diff --git a/.gitignore b/.gitignore index 275d452..2472335 100644 --- a/.gitignore +++ b/.gitignore @@ -103,3 +103,20 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.24.tar.gz /dovecot-2.2-pigeonhole-0.4.14.tar.gz /dovecot-2.2.25.tar.gz +/dovecot-2.2.26.0.tar.gz +/dovecot-2.2-pigeonhole-0.4.16.tar.gz +/dovecot-2.2.27.tar.gz +/dovecot-2.2.28.tar.gz +/dovecot-2.2-pigeonhole-0.4.17.tar.gz +/dovecot-2.2.29.tar.gz +/dovecot-2.2.29.1.tar.gz +/dovecot-2.2-pigeonhole-0.4.18.tar.gz +/dovecot-2.2.30.1.tar.gz +/dovecot-2.2.30.2.tar.gz +/dovecot-2.2.31.tar.gz +/dovecot-2.2-pigeonhole-0.4.19.tar.gz +/dovecot-2.2.32.tar.gz +/dovecot-2.2-pigeonhole-0.4.20.tar.gz +/dovecot-2.2.33.1.tar.gz +/dovecot-2.2-pigeonhole-0.4.21.tar.gz +/dovecot-2.2.33.2.tar.gz diff --git a/dovecot-1.0.rc7-mkcert-paths.patch b/dovecot-1.0.rc7-mkcert-paths.patch index 91ab41f..e8354e5 100644 --- a/dovecot-1.0.rc7-mkcert-paths.patch +++ b/dovecot-1.0.rc7-mkcert-paths.patch @@ -1,8 +1,9 @@ ---- dovecot-1.0.rc7/doc/mkcert.sh.mkcert-paths 2006-10-04 11:34:46.000000000 +0200 -+++ dovecot-1.0.rc7/doc/mkcert.sh 2006-10-04 11:35:31.000000000 +0200 -@@ -4,8 +4,8 @@ - # Edit dovecot-openssl.cnf before running this. +diff -up dovecot-2.2.27/doc/mkcert.sh.mkcert-paths dovecot-2.2.27/doc/mkcert.sh +--- dovecot-2.2.27/doc/mkcert.sh.mkcert-paths 2016-12-05 10:26:07.913515286 +0100 ++++ dovecot-2.2.27/doc/mkcert.sh 2016-12-05 10:28:25.439634417 +0100 +@@ -5,8 +5,8 @@ + umask 077 OPENSSL=${OPENSSL-openssl} -SSLDIR=${SSLDIR-/etc/ssl} -OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} diff --git a/dovecot-2.2.22-systemd_w_protectsystem.patch b/dovecot-2.2.22-systemd_w_protectsystem.patch index bc69e10..6fcddac 100644 --- a/dovecot-2.2.22-systemd_w_protectsystem.patch +++ b/dovecot-2.2.22-systemd_w_protectsystem.patch @@ -1,12 +1,14 @@ -diff -up dovecot-2.2.22/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.22/dovecot.service.in ---- dovecot-2.2.22/dovecot.service.in.systemd_w_protectsystem 2016-03-16 13:49:46.678894652 +0100 -+++ dovecot-2.2.22/dovecot.service.in 2016-03-16 13:49:46.690894592 +0100 -@@ -33,7 +33,7 @@ ExecStop=@bindir@/doveadm stop +diff -up dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.28/dovecot.service.in +--- dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem 2017-02-27 10:00:14.647423500 +0100 ++++ dovecot-2.2.28/dovecot.service.in 2017-02-27 10:02:18.051377067 +0100 +@@ -20,8 +20,8 @@ ExecReload=@bindir@/doveadm reload + ExecStop=@bindir@/doveadm stop PrivateTmp=true NonBlocking=yes - # Enable this if your systemd is new enough to support it: +-# Enable this if your systemd is new enough to support it: -#ProtectSystem=full ++# Enable this if your systemd is new enough to support it: (it will make /usr /boot /etc read only for dovecot) +ProtectSystem=full - [Install] - WantedBy=multi-user.target + # You can add environment variables with e.g.: + #Environment='CORE_OUTOFMEM=1' diff --git a/dovecot.spec b/dovecot.spec index e94eda0..6f11de1 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.25 +Version: 2.2.33.2 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.14 +%global pigeonholever 0.4.21 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -45,6 +45,7 @@ BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel +BuildRequires: tcp_wrappers-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -129,6 +130,7 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem + #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -140,6 +142,7 @@ export CFLAGS="%{__global_cflags} -fno-strict-aliasing" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}" # el6 autoconf too old to regen; use packaged files (#1082384) %if %{?fedora}00%{?rhel} > 6 +mkdir -p m4 autoreconf -I . -fiv #required for aarch64 support %endif %configure \ @@ -158,6 +161,7 @@ autoreconf -I . -fiv #required for aarch64 support --with-sqlite \ --with-zlib \ --with-libcap \ + --with-libwrap \ %if %{?fedora}0 > 150 || %{?rhel}0 >60 --with-lucene \ %endif @@ -404,9 +408,10 @@ make check %{_libdir}/dovecot/doveadm %exclude %{_libdir}/dovecot/doveadm/*sieve* %{_libdir}/dovecot/*.so.* -#these (*.so files) are plugins, not a devel files +#these (*.so files) are plugins, not devel files %{_libdir}/dovecot/*_plugin.so %exclude %{_libdir}/dovecot/*_sieve_plugin.so +%{_libdir}/dovecot/auth/lib20_auth_var_expand_crypt.so %{_libdir}/dovecot/auth/libauthdb_imap.so %{_libdir}/dovecot/auth/libauthdb_ldap.so %{_libdir}/dovecot/auth/libmech_gssapi.so @@ -418,7 +423,11 @@ make check %{_libdir}/dovecot/libdriver_sqlite.so %{_libdir}/dovecot/libssl_iostream_openssl.so %{_libdir}/dovecot/libfs_compress.so +%{_libdir}/dovecot/libfs_crypt.so +%{_libdir}/dovecot/libfs_mail_crypt.so %{_libdir}/dovecot/libdcrypt_openssl.so +%{_libdir}/dovecot/lib20_var_expand_crypt.so + %dir %{_libdir}/dovecot/settings %{_libexecdir}/%{name} @@ -481,6 +490,222 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 +- dovecot updated to 2.2.33.2 +- doveadm: Fix crash in proxying (or dsync replication) if remote is + running older than v2.2.33 +- auth: Fix memory leak in %%{ldap_dn} +- dict-sql: Fix data types to work correctly with Cassandra + +* Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 +- dovecot updated to 2.2.33.1, pigeonhole updated to +- Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals +- sdbox: Mails were always opened when expunging, unless + mail_attachment_fs was explicitly set to empty. +- lmtp/doveadm proxy: hostip passdb field was ignored, which caused + unnecessary DNS lookups if host field wasn't an IP +- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO +- quota_clone: Update also when quota is unlimited (broken in v2.2.31) +- mbox, zlib: Fix assert-crash when accessing compressed mbox +- doveadm director kick -f parameter didn't work +- doveadm director flush resulted flushing all hosts, if + wasn't an IP address. +- director: Various fixes to handling backend/director changes at + abnormal times, especially while ring was unsynced. +- director: Use less CPU in imap-login processes when moving/kicking + many users. +- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs + when lmtp_rcpt_check_quota=yes +- LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A + missing LDAP-based script could cause the script sequence to exit earlier. +- sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name + conversion. This caused problems with mailbox names containing UTF-8 + characters. + +* Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 +- pigeonhole updated to 0.4.20 +- Made the retention period for redirect duplicate identifiers + configurable. Changed the default retention period from 24 to 12 hours. +- sieve-filter: Fixed memory leak: forgot to clean up script binary at + end of execution +- managesieve-login: Fixed handling of AUTHENTICATE command. A second + authenticate command would be parsed wrong. + +* Fri Aug 25 2017 Michal Hlavinka - 1:2.2.32-1 +- dovecot updated to 2.2.32 +- Modseq tracking didn't always work correctly. This could have caused + imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to + not work perfectly. +- mdbox: "Inconsistency in map index" wasn't fixed automatically +- dict-ldap: %variable values used in the LDAP filter weren't escaped. +- quota=count: quota_warning = -storage=.. was never executed (try #2). +- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent + FETCHes, but weren't. +- quota-status service didn't support recipient_delimiter +- acl: Don't access dovecot-acl-list files with acl_globals_only=yes +- mail_location: If INDEX dir is set, mailbox deletion deletes its + childrens' indexes. +- director: v2.2.31 caused rapid reconnection loops to directors + that were down. + +* Wed Aug 02 2017 Fedora Release Engineering - 1:2.2.31-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1:2.2.31-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 11 2017 Michal Hlavinka - 1:2.2.31-3 +- enable tcpwrap support (#1450587) + +* Tue Jul 04 2017 Michal Hlavinka - 1:2.2.31-2 +- revert commit breaking NOTIFY support + +* Tue Jun 27 2017 Michal Hlavinka - 1:2.2.31-1 +- dovecot updated to 2.2.31 +- Various fixes to handling mailbox listing. Especially related to + handling nonexistent autocreated/autosubscribed mailboxes and ACLs. +- Global ACL file was parsed as if it was local ACL file. This caused + some of the ACL rule interactions to not work exactly as intended. +- Using mail_sort_max_read_count may have caused very high CPU usage. +- Message address parsing could have crashed on invalid input. +- imapc_features=fetch-headers wasn't always working correctly and + caused the full header to be fetched. +- imapc: Various bugfixes related to connection failure handling. +- quota=count: quota_warning = -storage=.. was never executed +- quota=count: Add support for "ns" parameter +- dsync: Fix incremental syncing for mails that don't have Date or + Message-ID headers. +- imap: Fix hang when client sends pipelined SEARCH + + EXPUNGE/CLOSE/LOGOUT. +- oauth2: Token validation didn't accept empty server responses. +- imap: NOTIFY command has been almost completely broken since the + beginning. +- pigeonhole updated to 0.4.19 +- Fixed bug in handling of implicit keep in some cases. +- include extension: Fixed segfault that (sometimes) occurred when the + global script location was left unconfigured. + +* Wed Jun 07 2017 Michal Hlavinka - 1:2.2.30.2-1 +- dovecot updated to 2.2.30.2 +- auth: Multiple failed authentications within short time caused crashes +- push-notification: OX driver crashed at deinit + +* Thu Jun 01 2017 Michal Hlavinka - 1:2.2.30.1-1 +- dovecot updated to 2.2.30.1 +- More fixes to automatically fix corruption in dovecot.list.index +- dsync-server: Fix support for dsync_features=empty-header-workaround +- imapc: Various bugfixes, including infinite loops on some errors +- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't + enabled modseq tracking via CONDSTORE/QRESYNC. +- fts-lucene: Fix it to work again with mbox format +- Some internal error messages may have contained garbage in v2.2.29 +- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys + are used. Otherwise the copied mails can't be opened. + +* Wed Apr 12 2017 Michal Hlavinka - 1:2.2.29.1-1 +- dovecot updated to 2.2.29.1 +- dict-sql: Merging multiple UPDATEs to a single statement wasn't + actually working. +- pigeonhole updated to 0.4.18 +- imapsieve plugin: Implemented the copy_source_after rule action. When this + is enabled for a mailbox rule, the specified Sieve script is executed for + the message in the source mailbox during a "COPY" event. This happens only + after the Sieve script that is executed for the corresponding message in the + destination mailbox finishes running successfully. +- imapsieve plugin: Added non-standard Sieve environment items for the source + and destination mailbox. +- multiscript: The execution of the discard script had an implicit "keep", + rather than an implicit "discard". + +* Tue Apr 11 2017 Michal Hlavinka - 1:2.2.29-1 +- dovecot updated to 2.2.29 +- fts-tika: Fixed crash when parsing attachment without + Content-Disposition header. Broken by 2.2.28. +- trash plugin was broken in 2.2.28 +- auth: When passdb/userdb lookups were done via auth-workers, too much + data was added to auth cache. This could have resulted in wrong + replies when using multiple passdbs/userdbs. +- auth: passdb { skip & mechanisms } were ignored for the first passdb +- oauth2: Various fixes, including fixes to crashes +- dsync: Large Sieve scripts (or other large metadata) weren't always + synced. +- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent +- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix +- doveadm: Exit codes weren't preserved when proxying commands via + doveadm-server. Almost all errors used exit code 75 (tempfail). +- ACLs weren't applied to not-yet-existing autocreated mailboxes. +- Fixed a potential crash when parsing a broken message header. +- cassandra: Fallback consistency settings weren't working correctly. +- doveadm director status : "Initial config" was always empty +- imapc: Various reconnection fixes. + +* Mon Feb 27 2017 Michal Hlavinka - 1:2.2.28-1 +- dovecot updated to 2.2.28, pigeonhole to 0.4.17 +- auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them + in lib-dsasl for client side. +- imap: SEARCH/SORT may have assert-crashed in + client_check_command_hangs +- imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes. +- search: Using NOT n:* or NOT UID n:* wasn't handled correctly +- fts: fts_autoindex_exclude = \Special-use caused crashes +- doveadm-server: Fix leaks and other problems when process is reused + for multiple requests (service_count != 1) +- sdbox: Fix assert-crash on mailbox create race +- lda/lmtp: deliver_log_format values weren't entirely correct if Sieve + was used. especially %{storage_id} was broken. +- imapsieve plugin: Fixed assert failure occurring when used with virtual + mailboxes. +- doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's + string value. + +* Fri Feb 10 2017 Fedora Release Engineering - 1:2.2.27-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 14 2016 Than Ngo - 1:2.2.27-2 +- fixed bz#1403760, big endian issue + +* Mon Dec 05 2016 Michal Hlavinka - 1:2.2.27-1 +- Fixed crash in auth process when auth-policy was configured and + authentication was aborted/failed without a username set. +- director: If two users had different tags but the same hash, + the users may have been redirected to the wrong tag's hosts. +- Index files may have been thought incorrectly lost, causing + "Missing middle file seq=.." to be logged and index rebuild. + This happened more easily with IMAP hibernation enabled. +- Various fixes to restoring state correctly in un-hibernation. +- dovecot.index files were commonly 4 bytes per email too large. This + is because 3 bytes per email were being wasted that could have been + used for IMAP keywords. +- Various fixes to handle dovecot.list.index corruption better. +- lib-fts: Fixed assert-crash in address tokenizer with specific input. +- Fixed assert-crash in HTML to text parsing with specific input + (e.g. for FTS indexing or snippet generation) +- doveadm sync -1: Fixed handling mailbox GUID conflicts. +- sdbox, mdbox: Perform full index rebuild if corruption is detected + inside lib-index, which runs index fsck. +- quota: Don't skip quota checks when moving mails between different + quota roots. +- search: Multiple sequence sets or UID sets in search parameters + weren't handled correctly. They were incorrectly merged together. + +* Fri Dec 02 2016 Michal Hlavinka - 1:2.2.26.0-2 +- fix remote crash when auth-policy component is activated (CVE-2016-8652,#1401025) + +* Mon Oct 31 2016 Michal Hlavinka - 1:2.2.26.0-1 +- dovecot updated to 2.2.26.0, pigeonhole updated to 0.4.16 +- master process's listener socket was leaked to all child processes. + This might have allowed untrusted processes to capture and prevent + "doveadm service stop" comands from working. +- login proxy: Fixed crash when outgoing SSL connections were hanging. +- auth: userdb fields weren't passed to auth-workers, so %{userdb:*} + from previous userdbs didn't work there. +- auth: Fixed auth_bind=yes + sasl_bind=yes to work together +- lmtp: %{userdb:*} variables didn't work in mail_log_prefix +- Fixed writing >2GB to iostream-temp files (used by fs-compress, + fs-metawrap, doveadm-http) +- fts-solr: Fixed searching multiple mailboxes +- and more... + * Mon Jul 04 2016 Michal Hlavinka - 1:2.2.25-1 - dovecot updated to 2.2.25 - doveadm backup was sometimes deleting entire mailboxes unnecessarily. diff --git a/sources b/sources index 696c213..7e35512 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -8f62ea76489c47c369cbbe0b19818448 dovecot-2.2.25.tar.gz -27e47fb731f2948d6905b12b6184705f dovecot-2.2-pigeonhole-0.4.14.tar.gz +SHA512 (dovecot-2.2.33.2.tar.gz) = 028910a4d02b1630f1ada4d1c45fcc3ea2057969db7078a78d46e2a578b4dceaf8be0ac8de4a613b4890019e721871f2d366ec651db658da4cc72977d3e09931 +SHA512 (dovecot-2.2-pigeonhole-0.4.21.tar.gz) = 4751f449ede1b05173c706b414ebf9f7f670ff78589ce6f0b687c32c9abe6dae8b3064ed1b20e893d9ec0147b0139ce479e1d74ebe94747c33f2d8ca177912de