Commit Graph

401 Commits

Author SHA1 Message Date
Michal Hlavinka
64b3f1c790 dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 2020-04-21 19:12:22 +02:00
Michal Hlavinka
1040ee253b dovecot updated to 2.3.9.3
fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS
      submission-login and lmtp processes.
fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
2020-02-12 15:16:26 +01:00
Fedora Release Engineering
adf9e045a9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 16:12:26 +00:00
Michal Hlavinka
fc993dbf7d fix permissions of ghost files 2020-01-09 15:31:55 +01:00
Michal Hlavinka
deb9d38bed CVE-2019-19722: Mails with group addresses in From or To fields
caused crash in push notification drivers.
2019-12-19 15:17:08 +01:00
Michal Hlavinka
29bbb4096a dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 2019-12-05 18:10:32 +01:00
Michal Hlavinka
71a430ba9d dovecot updated to 2.3.8, pigeonhole 0.5.8 2019-10-10 13:59:30 +02:00
Michal Hlavinka
2a068bb479 add more buildrequires 2019-10-10 13:04:27 +02:00
Michal Hlavinka
c4e66bf297 dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes
2019-08-29 09:44:35 +02:00
Michal Hlavinka
581436bcf3 dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 2019-08-19 15:25:24 +02:00
Fedora Release Engineering
3797f0a352 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 22:19:32 +00:00
Michal Hlavinka
4f0fa7c121 disable gcc 9 stack reuse temporarily 2019-05-31 12:42:18 +02:00
Michal Hlavinka
b242522b1e use /run instead of /var/run (#1706372) 2019-05-13 16:15:48 +02:00
Michal Hlavinka
82caf4b446 dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 2019-05-02 13:49:42 +02:00
Michal Hlavinka
e9463061ff dovecot updated to 2.3.5.2
fixes CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is enabled.
2019-04-18 14:45:08 +02:00
Michal Hlavinka
b9ba0bbcd9 dovecot updated to 2.3.5.1
CVE-2019-7524: Missing input buffer size validation leads into
  arbitrary buffer overflow when reading fts or pop3 uidl header
  from Dovecot index.
2019-03-28 14:56:50 +01:00
Michal Hlavinka
04058156dc dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 2019-03-06 15:41:52 +01:00
Fedora Release Engineering
436dc795a1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 17:32:20 +00:00
Igor Gnatenko
b41067db5b Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:59 +01:00
Björn Esser
751cddedc2
Rebuilt for libcrypt.so.2 (#1666033) 2019-01-14 19:00:28 +01:00
Michal Hlavinka
d111f39fa0 fix tests 2019-01-09 17:46:45 +01:00
Michal Hlavinka
aa4c0451e3 dovecot updated to 2.3.4, pigeonhole updated to 0.5.4 2019-01-09 17:09:09 +01:00
Michal Hlavinka
6d73939b5f dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3
doveconf hides more secrets now in the default output
NUL bytes in mail headers can cause truncated replies when fetched.
virtual plugin: Some searches used 100% CPU for many seconds
dsync assert-crashed with acl plugin in some situations.
imapc: Fixed various assert-crashes when reconnecting to server.
2018-10-02 10:41:13 +02:00
Michal Hlavinka
ac25631e92 fix dovecot-init service syntax error (#1635017) 2018-10-02 10:36:12 +02:00
Pavel Raiskup
571d3e074e BuildRequires: s/postgresql-devel/libpq-devel/
That's because we moved libpq.so.5 into libpq package.

Related: rhbz#1618698, rhbz#1623764
2018-09-05 15:07:12 +02:00
Michal Hlavinka
0813442466 do not try to generate ssl-params as its obsolete (#1614640) 2018-08-13 17:51:07 +02:00
Fedora Release Engineering
97ed87d151 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 23:06:07 +00:00
Michal Hlavinka
5cdfe068e4 SSL/TLS servers may have crashed during client disconnection 2018-07-10 09:19:54 +02:00
Michal Hlavinka
d8aa10f515 add compression test suite assert crash fix 2018-07-09 14:03:21 +02:00
Michal Hlavinka
b6cdfb140c dovecot updated to 2.3.2, pigeonhole to 0.5.2 2018-07-09 12:09:49 +02:00
Michal Hlavinka
f874d6b553 fix typo and add c++ BR 2018-04-19 16:20:52 +02:00
Michal Hlavinka
8a7475f62a fix ftbfs - murmurhash3 check fail 2018-03-28 16:20:45 +02:00
Michal Hlavinka
4e81ae6930 dovecot updated to 2.3.1, pigeonhole updated to 0.5.1 2018-03-28 10:43:59 +02:00
Michal Hlavinka
233f79dabd use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520) 2018-03-27 12:40:22 +02:00
Michal Hlavinka
6f1094ca9f add gcc buildrequire 2018-03-21 17:17:24 +01:00
Michal Hlavinka
88a20bf4a4 dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1 2018-03-01 14:04:22 +01:00
Igor Gnatenko
203deaf4c3
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:04:23 +01:00
Fedora Release Engineering
971df43302 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 07:14:22 +00:00
Björn Esser
2cb29a2a44
Rebuilt for switch to libxcrypt 2018-01-20 23:06:40 +01:00
Michal Hlavinka
70e36f28d3 remove tcp_wrappers on Fedora 28 and later (#1518761)
use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624)
2018-01-08 13:40:19 +01:00
Michal Hlavinka
a061dc525c dovecot updated to 2.2.33.2
doveadm: Fix crash in proxying (or dsync replication) if remote is
  running older than v2.2.33
auth: Fix memory leak in %{ldap_dn}
dict-sql: Fix data types to work correctly with Cassandra
2017-10-24 10:51:09 +02:00
Michal Hlavinka
184d8e3feb dovecot updated to 2.2.33.1, pigeonhole updated to
Added %{if}, see https://wiki2.dovecot.org/Variables#Conditionals
sdbox: Mails were always opened when expunging, unless
  mail_attachment_fs was explicitly set to empty.
lmtp/doveadm proxy: hostip passdb field was ignored, which caused
  unnecessary DNS lookups if host field wasn't an IP
lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO
quota_clone: Update also when quota is unlimited (broken in v2.2.31)
mbox, zlib: Fix assert-crash when accessing compressed mbox
doveadm director kick -f parameter didn't work
doveadm director flush <host> resulted flushing all hosts, if <host>
  wasn't an IP address.
director: Various fixes to handling backend/director changes at
   abnormal times, especially while ring was unsynced.
director: Use less CPU in imap-login processes when moving/kicking
  many users.
lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs
  when lmtp_rcpt_check_quota=yes
LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts. A
  missing LDAP-based script could cause the script sequence to exit earlier.
sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name
  conversion. This caused problems with mailbox names containing UTF-8
  characters.
2017-10-18 14:41:24 +02:00
Michal Hlavinka
e0034abe1a pigeonhole updated to 0.4.20
Made the retention period for redirect duplicate identifiers
  configurable. Changed the default retention period from 24 to 12 hours.
sieve-filter: Fixed memory leak: forgot to clean up script binary at
  end of execution
managesieve-login: Fixed handling of AUTHENTICATE command. A second
  authenticate command would be parsed wrong.
2017-08-28 14:26:57 +02:00
Michal Hlavinka
2d992c6f39 dovecot updated to 2.2.32
Modseq tracking didn't always work correctly. This could have caused
  imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to
  not work perfectly.
mdbox: "Inconsistency in map index" wasn't fixed automatically
dict-ldap: %variable values used in the LDAP filter weren't escaped.
quota=count: quota_warning = -storage=.. was never executed (try #2).
imapc: >= 32 kB mail bodies were supposed to be cached for subsequent
  FETCHes, but weren't.
quota-status service didn't support recipient_delimiter
acl: Don't access dovecot-acl-list files with acl_globals_only=yes
mail_location: If INDEX dir is set, mailbox deletion deletes its
  childrens' indexes.
director: v2.2.31 caused rapid reconnection loops to directors
  that were down.
2017-08-25 09:50:33 +02:00
Fedora Release Engineering
45577f1282 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 19:44:38 +00:00
Fedora Release Engineering
ade4ef471e - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 06:30:36 +00:00
Michal Hlavinka
bcee2255b9 enable tcpwrap support (#1450587) 2017-07-11 15:20:28 +02:00
Michal Hlavinka
4d309a7ae2 revert commit breaking NOTIFY support 2017-07-04 09:22:38 +02:00
Michal Hlavinka
7d2c75b7dc dovecot updated to 2.2.31
Various fixes to handling mailbox listing. Especially related to
  handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
Global ACL file was parsed as if it was local ACL file. This caused
  some of the ACL rule interactions to not work exactly as intended.
Using mail_sort_max_read_count may have caused very high CPU usage.
Message address parsing could have crashed on invalid input.
imapc_features=fetch-headers wasn't always working correctly and
  caused the full header to be fetched.
imapc: Various bugfixes related to connection failure handling.
quota=count: quota_warning = -storage=.. was never executed
quota=count: Add support for "ns" parameter
dsync: Fix incremental syncing for mails that don't have Date or
  Message-ID headers.
imap: Fix hang when client sends pipelined SEARCH +
  EXPUNGE/CLOSE/LOGOUT.
oauth2: Token validation didn't accept empty server responses.
imap: NOTIFY command has been almost completely broken since the
  beginning.
pigeonhole updated to 0.4.19
Fixed bug in handling of implicit keep in some cases.
include extension: Fixed segfault that (sometimes) occurred when the
  global script location was left unconfigured.
2017-06-27 10:38:30 +02:00
Michal Hlavinka
e20207d373 dovecot updated to 2.2.30.2
auth: Multiple failed authentications within short time caused crashes
push-notification: OX driver crashed at deinit
2017-06-08 15:25:06 +02:00