dovecot updated to 2.3.8, pigeonhole 0.5.8

fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes

dovecot-2.2.20-initbysystemd.patch

@@ -13,7 +13,7 @@ diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dove
 +if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
 +then\
 +  SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
-+fi;\
++fi'
 +
 diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in
 --- dovecot-2.3.0.1/dovecot.service.in.initbysystemd	2018-03-01 10:38:22.060716016 +0100

dovecot.spec

@@ -3,18 +3,17 @@
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
-Version: 2.3.2.1
+Version: 2.3.8
 %global prever %{nil}
-Release: 3%{?dist}
+Release: 1%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
-Group: System Environment/Daemons
 
 URL: http://www.dovecot.org/
 Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
 Source1: dovecot.init
 Source2: dovecot.pam
-%global pigeonholever 0.5.2
+%global pigeonholever 0.5.8
 Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
 Source9: dovecot.sysconfig
 Source10: dovecot.tmpfilesd
@@ -39,7 +38,7 @@ Source15: prestartscript
 BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
 BuildRequires: libtool, autoconf, automake, pkgconfig
 BuildRequires: sqlite-devel
-BuildRequires: postgresql-devel
+BuildRequires: libpq-devel
 %if %{?fedora}0 < 280
 BuildRequires: mysql-devel
 BuildRequires: tcp_wrappers-devel
@@ -51,6 +50,10 @@ BuildRequires: openldap-devel
 BuildRequires: krb5-devel
 BuildRequires: quota-devel
 BuildRequires: xz-devel
+BuildRequires: lz4-devel
+BuildRequires: libsodium-devel
+BuildRequires: libexttextcat-devel
+BuildRequires: libstemmer-devel
 
 # gettext-devel is needed for running autoconf because of the
 # presence of AM_ICONV
@@ -87,7 +90,7 @@ BuildRequires: curl-devel expat-devel
 BuildRequires: libcurl-devel expat-devel
 %endif
 
-%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install
+%global restart_flag /run/%{name}/%{name}-restart-after-rpm-install
 
 %description
 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security 
@@ -99,7 +102,6 @@ The SQL drivers and authentication plug-ins are in their subpackages.
 %package pigeonhole
 Requires: %{name} = %{epoch}:%{version}-%{release}
 Summary: Sieve and managesieve plug-in for dovecot
-Group: System Environment/Daemons
 License: MIT and LGPLv2
 
 %description pigeonhole
@@ -108,21 +110,18 @@ This package provides sieve and managesieve plug-in for dovecot LDA.
 %package pgsql
 Requires: %{name} = %{epoch}:%{version}-%{release}
 Summary: Postgres SQL back end for dovecot
-Group: System Environment/Daemons
 %description pgsql
 This package provides the Postgres SQL back end for dovecot-auth etc.
 
 %package mysql
 Requires: %{name} = %{epoch}:%{version}-%{release}
 Summary: MySQL back end for dovecot
-Group: System Environment/Daemons
 %description mysql
 This package provides the MySQL back end for dovecot-auth etc.
 
 %package devel
 Requires: %{name} = %{epoch}:%{version}-%{release}
 Summary: Development files for dovecot
-Group: Development/Libraries
 %description devel
 This package provides the development files for dovecot.
 
@@ -134,7 +133,7 @@ This package provides the development files for dovecot.
 %patch6 -p1 -b .waitonline
 %patch8 -p1 -b .initbysystemd
 %patch9 -p1 -b .systemd_w_protectsystem
-%patch10 -p1 -b .libxcrypt
+#%patch10 -p1 -b .libxcrypt
 
 #pushd dovecot-2*3-pigeonhole-%{pigeonholever}
 #popd
@@ -143,7 +142,7 @@ sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src
 %build
 #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules
 %global _hardened_build 1
-export CFLAGS="%{__global_cflags} -fno-strict-aliasing"
+export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"
 export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
 # el6 autoconf too old to regen; use packaged files (#1082384)
 %if %{?fedora}00%{?rhel} > 6
@@ -245,7 +244,7 @@ install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot
 install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot
 %endif
 
-mkdir -p $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login}
+mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login}
 
 # Install dovecot configuration and dovecot-openssl.cnf
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
@@ -302,11 +301,11 @@ then
 %endif
 fi
 
-install -d -m 0755 -g dovecot -d /var/run/dovecot
-install -d -m 0755 -d /var/run/dovecot/empty
-install -d -m 0750 -g dovenull -d /var/run/dovecot/login
-install -d -m 0755 -g dovenull -d /var/run/dovecot/token-login
-[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot
+install -d -m 0755 -g dovecot -d /run/dovecot
+install -d -m 0755 -d /run/dovecot/empty
+install -d -m 0750 -g dovenull -d /run/dovecot/login
+install -d -m 0755 -g dovenull -d /run/dovecot/token-login
+[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot
 
 %preun
 if [ $1 = 0 ]; then
@@ -317,7 +316,7 @@ if [ $1 = 0 ]; then
     /sbin/service %{name} stop > /dev/null 2>&1
     /sbin/chkconfig --del %{name}
 %endif
-    rm -rf /var/run/dovecot
+    rm -rf /run/dovecot
 fi
 
 %postun
@@ -440,7 +439,7 @@ make check
 %{_libexecdir}/%{name}
 %exclude %{_libexecdir}/%{name}/managesieve*
 
-%ghost /var/run/dovecot
+%ghost /run/dovecot
 %attr(0750,dovecot,dovecot) /var/lib/dovecot
 
 %{_datadir}/%{name}
@@ -497,6 +496,65 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Thu Oct 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
+- dovecot updated to 2.3.8, pigeonhole 0.5.8
+
+* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.7.2-1
+- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
+- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
+  when scanning data in quoted strings, leading to out of bounds heap
+  memory writes
+
+* Mon Aug 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:1-2.3.7.1
+- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri May 31 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-3
+- disable gcc 9 stack reuse temporarily
+
+* Mon May 13 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-2
+- use /run instead of /var/run (#1706372)
+
+* Thu May 02 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-1
+- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6
+
+* Thu Apr 18 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.2-1
+- dovecot updated to 2.3.5.2
+- fixes CVE-2019-10691: Trying to login with 8bit username containing
+  invalid UTF8 input causes auth process to crash if auth policy is enabled.
+
+* Thu Mar 28 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.1-1
+- dovecot updated to 2.3.5.1
+- CVE-2019-7524: Missing input buffer size validation leads into
+  arbitrary buffer overflow when reading fts or pop3 uidl header
+  from Dovecot index.
+
+* Wed Mar 06 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5-1
+- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:2.3.4-2
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Wed Jan 09 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.4-1
+- dovecot updated to 2.3.4, pigeonhole updated to 0.5.4
+
+* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.3-1
+- dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3
+- doveconf hides more secrets now in the default output
+- NUL bytes in mail headers can cause truncated replies when fetched. 
+- virtual plugin: Some searches used 100% CPU for many seconds 
+- dsync assert-crashed with acl plugin in some situations. 
+- imapc: Fixed various assert-crashes when reconnecting to server. 
+
+
+* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-4
+- fix dovecot-init service syntax error (#1635017)
+
 * Mon Aug 13 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-3
 - do not try to generate ssl-params as its obsolete (#1614640)
 

dovecot.tmpfilesd

@@ -1,2 +1,2 @@
-d /var/run/dovecot 0755 root dovecot -
+d /run/dovecot 0755 root dovecot -
 

sources

@@ -1,2 +1,2 @@
-SHA512 (dovecot-2.3.2.1.tar.gz) = c085a0d04925485423086736a3c7d919ad0ca9efeff005890382da5333edb68c7d23ccb89fbe2ac44f8f016fc993bf2c669e450794c3ab13463676cbb47c7bf7
-SHA512 (dovecot-2.3-pigeonhole-0.5.2.tar.gz) = 6bc24d9241f94db795a012346d9bc94b5cc7d7ce0175c03213c2b5d179d80dec95e9bdbd50bed628c8f9f7c51639e692ba5e429212a3b4a654c1e4764ac4f11c
+SHA512 (dovecot-2.3.8.tar.gz) = f62439e2ea77ffb544a7752c07085582c5653c64671cb42dd7a7e5aa69eb87059c677aa1fa071efa1ddd2287ab621e9a264ec115be2aeb2f43ab4c685411eae3
+SHA512 (dovecot-2.3-pigeonhole-0.5.8.tar.gz) = ddf009c755cc87c362ddf1c17ac1403b0f6a504b039efef3244f2d5bd4d3963fb25baaaa4d98c089b3e8bddd4675d131765fee5499d9aaf01015e44f7d631d2d