diff --git a/.gitignore b/.gitignore index e659068..0628189 100644 --- a/.gitignore +++ b/.gitignore @@ -1,117 +1,2 @@ -dovecot-2.0.rc3.tar.gz -pigeonhole-snap01ee63b788c9.tar.bz2 -dovecot-2.0.rc4.tar.gz -pigeonhole-snapcac6acdc4d0e.tar.bz2 -dovecot-2.0.rc5.tar.gz -pigeonhole-snap0592366457df.tar.bz2 -/dovecot-2.0.0.tar.gz -/pigeonhole-snap1ae9569b0383.tar.bz2 -/dovecot-2.0.1.tar.gz -/pigeonhole-snapd51650c8af85.tar.bz2 -/dovecot-2.0.2.tar.gz -/pigeonhole-snapfbcb05e7eda1.tar.bz2 -/dovecot-2.0.3.tar.gz -/pigeonhole-snapcb4c1ebecff3.tar.bz2 -/dovecot-2.0.4.tar.gz -/pigeonhole-snap824454514f08.tar.bz2 -/dovecot-2.0.5.tar.gz -/pigeonhole-snapa50464354f5a.tar.bz2 -/dovecot-2.0.6.tar.gz -/pigeonhole-snap2023f8c74250.tar.bz2 -/dovecot-2.0.7.tar.gz -/pigeonhole-snapa8cc6294071e.tar.bz2 -/dovecot-2.0.8.tar.gz -/pigeonhole-snap67d2240966ec.tar.bz2 -/dovecot-2.0-pigeonhole-0.2.2.tar.gz -/dovecot-2.0.9.tar.gz -/dovecot-2.0.11.tar.gz -/dovecot-2.0.12.tar.gz -/dovecot-2.0-pigeonhole-0.2.3.tar.gz -/dovecot-2.0.13.tar.gz -/dovecot-2.0.14.tar.gz -/dovecot-2.0.15.tar.gz -/dovecot-2.0.16.tar.gz -/dovecot-2.1.rc1.tar.gz -/dovecot-2.1-pigeonhole-b3bff60a18da.tar.bz2 -/dovecot-2.1.rc3.tar.gz -/dovecot-2.1.rc5.tar.gz -/dovecot-2.1-pigeonhole-a130a50f82e1.tar.bz2 -/dovecot-2.1.rc6.tar.gz -/dovecot-2.1-pigeonhole-b2a456e15ed5.tar.bz2 -/dovecot-2.1.0.tar.gz -/dovecot-2.1-pigeonhole-0.3.0.tar.gz -/dovecot-2.1.1.tar.gz -/pigeonhole-snap67950c9d3675.tar.bz2 -/dovecot-2.1.2.tar.gz -/pigeonhole-snap08a2d2718a65.tar.bz2 -/dovecot-2.1.3.tar.gz -/dovecot-2.1.4.tar.gz -/dovecot-2.1.5.tar.gz -/dovecot-2.1.6.tar.gz -/dovecot-2.1.7.tar.gz -/dovecot-2.1-pigeonhole-0.3.1.tar.gz -/dovecot-2.1.8.tar.gz -/dovecot-2.1.9.tar.gz -/dovecot-2.1.10.tar.gz -/dovecot-2.1-pigeonhole-0.3.3.tar.gz -/dovecot-2.1.12.tar.gz -/dovecot-2.1.13.tar.gz -/dovecot-2.1.14.tar.gz -/dovecot-2.1.15.tar.gz -/dovecot-2.2.rc2.tar.gz -/pigeonhole-99eec511aa2c.tar.bz2 -/dovecot-2.2.rc3.tar.gz -/dovecot-2.2.rc4.tar.gz -/dovecot-2.2.0.tar.gz -/dovecot-2.2.1.tar.gz -/pigeonhole-snape42a38f02d28.tar.bz2 -/dovecot-2.2-pigeonhole-0.4.0.tar.gz -/dovecot-2.2.2.tar.gz -/dovecot-2.2.3.tar.gz -/dovecot-2.2.4.tar.gz -/dovecot-2.2-pigeonhole-0.4.1.tar.gz -/dovecot-2.2.5.tar.gz -/dovecot-2.2.6.tar.gz -/dovecot-2.2-pigeonhole-0.4.2.tar.gz -/dovecot-2.2.7.tar.gz -/dovecot-2.2.8.tar.gz -/dovecot-2.2.9.tar.gz -/dovecot-2.2.10.tar.gz -/dovecot-2.2.11.tar.gz -/dovecot-2.2.12.tar.gz -/dovecot-2.2.13.tar.gz -/dovecot-2.2.14.tar.gz -/dovecot-2.2-pigeonhole-0.4.3.tar.gz -/dovecot-2.2.15.tar.gz -/pigeonhole-snapded0c5a467aa.tar.bz2 -/dovecot-2.2-pigeonhole-0.4.6.tar.gz -/dovecot-2.2.16.tar.gz -/dovecot-2.2.17.tar.gz -/dovecot-2.2.18.tar.gz -/dovecot-2.2-pigeonhole-0.4.7.tar.gz -/dovecot-2.2-pigeonhole-0.4.8.tar.gz -/dovecot-2.2.19.tar.gz -/dovecot-2.2-pigeonhole-0.4.9.tar.gz -/dovecot-2.2.20.tar.gz -/dovecot-2.2.21.tar.gz -/dovecot-2.2-pigeonhole-0.4.10.tar.gz -/dovecot-2.2-pigeonhole-0.4.11.tar.gz -/dovecot-2.2-pigeonhole-0.4.12.tar.gz -/dovecot-2.2.22.tar.gz -/dovecot-2.2.23.tar.gz -/dovecot-2.2-pigeonhole-0.4.13.tar.gz -/dovecot-2.2.24.tar.gz -/dovecot-2.2-pigeonhole-0.4.14.tar.gz -/dovecot-2.2.25.tar.gz -/dovecot-2.2.26.0.tar.gz -/dovecot-2.2-pigeonhole-0.4.16.tar.gz -/dovecot-2.2.27.tar.gz -/dovecot-2.2.28.tar.gz -/dovecot-2.2-pigeonhole-0.4.17.tar.gz -/dovecot-2.2.29.tar.gz -/dovecot-2.2.29.1.tar.gz -/dovecot-2.2-pigeonhole-0.4.18.tar.gz -/dovecot-2.2.30.1.tar.gz -/dovecot-2.2.30.2.tar.gz -/dovecot-2.2.31.tar.gz -/dovecot-2.2-pigeonhole-0.4.19.tar.gz +/dovecot-*.tar.gz +/pigeonhole-*.tar.bz2 diff --git a/dovecot-2.2.31-notifyrevert.patch b/dovecot-2.2.31-notifyrevert.patch deleted file mode 100644 index a0fa251..0000000 --- a/dovecot-2.2.31-notifyrevert.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 64d2efdc4b0bdf92249840e9db89b91c8dc0f3a3 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Sat, 17 Jun 2017 14:38:22 +0300 -Subject: [PATCH] imap: Fix NOTIFY to parse more than just the first - event-group - ---- - src/imap/cmd-notify.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c -index 4c6aad975..94cf103b8 100644 ---- a/src/imap/cmd-notify.c -+++ b/src/imap/cmd-notify.c -@@ -292,10 +292,10 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) - ctx->send_immediate_status = TRUE; - args++; - } -+ for (; args->type != IMAP_ARG_EOL; args++) { -+ if (!imap_arg_get_list(args, &event_group)) -+ return -1; - -- if (!imap_arg_get_list(args, &event_group)) -- return -1; -- for (; event_group->type != IMAP_ARG_EOL; event_group++) { - /* filter-mailboxes */ - if (!imap_arg_get_atom(event_group, &filter_mailboxes)) - return -1; diff --git a/dovecot-2.3.0.1-libxcrypt.patch b/dovecot-2.3.0.1-libxcrypt.patch new file mode 100644 index 0000000..a8c33bf --- /dev/null +++ b/dovecot-2.3.0.1-libxcrypt.patch @@ -0,0 +1,11 @@ +diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c +--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100 ++++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200 +@@ -14,6 +14,7 @@ + # define _XPG6 /* Some Solaris versions require this, some break with this */ + #endif + #include ++#include + + #include "mycrypt.h" + diff --git a/dovecot.spec b/dovecot.spec index 51cc853..5410788 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.31 +Version: 2.2.36 %global prever %{nil} -Release: 5%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.19 +%global pigeonholever 0.4.24 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -33,7 +33,7 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch -Patch10: dovecot-2.2.31-notifyrevert.patch +Patch10: dovecot-2.3.0.1-libxcrypt.patch Source15: prestartscript @@ -41,12 +41,16 @@ BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel BuildRequires: postgresql-devel +%if %{?fedora}0 < 280 BuildRequires: mysql-devel +BuildRequires: tcp_wrappers-devel +%else +BuildRequires: mariadb-connector-c-devel +%endif BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel -BuildRequires: tcp_wrappers-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -131,7 +135,7 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -%patch10 -p1 -b .notifyrevert +%patch10 -p1 -b .libxcrypt #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -163,7 +167,9 @@ autoreconf -I . -fiv #required for aarch64 support --with-sqlite \ --with-zlib \ --with-libcap \ +%if %{?fedora}0 < 280 --with-libwrap \ +%endif %if %{?fedora}0 > 150 || %{?rhel}0 >60 --with-lucene \ %endif @@ -492,6 +498,100 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jun 07 2018 Michal Hlavinka - 1:2.2.36-1 +- dovecot updated to 2.2.36, pigeonhole updated to 0.4.24 + +* Thu Apr 19 2018 Michal Hlavinka - 1:2.2.35-2 +- include crypt.h explicitely + +* Wed Mar 21 2018 Michal Hlavinka - 1:2.2.35-1 +- dovecot updated to 2.2.35, pigeonhole updated to 0.4.23 + +* Thu Mar 01 2018 Michal Hlavinka - 1:2.2.34-1 +- dovecot updated to 2.2.34, pigeonhole updated to 0.4.22 +- fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive + memory usage, causing imap-login/pop3-login VSZ limit to be reached + and the process restarted. This happens only if Dovecot config has + local_name { } or local { } configuration blocks and attacker uses + randomly generated SNI servernames. +- fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or + leak memory contents to attacker. For example, these memory contents + might contain parts of an email from another user if the same imap + process is reused for multiple users. +- fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login + process. + +* Fri Feb 09 2018 Igor Gnatenko - 1:2.2.33.2-5 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 1:2.2.33.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 1:2.2.33.2-3 +- Rebuilt for switch to libxcrypt + +* Mon Jan 08 2018 Michal Hlavinka - 1:2.2.33.2-2 +- remove tcp_wrappers on Fedora 28 and later (#1518761) +- use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624) + +* Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 +- dovecot updated to 2.2.33.2 +- doveadm: Fix crash in proxying (or dsync replication) if remote is + running older than v2.2.33 +- auth: Fix memory leak in %%{ldap_dn} +- dict-sql: Fix data types to work correctly with Cassandra + +* Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 +- dovecot updated to 2.2.33.1, pigeonhole updated to +- Added %%{if}, see https://wiki2.dovecot.org/Variables#Conditionals +- sdbox: Mails were always opened when expunging, unless + mail_attachment_fs was explicitly set to empty. +- lmtp/doveadm proxy: hostip passdb field was ignored, which caused + unnecessary DNS lookups if host field wasn't an IP +- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO +- quota_clone: Update also when quota is unlimited (broken in v2.2.31) +- mbox, zlib: Fix assert-crash when accessing compressed mbox +- doveadm director kick -f parameter didn't work +- doveadm director flush resulted flushing all hosts, if + wasn't an IP address. +- director: Various fixes to handling backend/director changes at + abnormal times, especially while ring was unsynced. +- director: Use less CPU in imap-login processes when moving/kicking + many users. +- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs + when lmtp_rcpt_check_quota=yes +- LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A + missing LDAP-based script could cause the script sequence to exit earlier. +- sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name + conversion. This caused problems with mailbox names containing UTF-8 + characters. + +* Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 +- pigeonhole updated to 0.4.20 +- Made the retention period for redirect duplicate identifiers + configurable. Changed the default retention period from 24 to 12 hours. +- sieve-filter: Fixed memory leak: forgot to clean up script binary at + end of execution +- managesieve-login: Fixed handling of AUTHENTICATE command. A second + authenticate command would be parsed wrong. + +* Fri Aug 25 2017 Michal Hlavinka - 1:2.2.32-1 +- dovecot updated to 2.2.32 +- Modseq tracking didn't always work correctly. This could have caused + imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to + not work perfectly. +- mdbox: "Inconsistency in map index" wasn't fixed automatically +- dict-ldap: %variable values used in the LDAP filter weren't escaped. +- quota=count: quota_warning = -storage=.. was never executed (try #2). +- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent + FETCHes, but weren't. +- quota-status service didn't support recipient_delimiter +- acl: Don't access dovecot-acl-list files with acl_globals_only=yes +- mail_location: If INDEX dir is set, mailbox deletion deletes its + childrens' indexes. +- director: v2.2.31 caused rapid reconnection loops to directors + that were down. + * Wed Aug 02 2017 Fedora Release Engineering - 1:2.2.31-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild @@ -574,7 +674,7 @@ make check - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent -- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix +- imap-hibernate: %%{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. @@ -596,7 +696,7 @@ make check for multiple requests (service_count != 1) - sdbox: Fix assert-crash on mailbox create race - lda/lmtp: deliver_log_format values weren't entirely correct if Sieve - was used. especially %{storage_id} was broken. + was used. especially %%{storage_id} was broken. - imapsieve plugin: Fixed assert failure occurring when used with virtual mailboxes. - doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's @@ -641,10 +741,10 @@ make check This might have allowed untrusted processes to capture and prevent "doveadm service stop" comands from working. - login proxy: Fixed crash when outgoing SSL connections were hanging. -- auth: userdb fields weren't passed to auth-workers, so %{userdb:*} +- auth: userdb fields weren't passed to auth-workers, so %%{userdb:*} from previous userdbs didn't work there. - auth: Fixed auth_bind=yes + sasl_bind=yes to work together -- lmtp: %{userdb:*} variables didn't work in mail_log_prefix +- lmtp: %%{userdb:*} variables didn't work in mail_log_prefix - Fixed writing >2GB to iostream-temp files (used by fs-compress, fs-metawrap, doveadm-http) - fts-solr: Fixed searching multiple mailboxes @@ -697,7 +797,7 @@ make check * Wed Mar 16 2016 Michal Hlavinka - 1:2.2.22-1 - dovecot updated to 2.2.22 -- auth: Auth caching was done too aggressively when %variables were +- auth: Auth caching was done too aggressively when %%variables were used in default_fields, override_fields or LDAP pass/user_attrs. userdb result_* were also ignored when user was found from cache. - imap: Fixed various assert-crashes caused v2.2.20+. Some of them @@ -758,7 +858,7 @@ make check allocation in the sieve command implementations. * Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-2 -- move ssl initialization from %post to dovecot-init.service +- move ssl initialization from %%post to dovecot-init.service * Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-1 - dovecot updated to 2.2.20 @@ -1267,7 +1367,7 @@ make check - updated to 2.1.rc1 - major changes since 2.0.x: - plugins now use UTF-8 mailbox names rather than mUTF-7 -- auth_username_format default changed to %Lu +- auth_username_format default changed to %%Lu - solr full text search backend changed to use mailbox GUIDs instead of mailbox names, requiring reindexing everything diff --git a/sources b/sources index ebcda8b..fd4556a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.31.tar.gz) = 071797e260a75de9117b03c0fa9d903de82b1f1c039c2aece2d7313587e6673c49174bfce17b80fe3f3725fcbc42ed3a1bd1f1c22efef5bc016752277eff3266 -SHA512 (dovecot-2.2-pigeonhole-0.4.19.tar.gz) = c1211a3c65b25995770309c427ec5cd888ddb962f2f64884640163b492a11ffa8937aac1eb66d25e48f0e00131da1cc98c1cb307781576780de47b8816333ff1 +SHA512 (dovecot-2.2.36.tar.gz) = 327c50971e276f6013ca7f7bb59498ee88d76c9f8419bd18ee531cf10142214350fb81c6d64eaef73ee01765dd0fcf4142ab146ed67d9d7d86d5a58d41cf8db5 +SHA512 (dovecot-2.2-pigeonhole-0.4.24.tar.gz) = 2e21c95ece475ffcb78e5b5d4efa29e61471faf90b80b44a49963fb287de2784ebfb4c2b7ddfc66732fd073e9f02995d5950840336f6babe618b3d7d5166059f