Accepting request 1111576 from server:mail

- update to 2.3.21 and pigeonhole 0.5.21

OBS-URL: https://build.opensuse.org/request/show/1111576
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=52

dovecot-2.3-pigeonhole-0.5.20.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae32bd4870ea2c1328ae09ba206e9ec12128046d6afca52fbbc9ef7f75617c98
-size 1945126

dovecot-2.3-pigeonhole-0.5.20.tar.gz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmOkCEgXHGRvdmVjb3Qt
-Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaElYw/+O7hK3Mg7RBygwlw2EuFBfz0Y
-y+SC2l35ESVPHCd1U8zl7q3gKiahP8Y+knVpmXiytZ1xOfjf3fHROCH8nFQbNKu5
-U+BeYxuB0b6zJ6+zmptBWr8dkbPZ1gxc8hgbfRM5PMgn+C1uiiJ4YKNDCco1k5h6
-dj7JsgXpUILPPxFkJaUcGHG7u6BAtS5M6OxtjgTJM6FwjSzZsl5ZkuB/O1wuojrv
-IJykKbE0fi9diz+CKSyiL8ge5FbxwFxei5jCVB3pAkdNnY9r+DBdOmnjmO2lYFkO
-4zvkk2uK/zBHnR28DaAwLRziNNdGs/5QnEOGTx8d6XK5irHOdWUZ83H/LdAbhiKs
-cNT5o0Wx0nnG0g/j6p2Clrmz8cVDuBtqE+Z2qDhHOc6VtEQXTkR4Z+wWNCJwHtCx
-uws5jCHv9HcI/3AcxpzV99NofD/VJEs7C6Bmv1bhV3N9Rs6cq0KdcJYBSRsmTN4k
-KBT7nRc4RCRvyiG/nmK6qO9YfGaShfalTXBzCuCcg5KSEC8J20Cv6NZUtXI4xom4
-buaw657Ss94YGId1dLzhKp7YJMHCNmtN/tIOlQpSls6D9JLCTSIkKNVg7mx5rf92
-R7Oa9ixWp1YFyX0G9agFBr4De43ATRFvRcUq+EVm8DJ3nx7emVFLFWEXzg7GJzVh
-znJGpiGYdtsLpLeYHBA=
-=0YWo
------END PGP SIGNATURE-----

dovecot-2.3-pigeonhole-0.5.21.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1ca71d2659076712058a72030288f150b2b076b0306453471c5261498d3ded27
+size 1955945

dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmUD/LgXHGRvdmVjb3Qt
+Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaEOrw//XMtJvAS4s+6VIJ1faAQFztKS
+8lo3e6dd+EHKEMz70mXu/5tdEQS7JkiN+9O6CbjNY0+/zHmYmXXXiVCvldpSqDhe
+9c2mIOeAg0C2EVY5Qf/RJ940ByF4Kd/ulUY6exaUycJkUccNEYgBGVWOnIwNDlV/
+hCLlJy1540nApo7ys9XVh3+WO2I3a8xVm5cRug6j0FD93rhmWc7dpeCe40j7xz0q
+pMKGbGlQueRgeZ1NO7Qp+9ZIVyy9xIZIuNt13GwhD830ObpE2aGFfW6yxdmIRrgK
+/wIp+fzdMbPLNbtmCdh1NXz88zC6KbEII1rHaL/KejK7XtOkzR06yOJYr/tgJN+s
+BnWGQbCAVfBUMWdnvzgs0nTgzqattlXPqoD1v3TkMYXKYcf9Tow9RGNaDk0DXGCH
+bx3+oBkfjUEvxDU7td4F7DMVjBQZpwhNA/TiGraabtPQKfR4zFcYQUyw3T3G+Rv3
+PZ32mTmC9TTN5blTxamvsrK2SpFT3uXm1ch019228pul0DtcvjcdZFgkyWl3I0Xy
+Na/GEPlVodVVTx0cAGbUCeS6Ja3UG9Le4KjfYOEQ8gBeo5dD4/hrs0ZXHBri7XcW
+0ackeYB4JrSDALumjbHTRL+vo9d0FbtpkxBq9RMXM/xVqMpzfSo3Ac3bViBh05pX
+BXYU8Uy5LU0VjN7FpOI=
+=a386
+-----END PGP SIGNATURE-----

dovecot-2.3.20.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:caa832eb968148abdf35ee9d0f534b779fa732c0ce4a913d9ab8c3469b218552
-size 7805735

dovecot-2.3.20.tar.gz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmOkCDwXHGRvdmVjb3Qt
-Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGPwxAAwmyTGtrDSyJzzjAuDP0lQVfo
-v6MjLxmsS2LqrnA6coGpVszc5TsCMOhkk2TYpbIPk1G6Mc5ToW9ZrWKXZcyrk9hv
-b2VSM04JF1eF+2D9jc4r0eCbrYVx4x0/UVvlZytsaq9b3Gw59NExS4BjOSzByOBD
-QF3lUdlS1ZGb0iI6dJwlWcmIKJ9RsT2P4GodfkXZf68gi82yMEEtaYxeQzpQqarH
-dZdl5UGWMUB+eP3VzeqtoPSRmFhLOu4hhKKBOSTK7JX8hNnzWyV0YQ89ZBksJsRb
-PK5ou16tiWFzmnQ43Sy2W6FLfTog36YXVfvJaCc2zOzrcxD2oykLYealjEfBSUeg
-FHaSIP8XCnV42PT3MQO931Zt7HphD3VSGslb3p+/fFmpZUtOKjVaNROlD1hvggr7
-A88YBZE6zffu1Xx9aNBTNu/NV3jFuQdfqpBT/jxwV/hEWaHgBjOwedGsNtiNE3bl
-FdPc5JuJyOMAzXlAjy6IStL9LCQJpjbXOOgbDLo0KiZUh+K2faFOVcJNmAkhmWSd
-jYq28HOmHfo7MIoa4CdmBQHKtKSR/OVaOIOOzVSUVCnlTuXm8qQQG5xjjToFN99U
-TFbJiPvm+/HT6QyeNHH4mO6dUTZ9YdBuyj30P0Rffq0E4fZgz3ZBezwWSYj4bwXx
-T63m4IEsocH8pQRKpJ0=
-=aSIL
------END PGP SIGNATURE-----

dovecot-2.3.21.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d
+size 7837242

dovecot-2.3.21.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmUD/KAXHGRvdmVjb3Qt
+Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGv3Q//bB9M8lEVqTyljhPFphhNLJvj
+zxh9U08nUOpOV9X+IfVX4PcorS5SqrPU45ohVmstLhMf6+ONHLWqE9GHFJrwsvtC
+/aPdX5ZPQN7/H76hW9rD+m9ytCkKC+sH2tf4RR8IWtfVjF2cU+jRbMcGSJ2SbKS4
+APOEMJgdtmh5vZTHMYCSv0+8+pi4LNm3pth6XbbneJ8cmoLlZ3kjUn63pb8atkwF
+fhSNIMjb3ZKE4kJT+p01Q18DO5X4DQuPrjiuRPHLpe+PbsUYdu44Wuu+vsM/eSO2
+RQ3C+uoFg2DfhwkjLxiiTli+bnKONUKpBae3ckG1GO6cBqtPuDEIea2dcPOjJ3Ga
+Vpssy+iq7qvGIZDC5YPmdRH6O0k4r0ntTljFlpg2SW7afE2tC1ipadCcwOsF9dUZ
+DDF89o+k8s0kl8486YTIeTSwGBWJCQJPzmdA8hBxCcVTvvo5G+N2xxX6ZL+wqG3Y
+vV43n/Xvi4GkrOS7Rp+SOMGS5E4/+VB2udC3qm1s6cFm0bFVXMGwbzFnKqpcGaYX
+UDmbZAkKA4pCkEdNJIz1QUpNtQnf1vGHaMeW+IAW5xPjKJ15/M+GPZ0yeqv2Gt6I
+v1J0EM5ZkgNJ+9NU093QxORdXrTD7bDMa5yOv/7ih+9Cx4r9GhdgS/T/3LZIncrg
+xpKXvK/XKM7RFMhOnz4=
+=fueB
+-----END PGP SIGNATURE-----

dovecot23.changes

@@ -1,3 +1,125 @@
+-------------------------------------------------------------------
+Fri Sep 15 12:12:44 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 2.3.21 and pigeonhole 0.5.21
+
+  Dovecot 2.3.21
+  * lib-oauth2: Allow JWT tokens to be validated with missing typ field.
+    The typ field is left out by some key issuers to conserve space,
+    notably kubernetes. Now missing typ is tolerated, but if present, it
+    still must be "jwt".
+  + auth: Auth passdb and userdb reply can contain "event_<name>=value"
+    which will be added to login event and mail user event respectively.
+  + lib-master: Set process title during various initialization stages to
+    clearly describe what the process is waiting on.
+  + lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
+    by 0..30% based on username's hash to reduce the chance of load spikes.
+  + lib-storage: The temp file scan has been moved from the open of the
+    mailbox to the close, to reduce the latency perceived by users.
+  + stats: If metric has fields specified, all these fields are
+    exported as counters to prometheus exposition.
+    See https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
+  - *-login: Processes might have crashed when a SSL connection disconnects
+    uncleanly.
+  - acl: When plugin was loaded \HasChildren and \HasNoChildren flags
+    were calculated incorrectly for mailboxes containing '*' and '%'
+    in their names.
+  - auth: Crash occured if a connection to PostgreSQL database server
+    failed during startup.
+  - auth: Logins with invalid passwords (e.g. unknown scheme) in passdb
+    were failing with "password mismatch" instead of "internal error".
+  - auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol
+    specific error message on all errors. This especially broke OIDC
+    discovery.
+  - dbox: When last_temp_file_scan header wasn't set (especially after
+    dsync migration), the next mailbox open always triggers the temp file
+    scan. This could have caused a load spike after migrations. Fixed by
+    using the mailbox directory's atime when the header isn't set, which
+    usually moves the scan time into the future.
+  - dict-redis: A crash would occur on transaction rollback.
+  - dsync: Infinite loop causing out of memory would occur when handling
+    mailbox deletion from remote end and hierarchy separators would differ.
+  - dsync: Incremental dsync failed for folder names ending with '%',
+    unless BROKENCHAR was set. Also folder names with '%' elsewhere in
+    them caused each incremental dsync to unnecessarily rename the folder
+    to a temporary name and back. v2.3.19 regression.
+  - imap-hibernate: If an IMAP client unhibernation timed out with
+    "(version received)", the unhibernation could still have successfully
+    finished later on and continued working normally. This was rather
+    confusing, because imap-hibernate already logged that the client got
+    disconnected. Avoid this by forcing the connection to shutdown on
+    unhibernation timeout.
+  - imapc: Crashed when a folder mapped through the virtual plugin
+    disappears from the storage.
+  - imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously
+    selected mailbox could have been processed as if they belonged to the
+    new mailbox currently being selected. This could have caused warnings.
+  - lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have
+    disconnected HTTP clients before the response is fully sent. This
+    happened only on busy servers where kernel's socket buffers were
+    rather full.
+  - lib-http: Fixed a potential crash on http-server if a client
+    disconnected early. v2.3.18 regression.
+  - lib-index: Index file corruption could have caused a crash. Fixes:
+    Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set):
+    assertion failed: (min_file_seq <= max_file_seq).
+  - lib-index: Purging an existing >1GB cache file can crash. Now cache
+    files still above 1GB after purging are removed. Fixes:
+    Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset):
+    assertion failed: (offset < 0x40000000)
+  - lib-lua: A HTTP client could not resolve DNS names in mail processes,
+    because it expected "the dns-client" socket to exist in the current
+    directory.
+  - lib-oauth2: Dovecot would send client_id and client_secret as POST
+    parameters to the introspection server. These need to be optionally in
+    Basic auth instead.
+  - lib-oauth2: JWT aud validation was not performed if aud was missing
+    from a token, but was configured on Dovecot.
+  - lib-oauth2: JWT key type check was too strict.
+  - lib-oauth2: JWT token audience was not validated against client_id as
+    required by the specification.
+  - lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused
+    CRL check failures for outgoing SSL/TLS connections, although it was
+    supposed to affect checking CRLs only for client-side SSL
+    certificates. v2.3.17 regression.
+  - lib-sql: MySQL driver leaked memory when connection failed.
+  - lib-storage: Various fixes when running into out of disk space.
+  - master: Service idle_kill setting didn't work properly on busy
+    servers. It was very unlikely that any process was idling long enough
+    to become killed. Also the idle_kill handling code was using quite a
+    lot of CPU on the master process when there were a lot of processes
+    (e.g. imap). The new behavior is to track the lowest number of idling
+    processes every idle_kill time interval and then kill that many idling
+    processes.
+  - mdbox: Temp file scan was done for always empty directories.
+  - mdbox: The fdatasync() call was done in wrong parent directory when
+    writing mails. Also on a failure it crashed instead of logging an error.
+  - notify_status: The plugin crashes if any user initialization fails.
+  - pop3: Sending command with the ':' character caused an assert-crash.
+    v2.3.18 regression. Fixes: Panic: event_reason_code_prefix(): name has ':'
+  - stats: Fix panic when a nonexistent event exporter was referenced while
+    adding a new metric dynamically via doveadm stats add. This produces
+    a proper error now.
+  - stats: If process exported a lot of events and then exited, some of
+    the last events may have become lost.
+  - stats: Invalid Prometheus label names were created with specific
+    histogram group_by configurations. Prometheus rejected these labels.
+  - welcome: The plugin didn't execute in some situations that created
+    INBOX but didn't open it, e.g. if GETMETADATA was used before the
+    INBOX was opened.
+
+  Pigeonhole v0.5.21
+  - sieve: Using the deleteheader action on a message with a broken/invalid
+    header can cause the Sieve interpreter to crash with an assert panic.
+    This can happen e.g. when the message is missing the empty EOH line
+    between the headers and the body of the message. Fixes:
+    Panic: file edit-mail.c: line 820 (edit_mail_headers_parse):
+    assertion failed: (body_offset > 0).
+  - sieve: Pigeonhole added an extra Message-ID header during mail
+    forwarding when the existing one was invalid. Now it adds the
+    Message-ID only if it is entirely missing. Existing Message-ID(s) are
+    left unchanged.
+
 -------------------------------------------------------------------
 Mon Mar 27 09:15:10 UTC 2023 - Martin Liška <mliska@suse.cz>
 

dovecot23.spec

@@ -17,11 +17,11 @@
 
 
 Name:           dovecot23
-Version:        2.3.20
+Version:        2.3.21
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.20
-%define dovecot_pigeonhole_version 0.5.20
+%define dovecot_version 2.3.21
+%define dovecot_pigeonhole_version 0.5.21
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -162,6 +162,7 @@ Patch:          dovecot-2.3.0-dont_use_etc_ssl_certs.patch
 Patch1:         dovecot-2.3.0-better_ssl_defaults.patch
 # PATCH-FIX-OPENSUSE - boo#1207958
 Patch2:         fix-build-with-openssl-3.patch
+# PATCH-FIX-UPSTREAM - https://github.com/dovecot/core/commit/f0c1cf42ea78d22e2674b03fe65f0ee6545c5b99
 Patch3:         fix-strict-aliasing.patch
 Summary:        IMAP and POP3 Server Written Primarily with Security in Mind
 License:        BSD-3-Clause AND LGPL-2.1-or-later AND MIT