From baf95f9146b9de51ef435e8b330e457cbf9cd03e Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 31 Oct 2016 16:24:54 +0100 Subject: [PATCH 01/13] dovecot updated to 2.2.26.0, pigeonhole updated to 0.4.16 - master process's listener socket was leaked to all child processes. This might have allowed untrusted processes to capture and prevent "doveadm service stop" comands from working. - login proxy: Fixed crash when outgoing SSL connections were hanging. - auth: userdb fields weren't passed to auth-workers, so %{userdb:*} from previous userdbs didn't work there. - auth: Fixed auth_bind=yes + sasl_bind=yes to work together - lmtp: %{userdb:*} variables didn't work in mail_log_prefix - Fixed writing >2GB to iostream-temp files (used by fs-compress, fs-metawrap, doveadm-http) - fts-solr: Fixed searching multiple mailboxes - and more... --- .gitignore | 2 ++ dovecot-2.2.22-systemd_w_protectsystem.patch | 3 ++- dovecot.spec | 19 +++++++++++++++++-- sources | 4 ++-- 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 275d452..619a904 100644 --- a/.gitignore +++ b/.gitignore @@ -103,3 +103,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.24.tar.gz /dovecot-2.2-pigeonhole-0.4.14.tar.gz /dovecot-2.2.25.tar.gz +/dovecot-2.2.26.0.tar.gz +/dovecot-2.2-pigeonhole-0.4.16.tar.gz diff --git a/dovecot-2.2.22-systemd_w_protectsystem.patch b/dovecot-2.2.22-systemd_w_protectsystem.patch index bc69e10..10fe4b8 100644 --- a/dovecot-2.2.22-systemd_w_protectsystem.patch +++ b/dovecot-2.2.22-systemd_w_protectsystem.patch @@ -4,8 +4,9 @@ diff -up dovecot-2.2.22/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.2 @@ -33,7 +33,7 @@ ExecStop=@bindir@/doveadm stop PrivateTmp=true NonBlocking=yes - # Enable this if your systemd is new enough to support it: +-# Enable this if your systemd is new enough to support it: -#ProtectSystem=full ++# Enable this if your systemd is new enough to support it: (it will make /usr /boot /etc read only for dovecot) +ProtectSystem=full [Install] diff --git a/dovecot.spec b/dovecot.spec index e94eda0..64a780f 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.25 +Version: 2.2.26.0 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.14 +%global pigeonholever 0.4.16 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -481,6 +481,21 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Oct 31 2016 Michal Hlavinka - 1:2.2.26.0-1 +- dovecot updated to 2.2.26.0, pigeonhole updated to 0.4.16 +- master process's listener socket was leaked to all child processes. + This might have allowed untrusted processes to capture and prevent + "doveadm service stop" comands from working. +- login proxy: Fixed crash when outgoing SSL connections were hanging. +- auth: userdb fields weren't passed to auth-workers, so %{userdb:*} + from previous userdbs didn't work there. +- auth: Fixed auth_bind=yes + sasl_bind=yes to work together +- lmtp: %{userdb:*} variables didn't work in mail_log_prefix +- Fixed writing >2GB to iostream-temp files (used by fs-compress, + fs-metawrap, doveadm-http) +- fts-solr: Fixed searching multiple mailboxes +- and more... + * Mon Jul 04 2016 Michal Hlavinka - 1:2.2.25-1 - dovecot updated to 2.2.25 - doveadm backup was sometimes deleting entire mailboxes unnecessarily. diff --git a/sources b/sources index 696c213..4112778 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -8f62ea76489c47c369cbbe0b19818448 dovecot-2.2.25.tar.gz -27e47fb731f2948d6905b12b6184705f dovecot-2.2-pigeonhole-0.4.14.tar.gz +85bc42328de41d1eb8d6d3f1db666db8 dovecot-2.2.26.0.tar.gz +e03eed707b39cffc4b2a82867de45d9c dovecot-2.2-pigeonhole-0.4.16.tar.gz From 41814b82932c75b4536cc0ce710ad5a3f5744f32 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 2 Dec 2016 17:56:01 +0100 Subject: [PATCH 02/13] fix remote crash when auth-policy component is activated (CVE-2016-8652,#1401025) --- dovecot-2.2.26-CVE-2016-8652a.patch | 28 +++++++++++++ dovecot-2.2.26-CVE-2016-8652b.patch | 64 +++++++++++++++++++++++++++++ dovecot.spec | 11 ++++- 3 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.2.26-CVE-2016-8652a.patch create mode 100644 dovecot-2.2.26-CVE-2016-8652b.patch diff --git a/dovecot-2.2.26-CVE-2016-8652a.patch b/dovecot-2.2.26-CVE-2016-8652a.patch new file mode 100644 index 0000000..2867856 --- /dev/null +++ b/dovecot-2.2.26-CVE-2016-8652a.patch @@ -0,0 +1,28 @@ +From 1f2c35da2b96905bec6e45f88af0f33ee63789e6 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi +Date: Wed, 23 Nov 2016 13:16:19 +0200 +Subject: [PATCH] auth: Fix auth-policy crash when username is NULL + +If SASL request is invalid, or incomplete, and username +is left NULL, handle it gracefully by adding just +NUL byte in auth policy digest for username. +--- + src/auth/auth-policy.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c +index c7faa3c..86b31f1 100755 +--- a/src/auth/auth-policy.c ++++ b/src/auth/auth-policy.c +@@ -442,7 +442,10 @@ void auth_policy_create_json(struct policy_lookup_ctx *context, + context->set->policy_hash_nonce, + strlen(context->set->policy_hash_nonce)); + /* use +1 to make sure \0 gets included */ +- digest->loop(ctx, context->request->user, strlen(context->request->user) + 1); ++ if (context->request->user == NULL) ++ digest->loop(ctx, "\0", 1); ++ else ++ digest->loop(ctx, context->request->user, strlen(context->request->user) + 1); + if (password != NULL) + digest->loop(ctx, password, strlen(password)); + ptr = (unsigned char*)str_c_modifiable(buffer); diff --git a/dovecot-2.2.26-CVE-2016-8652b.patch b/dovecot-2.2.26-CVE-2016-8652b.patch new file mode 100644 index 0000000..c5ff72a --- /dev/null +++ b/dovecot-2.2.26-CVE-2016-8652b.patch @@ -0,0 +1,64 @@ +From 2c3f37672277b1f73f84722802aaa0ab1ab3e413 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Wed, 23 Nov 2016 15:57:03 +0200 +Subject: [PATCH] auth: Don't crash expanding %variables when username isn't + set. + +This continues the auth-policy fix in +c3d3faa4f72a676e183f34be960cff13a5a725ae +--- + src/auth/auth-request-var-expand.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c +index 4f256c0..a04a4d9 100644 +--- a/src/auth/auth-request-var-expand.c ++++ b/src/auth/auth-request-var-expand.c +@@ -72,7 +72,7 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, + const unsigned int auth_count = + N_ELEMENTS(auth_request_var_expand_static_tab); + struct var_expand_table *tab, *ret_tab; +- const char *orig_user, *auth_user; ++ const char *orig_user, *auth_user, *username; + + if (escape_func == NULL) + escape_func = escape_none; +@@ -87,10 +87,11 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, + memcpy(tab, auth_request_var_expand_static_tab, + auth_count * sizeof(*tab)); + +- tab[0].value = escape_func(auth_request->user, auth_request); +- tab[1].value = escape_func(t_strcut(auth_request->user, '@'), ++ username = auth_request->user != NULL ? auth_request->user : ""; ++ tab[0].value = escape_func(username, auth_request); ++ tab[1].value = escape_func(t_strcut(username, '@'), + auth_request); +- tab[2].value = strchr(auth_request->user, '@'); ++ tab[2].value = strchr(username, '@'); + if (tab[2].value != NULL) + tab[2].value = escape_func(tab[2].value+1, auth_request); + tab[3].value = escape_func(auth_request->service, auth_request); +@@ -138,12 +139,12 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, + tab[20].value = net_ip2addr(&auth_request->real_remote_ip); + tab[21].value = dec2str(auth_request->real_local_port); + tab[22].value = dec2str(auth_request->real_remote_port); +- tab[23].value = strchr(auth_request->user, '@'); ++ tab[23].value = strchr(username, '@'); + if (tab[23].value != NULL) { + tab[23].value = escape_func(t_strcut(tab[23].value+1, '@'), + auth_request); + } +- tab[24].value = strrchr(auth_request->user, '@'); ++ tab[24].value = strrchr(username, '@'); + if (tab[24].value != NULL) + tab[24].value = escape_func(tab[24].value+1, auth_request); + tab[25].value = auth_request->master_user == NULL ? NULL : +@@ -152,7 +153,7 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, + dec2str(auth_request->session_pid); + + orig_user = auth_request->original_username != NULL ? +- auth_request->original_username : auth_request->user; ++ auth_request->original_username : username; + tab[27].value = escape_func(orig_user, auth_request); + tab[28].value = escape_func(t_strcut(orig_user, '@'), auth_request); + tab[29].value = strchr(orig_user, '@'); diff --git a/dovecot.spec b/dovecot.spec index 64a780f..58b3df2 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.26.0 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -34,6 +34,10 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch +# 2x from upstream, for dovecot < 2.2.27, rhbz#1401025 +Patch10: dovecot-2.2.26-CVE-2016-8652a.patch +Patch11: dovecot-2.2.26-CVE-2016-8652b.patch + Source15: prestartscript BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -129,6 +133,8 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem +%patch10 -p1 -b .CVE-2016-8652a +%patch11 -p1 -b .CVE-2016-8652b #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -481,6 +487,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Fri Dec 02 2016 Michal Hlavinka - 1:2.2.26.0-2 +- fix remote crash when auth-policy component is activated (CVE-2016-8652,#1401025) + * Mon Oct 31 2016 Michal Hlavinka - 1:2.2.26.0-1 - dovecot updated to 2.2.26.0, pigeonhole updated to 0.4.16 - master process's listener socket was leaked to all child processes. From 8b09166cdf78f26fdbd99790c7d00e72cb9eab8a Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 5 Dec 2016 10:42:26 +0100 Subject: [PATCH 03/13] Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set. - director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts. - Index files may have been thought incorrectly lost, causing "Missing middle file seq=.." to be logged and index rebuild. This happened more easily with IMAP hibernation enabled. - Various fixes to restoring state correctly in un-hibernation. - dovecot.index files were commonly 4 bytes per email too large. This is because 3 bytes per email were being wasted that could have been used for IMAP keywords. - Various fixes to handle dovecot.list.index corruption better. - lib-fts: Fixed assert-crash in address tokenizer with specific input. - Fixed assert-crash in HTML to text parsing with specific input (e.g. for FTS indexing or snippet generation) - doveadm sync -1: Fixed handling mailbox GUID conflicts. - sdbox, mdbox: Perform full index rebuild if corruption is detected inside lib-index, which runs index fsck. - quota: Don't skip quota checks when moving mails between different quota roots. - search: Multiple sequence sets or UID sets in search parameters weren't handled correctly. They were incorrectly merged together. --- .gitignore | 1 + dovecot-1.0.rc7-mkcert-paths.patch | 9 ++-- dovecot-2.2.26-CVE-2016-8652a.patch | 28 ------------- dovecot-2.2.26-CVE-2016-8652b.patch | 64 ----------------------------- dovecot.spec | 37 +++++++++++++---- sources | 2 +- 6 files changed, 36 insertions(+), 105 deletions(-) delete mode 100644 dovecot-2.2.26-CVE-2016-8652a.patch delete mode 100644 dovecot-2.2.26-CVE-2016-8652b.patch diff --git a/.gitignore b/.gitignore index 619a904..f811ba3 100644 --- a/.gitignore +++ b/.gitignore @@ -105,3 +105,4 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.25.tar.gz /dovecot-2.2.26.0.tar.gz /dovecot-2.2-pigeonhole-0.4.16.tar.gz +/dovecot-2.2.27.tar.gz diff --git a/dovecot-1.0.rc7-mkcert-paths.patch b/dovecot-1.0.rc7-mkcert-paths.patch index 91ab41f..e8354e5 100644 --- a/dovecot-1.0.rc7-mkcert-paths.patch +++ b/dovecot-1.0.rc7-mkcert-paths.patch @@ -1,8 +1,9 @@ ---- dovecot-1.0.rc7/doc/mkcert.sh.mkcert-paths 2006-10-04 11:34:46.000000000 +0200 -+++ dovecot-1.0.rc7/doc/mkcert.sh 2006-10-04 11:35:31.000000000 +0200 -@@ -4,8 +4,8 @@ - # Edit dovecot-openssl.cnf before running this. +diff -up dovecot-2.2.27/doc/mkcert.sh.mkcert-paths dovecot-2.2.27/doc/mkcert.sh +--- dovecot-2.2.27/doc/mkcert.sh.mkcert-paths 2016-12-05 10:26:07.913515286 +0100 ++++ dovecot-2.2.27/doc/mkcert.sh 2016-12-05 10:28:25.439634417 +0100 +@@ -5,8 +5,8 @@ + umask 077 OPENSSL=${OPENSSL-openssl} -SSLDIR=${SSLDIR-/etc/ssl} -OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} diff --git a/dovecot-2.2.26-CVE-2016-8652a.patch b/dovecot-2.2.26-CVE-2016-8652a.patch deleted file mode 100644 index 2867856..0000000 --- a/dovecot-2.2.26-CVE-2016-8652a.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 1f2c35da2b96905bec6e45f88af0f33ee63789e6 Mon Sep 17 00:00:00 2001 -From: Aki Tuomi -Date: Wed, 23 Nov 2016 13:16:19 +0200 -Subject: [PATCH] auth: Fix auth-policy crash when username is NULL - -If SASL request is invalid, or incomplete, and username -is left NULL, handle it gracefully by adding just -NUL byte in auth policy digest for username. ---- - src/auth/auth-policy.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c -index c7faa3c..86b31f1 100755 ---- a/src/auth/auth-policy.c -+++ b/src/auth/auth-policy.c -@@ -442,7 +442,10 @@ void auth_policy_create_json(struct policy_lookup_ctx *context, - context->set->policy_hash_nonce, - strlen(context->set->policy_hash_nonce)); - /* use +1 to make sure \0 gets included */ -- digest->loop(ctx, context->request->user, strlen(context->request->user) + 1); -+ if (context->request->user == NULL) -+ digest->loop(ctx, "\0", 1); -+ else -+ digest->loop(ctx, context->request->user, strlen(context->request->user) + 1); - if (password != NULL) - digest->loop(ctx, password, strlen(password)); - ptr = (unsigned char*)str_c_modifiable(buffer); diff --git a/dovecot-2.2.26-CVE-2016-8652b.patch b/dovecot-2.2.26-CVE-2016-8652b.patch deleted file mode 100644 index c5ff72a..0000000 --- a/dovecot-2.2.26-CVE-2016-8652b.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 2c3f37672277b1f73f84722802aaa0ab1ab3e413 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Wed, 23 Nov 2016 15:57:03 +0200 -Subject: [PATCH] auth: Don't crash expanding %variables when username isn't - set. - -This continues the auth-policy fix in -c3d3faa4f72a676e183f34be960cff13a5a725ae ---- - src/auth/auth-request-var-expand.c | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c -index 4f256c0..a04a4d9 100644 ---- a/src/auth/auth-request-var-expand.c -+++ b/src/auth/auth-request-var-expand.c -@@ -72,7 +72,7 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, - const unsigned int auth_count = - N_ELEMENTS(auth_request_var_expand_static_tab); - struct var_expand_table *tab, *ret_tab; -- const char *orig_user, *auth_user; -+ const char *orig_user, *auth_user, *username; - - if (escape_func == NULL) - escape_func = escape_none; -@@ -87,10 +87,11 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, - memcpy(tab, auth_request_var_expand_static_tab, - auth_count * sizeof(*tab)); - -- tab[0].value = escape_func(auth_request->user, auth_request); -- tab[1].value = escape_func(t_strcut(auth_request->user, '@'), -+ username = auth_request->user != NULL ? auth_request->user : ""; -+ tab[0].value = escape_func(username, auth_request); -+ tab[1].value = escape_func(t_strcut(username, '@'), - auth_request); -- tab[2].value = strchr(auth_request->user, '@'); -+ tab[2].value = strchr(username, '@'); - if (tab[2].value != NULL) - tab[2].value = escape_func(tab[2].value+1, auth_request); - tab[3].value = escape_func(auth_request->service, auth_request); -@@ -138,12 +139,12 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, - tab[20].value = net_ip2addr(&auth_request->real_remote_ip); - tab[21].value = dec2str(auth_request->real_local_port); - tab[22].value = dec2str(auth_request->real_remote_port); -- tab[23].value = strchr(auth_request->user, '@'); -+ tab[23].value = strchr(username, '@'); - if (tab[23].value != NULL) { - tab[23].value = escape_func(t_strcut(tab[23].value+1, '@'), - auth_request); - } -- tab[24].value = strrchr(auth_request->user, '@'); -+ tab[24].value = strrchr(username, '@'); - if (tab[24].value != NULL) - tab[24].value = escape_func(tab[24].value+1, auth_request); - tab[25].value = auth_request->master_user == NULL ? NULL : -@@ -152,7 +153,7 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, - dec2str(auth_request->session_pid); - - orig_user = auth_request->original_username != NULL ? -- auth_request->original_username : auth_request->user; -+ auth_request->original_username : username; - tab[27].value = escape_func(orig_user, auth_request); - tab[28].value = escape_func(t_strcut(orig_user, '@'), auth_request); - tab[29].value = strchr(orig_user, '@'); diff --git a/dovecot.spec b/dovecot.spec index 58b3df2..a143afc 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.26.0 +Version: 2.2.27 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -34,10 +34,6 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch -# 2x from upstream, for dovecot < 2.2.27, rhbz#1401025 -Patch10: dovecot-2.2.26-CVE-2016-8652a.patch -Patch11: dovecot-2.2.26-CVE-2016-8652b.patch - Source15: prestartscript BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel @@ -133,8 +129,6 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -%patch10 -p1 -b .CVE-2016-8652a -%patch11 -p1 -b .CVE-2016-8652b #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -146,6 +140,7 @@ export CFLAGS="%{__global_cflags} -fno-strict-aliasing" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}" # el6 autoconf too old to regen; use packaged files (#1082384) %if %{?fedora}00%{?rhel} > 6 +mkdir -p m4 autoreconf -I . -fiv #required for aarch64 support %endif %configure \ @@ -424,6 +419,8 @@ make check %{_libdir}/dovecot/libdriver_sqlite.so %{_libdir}/dovecot/libssl_iostream_openssl.so %{_libdir}/dovecot/libfs_compress.so +%{_libdir}/dovecot/libfs_crypt.so +%{_libdir}/dovecot/libfs_mail_crypt.so %{_libdir}/dovecot/libdcrypt_openssl.so %dir %{_libdir}/dovecot/settings @@ -487,6 +484,30 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Dec 05 2016 Michal Hlavinka - 1:2.2.27-1 +- Fixed crash in auth process when auth-policy was configured and + authentication was aborted/failed without a username set. +- director: If two users had different tags but the same hash, + the users may have been redirected to the wrong tag's hosts. +- Index files may have been thought incorrectly lost, causing + "Missing middle file seq=.." to be logged and index rebuild. + This happened more easily with IMAP hibernation enabled. +- Various fixes to restoring state correctly in un-hibernation. +- dovecot.index files were commonly 4 bytes per email too large. This + is because 3 bytes per email were being wasted that could have been + used for IMAP keywords. +- Various fixes to handle dovecot.list.index corruption better. +- lib-fts: Fixed assert-crash in address tokenizer with specific input. +- Fixed assert-crash in HTML to text parsing with specific input + (e.g. for FTS indexing or snippet generation) +- doveadm sync -1: Fixed handling mailbox GUID conflicts. +- sdbox, mdbox: Perform full index rebuild if corruption is detected + inside lib-index, which runs index fsck. +- quota: Don't skip quota checks when moving mails between different + quota roots. +- search: Multiple sequence sets or UID sets in search parameters + weren't handled correctly. They were incorrectly merged together. + * Fri Dec 02 2016 Michal Hlavinka - 1:2.2.26.0-2 - fix remote crash when auth-policy component is activated (CVE-2016-8652,#1401025) diff --git a/sources b/sources index 4112778..dbc705a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -85bc42328de41d1eb8d6d3f1db666db8 dovecot-2.2.26.0.tar.gz +20133518f5bc0e64dd07ce55b83df2fb dovecot-2.2.27.tar.gz e03eed707b39cffc4b2a82867de45d9c dovecot-2.2-pigeonhole-0.4.16.tar.gz From 6a461c6ee579643d21332133d22178a9639a2abc Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 27 Feb 2017 11:03:29 +0100 Subject: [PATCH 04/13] dovecot updated to 2.2.28, pigeonhole to 0.4.17 auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them in lib-dsasl for client side. imap: SEARCH/SORT may have assert-crashed in client_check_command_hangs imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes. search: Using NOT n:* or NOT UID n:* wasn't handled correctly fts: fts_autoindex_exclude = \Special-use caused crashes doveadm-server: Fix leaks and other problems when process is reused for multiple requests (service_count != 1) sdbox: Fix assert-crash on mailbox create race lda/lmtp: deliver_log_format values weren't entirely correct if Sieve was used. especially %{storage_id} was broken. imapsieve plugin: Fixed assert failure occurring when used with virtual mailboxes. doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's string value. --- .gitignore | 2 ++ dovecot-2.2.22-systemd_w_protectsystem.patch | 13 +++++---- dovecot.spec | 30 ++++++++++++++++++-- sources | 4 +-- 4 files changed, 39 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index f811ba3..7bc1eff 100644 --- a/.gitignore +++ b/.gitignore @@ -106,3 +106,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.26.0.tar.gz /dovecot-2.2-pigeonhole-0.4.16.tar.gz /dovecot-2.2.27.tar.gz +/dovecot-2.2.28.tar.gz +/dovecot-2.2-pigeonhole-0.4.17.tar.gz diff --git a/dovecot-2.2.22-systemd_w_protectsystem.patch b/dovecot-2.2.22-systemd_w_protectsystem.patch index 10fe4b8..6fcddac 100644 --- a/dovecot-2.2.22-systemd_w_protectsystem.patch +++ b/dovecot-2.2.22-systemd_w_protectsystem.patch @@ -1,7 +1,8 @@ -diff -up dovecot-2.2.22/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.22/dovecot.service.in ---- dovecot-2.2.22/dovecot.service.in.systemd_w_protectsystem 2016-03-16 13:49:46.678894652 +0100 -+++ dovecot-2.2.22/dovecot.service.in 2016-03-16 13:49:46.690894592 +0100 -@@ -33,7 +33,7 @@ ExecStop=@bindir@/doveadm stop +diff -up dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.28/dovecot.service.in +--- dovecot-2.2.28/dovecot.service.in.systemd_w_protectsystem 2017-02-27 10:00:14.647423500 +0100 ++++ dovecot-2.2.28/dovecot.service.in 2017-02-27 10:02:18.051377067 +0100 +@@ -20,8 +20,8 @@ ExecReload=@bindir@/doveadm reload + ExecStop=@bindir@/doveadm stop PrivateTmp=true NonBlocking=yes -# Enable this if your systemd is new enough to support it: @@ -9,5 +10,5 @@ diff -up dovecot-2.2.22/dovecot.service.in.systemd_w_protectsystem dovecot-2.2.2 +# Enable this if your systemd is new enough to support it: (it will make /usr /boot /etc read only for dovecot) +ProtectSystem=full - [Install] - WantedBy=multi-user.target + # You can add environment variables with e.g.: + #Environment='CORE_OUTOFMEM=1' diff --git a/dovecot.spec b/dovecot.spec index a143afc..f4a5e43 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.27 +Version: 2.2.28 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.16 +%global pigeonholever 0.4.17 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -129,6 +129,7 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem + #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -484,6 +485,31 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Feb 27 2017 Michal Hlavinka - 1:2.2.28-1 +- dovecot updated to 2.2.28, pigeonhole to 0.4.17 +- auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them + in lib-dsasl for client side. +- imap: SEARCH/SORT may have assert-crashed in + client_check_command_hangs +- imap: FETCH X-MAILBOX may have assert-crashed in virtual mailboxes. +- search: Using NOT n:* or NOT UID n:* wasn't handled correctly +- fts: fts_autoindex_exclude = \Special-use caused crashes +- doveadm-server: Fix leaks and other problems when process is reused + for multiple requests (service_count != 1) +- sdbox: Fix assert-crash on mailbox create race +- lda/lmtp: deliver_log_format values weren't entirely correct if Sieve + was used. especially %{storage_id} was broken. +- imapsieve plugin: Fixed assert failure occurring when used with virtual + mailboxes. +- doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's + string value. + +* Fri Feb 10 2017 Fedora Release Engineering - 1:2.2.27-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Dec 14 2016 Than Ngo - 1:2.2.27-2 +- fixed bz#1403760, big endian issue + * Mon Dec 05 2016 Michal Hlavinka - 1:2.2.27-1 - Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set. diff --git a/sources b/sources index dbc705a..7d055e1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -20133518f5bc0e64dd07ce55b83df2fb dovecot-2.2.27.tar.gz -e03eed707b39cffc4b2a82867de45d9c dovecot-2.2-pigeonhole-0.4.16.tar.gz +SHA512 (dovecot-2.2.28.tar.gz) = 3f40eb52413130dd47da98470d797ede63db3296923c2888b48f1a021e473cfcad064671ad804037d101990457ee57def30f2c27010ede2d758f3d3cfd8ef741 +SHA512 (dovecot-2.2-pigeonhole-0.4.17.tar.gz) = 3ea6faebf04154649c32612f204e909aa131582c99867865bff3d3a78a75593d96109586eeb6403bc915046b8b6f02e8bacbf6cb6733ea186d2e1a209a7e2b79 From 3c18ac2a05edf8f9fe91a6f0ba74302e984c41ef Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 11 Apr 2017 14:00:18 +0200 Subject: [PATCH 05/13] dovecot updated to 2.2.29 fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28. trash plugin was broken in 2.2.28 auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs. auth: passdb { skip & mechanisms } were ignored for the first passdb oauth2: Various fixes, including fixes to crashes dsync: Large Sieve scripts (or other large metadata) weren't always synced. Index rebuild (e.g. doveadm force-resync) set all mails as \Recent imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). ACLs weren't applied to not-yet-existing autocreated mailboxes. Fixed a potential crash when parsing a broken message header. cassandra: Fallback consistency settings weren't working correctly. doveadm director status : "Initial config" was always empty imapc: Various reconnection fixes. --- .gitignore | 1 + ...64363a64cdfe9153eb6292d8923f38955d82.patch | 76 +++++++++++++++++++ dovecot.spec | 31 +++++++- sources | 2 +- 4 files changed, 107 insertions(+), 3 deletions(-) create mode 100644 dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch diff --git a/.gitignore b/.gitignore index 7bc1eff..de4355f 100644 --- a/.gitignore +++ b/.gitignore @@ -108,3 +108,4 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.27.tar.gz /dovecot-2.2.28.tar.gz /dovecot-2.2-pigeonhole-0.4.17.tar.gz +/dovecot-2.2.29.tar.gz diff --git a/dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch b/dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch new file mode 100644 index 0000000..95d8479 --- /dev/null +++ b/dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch @@ -0,0 +1,76 @@ +From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Mon, 10 Apr 2017 17:07:28 +0300 +Subject: [PATCH] lib-imap-client: Fix reconnection + +There was already code for reconnection. We just shouldn't have gone very +far in imapc_connection_connect() if we were still waiting for reconnection +delay to pass. +--- + src/lib-imap-client/imapc-connection.c | 25 +++++++++---------------- + 1 file changed, 9 insertions(+), 16 deletions(-) + +diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c +index 95067e6..6eaf1ab 100644 +--- a/src/lib-imap-client/imapc-connection.c ++++ b/src/lib-imap-client/imapc-connection.c +@@ -130,6 +130,7 @@ struct imapc_connection { + struct timeout *to_throttle, *to_throttle_shrink; + + unsigned int reconnecting:1; ++ unsigned int reconnect_waiting:1; + unsigned int reconnect_ok:1; + unsigned int idling:1; + unsigned int idle_stopping:1; +@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct imapc_connection *conn) + static void imapc_connection_reconnect(struct imapc_connection *conn) + { + conn->reconnect_ok = FALSE; ++ conn->reconnect_waiting = FALSE; + + if (conn->selected_box != NULL) + imapc_client_mailbox_reconnect(conn->selected_box); +@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection *conn, + imapc_connection_disconnect_full(conn, TRUE); + conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn); + conn->reconnect_count++; ++ conn->reconnect_waiting = TRUE; + } + } + } +@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection *conn) + + if (conn->fd != -1 || conn->dns_lookup != NULL) + return; ++ if (conn->reconnect_waiting) { ++ /* wait for the reconnection delay to finish before ++ doing anything. */ ++ return; ++ } ++ + conn->reconnecting = FALSE; + /* if we get disconnected before we've finished all the pending + commands, don't reconnect */ +@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection *conn) + array_count(&conn->cmd_send_queue); + + imapc_connection_input_reset(conn); +- +- int msecs_since_last_connect = +- timeval_diff_msecs(&ioloop_timeval, &conn->last_connect); +- if (!conn->reconnect_ok && +- msecs_since_last_connect < (int)conn->client->set.connect_retry_interval_msecs) { +- if (conn->to != NULL) +- timeout_remove(&conn->to); +- conn->reconnecting = TRUE; +- imapc_connection_set_disconnected(conn); +- /* don't wait longer than necessary */ +- unsigned int delay_msecs = +- conn->client->set.connect_retry_interval_msecs - +- msecs_since_last_connect; +- conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn); +- return; +- } + conn->last_connect = ioloop_timeval; + + if (conn->client->set.debug) { diff --git a/dovecot.spec b/dovecot.spec index f4a5e43..e43f508 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.28 +Version: 2.2.29 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -33,6 +33,7 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch +Patch10: dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch Source15: prestartscript @@ -129,6 +130,7 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem +%patch10 -p1 -b .3a1c64363a64cdfe9153eb6292d8923f38955d82 #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -406,9 +408,10 @@ make check %{_libdir}/dovecot/doveadm %exclude %{_libdir}/dovecot/doveadm/*sieve* %{_libdir}/dovecot/*.so.* -#these (*.so files) are plugins, not a devel files +#these (*.so files) are plugins, not devel files %{_libdir}/dovecot/*_plugin.so %exclude %{_libdir}/dovecot/*_sieve_plugin.so +%{_libdir}/dovecot/auth/lib20_auth_var_expand_crypt.so %{_libdir}/dovecot/auth/libauthdb_imap.so %{_libdir}/dovecot/auth/libauthdb_ldap.so %{_libdir}/dovecot/auth/libmech_gssapi.so @@ -423,6 +426,8 @@ make check %{_libdir}/dovecot/libfs_crypt.so %{_libdir}/dovecot/libfs_mail_crypt.so %{_libdir}/dovecot/libdcrypt_openssl.so +%{_libdir}/dovecot/lib20_var_expand_crypt.so + %dir %{_libdir}/dovecot/settings %{_libexecdir}/%{name} @@ -485,6 +490,28 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Apr 11 2017 Michal Hlavinka - 1:2.2.29-1 +- dovecot updated to 2.2.29 +- fts-tika: Fixed crash when parsing attachment without + Content-Disposition header. Broken by 2.2.28. +- trash plugin was broken in 2.2.28 +- auth: When passdb/userdb lookups were done via auth-workers, too much + data was added to auth cache. This could have resulted in wrong + replies when using multiple passdbs/userdbs. +- auth: passdb { skip & mechanisms } were ignored for the first passdb +- oauth2: Various fixes, including fixes to crashes +- dsync: Large Sieve scripts (or other large metadata) weren't always + synced. +- Index rebuild (e.g. doveadm force-resync) set all mails as \Recent +- imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix +- doveadm: Exit codes weren't preserved when proxying commands via + doveadm-server. Almost all errors used exit code 75 (tempfail). +- ACLs weren't applied to not-yet-existing autocreated mailboxes. +- Fixed a potential crash when parsing a broken message header. +- cassandra: Fallback consistency settings weren't working correctly. +- doveadm director status : "Initial config" was always empty +- imapc: Various reconnection fixes. + * Mon Feb 27 2017 Michal Hlavinka - 1:2.2.28-1 - dovecot updated to 2.2.28, pigeonhole to 0.4.17 - auth: Support OAUTHBEARER and XOAUTH2 mechanisms. Also support them diff --git a/sources b/sources index 7d055e1..1d2f10c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.28.tar.gz) = 3f40eb52413130dd47da98470d797ede63db3296923c2888b48f1a021e473cfcad064671ad804037d101990457ee57def30f2c27010ede2d758f3d3cfd8ef741 +SHA512 (dovecot-2.2.29.tar.gz) = 75d3160d7ad5c4c753639bc0dc2eab4e91592e865081b94a71354a16a6ce3bb7a94dbb10191b9e4d18159eee95889fd4c07df2362637faa1357a5f5328ff002f SHA512 (dovecot-2.2-pigeonhole-0.4.17.tar.gz) = 3ea6faebf04154649c32612f204e909aa131582c99867865bff3d3a78a75593d96109586eeb6403bc915046b8b6f02e8bacbf6cb6733ea186d2e1a209a7e2b79 From 54cabefd5e57559c68af2e87334d48b528b91405 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Wed, 12 Apr 2017 16:07:36 +0200 Subject: [PATCH 06/13] dovecot updated to 2.2.29.1 dict-sql: Merging multiple UPDATEs to a single statement wasn't actually working. pigeonhole updated to 0.4.18 imapsieve plugin: Implemented the copy_source_after rule action. When this is enabled for a mailbox rule, the specified Sieve script is executed for the message in the source mailbox during a "COPY" event. This happens only after the Sieve script that is executed for the corresponding message in the destination mailbox finishes running successfully. imapsieve plugin: Added non-standard Sieve environment items for the source and destination mailbox. multiscript: The execution of the discard script had an implicit "keep", rather than an implicit "discard". --- .gitignore | 2 + ...64363a64cdfe9153eb6292d8923f38955d82.patch | 76 ------------------- dovecot.spec | 21 ++++- sources | 4 +- 4 files changed, 21 insertions(+), 82 deletions(-) delete mode 100644 dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch diff --git a/.gitignore b/.gitignore index de4355f..0eda740 100644 --- a/.gitignore +++ b/.gitignore @@ -109,3 +109,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.28.tar.gz /dovecot-2.2-pigeonhole-0.4.17.tar.gz /dovecot-2.2.29.tar.gz +/dovecot-2.2.29.1.tar.gz +/dovecot-2.2-pigeonhole-0.4.18.tar.gz diff --git a/dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch b/dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch deleted file mode 100644 index 95d8479..0000000 --- a/dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Mon, 10 Apr 2017 17:07:28 +0300 -Subject: [PATCH] lib-imap-client: Fix reconnection - -There was already code for reconnection. We just shouldn't have gone very -far in imapc_connection_connect() if we were still waiting for reconnection -delay to pass. ---- - src/lib-imap-client/imapc-connection.c | 25 +++++++++---------------- - 1 file changed, 9 insertions(+), 16 deletions(-) - -diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c -index 95067e6..6eaf1ab 100644 ---- a/src/lib-imap-client/imapc-connection.c -+++ b/src/lib-imap-client/imapc-connection.c -@@ -130,6 +130,7 @@ struct imapc_connection { - struct timeout *to_throttle, *to_throttle_shrink; - - unsigned int reconnecting:1; -+ unsigned int reconnect_waiting:1; - unsigned int reconnect_ok:1; - unsigned int idling:1; - unsigned int idle_stopping:1; -@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct imapc_connection *conn) - static void imapc_connection_reconnect(struct imapc_connection *conn) - { - conn->reconnect_ok = FALSE; -+ conn->reconnect_waiting = FALSE; - - if (conn->selected_box != NULL) - imapc_client_mailbox_reconnect(conn->selected_box); -@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection *conn, - imapc_connection_disconnect_full(conn, TRUE); - conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn); - conn->reconnect_count++; -+ conn->reconnect_waiting = TRUE; - } - } - } -@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection *conn) - - if (conn->fd != -1 || conn->dns_lookup != NULL) - return; -+ if (conn->reconnect_waiting) { -+ /* wait for the reconnection delay to finish before -+ doing anything. */ -+ return; -+ } -+ - conn->reconnecting = FALSE; - /* if we get disconnected before we've finished all the pending - commands, don't reconnect */ -@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection *conn) - array_count(&conn->cmd_send_queue); - - imapc_connection_input_reset(conn); -- -- int msecs_since_last_connect = -- timeval_diff_msecs(&ioloop_timeval, &conn->last_connect); -- if (!conn->reconnect_ok && -- msecs_since_last_connect < (int)conn->client->set.connect_retry_interval_msecs) { -- if (conn->to != NULL) -- timeout_remove(&conn->to); -- conn->reconnecting = TRUE; -- imapc_connection_set_disconnected(conn); -- /* don't wait longer than necessary */ -- unsigned int delay_msecs = -- conn->client->set.connect_retry_interval_msecs - -- msecs_since_last_connect; -- conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn); -- return; -- } - conn->last_connect = ioloop_timeval; - - if (conn->client->set.debug) { diff --git a/dovecot.spec b/dovecot.spec index e43f508..2e59517 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.29 +Version: 2.2.29.1 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.17 +%global pigeonholever 0.4.18 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -33,7 +33,6 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch -Patch10: dovecot-2.2.29-3a1c64363a64cdfe9153eb6292d8923f38955d82.patch Source15: prestartscript @@ -130,7 +129,6 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -%patch10 -p1 -b .3a1c64363a64cdfe9153eb6292d8923f38955d82 #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -490,6 +488,21 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Apr 12 2017 Michal Hlavinka - 1:2.2.29.1-1 +- dovecot updated to 2.2.29.1 +- dict-sql: Merging multiple UPDATEs to a single statement wasn't + actually working. +- pigeonhole updated to 0.4.18 +- imapsieve plugin: Implemented the copy_source_after rule action. When this + is enabled for a mailbox rule, the specified Sieve script is executed for + the message in the source mailbox during a "COPY" event. This happens only + after the Sieve script that is executed for the corresponding message in the + destination mailbox finishes running successfully. +- imapsieve plugin: Added non-standard Sieve environment items for the source + and destination mailbox. +- multiscript: The execution of the discard script had an implicit "keep", + rather than an implicit "discard". + * Tue Apr 11 2017 Michal Hlavinka - 1:2.2.29-1 - dovecot updated to 2.2.29 - fts-tika: Fixed crash when parsing attachment without diff --git a/sources b/sources index 1d2f10c..6c73cb0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.29.tar.gz) = 75d3160d7ad5c4c753639bc0dc2eab4e91592e865081b94a71354a16a6ce3bb7a94dbb10191b9e4d18159eee95889fd4c07df2362637faa1357a5f5328ff002f -SHA512 (dovecot-2.2-pigeonhole-0.4.17.tar.gz) = 3ea6faebf04154649c32612f204e909aa131582c99867865bff3d3a78a75593d96109586eeb6403bc915046b8b6f02e8bacbf6cb6733ea186d2e1a209a7e2b79 +SHA512 (dovecot-2.2.29.1.tar.gz) = 1e5ea6080ebe7dd4afe6fcfe8e98ed6d2ad2735655a18cc96e439dd044ccc3a1a6a80428bc746b4d6250820895d6a62121562e97e4b46c8b1cf88a19443bc111 +SHA512 (dovecot-2.2-pigeonhole-0.4.18.tar.gz) = 6f49a6a6435b0e4dcbe29f852ce17c016df2f367f5460301a2a2c6bd5f5ba6260b23bfe1c5e78b91c6041554ee67d1ce14ad3adf219505f692c61681d9e70cc4 From 3c24e61e82fb9e3c34dc763dff76206dca53bdfb Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 1 Jun 2017 16:56:45 +0200 Subject: [PATCH 07/13] dovecot updated to 2.2.30.1 More fixes to automatically fix corruption in dovecot.list.index dsync-server: Fix support for dsync_features=empty-header-workaround imapc: Various bugfixes, including infinite loops on some errors IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC. fts-lucene: Fix it to work again with mbox format Some internal error messages may have contained garbage in v2.2.29 mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used. Otherwise the copied mails can't be opened. --- .gitignore | 1 + dovecot.spec | 14 +++++++++++++- sources | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 0eda740..196dd4d 100644 --- a/.gitignore +++ b/.gitignore @@ -111,3 +111,4 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.29.tar.gz /dovecot-2.2.29.1.tar.gz /dovecot-2.2-pigeonhole-0.4.18.tar.gz +/dovecot-2.2.30.1.tar.gz diff --git a/dovecot.spec b/dovecot.spec index 2e59517..604141f 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.29.1 +Version: 2.2.30.1 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -488,6 +488,18 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Thu Jun 01 2017 Michal Hlavinka - 1:2.2.30.1-1 +- dovecot updated to 2.2.30.1 +- More fixes to automatically fix corruption in dovecot.list.index +- dsync-server: Fix support for dsync_features=empty-header-workaround +- imapc: Various bugfixes, including infinite loops on some errors +- IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't + enabled modseq tracking via CONDSTORE/QRESYNC. +- fts-lucene: Fix it to work again with mbox format +- Some internal error messages may have contained garbage in v2.2.29 +- mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys + are used. Otherwise the copied mails can't be opened. + * Wed Apr 12 2017 Michal Hlavinka - 1:2.2.29.1-1 - dovecot updated to 2.2.29.1 - dict-sql: Merging multiple UPDATEs to a single statement wasn't diff --git a/sources b/sources index 6c73cb0..6f5c43b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.29.1.tar.gz) = 1e5ea6080ebe7dd4afe6fcfe8e98ed6d2ad2735655a18cc96e439dd044ccc3a1a6a80428bc746b4d6250820895d6a62121562e97e4b46c8b1cf88a19443bc111 +SHA512 (dovecot-2.2.30.1.tar.gz) = f95e85093e1f671b1e9d067974880eaaf8ab021df1f6d298977c40146a1db2a2b71b4029842785ffaae1aeedec83b2218ff03112537045e08dfc7c845f9e27c3 SHA512 (dovecot-2.2-pigeonhole-0.4.18.tar.gz) = 6f49a6a6435b0e4dcbe29f852ce17c016df2f367f5460301a2a2c6bd5f5ba6260b23bfe1c5e78b91c6041554ee67d1ce14ad3adf219505f692c61681d9e70cc4 From f7b6f3641d5b5575b5e53816c3fc9bb3b98b2701 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 8 Jun 2017 15:27:02 +0200 Subject: [PATCH 08/13] dovecot updated to 2.2.30.2 auth: Multiple failed authentications within short time caused crashes push-notification: OX driver crashed at deinit --- .gitignore | 1 + dovecot.spec | 7 ++++++- sources | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 196dd4d..b9003e2 100644 --- a/.gitignore +++ b/.gitignore @@ -112,3 +112,4 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.29.1.tar.gz /dovecot-2.2-pigeonhole-0.4.18.tar.gz /dovecot-2.2.30.1.tar.gz +/dovecot-2.2.30.2.tar.gz diff --git a/dovecot.spec b/dovecot.spec index 604141f..6b47072 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.30.1 +Version: 2.2.30.2 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -488,6 +488,11 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Wed Jun 07 2017 Michal Hlavinka - 1:2.2.30.2-1 +- dovecot updated to 2.2.30.2 +- auth: Multiple failed authentications within short time caused crashes +- push-notification: OX driver crashed at deinit + * Thu Jun 01 2017 Michal Hlavinka - 1:2.2.30.1-1 - dovecot updated to 2.2.30.1 - More fixes to automatically fix corruption in dovecot.list.index diff --git a/sources b/sources index 6f5c43b..20dba4a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.30.1.tar.gz) = f95e85093e1f671b1e9d067974880eaaf8ab021df1f6d298977c40146a1db2a2b71b4029842785ffaae1aeedec83b2218ff03112537045e08dfc7c845f9e27c3 +SHA512 (dovecot-2.2.30.2.tar.gz) = 740118e3081864234168593bd83f2f5e7b9f5c7cefff3a3a7795369cf791f300c0881fbfacae2c76c0bb42e366ad26e7613c487708d113b19887ebe869d711ea SHA512 (dovecot-2.2-pigeonhole-0.4.18.tar.gz) = 6f49a6a6435b0e4dcbe29f852ce17c016df2f367f5460301a2a2c6bd5f5ba6260b23bfe1c5e78b91c6041554ee67d1ce14ad3adf219505f692c61681d9e70cc4 From 8527e512323959f6b8cee087f79beb979fcbd8bf Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 27 Jun 2017 12:20:08 +0200 Subject: [PATCH 09/13] dovecot updated to 2.2.31 Various fixes to handling mailbox listing. Especially related to handling nonexistent autocreated/autosubscribed mailboxes and ACLs. Global ACL file was parsed as if it was local ACL file. This caused some of the ACL rule interactions to not work exactly as intended. Using mail_sort_max_read_count may have caused very high CPU usage. Message address parsing could have crashed on invalid input. imapc_features=fetch-headers wasn't always working correctly and caused the full header to be fetched. imapc: Various bugfixes related to connection failure handling. quota=count: quota_warning = -storage=.. was never executed quota=count: Add support for "ns" parameter dsync: Fix incremental syncing for mails that don't have Date or Message-ID headers. imap: Fix hang when client sends pipelined SEARCH + EXPUNGE/CLOSE/LOGOUT. oauth2: Token validation didn't accept empty server responses. imap: NOTIFY command has been almost completely broken since the beginning. pigeonhole updated to 0.4.19 Fixed bug in handling of implicit keep in some cases. include extension: Fixed segfault that (sometimes) occurred when the global script location was left unconfigured. --- .gitignore | 2 ++ dovecot.spec | 29 +++++++++++++++++++++++++++-- sources | 4 ++-- 3 files changed, 31 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b9003e2..e659068 100644 --- a/.gitignore +++ b/.gitignore @@ -113,3 +113,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2-pigeonhole-0.4.18.tar.gz /dovecot-2.2.30.1.tar.gz /dovecot-2.2.30.2.tar.gz +/dovecot-2.2.31.tar.gz +/dovecot-2.2-pigeonhole-0.4.19.tar.gz diff --git a/dovecot.spec b/dovecot.spec index 6b47072..39f26d3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,7 +3,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.30.2 +Version: 2.2.31 %global prever %{nil} Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.18 +%global pigeonholever 0.4.19 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -488,6 +488,31 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jun 27 2017 Michal Hlavinka - 1:2.2.31-1 +- dovecot updated to 2.2.31 +- Various fixes to handling mailbox listing. Especially related to + handling nonexistent autocreated/autosubscribed mailboxes and ACLs. +- Global ACL file was parsed as if it was local ACL file. This caused + some of the ACL rule interactions to not work exactly as intended. +- Using mail_sort_max_read_count may have caused very high CPU usage. +- Message address parsing could have crashed on invalid input. +- imapc_features=fetch-headers wasn't always working correctly and + caused the full header to be fetched. +- imapc: Various bugfixes related to connection failure handling. +- quota=count: quota_warning = -storage=.. was never executed +- quota=count: Add support for "ns" parameter +- dsync: Fix incremental syncing for mails that don't have Date or + Message-ID headers. +- imap: Fix hang when client sends pipelined SEARCH + + EXPUNGE/CLOSE/LOGOUT. +- oauth2: Token validation didn't accept empty server responses. +- imap: NOTIFY command has been almost completely broken since the + beginning. +- pigeonhole updated to 0.4.19 +- Fixed bug in handling of implicit keep in some cases. +- include extension: Fixed segfault that (sometimes) occurred when the + global script location was left unconfigured. + * Wed Jun 07 2017 Michal Hlavinka - 1:2.2.30.2-1 - dovecot updated to 2.2.30.2 - auth: Multiple failed authentications within short time caused crashes diff --git a/sources b/sources index 20dba4a..ebcda8b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.30.2.tar.gz) = 740118e3081864234168593bd83f2f5e7b9f5c7cefff3a3a7795369cf791f300c0881fbfacae2c76c0bb42e366ad26e7613c487708d113b19887ebe869d711ea -SHA512 (dovecot-2.2-pigeonhole-0.4.18.tar.gz) = 6f49a6a6435b0e4dcbe29f852ce17c016df2f367f5460301a2a2c6bd5f5ba6260b23bfe1c5e78b91c6041554ee67d1ce14ad3adf219505f692c61681d9e70cc4 +SHA512 (dovecot-2.2.31.tar.gz) = 071797e260a75de9117b03c0fa9d903de82b1f1c039c2aece2d7313587e6673c49174bfce17b80fe3f3725fcbc42ed3a1bd1f1c22efef5bc016752277eff3266 +SHA512 (dovecot-2.2-pigeonhole-0.4.19.tar.gz) = c1211a3c65b25995770309c427ec5cd888ddb962f2f64884640163b492a11ffa8937aac1eb66d25e48f0e00131da1cc98c1cb307781576780de47b8816333ff1 From 42c687501b27ba7534bcb4c81a3fb2a5e42e970e Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 4 Jul 2017 09:58:12 +0200 Subject: [PATCH 10/13] revert commit breaking NOTIFY support --- dovecot-2.2.31-notifyrevert.patch | 28 ++++++++++++++++++++++++++++ dovecot.spec | 7 ++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.2.31-notifyrevert.patch diff --git a/dovecot-2.2.31-notifyrevert.patch b/dovecot-2.2.31-notifyrevert.patch new file mode 100644 index 0000000..a0fa251 --- /dev/null +++ b/dovecot-2.2.31-notifyrevert.patch @@ -0,0 +1,28 @@ +From 64d2efdc4b0bdf92249840e9db89b91c8dc0f3a3 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Sat, 17 Jun 2017 14:38:22 +0300 +Subject: [PATCH] imap: Fix NOTIFY to parse more than just the first + event-group + +--- + src/imap/cmd-notify.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c +index 4c6aad975..94cf103b8 100644 +--- a/src/imap/cmd-notify.c ++++ b/src/imap/cmd-notify.c +@@ -292,10 +292,10 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) + ctx->send_immediate_status = TRUE; + args++; + } ++ for (; args->type != IMAP_ARG_EOL; args++) { ++ if (!imap_arg_get_list(args, &event_group)) ++ return -1; + +- if (!imap_arg_get_list(args, &event_group)) +- return -1; +- for (; event_group->type != IMAP_ARG_EOL; event_group++) { + /* filter-mailboxes */ + if (!imap_arg_get_atom(event_group, &filter_mailboxes)) + return -1; diff --git a/dovecot.spec b/dovecot.spec index 39f26d3..6112285 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.31 %global prever %{nil} -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -33,6 +33,7 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch +Patch10: dovecot-2.2.31-notifyrevert.patch Source15: prestartscript @@ -129,6 +130,7 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem +%patch10 -p1 -b .notifyrevert #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -488,6 +490,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jul 04 2017 Michal Hlavinka - 1:2.2.31-2 +- revert commit breaking NOTIFY support + * Tue Jun 27 2017 Michal Hlavinka - 1:2.2.31-1 - dovecot updated to 2.2.31 - Various fixes to handling mailbox listing. Especially related to From a7df5d05816dfbe791cb1418caab528b75ca938f Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 11 Jul 2017 15:20:28 +0200 Subject: [PATCH 11/13] enable tcpwrap support (#1450587) --- dovecot.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/dovecot.spec b/dovecot.spec index 6112285..774e8e9 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.31 %global prever %{nil} -Release: 2%{?dist} +Release: 3%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -46,6 +46,7 @@ BuildRequires: openldap-devel BuildRequires: krb5-devel BuildRequires: quota-devel BuildRequires: xz-devel +BuildRequires: tcp_wrappers-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV @@ -162,6 +163,7 @@ autoreconf -I . -fiv #required for aarch64 support --with-sqlite \ --with-zlib \ --with-libcap \ + --with-libwrap \ %if %{?fedora}0 > 150 || %{?rhel}0 >60 --with-lucene \ %endif @@ -490,6 +492,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Jul 11 2017 Michal Hlavinka - 1:2.2.31-3 +- enable tcpwrap support (#1450587) + * Tue Jul 04 2017 Michal Hlavinka - 1:2.2.31-2 - revert commit breaking NOTIFY support From 11305cf822d3412dd4ff621b8f9d1da5cfc1f1f5 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Mon, 28 Aug 2017 15:58:57 +0200 Subject: [PATCH 12/13] pigeonhole updated to 0.4.20 Made the retention period for redirect duplicate identifiers configurable. Changed the default retention period from 24 to 12 hours. sieve-filter: Fixed memory leak: forgot to clean up script binary at end of execution managesieve-login: Fixed handling of AUTHENTICATE command. A second authenticate command would be parsed wrong. --- .gitignore | 2 ++ dovecot-2.2.31-notifyrevert.patch | 28 ---------------------- dovecot.spec | 40 +++++++++++++++++++++++++++---- sources | 4 ++-- 4 files changed, 39 insertions(+), 35 deletions(-) delete mode 100644 dovecot-2.2.31-notifyrevert.patch diff --git a/.gitignore b/.gitignore index e659068..fcc1ff0 100644 --- a/.gitignore +++ b/.gitignore @@ -115,3 +115,5 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2.30.2.tar.gz /dovecot-2.2.31.tar.gz /dovecot-2.2-pigeonhole-0.4.19.tar.gz +/dovecot-2.2.32.tar.gz +/dovecot-2.2-pigeonhole-0.4.20.tar.gz diff --git a/dovecot-2.2.31-notifyrevert.patch b/dovecot-2.2.31-notifyrevert.patch deleted file mode 100644 index a0fa251..0000000 --- a/dovecot-2.2.31-notifyrevert.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 64d2efdc4b0bdf92249840e9db89b91c8dc0f3a3 Mon Sep 17 00:00:00 2001 -From: Timo Sirainen -Date: Sat, 17 Jun 2017 14:38:22 +0300 -Subject: [PATCH] imap: Fix NOTIFY to parse more than just the first - event-group - ---- - src/imap/cmd-notify.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c -index 4c6aad975..94cf103b8 100644 ---- a/src/imap/cmd-notify.c -+++ b/src/imap/cmd-notify.c -@@ -292,10 +292,10 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) - ctx->send_immediate_status = TRUE; - args++; - } -+ for (; args->type != IMAP_ARG_EOL; args++) { -+ if (!imap_arg_get_list(args, &event_group)) -+ return -1; - -- if (!imap_arg_get_list(args, &event_group)) -- return -1; -- for (; event_group->type != IMAP_ARG_EOL; event_group++) { - /* filter-mailboxes */ - if (!imap_arg_get_atom(event_group, &filter_mailboxes)) - return -1; diff --git a/dovecot.spec b/dovecot.spec index 774e8e9..a0e0e31 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.31 +Version: 2.2.32 %global prever %{nil} -Release: 3%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.19 +%global pigeonholever 0.4.20 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -33,7 +33,6 @@ Patch7: dovecot-2.2.13-online.patch Patch8: dovecot-2.2.20-initbysystemd.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch -Patch10: dovecot-2.2.31-notifyrevert.patch Source15: prestartscript @@ -131,7 +130,6 @@ This package provides the development files for dovecot. %patch7 -p1 -b .online %patch8 -p1 -b .initbysystemd %patch9 -p1 -b .systemd_w_protectsystem -%patch10 -p1 -b .notifyrevert #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd @@ -492,6 +490,38 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 +- pigeonhole updated to 0.4.20 +- Made the retention period for redirect duplicate identifiers + configurable. Changed the default retention period from 24 to 12 hours. +- sieve-filter: Fixed memory leak: forgot to clean up script binary at + end of execution +- managesieve-login: Fixed handling of AUTHENTICATE command. A second + authenticate command would be parsed wrong. + +* Fri Aug 25 2017 Michal Hlavinka - 1:2.2.32-1 +- dovecot updated to 2.2.32 +- Modseq tracking didn't always work correctly. This could have caused + imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to + not work perfectly. +- mdbox: "Inconsistency in map index" wasn't fixed automatically +- dict-ldap: %variable values used in the LDAP filter weren't escaped. +- quota=count: quota_warning = -storage=.. was never executed (try #2). +- imapc: >= 32 kB mail bodies were supposed to be cached for subsequent + FETCHes, but weren't. +- quota-status service didn't support recipient_delimiter +- acl: Don't access dovecot-acl-list files with acl_globals_only=yes +- mail_location: If INDEX dir is set, mailbox deletion deletes its + childrens' indexes. +- director: v2.2.31 caused rapid reconnection loops to directors + that were down. + +* Wed Aug 02 2017 Fedora Release Engineering - 1:2.2.31-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1:2.2.31-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Tue Jul 11 2017 Michal Hlavinka - 1:2.2.31-3 - enable tcpwrap support (#1450587) diff --git a/sources b/sources index ebcda8b..3825a8c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.31.tar.gz) = 071797e260a75de9117b03c0fa9d903de82b1f1c039c2aece2d7313587e6673c49174bfce17b80fe3f3725fcbc42ed3a1bd1f1c22efef5bc016752277eff3266 -SHA512 (dovecot-2.2-pigeonhole-0.4.19.tar.gz) = c1211a3c65b25995770309c427ec5cd888ddb962f2f64884640163b492a11ffa8937aac1eb66d25e48f0e00131da1cc98c1cb307781576780de47b8816333ff1 +SHA512 (dovecot-2.2.32.tar.gz) = a26ce763fdea7d72ff9801d3b7d57a1f0d00278e4a1aa60d1be070fe5a6d2c6a15f266a519119492bee7a3e7a6b7d0732e9879e5c5841adbab8c0952cd1b7c7c +SHA512 (dovecot-2.2-pigeonhole-0.4.20.tar.gz) = 84a28842be206e05cb96c07cf1c1b62c9c378ba4c952caa47cf79a44b9428e076f4182eadd9c4fb8f45d3605b881f91e8e520c41705017ac4039240d4bcace39 From ab58147f8cba2a70ed7cbd1cfc21bdca09f18099 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 24 Oct 2017 12:33:45 +0200 Subject: [PATCH 13/13] dovecot updated to 2.2.33.2 doveadm: Fix crash in proxying (or dsync replication) if remote is running older than v2.2.33 auth: Fix memory leak in %{ldap_dn} dict-sql: Fix data types to work correctly with Cassandra --- .gitignore | 3 +++ dovecot.spec | 38 +++++++++++++++++++++++++++++++++++--- sources | 4 ++-- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index fcc1ff0..2472335 100644 --- a/.gitignore +++ b/.gitignore @@ -117,3 +117,6 @@ pigeonhole-snap0592366457df.tar.bz2 /dovecot-2.2-pigeonhole-0.4.19.tar.gz /dovecot-2.2.32.tar.gz /dovecot-2.2-pigeonhole-0.4.20.tar.gz +/dovecot-2.2.33.1.tar.gz +/dovecot-2.2-pigeonhole-0.4.21.tar.gz +/dovecot-2.2.33.2.tar.gz diff --git a/dovecot.spec b/dovecot.spec index a0e0e31..6f11de1 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.32 +Version: 2.2.33.2 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.20 +%global pigeonholever 0.4.21 Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz Source9: dovecot.sysconfig Source10: dovecot.tmpfilesd @@ -490,6 +490,38 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Oct 24 2017 Michal Hlavinka - 1:2.2.33.2-1 +- dovecot updated to 2.2.33.2 +- doveadm: Fix crash in proxying (or dsync replication) if remote is + running older than v2.2.33 +- auth: Fix memory leak in %%{ldap_dn} +- dict-sql: Fix data types to work correctly with Cassandra + +* Wed Oct 18 2017 Michal Hlavinka - 1:2.2.33.1-1 +- dovecot updated to 2.2.33.1, pigeonhole updated to +- Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals +- sdbox: Mails were always opened when expunging, unless + mail_attachment_fs was explicitly set to empty. +- lmtp/doveadm proxy: hostip passdb field was ignored, which caused + unnecessary DNS lookups if host field wasn't an IP +- lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO +- quota_clone: Update also when quota is unlimited (broken in v2.2.31) +- mbox, zlib: Fix assert-crash when accessing compressed mbox +- doveadm director kick -f parameter didn't work +- doveadm director flush resulted flushing all hosts, if + wasn't an IP address. +- director: Various fixes to handling backend/director changes at + abnormal times, especially while ring was unsynced. +- director: Use less CPU in imap-login processes when moving/kicking + many users. +- lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs + when lmtp_rcpt_check_quota=yes +- LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A + missing LDAP-based script could cause the script sequence to exit earlier. +- sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name + conversion. This caused problems with mailbox names containing UTF-8 + characters. + * Mon Aug 28 2017 Michal Hlavinka - 1:2.2.32-2 - pigeonhole updated to 0.4.20 - Made the retention period for redirect duplicate identifiers diff --git a/sources b/sources index 3825a8c..7e35512 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dovecot-2.2.32.tar.gz) = a26ce763fdea7d72ff9801d3b7d57a1f0d00278e4a1aa60d1be070fe5a6d2c6a15f266a519119492bee7a3e7a6b7d0732e9879e5c5841adbab8c0952cd1b7c7c -SHA512 (dovecot-2.2-pigeonhole-0.4.20.tar.gz) = 84a28842be206e05cb96c07cf1c1b62c9c378ba4c952caa47cf79a44b9428e076f4182eadd9c4fb8f45d3605b881f91e8e520c41705017ac4039240d4bcace39 +SHA512 (dovecot-2.2.33.2.tar.gz) = 028910a4d02b1630f1ada4d1c45fcc3ea2057969db7078a78d46e2a578b4dceaf8be0ac8de4a613b4890019e721871f2d366ec651db658da4cc72977d3e09931 +SHA512 (dovecot-2.2-pigeonhole-0.4.21.tar.gz) = 4751f449ede1b05173c706b414ebf9f7f670ff78589ce6f0b687c32c9abe6dae8b3064ed1b20e893d9ec0147b0139ce479e1d74ebe94747c33f2d8ca177912de