Accepting request 936363 from home:stroeder:network

update to 2.3.17.1 and pigeonhole to 0.5.17.1

OBS-URL: https://build.opensuse.org/request/show/936363
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=99

dovecot-2.3-pigeonhole-0.5.16.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5ca36780e23b99e6206440f1b3fe3c6598eda5b699b99cebb15d418ba3c6e938
-size 1944573

dovecot-2.3-pigeonhole-0.5.16.tar.gz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmENFLMXHGRvdmVjb3Qt
-Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGiNxAAs82Ath/tyxPICfyb8rH0Mn57
-a/rq/DGxSHyiG08CqeUWmqGF1qH+fPETofHwu6Q31sg6+LKkuHA+U+0w2Aull+sr
-KCIrVSuWs0mat29YlWW9IYEIFiSDYZBFsoxEKmbU18k6wUNy8mPicq9jLc62ZQAB
-CQZKnXyo+zZ3BISlFI13lgSGjEa4yL40dwTt4vYmh0bz4DoU99nu0g4to9oqG/9h
-rvubYLJ+dLspVWHXx/mANLiYH8NSVPN+6vZ41fpPo/zAYyO9jLP93OMmK8UwNlG6
-8CdHHFI2JusUuga/lF8lsebo8sww0vGwyGBAq6u4j6H46/deAxf56nEbdq4mi/AN
-V6r+CU4L7GI6KlXkVBzGoeXAXerqngLQdzgxsIfd2JD7dfuQnlCM2RUurpPES0G5
-meoz0OItcAmKEHTDIPdgA6QjiBdUhhOlGfXGj3p0ka88l3j6RdRXRI2AnhEH2C0B
-x6ufOFhBYCb5X0S/PA3nAzr+T/oZiVoFi+e85H8kFLgrJ6NOOXBS8x2bDzOmhxvL
-wpO8icnRvaz3HA7HxPvLmnfMSg92bF2LB8dMmMTNrW4jwPYqWRJRWyKK8nZVw3hz
-jDGBmCJ9xqaQ0uS3ukuFjkwGhLB1/erGtlgH0HA9FhU2B9/4qjOgdD760o3v2s9k
-GfL26IpSX7gi3SQ5Yqs=
-=KDRz
------END PGP SIGNATURE-----

dovecot-2.3-pigeonhole-0.5.17.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3cc4a3de6d7e27bd99ac59b99faa161287f78167272699a22591798ffcf84512
+size 1952704

dovecot-2.3-pigeonhole-0.5.17.1.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmGvJbcXHGRvdmVjb3Qt
+Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaHcmRAAswKv23SqQEqBq3exdXVKP+a2
+Q6D5W4gvDlcKW5Qxn9ZrMvQ+MSG6WXZ0iEkVPz6Ie9RDgncIsh7U4yqIx7MjgEMg
+XsnZzydqW96yLkl1vYVtbrTzLv57BwAL/SuKttUyE2qCaYs23RFzY/CRPgYvFRxz
+ulIzU82uqZg9c47/QJQ4czWi8RN6QWIjpupYTgJfgnQJk2NIIfb1uHZ02JeG55E9
+uMeO/CDAqO2PKy2M5VmoT4cS+3GF0BJ74cGjxzr6z8VcW01CDUM3viLWgsXiON8Y
+sXJEOS6e/EmT1fnK0so6w+9flxuMchGPWoXzGXHwUyETeUT8d0ZteEBWNuxQ5a03
+ybLDuDASQNi9/u3+NhLYNyFiWdQtt1q8bW/dhVB8+GT8ShHppTaws2YPTAA/SCZu
+PIRmBCxh1DkrM23gbNRk44ZSyRuIboorDkisJaJP2pLvJ+jjBwwwfyBvv+29jqKs
+m89ynZrVA5GJIf7rZXAUCiT7fgYqWMBZMA10aO+qPZVbZXGwdkeuRGnr78cEtMLd
+5onGcBvz1VE6EcRqTX9PyTeFUAJV4by+Lv/Po/49RX36+Tz9W4PqB8a2Y8xvoP32
+XPMd45CkqgzkuryOlrT0SISk911NpPaEyAJSriOC72FQhREzYRr8lVP4fOLGz6dT
+YPHxOrUYmEvikziRYEk=
+=8dq3
+-----END PGP SIGNATURE-----

dovecot-2.3.0-better_ssl_defaults.patch

@@ -1,13 +1,13 @@
-diff -ur dovecot-2.3.15.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.15/doc/example-config/conf.d/10-ssl.conf
---- dovecot-2.3.15.orig/doc/example-config/conf.d/10-ssl.conf
-+++ dovecot-2.3.15/doc/example-config/conf.d/10-ssl.conf
+diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf	2021-12-03 12:48:47.000000000 +0100
++++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf	2021-12-07 20:09:55.575984341 +0100
 @@ -9,8 +9,8 @@
  # dropping root privileges, so keep the key file unreadable by anyone but
  # root. Included doc/mkcert.sh can be used to easily generate self-signed
  # certificate, just make sure to update the domains in dovecot-openssl.cnf
 -ssl_cert = </etc/ssl/certs/dovecot.pem
 -ssl_key = </etc/ssl/private/dovecot.pem
-+#ssl_cert = </etc/ssl/private/dovecot.crt
++#ssl_cert = </etc/ssl/certs/dovecot.pem
 +#ssl_key = </etc/ssl/private/dovecot.pem
  
  # If key file is password protected, give the password here. Alternatively
@@ -34,13 +34,13 @@ diff -ur dovecot-2.3.15.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.1
  #   no_ticket - Disable SSL session tickets.
  #ssl_options =
 +ssl_options = no_compression
-diff -ur dovecot-2.3.15.orig/src/lib-master/master-service-ssl-settings.c dovecot-2.3.15/src/lib-master/master-service-ssl-settings.c
---- dovecot-2.3.15.orig/src/lib-master/master-service-ssl-settings.c	2021-06-14 15:40:37.000000000 +0200
-+++ dovecot-2.3.15/src/lib-master/master-service-ssl-settings.c	2021-06-21 14:09:29.663825041 +0200
-@@ -62,7 +62,7 @@
+diff -ur dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c
+--- dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c	2021-12-03 12:48:47.000000000 +0100
++++ dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c	2021-12-07 20:10:57.811653344 +0100
+@@ -49,7 +49,7 @@
+ 	.ssl_client_ca_dir = "",
  	.ssl_client_cert = "",
  	.ssl_client_key = "",
- 	.ssl_dh = "",
 -	.ssl_cipher_list = "ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
 +	.ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH",
  	.ssl_cipher_suites = "", /* Use TLS library provided value */

dovecot-2.3.16.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:03a71d53055bd9ec528d55e07afaf15c09dec9856cba734904bfd05acbc6cf12
-size 7650008

dovecot-2.3.16.tar.gz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmENFKMXHGRvdmVjb3Qt
-Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaHxRxAAsWT5YKSqCfTZTNadtRQ29nXu
-ekCHdhh+jnAZLvBj221pnCbHn1/WNwzyHm5TlwKb8xwxSjxoT8yq+wyj2j/dZ+l/
-CkQaCBzCxScXepghlk0fvvaSveU+6oW29teSzIe6X1IFCT55ghSR099T5nrVzEER
-6UHP6ZtX13vYhEBkcGsBy5VA48zGQ+ZOq6vjMn9sLIkBWHqB58I2KW7n+i44cHpk
-8SCcYD6BsRjik6ErEGhVIvSy9/6kTqKnnLBSxQx6E01X9mtC4RUcNvhQqKQD29Xq
-U7tQUgY0Unb2eNcksTQ/qGyU4owqzTAbBzB3xJ8uvAOC21qePo35r3jn/dk3RRUv
-JymeMwtBVyBwPdAErEodYxo9sSYuoPSLTV1RdIzmz+jbvoku4bpbEXdfKoBq0bKA
-tQ9vPnO6CfGiSQh3mypanCFO5DQbq42moaMtYkYWWZKQhYFPDnKvGay53gcVQAIS
-ML7rOcR7PXQ3WhJjteK1EQVXuHHo0z7iGj623dcTpTMDLgoP3iwWMyKu8V25/vr/
-jbVCo6XauxmFFhJM5vl0g3yJtiXEqBxULeoDU6T89TGNUJ8a4AI1gQCOXFBE5Fgi
-aobN5GXly2VBrbp/cRDqVV1wXh4h8nrMSkCG4avIwX9ThUSzE8ryEjxMTVBQOk6x
-SNs3kXgmPfnvLtPotsA=
-=0j3P
------END PGP SIGNATURE-----

dovecot-2.3.17.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1c67ccccdc81a75007c01dedc02ad608c4d856c60a6b89b9cd246e79f72aa2b8
+size 7700848

dovecot-2.3.17.1.tar.gz.sig

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmGvJTEXHGRvdmVjb3Qt
+Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaHGTRAAjWmyXq6MbosOviWvfo2SvnTm
+B2laIuY1E6klZg3b1jipXdS3zbC2b0PvKEGswLmJcRvMM1JYw6Ww5ueSMkSJk/AJ
+fg6SjeGzJanL4gB1ADYRPeMVOqIM3PWjKKP+FGR13sG71dDO//5J30zkn3uflz0S
+7colr5QS1fQF6i5DKG4mT427O3ae63UJgaHQmEfv6+5ahmjzvOQpXr62ELP6hUQC
+IDNg1T4Q/S6w8XkWL5TAA7MzrPCcS8dz07glpyHZB1/FM4I5hFntMPz4krFJX8Zj
+A2PlFUoa3LddXYHi+BGQnbrso2nL4YoOLWfJWHIhydtu3kHYwepv4qEbRMSwje5J
+D+xtaNbQL3ngUxnjlAklfpn3kcNHUyS7d4KxSNkU46zBuhhsdtILRzjZpvJsZ7CH
+SFE25cbEbN0MR6xLum0MCCjQb5LMnoSFwaGSWTjwx3lm7R1fATQ3HJqRPgE44jkS
+N8K0eFWHupXPsvYiV3l/gkhHYmaQJG3u7eZcwHUZU1+mHzQjQcPVX/9Ekws4BpYK
+JMnDKMV7ydDy5DusycyVWAN6LtR3gh16dkU/3N/A2trb1gUpCXrqRIRPTBdBCGEf
+sXL7xohyPKDHR39qj62guOkcdS3eph1femAlcu9yTwf29FjqI4WlwQakpVI78M26
+91OVMigATH2S5wZVb9s=
+=s2hH
+-----END PGP SIGNATURE-----

dovecot23.changes

@@ -1,3 +1,135 @@
+-------------------------------------------------------------------
+Tue Dec  7 18:54:54 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- update to 2.3.17.1 and pigeonhole to 0.5.17.1
+- rebased dovecot-2.3.0-better_ssl_defaults.patch
+
+  Dovecot 2.3.17.1
+  - dsync: Add back accidentically removed parameters.
+  - lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error
+    without errno.
+  - master: Dovecot failed to start if ssl_ca was too large.
+  Dovecot 2.3.17
+  * Dovecot now logs a warning if time seems to jump forward at least
+    100 milliseconds.
+  * dict: Lines logged by the dict process now contain the dict name as
+    the prefix.
+  * lib-index: mail_cache_fields, mail_always_cache_fields and
+    mail_never_cache_fields now verifies that the listed header names are
+    valid. Especially the UTF8 "–" character has sometimes been wrongly
+    used instead of the ASCII "-".
+  + *-login: Added login_proxy_rawlog_dir setting to capture
+    rawlogs between proxy and backend.
+  + dict: The server process now keeps the last 10 idle dict backends
+    cached for maximum of 30 seconds. Practically this acts as a
+    connection pool for dict-redis and dict-ldap. Note that this doesn't
+    affect dict-sql, because it already had its own internal cache.
+  + doveadm: New stats add/remove commands added to support changing the
+    metrics configuration on runtime.
+  + lazy_expunge: Added lazy_expunge_exclude settings to disable
+    lazy_expunge for specific folders. \Special-use flags can be used as
+    folder names.
+  + lib-lua: Added a new helper function dovecot.restrict_global_variables()
+    to disable or enable defining new global variables.
+  - LAYOUT=index List index rebuild was missing.
+  - LAYOUT=index: Duplicate GUIDs were not detected.
+  - acl: When using acl_ignore_namespace Dovecot attempted to access or
+    create dovecot-acl-list even when the namespace should have been
+    ignored. For virtual namespaces this could have yielded errors about
+    "Read-only file system" or "Permission denied".
+  - auth: Setting the "master" passdb field to empty value would
+    cause proxying to fail with an authentication error.
+    Now an empty "master" field is ignored.
+  - doveadm-server: Duplicate error lines were sent for failed commands.
+    This didn't normally cause visible problems, except when using
+    wildcards in usernames or -A parameter to go through multiple users.
+  - doveadm-server: Logs written by doveadm-server were often missing log
+    prefixes, especially mail_log_prefix for mail commands. Logs sent to
+    doveadm TCP client were also missing log prefixes.
+  - doveadm: v2.3 regression: batch command always crashes.
+  - doveadm: v2.3.11 regression: Commands failed if ssl_cert or
+    ssl_key files weren't readable by the user running doveadm, even
+    though doveadm didn't actually use these settings
+  - imap-hibernate: Process may crash at deinit:
+    Panic: file ioloop.c: line 928 (io_loop_destroy): assertion failed:
+    (ioloop->cur_ctx == NULL).
+  - imap: Using imap_fetch_failure=no-after can cause assert-crash
+    with some IMAP commands if reading the mail fails (e.g. wrong cached
+    mail size). Fixes:
+    Panic: file index-mail-headers.c: line 198 (index_mail_parse_header_init):
+    assertion failed: (!mail->data.header_parser_initialized)
+  - imap: v2.3.10 regression: When using INDEXPVT to enable private
+    \Seen flags (for shared or public namespaces) the STORE command did
+    not send untagged replies for the \Seen flag changes.
+  - imap: v2.3.15 regression: If PREVIEW/SNIPPET is not the final FETCH
+    option in the command, the IMAP FETCH response is broken.
+  - imap: v2.3.15 regression: MOVE command leaks mailbox if it can't be
+    opened and crashes at deinit:
+    Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed:
+    ((*user)->refcount == 1).
+  - imapc: Copying nonexistent mail via imapc could have crashed. Fixes:
+    Panic: file mail-storage.c: line 2385 (mailbox_transaction_commit_get_changes):
+    assertion failed: (ret < 0 || seq_range_count(&changes_r->saved_uids) == save_count ||
+    array_count(&changes_r->saved_uids) == 0).
+  - indexer: v2.3.15 regression: Process crashes if indexer-client
+    disconnects while it's waiting for command reply. This happened for
+    example if IMAP SEARCH triggered long fts indexing and the IMAP
+    client disconnected while waiting for the reply.
+  - indexer: v2.3.15 regression: Process may have crashed in some situations.
+  - indexer: v2.3.15 regression: indexer-worker processes may not have
+    reached the process_limit in some situations, possibly even using just
+    one indexer-worker process even though there were many indexing
+    requests queued.
+  - lib-compression: Reading lz4 compressed mdbox mails may crash. Fixes:
+    Panic: file istream.c: line 345 (i_stream_read_memarea):
+    assertion failed: (!stream->blocking).
+  - lib-compression: bench-compress crashes due to xz being read-only.
+  - lib-lua: Fix linking libdict_lua for non-GNU linkers when Lua support
+    is disabled.
+  - lib-mail: There was no limit on how large an email header name could be.
+    Processable header names are now limited to 1000 bytes.
+  - lib-oauth2: Dovecot disallowed JWT tokens if their validity time was
+    older than token creation time (nbf < iat).
+  - lib-storage: Reduce memory footprint of certain storage operations.
+  - lib-storage: When listing mailboxes with storage name escape
+    characters (^ or .) as part of the mailbox name, the listing could
+    show corrupted mailbox names. Due to an issue in handling escaped
+    parent folders, the listing of other mailbox names would become
+    corrupted by prepending parts of the previously listed mailboxes
+    parent folder as prefix to the actual mailbox names. The corruption
+    can occur when using LAYOUT=INDEX and maildir or obox, or when using
+    the listescape plugin.
+  - mail-crypt: Fix "-O" argument for "doveadm mailbox cryptokey password"
+    command to be a boolean, and not expect a string.
+  - submission-login: Add support for not authenticating to next hop in
+    submission proxying.
+  - submission-login: EHLO was not sent again after XCLIENT when doing
+    submission proxying.
+  - virtual: Mailboxes do not correctly detect underlying mailboxes
+    getting re-created even though they have a different UIDVALIDITY or
+    GUID.
+  Pigeonhole v0.5.17
+  - duplicate: The Sieve duplicate test is prone to false negatives when
+    the user receives many e-mails concurrently, meaning that duplicate
+    deliveries can still occur.
+  - fileinto: v2.3.16 regression: Sieve delivery crashes if mail is
+    delivered to non-existing and existing folder.
+  - imap-filter-sieve: v2.3.15 regression: The CPU limits on Sieve
+    execution are too easily exceeded in IMAP context (the IMAPSieve and
+    FILTER=SIEVE capabilities). Changed the default to unlimited CPU time
+    for IMAP context, since similar excessive resource usage can be caused
+    by other means as well. The CPU limits on Sieve scripts executed at
+    LDA/LMTP delivery are still enforced by default.
+  - redirect:  The Sieve redirect action has protections against users
+    triggering mail loops. Unfortunately, the detection of a redirect mail
+    loop sometimes causes the message to get lost if no other Sieve action
+    is applied that delivers the message somewhere else.
+  - redirect: v2.3.16 regression: With certain Sieve scripts if redirect
+    fails due to temporary failure, the lmtp process may crash after the
+    delivery. Fixes:
+    Panic: file mail-user.c: line 229 (mail_user_deinit):
+    assertion failed: ((*user)->refcount == 1).
+
 -------------------------------------------------------------------
 Tue Aug 10 22:38:15 UTC 2021 - Michael Ströder <michael@stroeder.com>
 

dovecot23.spec

@@ -19,11 +19,11 @@
 %global _lto_cflags %{nil}
 
 Name:           dovecot23
-Version:        2.3.16
+Version:        2.3.17.1
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.16
-%define dovecot_pigeonhole_version 0.5.16
+%define dovecot_version 2.3.17.1
+%define dovecot_pigeonhole_version 0.5.17.1
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole