream/iostream-openssl-common.c -+++ dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c +--- dovecot-2.3.10.1.orig/src/lib-ssl-iostream/iostream-openssl-common.c dovecot-2.3.10.1/src/lib-ssl-iostream/iostream-openssl-common.c @@ -9,6 +9,16 @@ #include #include @@ -32,12 +33,14 @@ /* openssl_min_protocol_to_options() scans this array for name and returns version and opt. opt is used with SSL_set_options() and version is used with SSL_set_min_proto_version(). Using either method should enable the same -@@ -23,6 +33,8 @@ static const struct { +@@ -23,6 +33,10 @@ static const struct { { SSL_TXT_TLSV1_1, TLS1_1_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 }, { SSL_TXT_TLSV1_2, TLS1_2_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 }, ++#ifdef TLS1_3_VERSION + { SSL_TXT_TLSV1_3, TLS1_3_VERSION, + SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 }, ++#endif }; int openssl_min_protocol_to_options(const char *min_protocol, long *opt_r, int *version_r)
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-05-19 14:49:37 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New) Package is "dovecot23" Tue May 19 14:49:37 2020 rev:29 rq:807017 version:2.3.10.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-05-07 14:55:34.206410488 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes 2020-05-19 14:49:41.740231275 +0200 @@ -1,0 +2,14 @@ +Mon May 18 14:04:52 UTC 2020 - Michael Ströder + +- update to 2.3.10.1 with security fixes for + * CVE-2020-10957: lmtp/submission: A client can crash the server by +sending a NOOP command with an invalid string parameter. +(boo#1171457) + * CVE-2020-10958: lmtp/submission: Sending many invalid or unknown +commands can cause the server to access freed memory, which can lead +to a server crash. (boo#1171458) + * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an +address that has the empty quoted string as local-part causes the +lmtp service to crash. (boo#1171456) + +--- Old: dovecot-2.3.10.tar.gz dovecot-2.3.10.tar.gz.sig New: dovecot-2.3.10.1.tar.gz dovecot-2.3.10.1.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.IJDnZ9/_old 2020-05-19 14:49:42.416232774 +0200 +++ /var/tmp/diff_new_pack.IJDnZ9/_new 2020-05-19 14:49:42.420232783 +0200 @@ -19,10 +19,10 @@ %global _lto_cflags %{nil} Name: dovecot23 -Version:2.3.10 +Version:2.3.10.1 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.10 +%define dovecot_version 2.3.10.1 %define dovecot_pigeonhole_version 0.5.10 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} ++ dovecot-2.3.10.tar.gz -> dovecot-2.3.10.1.tar.gz ++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.10.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot-2.3.10.1.tar.gz differ: char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-05-07 14:55:28 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.2738 (New) Package is "dovecot23" Thu May 7 14:55:28 2020 rev:28 rq:800837 version:2.3.10 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-03-16 10:19:49.119623414 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.2738/dovecot23.changes 2020-05-07 14:55:34.206410488 +0200 @@ -1,0 +2,8 @@ +Wed Apr 29 21:25:30 UTC 2020 - Marcus Rueckert + +- add allow-tls1.3-only.patch: + Allow setting TLSv1.3 as minimum TLS version + + https://github.com/dovecot/core/pull/126 + +--- New: allow-tls1.3-only.patch Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.Z9TPT6/_old 2020-05-07 14:55:36.214414035 +0200 +++ /var/tmp/diff_new_pack.Z9TPT6/_new 2020-05-07 14:55:36.214414035 +0200 @@ -143,6 +143,8 @@ Source12: dovecot23.keyring Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch +# https://github.com/dovecot/core/pull/126 +Patch2: allow-tls1.3-only.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -322,6 +324,7 @@ %setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %patch -p1 %patch1 -p1 +%patch2 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++ allow-tls1.3-only.patch ++ Index: dovecot-2.3.10/src/config/old-set-parser.c === --- dovecot-2.3.10.orig/src/config/old-set-parser.c +++ dovecot-2.3.10/src/config/old-set-parser.c @@ -171,7 +171,7 @@ static int ssl_protocols_to_min_protocol const char **error_r) { static const char *protocol_versions[] = { - "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", + "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", }; /* Array where -1 = disable, 0 = not found, 1 = enable */ int protos[N_ELEMENTS(protocol_versions)]; Index: dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c === --- dovecot-2.3.10.orig/src/lib-ssl-iostream/iostream-openssl-common.c +++ dovecot-2.3.10/src/lib-ssl-iostream/iostream-openssl-common.c @@ -9,6 +9,16 @@ #include #include +/* + * SSL_TXT_TLSV1_3 is not defined in the openssl headers up to 1.1.1g. + * Define it here as no other part of the code uses those defines. + * + * https://github.com/openssl/openssl/pull/6720 + */ +#ifndef SSL_TXT_TLSV1_3 +#define SSL_TXT_TLSV1_3 "TLSv1.3" +#endif + /* openssl_min_protocol_to_options() scans this array for name and returns version and opt. opt is used with SSL_set_options() and version is used with SSL_set_min_proto_version(). Using either method should enable the same @@ -23,6 +33,8 @@ static const struct { { SSL_TXT_TLSV1_1, TLS1_1_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 }, { SSL_TXT_TLSV1_2, TLS1_2_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 }, + { SSL_TXT_TLSV1_3, TLS1_3_VERSION, + SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 }, }; int openssl_min_protocol_to_options(const char *min_protocol, long *opt_r, int *version_r)
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-03-16 10:19:02 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.3160 (New) Package is "dovecot23" Mon Mar 16 10:19:02 2020 rev:27 rq:785090 version:2.3.10 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-02-27 14:37:11.666014521 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.3160/dovecot23.changes 2020-03-16 10:19:49.119623414 +0100 @@ -1,0 +2,117 @@ +Fri Mar 6 11:14:00 UTC 2020 - Arjen de Korte + +- update to 2.3.10 and pigeonhole to 0.5.10 + + Dovecot 2.3.10 + * Disable retpoline migitations by default. These can cause severe +performance regressions, so they should be only enabled when +applicable. + * IMAP MOVE now commits transactions in batches of 1000 mails. This +helps especially with lazy_expunge when moving a lot of mails. It +mainly avoids situations where multiple IMAP sessions are running the +same MOVE command and duplicating the mails in the lazy_expunge folder. +With this change there can still be some duplication, but the MOVE +always progresses forward. Also if the MOVE fails at some point, the +changes up to the last 1000 mails are still committed instead of +rolled back. Note that the COPY command behavior hasn't changed, +because it is required by IMAP standard to be an atomic operation. + * IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails. +This helps especially with lazy_expunge when expunging a lot of mails +(e.g. millions) to make sure that the progress always moves forward +even if the process is killed. + * Autoexpunging now expunges mails in batches of 1000 mails. This helps +especially with lazy_expunge when expunging a lot of mails +(e.g. millions) to make sure that the progress always moves forward +even if the process is killed. + + Add tool for generating sysreport called dovecot-sysreport. +This generates a bundle of information usually needed for support +requests. + + Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457). + + Add metric { group_by } setting. This allows automatically creating +new metrics based on the fields you want to group statistics by. +NOTE: This feature is considered experimental and syntax is subject +to change in future release. + + auth: Support SCRAM-SHA-256 authentication mechanism. + + imap: Support the new IMAP STATUS=SIZE extension. + + Use TCP_QUICKACK to reduce latency for some TCP connections. + + quota-status: Made the service more robust against erroneous use with +Postfix ACL policies other than smtpd_recipient_restrictions. + + Add "revision" field support to imap_id_send setting. Using +"revision *" will send in IMAP ID command response the short commit +hash of the Dovecot git source tree HEAD (same as in dovecot --version). + + IMAP ENVELOPE includes now all addresses when there are multiple +headers (From, To, Cc, etc.) The standard way of having multiple +addresses is to just list them all in a single header. It's +non-standard to have multiple headers. However, since MTAs allow these +mails to pass through and different software may handle them in +different ways, it's better from security point of view to show all +the addresses. + + Event filters now support using "field_name=" to match a field that +doesn't exist or has an empty value. For example use "error=" to match +only events that didn't fail. + - acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA +commands. + - cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be +treated as "uncertain write failure". + - dict-redis: Using quota_clone configured with dict-redis could have +crashed when Redis responded slowly. + - fts-solr: The XML response parser fails to parse large/chunked responses +correctly. This leads to spurious parse errors, most notably: "Error: +fts_solr: received invalid uid '0'". + - imap-hibernate: Communication trouble with imap-master leads to +segfault. + - imap-hibernate: Unhibernation retrying wasn't working. + - imap: Fixed auth lookup privilege problem when imap process was reused +and user was being un-hibernated. + - Fix potential crash when copying/moving mails within the same folder. +This happened only when there were a lot of fields in dovecot.index.cache. + - lib-index: Recreating dovecot.index.cache file could have crashed when +merging bitmask fields. + - lib-index: Using public/shared folders with INDEXPVT configured to use +private \Seen flags, trying to search seen/unseen in an empty folder +crashes with segfault. + -
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-02-27 14:36:56 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.26092 (New) Package is "dovecot23" Thu Feb 27 14:36:56 2020 rev:26 rq:779422 version:2.3.9.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-02-13 10:14:02.400427813 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.26092/dovecot23.changes 2020-02-27 14:37:11.666014521 +0100 @@ -1,0 +2,8 @@ +Wed Feb 26 12:40:54 UTC 2020 - Dominique Leuenberger + +- Update dovecot-2.3.0-dont_use_etc_ssl_certs.patch: since we + change CERTDIR to /etc/ssl/private, it is rather evil to then err + out claiming /etc/ssl/certs would not exist. The error message + should mention the directory it tested for. + +--- Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.ei2zjL/_old 2020-02-27 14:37:13.794018912 +0100 +++ /var/tmp/diff_new_pack.ei2zjL/_new 2020-02-27 14:37:13.798018921 +0100 @@ -1,7 +1,7 @@ # # spec file for package dovecot23 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -127,7 +127,7 @@ %endif Recommends: %{name}-fts = %{version} Recommends: %{name}-fts-squat = %{version} -Url:http://www.dovecot.org +URL:http://www.dovecot.org Source: http://www.dovecot.org/releases/%{dovecot_branch}/%{pkg_name}-%{dovecot_version}.tar.gz Source1: http://pigeonhole.dovecot.org/releases/%{dovecot_branch}/%{dovecot_pigeonhole_source_dir}.tar.gz Source2:dovecot-rpmlintrc ++ dovecot-2.3.0-dont_use_etc_ssl_certs.patch ++ --- /var/tmp/diff_new_pack.ei2zjL/_old 2020-02-27 14:37:13.874019077 +0100 +++ /var/tmp/diff_new_pack.ei2zjL/_new 2020-02-27 14:37:13.874019077 +0100 @@ -1,7 +1,7 @@ -Index: dovecot-2.3.7.2/doc/example-config/conf.d/10-ssl.conf +Index: dovecot-2.3.9.3/doc/example-config/conf.d/10-ssl.conf === dovecot-2.3.7.2.orig/doc/example-config/conf.d/10-ssl.conf -+++ dovecot-2.3.7.2/doc/example-config/conf.d/10-ssl.conf +--- dovecot-2.3.9.3.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.9.3/doc/example-config/conf.d/10-ssl.conf @@ -9,7 +9,7 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed @@ -11,10 +11,10 @@ ssl_key = [CompilingSource.txt] @@ -61,10 +66,10 @@ the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory can be changed using the '--with-ssldir=DIR' configure option. Both can of course be overridden from the configuration file. -Index: dovecot-2.3.7.2/doc/wiki/SSL.CertificateCreation.txt +Index: dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt === dovecot-2.3.7.2.orig/doc/wiki/SSL.CertificateCreation.txt -+++ dovecot-2.3.7.2/doc/wiki/SSL.CertificateCreation.txt +--- dovecot-2.3.9.3.orig/doc/wiki/SSL.CertificateCreation.txt dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt @@ -39,7 +39,7 @@ CN matches the connected host name, othe invalid. It's also possible to use wildcards (eg. *.domain.com) in the host name. They should work with most clients. @@ -74,10 +79,10 @@ private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default the certificate will expire in 365 days. If you wish to change any of these, modify the mkcert.sh script. -Index: dovecot-2.3.7.2/doc/wiki/SSL.DovecotConfiguration.txt +Index: dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt === dovecot-2.3.7.2.orig/doc/wiki/SSL.DovecotConfiguration.txt -+++ dovecot-2.3.7.2/doc/wiki/SSL.DovecotConfiguration.txt +--- dovecot-2.3.9.3.orig/doc/wiki/SSL.DovecotConfiguration.txt dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt @@ -41,7 +41,7 @@ The most important SSL settings are (in ---%<- ssl = yes
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-02-13 10:13:38 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.26092 (New) Package is "dovecot23" Thu Feb 13 10:13:38 2020 rev:25 rq:774042 version:2.3.9.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2020-01-12 23:25:40.094844622 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.26092/dovecot23.changes 2020-02-13 10:14:02.400427813 +0100 @@ -1,0 +2,8 @@ +Wed Feb 12 12:24:46 UTC 2020 - Arjen de Korte + +- update to 2.3.9.3 + * CVE-2020-7046: Truncated UTF-8 can be used to DoS +submission-login and lmtp processes. + * CVE-2020-7957: Specially crafted mail can crash snippet generation. + +--- Old: dovecot-2.3.9.2.tar.gz dovecot-2.3.9.2.tar.gz.sig New: dovecot-2.3.9.3.tar.gz dovecot-2.3.9.3.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.AwZlch/_old 2020-02-13 10:14:03.28419 +0100 +++ /var/tmp/diff_new_pack.AwZlch/_new 2020-02-13 10:14:03.28419 +0100 @@ -19,10 +19,10 @@ %global _lto_cflags %{nil} Name: dovecot23 -Version:2.3.9.2 +Version:2.3.9.3 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.9.2 +%define dovecot_version 2.3.9.3 %define dovecot_pigeonhole_version 0.5.9 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} ++ dovecot-2.3.9.2.tar.gz -> dovecot-2.3.9.3.tar.gz ++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.9.2.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.26092/dovecot-2.3.9.3.tar.gz differ: char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2020-01-12 23:23:45 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.6675 (New) Package is "dovecot23" Sun Jan 12 23:23:45 2020 rev:24 rq:763048 version:2.3.9.2 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-12-18 14:48:37.397946984 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.6675/dovecot23.changes 2020-01-12 23:25:40.094844622 +0100 @@ -1,0 +2,5 @@ +Sun Dec 22 19:51:09 UTC 2019 - Peter Varkoly + +- Adapt package changes in mysql-devel + +--- Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.63vVNF/_old 2020-01-12 23:25:41.046844975 +0100 +++ /var/tmp/diff_new_pack.63vVNF/_new 2020-01-12 23:25:41.046844975 +0100 @@ -72,7 +72,11 @@ BuildRequires: liblz4-devel %endif BuildRequires: libsodium-devel +%if 0%{?suse_version} >= 1520 +BuildRequires: libmysqlclient-devel +%else BuildRequires: mysql-devel +%endif BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: pkgconfig
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-12-18 14:45:44 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.4691 (New) Package is "dovecot23" Wed Dec 18 14:45:44 2019 rev:23 rq:757626 version:2.3.9.2 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-11-15 22:40:23.148475350 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.4691/dovecot23.changes 2019-12-18 14:48:37.397946984 +0100 @@ -1,0 +2,116 @@ +Sat Dec 14 08:55:56 UTC 2019 - Michael Ströder + +- update to 2.3.9.2 with security fixes: + * CVE-2019-19722: Mails with group addresses in From or To +fields caused crash in push notification drivers. + * Mails with empty From/To headers can also cause crash +in push notification drivers. + +--- +Wed Dec 4 21:46:28 UTC 2019 - Michael Ströder + +- update to 2.3.9 and pigeonhole to 0.5.9 + + Dovecot 2.3.9 + * Changed several event field names for consistency and to avoid +conflicts in parent-child event relationships: + * SMTP server command events: Renamed "name" to "cmd_name" + * Events inheriting from a mailbox: Renamed "name" to "mailbox" + * Server connection events have only "remote_ip", "remote_port", + "local_ip" and "local_port". + * Removed duplicate "client_ip", "ip" and "port". + * Mail storage events: Removed "service" field. + Use "service:" category instead. + * HTTP client connection events: Renamed "host" to "dest_host" and + "port" to "dest_port" + * auth: Drop Postfix socketmap support. It hasn't been working +with recent Postfix versions for a while now. + * push-notification-lua: The "subject" field is now decoded to UTF8 +instead of kept as MIME-encoded. + + push-notification-lua: Added new "from_address", "from_display_name", +"to_address" and "to_display_name" fields. The display names are +decoded to UTF8. + + Added various new fields to existing events. +See http://doc.dovecot.net/admin_manual/list_of_events.html + + Add lmtp_add_received_header setting. It can be used to prevent LMTP +from adding "Received:" headers. + + doveadm: Support SSL/STARTTLS for proxied doveadm connections based on +doveadm_ssl setting and proxy ssl/tls settings. + + Log filters support now "service:", which matches all events for +the given service. It can also be used as a category. + + lib: Use libunwind to get abort backtraces with function names +where available. + + lmtp: When the LMTP proxy changes the username (from passdb lookup) +add an appropriate ORCPT parameter. + - lmtp: Add lmtp_client_workarounds setting to implement workarounds for +clients that send MAIL and RCPT commands with additional spaces before +the path and for clients that omit <> brackets around the path. +See example-config/conf.d/20-lmtp.conf. + - lda/lmtp: Invalid MAIL FROM addresses were rejcted too aggressively. +Now mails from addresses with unicode characters are delivered, but +their Return-Path header will be <> instead of the given MAIL FROM +address. + - lmtp: The lmtp_hdr_delivery_address setting is ignored. + - imap: imap_command_finished event's "args" and "human_args" parameters +were always empty. + - mbox: Seeking in zlib and bzip2 compressed input streams didn't work +correctly. + - imap-hibernate: Process crashed when client got destroyed while it was +attempted to be unhibernated, and the unhibernation fails. + - *-login: Proxying may have crashed if SSL handshake to the backend +failed immediately. This was unlikely to happen in normal operation. + - *-login: If TLS handshake to upstream server failed during proxying, +login process could crash due to invalid memory access. + - *-login: v2.3 regression: Using SASL authentication without initial +response may have caused SSL connections to hang. This happened often +at least with PHP's IMAP library. + - *-login: When login processes are flooded with authentication attempts +it starts logging errors about "Authentication server sent unknown id". +This is still expected. However, it also caused the login process to +disconnect from auth server and potentially log some user's password +in the error message. + - dict-sql: SQL prepared statements were not shared between sessions. +This resulted in creating a lot of prepared statements, which was +especially inefficient when using Cassandra backend with a lot of +Cassandra nodes. + - auth: auth_request_finished event didn't have success=yes parameter +set for successful authentications. + - auth: userdb dict - Trying to list users crashed.
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-11-15 22:39:40 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.26869 (New) Package is "dovecot23" Fri Nov 15 22:39:40 2019 rev:22 rq:748910 version:2.3.8 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-10-17 12:21:20.711314403 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.26869/dovecot23.changes 2019-11-15 22:40:23.148475350 +0100 @@ -1,0 +2,5 @@ +Fri Nov 8 12:20:14 UTC 2019 - Arjen de Korte + +- Disable Link Time Optimization (LTO) (boo#1156301) + +--- Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.adELWp/_old 2019-11-15 22:40:23.972474963 +0100 +++ /var/tmp/diff_new_pack.adELWp/_new 2019-11-15 22:40:23.976474961 +0100 @@ -16,6 +16,8 @@ # +%global _lto_cflags %{nil} + Name: dovecot23 Version:2.3.8 Release:0
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-10-17 12:21:18 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.2352 (New) Package is "dovecot23" Thu Oct 17 12:21:18 2019 rev:21 rq:738214 version:2.3.8 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-08-29 17:28:07.595262212 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.2352/dovecot23.changes 2019-10-17 12:21:20.711314403 +0200 @@ -1,0 +2,62 @@ +Tue Oct 8 17:31:00 UTC 2019 - Michael Ströder + +- update to 2.3.8 and pigeonhole to 0.5.8 + + Dovecot 2.3.8 + + Added mail_delivery_started and mail_delivery_finished events, see +https://doc.dovecot.org/admin_manual/list_of_events/ for details. + + dsync-replication: Don't replicate users who have "noreplicate" extra +field in userdb. + + doveadm service status: Show total number of processes created. + + When logging to syslog, use instance_name setting's value for the +ident. This commonly is added as a log prefix. + + Base64 encoding/decoding code was rewritten with additional features. +It shouldn't cause any user visible changes. + - v2.3.7 regression: If a folder only receives new mails without any +other mail access, dovecot.index.log keeps growing forever and +dovecot.index keeps being rewritten for every mail delivery. + - dsync-replication may lose keywords after syncing mails restored from +another replica. This only happened if the mail only had keywords and +no system flags. + - event filters: Non-textual event fields could not be filtered using +wildcards. + - auth: Scope parameter was missing from OAuth password grant +request. + - doveadm client-server communication may hang in some situations. +It is also using unnecessarily small TCP/IP packet sizes. + - doveadm who and kick did not flush protocol output correctly. + - imap: SETMETADATA with literal value would delete the metadata value +instead of updating it. + - imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the +caching decisions should be updated so that newly saved mails will +have the preview cached. + - With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid +permission bits in some files may have become dropped with some NFS +servers. Changed NFS flushing to now use chmod() instead of chown(). + - quota: warnings did not work if quota root was noenforcing + - acl: Global ACL file ignored the last line if it didn't end with LF. + - doveadm stats dump: With JSON formatter output numbers using the +number type instead of as strings + - lmtp_proxy: Ensure that real_* variables are correctly set when using +lmtp_proxy. + - event exporter: http-post driver had hardcoded timeout and did not +support DNS lookups or TLS connections. + - auth: Fix user iteration to work with userdb passwd with glibc v2.28. + - auth: auth service can crash if auth-policy JSON response is invalid +or returned too fast. + - In some rare situations "ps" output could have shown a lot of "?" +characters after Dovecot process titles. + - When dovecot.index.pvt is empty, an unnecessary error is logged: +Error: .../dovecot.index.pvt reset, view is now inconsistent + - SMTP address encoder duplicated initial double quote character when +the localpart of an address ended in '..'. For example +"user...@example.com" became ""user+.."@example.com in a +sieve redirect. + + Pigeonhole 0.5.8 + - Sieve may leak resources in rare cases when a redirect, vacation or +report action fails to send the message. This mainly applies when +Sieve is executed in IMAP context; i.e., for the IMAPSIEVE or +FILTER=SIEVE capabilities. + +--- Old: dovecot-2.3-pigeonhole-0.5.7.2.tar.gz dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig dovecot-2.3.7.2.tar.gz dovecot-2.3.7.2.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.8.tar.gz dovecot-2.3-pigeonhole-0.5.8.tar.gz.sig dovecot-2.3.8.tar.gz dovecot-2.3.8.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.Fa3VHo/_old 2019-10-17 12:21:21.695311935 +0200 +++ /var/tmp/diff_new_pack.Fa3VHo/_new 2019-10-17 12:21:21.699311925 +0200 @@ -17,11 +17,11 @@ Name: dovecot23 -Version:2.3.7.2 +Version:2.3.8 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.7.2 -%define dovecot_pigeonhole_version 0.5.7.2 +%define dovecot_version 2.3.8 +%define dovecot_pigeonhole_version 0.5.8 %define dovecot_branch 2.3 %define
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-08-29 17:28:03 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.7948 (New) Package is "dovecot23" Thu Aug 29 17:28:03 2019 rev:20 rq:726988 version:2.3.7.2 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-07-26 12:40:23.853906983 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.7948/dovecot23.changes 2019-08-29 17:28:07.595262212 +0200 @@ -1,0 +2,17 @@ +Wed Aug 28 16:57:12 UTC 2019 - Marcus Rueckert + +- update to 2.3.7.2 + * CVE-2019-11500: IMAP protocol parser does not properly handle +NUL byte when scanning data in quoted strings, leading to out +of bounds heap memory writes. Found by Nick Roessler and Rafi +Rubin. (boo#1145559) +- update pigeonhole to 0.5.7.2 + * CVE-2019-11500: ManageSieve protocol parser does not properly +handle NUL byte when scanning data in quoted strings, leading +to out of bounds heap memory writes. Found by Nick Roessler and +Rafi Rubin. (boo#1145559) +- refreshed patches to apply cleanly again: + dovecot-2.3.0-better_ssl_defaults.patch + dovecot-2.3.0-dont_use_etc_ssl_certs.patch + +--- Old: dovecot-2.3-pigeonhole-0.5.7.1.tar.gz dovecot-2.3-pigeonhole-0.5.7.1.tar.gz.sig dovecot-2.3.7.1.tar.gz dovecot-2.3.7.1.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.7.2.tar.gz dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig dovecot-2.3.7.2.tar.gz dovecot-2.3.7.2.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.j75c5r/_old 2019-08-29 17:28:08.755262032 +0200 +++ /var/tmp/diff_new_pack.j75c5r/_new 2019-08-29 17:28:08.755262032 +0200 @@ -12,16 +12,16 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: dovecot23 -Version:2.3.7.1 +Version:2.3.7.2 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.7.1 -%define dovecot_pigeonhole_version 0.5.7.1 +%define dovecot_version 2.3.7.2 +%define dovecot_pigeonhole_version 0.5.7.2 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole ++ dovecot-2.3-pigeonhole-0.5.7.1.tar.gz -> dovecot-2.3-pigeonhole-0.5.7.2.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.7.1/ChangeLog new/dovecot-2.3-pigeonhole-0.5.7.2/ChangeLog --- old/dovecot-2.3-pigeonhole-0.5.7.1/ChangeLog2019-07-23 12:20:56.0 +0200 +++ new/dovecot-2.3-pigeonhole-0.5.7.2/ChangeLog2019-08-26 12:38:11.0 +0200 @@ -1,3 +1,37 @@ +2019-08-23 09:48:58 +0300 Aki Tuomi (7372921a) + +Released 0.5.7.2 + + +M NEWS +M configure.ac + +2019-05-17 10:39:25 +0300 Timo Sirainen (4a299840) + +lib-managesieve: Make sure str_unescape() won't be writing past allocated +memory + +The previous commit should already prevent this, but this makes sure it +can't become broken in the future either. It makes the performance a tiny +bit worse, but that's not practically noticeable. + +M src/lib-managesieve/managesieve-parser.c + +2019-05-10 19:43:55 +0300 Timo Sirainen (7ce9990a) + +lib-managesieve: Don't accept strings with NULs + +ManageSieve doesn't allow NULs in strings. + +This fixes a bug with unescaping a string with NULs: str_unescape() could +have been called for memory that points outside the allocated string, +causing heap corruption. This could cause crashes or theoretically even +result in remote code execution exploit. + +Found by Nick Roessler and Rafi Rubin + +M src/lib-managesieve/managesieve-parser.c + 2019-07-22 14:02:50 +0300 Timo Sirainen (db5c74be) Released v0.5.7.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.7.1/NEWS new/dovecot-2.3-pigeonhole-0.5.7.2/NEWS --- old/dovecot-2.3-pigeonhole-0.5.7.1/NEWS 2019-07-23 12:20:46.0 +0200 +++ new/dovecot-2.3-pigeonhole-0.5.7.2/NEWS 2019-08-26 12:38:00.0 +0200 @@ -1,3 +1,9 @@ +v0.5.7.2 2019-08-28 Aki Tuomi + + * CVE-2019-11500: ManageSieve protocol parser does not properly handle + NUL byte when scanning data in
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-07-26 12:40:22 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.4126 (New) Package is "dovecot23" Fri Jul 26 12:40:22 2019 rev:19 rq:718437 version:2.3.7.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-05-02 19:18:38.661562344 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.4126/dovecot23.changes 2019-07-26 12:40:23.853906983 +0200 @@ -1,0 +2,72 @@ +Tue Jul 23 20:06:59 UTC 2019 - Michael Ströder + +- update to 2.3.7.1 and pigeonhole to 0.5.7.1 + Dovecot 2.3.7.1 +- Fix TCP_NODELAY errors being logged on non-Linux OSes +- lmtp proxy: Fix assert-crash when client uses BODY=8BITMIME +- Remove wrongly added checks in namespace prefix checking + Pigeonhole 0.5.7.1 +- dsync: Sieve script syncing failed if mailbox attributes weren't enabled. + Dovecot 2.3.7 +* fts-solr: Removed break-imap-search parameter ++ Added more events for the new statistics, see + https://doc.dovecot.org/admin_manual/list_of_events/ ++ mail-lua: Add IMAP metadata accessors, see + https://doc.dovecot.org/admin_manual/lua/ ++ Add event exporters that allow exporting raw events to log files and + external systems, see + https://doc.dovecot.org/configuration_manual/event_export/ ++ SNIPPET is now PREVIEW and size has been increased to 200 characters. ++ Add body option to fts_enforced. This triggers building FTS index only + on body search, and an error using FTS index fails the search rather + than reads through all the mails. +- Submission/LMTP: Fixed crash when domain argument is invalid in a + second EHLO/LHLO command. +- Copying/moving mails using Maildir format loses IMAP keywords in the + destination if the mail also has no system flags. +- mail_attachment_detection_options=add-flags-on-save caused email body + to be unnecessarily opened when FETCHing mail headers that were + already cached. +- mail attachment detection keywords not saved with maildir. +- dovecot.index.cache may have grown excessively large in some + situations. This happened especially when using autoexpunging with + lazy_expunge folders. Also with mdbox format in general the cache file + wasn't recreated as often as it should have. +- Autoexpunged mails weren't immediately deleted from the disk. Instead, + the deletion from disk happened the next time the folder was opened. + This could have caused unnecessary delays if the opening was done by + an interactive IMAP session. +- Dovecot's TCP connections sometimes add extra 40ms latency due to not + enabling TCP_NODELAY. HTTP and SMTP/LMTP connections weren't + affected, but everything else was. This delay wasn't always visible - + only in some situations with some message/packet sizes. +- imapc: Fix various crash conditions +- Dovecot builds were not always reproducible. +- login-proxy: With shutdown_clients=no after config reload the + existing connections could no longer be listed or kicked with doveadm. +- "doveadm proxy kick" with -f parameter caused a crash in some + situations. +- Auth policy can cause segmentation fault crash during auth process + shutdown if all auth requests have not been finished. +- Fix various minor bugs leading into incorrect behaviour in mailbox + list index handling. These rarely caused noticeable problems. +- LDAP auth: Iteration accesses freed memory, possibly crashing + auth-worker +- local_name { .. } filter in dovecot.conf does not correctly support + multiple names and wildcards were matched incorrectly. +- replicator: dsync assert-crashes if it can't connect to remote TCP + server. +- config: Memory leak in config process when ssl_dh setting wasn't + set and there was no ssl-parameters.dat file. + This caused config process to die once in a while + with "out of memory". + +--- +Mon May 20 14:25:49 UTC 2019 - Peter Varkoly + +- bsc#1134242 - upgrade from 42.3 to 15.1: dovecot shows Unknown + protocol 'SSLv2' + * remove !SSLv2 from existing ssl_protocols configuration +during upgrade + +--- Old: dovecot-2.3-pigeonhole-0.5.6.tar.gz dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig dovecot-2.3.6.tar.gz dovecot-2.3.6.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.7.1.tar.gz dovecot-2.3-pigeonhole-0.5.7.1.tar.gz.sig dovecot-2.3.7.1.tar.gz dovecot-2.3.7.1.tar.gz.sig
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-05-02 19:18:31 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.5148 (New) Package is "dovecot23" Thu May 2 19:18:31 2019 rev:18 rq:699690 version:2.3.6 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-04-19 18:38:46.763214914 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.5148/dovecot23.changes 2019-05-02 19:18:38.661562344 +0200 @@ -1,0 +2,51 @@ +Tue Apr 30 13:49:18 UTC 2019 - Marcus Rueckert + +- update pigeonhole to 0.5.6 + + sieve: Redirect loop prevention is sometimes ineffective. +Improve existing loop detection by also recognizing the +X-Sieve-Redirected-From header in incoming messages and +dropping redirect actions when it points to the sending +account. This header is already added by the redirect action, +so this improvement only adds an additional use of this header. + - sieve: Prevent execution of implicit keep upon temporary +failure occurring at runtime. + +--- +Tue Apr 30 13:34:16 UTC 2019 - Marcus Rueckert + +- update to 2.3.6: (boo#1133624 boo#1133625) + * CVE-2019-11494: Submission-login crashed with signal 11 due to +null pointer access when authentication was aborted by +disconnecting. + * CVE-2019-11499: Submission-login crashed when authentication +was started over TLS secured channel and invalid authentication +message was sent. + * auth: Support password grant with passdb oauth2. + + Use system default CAs for outbound TLS connections. + + Simplify array handling with new helper macros. + + fts_solr: Enable configuring batch_size and soft_commit features. + - lmtp/submission: Fixed various bugs in XCLIENT handling, +including a hang when XCLIENT commands were sent infinitely to +the remote server. + - lmtp/submission: Forwarded multi-line replies were erroneously +sent as two replies to the client. + - lib-smtp: client: Message was not guaranteed to contain CRLF +consistently when CHUNKING was used. + - fts_solr: Plugin was no longer compatible with Solr 7. + - Make it possible to disable certificate checking without +setting ssl_client_ca_* settings. + - pop3c: SSL support was broken. + - mysql: Closing connection twice lead to crash on some systems. + - auth: Multiple oauth2 passdbs crashed auth process on deinit. + - HTTP client connection errors infrequently triggered a +segmentation fault when the connection was idle and not used +for a particular client instance. +- drop https://github.com/dovecot/core/commit/3c5101ffd.patch + +--- +Mon Apr 29 22:11:53 UTC 2019 - Marcus Rueckert + +- backport https://github.com/dovecot/core/commit/3c5101ffd.patch + [PATCH] driver-mysql: Avoid double-closing MySQL connection + +--- Old: dovecot-2.3-pigeonhole-0.5.5.tar.gz dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig dovecot-2.3.5.2.tar.gz dovecot-2.3.5.2.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.6.tar.gz dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig dovecot-2.3.6.tar.gz dovecot-2.3.6.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.2FCLCQ/_old 2019-05-02 19:18:39.597563992 +0200 +++ /var/tmp/diff_new_pack.2FCLCQ/_new 2019-05-02 19:18:39.601563999 +0200 @@ -17,11 +17,11 @@ Name: dovecot23 -Version:2.3.5.2 +Version:2.3.6 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.5.2 -%define dovecot_pigeonhole_version 0.5.5 +%define dovecot_version 2.3.6 +%define dovecot_pigeonhole_version 0.5.6 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole ++ dovecot-2.3-pigeonhole-0.5.5.tar.gz -> dovecot-2.3-pigeonhole-0.5.6.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog --- old/dovecot-2.3-pigeonhole-0.5.5/ChangeLog 2019-03-05 12:53:28.0 +0100 +++ new/dovecot-2.3-pigeonhole-0.5.6/ChangeLog 2019-04-30 14:26:49.0 +0200 @@ -1,11 +1,132 @@ -2019-03-05 13:48:57 +0200 Aki Tuomi (2483b085) +2019-04-30 14:30:41 +0300 Aki Tuomi (92dc263a) -Release v0.5.5 for Dovecot v2.3.5 +Released v0.5.6 M configure.ac -2019-03-04 15:01:08
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-04-19 18:38:42 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.5536 (New) Package is "dovecot23" Fri Apr 19 18:38:42 2019 rev:17 rq:695556 version:2.3.5.2 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-04-04 15:27:27.338899173 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot23.changes 2019-04-19 18:38:46.763214914 +0200 @@ -1,0 +2,11 @@ +Thu Apr 18 11:40:06 UTC 2019 - Marcus Rueckert + +- update to 2.3.5.2 (boo#1132501) + * CVE-2019-10691: Trying to login with 8bit username containing +invalid UTF8 input causes auth process to crash if auth policy +is enabled. This could be used rather easily to cause a DoS. +Similar crash also happens during mail delivery when using +invalid UTF8 in From or Subject header when OX push +notification driver is used. + +--- @@ -4 +15 @@ -- update to 2.3.5.1 +- update to 2.3.5.1 (boo#1130116) Old: dovecot-2.3.5.1.tar.gz dovecot-2.3.5.1.tar.gz.sig New: dovecot-2.3.5.2.tar.gz dovecot-2.3.5.2.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.UN8HQh/_old 2019-04-19 18:38:48.667217332 +0200 +++ /var/tmp/diff_new_pack.UN8HQh/_new 2019-04-19 18:38:48.671217337 +0200 @@ -17,10 +17,10 @@ Name: dovecot23 -Version:2.3.5.1 +Version:2.3.5.2 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.5.1 +%define dovecot_version 2.3.5.2 %define dovecot_pigeonhole_version 0.5.5 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} ++ dovecot-2.3.5.1.tar.gz -> dovecot-2.3.5.2.tar.gz ++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.5.1.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.5536/dovecot-2.3.5.2.tar.gz differ: char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-04-04 15:22:16 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.3908 (New) Package is "dovecot23" Thu Apr 4 15:22:16 2019 rev:16 rq:689340 version:2.3.5.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-02-06 14:07:26.686648974 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.3908/dovecot23.changes 2019-04-04 15:27:27.338899173 +0200 @@ -1,0 +2,68 @@ +Thu Mar 28 12:36:55 UTC 2019 - Marcus Rueckert + +- update to 2.3.5.1 + * CVE-2019-7524: Missing input buffer size validation leads into +arbitrary buffer overflow when reading fts or pop3 uidl header +from Dovecot index. Exploiting this requires direct write +access to the index files. + +--- +Fri Mar 8 18:09:00 UTC 2019 - Marcus Rueckert + +- update to 2.3.5 + + Lua push notification driver: mail keywords and flags are +provided in MessageNew and MessageAppend events. + + submission: Implement support for plugins. + + auth: When auth_policy_log_only=yes, only log what the policy +server response would do without actually doing it. + + auth: Always log policy server decisions with auth_verbose=yes + - v2.3.[34]: doveadm log errors: Output was missing user/session + - lda: Debug log lines could have shown slightly corrupted + - login proxy: Login processes may have crashed in various ways +when login_proxy_max_disconnect_delay was set. + - imap: Fix crash with Maildir+zlib if client disconnects during +APPEND + - lmtp proxy: Fix potential assert-crash + - lmtp/submission: Fix crash when SMTP client transaction times +out + - submission: Split large XCLIENT commands to 512 bytes per +command, so Postfix accepts them. + - submission: Fix crash when client sends invalid BURL command + - submission: relay backend: VRFY command: Avoid forwarding 500 +and 502 replies back to client. + - lib-http: Fix potential assert-crash when DNS lookup fails + - lib-fts: Fix search query generation when one language ignores +a token (e.g. via stopwords). +- update pigeonhole to 0.5.5 + + IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting +which causes messages discarded by an IMAPSieve script to be +expunged immediately, rather than only being marked as +"\Deleted" (which is still the default behavior). + - IMAPSieve: Fix panic crash occurring when a COPY command copies +messages from a virtual mailbox where the source messages +originate from more than a single real mailbox. + - imap4flags extension: Fix deleting all keywords. When the +action resulted in all keywords being removed, no changes were +actually applied. + - variables extension: Fix truncation of UTF-8 variable content. +The maximum size of Sieve variables was enforced by truncating +the variable string content bluntly at the limit, but this does +not consider UTF-8 code point boundaries. This resulted in +broken UTF-8 strings. This problem also surfaced for variable +modifiers, such as the ":encodeurl" modifier provided by the +Sieve "enotify" extension. In that case, the resulting URI +escaping could also be truncated inappropriately. + - IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. +Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context +that modify the message, stored the message a second time, +rather than replacing the originally stored unmodified message. + - Fix segmentation fault occurring when both the +sieve_extprograms plugin (for the Sieve interpreter) and the +imap_filter_sieve plugin (for IMAP) are loaded at the same +time. A symbol was defined by both plugins, causing a clash +when both were loaded. +- drop patches which were backports + - 10048229...de42b54a.patch + - 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch + +--- Old: 10048229...de42b54a.patch 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch dovecot-2.3-pigeonhole-0.5.4.tar.gz dovecot-2.3-pigeonhole-0.5.4.tar.gz.sig dovecot-2.3.4.1.tar.gz dovecot-2.3.4.1.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.5.tar.gz dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig dovecot-2.3.5.1.tar.gz dovecot-2.3.5.1.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.UGxRLu/_old 2019-04-04 15:27:32.458901144 +0200 +++ /var/tmp/diff_new_pack.UGxRLu/_new 2019-04-04 15:27:32.466901146 +0200 @@ -17,11 +17,11 @@ Name: dovecot23
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-02-06 14:07:20 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.28833 (New) Package is "dovecot23" Wed Feb 6 14:07:20 2019 rev:15 rq:671912 version:2.3.4.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-01-24 14:12:02.843457140 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot23.changes 2019-02-06 14:07:26.686648974 +0100 @@ -1,0 +2,16 @@ +Tue Feb 5 13:45:52 UTC 2019 - Marcus Rueckert + +- update to 2.3.4.1 (boo#1123022) + * CVE-2019-3814: If imap/pop3/managesieve/submission client has +trusted certificate with missing username field +(ssl_cert_username_field), under some configurations Dovecot +mistakenly trusts the username provided via authentication +instead of failing. + * ssl_cert_username_field setting was ignored with external +SMTP AUTH, because none of the MTAs (Postfix, Exim) currently +send the cert_username field. This may have allowed users with +trusted certificate to specify any username in the +authentication. This bug didn't affect Dovecot's Submission +service. + +--- Old: dovecot-2.3.4.tar.gz dovecot-2.3.4.tar.gz.sig New: dovecot-2.3.4.1.tar.gz dovecot-2.3.4.1.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.1ihflQ/_old 2019-02-06 14:07:28.218648694 +0100 +++ /var/tmp/diff_new_pack.1ihflQ/_new 2019-02-06 14:07:28.218648694 +0100 @@ -1,7 +1,7 @@ # # spec file for package dovecot23 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,10 +17,10 @@ Name: dovecot23 -Version:2.3.4 +Version:2.3.4.1 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.4 +%define dovecot_version 2.3.4.1 %define dovecot_pigeonhole_version 0.5.4 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} ++ dovecot-2.3.4.tar.gz -> dovecot-2.3.4.1.tar.gz ++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.4.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot-2.3.4.1.tar.gz differ: char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2019-01-24 14:12:00 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.28833 (New) Package is "dovecot23" Thu Jan 24 14:12:00 2019 rev:14 rq:667410 version:2.3.4 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-12-07 14:38:30.302840323 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.28833/dovecot23.changes 2019-01-24 14:12:02.843457140 +0100 @@ -1,0 +2,6 @@ +Thu Jan 17 21:57:42 UTC 2019 - Arjen de Korte + +- add buildrequires zlib-devel which used to be pulled in by other + buildrequires, but no longer is + +--- Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.HFlHP2/_old 2019-01-24 14:12:04.007455798 +0100 +++ /var/tmp/diff_new_pack.HFlHP2/_new 2019-01-24 14:12:04.011455793 +0100 @@ -76,6 +76,7 @@ BuildRequires: pkgconfig BuildRequires: postgresql-devel BuildRequires: tcpd-devel +BuildRequires: zlib-devel %if %{with sqlite} BuildRequires: sqlite-devel > 3 %endif
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-12-07 14:38:22 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.19453 (New) Package is "dovecot23" Fri Dec 7 14:38:22 2018 rev:13 rq:655862 version:2.3.4 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-12-04 20:57:44.896625425 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.19453/dovecot23.changes 2018-12-07 14:38:30.302840323 +0100 @@ -1,0 +2,6 @@ +Thu Dec 6 17:32:43 UTC 2018 - Marcus Rueckert + +- added 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch: + fix crash with mysql/mariadb + +--- New: 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.TscDVg/_old 2018-12-07 14:38:31.614838697 +0100 +++ /var/tmp/diff_new_pack.TscDVg/_new 2018-12-07 14:38:31.618838692 +0100 @@ -137,6 +137,7 @@ Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch Patch2: 10048229...de42b54a.patch +Patch3: 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -317,6 +318,7 @@ %patch -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++ 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch ++ >From 3c5101ffdd2a8115e03ed7180d53578765dea4c9 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Tue, 4 Dec 2018 14:40:04 +0200 Subject: [PATCH] driver-mysql: Avoid double-closing MySQL connection Fixes double-free --- src/lib-sql/driver-mysql.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib-sql/driver-mysql.c b/src/lib-sql/driver-mysql.c index c87e825e4b..5dd1c3124f 100644 --- a/src/lib-sql/driver-mysql.c +++ b/src/lib-sql/driver-mysql.c @@ -173,7 +173,9 @@ static int driver_mysql_connect(struct sql_db *_db) static void driver_mysql_disconnect(struct sql_db *_db) { struct mysql_db *db = (struct mysql_db *)_db; - mysql_close(db->mysql); + if (db->mysql != NULL) + mysql_close(db->mysql); + db->mysql = NULL; } static int driver_mysql_parse_connect_string(struct mysql_db *db, @@ -311,7 +313,9 @@ static void driver_mysql_deinit_v(struct sql_db *_db) _db->no_reconnect = TRUE; sql_db_set_state(>api, SQL_DB_STATE_DISCONNECTED); - mysql_close(db->mysql); + if (db->mysql != NULL) + mysql_close(db->mysql); + db->mysql = NULL; sql_connection_log_finished(_db); event_unref(&_db->event);
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-12-04 20:57:36 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.19453 (New) Package is "dovecot23" Tue Dec 4 20:57:36 2018 rev:12 rq:653727 version:2.3.4 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-10-02 19:49:42.285688629 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.19453/dovecot23.changes 2018-12-04 20:57:44.896625425 +0100 @@ -1,0 +2,52 @@ +Sun Nov 25 00:17:08 UTC 2018 - Marcus Rueckert + +- added 10048229...de42b54a.patch: + Fix build failures on TW i586 + +--- +Sat Nov 24 00:27:59 UTC 2018 - Marcus Rueckert + +- update to 2.3.4 + * The default postmaster_address is now "postmaster@". If username contains the @domain part, +that's used. If not, then the server's hostname is used. + * "doveadm stats dump" now returns two decimals for the "avg" +field. + + Added push notification driver that uses a Lua script + + Added new SQL, DNS and connection events. +See https://wiki2.dovecot.org/Events + + Added "doveadm mailbox cache purge" command. + + Added events API support for Lua scripts + + doveadm force-resync -f parameter performs "index fsck" while +opening the index. This may be useful to fix some types of +broken index files. This may become the default behavior in a +later version. + - director: Kicking a user crashes if login process is very slow + - pop3_no_flag_updates=no: Don't expunge DELEted and RETRed +messages unless QUIT is sent. + - auth: Fix crypt() segfault with glibc-2.28+ + - imap: Running UID FILTER script with errors assert-crashes + - dsync, pop3-migration: POP3 UIDLs weren't added to +dovecot.index.cache while mails were saved. + - dict clients may have been using 100% CPU while waiting for +dict server to finish commands. + - doveadm user: Fixed user listing via HTTP API + - All levels of Cassandra log messages were logged as Dovecot +errors. + - http/smtp client may have crashed after SSL handshake + - Lua auth converted strings that looked like numbers into +numbers. +- update pigeonhole to 0.5.4 + * Adjustments to several changes in Dovecot v2.3.4 make this +Pigeonhole release dependent on that Dovecot release; it will +not compile against older Dovecot versions. And, conversely, +you need to upgrade Pigeonhole when upgrading Dovecot to +v2.3.4. + * The changes regarding the default postmaster_address in Dovecot +v2.3.4 mainly apply to Pigeonhole. The new default should work +for all existing installations, thereby fixing several reported +v2.3/v0.5 migration problems. + - IMAP FILTER=SIEVE capability: Fix assert crash occurring when running +UID FILTER on a Sieve script with errors. + +--- Old: dovecot-2.3-pigeonhole-0.5.3.tar.gz dovecot-2.3-pigeonhole-0.5.3.tar.gz.sig dovecot-2.3.3.tar.gz dovecot-2.3.3.tar.gz.sig New: 10048229...de42b54a.patch dovecot-2.3-pigeonhole-0.5.4.tar.gz dovecot-2.3-pigeonhole-0.5.4.tar.gz.sig dovecot-2.3.4.tar.gz dovecot-2.3.4.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.Waud7O/_old 2018-12-04 20:57:45.844624380 +0100 +++ /var/tmp/diff_new_pack.Waud7O/_new 2018-12-04 20:57:45.844624380 +0100 @@ -17,11 +17,11 @@ Name: dovecot23 -Version:2.3.3 +Version:2.3.4 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.3 -%define dovecot_pigeonhole_version 0.5.3 +%define dovecot_version 2.3.4 +%define dovecot_pigeonhole_version 0.5.4 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole @@ -136,6 +136,7 @@ Source12: dovecot23.keyring Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch +Patch2: 10048229...de42b54a.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -315,6 +316,7 @@ %setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %patch -p1 %patch1 -p1 +%patch2 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf @@ -593,6 +595,7 @@
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-10-02 19:49:09 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Tue Oct 2 19:49:09 2018 rev:11 rq:639470 version:2.3.3 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-07-22 23:05:45.368896767 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-10-02 19:49:42.285688629 +0200 @@ -1,0 +2,67 @@ +Mon Oct 1 22:55:38 UTC 2018 - Marcus Rueckert + +- update pigeonhole to 0.5.3 + - Fix assertion panic occurring when managesieve service fails to +open INBOX while saving a Sieve script. This was caused by a +lack of cleanup after failure. + - Fix specific messages causing an assert panic with actions that +compose a reply (e.g. vacation). With some rather weird input +from the original message, the header folding algorithm (as +used for composing the References header for the reply) got +confused, causing the panic. + - IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command +parsing. After finishing reading the Sieve script, the command +parsing sometimes didn't continue with the search arguments. +This is a time- critical bug that likely only occurs when the +Sieve script is sent in the next TCP frame. + +--- +Mon Oct 1 22:54:12 UTC 2018 - Marcus Rueckert + +- update to 2.3.3 + * doveconf hides more secrets now in the default output. + * ssl_dh setting is no longer enforced at startup. If it's not +set and non-ECC DH key exchange happens, error is logged and +client is disconnected. + + Added log_debug= setting. + + Added log_core_filter= setting. + + quota-clone: Write to dict asynchronously + + --enable-hardening attempts to use retpoline Spectre 2 +mitigations + + lmtp proxy: Support source_ip passdb extra field. + + doveadm stats dump: Support more fields and output stddev +by default. + + push-notification: Add SSL support for OX backend. + - NUL bytes in mail headers can cause truncated replies when +fetched. + - director: Conflicting host up/down state changes may in some +rare situations ended up in a loop of two directors constantly +overwriting each others' changes. + - director: Fix hang/crash when multiple doveadm commands are +being handled concurrently. + - director: Fix assert-crash if doveadm disconnects too early + - virtual plugin: Some searches used 100% CPU for many seconds + - dsync assert-crashed with acl plugin in some situations. + - mail_attachment_detection_options=add-flags-on-save +assert-crashed with some specific Sieve scripts. + - Mail snippet generation crashed with mails containing invalid +Content-Type:multipart header. + - Log prefix ordering was different for some log lines. + - quota: With noenforcing option current quota usage wasn't +updated. + - auth: Kerberos authentication against Samba assert-crashed. + - stats clients were unnecessarily chatty with the stats server. + - imapc: Fixed various assert-crashes when reconnecting to +server. + - lmtp, submission: Fix potential crash if client disconnects +while handling a command. + - quota: Fixed compiling with glibc-2.26 / support libtirpc. + - fts-solr: Empty search values resulted in 400 Bad Request +errors + - fts-solr: default_ns parameter couldn't be used + - submission server crashed if relay server returned over 7 lines +in a reply (e.g. to EHLO) +- dropped 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch: + included in update + +--- Old: 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch dovecot-2.3-pigeonhole-0.5.2.tar.gz dovecot-2.3-pigeonhole-0.5.2.tar.gz.sig dovecot-2.3.2.1.tar.gz dovecot-2.3.2.1.tar.gz.sig New: dovecot-2.3-pigeonhole-0.5.3.tar.gz dovecot-2.3-pigeonhole-0.5.3.tar.gz.sig dovecot-2.3.3.tar.gz dovecot-2.3.3.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.lxDFHx/_old 2018-10-02 19:49:43.005687877 +0200 +++ /var/tmp/diff_new_pack.lxDFHx/_new 2018-10-02 19:49:43.009687873 +0200 @@ -17,11 +17,11 @@ Name: dovecot23 -Version:2.3.2.1 +Version:2.3.3 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.2.1 -%define dovecot_pigeonhole_version 0.5.2 +%define dovecot_version 2.3.3 +%define dovecot_pigeonhole_version 0.5.3 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-07-22 23:05:43 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Sun Jul 22 23:05:43 2018 rev:10 rq:624423 version:2.3.2.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-07-13 10:21:09.262441315 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-07-22 23:05:45.368896767 +0200 @@ -1,0 +2,6 @@ +Fri Jul 13 21:23:16 UTC 2018 - mrueck...@suse.de + +- added + https://github.com/dovecot/core/commit/4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch + +--- New: 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.Wo33Jh/_old 2018-07-22 23:05:46.084896501 +0200 +++ /var/tmp/diff_new_pack.Wo33Jh/_new 2018-07-22 23:05:46.088896500 +0200 @@ -136,6 +136,7 @@ Source12: dovecot23.keyring Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch +Patch2: https://github.com/dovecot/core/commit/4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -315,6 +316,7 @@ %setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %patch -p1 %patch1 -p1 +%patch2 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++ 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e.patch ++ >From 4ff4bd024a9b6e7973b76b186ce085c2ca669d3e Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Thu, 24 May 2018 12:48:58 + Subject: [PATCH] acl: Fix return value of acl_attribute_get_acl If matching acl entry is not found, it must return 0 and not 1 because it did not find anything. Fixes dsync: Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL) Broken in 37c72fa0cd3f1d74d79b64afb3fb6da5ffd4fe3a Found by @dl8bh --- src/plugins/acl/acl-attributes.c | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/plugins/acl/acl-attributes.c b/src/plugins/acl/acl-attributes.c index 2499a30f9c..f0d3177de4 100644 --- a/src/plugins/acl/acl-attributes.c +++ b/src/plugins/acl/acl-attributes.c @@ -60,7 +60,7 @@ static int acl_attribute_get_acl(struct mailbox *box, const char *key, struct acl_object_list_iter *iter; struct acl_rights rights, wanted_rights; const char *id; - int ret; + int ret = 0; i_zero(value_r); @@ -88,11 +88,17 @@ static int acl_attribute_get_acl(struct mailbox *box, const char *key, rights.id_type == wanted_rights.id_type && null_strcmp(rights.identifier, wanted_rights.identifier) == 0) { value_r->value = acl_rights_export(); + ret = 1; break; } } - if ((ret = acl_object_list_deinit()) < 0) + /* the return value here cannot be used, because this function + needs to return whether it actually matched something + or not */ + if (acl_object_list_deinit() < 0) { mail_storage_set_internal_error(box->storage); + ret = -1; + } return ret; }
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-07-13 10:21:03 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Fri Jul 13 10:21:03 2018 rev:9 rq:622091 version:2.3.2.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-07-09 13:31:13.982503637 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-07-13 10:21:09.262441315 +0200 @@ -1,0 +2,9 @@ +Wed Jul 11 14:17:57 UTC 2018 - mrueck...@suse.de + +- update to 2.3.2.1 + - SSL/TLS servers may have crashed during client disconnection + - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have +sometimes assert-crashed. + - v2.3.2: "make check" may have crashed with 32bit systems + +--- Old: dovecot-2.3.2.tar.gz dovecot-2.3.2.tar.gz.sig New: dovecot-2.3.2.1.tar.gz dovecot-2.3.2.1.tar.gz.sig Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.FjMtZC/_old 2018-07-13 10:21:10.426442707 +0200 +++ /var/tmp/diff_new_pack.FjMtZC/_new 2018-07-13 10:21:10.430442711 +0200 @@ -17,10 +17,10 @@ Name: dovecot23 -Version:2.3.2 +Version:2.3.2.1 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.2 +%define dovecot_version 2.3.2.1 %define dovecot_pigeonhole_version 0.5.2 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} ++ dovecot-2.3.2.tar.gz -> dovecot-2.3.2.1.tar.gz ++ /work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3.2.tar.gz /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot-2.3.2.1.tar.gz differ: char 5, line 1
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-07-09 13:29:33 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Mon Jul 9 13:29:33 2018 rev:8 rq:621463 version:2.3.2 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-05-29 16:53:34.936932294 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-07-09 13:31:13.982503637 +0200 @@ -1,0 +2,93 @@ +Sat Jun 30 20:06:40 UTC 2018 - mrueck...@suse.de + +- update to 2.3.2 + * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE +while opening /proc/self/io. This may still cause security +problems if the process is ptrace()d at the same time. +Instead, open it while still running as root. + + doveadm: Added mailbox cache decision commands. See +doveadm-mailbox(1) man page for details. + + doveadm: Added rebuild attachments command for rebuilding +$HasAttachment or $HasNoAttachment flags for matching mails. +See doveadm-rebuild(1) man page for details. + + cassandra: Use fallback_consistency on more types of errors + + lmtp proxy: Support outgoing SSL/TLS connections + + lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings. + + submission: Add support for rawlog_dir + + submission: Add submission_client_workarounds setting. + + lua auth: Add password_verify() function and additional fields +in auth request. + - doveadm-server: TCP connections are hanging when there is a lot +of network output. This especially caused hangs in +dsync-replication. + - Using multiple type=shared mdbox namespaces crashed + - mail_fsync setting was ignored. It was always set to +"optimized". + - lua auth: Fix potential crash at deinit + - SSL/TLS servers may have crashed if client disconnected during +handshake. + - SSL/TLS servers: Don't send extraneous certificates to client +when alt certs are used. + - lda, lmtp: Return-Path header without '<' may have +assert-crashed. + - lda, lmtp: Unencoded UTF-8 in email address headers may +assert-crash + - lda: -f parameter didn't allow empty/null/domainless address + - lmtp, submission: Message size limit was hardcoded to 40 MB. +Exceeding it caused the connection to get dropped during +transfer. + - lmtp: Fix potential crash when delivery fails at DATA stage + - lmtp: login_greeting setting was ignored + - Fix to work with OpenSSL v1.0.2f + - systemd unit restrictions were too strict by default + - Fix potential crashes when a lot of log output was produced + - SMTP client may have assert-crashed when sending mail + - IMAP COMPRESS: Send "end of compression" marker when +disconnecting. + - cassandra: Fix consistency=quorum to work + - dsync: Lock file generation failed if home directory didn't +exist + - Snippet generation for HTML mails didn't ignore +inside blockquotes, producing strange looking snippets. + - imapc: Fix assert-crash if getting disconnected and after +reconnection all mails in the selected mailbox are gone. + - pop3c: Handle unexpected server disconnections without +assert-crash + - fts: Fixes to indexing mails via virtual mailboxes. + - fts: If mails contained NUL characters, the text around it +wasn't indexed. + - Obsolete dovecot.index.cache offsets were sometimes used. +Trying to fetch a field that was just added to cache file may +not have always found it. +- update pigeonhole to 0.5.2 + + Implement plugin for the a vendor-defined IMAP capability +called "FILTER=SIEVE". It adds the ability to manually invoke +Sieve filtering in IMAP. More information can be found in +doc/plugins/imap_filter_sieve.txt. + - The Sieve addess test caused an assertion panic for invalid +addresses with UTF-8 codepoints in the localpart. Fixed by +properly detecting invalid addresses with UTF-8 codepoints in +the localpart and skipping these like other invalid addresses +while iterating addresses for the address test. + - Make the length of the subject header for the vacation response +configurable and enforce the limit in UTF-8 codepoints rather +than bytes. The subject header for a vacation response was +statically truncated to 256 bytes, which is too limited for +multi-byte UTF-8 characters. + - Sieve editheader extension: Fix assertion panic occurring when +it is used to manipulate a message header with a very large +header field. + - Properly abort execution of the sieve_discard script upon +error. Before, the LDA Sieve plugin attempted to execute the +sieve_discard script when an error occurs. This can lead to the +message being lost. + - Fix the interaction between quota and
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-05-29 16:53:33 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Tue May 29 16:53:33 2018 rev:7 rq:612867 version:2.3.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-04-11 14:05:22.507461895 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-05-29 16:53:34.936932294 +0200 @@ -1,0 +2,12 @@ +Sun May 27 09:31:02 UTC 2018 - mrueck...@suse.de + +- added 847790d5aab84df38256a6f9b4849af0eb408419.patch: + Fix crash for over quota users + +--- +Thu May 24 09:42:48 UTC 2018 - kbabi...@suse.com + +- Use OpenPGP signatures provided upstream +- Added dovecot23.keyring, which contains the keys from the upstream projects + +--- New: 847790d5aab84df38256a6f9b4849af0eb408419.patch dovecot-2.3-pigeonhole-0.5.1.tar.gz.sig dovecot-2.3.1.tar.gz.sig dovecot23.keyring Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.d5Avug/_old 2018-05-29 16:53:35.716903599 +0200 +++ /var/tmp/diff_new_pack.d5Avug/_new 2018-05-29 16:53:35.720903452 +0200 @@ -131,10 +131,14 @@ Source7:dovecot-2.1-pigeonhole.configfiles Source8:dovecot-2.2-pigeonhole.configfiles Source9:dovecot-2.3-pigeonhole.configfiles +Source10: http://www.dovecot.org/releases/%{dovecot_branch}/%{pkg_name}-%{dovecot_version}.tar.gz.sig +Source11: http://pigeonhole.dovecot.org/releases/%{dovecot_branch}/%{dovecot_pigeonhole_source_dir}.tar.gz.sig +Source12: dovecot23.keyring Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch Patch2: 35497604d80090a02619024aeec069b32568e4b4.diff Patch3: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff +Patch4: 847790d5aab84df38256a6f9b4849af0eb408419.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -316,6 +320,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++ 847790d5aab84df38256a6f9b4849af0eb408419.patch ++ >From 847790d5aab84df38256a6f9b4849af0eb408419 Mon Sep 17 00:00:00 2001 From: Stephan Bosch Date: Mon, 14 May 2018 23:56:21 +0200 Subject: [PATCH] lmtp: Fix segfault occurring when a user turns out to be over quota at DATA transfer. The LMTP recipient context was not updated with the final recipient address when the RCPT command was accepted. This left a dangling struct smtp_address pointer which triggered the segfault when used. --- src/lmtp/lmtp-common.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lmtp/lmtp-common.c b/src/lmtp/lmtp-common.c index b3f13dec41..39ed6c1b4f 100644 --- a/src/lmtp/lmtp-common.c +++ b/src/lmtp/lmtp-common.c @@ -22,6 +22,7 @@ void lmtp_recipient_finish(struct lmtp_recipient *rcpt, { trcpt->context = rcpt; + rcpt->path = trcpt->path; rcpt->rcpt = trcpt; rcpt->index = index; rcpt->rcpt_cmd = NULL;
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-04-11 14:03:30 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Wed Apr 11 14:03:30 2018 rev:6 rq:595501 version:2.3.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-03-29 11:57:11.866936561 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-04-11 14:05:22.507461895 +0200 @@ -1,0 +2,7 @@ +Tue Apr 10 15:46:04 UTC 2018 - vark...@suse.com + +- bnc#1088911 - dovecot23 can not build ond s390 + add: 35497604d80090a02619024aeec069b32568e4b4.diff + add: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff + +--- New: 35497604d80090a02619024aeec069b32568e4b4.diff 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.n7H6iQ/_old 2018-04-11 14:05:23.751416648 +0200 +++ /var/tmp/diff_new_pack.n7H6iQ/_new 2018-04-11 14:05:23.751416648 +0200 @@ -133,6 +133,8 @@ Source9:dovecot-2.3-pigeonhole.configfiles Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch +Patch2: 35497604d80090a02619024aeec069b32568e4b4.diff +Patch3: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -312,6 +314,8 @@ %setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %patch -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++ 35497604d80090a02619024aeec069b32568e4b4.diff ++ diff --git a/src/lib/murmurhash3.c b/src/lib/murmurhash3.c index 45dcc22fd1..6f6133bd5c 100644 --- a/src/lib/murmurhash3.c +++ b/src/lib/murmurhash3.c @@ -23,7 +23,7 @@ static inline uint32_t getblock32(const uint32_t *p, int i) { - return p[i]; + return le32_to_cpu(p[i]); } //- @@ -94,6 +94,8 @@ void murmurhash3_32 (const void *key, size_t len, uint32_t seed, h1 = fmix32(h1); + h1 = cpu32_to_be(h1); + memcpy(out, , sizeof(h1)); } @@ -103,7 +105,7 @@ void murmurhash3_32 (const void *key, size_t len, uint32_t seed, static inline uint64_t getblock64(const uint64_t *p, int i) { - return p[i]; + return le64_to_cpu(p[i]); } static inline uint64_t fmix64(uint64_t k) @@ -206,6 +208,9 @@ void murmurhash3_128(const void *key, size_t len, uint32_t seed, h1 += h2; h2 += h1; + h1 = cpu64_to_be(h1); + h2 = cpu64_to_be(h2); + memcpy(out, , sizeof(h1)); memcpy(out+sizeof(h1), , sizeof(h2)); } @@ -323,6 +328,11 @@ void murmurhash3_128(const void *key, size_t len, uint32_t seed, h1 += h2; h1 += h3; h1 += h4; h2 += h1; h3 += h1; h4 += h1; + h1 = cpu32_to_be(h1); + h2 = cpu32_to_be(h2); + h3 = cpu32_to_be(h3); + h4 = cpu32_to_be(h4); + memcpy(out, , sizeof(h1)); memcpy(out+sizeof(h1), , sizeof(h2)); memcpy(out+sizeof(h1)*2, , sizeof(h3)); diff --git a/src/lib/test-murmurhash3.c b/src/lib/test-murmurhash3.c index 9da3d28e3c..2a60d9840b 100644 --- a/src/lib/test-murmurhash3.c +++ b/src/lib/test-murmurhash3.c @@ -7,7 +7,7 @@ struct murmur3_test_vectors { const char *input; size_t len; uint32_t seed; - uint32_t result[4]; /* fits all results */ + uint8_t result[MURMURHASH3_128_RESULTBYTES]; /* fits all results */ }; static void test_murmurhash3_algorithm(const char *name, @@ -30,23 +30,23 @@ static void test_murmurhash3_algorithm(const char *name, static void test_murmurhash3_32(void) { struct murmur3_test_vectors vectors[] = { - { "", 0, 0, { 0, 0, 0, 0}}, - { "", 0, 0x1, { 0x514E28B7, 0, 0, 0 }}, - { "", 0, 0x, { 0x81F16F39, 0, 0, 0 }}, - { "\0\0\0\0", 4, 0, { 0x2362F9DE, 0, 0, 0 }}, - { "", 4, 0x9747b28c, { 0x5A97808A, 0, 0, 0 }}, - { "aaa", 3, 0x9747b28c, { 0x283E0130, 0, 0, 0 }}, - { "aa", 2, 0x9747b28c, { 0x5D211726, 0, 0, 0 }}, - { "a", 1, 0x9747b28c, { 0x7FA09EA6, 0, 0, 0 }}, - { "abcd", 4, 0x9747b28c, { 0xF0478627, 0, 0, 0 }}, - { "abc", 3, 0x9747b28c, { 0xC84A62DD, 0, 0, 0 }}, - { "ab", 2, 0x9747b28c, { 0x74875592, 0, 0, 0 }}, - { "Hello,
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-03-29 11:57:08 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Thu Mar 29 11:57:08 2018 rev:5 rq:591874 version:2.3.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-03-14 19:40:11.210753321 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-03-29 11:57:11.866936561 +0200 @@ -1,0 +2,77 @@ +Wed Mar 28 09:02:33 UTC 2018 - mrueck...@suse.de + +- update pigeonhole to 0.5.1 + - Explicitly disallow UTF-8 in localpart in addresses parsed from +Sieve script. + - editheader extension: Corrected the stream position +calculations performed while making the modified message +available as a stream. Pigeonhole Sieve crashed in LMTP with +an assertion panic when the Sieve editheader extension was used +before the message was redirected. Experiments indicate that +the problem occurred only with LMTP and that LDA is not +affected. + - fileinto extension: Fix assert panic occurring when fileinto is +used without being listed in the require line, while the copy +extension is listed there. This is a very old bug. + - imapsieve plugin: Do not assert crash or log an error for +messages that disappear concurrently while applying Sieve +scripts. This event is now logged as a debug message. + - Sieve extprograms plugin: Large output from "execute" command +crashed delivery. Fixed buffering issue in code that handles +output from the external program. + +--- +Tue Mar 27 18:28:48 UTC 2018 - mrueck...@suse.de + +- update to 2.3.1 + * Submission server support improvements and bug fixes +- Lots of bug fixes to submission server + * API CHANGE: array_idx_modifiable will no longer allocate space +- Particularly affects how you should check MODULE_CONTEXT + result, or use REQUIRE_MODULE_CONTEXT. + + mail_attachment_detection_options setting controls when +$HasAttachment and $HasNoAttachment keywords are set for mails. + + imap: Support fetching body snippets using FETCH (SNIPPET) or +(SNIPPET (LAZY=FUZZY)) + + fs-compress: Automatically detect whether input is compressed +or not. Prefix the compression algorithm with "maybe-" to +enable the detection, for example: "compress:maybe-gz:6:..." + + Added settings to change dovecot.index* files' optimization +behavior. See https://wiki2.dovecot.org/IndexFiles#Settings + + Auth cache can now utilize auth workers to do password hash +verification by setting +auth_cache_verify_password_with_worker=yes. + + Added charset_alias plugin. See +https://wiki2.dovecot.org/Plugins/CharsetAlias + + imap_logout_format and pop3_logout_format settings now support +all of the generic variables (e.g. %{rip}, %{session}, etc.) + + Added auth_policy_check_before_auth, +auth_policy_check_after_auth and auth_policy_report_after_auth +settings. + + master: Support HAProxy PP2_TYPE_SSL command and set "secured" +variable appropriately + - Invalid UCS4 escape in HTML can cause crashes + - imap: IMAP COMPRESS -enabled client crashes on disconnect + - lmtp: Fix crash when user is over quota + - lib-lda: Parsing Return-Path header address fails when it +contains CFWS + - auth: SASL with Exim fails for AUTH commands without an initial +response + - imap: SPECIAL-USE capability isn't automatically added + - auth: LDAP subqueries do not support standard auth variables in +var-expand + - auth: SHA256-CRYPT and SHA512-CRYPT schemes do not work + - lib-index: mail_always/never_cache_fields are not used for +existing cache files + - imap: Fetching headers leaks memory if search doesn't find any +mails + - lmtp: ORCPT support in RCPT TO + - imap-login: Process sometimes ends up in infinite loop + - sdbox: Rolled back save/copy transaction doesn't delete temp +files + - mail: lock_method=dotlock causes crashes +- drop patches which are included in the update + 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch + dovecot-2.3.0.1-over-quota-lmtp-crash.patch + +--- Old: 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch dovecot-2.3-pigeonhole-0.5.0.1.tar.gz dovecot-2.3.0.1-over-quota-lmtp-crash.patch dovecot-2.3.0.1.tar.gz New: dovecot-2.3-pigeonhole-0.5.1.tar.gz dovecot-2.3.1.tar.gz Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.CrWkoe/_old 2018-03-29 11:57:12.670907537 +0200 +++
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-03-14 19:39:48 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Wed Mar 14 19:39:48 2018 rev:4 rq:586348 version:2.3.0.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-03-07 10:39:51.243275430 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-03-14 19:40:11.210753321 +0100 @@ -1,0 +2,15 @@ +Tue Mar 13 10:40:48 UTC 2018 - dims...@opensuse.org + +- Fix License tag. + +--- +Wed Mar 7 12:25:51 UTC 2018 - mrueck...@suse.de + +- added 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch + +--- +Wed Mar 7 12:10:44 UTC 2018 - mrueck...@suse.de + +- update license to SPDX-3 + +--- @@ -24 +39 @@ -attacker uses randomly generated SNI servernames. +attacker uses randomly generated SNI servernames. (boo#1082828) @@ -30,0 +46 @@ +(boo#1082826) @@ -32 +48 @@ -login process. +login process. (boo#1075608) New: 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.BhY94t/_old 2018-03-14 19:40:12.970690805 +0100 +++ /var/tmp/diff_new_pack.BhY94t/_new 2018-03-14 19:40:13.002689668 +0100 @@ -134,8 +134,9 @@ Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch Patch2: dovecot-2.3.0.1-over-quota-lmtp-crash.patch +Patch3: 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind -License:BSD-3-Clause and LGPL-2.1+ and MIT +License:BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers %description @@ -314,6 +315,7 @@ %patch -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++ 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch ++ >From 23da0fa1b30cc11bcc1d467674a0950c527e9ff1 Mon Sep 17 00:00:00 2001 From: Timo SirainenDate: Sat, 6 Jan 2018 21:22:11 +0200 Subject: [PATCH] ostream-zlib: Ignore missing finish if parent stream is ignoring errors This fixes panic with imap_zlib plugin when client enables the IMAP COMPRESS extension and disconnects: Panic: file ostream-zlib.c: line 36 (o_stream_zlib_close): assertion failed: (zstream->ostream.finished || zstream->ostream.ostream.stream_errno != 0) --- src/lib-compression/ostream-zlib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib-compression/ostream-zlib.c b/src/lib-compression/ostream-zlib.c index 848ecb7b89..e0b9a91416 100644 --- a/src/lib-compression/ostream-zlib.c +++ b/src/lib-compression/ostream-zlib.c @@ -33,7 +33,8 @@ static void o_stream_zlib_close(struct iostream_private *stream, struct zlib_ostream *zstream = (struct zlib_ostream *)stream; i_assert(zstream->ostream.finished || -zstream->ostream.ostream.stream_errno != 0); +zstream->ostream.ostream.stream_errno != 0 || +zstream->ostream.error_handling_disabled); (void)deflateEnd(>zs); if (close_parent) o_stream_close(zstream->ostream.parent);
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-03-07 10:39:34 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Wed Mar 7 10:39:34 2018 rev:3 rq:583681 version:2.3.0.1 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-01-10 23:35:43.722444855 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-03-07 10:39:51.243275430 +0100 @@ -1,0 +2,41 @@ +Tue Mar 6 19:28:49 UTC 2018 - mrueck...@suse.de + +- update pigeonhole to 0.5.0.1 + - imap4flags extension: Fix binary corruption occurring when +setflag/addflag/removeflag flag-list is a variable. + - sieve-extprograms plugin: Fix segfault occurring when used in +IMAPSieve context. +- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch + +--- +Tue Mar 6 17:54:58 UTC 2018 - mrueck...@suse.de + +- pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch + +--- +Tue Mar 6 13:48:50 UTC 2018 - mrueck...@suse.de + +- update to 2.3.0.1 + * CVE-2017-15130: TLS SNI config lookups may lead to excessive +memory usage, causing imap-login/pop3-login VSZ limit to be +reached and the process restarted. This happens only if Dovecot +config has local_name { } or local { } configuration blocks and +attacker uses randomly generated SNI servernames. + * CVE-2017-14461: Parsing invalid email addresses may cause a +crash or leak memory contents to attacker. For example, these +memory contents might contain parts of an email from another +user if the same imap process is reused for multiple users. +First discovered by Aleksandar Nikolic of Cisco Talos. +Independently also discovered by "flxflndy" via HackerOne. + * CVE-2017-15132: Aborted SASL authentication leaks memory in +login process. + * Linux: Core dumping is no longer enabled by default via +PR_SET_DUMPABLE, because this may allow attackers to bypass +chroot/group restrictions. Found by cPanel Security Team. +Nowadays core dumps can be safely enabled by using "sysctl -w +fs.suid_dumpable=2". If the old behaviour is wanted, it can +still be enabled by setting: +import_environment=$import_environment PR_SET_DUMPABLE=1 + - imap-login with SSL/TLS connections may end up in infinite loop + +--- Old: 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch dovecot-2.3-pigeonhole-0.5.0.tar.gz dovecot-2.3.0.tar.gz New: dovecot-2.3-pigeonhole-0.5.0.1.tar.gz dovecot-2.3.0.1-over-quota-lmtp-crash.patch dovecot-2.3.0.1.tar.gz Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.uzV0Z7/_old 2018-03-07 10:39:53.467195212 +0100 +++ /var/tmp/diff_new_pack.uzV0Z7/_new 2018-03-07 10:39:53.471195067 +0100 @@ -1,7 +1,7 @@ # -# spec file for package dovecot22 +# spec file for package dovecot23 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,11 +17,11 @@ Name: dovecot23 -Version:2.3.0 +Version:2.3.0.1 Release:0 %define pkg_name dovecot -%define dovecot_version 2.3.0 -%define dovecot_pigeonhole_version 0.5.0 +%define dovecot_version 2.3.0.1 +%define dovecot_pigeonhole_version 0.5.0.1 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole @@ -133,7 +133,7 @@ Source9:dovecot-2.3-pigeonhole.configfiles Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch -Patch2: https://github.com/stephanbosch/pigeonhole-core/commit/321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch +Patch2: dovecot-2.3.0.1-over-quota-lmtp-crash.patch Summary:IMAP and POP3 Server Written Primarily with Security in Mind License:BSD-3-Clause and LGPL-2.1+ and MIT Group: Productivity/Networking/Email/Servers @@ -310,12 +310,10 @@ dovecot tree. %prep -%setup -q -n %{pkg_name}-ce-%{dovecot_version} -a 1 +%setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %patch -p1 %patch1 -p1 -pushd %{dovecot_pigeonhole_source_dir} %patch2 -p1 -popd gzip -9v ChangeLog # Fix plugins dir. sed -i
commit dovecot23 for openSUSE:Factory
Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2018-01-10 23:35:42 Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new (New) Package is "dovecot23" Wed Jan 10 23:35:42 2018 rev:2 rq:562901 version:2.3.0 Changes: --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2018-01-09 14:51:38.644159733 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new/dovecot23.changes 2018-01-10 23:35:43.722444855 +0100 @@ -1,0 +2,9 @@ +Mon Dec 25 22:39:53 UTC 2017 - jeng...@inai.de + +- Replace %__-type macro indirections. + Replace xargs rm by built in -delete of find(1). +- Run ldconfig directly via %post -p. +- Check for users in %pre before creating them, and do not suppress + errors about it. + +--- Other differences: -- ++ dovecot23.spec ++ --- /var/tmp/diff_new_pack.nnlw9s/_old 2018-01-10 23:35:44.502408258 +0100 +++ /var/tmp/diff_new_pack.nnlw9s/_new 2018-01-10 23:35:44.502408258 +0100 @@ -316,9 +316,9 @@ pushd %{dovecot_pigeonhole_source_dir} %patch2 -p1 popd -%{__gzip} -9v ChangeLog +gzip -9v ChangeLog # Fix plugins dir. -%{__sed} -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf +sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf %build export CFLAGS="%{optflags}" @@ -389,11 +389,11 @@ %makeinstall -C %{dovecot_pigeonhole_source_dir} sieve_docdir=%{dovecot_pigeonhole_docdir} # clean up unused files, as much as I would like to use -delete ... the old find on sles9 doesnt support it -find %{buildroot}%{_libdir}/%{pkg_name}/ -type f -name \*.la -print0 | xargs -r0 rm -fv -find %{buildroot}%{_libdir}/%{pkg_name}/ -type f -name \*.a -print0 | xargs -r0 rm -fv +find %{buildroot}%{_libdir}/%{pkg_name}/ -type f \ + '(' -name \*.la -o -name \*.a ')' -print -delete # create /var directories -%{__install} -m 0755 -Dd \ +install -m 0755 -Dd \ %{buildroot}%{_var}/run/%{pkg_name}/login/ \ %{buildroot}%{_var}/lib/%{pkg_name}/ @@ -414,7 +414,7 @@ popd # additional docs for the main package -%{__install} -m 0644 \ +install -m 0644 \ AUTHORS ChangeLog* COPYING* NEWS TODO README* \ %if %{with solr} doc/*.xml \ @@ -422,9 +422,9 @@ %{buildroot}%{_docdir}/%{pkg_name}/ # install sieve docs -%{__install} -m 0755 -Dd %{buildroot}%{dovecot_pigeonhole_docdir} +install -m 0755 -Dd %{buildroot}%{dovecot_pigeonhole_docdir} pushd %{dovecot_pigeonhole_source_dir} -%__sed -i 's/\r$//' doc/rfc/* +sed -i 's/\r$//' doc/rfc/* cp -av AUTHORS COPYING* INSTALL NEWS README TODO \ examples/ doc/rfc/ doc/devel \ %{buildroot}%{dovecot_pigeonhole_docdir}/ @@ -446,9 +446,13 @@ %pre test -n "$FIRST_ARG" || FIRST_ARG=$1 -/usr/sbin/groupadd -r %{pkg_name} >/dev/null 2>&1 || : -/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "User for Dovecot imapd" -d %{_var}/run/%{pkg_name} %{pkg_name} >/dev/null 2>&1 || : -/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "User for Dovecot login" -d %{_var}/run/%{pkg_name} dovenull >/dev/null 2>&1 || : +getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name} +getent passwd %{pkg_name} >/dev/null || \ + /usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \ + -c "User for Dovecot imapd" -d %{_var}/run/%{pkg_name} %{pkg_name} +getent passwd dovenull >/dev/null || \ + /usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \ + -c "User for Dovecot login" -d %{_var}/run/%{pkg_name} dovenull # do not let dovecot run during upgrade rhbz#134325 if [ "$FIRST_ARG" -ge "1" ]; then rm -f %restart_flag @@ -469,8 +473,7 @@ %endif fi -%post -/sbin/ldconfig +%post -p /sbin/ldconfig %postun test -n "$FIRST_ARG" || FIRST_ARG=$1