Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/dovecot.git#e1b1e2910c24597e944961e71806d71f60f16b2d
This commit is contained in:
DistroBaker 2021-01-06 12:21:51 +00:00
parent 68b9de8c8e
commit b0939d59a8
6 changed files with 60 additions and 62 deletions

View File

@ -1,15 +0,0 @@
diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
index cf05370035..0a030a2be0 100644
--- a/src/auth/test-mech.c
+++ b/src/auth/test-mech.c
@@ -196,8 +196,8 @@ test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_
{
string_t *apop_challenge = t_str_new(128);
- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(),
- connect_uid, process_start_time+10);
+ str_printfa(apop_challenge,"<%lx.%lx.%"PRIxTIME_T".", (unsigned long)getpid(),
+ (unsigned long)connect_uid, process_start_time+10);
str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26);
*len_r = apop_challenge->used;
return apop_challenge->data;

View File

@ -1,22 +0,0 @@
diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
index 0a030a2be0..0a22ff46d0 100644
--- a/src/auth/test-mech.c
+++ b/src/auth/test-mech.c
@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct auth_request *request,
}
static inline const unsigned char *
-test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r)
+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r)
{
string_t *apop_challenge = t_str_new(128);
@@ -323,7 +323,7 @@ static void test_mechs(void)
struct test_case *test_case = &tests[running_test];
const struct mech_module *mech = test_case->mech;
struct auth_request *request;
- const char *testname = t_strdup_printf("auth mech %s %d/%lu",
+ const char *testname = t_strdup_printf("auth mech %s %d/%zu",
mech->mech_name,
running_test+1,
N_ELEMENTS(tests));

View File

@ -1,13 +0,0 @@
diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
index f29e48da88..966273d388 100644
--- a/src/auth/mech-gssapi.c
+++ b/src/auth/mech-gssapi.c
@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request)
const struct mech_module mech_gssapi = {
"GSSAPI",
- .flags = 0,
+ .flags = MECH_SEC_ALLOW_NULS,
.passdb_need = MECH_PASSDB_NEED_NOTHING,
mech_gssapi_auth_new,

View File

@ -0,0 +1,36 @@
diff -up dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec dovecot-2.3.13/src/lib/test-time-util.c
--- dovecot-2.3.13/src/lib/test-time-util.c.bigtvsec 2021-01-06 11:27:06.793315308 +0100
+++ dovecot-2.3.13/src/lib/test-time-util.c 2021-01-06 11:27:06.815315088 +0100
@@ -358,7 +358,7 @@ static void test_str_to_timeval(void)
{
struct {
const char *str;
- unsigned int tv_sec, tv_usec;
+ long int tv_sec, tv_usec;
} tests[] = {
{ "0", 0, 0 },
{ "0.0", 0, 0 },
diff -up dovecot-2.3.13/src/lib/time-util.c.bigtvsec dovecot-2.3.13/src/lib/time-util.c
--- dovecot-2.3.13/src/lib/time-util.c.bigtvsec 2021-01-06 11:10:49.791094852 +0100
+++ dovecot-2.3.13/src/lib/time-util.c 2021-01-06 11:10:08.255501319 +0100
@@ -43,16 +43,16 @@ int timeval_cmp_margin(const struct time
if (tv1->tv_sec < tv2->tv_sec) {
sec_margin = ((int)usec_margin / 1000000) + 1;
- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin)
+ if (((long long)tv2->tv_sec - tv1->tv_sec) > sec_margin)
return -1;
- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL +
+ usecs_diff = ((long long)tv2->tv_sec - tv1->tv_sec) * 1000000LL +
(tv2->tv_usec - tv1->tv_usec);
ret = -1;
} else if (tv1->tv_sec > tv2->tv_sec) {
sec_margin = ((int)usec_margin / 1000000) + 1;
- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin)
+ if (((long long)tv1->tv_sec - tv2->tv_sec) > sec_margin)
return 1;
- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL +
+ usecs_diff = ((long long)tv1->tv_sec - tv2->tv_sec) * 1000000LL +
(tv1->tv_usec - tv2->tv_usec);
ret = 1;
} else if (tv1->tv_usec < tv2->tv_usec) {

View File

@ -3,9 +3,9 @@
Summary: Secure imap and pop3 server Summary: Secure imap and pop3 server
Name: dovecot Name: dovecot
Epoch: 1 Epoch: 1
Version: 2.3.11.3 Version: 2.3.13
%global prever %{nil} %global prever %{nil}
Release: 7%{?dist} Release: %{?dist}
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
License: MIT and LGPLv2 License: MIT and LGPLv2
@ -13,7 +13,7 @@ URL: http://www.dovecot.org/
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
Source1: dovecot.init Source1: dovecot.init
Source2: dovecot.pam Source2: dovecot.pam
%global pigeonholever 0.5.11 %global pigeonholever 0.5.13
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
Source9: dovecot.sysconfig Source9: dovecot.sysconfig
Source10: dovecot.tmpfilesd Source10: dovecot.tmpfilesd
@ -32,10 +32,8 @@ Patch6: dovecot-2.1.10-waitonline.patch
Patch8: dovecot-2.2.20-initbysystemd.patch Patch8: dovecot-2.2.20-initbysystemd.patch
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
Patch10: dovecot-2.3.0.1-libxcrypt.patch Patch10: dovecot-2.3.0.1-libxcrypt.patch
Patch12: dovecot-2.3.11.3-ftbfs1.patch
Patch13: dovecot-2.3.11.3-ftbfs2.patch
Patch14: dovecot-2.3.11.3-gssapi.patch
Patch15: dovecot-2.3.11-bigkey.patch Patch15: dovecot-2.3.11-bigkey.patch
Patch16: dovecot-2.3.13-bigtvsec.patch
Source15: prestartscript Source15: prestartscript
@ -121,10 +119,11 @@ This package provides the development files for dovecot.
%patch8 -p1 -b .initbysystemd %patch8 -p1 -b .initbysystemd
%patch9 -p1 -b .systemd_w_protectsystem %patch9 -p1 -b .systemd_w_protectsystem
#%patch10 -p1 -b .libxcrypt #%patch10 -p1 -b .libxcrypt
%patch12 -p1 -b .ftbfs1 #patch12 -p1 -b .ftbfs1
%patch13 -p1 -b .ftbfs2 #patch13 -p1 -b .ftbfs2
%patch14 -p1 -b .gssapi #patch14 -p1 -b .gssapi
%patch15 -p1 -b .bigkey %patch15 -p1 -b .bigkey
%patch16 -p1 -b .bigtvsec
#pushd dovecot-2*3-pigeonhole-%{pigeonholever} #pushd dovecot-2*3-pigeonhole-%{pigeonholever}
#popd #popd
@ -346,7 +345,6 @@ make check
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-vpopmail.conf.ext
%config(noreplace) %{_sysconfdir}/pam.d/dovecot %config(noreplace) %{_sysconfdir}/pam.d/dovecot
%config(noreplace) %{ssldir}/dovecot-openssl.cnf %config(noreplace) %{ssldir}/dovecot-openssl.cnf
@ -449,6 +447,20 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so %{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog %changelog
* Mon Jan 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:
- dovecot updated to 2.3.13, pigeonhole to 0.5.13
- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
- Metric filter and global event filter variable syntax changed to a
SQL-like format.
- auth: Added new aliases for %{variables}. Usage of the old ones is
possible, but discouraged.
- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
mechanism and related password schemes.
- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
- auth: Removed postfix postmap socket
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7 * Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7
- change run directory from /var/run to /run (#1777922) - change run directory from /var/run to /run (#1777922)

View File

@ -1,2 +1,2 @@
SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb SHA512 (dovecot-2.3.13.tar.gz) = 758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95
SHA512 (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 793d93edc50192c52654e2f7244d3e01aaa4e69f786e3ecfcd658a4ab26a5099cc5319cb93221150db4ce94bc4515ffb38115b1d0eeb6e052b956efec680b33d SHA512 (dovecot-2.3-pigeonhole-0.5.13.tar.gz) = fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3