From 5800c29f3d571367bfca48eb3962eee50a4a41a7 Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Wed, 20 May 2026 04:49:47 -0400 Subject: [PATCH] import CS dovecot-2.3.16-18.el9 --- SOURCES/dovecot.tmpfilesd | 1 + SOURCES/prestartscript | 0 SPECS/dovecot.spec | 23 +++++++++++++++-------- 3 files changed, 16 insertions(+), 8 deletions(-) mode change 100755 => 100644 SOURCES/prestartscript diff --git a/SOURCES/dovecot.tmpfilesd b/SOURCES/dovecot.tmpfilesd index d96639a..e46a5ff 100644 --- a/SOURCES/dovecot.tmpfilesd +++ b/SOURCES/dovecot.tmpfilesd @@ -1,2 +1,3 @@ d /run/dovecot 0755 root dovecot - +d /var/lib/dovecot 0750 dovecot dovecot - - diff --git a/SOURCES/prestartscript b/SOURCES/prestartscript old mode 100755 new mode 100644 diff --git a/SPECS/dovecot.spec b/SPECS/dovecot.spec index 8a6059e..d4aa593 100644 --- a/SPECS/dovecot.spec +++ b/SPECS/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.16 %global prever %{nil} -Release: 15%{?dist}.1 +Release: 18%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -73,15 +73,15 @@ Patch28: dovecot-2.3.21.1-CVE-2024-23184.patch # https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch Patch29: dovecot-2.3.21.1-CVE-2024-23185.patch -# from upstream for < 2.4.3, RHEL-161639 +# from upstream for < 2.4.3, RHEL-161640 # https://github.com/dovecot/pigeonhole/commit/54f645225a8a7911d7e16e9d50f170d217b0be95 Patch30: dovecot-2.3-cve-2026-27858.patch -# from upstream for < 2.4.3, RHEL-162287 +# from upstream for < 2.4.3, RHEL-162288 # https://github.com/dovecot/pigeonhole/commit/efb68fac3a9d2d04d38c4ab14dd570cf0c23923c Patch31: dovecot-2.3-cve-2025-59032.patch -# from upstream for < 2.4.3, RHEL-161678 +# from upstream for < 2.4.3, RHEL-161679 # https://github.com/dovecot/core/commit/825bc297f87b856992aa14beac596ec838248210 Patch32: dovecot-2.3-cve-2026-27857p1of5.patch # https://github.com/dovecot/core/commit/d0f67b52914565a35f3817335ab9633cb291513c @@ -551,10 +551,17 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog -* Mon Apr 13 2026 Michal Hlavinka - 1:2.3.16-15.1 -- fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161639) -- fix CVE-2025-59032: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (RHEL-162287) -- fix CVE-2026-27857: denial of service via specially crafted NOOP command (RHEL-161678) +* Mon May 11 2026 Michal Hlavinka - 1:2.3.16-18 +- rebuild + +* Mon May 04 2026 Michal Hlavinka - 1:2.3.16-17 +- fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161640) +- fix CVE-2025-59032: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (RHEL-162288) +- fix CVE-2026-27857: denial of service via specially crafted NOOP command (RHEL-161679) + +* Mon Jan 12 2026 Michal Hlavinka - 1:2.3.16-16 +- add /var/lib/dovecot to tmpfiles for image mode (RHEL-139098) +- fix building with latest openssl (RHEL-140619) * Wed Feb 05 2025 Michal Hlavinka - 1:2.3.16-15 - fix sysusers config file name (RHEL-77322)