Fixed crash in auth process when auth-policy was configured and

authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
  the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing
  "Missing middle file seq=.." to be logged and index rebuild.
  This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This
  is because 3 bytes per email were being wasted that could have been
  used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input
  (e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected
  inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different
  quota roots.
- search: Multiple sequence sets or UID sets in search parameters
  weren't handled correctly. They were incorrectly merged together.

.gitignore

@@ -105,3 +105,4 @@ pigeonhole-snap0592366457df.tar.bz2
 /dovecot-2.2.25.tar.gz
 /dovecot-2.2.26.0.tar.gz
 /dovecot-2.2-pigeonhole-0.4.16.tar.gz
+/dovecot-2.2.27.tar.gz

dovecot-1.0.rc7-mkcert-paths.patch

@@ -1,8 +1,9 @@
---- dovecot-1.0.rc7/doc/mkcert.sh.mkcert-paths	2006-10-04 11:34:46.000000000 +0200
-+++ dovecot-1.0.rc7/doc/mkcert.sh	2006-10-04 11:35:31.000000000 +0200
-@@ -4,8 +4,8 @@
- # Edit dovecot-openssl.cnf before running this.
+diff -up dovecot-2.2.27/doc/mkcert.sh.mkcert-paths dovecot-2.2.27/doc/mkcert.sh
+--- dovecot-2.2.27/doc/mkcert.sh.mkcert-paths	2016-12-05 10:26:07.913515286 +0100
++++ dovecot-2.2.27/doc/mkcert.sh	2016-12-05 10:28:25.439634417 +0100
+@@ -5,8 +5,8 @@
  
+ umask 077
  OPENSSL=${OPENSSL-openssl}
 -SSLDIR=${SSLDIR-/etc/ssl}
 -OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}

dovecot-2.2.26-CVE-2016-8652a.patch

@@ -1,28 +0,0 @@
-From 1f2c35da2b96905bec6e45f88af0f33ee63789e6 Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@dovecot.fi>
-Date: Wed, 23 Nov 2016 13:16:19 +0200
-Subject: [PATCH] auth: Fix auth-policy crash when username is NULL
-
-If SASL request is invalid, or incomplete, and username
-is left NULL, handle it gracefully by adding just
-NUL byte in auth policy digest for username.
----
- src/auth/auth-policy.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c
-index c7faa3c..86b31f1 100755
---- a/src/auth/auth-policy.c
-+++ b/src/auth/auth-policy.c
-@@ -442,7 +442,10 @@ void auth_policy_create_json(struct policy_lookup_ctx *context,
- 		context->set->policy_hash_nonce,
- 		strlen(context->set->policy_hash_nonce));
- 	/* use +1 to make sure \0 gets included */
--	digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
-+	if (context->request->user == NULL)
-+		digest->loop(ctx, "\0", 1);
-+	else
-+		digest->loop(ctx, context->request->user, strlen(context->request->user) + 1);
- 	if (password != NULL)
- 		digest->loop(ctx, password, strlen(password));
- 	ptr = (unsigned char*)str_c_modifiable(buffer);

dovecot-2.2.26-CVE-2016-8652b.patch

@@ -1,64 +0,0 @@
-From 2c3f37672277b1f73f84722802aaa0ab1ab3e413 Mon Sep 17 00:00:00 2001
-From: Timo Sirainen <timo.sirainen@dovecot.fi>
-Date: Wed, 23 Nov 2016 15:57:03 +0200
-Subject: [PATCH] auth: Don't crash expanding %variables when username isn't
- set.
-
-This continues the auth-policy fix in
-c3d3faa4f72a676e183f34be960cff13a5a725ae
----
- src/auth/auth-request-var-expand.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c
-index 4f256c0..a04a4d9 100644
---- a/src/auth/auth-request-var-expand.c
-+++ b/src/auth/auth-request-var-expand.c
-@@ -72,7 +72,7 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
- 	const unsigned int auth_count =
- 		N_ELEMENTS(auth_request_var_expand_static_tab);
- 	struct var_expand_table *tab, *ret_tab;
--	const char *orig_user, *auth_user;
-+	const char *orig_user, *auth_user, *username;
- 
- 	if (escape_func == NULL)
- 		escape_func = escape_none;
-@@ -87,10 +87,11 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
- 	memcpy(tab, auth_request_var_expand_static_tab,
- 	       auth_count * sizeof(*tab));
- 
--	tab[0].value = escape_func(auth_request->user, auth_request);
--	tab[1].value = escape_func(t_strcut(auth_request->user, '@'),
-+	username = auth_request->user != NULL ? auth_request->user : "";
-+	tab[0].value = escape_func(username, auth_request);
-+	tab[1].value = escape_func(t_strcut(username, '@'),
- 				   auth_request);
--	tab[2].value = strchr(auth_request->user, '@');
-+	tab[2].value = strchr(username, '@');
- 	if (tab[2].value != NULL)
- 		tab[2].value = escape_func(tab[2].value+1, auth_request);
- 	tab[3].value = escape_func(auth_request->service, auth_request);
-@@ -138,12 +139,12 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
- 		tab[20].value = net_ip2addr(&auth_request->real_remote_ip);
- 	tab[21].value = dec2str(auth_request->real_local_port);
- 	tab[22].value = dec2str(auth_request->real_remote_port);
--	tab[23].value = strchr(auth_request->user, '@');
-+	tab[23].value = strchr(username, '@');
- 	if (tab[23].value != NULL) {
- 		tab[23].value = escape_func(t_strcut(tab[23].value+1, '@'),
- 					    auth_request);
- 	}
--	tab[24].value = strrchr(auth_request->user, '@');
-+	tab[24].value = strrchr(username, '@');
- 	if (tab[24].value != NULL)
- 		tab[24].value = escape_func(tab[24].value+1, auth_request);
- 	tab[25].value = auth_request->master_user == NULL ? NULL :
-@@ -152,7 +153,7 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
- 		dec2str(auth_request->session_pid);
- 
- 	orig_user = auth_request->original_username != NULL ?
--		auth_request->original_username : auth_request->user;
-+		auth_request->original_username : username;
- 	tab[27].value = escape_func(orig_user, auth_request);
- 	tab[28].value = escape_func(t_strcut(orig_user, '@'), auth_request);
- 	tab[29].value = strchr(orig_user, '@');

dovecot.spec

@@ -3,9 +3,9 @@
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
-Version: 2.2.26.0
+Version: 2.2.27
 %global prever %{nil}
-Release: 2%{?dist}
+Release: 1%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
 Group: System Environment/Daemons
@@ -34,10 +34,6 @@ Patch7: dovecot-2.2.13-online.patch
 Patch8: dovecot-2.2.20-initbysystemd.patch
 Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
 
-# 2x from upstream, for dovecot < 2.2.27, rhbz#1401025
-Patch10: dovecot-2.2.26-CVE-2016-8652a.patch
-Patch11: dovecot-2.2.26-CVE-2016-8652b.patch
-
 Source15: prestartscript
 
 BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
@@ -133,8 +129,6 @@ This package provides the development files for dovecot.
 %patch7 -p1 -b .online
 %patch8 -p1 -b .initbysystemd
 %patch9 -p1 -b .systemd_w_protectsystem
-%patch10 -p1 -b .CVE-2016-8652a
-%patch11 -p1 -b .CVE-2016-8652b
 #pushd dovecot-2*2-pigeonhole-%{pigeonholever}
 #popd
 sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
@@ -146,6 +140,7 @@ export CFLAGS="%{__global_cflags} -fno-strict-aliasing"
 export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
 # el6 autoconf too old to regen; use packaged files (#1082384)
 %if %{?fedora}00%{?rhel} > 6
+mkdir -p m4
 autoreconf -I . -fiv #required for aarch64 support
 %endif
 %configure                       \
@@ -424,6 +419,8 @@ make check
 %{_libdir}/dovecot/libdriver_sqlite.so
 %{_libdir}/dovecot/libssl_iostream_openssl.so
 %{_libdir}/dovecot/libfs_compress.so
+%{_libdir}/dovecot/libfs_crypt.so
+%{_libdir}/dovecot/libfs_mail_crypt.so
 %{_libdir}/dovecot/libdcrypt_openssl.so
 %dir %{_libdir}/dovecot/settings
 
@@ -487,6 +484,30 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Mon Dec 05 2016 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.27-1
+- Fixed crash in auth process when auth-policy was configured and
+  authentication was aborted/failed without a username set.
+- director: If two users had different tags but the same hash,
+  the users may have been redirected to the wrong tag's hosts.
+- Index files may have been thought incorrectly lost, causing
+  "Missing middle file seq=.." to be logged and index rebuild.
+  This happened more easily with IMAP hibernation enabled.
+- Various fixes to restoring state correctly in un-hibernation.
+- dovecot.index files were commonly 4 bytes per email too large. This
+  is because 3 bytes per email were being wasted that could have been
+  used for IMAP keywords.
+- Various fixes to handle dovecot.list.index corruption better.
+- lib-fts: Fixed assert-crash in address tokenizer with specific input.
+- Fixed assert-crash in HTML to text parsing with specific input
+  (e.g. for FTS indexing or snippet generation)
+- doveadm sync -1: Fixed handling mailbox GUID conflicts.
+- sdbox, mdbox: Perform full index rebuild if corruption is detected
+  inside lib-index, which runs index fsck.
+- quota: Don't skip quota checks when moving mails between different
+  quota roots.
+- search: Multiple sequence sets or UID sets in search parameters
+  weren't handled correctly. They were incorrectly merged together.
+
 * Fri Dec 02 2016 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.26.0-2
 - fix remote crash when auth-policy component is activated (CVE-2016-8652,#1401025)
 

sources

@@ -1,2 +1,2 @@
-85bc42328de41d1eb8d6d3f1db666db8  dovecot-2.2.26.0.tar.gz
+20133518f5bc0e64dd07ce55b83df2fb  dovecot-2.2.27.tar.gz
 e03eed707b39cffc4b2a82867de45d9c  dovecot-2.2-pigeonhole-0.4.16.tar.gz