From 407352a4ebcd017a6ce505185d9b4c9922c9c436 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Fri, 15 May 2015 15:19:40 +0200 Subject: [PATCH] director: Login UNIX sockets were normally detected as doveadm or director ring sockets, causing it to break in existing installations. - sdbox: When copying a mail in alt storage, place the destination to alt storage as well. --- .gitignore | 3 ++ dovecot-2.1.6-86f535375750.patch | 62 -------------------------------- dovecot.spec | 31 ++++++++++++---- sources | 4 +-- 4 files changed, 29 insertions(+), 71 deletions(-) delete mode 100644 dovecot-2.1.6-86f535375750.patch diff --git a/.gitignore b/.gitignore index c48b855..ae29847 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,6 @@ pigeonhole-snap0592366457df.tar.bz2 /pigeonhole-snapded0c5a467aa.tar.bz2 /dovecot-2.2-pigeonhole-0.4.6.tar.gz /dovecot-2.2.16.tar.gz +/dovecot-2.2.17.tar.gz +/dovecot-2.2.18.tar.gz +/dovecot-2.2-pigeonhole-0.4.7.tar.gz diff --git a/dovecot-2.1.6-86f535375750.patch b/dovecot-2.1.6-86f535375750.patch deleted file mode 100644 index 14a5333..0000000 --- a/dovecot-2.1.6-86f535375750.patch +++ /dev/null @@ -1,62 +0,0 @@ - -# HG changeset patch -# User Timo Sirainen -# Date 1430213224 -7200 -# Node ID 86f5353757500a8c53aa708282bbdd77ac270011 -# Parent a2d342257b25e10e7c6c1aaade9e49d22d849c05 -*-login: Don't try to flush SSL output if SSL handshake fails. -This fixes a crash on failed handshakes on some OpenSSL builds. - -diff -r a2d342257b25 -r 86f535375750 src/login-common/ssl-proxy-openssl.c ---- a/src/login-common/ssl-proxy-openssl.c Sat Apr 25 12:16:07 2015 +0300 -+++ b/src/login-common/ssl-proxy-openssl.c Tue Apr 28 11:27:04 2015 +0200 -@@ -80,6 +80,7 @@ - unsigned int cert_broken:1; - unsigned int client_proxy:1; - unsigned int flushing:1; -+ unsigned int failed:1; - }; - - struct ssl_parameters { -@@ -131,6 +132,12 @@ - static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set); - #endif - -+static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy) -+{ -+ proxy->failed = TRUE; -+ ssl_proxy_destroy(proxy); -+} -+ - static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx) - { - unsigned int i, g, h = 0; -@@ -462,7 +469,7 @@ - - if (errstr != NULL) { - proxy->last_error = i_strdup(errstr); -- ssl_proxy_destroy(proxy); -+ ssl_proxy_destroy_failed(proxy); - } - ssl_proxy_unref(proxy); - } -@@ -492,7 +499,7 @@ - - if (proxy->handshake_callback != NULL) { - if (proxy->handshake_callback(proxy->handshake_context) < 0) -- ssl_proxy_destroy(proxy); -+ ssl_proxy_destroy_failed(proxy); - } - } - -@@ -822,7 +829,8 @@ - if (proxy->destroyed || proxy->flushing) - return; - proxy->flushing = TRUE; -- ssl_proxy_flush(proxy); -+ if (!proxy->failed && proxy->handshaked) -+ ssl_proxy_flush(proxy); - proxy->destroyed = TRUE; - - ssl_proxy_count--; - diff --git a/dovecot.spec b/dovecot.spec index 3977df4..9581dd3 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -3,9 +3,9 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 -Version: 2.2.16 +Version: 2.2.18 %global prever %{nil} -Release: 2%{?dist} +Release: 1%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -14,7 +14,7 @@ URL: http://www.dovecot.org/ Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz Source1: dovecot.init Source2: dovecot.pam -%global pigeonholever 0.4.6 +%global pigeonholever 0.4.7 Source8: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz #wget http://hg.rename-it.nl/dovecot-2.2-pigeonhole/archive/%{pigeonholever}.tar.bz2 -O dovecot-2.2-pigeonhole-%{pigeonholever}.tar.bz2 #Source8: dovecot-2.2-pigeonhole-%{pigeonholever}.tar.bz2 @@ -37,9 +37,6 @@ Patch5: dovecot-2.1-privatetmp.patch Patch6: dovecot-2.1.10-waitonline.patch Patch7: dovecot-2.2.13-online.patch -# for dovecot <= 2.2.16, rhbz#1216057 -Patch8: dovecot-2.1.6-86f535375750.patch - Source15: prestartscript Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -136,7 +133,6 @@ This package provides the development files for dovecot. %patch5 -p1 -b .privatetmp %patch6 -p1 -b .waitonline %patch7 -p1 -b .online -%patch8 -p1 -b .86f535375750 #pushd dovecot-2*2-pigeonhole-%{pigeonholever} #popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -496,6 +492,27 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Fri May 15 2015 Michal Hlavinka - 1:2.2.18-1 +- director: Login UNIX sockets were normally detected as doveadm or + director ring sockets, causing it to break in existing installations. +- sdbox: When copying a mail in alt storage, place the destination to + alt storage as well. + +* Thu May 14 2015 Michal Hlavinka - 1:2.2.17-1 +- dovecot updated to 2.2.17 +- pigeonhole updated to 0.4.7 +- auth: If auth_master_user_separator was set, auth process could be + crashed by trying to log in with empty master username. +- imap-login, pop3-login: Fixed crash on handshake failures with new + OpenSSL versions (v1.0.2) when SSLv3 was disabled. +- auth: If one passdb fails allow_nets check, it shouldn't have failed + all the other passdb checks later on. +- imap: Server METADATA couldn't be accessed +- imapc: Fixed \Muted label handling in gmail-migration. +- imapc: Various bugfixes and improvements. +- Trash plugin fixes by Alexei Gradinari +- mbox: Fixed crash/corruption in some situations + * Tue Apr 28 2015 Michal Hlavinka - 1:2.2.16-2 - fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process diff --git a/sources b/sources index 6836d5e..0cd8e63 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -8dba21e817b4239e462d98a925233418 dovecot-2.2.16.tar.gz -9c41cfda06129ac85700b5ddce809d95 dovecot-2.2-pigeonhole-0.4.6.tar.gz +1e42eb3b69544c447ad882d7858f3630 dovecot-2.2.18.tar.gz +a98b6e3b7f73959b17ba661ce6bb8886 dovecot-2.2-pigeonhole-0.4.7.tar.gz