From d5df6cbf020da68fa0da3418ac5ab1734fb44ea1 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 7 Sep 2017 09:02:32 +0200 Subject: [PATCH 1/6] pigeonhole updated to 0.4.20 Made the retention period for redirect duplicate identifiers configurable. Changed the default retention period from 24 to 12 hours. sieve-filter: Fixed memory leak: forgot to clean up script binary at end of execution managesieve-login: Fixed handling of AUTHENTICATE command. A second authenticate command would be parsed wrong. --- .gitignore | 2 ++ dovecot-2.2.31-notifyrevert.patch | 28 ------------------------- dovecot.spec | 34 ++++++++++++++++++++++++++----- sources | 4 ++-- 4 files changed, 33 insertions(+), 35 deletions(-) delete mode 100644 dovecot-2.2.31-notifyrevert.patch diff --git a/.gitignore b/.gitignore index e659068..fcc1ff0 100644 --- a/.gitignore +++ b/.gitignore @@ -115,3 +115,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.30.2.tar.gz /dovecot-2.2.31.tar.gz /dovecot-2.2-pigeonhole-0.4.19.tar.gz +/dovecot-2.2.32.tar.gz +/dovecot-2.2-pigeonhole-0.4.20.tar.gz diff --git a/dovecot-2.2.31-notifyrevert.patch b/dovecot-2.2.31-notifyrevert.patch deleted file mode 100644 index a0fa251..0000000 --- a/dovecot-2.2.31-notifyrevert.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 64d2efdc4b0bdf92249840e9db89b91c8dc0f3a3 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Sat, 17 Jun 2017 14:38:22 +0300 -Subject: [PATCH] imap: Fix NOTIFY to parse more than just the first - event-group - ---- - src/imap/cmd-notify.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c -index 4c6aad975..94cf103b8 100644 ---- a/src/imap/cmd-notify.c -+++ b/src/imap/cmd-notify.c -@@ -292,10 +292,10 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) - ctx->send_immediate_status = TRUE; - args++; - } -+ for (; args->type != IMAP_ARG_EOL; args++) { -+ if (!imap_arg_get_list(args, &event_group)) -+ return -1; - -- if (!imap_arg_get_list(args, &event_group)) -- return -1; -- for (; event_group->type != IMAP_ARG_EOL; event_group++) { - /* filter-mailboxes */ - if (!imap_arg_get_atom(event_group, &filter_mailboxes)) - return -1; diff --git a/dovecot.spec b/dovecot.spec index 51cc853..a0e0e31 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.31 +Version: 2.2.32 %global prever %{nil} -Release: 5%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.19 +%global pigeonholever 0.4.20 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -33,7 +33,6 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch -Patch10: dovecot-2.2.31-notifyrevert.patch Source15: prestartscript @@ -131,7 +130,6 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -%patch10 -p1 -b .notifyrevert #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -492,6 +490,32 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 +- pigeonhole updated to 0.4.20 +- Made the retention period for redirect duplicate identifiers + configurable. Changed the default retention period from 24 to 12 hours. +- sieve-filter: Fixed memory leak: forgot to clean up script binary at + end of execution +- managesieve-login: Fixed handling of AUTHENTICATE command. A second + authenticate command would be parsed wrong. + +* Fri Aug 25 2017 Michal Hlavinka - 1:2.2.32-1 +- dovecot updated to 2.2.32 +- Modseq tracking didn't always work correctly. This could have caused + imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to + not work perfectly. +- mdbox: "Inconsistency in map index" wasn't fixed automatically +- dict-ldap: %variable values used in the LDAP filter weren't escaped. +- quota=count: quota_warning = -storage=.. was never executed (try #2). +- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent + FETCHes, but weren't. +- quota-status service didn't support recipient_delimiter +- acl: Don't access dovecot-acl-list files with acl_globals_only=yes +- mail_location: If INDEX dir is set, mailbox deletion deletes its + childrens' indexes. +- director: v2.2.31 caused rapid reconnection loops to directors + that were down. + * Wed Aug 02 2017 Fedora Release Engineering - 1:2.2.31-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild diff --git a/sources b/sources index ebcda8b..3825a8c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.31.tar.gz) = 071797e260a75de9117b03c0fa9d903de82b1f1c039c2aece2d7313587e6673c49174bfce17b80fe3f3725fcbc42ed3a1bd1f1c22efef5bc016752277eff3266 -SHA512 (dovecot-2.2-pigeonhole-0.4.19.tar.gz) = c1211a3c65b25995770309c427ec5cd888ddb962f2f64884640163b492a11ffa8937aac1eb66d25e48f0e00131da1cc98c1cb307781576780de47b8816333ff1 +SHA512 (dovecot-2.2.32.tar.gz) = a26ce763fdea7d72ff9801d3b7d57a1f0d00278e4a1aa60d1be070fe5a6d2c6a15f266a519119492bee7a3e7a6b7d0732e9879e5c5841adbab8c0952cd1b7c7c +SHA512 (dovecot-2.2-pigeonhole-0.4.20.tar.gz) = 84a28842be206e05cb96c07cf1c1b62c9c378ba4c952caa47cf79a44b9428e076f4182eadd9c4fb8f45d3605b881f91e8e520c41705017ac4039240d4bcace39 From 8e92fc5f666e6b167305b179953c5ccfdbb1d20c Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 24 Oct 2017 12:33:15 +0200 Subject: [PATCH 2/6] dovecot updated to 2.2.33.2 doveadm: Fix crash in proxying (or dsync replication) if remote is running older than v2.2.33 auth: Fix memory leak in %{ldap_dn} dict-sql: Fix data types to work correctly with Cassandra --- .gitignore | 3 +++ dovecot.spec | 38 +++++++++++++++++++++++++++++++++++--- sources | 4 ++-- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index fcc1ff0..2472335 100644 --- a/.gitignore +++ b/.gitignore @@ -117,3 +117,6 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2-pigeonhole-0.4.19.tar.gz /dovecot-2.2.32.tar.gz /dovecot-2.2-pigeonhole-0.4.20.tar.gz +/dovecot-2.2.33.1.tar.gz +/dovecot-2.2-pigeonhole-0.4.21.tar.gz +/dovecot-2.2.33.2.tar.gz diff --git a/dovecot.spec b/dovecot.spec index a0e0e31..6f11de1 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.32 +Version: 2.2.33.2 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.20 +%global pigeonholever 0.4.21 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -490,6 +490,38 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 +- dovecot updated to 2.2.33.2 +- doveadm: Fix crash in proxying (or dsync replication) if remote is + running older than v2.2.33 +- auth: Fix memory leak in %%{ldap_dn} +- dict-sql: Fix data types to work correctly with Cassandra + +* Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 +- dovecot updated to 2.2.33.1, pigeonhole updated to +- Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals +- sdbox: Mails were always opened when expunging, unless + mail_attachment_fs was explicitly set to empty. +- lmtp/doveadm proxy: hostip passdb field was ignored, which caused + unnecessary DNS lookups if host field wasn't an IP +- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO +- quota_clone: Update also when quota is unlimited (broken in v2.2.31) +- mbox, zlib: Fix assert-crash when accessing compressed mbox +- doveadm director kick -f parameter didn't work +- doveadm director flush resulted flushing all hosts, if + wasn't an IP address. +- director: Various fixes to handling backend/director changes at + abnormal times, especially while ring was unsynced. +- director: Use less CPU in imap-login processes when moving/kicking + many users. +- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs + when lmtp_rcpt_check_quota=yes +- LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A + missing LDAP-based script could cause the script sequence to exit earlier. +- sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name + conversion. This caused problems with mailbox names containing UTF-8 + characters. + * Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 - pigeonhole updated to 0.4.20 - Made the retention period for redirect duplicate identifiers diff --git a/sources b/sources index 3825a8c..7e35512 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.32.tar.gz) = a26ce763fdea7d72ff9801d3b7d57a1f0d00278e4a1aa60d1be070fe5a6d2c6a15f266a519119492bee7a3e7a6b7d0732e9879e5c5841adbab8c0952cd1b7c7c -SHA512 (dovecot-2.2-pigeonhole-0.4.20.tar.gz) = 84a28842be206e05cb96c07cf1c1b62c9c378ba4c952caa47cf79a44b9428e076f4182eadd9c4fb8f45d3605b881f91e8e520c41705017ac4039240d4bcace39 +SHA512 (dovecot-2.2.33.2.tar.gz) = 028910a4d02b1630f1ada4d1c45fcc3ea2057969db7078a78d46e2a578b4dceaf8be0ac8de4a613b4890019e721871f2d366ec651db658da4cc72977d3e09931 +SHA512 (dovecot-2.2-pigeonhole-0.4.21.tar.gz) = 4751f449ede1b05173c706b414ebf9f7f670ff78589ce6f0b687c32c9abe6dae8b3064ed1b20e893d9ec0147b0139ce479e1d74ebe94747c33f2d8ca177912de From a27cafd2e8191b696dead041defe82ce14e146e9 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 2 Mar 2018 10:38:35 +0100 Subject: [PATCH 3/6] dovecot updated to 2.2.34, pigeonhole updated to 0.4.22 fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted. This happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames. fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak memory contents to attacker. For example, these memory contents might contain parts of an email from another user if the same imap process is reused for multiple users. fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login process. --- dovecot.spec | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/dovecot.spec b/dovecot.spec index 6f11de1..4ab4b0b 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.33.2 +Version: 2.2.34 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.21 +%global pigeonholever 0.4.22 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -490,6 +490,20 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Mar 01 2018 Michal Hlavinka - 1:2.2.34-1 +- dovecot updated to 2.2.34, pigeonhole updated to 0.4.22 +- fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive + memory usage, causing imap-login/pop3-login VSZ limit to be reached + and the process restarted. This happens only if Dovecot config has + local_name { } or local { } configuration blocks and attacker uses + randomly generated SNI servernames. +- fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or + leak memory contents to attacker. For example, these memory contents + might contain parts of an email from another user if the same imap + process is reused for multiple users. +- fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login + process. + * Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 - dovecot updated to 2.2.33.2 - doveadm: Fix crash in proxying (or dsync replication) if remote is From c75d4e7107816c5a2568690270bd94dc2a1edf35 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 2 Mar 2018 10:41:27 +0100 Subject: [PATCH 4/6] upload new tarballs --- .gitignore | 2 ++ sources | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2472335..83cebb1 100644 --- a/.gitignore +++ b/.gitignore @@ -120,3 +120,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.33.1.tar.gz /dovecot-2.2-pigeonhole-0.4.21.tar.gz /dovecot-2.2.33.2.tar.gz +/dovecot-2.2.34.tar.gz +/dovecot-2.2-pigeonhole-0.4.22.tar.gz diff --git a/sources b/sources index 7e35512..84bf304 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.33.2.tar.gz) = 028910a4d02b1630f1ada4d1c45fcc3ea2057969db7078a78d46e2a578b4dceaf8be0ac8de4a613b4890019e721871f2d366ec651db658da4cc72977d3e09931 -SHA512 (dovecot-2.2-pigeonhole-0.4.21.tar.gz) = 4751f449ede1b05173c706b414ebf9f7f670ff78589ce6f0b687c32c9abe6dae8b3064ed1b20e893d9ec0147b0139ce479e1d74ebe94747c33f2d8ca177912de +SHA512 (dovecot-2.2.34.tar.gz) = 9f08a7116a08a08495aa0e7b4cb6b11a924ea61006970487946e338bc79bba7fd7619c345cbf278a74de285d548af04fc66eaaee508185b8b9d7335cf5612055 +SHA512 (dovecot-2.2-pigeonhole-0.4.22.tar.gz) = 409f53fa7a580863c2fef06abcefc15d48c51c7682761b214942f8f5da74dc50afef2d0a0cdce7125540d08806ca15783079816feb5d231f0dd9cc0020baaaaa From 710627472afa35127603d71d3856d1a45a3d2e7b Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 21 Mar 2018 17:55:08 +0100 Subject: [PATCH 5/6] dovecot updated to 2.2.35, pigeonhole updated to 0.4.23 --- .gitignore | 126 +-------------------------------------------------- dovecot.spec | 44 +++++++++++++----- sources | 4 +- 3 files changed, 37 insertions(+), 137 deletions(-) diff --git a/.gitignore b/.gitignore index 83cebb1..0628189 100644 --- a/.gitignore +++ b/.gitignore @@ -1,124 +1,2 @@ -dovecot-2.0.rc3.tar.gz -pigeonhole-snap01ee63b788c9.tar.bz2 -dovecot-2.0.rc4.tar.gz -pigeonhole-snapcac6acdc4d0e.tar.bz2 -dovecot-2.0.rc5.tar.gz -pigeonhole-snap0592366457df.tar.bz2 -/dovecot-2.0.0.tar.gz -/pigeonhole-snap1ae9569b0383.tar.bz2 -/dovecot-2.0.1.tar.gz -/pigeonhole-snapd51650c8af85.tar.bz2 -/dovecot-2.0.2.tar.gz -/pigeonhole-snapfbcb05e7eda1.tar.bz2 -/dovecot-2.0.3.tar.gz -/pigeonhole-snapcb4c1ebecff3.tar.bz2 -/dovecot-2.0.4.tar.gz -/pigeonhole-snap824454514f08.tar.bz2 -/dovecot-2.0.5.tar.gz -/pigeonhole-snapa50464354f5a.tar.bz2 -/dovecot-2.0.6.tar.gz -/pigeonhole-snap2023f8c74250.tar.bz2 -/dovecot-2.0.7.tar.gz -/pigeonhole-snapa8cc6294071e.tar.bz2 -/dovecot-2.0.8.tar.gz -/pigeonhole-snap67d2240966ec.tar.bz2 -/dovecot-2.0-pigeonhole-0.2.2.tar.gz -/dovecot-2.0.9.tar.gz -/dovecot-2.0.11.tar.gz -/dovecot-2.0.12.tar.gz -/dovecot-2.0-pigeonhole-0.2.3.tar.gz -/dovecot-2.0.13.tar.gz -/dovecot-2.0.14.tar.gz -/dovecot-2.0.15.tar.gz -/dovecot-2.0.16.tar.gz -/dovecot-2.1.rc1.tar.gz -/dovecot-2.1-pigeonhole-b3bff60a18da.tar.bz2 -/dovecot-2.1.rc3.tar.gz -/dovecot-2.1.rc5.tar.gz -/dovecot-2.1-pigeonhole-a130a50f82e1.tar.bz2 -/dovecot-2.1.rc6.tar.gz -/dovecot-2.1-pigeonhole-b2a456e15ed5.tar.bz2 -/dovecot-2.1.0.tar.gz -/dovecot-2.1-pigeonhole-0.3.0.tar.gz -/dovecot-2.1.1.tar.gz -/pigeonhole-snap67950c9d3675.tar.bz2 -/dovecot-2.1.2.tar.gz -/pigeonhole-snap08a2d2718a65.tar.bz2 -/dovecot-2.1.3.tar.gz -/dovecot-2.1.4.tar.gz -/dovecot-2.1.5.tar.gz -/dovecot-2.1.6.tar.gz -/dovecot-2.1.7.tar.gz -/dovecot-2.1-pigeonhole-0.3.1.tar.gz -/dovecot-2.1.8.tar.gz -/dovecot-2.1.9.tar.gz -/dovecot-2.1.10.tar.gz -/dovecot-2.1-pigeonhole-0.3.3.tar.gz -/dovecot-2.1.12.tar.gz -/dovecot-2.1.13.tar.gz -/dovecot-2.1.14.tar.gz -/dovecot-2.1.15.tar.gz -/dovecot-2.2.rc2.tar.gz -/pigeonhole-99eec511aa2c.tar.bz2 -/dovecot-2.2.rc3.tar.gz -/dovecot-2.2.rc4.tar.gz -/dovecot-2.2.0.tar.gz -/dovecot-2.2.1.tar.gz -/pigeonhole-snape42a38f02d28.tar.bz2 -/dovecot-2.2-pigeonhole-0.4.0.tar.gz -/dovecot-2.2.2.tar.gz -/dovecot-2.2.3.tar.gz -/dovecot-2.2.4.tar.gz -/dovecot-2.2-pigeonhole-0.4.1.tar.gz -/dovecot-2.2.5.tar.gz -/dovecot-2.2.6.tar.gz -/dovecot-2.2-pigeonhole-0.4.2.tar.gz -/dovecot-2.2.7.tar.gz -/dovecot-2.2.8.tar.gz -/dovecot-2.2.9.tar.gz -/dovecot-2.2.10.tar.gz -/dovecot-2.2.11.tar.gz -/dovecot-2.2.12.tar.gz -/dovecot-2.2.13.tar.gz -/dovecot-2.2.14.tar.gz -/dovecot-2.2-pigeonhole-0.4.3.tar.gz -/dovecot-2.2.15.tar.gz -/pigeonhole-snapded0c5a467aa.tar.bz2 -/dovecot-2.2-pigeonhole-0.4.6.tar.gz -/dovecot-2.2.16.tar.gz -/dovecot-2.2.17.tar.gz -/dovecot-2.2.18.tar.gz -/dovecot-2.2-pigeonhole-0.4.7.tar.gz -/dovecot-2.2-pigeonhole-0.4.8.tar.gz -/dovecot-2.2.19.tar.gz -/dovecot-2.2-pigeonhole-0.4.9.tar.gz -/dovecot-2.2.20.tar.gz -/dovecot-2.2.21.tar.gz -/dovecot-2.2-pigeonhole-0.4.10.tar.gz -/dovecot-2.2-pigeonhole-0.4.11.tar.gz -/dovecot-2.2-pigeonhole-0.4.12.tar.gz -/dovecot-2.2.22.tar.gz -/dovecot-2.2.23.tar.gz -/dovecot-2.2-pigeonhole-0.4.13.tar.gz -/dovecot-2.2.24.tar.gz -/dovecot-2.2-pigeonhole-0.4.14.tar.gz -/dovecot-2.2.25.tar.gz -/dovecot-2.2.26.0.tar.gz -/dovecot-2.2-pigeonhole-0.4.16.tar.gz -/dovecot-2.2.27.tar.gz -/dovecot-2.2.28.tar.gz -/dovecot-2.2-pigeonhole-0.4.17.tar.gz -/dovecot-2.2.29.tar.gz -/dovecot-2.2.29.1.tar.gz -/dovecot-2.2-pigeonhole-0.4.18.tar.gz -/dovecot-2.2.30.1.tar.gz -/dovecot-2.2.30.2.tar.gz -/dovecot-2.2.31.tar.gz -/dovecot-2.2-pigeonhole-0.4.19.tar.gz -/dovecot-2.2.32.tar.gz -/dovecot-2.2-pigeonhole-0.4.20.tar.gz -/dovecot-2.2.33.1.tar.gz -/dovecot-2.2-pigeonhole-0.4.21.tar.gz -/dovecot-2.2.33.2.tar.gz -/dovecot-2.2.34.tar.gz -/dovecot-2.2-pigeonhole-0.4.22.tar.gz +/dovecot-*.tar.gz +/pigeonhole-*.tar.bz2 diff --git a/dovecot.spec b/dovecot.spec index 4ab4b0b..4b0c482 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.34 +Version: 2.2.35 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.22 +%global pigeonholever 0.4.23 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -40,12 +40,16 @@ BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: sqlite-devel BuildRequires: postgresql-devel +%if %{?fedora}0 < 280 BuildRequires: mysql-devel +BuildRequires: tcp_wrappers-devel +%else +BuildRequires: mariadb-connector-c-devel +%endif BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel -BuildRequires: tcp_wrappers-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -161,7 +165,9 @@ autoreconf -I . -fiv #required for aarch64 support --with-sqlite \ --with-zlib \ --with-libcap \ +%if %{?fedora}0 < 280 --with-libwrap \ +%endif %if %{?fedora}0 > 150 || %{?rhel}0 >60 --with-lucene \ %endif @@ -490,6 +496,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Mar 21 2018 Michal Hlavinka - 1:2.2.35-1 +- dovecot updated to 2.2.35, pigeonhole updated to 0.4.23 + * Thu Mar 01 2018 Michal Hlavinka - 1:2.2.34-1 - dovecot updated to 2.2.34, pigeonhole updated to 0.4.22 - fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive @@ -504,6 +513,19 @@ make check - fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login process. +* Fri Feb 09 2018 Igor Gnatenko - 1:2.2.33.2-5 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 1:2.2.33.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 1:2.2.33.2-3 +- Rebuilt for switch to libxcrypt + +* Mon Jan 08 2018 Michal Hlavinka - 1:2.2.33.2-2 +- remove tcp_wrappers on Fedora 28 and later (#1518761) +- use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624) + * Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 - dovecot updated to 2.2.33.2 - doveadm: Fix crash in proxying (or dsync replication) if remote is @@ -513,7 +535,7 @@ make check * Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 - dovecot updated to 2.2.33.1, pigeonhole updated to -- Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals +- Added %%{if}, see https://wiki2.dovecot.org/Variables#Conditionals - sdbox: Mails were always opened when expunging, unless mail_attachment_fs was explicitly set to empty. - lmtp/doveadm proxy: hostip passdb field was ignored, which caused @@ -644,7 +666,7 @@ make check - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent -- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix +- imap-hibernate: %%{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. @@ -666,7 +688,7 @@ make check for multiple requests (service_count != 1) - sdbox: Fix assert-crash on mailbox create race - lda/lmtp: deliver_log_format values weren't entirely correct if Sieve - was used. especially %{storage_id} was broken. + was used. especially %%{storage_id} was broken. - imapsieve plugin: Fixed assert failure occurring when used with virtual mailboxes. - doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's @@ -711,10 +733,10 @@ make check This might have allowed untrusted processes to capture and prevent "doveadm service stop" comands from working. - login proxy: Fixed crash when outgoing SSL connections were hanging. -- auth: userdb fields weren't passed to auth-workers, so %{userdb:*} +- auth: userdb fields weren't passed to auth-workers, so %%{userdb:*} from previous userdbs didn't work there. - auth: Fixed auth_bind=yes + sasl_bind=yes to work together -- lmtp: %{userdb:*} variables didn't work in mail_log_prefix +- lmtp: %%{userdb:*} variables didn't work in mail_log_prefix - Fixed writing >2GB to iostream-temp files (used by fs-compress, fs-metawrap, doveadm-http) - fts-solr: Fixed searching multiple mailboxes @@ -767,7 +789,7 @@ make check * Wed Mar 16 2016 Michal Hlavinka - 1:2.2.22-1 - dovecot updated to 2.2.22 -- auth: Auth caching was done too aggressively when %variables were +- auth: Auth caching was done too aggressively when %%variables were used in default_fields, override_fields or LDAP pass/user_attrs. userdb result_* were also ignored when user was found from cache. - imap: Fixed various assert-crashes caused v2.2.20+. Some of them @@ -828,7 +850,7 @@ make check allocation in the sieve command implementations. * Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-2 -- move ssl initialization from %post to dovecot-init.service +- move ssl initialization from %%post to dovecot-init.service * Tue Dec 08 2015 Michal Hlavinka - 1:2.2.20-1 - dovecot updated to 2.2.20 @@ -1337,7 +1359,7 @@ make check - updated to 2.1.rc1 - major changes since 2.0.x: - plugins now use UTF-8 mailbox names rather than mUTF-7 -- auth_username_format default changed to %Lu +- auth_username_format default changed to %%Lu - solr full text search backend changed to use mailbox GUIDs instead of mailbox names, requiring reindexing everything diff --git a/sources b/sources index 84bf304..5539752 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.34.tar.gz) = 9f08a7116a08a08495aa0e7b4cb6b11a924ea61006970487946e338bc79bba7fd7619c345cbf278a74de285d548af04fc66eaaee508185b8b9d7335cf5612055 -SHA512 (dovecot-2.2-pigeonhole-0.4.22.tar.gz) = 409f53fa7a580863c2fef06abcefc15d48c51c7682761b214942f8f5da74dc50afef2d0a0cdce7125540d08806ca15783079816feb5d231f0dd9cc0020baaaaa +SHA512 (dovecot-2.2.35.tar.gz) = 002ceea7f17018bcd438edda5a36a782606f291264ef63cebb8b4f72b094e812bf5553686c9e1e0d8c1354af54c1174f3670d1b1fc498ec4cddb3f731bf00c56 +SHA512 (dovecot-2.2-pigeonhole-0.4.23.tar.gz) = 24dae1f7a52fdb37f644e9c0a5c30dcbb95018e8dd43f18af56e7ee813723cad36b74d6c22ddff281e140e4c0bbb61900baf23116a980dcda5244ae8a5b544f8 From 49ee1b1eb69bea08c4568a1e3fb3efd59bcad25a Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 7 Jun 2018 10:15:36 +0200 Subject: [PATCH 6/6] dovecot updated to 2.2.36, pigeonhole updated to 0.4.24 --- dovecot-2.3.0.1-libxcrypt.patch | 11 +++++++++++ dovecot.spec | 12 ++++++++++-- sources | 4 ++-- 3 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 dovecot-2.3.0.1-libxcrypt.patch diff --git a/dovecot-2.3.0.1-libxcrypt.patch b/dovecot-2.3.0.1-libxcrypt.patch new file mode 100644 index 0000000..a8c33bf --- /dev/null +++ b/dovecot-2.3.0.1-libxcrypt.patch @@ -0,0 +1,11 @@ +diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c +--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100 ++++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200 +@@ -14,6 +14,7 @@ + # define _XPG6 /* Some Solaris versions require this, some break with this */ + #endif + #include ++#include + + #include "mycrypt.h" + diff --git a/dovecot.spec b/dovecot.spec index 4b0c482..5410788 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.35 +Version: 2.2.36 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.23 +%global pigeonholever 0.4.24 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -33,6 +33,7 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch +Patch10: dovecot-2.3.0.1-libxcrypt.patch Source15: prestartscript @@ -134,6 +135,7 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem +%patch10 -p1 -b .libxcrypt #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -496,6 +498,12 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jun 07 2018 Michal Hlavinka - 1:2.2.36-1 +- dovecot updated to 2.2.36, pigeonhole updated to 0.4.24 + +* Thu Apr 19 2018 Michal Hlavinka - 1:2.2.35-2 +- include crypt.h explicitely + * Wed Mar 21 2018 Michal Hlavinka - 1:2.2.35-1 - dovecot updated to 2.2.35, pigeonhole updated to 0.4.23 diff --git a/sources b/sources index 5539752..fd4556a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.35.tar.gz) = 002ceea7f17018bcd438edda5a36a782606f291264ef63cebb8b4f72b094e812bf5553686c9e1e0d8c1354af54c1174f3670d1b1fc498ec4cddb3f731bf00c56 -SHA512 (dovecot-2.2-pigeonhole-0.4.23.tar.gz) = 24dae1f7a52fdb37f644e9c0a5c30dcbb95018e8dd43f18af56e7ee813723cad36b74d6c22ddff281e140e4c0bbb61900baf23116a980dcda5244ae8a5b544f8 +SHA512 (dovecot-2.2.36.tar.gz) = 327c50971e276f6013ca7f7bb59498ee88d76c9f8419bd18ee531cf10142214350fb81c6d64eaef73ee01765dd0fcf4142ab146ed67d9d7d86d5a58d41cf8db5 +SHA512 (dovecot-2.2-pigeonhole-0.4.24.tar.gz) = 2e21c95ece475ffcb78e5b5d4efa29e61471faf90b80b44a49963fb287de2784ebfb4c2b7ddfc66732fd073e9f02995d5950840336f6babe618b3d7d5166059f