diff --git a/dovecot-2.3-pigeonhole-0.5.16.tar.gz b/dovecot-2.3-pigeonhole-0.5.16.tar.gz deleted file mode 100644 index e481a7d..0000000 --- a/dovecot-2.3-pigeonhole-0.5.16.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ca36780e23b99e6206440f1b3fe3c6598eda5b699b99cebb15d418ba3c6e938 -size 1944573 diff --git a/dovecot-2.3-pigeonhole-0.5.16.tar.gz.sig b/dovecot-2.3-pigeonhole-0.5.16.tar.gz.sig deleted file mode 100644 index c832e5f..0000000 --- a/dovecot-2.3-pigeonhole-0.5.16.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmENFLMXHGRvdmVjb3Qt -Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGiNxAAs82Ath/tyxPICfyb8rH0Mn57 -a/rq/DGxSHyiG08CqeUWmqGF1qH+fPETofHwu6Q31sg6+LKkuHA+U+0w2Aull+sr -KCIrVSuWs0mat29YlWW9IYEIFiSDYZBFsoxEKmbU18k6wUNy8mPicq9jLc62ZQAB -CQZKnXyo+zZ3BISlFI13lgSGjEa4yL40dwTt4vYmh0bz4DoU99nu0g4to9oqG/9h -rvubYLJ+dLspVWHXx/mANLiYH8NSVPN+6vZ41fpPo/zAYyO9jLP93OMmK8UwNlG6 -8CdHHFI2JusUuga/lF8lsebo8sww0vGwyGBAq6u4j6H46/deAxf56nEbdq4mi/AN -V6r+CU4L7GI6KlXkVBzGoeXAXerqngLQdzgxsIfd2JD7dfuQnlCM2RUurpPES0G5 -meoz0OItcAmKEHTDIPdgA6QjiBdUhhOlGfXGj3p0ka88l3j6RdRXRI2AnhEH2C0B -x6ufOFhBYCb5X0S/PA3nAzr+T/oZiVoFi+e85H8kFLgrJ6NOOXBS8x2bDzOmhxvL -wpO8icnRvaz3HA7HxPvLmnfMSg92bF2LB8dMmMTNrW4jwPYqWRJRWyKK8nZVw3hz -jDGBmCJ9xqaQ0uS3ukuFjkwGhLB1/erGtlgH0HA9FhU2B9/4qjOgdD760o3v2s9k -GfL26IpSX7gi3SQ5Yqs= -=KDRz ------END PGP SIGNATURE----- diff --git a/dovecot-2.3-pigeonhole-0.5.17.1.tar.gz b/dovecot-2.3-pigeonhole-0.5.17.1.tar.gz new file mode 100644 index 0000000..58b0f8b --- /dev/null +++ b/dovecot-2.3-pigeonhole-0.5.17.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3cc4a3de6d7e27bd99ac59b99faa161287f78167272699a22591798ffcf84512 +size 1952704 diff --git a/dovecot-2.3-pigeonhole-0.5.17.1.tar.gz.sig b/dovecot-2.3-pigeonhole-0.5.17.1.tar.gz.sig new file mode 100644 index 0000000..4a14ed8 --- /dev/null +++ b/dovecot-2.3-pigeonhole-0.5.17.1.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmGvJbcXHGRvdmVjb3Qt +Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaHcmRAAswKv23SqQEqBq3exdXVKP+a2 +Q6D5W4gvDlcKW5Qxn9ZrMvQ+MSG6WXZ0iEkVPz6Ie9RDgncIsh7U4yqIx7MjgEMg +XsnZzydqW96yLkl1vYVtbrTzLv57BwAL/SuKttUyE2qCaYs23RFzY/CRPgYvFRxz +ulIzU82uqZg9c47/QJQ4czWi8RN6QWIjpupYTgJfgnQJk2NIIfb1uHZ02JeG55E9 +uMeO/CDAqO2PKy2M5VmoT4cS+3GF0BJ74cGjxzr6z8VcW01CDUM3viLWgsXiON8Y +sXJEOS6e/EmT1fnK0so6w+9flxuMchGPWoXzGXHwUyETeUT8d0ZteEBWNuxQ5a03 +ybLDuDASQNi9/u3+NhLYNyFiWdQtt1q8bW/dhVB8+GT8ShHppTaws2YPTAA/SCZu +PIRmBCxh1DkrM23gbNRk44ZSyRuIboorDkisJaJP2pLvJ+jjBwwwfyBvv+29jqKs +m89ynZrVA5GJIf7rZXAUCiT7fgYqWMBZMA10aO+qPZVbZXGwdkeuRGnr78cEtMLd +5onGcBvz1VE6EcRqTX9PyTeFUAJV4by+Lv/Po/49RX36+Tz9W4PqB8a2Y8xvoP32 +XPMd45CkqgzkuryOlrT0SISk911NpPaEyAJSriOC72FQhREzYRr8lVP4fOLGz6dT +YPHxOrUYmEvikziRYEk= +=8dq3 +-----END PGP SIGNATURE----- diff --git a/dovecot-2.3.0-better_ssl_defaults.patch b/dovecot-2.3.0-better_ssl_defaults.patch index e5e9654..4703ae9 100644 --- a/dovecot-2.3.0-better_ssl_defaults.patch +++ b/dovecot-2.3.0-better_ssl_defaults.patch @@ -1,13 +1,13 @@ -diff -ur dovecot-2.3.15.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.15/doc/example-config/conf.d/10-ssl.conf ---- dovecot-2.3.15.orig/doc/example-config/conf.d/10-ssl.conf -+++ dovecot-2.3.15/doc/example-config/conf.d/10-ssl.conf +diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf +--- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf 2021-12-03 12:48:47.000000000 +0100 ++++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf 2021-12-07 20:09:55.575984341 +0100 @@ -9,8 +9,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = + +- update to 2.3.17.1 and pigeonhole to 0.5.17.1 +- rebased dovecot-2.3.0-better_ssl_defaults.patch + + Dovecot 2.3.17.1 + - dsync: Add back accidentically removed parameters. + - lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error + without errno. + - master: Dovecot failed to start if ssl_ca was too large. + Dovecot 2.3.17 + * Dovecot now logs a warning if time seems to jump forward at least + 100 milliseconds. + * dict: Lines logged by the dict process now contain the dict name as + the prefix. + * lib-index: mail_cache_fields, mail_always_cache_fields and + mail_never_cache_fields now verifies that the listed header names are + valid. Especially the UTF8 "–" character has sometimes been wrongly + used instead of the ASCII "-". + + *-login: Added login_proxy_rawlog_dir setting to capture + rawlogs between proxy and backend. + + dict: The server process now keeps the last 10 idle dict backends + cached for maximum of 30 seconds. Practically this acts as a + connection pool for dict-redis and dict-ldap. Note that this doesn't + affect dict-sql, because it already had its own internal cache. + + doveadm: New stats add/remove commands added to support changing the + metrics configuration on runtime. + + lazy_expunge: Added lazy_expunge_exclude settings to disable + lazy_expunge for specific folders. \Special-use flags can be used as + folder names. + + lib-lua: Added a new helper function dovecot.restrict_global_variables() + to disable or enable defining new global variables. + - LAYOUT=index List index rebuild was missing. + - LAYOUT=index: Duplicate GUIDs were not detected. + - acl: When using acl_ignore_namespace Dovecot attempted to access or + create dovecot-acl-list even when the namespace should have been + ignored. For virtual namespaces this could have yielded errors about + "Read-only file system" or "Permission denied". + - auth: Setting the "master" passdb field to empty value would + cause proxying to fail with an authentication error. + Now an empty "master" field is ignored. + - doveadm-server: Duplicate error lines were sent for failed commands. + This didn't normally cause visible problems, except when using + wildcards in usernames or -A parameter to go through multiple users. + - doveadm-server: Logs written by doveadm-server were often missing log + prefixes, especially mail_log_prefix for mail commands. Logs sent to + doveadm TCP client were also missing log prefixes. + - doveadm: v2.3 regression: batch command always crashes. + - doveadm: v2.3.11 regression: Commands failed if ssl_cert or + ssl_key files weren't readable by the user running doveadm, even + though doveadm didn't actually use these settings + - imap-hibernate: Process may crash at deinit: + Panic: file ioloop.c: line 928 (io_loop_destroy): assertion failed: + (ioloop->cur_ctx == NULL). + - imap: Using imap_fetch_failure=no-after can cause assert-crash + with some IMAP commands if reading the mail fails (e.g. wrong cached + mail size). Fixes: + Panic: file index-mail-headers.c: line 198 (index_mail_parse_header_init): + assertion failed: (!mail->data.header_parser_initialized) + - imap: v2.3.10 regression: When using INDEXPVT to enable private + \Seen flags (for shared or public namespaces) the STORE command did + not send untagged replies for the \Seen flag changes. + - imap: v2.3.15 regression: If PREVIEW/SNIPPET is not the final FETCH + option in the command, the IMAP FETCH response is broken. + - imap: v2.3.15 regression: MOVE command leaks mailbox if it can't be + opened and crashes at deinit: + Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: + ((*user)->refcount == 1). + - imapc: Copying nonexistent mail via imapc could have crashed. Fixes: + Panic: file mail-storage.c: line 2385 (mailbox_transaction_commit_get_changes): + assertion failed: (ret < 0 || seq_range_count(&changes_r->saved_uids) == save_count || + array_count(&changes_r->saved_uids) == 0). + - indexer: v2.3.15 regression: Process crashes if indexer-client + disconnects while it's waiting for command reply. This happened for + example if IMAP SEARCH triggered long fts indexing and the IMAP + client disconnected while waiting for the reply. + - indexer: v2.3.15 regression: Process may have crashed in some situations. + - indexer: v2.3.15 regression: indexer-worker processes may not have + reached the process_limit in some situations, possibly even using just + one indexer-worker process even though there were many indexing + requests queued. + - lib-compression: Reading lz4 compressed mdbox mails may crash. Fixes: + Panic: file istream.c: line 345 (i_stream_read_memarea): + assertion failed: (!stream->blocking). + - lib-compression: bench-compress crashes due to xz being read-only. + - lib-lua: Fix linking libdict_lua for non-GNU linkers when Lua support + is disabled. + - lib-mail: There was no limit on how large an email header name could be. + Processable header names are now limited to 1000 bytes. + - lib-oauth2: Dovecot disallowed JWT tokens if their validity time was + older than token creation time (nbf < iat). + - lib-storage: Reduce memory footprint of certain storage operations. + - lib-storage: When listing mailboxes with storage name escape + characters (^ or .) as part of the mailbox name, the listing could + show corrupted mailbox names. Due to an issue in handling escaped + parent folders, the listing of other mailbox names would become + corrupted by prepending parts of the previously listed mailboxes + parent folder as prefix to the actual mailbox names. The corruption + can occur when using LAYOUT=INDEX and maildir or obox, or when using + the listescape plugin. + - mail-crypt: Fix "-O" argument for "doveadm mailbox cryptokey password" + command to be a boolean, and not expect a string. + - submission-login: Add support for not authenticating to next hop in + submission proxying. + - submission-login: EHLO was not sent again after XCLIENT when doing + submission proxying. + - virtual: Mailboxes do not correctly detect underlying mailboxes + getting re-created even though they have a different UIDVALIDITY or + GUID. + Pigeonhole v0.5.17 + - duplicate: The Sieve duplicate test is prone to false negatives when + the user receives many e-mails concurrently, meaning that duplicate + deliveries can still occur. + - fileinto: v2.3.16 regression: Sieve delivery crashes if mail is + delivered to non-existing and existing folder. + - imap-filter-sieve: v2.3.15 regression: The CPU limits on Sieve + execution are too easily exceeded in IMAP context (the IMAPSieve and + FILTER=SIEVE capabilities). Changed the default to unlimited CPU time + for IMAP context, since similar excessive resource usage can be caused + by other means as well. The CPU limits on Sieve scripts executed at + LDA/LMTP delivery are still enforced by default. + - redirect: The Sieve redirect action has protections against users + triggering mail loops. Unfortunately, the detection of a redirect mail + loop sometimes causes the message to get lost if no other Sieve action + is applied that delivers the message somewhere else. + - redirect: v2.3.16 regression: With certain Sieve scripts if redirect + fails due to temporary failure, the lmtp process may crash after the + delivery. Fixes: + Panic: file mail-user.c: line 229 (mail_user_deinit): + assertion failed: ((*user)->refcount == 1). + ------------------------------------------------------------------- Tue Aug 10 22:38:15 UTC 2021 - Michael Ströder diff --git a/dovecot23.spec b/dovecot23.spec index d894509..b93e810 100644 --- a/dovecot23.spec +++ b/dovecot23.spec @@ -19,11 +19,11 @@ %global _lto_cflags %{nil} Name: dovecot23 -Version: 2.3.16 +Version: 2.3.17.1 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.16 -%define dovecot_pigeonhole_version 0.5.16 +%define dovecot_version 2.3.17.1 +%define dovecot_pigeonhole_version 0.5.17.1 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole