diff --git a/dovecot-2.3.4-de42b54.patch b/dovecot-2.3.4-de42b54.patch deleted file mode 100644 index 534ce98..0000000 --- a/dovecot-2.3.4-de42b54.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff --git a/src/lib-master/test-event-stats.c b/src/lib-master/test-event-stats.c -index 8fcb3dd22d..2d8a13cd40 100644 ---- a/src/lib-master/test-event-stats.c -+++ b/src/lib-master/test-event-stats.c -@@ -344,7 +344,7 @@ static void test_no_merging2(void) - event_unref(&child_ev); - test_assert( - compare_test_stats_to( -- "EVENT %lu 1 0 0" -+ "EVENT %"PRIu64" 1 0 0" - " stest-event-stats.c %d" - " l0 0 ctest2\n", id, l)); - test_end(); -@@ -370,12 +370,12 @@ static void test_no_merging3(void) - event_unref(&child_ev); - test_assert( - compare_test_stats_to( -- "BEGIN %lu 0 1 0 0" -+ "BEGIN %"PRIu64" 0 1 0 0" - " stest-event-stats.c %d ctest1\n" -- "EVENT %lu 1 1 0" -+ "EVENT %"PRIu64" 1 1 0" - " stest-event-stats.c %d" - " l1 0 ctest2\n" -- "END\t%lu\n", idp, lp, idp, l, idp)); -+ "END\t%"PRIu64"\n", idp, lp, idp, l, idp)); - test_end(); - } - -@@ -435,7 +435,7 @@ static void test_merge_events2(void) - event_unref(&merge_ev2); - test_assert( - compare_test_stats_to( -- "EVENT %lu 1 0 0" -+ "EVENT %"PRIu64" 1 0 0" - " stest-event-stats.c %d l0 0" - " ctest3 ctest2 ctest1 Tkey3" - " 10 0 Ikey2 20" -@@ -467,11 +467,11 @@ static void test_skip_parents(void) - event_unref(&child_ev); - test_assert( - compare_test_stats_to( -- "BEGIN %lu 0 1 0 0" -+ "BEGIN %"PRIu64" 0 1 0 0" - " stest-event-stats.c %d ctest1\n" -- "EVENT %lu 1 3 0 " -+ "EVENT %"PRIu64" 1 3 0 " - "stest-event-stats.c %d l3 0" -- " ctest2\nEND\t%lu\n", id, lp, id, l, id)); -+ " ctest2\nEND\t%"PRIu64"\n", id, lp, id, l, id)); - test_end(); - } - -@@ -509,12 +509,12 @@ static void test_merge_events_skip_parents(void) - event_unref(&child2_ev); - test_assert( - compare_test_stats_to( -- "BEGIN %lu 0 1 0 0" -+ "BEGIN %"PRIu64" 0 1 0 0" - " stest-event-stats.c %d ctest1\n" -- "EVENT %lu 1 3 0 " -+ "EVENT %"PRIu64" 1 3 0 " - "stest-event-stats.c %d l3 0 " - "ctest4 ctest5 Tkey3 10 0 Skey4" -- " str4\nEND\t%lu\n", id, lp, id, l, id)); -+ " str4\nEND\t%"PRIu64"\n", id, lp, id, l, id)); - test_end(); - } - diff --git a/dovecot.spec b/dovecot.spec index 4193a1f..d32cc87 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.3.4 +Version: 2.3.10.1 %global prever %{nil} -Release: 3%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -13,7 +13,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.5.4 +%global pigeonholever 0.5.10 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -32,7 +32,6 @@ Patch6: dovecot-2.1.10-waitonline.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch -Patch11: dovecot-2.3.4-de42b54.patch Source15: prestartscript @@ -51,7 +50,10 @@ BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel +BuildRequires: lz4-devel BuildRequires: libsodium-devel +BuildRequires: libexttextcat-devel +BuildRequires: libstemmer-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -88,7 +90,7 @@ BuildRequires: curl-devel expat-devel BuildRequires: libcurl-devel expat-devel %endif -%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install +%global restart_flag /run/%{name}/%{name}-restart-after-rpm-install %description Dovecot is an IMAP server for Linux/UNIX-like systems, written with security @@ -132,7 +134,6 @@ This package provides the development files for dovecot. %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem #%patch10 -p1 -b .libxcrypt -%patch11 -p1 -b .de42b54 #pushd dovecot-2*3-pigeonhole-%{pigeonholever} #popd @@ -141,7 +142,7 @@ sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src %build #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules %global _hardened_build 1 -export CFLAGS="%{__global_cflags} -fno-strict-aliasing" +export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}" # el6 autoconf too old to regen; use packaged files (#1082384) %if %{?fedora}00%{?rhel} > 6 @@ -243,7 +244,7 @@ install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot %endif -mkdir -p $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login} +mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login} # Install dovecot configuration and dovecot-openssl.cnf mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d @@ -300,11 +301,11 @@ then %endif fi -install -d -m 0755 -g dovecot -d /var/run/dovecot -install -d -m 0755 -d /var/run/dovecot/empty -install -d -m 0750 -g dovenull -d /var/run/dovecot/login -install -d -m 0755 -g dovenull -d /var/run/dovecot/token-login -[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot +install -d -m 0755 -g dovecot -d /run/dovecot +install -d -m 0755 -d /run/dovecot/empty +install -d -m 0750 -g dovenull -d /run/dovecot/login +install -d -m 0750 -g dovenull -d /run/dovecot/token-login +[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot %preun if [ $1 = 0 ]; then @@ -315,7 +316,7 @@ if [ $1 = 0 ]; then /sbin/service %{name} stop > /dev/null 2>&1 /sbin/chkconfig --del %{name} %endif - rm -rf /var/run/dovecot + rm -rf /run/dovecot fi %postun @@ -356,6 +357,7 @@ make check %{_bindir}/doveadm %{_bindir}/doveconf %{_bindir}/dsync +%{_bindir}/dovecot-sysreport %if %{?fedora}0 > 140 || %{?rhel}0 > 60 @@ -438,7 +440,11 @@ make check %{_libexecdir}/%{name} %exclude %{_libexecdir}/%{name}/managesieve* -%ghost /var/run/dovecot +%dir %attr(0755,root,dovecot) %ghost /run/dovecot +%attr(0750,root,dovenull) %ghost /run/dovecot/login +%attr(0750,root,dovenull) %ghost /run/dovecot/token-login +%attr(0755,root,root) %ghost /run/dovecot/empty + %attr(0750,dovecot,dovecot) /var/lib/dovecot %{_datadir}/%{name} @@ -495,6 +501,68 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon May 18 2020 Michal Hlavinka - 1:2.3.10.1-1 +- dovecot updated to 2.3.10.1 +- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957 + +* Tue Apr 21 2020 Michal Hlavinka - 1:2.3.10-1 +- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 + +* Wed Feb 12 2020 Michal Hlavinka - 1:2.3.9.3-1 +- dovecot updated to 2.3.9.3 +- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS + submission-login and lmtp processes. +- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation. + + +* Tue Jan 28 2020 Fedora Release Engineering - 1:2.3.9.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Dec 19 2019 Michal Hlavinka - 1:2.3.9.2-1 +- CVE-2019-19722: Mails with group addresses in From or To fields + caused crash in push notification drivers. + +* Wed Dec 04 2019 Michal Hlavinka - 1:2.3.9-1 +- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 + +* Thu Oct 10 2019 Michal Hlavinka - 1:2.3.8-1 +- dovecot updated to 2.3.8, pigeonhole 0.5.8 + +* Thu Aug 29 2019 Michal Hlavinka - 1:2.3.7.2-1 +- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2 +- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte + when scanning data in quoted strings, leading to out of bounds heap + memory writes + +* Mon Aug 19 2019 Michal Hlavinka - 1:1-2.3.7.1 +- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 + +* Wed Jul 24 2019 Fedora Release Engineering - 1:2.3.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri May 31 2019 Michal Hlavinka - 1:2.3.6-3 +- disable gcc 9 stack reuse temporarily + +* Mon May 13 2019 Michal Hlavinka - 1:2.3.6-2 +- use /run instead of /var/run (#1706372) + +* Thu May 02 2019 Michal Hlavinka - 1:2.3.6-1 +- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 + +* Thu Apr 18 2019 Michal Hlavinka - 1:2.3.5.2-1 +- dovecot updated to 2.3.5.2 +- fixes CVE-2019-10691: Trying to login with 8bit username containing + invalid UTF8 input causes auth process to crash if auth policy is enabled. + +* Thu Mar 28 2019 Michal Hlavinka - 1:2.3.5.1-1 +- dovecot updated to 2.3.5.1 +- CVE-2019-7524: Missing input buffer size validation leads into + arbitrary buffer overflow when reading fts or pop3 uidl header + from Dovecot index. + +* Wed Mar 06 2019 Michal Hlavinka - 1:2.3.5-1 +- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 + * Thu Jan 31 2019 Fedora Release Engineering - 1:2.3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/dovecot.tmpfilesd b/dovecot.tmpfilesd index 7178498..d96639a 100644 --- a/dovecot.tmpfilesd +++ b/dovecot.tmpfilesd @@ -1,2 +1,2 @@ -d /var/run/dovecot 0755 root dovecot - +d /run/dovecot 0755 root dovecot - diff --git a/sources b/sources index 05b6440..649f5e0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.3.4.tar.gz) = 9e97eb08c319c417e8abcb430b3e6c87ed5aa820d6288656fdfd958ff34664f67202a66e4846763bfc85b309b116cea8012e49dab98b478c57974cc178a37a5a -SHA512 (dovecot-2.3-pigeonhole-0.5.4.tar.gz) = 9c82cce7540f8ab66e2e370e0220c99048d6ac53ed680cd763e0b03d0200e2451cee4303ef97b87a16e7248e1c73b92ba91b47a2a20c75cb2cd62695a28046f3 +SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 +SHA512 (dovecot-2.3-pigeonhole-0.5.10.tar.gz) = f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b