Accepting request 1111575 from home:adkorte:branches:server:mail

- update to 2.3.21 and pigeonhole 0.5.21 Dovecot 2.3.21 * lib-oauth2: Allow JWT tokens to be validated with missing typ field. The typ field is left out by some key issuers to conserve space, notably kubernetes. Now missing typ is tolerated, but if present, it still must be "jwt". + auth: Auth passdb and userdb reply can contain "event_<name>=value" which will be added to login event and mail user event respectively. + lib-master: Set process title during various initialization stages to clearly describe what the process is waiting on. + lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it by 0..30% based on username's hash to reduce the chance of load spikes. + lib-storage: The temp file scan has been moved from the open of the mailbox to the close, to reduce the latency perceived by users. + stats: If metric has fields specified, all these fields are exported as counters to prometheus exposition. See https://doc.dovecot.org/configuration_manual/stats/openmetrics/. OBS-URL: https://build.opensuse.org/request/show/1111575 OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=117
2023-09-15 14:23:31 +00:00 · 2023-09-15 14:23:31 +00:00 · f739a90376
commit f739a90376
parent a08d42cae4
10 changed files with 165 additions and 43 deletions
--- a/dovecot-2.3-pigeonhole-0.5.20.tar.gz
+++ b/dovecot-2.3-pigeonhole-0.5.20.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae32bd4870ea2c1328ae09ba206e9ec12128046d6afca52fbbc9ef7f75617c98
-size 1945126
--- a/dovecot-2.3-pigeonhole-0.5.20.tar.gz.sig
+++ b/dovecot-2.3-pigeonhole-0.5.20.tar.gz.sig
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmOkCEgXHGRvdmVjb3Qt
-Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaElYw/+O7hK3Mg7RBygwlw2EuFBfz0Y
-y+SC2l35ESVPHCd1U8zl7q3gKiahP8Y+knVpmXiytZ1xOfjf3fHROCH8nFQbNKu5
-U+BeYxuB0b6zJ6+zmptBWr8dkbPZ1gxc8hgbfRM5PMgn+C1uiiJ4YKNDCco1k5h6
-dj7JsgXpUILPPxFkJaUcGHG7u6BAtS5M6OxtjgTJM6FwjSzZsl5ZkuB/O1wuojrv
-IJykKbE0fi9diz+CKSyiL8ge5FbxwFxei5jCVB3pAkdNnY9r+DBdOmnjmO2lYFkO
-4zvkk2uK/zBHnR28DaAwLRziNNdGs/5QnEOGTx8d6XK5irHOdWUZ83H/LdAbhiKs
-cNT5o0Wx0nnG0g/j6p2Clrmz8cVDuBtqE+Z2qDhHOc6VtEQXTkR4Z+wWNCJwHtCx
-uws5jCHv9HcI/3AcxpzV99NofD/VJEs7C6Bmv1bhV3N9Rs6cq0KdcJYBSRsmTN4k
-KBT7nRc4RCRvyiG/nmK6qO9YfGaShfalTXBzCuCcg5KSEC8J20Cv6NZUtXI4xom4
-buaw657Ss94YGId1dLzhKp7YJMHCNmtN/tIOlQpSls6D9JLCTSIkKNVg7mx5rf92
-R7Oa9ixWp1YFyX0G9agFBr4De43ATRFvRcUq+EVm8DJ3nx7emVFLFWEXzg7GJzVh
-znJGpiGYdtsLpLeYHBA=
-=0YWo
-----END PGP SIGNATURE-----
--- a/dovecot-2.3-pigeonhole-0.5.21.tar.gz
+++ b/dovecot-2.3-pigeonhole-0.5.21.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1ca71d2659076712058a72030288f150b2b076b0306453471c5261498d3ded27
+size 1955945
--- a/dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig
+++ b/dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmUD/LgXHGRvdmVjb3Qt
+Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaEOrw//XMtJvAS4s+6VIJ1faAQFztKS
+8lo3e6dd+EHKEMz70mXu/5tdEQS7JkiN+9O6CbjNY0+/zHmYmXXXiVCvldpSqDhe
+9c2mIOeAg0C2EVY5Qf/RJ940ByF4Kd/ulUY6exaUycJkUccNEYgBGVWOnIwNDlV/
+hCLlJy1540nApo7ys9XVh3+WO2I3a8xVm5cRug6j0FD93rhmWc7dpeCe40j7xz0q
+pMKGbGlQueRgeZ1NO7Qp+9ZIVyy9xIZIuNt13GwhD830ObpE2aGFfW6yxdmIRrgK
+/wIp+fzdMbPLNbtmCdh1NXz88zC6KbEII1rHaL/KejK7XtOkzR06yOJYr/tgJN+s
+BnWGQbCAVfBUMWdnvzgs0nTgzqattlXPqoD1v3TkMYXKYcf9Tow9RGNaDk0DXGCH
+bx3+oBkfjUEvxDU7td4F7DMVjBQZpwhNA/TiGraabtPQKfR4zFcYQUyw3T3G+Rv3
+PZ32mTmC9TTN5blTxamvsrK2SpFT3uXm1ch019228pul0DtcvjcdZFgkyWl3I0Xy
+Na/GEPlVodVVTx0cAGbUCeS6Ja3UG9Le4KjfYOEQ8gBeo5dD4/hrs0ZXHBri7XcW
+0ackeYB4JrSDALumjbHTRL+vo9d0FbtpkxBq9RMXM/xVqMpzfSo3Ac3bViBh05pX
+BXYU8Uy5LU0VjN7FpOI=
+=a386
+-----END PGP SIGNATURE-----
--- a/dovecot-2.3.20.tar.gz
+++ b/dovecot-2.3.20.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:caa832eb968148abdf35ee9d0f534b779fa732c0ce4a913d9ab8c3469b218552
-size 7805735
--- a/dovecot-2.3.20.tar.gz.sig
+++ b/dovecot-2.3.20.tar.gz.sig
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmOkCDwXHGRvdmVjb3Qt
-Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGPwxAAwmyTGtrDSyJzzjAuDP0lQVfo
-v6MjLxmsS2LqrnA6coGpVszc5TsCMOhkk2TYpbIPk1G6Mc5ToW9ZrWKXZcyrk9hv
-b2VSM04JF1eF+2D9jc4r0eCbrYVx4x0/UVvlZytsaq9b3Gw59NExS4BjOSzByOBD
-QF3lUdlS1ZGb0iI6dJwlWcmIKJ9RsT2P4GodfkXZf68gi82yMEEtaYxeQzpQqarH
-dZdl5UGWMUB+eP3VzeqtoPSRmFhLOu4hhKKBOSTK7JX8hNnzWyV0YQ89ZBksJsRb
-PK5ou16tiWFzmnQ43Sy2W6FLfTog36YXVfvJaCc2zOzrcxD2oykLYealjEfBSUeg
-FHaSIP8XCnV42PT3MQO931Zt7HphD3VSGslb3p+/fFmpZUtOKjVaNROlD1hvggr7
-A88YBZE6zffu1Xx9aNBTNu/NV3jFuQdfqpBT/jxwV/hEWaHgBjOwedGsNtiNE3bl
-FdPc5JuJyOMAzXlAjy6IStL9LCQJpjbXOOgbDLo0KiZUh+K2faFOVcJNmAkhmWSd
-jYq28HOmHfo7MIoa4CdmBQHKtKSR/OVaOIOOzVSUVCnlTuXm8qQQG5xjjToFN99U
-TFbJiPvm+/HT6QyeNHH4mO6dUTZ9YdBuyj30P0Rffq0E4fZgz3ZBezwWSYj4bwXx
-T63m4IEsocH8pQRKpJ0=
-=aSIL
-----END PGP SIGNATURE-----
--- a/dovecot-2.3.21.tar.gz
+++ b/dovecot-2.3.21.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d
+size 7837242
--- a/dovecot-2.3.21.tar.gz.sig
+++ b/dovecot-2.3.21.tar.gz.sig
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmUD/KAXHGRvdmVjb3Qt
+Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGv3Q//bB9M8lEVqTyljhPFphhNLJvj
+zxh9U08nUOpOV9X+IfVX4PcorS5SqrPU45ohVmstLhMf6+ONHLWqE9GHFJrwsvtC
+/aPdX5ZPQN7/H76hW9rD+m9ytCkKC+sH2tf4RR8IWtfVjF2cU+jRbMcGSJ2SbKS4
+APOEMJgdtmh5vZTHMYCSv0+8+pi4LNm3pth6XbbneJ8cmoLlZ3kjUn63pb8atkwF
+fhSNIMjb3ZKE4kJT+p01Q18DO5X4DQuPrjiuRPHLpe+PbsUYdu44Wuu+vsM/eSO2
+RQ3C+uoFg2DfhwkjLxiiTli+bnKONUKpBae3ckG1GO6cBqtPuDEIea2dcPOjJ3Ga
+Vpssy+iq7qvGIZDC5YPmdRH6O0k4r0ntTljFlpg2SW7afE2tC1ipadCcwOsF9dUZ
+DDF89o+k8s0kl8486YTIeTSwGBWJCQJPzmdA8hBxCcVTvvo5G+N2xxX6ZL+wqG3Y
+vV43n/Xvi4GkrOS7Rp+SOMGS5E4/+VB2udC3qm1s6cFm0bFVXMGwbzFnKqpcGaYX
+UDmbZAkKA4pCkEdNJIz1QUpNtQnf1vGHaMeW+IAW5xPjKJ15/M+GPZ0yeqv2Gt6I
+v1J0EM5ZkgNJ+9NU093QxORdXrTD7bDMa5yOv/7ih+9Cx4r9GhdgS/T/3LZIncrg
+xpKXvK/XKM7RFMhOnz4=
+=fueB
+-----END PGP SIGNATURE-----
--- a/dovecot23.changes
+++ b/dovecot23.changes
@ -1,3 +1,125 @@
+-------------------------------------------------------------------
+Fri Sep 15 12:12:44 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 2.3.21 and pigeonhole 0.5.21
+
+  Dovecot 2.3.21
+  * lib-oauth2: Allow JWT tokens to be validated with missing typ field.
+    The typ field is left out by some key issuers to conserve space,
+    notably kubernetes. Now missing typ is tolerated, but if present, it
+    still must be "jwt".
+  + auth: Auth passdb and userdb reply can contain "event_<name>=value"
+    which will be added to login event and mail user event respectively.
+  + lib-master: Set process title during various initialization stages to
+    clearly describe what the process is waiting on.
+  + lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
+    by 0..30% based on username's hash to reduce the chance of load spikes.
+  + lib-storage: The temp file scan has been moved from the open of the
+    mailbox to the close, to reduce the latency perceived by users.
+  + stats: If metric has fields specified, all these fields are
+    exported as counters to prometheus exposition.
+    See https://doc.dovecot.org/configuration_manual/stats/openmetrics/.
+  - *-login: Processes might have crashed when a SSL connection disconnects
+    uncleanly.
+  - acl: When plugin was loaded \HasChildren and \HasNoChildren flags
+    were calculated incorrectly for mailboxes containing '*' and '%'
+    in their names.
+  - auth: Crash occured if a connection to PostgreSQL database server
+    failed during startup.
+  - auth: Logins with invalid passwords (e.g. unknown scheme) in passdb
+    were failing with "password mismatch" instead of "internal error".
+  - auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol
+    specific error message on all errors. This especially broke OIDC
+    discovery.
+  - dbox: When last_temp_file_scan header wasn't set (especially after
+    dsync migration), the next mailbox open always triggers the temp file
+    scan. This could have caused a load spike after migrations. Fixed by
+    using the mailbox directory's atime when the header isn't set, which
+    usually moves the scan time into the future.
+  - dict-redis: A crash would occur on transaction rollback.
+  - dsync: Infinite loop causing out of memory would occur when handling
+    mailbox deletion from remote end and hierarchy separators would differ.
+  - dsync: Incremental dsync failed for folder names ending with '%',
+    unless BROKENCHAR was set. Also folder names with '%' elsewhere in
+    them caused each incremental dsync to unnecessarily rename the folder
+    to a temporary name and back. v2.3.19 regression.
+  - imap-hibernate: If an IMAP client unhibernation timed out with
+    "(version received)", the unhibernation could still have successfully
+    finished later on and continued working normally. This was rather
+    confusing, because imap-hibernate already logged that the client got
+    disconnected. Avoid this by forcing the connection to shutdown on
+    unhibernation timeout.
+  - imapc: Crashed when a folder mapped through the virtual plugin
+    disappears from the storage.
+  - imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously
+    selected mailbox could have been processed as if they belonged to the
+    new mailbox currently being selected. This could have caused warnings.
+  - lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have
+    disconnected HTTP clients before the response is fully sent. This
+    happened only on busy servers where kernel's socket buffers were
+    rather full.
+  - lib-http: Fixed a potential crash on http-server if a client
+    disconnected early. v2.3.18 regression.
+  - lib-index: Index file corruption could have caused a crash. Fixes:
+    Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set):
+    assertion failed: (min_file_seq <= max_file_seq).
+  - lib-index: Purging an existing >1GB cache file can crash. Now cache
+    files still above 1GB after purging are removed. Fixes:
+    Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset):
+    assertion failed: (offset < 0x40000000)
+  - lib-lua: A HTTP client could not resolve DNS names in mail processes,
+    because it expected "the dns-client" socket to exist in the current
+    directory.
+  - lib-oauth2: Dovecot would send client_id and client_secret as POST
+    parameters to the introspection server. These need to be optionally in
+    Basic auth instead.
+  - lib-oauth2: JWT aud validation was not performed if aud was missing
+    from a token, but was configured on Dovecot.
+  - lib-oauth2: JWT key type check was too strict.
+  - lib-oauth2: JWT token audience was not validated against client_id as
+    required by the specification.
+  - lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused
+    CRL check failures for outgoing SSL/TLS connections, although it was
+    supposed to affect checking CRLs only for client-side SSL
+    certificates. v2.3.17 regression.
+  - lib-sql: MySQL driver leaked memory when connection failed.
+  - lib-storage: Various fixes when running into out of disk space.
+  - master: Service idle_kill setting didn't work properly on busy
+    servers. It was very unlikely that any process was idling long enough
+    to become killed. Also the idle_kill handling code was using quite a
+    lot of CPU on the master process when there were a lot of processes
+    (e.g. imap). The new behavior is to track the lowest number of idling
+    processes every idle_kill time interval and then kill that many idling
+    processes.
+  - mdbox: Temp file scan was done for always empty directories.
+  - mdbox: The fdatasync() call was done in wrong parent directory when
+    writing mails. Also on a failure it crashed instead of logging an error.
+  - notify_status: The plugin crashes if any user initialization fails.
+  - pop3: Sending command with the ':' character caused an assert-crash.
+    v2.3.18 regression. Fixes: Panic: event_reason_code_prefix(): name has ':'
+  - stats: Fix panic when a nonexistent event exporter was referenced while
+    adding a new metric dynamically via doveadm stats add. This produces
+    a proper error now.
+  - stats: If process exported a lot of events and then exited, some of
+    the last events may have become lost.
+  - stats: Invalid Prometheus label names were created with specific
+    histogram group_by configurations. Prometheus rejected these labels.
+  - welcome: The plugin didn't execute in some situations that created
+    INBOX but didn't open it, e.g. if GETMETADATA was used before the
+    INBOX was opened.
+
+  Pigeonhole v0.5.21
+  - sieve: Using the deleteheader action on a message with a broken/invalid
+    header can cause the Sieve interpreter to crash with an assert panic.
+    This can happen e.g. when the message is missing the empty EOH line
+    between the headers and the body of the message. Fixes:
+    Panic: file edit-mail.c: line 820 (edit_mail_headers_parse):
+    assertion failed: (body_offset > 0).
+  - sieve: Pigeonhole added an extra Message-ID header during mail
+    forwarding when the existing one was invalid. Now it adds the
+    Message-ID only if it is entirely missing. Existing Message-ID(s) are
+    left unchanged.
+
 -------------------------------------------------------------------
 Mon Mar 27 09:15:10 UTC 2023 - Martin Liška <mliska@suse.cz>

--- a/dovecot23.spec
+++ b/dovecot23.spec
@ -17,11 +17,11 @@


 Name:           dovecot23
-Version:        2.3.20
+Version:        2.3.21
 Release:        0
 %define pkg_name dovecot
-%define dovecot_version 2.3.20
-%define dovecot_pigeonhole_version 0.5.20
+%define dovecot_version 2.3.21
+%define dovecot_pigeonhole_version 0.5.21
 %define dovecot_branch  2.3
 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole