director: Login UNIX sockets were normally detected as doveadm or
director ring sockets, causing it to break in existing installations. - sdbox: When copying a mail in alt storage, place the destination to alt storage as well.
This commit is contained in:
Michal Hlavinka
parent
51f4fff5f1
commit
407352a4eb
3
.gitignore
vendored
3
.gitignore
vendored
@ -86,3 +86,6 @@ pigeonhole-snap0592366457df.tar.bz2
|
||||
/pigeonhole-snapded0c5a467aa.tar.bz2
|
||||
/dovecot-2.2-pigeonhole-0.4.6.tar.gz
|
||||
/dovecot-2.2.16.tar.gz
|
||||
/dovecot-2.2.17.tar.gz
|
||||
/dovecot-2.2.18.tar.gz
|
||||
/dovecot-2.2-pigeonhole-0.4.7.tar.gz
|
||||
|
||||
@ -1,62 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Timo Sirainen <tss@iki.fi>
|
||||
# Date 1430213224 -7200
|
||||
# Node ID 86f5353757500a8c53aa708282bbdd77ac270011
|
||||
# Parent a2d342257b25e10e7c6c1aaade9e49d22d849c05
|
||||
*-login: Don't try to flush SSL output if SSL handshake fails.
|
||||
This fixes a crash on failed handshakes on some OpenSSL builds.
|
||||
|
||||
diff -r a2d342257b25 -r 86f535375750 src/login-common/ssl-proxy-openssl.c
|
||||
--- a/src/login-common/ssl-proxy-openssl.c Sat Apr 25 12:16:07 2015 +0300
|
||||
+++ b/src/login-common/ssl-proxy-openssl.c Tue Apr 28 11:27:04 2015 +0200
|
||||
@@ -80,6 +80,7 @@
|
||||
unsigned int cert_broken:1;
|
||||
unsigned int client_proxy:1;
|
||||
unsigned int flushing:1;
|
||||
+ unsigned int failed:1;
|
||||
};
|
||||
|
||||
struct ssl_parameters {
|
||||
@@ -131,6 +132,12 @@
|
||||
static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
|
||||
#endif
|
||||
|
||||
+static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
|
||||
+{
|
||||
+ proxy->failed = TRUE;
|
||||
+ ssl_proxy_destroy(proxy);
|
||||
+}
|
||||
+
|
||||
static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
|
||||
{
|
||||
unsigned int i, g, h = 0;
|
||||
@@ -462,7 +469,7 @@
|
||||
|
||||
if (errstr != NULL) {
|
||||
proxy->last_error = i_strdup(errstr);
|
||||
- ssl_proxy_destroy(proxy);
|
||||
+ ssl_proxy_destroy_failed(proxy);
|
||||
}
|
||||
ssl_proxy_unref(proxy);
|
||||
}
|
||||
@@ -492,7 +499,7 @@
|
||||
|
||||
if (proxy->handshake_callback != NULL) {
|
||||
if (proxy->handshake_callback(proxy->handshake_context) < 0)
|
||||
- ssl_proxy_destroy(proxy);
|
||||
+ ssl_proxy_destroy_failed(proxy);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -822,7 +829,8 @@
|
||||
if (proxy->destroyed || proxy->flushing)
|
||||
return;
|
||||
proxy->flushing = TRUE;
|
||||
- ssl_proxy_flush(proxy);
|
||||
+ if (!proxy->failed && proxy->handshaked)
|
||||
+ ssl_proxy_flush(proxy);
|
||||
proxy->destroyed = TRUE;
|
||||
|
||||
ssl_proxy_count--;
|
||||
|
||||
31
dovecot.spec
31
dovecot.spec
@ -3,9 +3,9 @@
|
||||
Summary: Secure imap and pop3 server
|
||||
Name: dovecot
|
||||
Epoch: 1
|
||||
Version: 2.2.16
|
||||
Version: 2.2.18
|
||||
%global prever %{nil}
|
||||
Release: 2%{?dist}
|
||||
Release: 1%{?dist}
|
||||
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
|
||||
License: MIT and LGPLv2
|
||||
Group: System Environment/Daemons
|
||||
@ -14,7 +14,7 @@ URL: http://www.dovecot.org/
|
||||
Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz
|
||||
Source1: dovecot.init
|
||||
Source2: dovecot.pam
|
||||
%global pigeonholever 0.4.6
|
||||
%global pigeonholever 0.4.7
|
||||
Source8: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz
|
||||
#wget http://hg.rename-it.nl/dovecot-2.2-pigeonhole/archive/%{pigeonholever}.tar.bz2 -O dovecot-2.2-pigeonhole-%{pigeonholever}.tar.bz2
|
||||
#Source8: dovecot-2.2-pigeonhole-%{pigeonholever}.tar.bz2
|
||||
@ -37,9 +37,6 @@ Patch5: dovecot-2.1-privatetmp.patch
|
||||
Patch6: dovecot-2.1.10-waitonline.patch
|
||||
Patch7: dovecot-2.2.13-online.patch
|
||||
|
||||
# for dovecot <= 2.2.16, rhbz#1216057
|
||||
Patch8: dovecot-2.1.6-86f535375750.patch
|
||||
|
||||
Source15: prestartscript
|
||||
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
@ -136,7 +133,6 @@ This package provides the development files for dovecot.
|
||||
%patch5 -p1 -b .privatetmp
|
||||
%patch6 -p1 -b .waitonline
|
||||
%patch7 -p1 -b .online
|
||||
%patch8 -p1 -b .86f535375750
|
||||
#pushd dovecot-2*2-pigeonhole-%{pigeonholever}
|
||||
#popd
|
||||
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
|
||||
@ -496,6 +492,27 @@ make check
|
||||
%{_libdir}/%{name}/dict/libdriver_pgsql.so
|
||||
|
||||
%changelog
|
||||
* Fri May 15 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.18-1
|
||||
- director: Login UNIX sockets were normally detected as doveadm or
|
||||
director ring sockets, causing it to break in existing installations.
|
||||
- sdbox: When copying a mail in alt storage, place the destination to
|
||||
alt storage as well.
|
||||
|
||||
* Thu May 14 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.17-1
|
||||
- dovecot updated to 2.2.17
|
||||
- pigeonhole updated to 0.4.7
|
||||
- auth: If auth_master_user_separator was set, auth process could be
|
||||
crashed by trying to log in with empty master username.
|
||||
- imap-login, pop3-login: Fixed crash on handshake failures with new
|
||||
OpenSSL versions (v1.0.2) when SSLv3 was disabled.
|
||||
- auth: If one passdb fails allow_nets check, it shouldn't have failed
|
||||
all the other passdb checks later on.
|
||||
- imap: Server METADATA couldn't be accessed
|
||||
- imapc: Fixed \Muted label handling in gmail-migration.
|
||||
- imapc: Various bugfixes and improvements.
|
||||
- Trash plugin fixes by Alexei Gradinari
|
||||
- mbox: Fixed crash/corruption in some situations
|
||||
|
||||
* Tue Apr 28 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.16-2
|
||||
- fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user