Commit Graph

511 Commits

Author SHA1 Message Date
Fedora Release Engineering
4439c8a833 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 21:05:11 +00:00
Michal Hlavinka
b920232ea6 fix spec file condition 2021-06-23 11:32:21 +02:00
Michal Hlavinka
2e3cc75314 fix FTBFS 2021-06-23 09:58:10 +02:00
Michal Hlavinka
f838a05fb9 dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
  JWT tokens. This may be used to supply attacker controlled keys to
  validate tokens, if attacker has local access.
CVE-2021-33515: On-path attacker could have injected plaintext commands
  before STARTTLS negotiation that would be executed after STARTTLS
  finished with the client.
Add TSLv1.3 support to min_protocols.
Allow configuring ssl_cipher_suites. (for TLSv1.3+)
2021-06-21 23:25:54 +02:00
Pete Walter
9e2964f1dd Rebuild for ICU 69 2021-05-20 00:58:00 +01:00
Pete Walter
ec859bf9de Rebuild for ICU 69 2021-05-19 16:45:17 +01:00
Jeff Law
4345d3c47b Re-enable LTO 2021-05-10 12:08:39 -06:00
Michal Hlavinka
25d565523c dovecot updated to 2.3.14, pigeonhole to 0.5.14
use OpenSSL's implementation of HMAC
Remove autocreate, expire, snarf and mail-filter plugins.
Remove cydir storage driver.
Remove XZ/LZMA write support. Read support will be removed in future release.
2021-03-22 21:06:01 +01:00
Michal Hlavinka
8550d54fac do not use own implementation of HMAC, use OpenSSL 2021-03-22 19:30:17 +01:00
Pavel Raiskup
abd5abe3b4 rebuild for libpq ABI fix
Related: rhbz#1908268
2021-02-08 09:24:17 +01:00
Michal Hlavinka
886a96b230 use make macros 2021-02-01 13:51:01 +01:00
Fedora Release Engineering
06d34fe3ea - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 03:42:56 +00:00
Michal Hlavinka
2860368c09 fix multilib issues 2021-01-18 14:33:47 +01:00
Michal Hlavinka
abd275bba1 bump release and rebuild 2021-01-18 13:57:17 +01:00
Michal Hlavinka
f1771ed0fa fix rundir location 2021-01-07 18:28:31 +01:00
Michal Hlavinka
cc81c97592 fix release number 2021-01-06 14:01:36 +01:00
Michal Hlavinka
e1b1e2910c fix patch 2021-01-06 11:43:31 +01:00
Michal Hlavinka
432e04624d dovecot updated to 2.3.13, pigeonhole to 0.5.13
CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
  allow logged in user to access other people's emails and filesystem
  information.
Metric filter and global event filter variable syntax changed to a
  SQL-like format.
auth: Added new aliases for %{variables}. Usage of the old ones is
  possible, but discouraged.
auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
  mechanism and related password schemes.
auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
auth: Removed postfix postmap socket
2021-01-06 11:29:46 +01:00
Michal Hlavinka
f8f94ccbdf dovecot updated to 2.3.13, pigeonhole to 0.5.13
CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
  allow logged in user to access other people's emails and filesystem
  information.
Metric filter and global event filter variable syntax changed to a
  SQL-like format.
auth: Added new aliases for %{variables}. Usage of the old ones is
  possible, but discouraged.
auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
  mechanism and related password schemes.
auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
auth: Removed postfix postmap socket
2021-01-04 19:46:26 +01:00
Michal Hlavinka
5e0f363767 change run directory from /var/run to /run (#1777922) 2021-01-04 10:18:56 +01:00
Tom Stellard
b73f4c06b0 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2020-12-17 04:42:04 +00:00
Michal Hlavinka
4ca072df4d enable zstd support 2020-10-20 15:39:01 +02:00
pgfed
e93cbad322 Update dovecot.spec 2020-10-19 20:12:58 +00:00
Michal Hlavinka
29ed947aae fix gssapi issue 2020-09-02 11:58:34 +02:00
Michal Hlavinka
98f6723298 fix FTBFS on 32bit systems 2020-08-26 19:06:39 +02:00
Jeff Law
b50f4be969 Disable LTO for now 2020-08-17 14:52:59 -06:00
Michal Hlavinka
8f461376e7 CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
  stack memory.
CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
  message buffer size, which leads to reading past allocation which can
  lead to crash.
CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.
CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
  zero-length message, which leads to assert-crash later on.
2020-08-15 18:22:04 +02:00
Fedora Release Engineering
b5c6b67b96 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-08-01 00:40:29 +00:00
Fedora Release Engineering
1d11ef9e94 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 15:41:53 +00:00
Troy Dawson
9aea43c6d8 spec file cleanup 2020-07-16 06:53:01 -07:00
Michal Hlavinka
4e11662dbe dovecot updated to 2.3.10.1
fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957
2020-05-18 18:12:36 +02:00
Michal Hlavinka
64b3f1c790 dovecot updated to 2.3.10, pigeonhole updated to 0.5.10 2020-04-21 19:12:22 +02:00
Michal Hlavinka
1040ee253b dovecot updated to 2.3.9.3
fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS
      submission-login and lmtp processes.
fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
2020-02-12 15:16:26 +01:00
Fedora Release Engineering
adf9e045a9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 16:12:26 +00:00
Michal Hlavinka
fc993dbf7d fix permissions of ghost files 2020-01-09 15:31:55 +01:00
Michal Hlavinka
deb9d38bed CVE-2019-19722: Mails with group addresses in From or To fields
caused crash in push notification drivers.
2019-12-19 15:17:08 +01:00
Michal Hlavinka
29bbb4096a dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 2019-12-05 18:10:32 +01:00
Michal Hlavinka
71a430ba9d dovecot updated to 2.3.8, pigeonhole 0.5.8 2019-10-10 13:59:30 +02:00
Michal Hlavinka
2a068bb479 add more buildrequires 2019-10-10 13:04:27 +02:00
Michal Hlavinka
c4e66bf297 dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
  when scanning data in quoted strings, leading to out of bounds heap
  memory writes
2019-08-29 09:44:35 +02:00
Michal Hlavinka
581436bcf3 dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1 2019-08-19 15:25:24 +02:00
Fedora Release Engineering
3797f0a352 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 22:19:32 +00:00
Michal Hlavinka
4f0fa7c121 disable gcc 9 stack reuse temporarily 2019-05-31 12:42:18 +02:00
Michal Hlavinka
b242522b1e use /run instead of /var/run (#1706372) 2019-05-13 16:15:48 +02:00
Michal Hlavinka
82caf4b446 dovecot updated to 2.3.6, pigeonhole updated to 0.5.6 2019-05-02 13:49:42 +02:00
Michal Hlavinka
e9463061ff dovecot updated to 2.3.5.2
fixes CVE-2019-10691: Trying to login with 8bit username containing
  invalid UTF8 input causes auth process to crash if auth policy is enabled.
2019-04-18 14:45:08 +02:00
Michal Hlavinka
b9ba0bbcd9 dovecot updated to 2.3.5.1
CVE-2019-7524: Missing input buffer size validation leads into
  arbitrary buffer overflow when reading fts or pop3 uidl header
  from Dovecot index.
2019-03-28 14:56:50 +01:00
Michal Hlavinka
04058156dc dovecot updated to 2.3.5, pigeonhole updated to 0.5.5 2019-03-06 15:41:52 +01:00
Fedora Release Engineering
436dc795a1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 17:32:20 +00:00
Igor Gnatenko
b41067db5b Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:59 +01:00