Commit Graph

505 Commits

Author SHA1 Message Date
Jeff Law
4345d3c47b Re-enable LTO 2021-05-10 12:08:39 -06:00
Michal Hlavinka
25d565523c dovecot updated to 2.3.14, pigeonhole to 0.5.14
use OpenSSL's implementation of HMAC
Remove autocreate, expire, snarf and mail-filter plugins.
Remove cydir storage driver.
Remove XZ/LZMA write support. Read support will be removed in future release.
2021-03-22 21:06:01 +01:00
Michal Hlavinka
8550d54fac do not use own implementation of HMAC, use OpenSSL 2021-03-22 19:30:17 +01:00
Pavel Raiskup
abd5abe3b4 rebuild for libpq ABI fix
Related: rhbz#1908268
2021-02-08 09:24:17 +01:00
Michal Hlavinka
886a96b230 use make macros 2021-02-01 13:51:01 +01:00
Fedora Release Engineering
06d34fe3ea - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 03:42:56 +00:00
Michal Hlavinka
2860368c09 fix multilib issues 2021-01-18 14:33:47 +01:00
Michal Hlavinka
abd275bba1 bump release and rebuild 2021-01-18 13:57:17 +01:00
Michal Hlavinka
f1771ed0fa fix rundir location 2021-01-07 18:28:31 +01:00
Michal Hlavinka
cc81c97592 fix release number 2021-01-06 14:01:36 +01:00
Michal Hlavinka
e1b1e2910c fix patch 2021-01-06 11:43:31 +01:00
Michal Hlavinka
432e04624d dovecot updated to 2.3.13, pigeonhole to 0.5.13
CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
  allow logged in user to access other people's emails and filesystem
  information.
Metric filter and global event filter variable syntax changed to a
  SQL-like format.
auth: Added new aliases for %{variables}. Usage of the old ones is
  possible, but discouraged.
auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
  mechanism and related password schemes.
auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
auth: Removed postfix postmap socket
2021-01-06 11:29:46 +01:00
Michal Hlavinka
f8f94ccbdf dovecot updated to 2.3.13, pigeonhole to 0.5.13
CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
  allow logged in user to access other people's emails and filesystem
  information.
Metric filter and global event filter variable syntax changed to a
  SQL-like format.
auth: Added new aliases for %{variables}. Usage of the old ones is
  possible, but discouraged.
auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
  mechanism and related password schemes.
auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
auth: Removed postfix postmap socket
2021-01-04 19:46:26 +01:00
Michal Hlavinka
5e0f363767 change run directory from /var/run to /run (#1777922) 2021-01-04 10:18:56 +01:00
Tom Stellard
b73f4c06b0 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2020-12-17 04:42:04 +00:00
Michal Hlavinka
4ca072df4d enable zstd support 2020-10-20 15:39:01 +02:00
pgfed
e93cbad322 Update dovecot.spec 2020-10-19 20:12:58 +00:00
Michal Hlavinka
29ed947aae fix gssapi issue 2020-09-02 11:58:34 +02:00
Michal Hlavinka
98f6723298 fix FTBFS on 32bit systems 2020-08-26 19:06:39 +02:00
Jeff Law
b50f4be969 Disable LTO for now 2020-08-17 14:52:59 -06:00
Michal Hlavinka
8f461376e7 CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.
2020-08-15 18:22:04 +02:00
Fedora Release Engineering
b5c6b67b96 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-08-01 00:40:29 +00:00
Fedora Release Engineering
1d11ef9e94 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 15:41:53 +00:00
Troy Dawson
9aea43c6d8 spec file cleanup 2020-07-16 06:53:01 -07:00
Michal Hlavinka
4e11662dbe dovecot updated to 2.3.10.1
fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957
2020-05-18 18:12:36 +02:00
Michal Hlavinka
64b3f1c790 dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 2020-04-21 19:12:22 +02:00
Michal Hlavinka
1040ee253b dovecot updated to 2.3.9.3
fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS
      submission-login and lmtp processes.
fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
2020-02-12 15:16:26 +01:00
Fedora Release Engineering
adf9e045a9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 16:12:26 +00:00
Michal Hlavinka
fc993dbf7d fix permissions of ghost files 2020-01-09 15:31:55 +01:00
Michal Hlavinka
deb9d38bed CVE-2019-19722: Mails with group addresses in From or To fields
caused crash in push notification drivers.
2019-12-19 15:17:08 +01:00
Michal Hlavinka
29bbb4096a dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 2019-12-05 18:10:32 +01:00
Michal Hlavinka
71a430ba9d dovecot updated to 2.3.8, pigeonhole 0.5.8 2019-10-10 13:59:30 +02:00
Michal Hlavinka
2a068bb479 add more buildrequires 2019-10-10 13:04:27 +02:00
Michal Hlavinka
c4e66bf297 dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes
2019-08-29 09:44:35 +02:00
Michal Hlavinka
581436bcf3 dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 2019-08-19 15:25:24 +02:00
Fedora Release Engineering
3797f0a352 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 22:19:32 +00:00
Michal Hlavinka
4f0fa7c121 disable gcc 9 stack reuse temporarily 2019-05-31 12:42:18 +02:00
Michal Hlavinka
b242522b1e use /run instead of /var/run (#1706372) 2019-05-13 16:15:48 +02:00
Michal Hlavinka
82caf4b446 dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 2019-05-02 13:49:42 +02:00
Michal Hlavinka
e9463061ff dovecot updated to 2.3.5.2
fixes CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is enabled.
2019-04-18 14:45:08 +02:00
Michal Hlavinka
b9ba0bbcd9 dovecot updated to 2.3.5.1
CVE-2019-7524: Missing input buffer size validation leads into
  arbitrary buffer overflow when reading fts or pop3 uidl header
  from Dovecot index.
2019-03-28 14:56:50 +01:00
Michal Hlavinka
04058156dc dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 2019-03-06 15:41:52 +01:00
Fedora Release Engineering
436dc795a1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 17:32:20 +00:00
Igor Gnatenko
b41067db5b Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:59 +01:00
Björn Esser
751cddedc2
Rebuilt for libcrypt.so.2 (#1666033) 2019-01-14 19:00:28 +01:00
Michal Hlavinka
d111f39fa0 fix tests 2019-01-09 17:46:45 +01:00
Michal Hlavinka
aa4c0451e3 dovecot updated to 2.3.4, pigeonhole updated to 0.5.4 2019-01-09 17:09:09 +01:00
Michal Hlavinka
6d73939b5f dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3
doveconf hides more secrets now in the default output
NUL bytes in mail headers can cause truncated replies when fetched.
virtual plugin: Some searches used 100% CPU for many seconds
dsync assert-crashed with acl plugin in some situations.
imapc: Fixed various assert-crashes when reconnecting to server.
2018-10-02 10:41:13 +02:00
Michal Hlavinka
ac25631e92 fix dovecot-init service syntax error (#1635017) 2018-10-02 10:36:12 +02:00
Pavel Raiskup
571d3e074e BuildRequires: s/postgresql-devel/libpq-devel/
That's because we moved libpq.so.5 into libpq package.

Related: rhbz#1618698, rhbz#1623764
2018-09-05 15:07:12 +02:00