Compare commits

..

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

11 changed files with 510 additions and 603 deletions

View File

@ -1,7 +1,7 @@
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100 --- dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100 +++ dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf 2021-10-27 11:13:45.666956339 +0200
@@ -165,7 +165,7 @@ namespace inbox { @@ -175,7 +175,7 @@ namespace inbox {
# to make sure that users can't log in as daemons or other system users. # to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't # Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0. # be done even if first_valid_uid is set to 0.
@ -18,9 +18,9 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings
# Maximum time to wait for lock (all of them) before aborting. # Maximum time to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 5 mins #mbox_lock_timeout = 5 mins
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100 --- dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100 +++ dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf 2021-10-27 11:13:02.834533975 +0200
@@ -3,7 +3,9 @@ @@ -3,7 +3,9 @@
## ##
@ -32,7 +32,7 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but # dropping root privileges, so keep the key file unreadable by anyone but
@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem @@ -64,6 +66,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
# To disable non-EC DH, use: # To disable non-EC DH, use:
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

View File

@ -1,13 +0,0 @@
diff -up dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c
--- dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix 2018-09-18 15:00:08.778823903 +0200
+++ dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c 2018-09-18 15:00:08.814823737 +0200
@@ -161,8 +161,7 @@ acl_backend_vfile_object_init(struct acl
T_BEGIN {
if (*name == '\0' ||
mailbox_list_is_valid_name(_backend->list, name, &error)) {
- vname = *name == '\0' ? "" :
- mailbox_list_get_vname(_backend->list, name);
+ vname = mailbox_list_get_vname(_backend->list, name);
dir = acl_backend_vfile_get_local_dir(_backend, name, vname);
aclobj->local_path = dir == NULL ? NULL :

View File

@ -0,0 +1,48 @@
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2024-06-04 09:11:28.514189662 +0200
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2024-06-04 09:18:23.219809778 +0200
@@ -368,11 +368,13 @@ static bool opc_include_dump
return FALSE;
sieve_code_descend(denv);
- sieve_code_dumpf(denv, "script: `%s' from %s %s%s[ID: %d, BLOCK: %d]",
+ sieve_code_dumpf(denv, "script: `%s' from %s %s%s%s[ID: %d, BLOCK: %d]",
sieve_script_name(included->script), sieve_script_location(included->script),
((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""),
((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""),
- include_id, sieve_binary_block_get_id(included->block));
+ (included->block == NULL ? "(missing) " : ""),
+ include_id,
+ (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block)));
return TRUE;
}
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2023-09-14 15:18:26.000000000 +0200
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2024-06-04 09:10:45.187823805 +0200
@@ -693,6 +693,25 @@ int ext_include_execute_include(const st
}
ctx = ext_include_get_interpreter_context(this_ext, renv->interp);
+ if (included->block == NULL) {
+ if ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0) {
+ sieve_runtime_trace(
+ renv, SIEVE_TRLVL_NONE,
+ "include: skipped include for script '%s' "
+ "[inc id: %d, block: NULL]; optional and unavailable",
+ sieve_script_name(included->script),
+ include_id);
+ return result;
+ } else {
+ sieve_runtime_trace(
+ renv, SIEVE_TRLVL_NONE,
+ "include: unavailable script '%s' "
+ "[inc id: %d, block: NULL]",
+ sieve_script_name(included->script),
+ include_id);
+ return SIEVE_EXEC_BIN_CORRUPT;
+ }
+ }
block_id = sieve_binary_block_get_id(included->block);
/* If :once modifier is specified, check for duplicate include */

View File

@ -0,0 +1,12 @@
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 2024-06-03 13:35:24.408858593 +0200
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c 2024-06-03 13:35:24.434858849 +0200
@@ -800,7 +800,7 @@ static bool sieve_file_script_equals
(struct sieve_file_script *)other;
return ( CMP_DEV_T(fscript->st.st_dev, fother->st.st_dev) &&
- fscript->st.st_ino == fother->st.st_ino );
+ fscript->st.st_ino == fother->st.st_ino && (fscript->st.st_ino != 0 || script->location != NULL && other->location != NULL && strcmp(script->location, other->location) == 0));
}
/*

View File

@ -0,0 +1,34 @@
diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c
--- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 18:56:52.573174433 +0200
+++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 18:56:52.585174274 +0200
@@ -73,10 +73,30 @@
2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id
**/
+#if OPENSSL_VERSION_MAJOR == 3
+static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
+{
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
+ EVP_PKEY_set1_EC_KEY(key, eck);
+ EC_KEY_free(eck);
+ return eck;
+}
+
+static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
+{
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
+ EVP_PKEY_set1_EC_KEY(key, eck);
+ return eck;
+}
+
+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3
+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
+#else
#ifndef HAVE_EVP_PKEY_get0
#define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
#define EVP_PKEY_get0_RSA(x) x->pkey.rsa
#endif
+#endif
#ifndef HAVE_OBJ_LENGTH
#define OBJ_length(o) ((o)->length)

View File

@ -0,0 +1,24 @@
diff -up dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
--- dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200
+++ dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200
@@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream
{
struct sieve_dict_script *dscript =
(struct sieve_dict_script *)script;
- const char *path, *name = script->name, *data, *error;
+ const char *path, *name = script->name, *data, *error = NULL;
int ret;
dscript->data_pool =
diff -up dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.15/src/lib-storage/index/index-attribute.c
--- dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond 2021-06-14 15:40:37.000000000 +0200
+++ dovecot-2.3.15/src/lib-storage/index/index-attribute.c 2021-06-21 21:52:22.963171229 +0200
@@ -249,7 +249,7 @@ int index_storage_attribute_get(struct m
struct mail_attribute_value *value_r)
{
struct dict *dict;
- const char *mailbox_prefix, *error;
+ const char *mailbox_prefix, *error = NULL;
int ret;
i_zero(value_r);

View File

@ -0,0 +1,20 @@
diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp
--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr 2021-06-21 22:52:53.272707239 +0200
+++ dovecot-2.3.15/run-test-valgrind.supp 2021-06-21 22:54:19.786668430 +0200
@@ -1,4 +1,16 @@
{
+ <bashagin>
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:make_if_command
+ fun:yyparse
+ fun:parse_command
+ fun:read_command
+ fun:reader_loop
+ fun:main
+}
+{
<bash>
Memcheck:Leak
fun:malloc

View File

@ -1,353 +0,0 @@
diff -up dovecot-2.3.16/configure.ac.keeplzma dovecot-2.3.16/configure.ac
--- dovecot-2.3.16/configure.ac.keeplzma 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.16/configure.ac 2022-02-28 13:58:02.337149927 +0100
@@ -173,7 +173,7 @@ AS_HELP_STRING([--with-bzlib], [Build wi
want_bzlib=auto)
AC_ARG_WITH(lzma,
-AS_HELP_STRING([--with-lzma], [Build with LZMA decompression support (auto)]),
+AS_HELP_STRING([--with-lzma], [Build with LZMA compression support (auto)]),
TEST_WITH(lzma, $withval),
want_lzma=auto)
diff -up dovecot-2.3.16/run-test-valgrind.supp.keeplzma dovecot-2.3.16/run-test-valgrind.supp
--- dovecot-2.3.16/run-test-valgrind.supp.keeplzma 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.16/run-test-valgrind.supp 2022-02-28 13:58:02.337149927 +0100
@@ -5,6 +5,17 @@
obj:*/bash
}
{
+ <liblzma>
+ Memcheck:Cond
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
+ fun:lzma_stream_encoder
+ fun:lzma_easy_encoder
+}
+{
<openssl_centos6_i386_v1_0_1_compression_methods>
Memcheck:Leak
fun:malloc
diff -up dovecot-2.3.16/src/lib-compression/compression.c.keeplzma dovecot-2.3.16/src/lib-compression/compression.c
--- dovecot-2.3.16/src/lib-compression/compression.c.keeplzma 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.16/src/lib-compression/compression.c 2022-02-28 14:22:32.467944396 +0100
@@ -25,6 +25,7 @@
#endif
#ifndef HAVE_LZMA
# define i_stream_create_lzma NULL
+# define o_stream_create_lzma NULL
#endif
#ifndef HAVE_LZ4
# define i_stream_create_lz4 NULL
@@ -216,7 +217,7 @@ const struct compression_handler compres
.ext = ".xz",
.is_compressed = is_compressed_xz,
.create_istream = i_stream_create_lzma,
- .create_ostream = NULL,
+ .create_ostream = o_stream_create_lzma,
.get_min_level = compression_get_min_level_unsupported,
.get_default_level = compression_get_default_level_unsupported,
.get_max_level = compression_get_max_level_unsupported,
diff -up dovecot-2.3.16/src/lib-compression/Makefile.am.keeplzma dovecot-2.3.16/src/lib-compression/Makefile.am
--- dovecot-2.3.16/src/lib-compression/Makefile.am.keeplzma 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.16/src/lib-compression/Makefile.am 2022-02-28 13:58:02.337149927 +0100
@@ -13,6 +13,7 @@ libcompression_la_SOURCES = \
istream-zlib.c \
istream-bzlib.c \
istream-zstd.c \
+ ostream-lzma.c \
ostream-lz4.c \
ostream-zlib.c \
ostream-bzlib.c \
diff -up dovecot-2.3.16/src/lib-compression/ostream-lzma.c.keeplzma dovecot-2.3.16/src/lib-compression/ostream-lzma.c
--- dovecot-2.3.16/src/lib-compression/ostream-lzma.c.keeplzma 2022-02-28 13:58:02.338149934 +0100
+++ dovecot-2.3.16/src/lib-compression/ostream-lzma.c 2022-02-28 13:58:02.338149934 +0100
@@ -0,0 +1,263 @@
+/* Copyright (c) 2010-2018 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+
+#ifdef HAVE_LZMA
+
+#include "ostream-private.h"
+#include "ostream-zlib.h"
+#include <lzma.h>
+
+#define CHUNK_SIZE (1024*64)
+
+struct lzma_ostream {
+ struct ostream_private ostream;
+ lzma_stream strm;
+
+ unsigned char outbuf[CHUNK_SIZE];
+ unsigned int outbuf_offset, outbuf_used;
+
+ bool flushed:1;
+};
+
+static void o_stream_lzma_close(struct iostream_private *stream,
+ bool close_parent)
+{
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
+ i_assert(zstream->ostream.finished ||
+ zstream->ostream.ostream.stream_errno != 0 ||
+ zstream->ostream.error_handling_disabled);
+ lzma_end(&zstream->strm);
+ if (close_parent)
+ o_stream_close(zstream->ostream.parent);
+}
+
+static int o_stream_zlib_send_outbuf(struct lzma_ostream *zstream)
+{
+ ssize_t ret;
+ size_t size;
+
+ if (zstream->outbuf_used == 0)
+ return 1;
+
+ size = zstream->outbuf_used - zstream->outbuf_offset;
+ i_assert(size > 0);
+ ret = o_stream_send(zstream->ostream.parent,
+ zstream->outbuf + zstream->outbuf_offset, size);
+ if (ret < 0) {
+ o_stream_copy_error_from_parent(&zstream->ostream);
+ return -1;
+ }
+ if ((size_t)ret != size) {
+ zstream->outbuf_offset += ret;
+ return 0;
+ }
+ zstream->outbuf_offset = 0;
+ zstream->outbuf_used = 0;
+ return 1;
+}
+
+static ssize_t
+o_stream_lzma_send_chunk(struct lzma_ostream *zstream,
+ const void *data, size_t size)
+{
+ lzma_stream *zs = &zstream->strm;
+ int ret;
+
+ i_assert(zstream->outbuf_used == 0);
+
+ zs->next_in = (void *)data;
+ zs->avail_in = size;
+ while (zs->avail_in > 0) {
+ if (zs->avail_out == 0) {
+ /* previous block was compressed. send it and start
+ compression for a new block. */
+ zs->next_out = zstream->outbuf;
+ zs->avail_out = sizeof(zstream->outbuf);
+
+ zstream->outbuf_used = sizeof(zstream->outbuf);
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) < 0)
+ return -1;
+ if (ret == 0) {
+ /* parent stream's buffer full */
+ break;
+ }
+ }
+
+ ret = lzma_code(zs, LZMA_RUN);
+ switch (ret) {
+ case LZMA_OK:
+ break;
+ case LZMA_MEM_ERROR:
+ i_fatal_status(FATAL_OUTOFMEM,
+ "lzma.write(%s): Out of memory",
+ o_stream_get_name(&zstream->ostream.ostream));
+ default:
+ i_panic("lzma.write(%s) failed with unexpected code %d",
+ o_stream_get_name(&zstream->ostream.ostream), ret);
+ }
+ }
+ size -= zs->avail_in;
+
+ return size;
+}
+
+static int o_stream_lzma_send_flush(struct lzma_ostream *zstream, bool final)
+{
+ lzma_stream *zs = &zstream->strm;
+ size_t len;
+ bool done = FALSE;
+ int ret;
+
+ i_assert(zs->avail_in == 0);
+
+ if (zstream->flushed) {
+ i_assert(zstream->outbuf_used == 0);
+ return 1;
+ }
+
+ if ((ret = o_stream_flush_parent_if_needed(&zstream->ostream)) <= 0)
+ return ret;
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0)
+ return ret;
+
+ if (!final)
+ return 1;
+
+ i_assert(zstream->outbuf_used == 0);
+ do {
+ len = sizeof(zstream->outbuf) - zs->avail_out;
+ if (len != 0) {
+ zs->next_out = zstream->outbuf;
+ zs->avail_out = sizeof(zstream->outbuf);
+
+ zstream->outbuf_used = len;
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0)
+ return ret;
+ if (done)
+ break;
+ }
+ ret = lzma_code(zs, LZMA_FINISH);
+ switch (ret) {
+ case LZMA_OK:
+ /* still unfinished - need to call lzma_code() again */
+ break;
+ case LZMA_STREAM_END:
+ /* output is fully finished */
+ done = TRUE;
+ break;
+ case LZMA_MEM_ERROR:
+ i_fatal_status(FATAL_OUTOFMEM,
+ "lzma.write(%s): Out of memory",
+ o_stream_get_name(&zstream->ostream.ostream));
+ default:
+ i_panic("lzma.write(%s) flush failed with unexpected code %d",
+ o_stream_get_name(&zstream->ostream.ostream), ret);
+ }
+ } while (zs->avail_out != sizeof(zstream->outbuf));
+
+ if (final)
+ zstream->flushed = TRUE;
+ i_assert(zstream->outbuf_used == 0);
+ return 1;
+}
+
+static int o_stream_lzma_flush(struct ostream_private *stream)
+{
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
+ int ret;
+
+ if ((ret = o_stream_lzma_send_flush(zstream, stream->finished)) < 0)
+ return -1;
+ else if (ret > 0)
+ return o_stream_flush_parent(stream);
+ return ret;
+}
+
+static size_t
+o_stream_lzma_get_buffer_used_size(const struct ostream_private *stream)
+{
+ const struct lzma_ostream *zstream =
+ (const struct lzma_ostream *)stream;
+
+ /* outbuf has already compressed data that we're trying to send to the
+ parent stream. We're not including lzma's internal compression
+ buffer size. */
+ return (zstream->outbuf_used - zstream->outbuf_offset) +
+ o_stream_get_buffer_used_size(stream->parent);
+}
+
+static size_t
+o_stream_lzma_get_buffer_avail_size(const struct ostream_private *stream)
+{
+ /* FIXME: not correct - this is counting compressed size, which may be
+ too larger than uncompressed size in some situations. Fixing would
+ require some kind of additional buffering. */
+ return o_stream_get_buffer_avail_size(stream->parent);
+}
+
+static ssize_t
+o_stream_lzma_sendv(struct ostream_private *stream,
+ const struct const_iovec *iov, unsigned int iov_count)
+{
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
+ ssize_t ret, bytes = 0;
+ unsigned int i;
+
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0) {
+ /* error / we still couldn't flush existing data to
+ parent stream. */
+ return ret;
+ }
+
+ for (i = 0; i < iov_count; i++) {
+ ret = o_stream_lzma_send_chunk(zstream, iov[i].iov_base,
+ iov[i].iov_len);
+ if (ret < 0)
+ return -1;
+ bytes += ret;
+ if ((size_t)ret != iov[i].iov_len)
+ break;
+ }
+ stream->ostream.offset += bytes;
+
+ /* avail_in!=0 check is used to detect errors. if it's non-zero here
+ it simply means we didn't send all the data */
+ zstream->strm.avail_in = 0;
+ return bytes;
+}
+
+struct ostream *o_stream_create_lzma(struct ostream *output, int level)
+{
+ struct lzma_ostream *zstream;
+ lzma_ret ret;
+
+ i_assert(level >= 1 && level <= 9);
+
+ zstream = i_new(struct lzma_ostream, 1);
+ zstream->ostream.sendv = o_stream_lzma_sendv;
+ zstream->ostream.flush = o_stream_lzma_flush;
+ zstream->ostream.get_buffer_used_size =
+ o_stream_lzma_get_buffer_used_size;
+ zstream->ostream.get_buffer_avail_size =
+ o_stream_lzma_get_buffer_avail_size;
+ zstream->ostream.iostream.close = o_stream_lzma_close;
+
+ ret = lzma_easy_encoder(&zstream->strm, level, LZMA_CHECK_CRC64);
+ switch (ret) {
+ case LZMA_OK:
+ break;
+ case LZMA_MEM_ERROR:
+ i_fatal_status(FATAL_OUTOFMEM, "lzma: Out of memory");
+ case LZMA_OPTIONS_ERROR:
+ i_fatal("lzma: Invalid level");
+ default:
+ i_fatal("lzma_easy_encoder() failed with %d", ret);
+ }
+
+ zstream->strm.next_out = zstream->outbuf;
+ zstream->strm.avail_out = sizeof(zstream->outbuf);
+ return o_stream_create(&zstream->ostream, output,
+ o_stream_get_fd(output));
+}
+#endif
diff -up dovecot-2.3.16/src/lib-compression/ostream-zlib.h.keeplzma dovecot-2.3.16/src/lib-compression/ostream-zlib.h
--- dovecot-2.3.16/src/lib-compression/ostream-zlib.h.keeplzma 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.16/src/lib-compression/ostream-zlib.h 2022-02-28 13:58:02.338149934 +0100
@@ -4,6 +4,7 @@
struct ostream *o_stream_create_gz(struct ostream *output, int level);
struct ostream *o_stream_create_deflate(struct ostream *output, int level);
struct ostream *o_stream_create_bz2(struct ostream *output, int level);
+struct ostream *o_stream_create_lzma(struct ostream *output, int level);
struct ostream *o_stream_create_lz4(struct ostream *output, int level);
struct ostream *o_stream_create_zstd(struct ostream *output, int level);
diff -up dovecot-2.3.16/src/lib-compression/test-compression.c.keeplzma dovecot-2.3.16/src/lib-compression/test-compression.c
--- dovecot-2.3.16/src/lib-compression/test-compression.c.keeplzma 2021-08-06 11:25:51.000000000 +0200
+++ dovecot-2.3.16/src/lib-compression/test-compression.c 2022-02-28 13:58:02.338149934 +0100
@@ -730,7 +730,6 @@ static void test_compression_int(bool au
for (i = 0; compression_handlers[i].name != NULL; i++) {
if (compression_handlers[i].create_istream != NULL &&
- compression_handlers[i].create_ostream != NULL &&
(!autodetect ||
compression_handlers[i].is_compressed != NULL)) T_BEGIN {
if (compression_handlers[i].is_compressed != NULL &&

9
SOURCES/dovecot.sysusers Normal file
View File

@ -0,0 +1,9 @@
#Type Name ID GECOS Home directory Shell
g dovecot 97
u dovecot 97 "Dovecot IMAP server" /usr/libexec/dovecot /sbin/nologin
m dovecot dovecot
g dovenull -
u dovenull - "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
m dovenull dovenull

View File

@ -1,26 +1,28 @@
%global __provides_exclude_from %{_docdir} %global __provides_exclude_from %{_docdir}
%global __requires_exclude_from %{_docdir} %global __requires_exclude_from %{_docdir}
Summary: Secure imap and pop3 server Summary: Secure imap and pop3 server
Name: dovecot Name: dovecot
Epoch: 1 Epoch: 1
Version: 2.3.16 Version: 2.3.16
%global prever %{nil} %global prever %{nil}
Release: 6%{?dist} Release: 14%{?dist}
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
License: MIT and LGPLv2 License: MIT and LGPLv2
Group: System Environment/Daemons
URL: http://www.dovecot.org/ URL: https://www.dovecot.org/
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
Source1: dovecot.init Source1: dovecot.init
Source2: dovecot.pam Source2: dovecot.pam
%global pigeonholever 0.5.16 %global pigeonholever 0.5.16
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
Source9: dovecot.sysconfig Source9: dovecot.sysconfig
Source10: dovecot.tmpfilesd Source10: dovecot.tmpfilesd
#our own #our own
Source14: dovecot.conf.5 Source14: dovecot.conf.5
Source15: prestartscript
Source16: dovecot.sysusers
# 3x Fedora/RHEL specific # 3x Fedora/RHEL specific
Patch1: dovecot-2.0-defaultconfig.patch Patch1: dovecot-2.0-defaultconfig.patch
@ -32,60 +34,69 @@ Patch6: dovecot-2.1.10-waitonline.patch
Patch8: dovecot-2.2.20-initbysystemd.patch Patch8: dovecot-2.2.20-initbysystemd.patch
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
Patch15: dovecot-2.3.11-bigkey.patch
# sent upstream, rhbz#1630380
Patch11: dovecot-2.2.36-aclfix.patch
Patch13: dovecot-2.2.36-bigkey.patch
# do not use own implementation of HMAC, use OpenSSL for certification purposes # do not use own implementation of HMAC, use OpenSSL for certification purposes
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces # not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
# hard to break circular dependency between lib and lib-dcrypt # hard to break circular dependency between lib and lib-dcrypt
Patch14: dovecot-2.3.6-opensslhmac.patch Patch16: dovecot-2.3.6-opensslhmac.patch
# from upstream, for dovecot < 2.3.17, s390x FTBFS fix Patch17: dovecot-2.3.14-opensslv3.patch
Patch15: dovecot-2.3.16-ftbfsbigend.patch
Patch16: dovecot-2.3.16-keeplzma.patch # FTBFS
Patch18: dovecot-2.3.15-fixvalcond.patch
Patch19: dovecot-2.3.15-valbasherr.patch
Patch20: dovecot-2.3.16-ftbfsbigend.patch
# from upstream, for <= 2.3.19.1, rhbz#2106232 # from upstream, for <= 2.3.19.1, rhbz#2106232
Patch17: dovecot-2.3.19.1-7bad6a24.patch Patch21: dovecot-2.3.19.1-7bad6a24.patch
# from upstream, for < 2.3.19.1, rhbz#2128857 # from upstream, for < 2.3.19.1, rhbz#2128857
Patch18: dovecot-2.3.18-9f300239..4596d399.patch Patch22: dovecot-2.3.18-bdf447e4.patch
Patch19: dovecot-2.3.18-bdf447e4.patch Patch23: dovecot-2.3.18-9f300239..4596d399.patch
# from upstream, for < 2.3.21, RHEL-22854 # from upstream, for < 2.3.21, RHEL-25434
Patch20: dovecot-2.3.16-d7705bc6.patch Patch24: dovecot-2.3.16-d7705bc6.patch
# from upstream for < 2.3.21.1, RHEL-55206 # sent upstream, issue #RHEL-52541
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch Patch25: dovecot-2.3-ph_optglob.patch
Patch21: dovecot-2.3.21.1-CVE-2024-23184.patch Patch26: dovecot-2.3-ph_scriptcmp.patch
# from upstream for < 2.3.21.1, RHEL-55219
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
Patch22: dovecot-2.3.21.1-CVE-2024-23185.patch
# fix test failing due to too long path with all the mock path prefixes # fix test failing due to too long path with all the mock path prefixes
Patch23: dovecot-2.3.21-test-socket-path.patch Patch27: dovecot-2.3.21-test-socket-path.patch
Source15: prestartscript # from upstream for < 2.3.21.1, RHEL-55212
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch
Patch28: dovecot-2.3.21.1-CVE-2024-23184.patch
BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel # from upstream for < 2.3.21.1, RHEL-55224
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
Patch29: dovecot-2.3.21.1-CVE-2024-23185.patch
BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
BuildRequires: libtool, autoconf, automake, pkgconfig BuildRequires: libtool, autoconf, automake, pkgconfig
BuildRequires: sqlite-devel BuildRequires: sqlite-devel
BuildRequires: postgresql-devel BuildRequires: libpq-devel
#BuildRequires: libpq-devel
BuildRequires: mariadb-connector-c-devel BuildRequires: mariadb-connector-c-devel
#BuildRequires: libxcrypt-devel BuildRequires: libxcrypt-devel
BuildRequires: openldap-devel BuildRequires: openldap-devel
BuildRequires: krb5-devel BuildRequires: krb5-devel
BuildRequires: quota-devel BuildRequires: quota-devel
BuildRequires: rpcgen
BuildRequires: xz-devel BuildRequires: xz-devel
BuildRequires: lz4-devel BuildRequires: lz4-devel
BuildRequires: libzstd-devel
%if %{?rhel}0 == 0
BuildRequires: libsodium-devel
%endif
BuildRequires: libicu-devel
BuildRequires: libexttextcat-devel
BuildRequires: libstemmer-devel
BuildRequires: multilib-rpm-config BuildRequires: multilib-rpm-config
#BuildRequires: libsodium-devel BuildRequires: flex, bison
#BuildRequires: libexttextcat-devel BuildRequires: systemd-devel
#BuildRequires: libstemmer-devel # for dovecot.sysusers
BuildRequires: systemd-rpm-macros
# gettext-devel is needed for running autoconf because of the # gettext-devel is needed for running autoconf because of the
# presence of AM_ICONV # presence of AM_ICONV
@ -96,33 +107,19 @@ Requires: openssl >= 0.9.7f-4
# Package includes an initscript service file, needs to require initscripts package # Package includes an initscript service file, needs to require initscripts package
Requires(pre): shadow-utils Requires(pre): shadow-utils
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
Requires: systemd Requires: systemd
Requires(post): systemd-units Requires(post): systemd-units
Requires(preun): systemd-units Requires(preun): systemd-units
Requires(postun): systemd-units Requires(postun): systemd-units
%else
Requires: initscripts
Requires(post): chkconfig
Requires(preun): chkconfig initscripts
Requires(postun): initscripts
%endif
%if %{?fedora}0 > 150 || %{?rhel}0 >60
#clucene in fedora <=15 and rhel<=6 is too old
BuildRequires: clucene-core-devel BuildRequires: clucene-core-devel
%endif
%global ssldir %{_sysconfdir}/pki/%{name} %global ssldir %{_sysconfdir}/pki/%{name}
%if %{?fedora}00%{?rhel} < 6
%global _initddir %{_initrddir}
BuildRequires: curl-devel expat-devel
%else
BuildRequires: libcurl-devel expat-devel BuildRequires: libcurl-devel expat-devel
%endif BuildRequires: make
%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install %global restart_flag /run/%{name}/%{name}-restart-after-rpm-install
%description %description
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
@ -134,7 +131,6 @@ The SQL drivers and authentication plug-ins are in their subpackages.
%package pigeonhole %package pigeonhole
Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name} = %{epoch}:%{version}-%{release}
Summary: Sieve and managesieve plug-in for dovecot Summary: Sieve and managesieve plug-in for dovecot
Group: System Environment/Daemons
License: MIT and LGPLv2 License: MIT and LGPLv2
%description pigeonhole %description pigeonhole
@ -143,48 +139,54 @@ This package provides sieve and managesieve plug-in for dovecot LDA.
%package pgsql %package pgsql
Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name} = %{epoch}:%{version}-%{release}
Summary: Postgres SQL back end for dovecot Summary: Postgres SQL back end for dovecot
Group: System Environment/Daemons
%description pgsql %description pgsql
This package provides the Postgres SQL back end for dovecot-auth etc. This package provides the Postgres SQL back end for dovecot-auth etc.
%package mysql %package mysql
Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name} = %{epoch}:%{version}-%{release}
Summary: MySQL back end for dovecot Summary: MySQL back end for dovecot
Group: System Environment/Daemons
%description mysql %description mysql
This package provides the MySQL back end for dovecot-auth etc. This package provides the MySQL back end for dovecot-auth etc.
%package devel %package devel
Requires: %{name} = %{epoch}:%{version}-%{release} Requires: %{name} = %{epoch}:%{version}-%{release}
Summary: Development files for dovecot Summary: Development files for dovecot
Group: Development/Libraries
%description devel %description devel
This package provides the development files for dovecot. This package provides the development files for dovecot.
%prep %prep
%setup -q -n %{name}-%{version}%{?prever} -a 8 %setup -q -n %{name}-%{version}%{?prever} -a 8
# standardize name, so we don't have to update patches and scripts
mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole
%patch -P 1 -p1 -b .default-settings %patch -P 1 -p1 -b .default-settings
%patch -P 2 -p1 -b .mkcert-permissions %patch -P 2 -p1 -b .mkcert-permissions
%patch -P 3 -p1 -b .mkcert-paths %patch -P 3 -p1 -b .mkcert-paths
%patch -P 6 -p1 -b .waitonline %patch -P 6 -p1 -b .waitonline
%patch -P 8 -p1 -b .initbysystemd %patch -P 8 -p1 -b .initbysystemd
%patch -P 9 -p1 -b .systemd_w_protectsystem %patch -P 9 -p1 -b .systemd_w_protectsystem
%patch -P 11 -p1 -b .aclfix %patch -P 15 -p1 -b .bigkey
%patch -P 13 -p1 -b .bigkey %patch -P 16 -p1 -b .opensslhmac
%patch -P 14 -p1 -b .opensslhmac %patch -P 17 -p1 -b .opensslv3
%patch -P 15 -p1 -b .ftbfsbigend %patch -P 18 -p1 -b .fixvalcond
%patch -P 16 -p1 -b .keeplzma %patch -P 19 -p1 -b .valbasherr
%patch -P 17 -p1 -b .7bad6a24 %patch -P 20 -p1 -b .ftbfsbigend
%patch -P 19 -p1 -b .bdf447e4 %patch -P 21 -p1 -b .7bad6a24
%patch -P 20 -p1 -b .d7705bc6 %patch -P 22 -p1 -b .bdf447e4
%patch -P 21 -p1 -b .CVE-2024-23184 %patch -P 24 -p1 -b .d7705bc6
%patch -P 22 -p1 -b .CVE-2024-23185 %patch -P 25 -p1 -b .ph_optglob
%patch -P 23 -p1 -b .test-socket-path %patch -P 26 -p1 -b .ph_scriptcmp
pushd dovecot-2*3-pigeonhole-%{pigeonholever} %patch -P 27 -p1 -b .test-socket-path
%patch -P 18 -p1 -b .9f300239..4596d399 %patch -P 28 -p1 -b .CVE-2024-23184
%patch -P 29 -p1 -b .CVE-2024-23185
cp run-test-valgrind.supp dovecot-pigeonhole/
# valgrind would fail with shell wrapper
echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude
pushd dovecot-pigeonhole
%patch -P 23 -p1 -b .9f300239..4596d399
popd popd
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
%build %build
@ -192,11 +194,8 @@ sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src
%global _hardened_build 1 %global _hardened_build 1
export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none" export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"
export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
# el6 autoconf too old to regen; use packaged files (#1082384)
%if %{?fedora}00%{?rhel} > 6
mkdir -p m4 mkdir -p m4
autoreconf -I . -fiv #required for aarch64 support autoreconf -I . -fiv #required for aarch64 support
%endif
%configure \ %configure \
INSTALL_DATA="install -c -p -m644" \ INSTALL_DATA="install -c -p -m644" \
--with-rundir=%{_rundir}/%{name} \ --with-rundir=%{_rundir}/%{name} \
@ -214,20 +213,21 @@ autoreconf -I . -fiv #required for aarch64 support
--with-mysql \ --with-mysql \
--with-sqlite \ --with-sqlite \
--with-zlib \ --with-zlib \
--with-zstd \
--with-libcap \ --with-libcap \
--with-icu \
--with-lucene \ --with-lucene \
--with-ssl=openssl \ --with-ssl=openssl \
--with-ssldir=%{ssldir} \ --with-ssldir=%{ssldir} \
--with-solr \ --with-solr \
--with-systemdsystemunitdir=%{_unitdir} \ --with-systemdsystemunitdir=%{_unitdir} \
--with-docs --with-docs
sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf
make %{?_smp_mflags} %make_build
#pigeonhole #pigeonhole
pushd dovecot-2*3-pigeonhole-%{pigeonholever} pushd dovecot-pigeonhole
# required for snapshot # required for snapshot
[ -f configure ] || autoreconf -fiv [ -f configure ] || autoreconf -fiv
@ -239,13 +239,13 @@ pushd dovecot-2*3-pigeonhole-%{pigeonholever}
--with-dovecot=../ \ --with-dovecot=../ \
--without-unfinished-features --without-unfinished-features
make %{?_smp_mflags} %make_build
popd popd
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT %make_install
# move doc dir back to build dir so doc macro in files section can use it # move doc dir back to build dir so doc macro in files section can use it
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall
@ -253,18 +253,14 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/
# fix multilib issues # fix multilib issues
%multilib_fix_c_header --file %{_includedir}/dovecot/config.h %multilib_fix_c_header --file %{_includedir}/dovecot/config.h
pushd dovecot-2*3-pigeonhole-%{pigeonholever} pushd dovecot-pigeonhole
make install DESTDIR=$RPM_BUILD_ROOT %make_install
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
popd popd
%if %{?fedora}00%{?rhel} < 6
sed -i 's|password-auth|system-auth|' %{SOURCE2}
%endif
install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot
#install man pages #install man pages
@ -273,6 +269,8 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5
#install waitonline script #install waitonline script
install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript
install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers
# generate ghost .pem files # generate ghost .pem files
mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs
mkdir -p $RPM_BUILD_ROOT%{ssldir}/private mkdir -p $RPM_BUILD_ROOT%{ssldir}/private
@ -281,14 +279,9 @@ chmod 600 $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem
touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf
%else
install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot
install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot
%endif
mkdir -p $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login} mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login}
# Install dovecot configuration and dovecot-openssl.cnf # Install dovecot configuration and dovecot-openssl.cnf
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
@ -315,83 +308,74 @@ popd
%pre %pre
#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid #dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid
getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot %sysusers_create_compat %{SOURCE16}
getent passwd dovecot >/dev/null || \
useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot
getent group dovenull >/dev/null || groupadd -r dovenull if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
getent passwd dovenull >/dev/null || \ then
useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull # during LEAPP upgrade, services are not running anyway
# do not let dovecot run during upgrade rhbz#134325 # do not let dovecot run during upgrade rhbz#134325
if [ "$1" = "2" ]; then if [ "$1" = "2" ]; then
rm -f %restart_flag rm -f %restart_flag
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
/bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||: /bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:
/bin/systemctl stop %{name}.service >/dev/null 2>&1 /bin/systemctl stop %{name}.service >/dev/null 2>&1
%else fi
/sbin/service %{name} status >/dev/null 2>&1 && touch %restart_flag ||:
/sbin/service %{name} stop >/dev/null 2>&1
%endif
fi fi
%post %post
if [ $1 -eq 1 ] if [ $1 -eq 1 ]
then then
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
%systemd_post dovecot.service %systemd_post dovecot.service
%else
/sbin/chkconfig --add %{name}
%endif
fi fi
install -d -m 0755 -g dovecot -d /var/run/dovecot install -d -m 0755 -g dovecot -d /run/dovecot
install -d -m 0755 -d /var/run/dovecot/empty install -d -m 0755 -d /run/dovecot/empty
install -d -m 0750 -g dovenull -d /var/run/dovecot/login install -d -m 0750 -g dovenull -d /run/dovecot/login
install -d -m 0750 -g dovenull -d /var/run/dovecot/token-login install -d -m 0750 -g dovenull -d /run/dovecot/token-login
[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot ||: [ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot ||:
%preun %preun
if [ $1 = 0 ]; then if [ $1 = 0 ]; then
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
/bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || : /bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || :
/bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || : /bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || :
%else rm -rf /run/dovecot
/sbin/service %{name} stop > /dev/null 2>&1
/sbin/chkconfig --del %{name}
%endif
rm -rf /var/run/dovecot
fi fi
%postun %postun
%if %{?fedora}0 > 140 || %{?rhel}0 > 60 if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
/bin/systemctl daemon-reload >/dev/null 2>&1 || : then
%endif # during LEAPP upgrade, services are not running anyway
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" -a -e %restart_flag ]; then if [ "$1" -ge "1" -a -e %restart_flag ]; then
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
/bin/systemctl start dovecot.service >/dev/null 2>&1 || : /bin/systemctl start dovecot.service >/dev/null 2>&1 || :
%else rm -f %restart_flag
/sbin/service %{name} start >/dev/null 2>&1 || : fi
%endif
rm -f %restart_flag
fi fi
%posttrans %posttrans
# dovecot should be started again in %%postun, but it's not executed on reinstall
# if it was already started, restart_flag won't be here, so it's ok to test it again if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
if [ -e %restart_flag ]; then then
%if %{?fedora}0 > 140 || %{?rhel}0 > 60 # during LEAPP upgrade, services are not running anyway
# dovecot should be started again in %%postun, but it's not executed on reinstall
# if it was already started, restart_flag won't be here, so it's ok to test it again
if [ -e %restart_flag ]; then
/bin/systemctl start dovecot.service >/dev/null 2>&1 || : /bin/systemctl start dovecot.service >/dev/null 2>&1 || :
%else rm -f %restart_flag
/sbin/service %{name} start >/dev/null 2>&1 || : fi
%endif
rm -f %restart_flag
fi fi
%check %check
# some time sensitive tests fail on aarch64, just log the result
%ifarch aarch64
make check ||:
%else
make check make check
cd dovecot-2*3-pigeonhole-%{pigeonholever} %endif
cd dovecot-pigeonhole
make check make check
%files %files
@ -404,15 +388,11 @@ make check
%{_bindir}/dovecot-sysreport %{_bindir}/dovecot-sysreport
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
%_tmpfilesdir/dovecot.conf %_tmpfilesdir/dovecot.conf
%{_sysusersdir}/dovecot.sysusers
%{_unitdir}/dovecot.service %{_unitdir}/dovecot.service
%{_unitdir}/dovecot-init.service %{_unitdir}/dovecot-init.service
%{_unitdir}/dovecot.socket %{_unitdir}/dovecot.socket
%else
%{_initddir}/dovecot
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot
%endif
%dir %{_sysconfdir}/dovecot %dir %{_sysconfdir}/dovecot
%dir %{_sysconfdir}/dovecot/conf.d %dir %{_sysconfdir}/dovecot/conf.d
@ -483,10 +463,10 @@ make check
%{_libexecdir}/%{name} %{_libexecdir}/%{name}
%exclude %{_libexecdir}/%{name}/managesieve* %exclude %{_libexecdir}/%{name}/managesieve*
%dir %attr(0755,root,dovecot) %ghost /var/run/dovecot %dir %attr(0755,root,dovecot) %ghost /run/dovecot
%attr(0750,root,dovenull) %ghost /var/run/dovecot/login %attr(0750,root,dovenull) %ghost /run/dovecot/login
%attr(0750,root,dovenull) %ghost /var/run/dovecot/token-login %attr(0750,root,dovenull) %ghost /run/dovecot/token-login
%attr(0755,root,root) %ghost /var/run/dovecot/empty %attr(0755,root,root) %ghost /run/dovecot/empty
%attr(0750,dovecot,dovecot) /var/lib/dovecot %attr(0750,dovecot,dovecot) /var/lib/dovecot
@ -544,117 +524,263 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so %{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog %changelog
* Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-6 * Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-14
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219) - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55212)
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55206) - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55224)
* Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-5 * Mon Aug 05 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-13
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-22854) - rebuild with updated tests
* Fri Aug 04 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4 * Mon Aug 05 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-12
- fix leaking mailboxes if virtual mailbox can't be opened (#2128857) - fix crash when user has sieve script that includes two missing scripts (RHEL-37160)
* Tue Jul 19 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3 * Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-11
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106231) - fixes assert-crash when IMAP client uses QRESYNC (#RHEL-25434)
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2 * Tue Aug 15 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-10
- do not disable xz/lzma for now despite being deprecated - fix leaking mailboxes if virtual mailbox can't be opened (#2231408)
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1 * Sat May 27 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-9
- add buildrequire of rpcgen to enable rquota support(#2157045)
* Tue Sep 13 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-8
- do not run systemd commands during leapp upgrade (#2119385)
* Tue Jul 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-7
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106232)
* Wed Jul 06 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-6
- fix possible nonzero return value of postinst script(#2053368)
* Tue Jul 05 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-5
- workaround sysuers macro defficiency (#2095399)
* Tue Jul 05 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
- use systemd-sysusers for user creation (#2095399)
* Wed Nov 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
- re-enable LTO build (#1990080)
* Wed Oct 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2
- set first_valid_uid to 1000 to match system default (#2009716)
* Fri Aug 20 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
- dovecot updated to 2.3.16, pigeonhole to 0.5.16 - dovecot updated to 2.3.16, pigeonhole to 0.5.16
- fix CVE-2021-33515 plaintext commands injection (#1980014) - fixes several regressions (#1997583)
* Wed Feb 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-9 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.15-2
- fix CVE-2020-24386 IMAP hibernation function allows mail access (#1913534) - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jan 12 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-8 * Wed Jul 21 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.15-1
- fix CVE-2020-25275 denial of service via mail MIME parsing (#1914019) - dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
- CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
JWT tokens. This may be used to supply attacker controlled keys to
validate tokens, if attacker has local access (#1979833)
- CVE-2021-33515: On-path attacker could have injected plaintext commands
before STARTTLS negotiation that would be executed after STARTTLS
finished with the client
- Add TSLv1.3 support to min_protocols.
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-7 * Wed Jul 14 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-5
- change run directory from /var/run to /run (#1805947) - fix mail storage block count parsing (#1974281)
* Wed Dec 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-6 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-4
- fix mail storage block count parsing (#1894418) - Rebuilt for RHEL 9 BETA for openssl 3.0
- MIME parser crashed when boundaries were wrong (#1888111) Related: rhbz#1971065
* Mon Nov 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-5 * Fri Jun 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-3
- multilib compatibility (#1853137) - compatibility with openssl 3.0 (#1962035)
* Fri Aug 07 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-4 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-2
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756) - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
* Mon Jun 01 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-3 * Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354) - dovecot updated to 2.3.14, pigeonhole to 0.5.14
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines - use OpenSSL's implementation of HMAC
leads to use-after-free (#1840357) - Remove autocreate, expire, snarf and mail-filter plugins.
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart - Remove cydir storage driver.
leads to DoS (#1840356) - Remove XZ/LZMA write support. Read support will be removed in future release.
* Thu Jan 09 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-2 * Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
- fix default attributes for ghost files - rebuild for libpq ABI fix rhbz#1908268
* Tue Nov 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1 * Mon Feb 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-6
- dovecot updated to 2.3.8 with pigeonhole updated to 0.5.8 (#1653117) - use make macros
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-10 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.13-5
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-4
- fix multilib issues
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-3
- bump release and rebuild
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-2
- fix rundir location
* Wed Jan 06 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-1
- fix release number
* Mon Jan 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-0
- dovecot updated to 2.3.13, pigeonhole to 0.5.13
- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
allow logged in user to access other people's emails and filesystem
information.
- Metric filter and global event filter variable syntax changed to a
SQL-like format.
- auth: Added new aliases for %{variables}. Usage of the old ones is
possible, but discouraged.
- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
mechanism and related password schemes.
- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
- auth: Removed postfix postmap socket
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7
- change run directory from /var/run to /run (#1777922)
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-6
- use bigger default key size (#1882939)
* Wed Sep 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-5
- fix gssapi issue
* Wed Aug 26 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-4
- fix FTBFS on 32bit systems
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 1:2.3.11.3-2
- Disable LTO
* Sat Aug 15 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-1
- CVE-2020-12100: Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory.
- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 18 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10.1-1
- dovecot updated to 2.3.10.1
- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957
* Tue Apr 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10-1
- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10
* Wed Feb 12 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.3-1
- dovecot updated to 2.3.9.3
- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS
submission-login and lmtp processes.
- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.9.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Dec 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.2-1
- CVE-2019-19722: Mails with group addresses in From or To fields
caused crash in push notification drivers.
* Wed Dec 04 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9-1
- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9
* Thu Oct 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
- dovecot updated to 2.3.8, pigeonhole 0.5.8
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.7.2-1
- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap when scanning data in quoted strings, leading to out of bounds heap
memory writes (#1741788) memory writes
* Fri Aug 23 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-9 * Mon Aug 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:1-2.3.7.1
- reset errno before iterating through users (#1630410) - dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1
* Mon Jun 17 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-8 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.6-4
- fix CVE-2019-3814: improper certificate validation (#1674370) - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 14 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-7 * Fri May 31 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-3
- do not print error message when restorecon is not present - disable gcc 9 stack reuse temporarily
during install (#1626395)
- change default config to use minimal UID = 1000 (#1630410)
* Mon Jun 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-6 * Mon May 13 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-2
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749) - use /run instead of /var/run (#1706372)
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-5 * Thu May 02 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-1
- make key not that bigger (#1618714) - dovecot updated to 2.3.6, pigeonhole updated to 0.5.6
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-4 * Thu Apr 18 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.2-1
- generated key was too small (#1618714) - dovecot updated to 2.3.5.2
- fixes CVE-2019-10691: Trying to login with 8bit username containing
invalid UTF8 input causes auth process to crash if auth policy is enabled.
* Wed Sep 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-3 * Thu Mar 28 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.1-1
- fix global ACL directory configuration search path (#1630383) - dovecot updated to 2.3.5.1
- update first/last_valid_gid range patch (#1630410) - CVE-2019-7524: Missing input buffer size validation leads into
arbitrary buffer overflow when reading fts or pop3 uidl header
from Dovecot index.
* Mon Jul 30 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-2 * Wed Mar 06 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5-1
- fix defaut permissions of gost run files - dovecot updated to 2.3.5, pigeonhole updated to 0.5.5
* Thu Jun 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-1 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.4-3
- dovecot updated to 2.2.36, pigeonhole to 0.4.24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu May 24 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-3 * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:2.3.4-2
- disable tcp_wrappers as it's not available in rhel8 - Rebuilt for libcrypt.so.2 (#1666033)
* Thu Apr 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-2 * Wed Jan 09 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.4-1
- include crypt.h explicitely - dovecot updated to 2.3.4, pigeonhole updated to 0.5.4
* Wed Mar 21 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-1 * Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.3-1
- dovecot updated to 2.2.35, pigeonhole updated to 0.4.23 - dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3
- doveconf hides more secrets now in the default output
- NUL bytes in mail headers can cause truncated replies when fetched.
- virtual plugin: Some searches used 100% CPU for many seconds
- dsync assert-crashed with acl plugin in some situations.
- imapc: Fixed various assert-crashes when reconnecting to server.
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.34-1
- dovecot updated to 2.2.34, pigeonhole updated to 0.4.22 * Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-4
- fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive - fix dovecot-init service syntax error (#1635017)
memory usage, causing imap-login/pop3-login VSZ limit to be reached
and the process restarted. This happens only if Dovecot config has * Mon Aug 13 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-3
local_name { } or local { } configuration blocks and attacker uses - do not try to generate ssl-params as its obsolete (#1614640)
randomly generated SNI servernames.
- fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2.1-2
leak memory contents to attacker. For example, these memory contents - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
might contain parts of an email from another user if the same imap
process is reused for multiple users. * Tue Jul 10 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-1
- fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login - SSL/TLS servers may have crashed during client disconnection
process.
* Mon Jul 09 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2-1
- dovecot updated to 2.3.2, pigeonhole to 0.5.2
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-2
- fix ftbfs - murmurhash3 check fail
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-1
- dovecot updated to 2.3.1, pigeonhole updated to 0.5.1
* Tue Mar 27 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-3
- use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520)
* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-2
- add gcc buildrequire
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-1
- dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.2.33.2-5 * Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.2.33.2-5
- Escape macros in %%changelog - Escape macros in %%changelog