director: Login UNIX sockets were normally detected as doveadm or

director ring sockets, causing it to break in existing installations. - sdbox: When copying a mail in alt storage, place the destination to alt storage as well.
2015-05-15 15:19:40 +02:00 · 2015-05-15 15:19:40 +02:00 · 407352a4eb
commit 407352a4eb
parent 51f4fff5f1
4 changed files with 29 additions and 71 deletions
--- a/.gitignore
+++ b/.gitignore
@ -86,3 +86,6 @@ pigeonhole-snap0592366457df.tar.bz2
 /pigeonhole-snapded0c5a467aa.tar.bz2
 /dovecot-2.2-pigeonhole-0.4.6.tar.gz
 /dovecot-2.2.16.tar.gz
 /dovecot-2.2.17.tar.gz
 /dovecot-2.2.18.tar.gz
 /dovecot-2.2-pigeonhole-0.4.7.tar.gz
--- a/dovecot-2.1.6-86f535375750.patch
+++ b/dovecot-2.1.6-86f535375750.patch
@ -1,62 +0,0 @@
 # HG changeset patch
 # User Timo Sirainen <tss@iki.fi>
 # Date 1430213224 -7200
 # Node ID 86f5353757500a8c53aa708282bbdd77ac270011
 # Parent  a2d342257b25e10e7c6c1aaade9e49d22d849c05
 *-login: Don't try to flush SSL output if SSL handshake fails.
 This fixes a crash on failed handshakes on some OpenSSL builds.
 diff -r a2d342257b25 -r 86f535375750 src/login-common/ssl-proxy-openssl.c
 --- a/src/login-common/ssl-proxy-openssl.c	Sat Apr 25 12:16:07 2015 +0300
 +++ b/src/login-common/ssl-proxy-openssl.c	Tue Apr 28 11:27:04 2015 +0200
@@ -80,6 +80,7 @@
 	unsigned int cert_broken:1;
 	unsigned int client_proxy:1;
 	unsigned int flushing:1;
 +	unsigned int failed:1;
 };
 struct ssl_parameters {
@@ -131,6 +132,12 @@
 static int ssl_proxy_ctx_get_pkey_ec_curve_name(const struct master_service_ssl_settings *set);
 #endif
 +static void ssl_proxy_destroy_failed(struct ssl_proxy *proxy)
 +{
 +	proxy->failed = TRUE;
 +	ssl_proxy_destroy(proxy);
 +}
 +
 static unsigned int ssl_server_context_hash(const struct ssl_server_context *ctx)
 {
 	unsigned int i, g, h = 0;
@@ -462,7 +469,7 @@
 	if (errstr != NULL) {
 		proxy->last_error = i_strdup(errstr);
 -		ssl_proxy_destroy(proxy);
 +		ssl_proxy_destroy_failed(proxy);
 	}
 	ssl_proxy_unref(proxy);
 }
@@ -492,7 +499,7 @@
 	if (proxy->handshake_callback != NULL) {
 		if (proxy->handshake_callback(proxy->handshake_context) < 0)
 -			ssl_proxy_destroy(proxy);
 +			ssl_proxy_destroy_failed(proxy);
 	}
 }
@@ -822,7 +829,8 @@
 	if (proxy->destroyed || proxy->flushing)
 		return;
 	proxy->flushing = TRUE;
 -	ssl_proxy_flush(proxy);
 +	if (!proxy->failed && proxy->handshaked)
 +		ssl_proxy_flush(proxy);
 	proxy->destroyed = TRUE;
 	ssl_proxy_count--;
--- a/dovecot.spec
+++ b/dovecot.spec
@ -3,9 +3,9 @@
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
-Version: 2.2.16
+Version: 2.2.18
 %global prever %{nil}
-Release: 2%{?dist}
+Release: 1%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
 Group: System Environment/Daemons
@ -14,7 +14,7 @@ URL: http://www.dovecot.org/
 Source: http://www.dovecot.org/releases/2.2/%{name}-%{version}%{?prever}.tar.gz
 Source1: dovecot.init
 Source2: dovecot.pam
-%global pigeonholever 0.4.6
+%global pigeonholever 0.4.7
 Source8: http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-%{pigeonholever}.tar.gz
 #wget http://hg.rename-it.nl/dovecot-2.2-pigeonhole/archive/%{pigeonholever}.tar.bz2 -O dovecot-2.2-pigeonhole-%{pigeonholever}.tar.bz2
 #Source8: dovecot-2.2-pigeonhole-%{pigeonholever}.tar.bz2
@ -37,9 +37,6 @@ Patch5: dovecot-2.1-privatetmp.patch
 Patch6: dovecot-2.1.10-waitonline.patch
 Patch7: dovecot-2.2.13-online.patch
 # for dovecot <= 2.2.16, rhbz#1216057
 Patch8: dovecot-2.1.6-86f535375750.patch
 Source15: prestartscript
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -136,7 +133,6 @@ This package provides the development files for dovecot.
 %patch5 -p1 -b .privatetmp
 %patch6 -p1 -b .waitonline
 %patch7 -p1 -b .online
 %patch8 -p1 -b .86f535375750
 #pushd dovecot-2*2-pigeonhole-%{pigeonholever}
 #popd
 sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
@ -496,6 +492,27 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 %changelog
 * Fri May 15 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.18-1
 - director: Login UNIX sockets were normally detected as doveadm or
  director ring sockets, causing it to break in existing installations.
 - sdbox: When copying a mail in alt storage, place the destination to
  alt storage as well.
 * Thu May 14 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.17-1
 - dovecot updated to 2.2.17
 - pigeonhole updated to 0.4.7
 - auth: If auth_master_user_separator was set, auth process could be
  crashed by trying to log in with empty master username.
 - imap-login, pop3-login: Fixed crash on handshake failures with new
  OpenSSL versions (v1.0.2) when SSLv3 was disabled.
 - auth: If one passdb fails allow_nets check, it shouldn't have failed
  all the other passdb checks later on.
 - imap: Server METADATA couldn't be accessed
 - imapc: Fixed \Muted label handling in gmail-migration.
 - imapc: Various bugfixes and improvements.
 - Trash plugin fixes by Alexei Gradinari
 - mbox: Fixed crash/corruption in some situations
 * Tue Apr 28 2015 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.16-2
 - fix CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-8dba21e817b4239e462d98a925233418  dovecot-2.2.16.tar.gz
+1e42eb3b69544c447ad882d7858f3630  dovecot-2.2.18.tar.gz
-9c41cfda06129ac85700b5ddce809d95  dovecot-2.2-pigeonhole-0.4.6.tar.gz
+a98b6e3b7f73959b17ba661ce6bb8886  dovecot-2.2-pigeonhole-0.4.7.tar.gz
`@ -1,2 +1,2 @@`
	`8dba21e817b4239e462d98a925233418 dovecot-2.2.16.tar.gz`	`1e42eb3b69544c447ad882d7858f3630 dovecot-2.2.18.tar.gz`
	`9c41cfda06129ac85700b5ddce809d95 dovecot-2.2-pigeonhole-0.4.6.tar.gz`	`a98b6e3b7f73959b17ba661ce6bb8886 dovecot-2.2-pigeonhole-0.4.7.tar.gz`