diff --git a/dovecot-2.3-pigeonhole-0.5.20.tar.gz b/dovecot-2.3-pigeonhole-0.5.20.tar.gz deleted file mode 100644 index 3542d59..0000000 --- a/dovecot-2.3-pigeonhole-0.5.20.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ae32bd4870ea2c1328ae09ba206e9ec12128046d6afca52fbbc9ef7f75617c98 -size 1945126 diff --git a/dovecot-2.3-pigeonhole-0.5.20.tar.gz.sig b/dovecot-2.3-pigeonhole-0.5.20.tar.gz.sig deleted file mode 100644 index 4eb2657..0000000 --- a/dovecot-2.3-pigeonhole-0.5.20.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmOkCEgXHGRvdmVjb3Qt -Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaElYw/+O7hK3Mg7RBygwlw2EuFBfz0Y -y+SC2l35ESVPHCd1U8zl7q3gKiahP8Y+knVpmXiytZ1xOfjf3fHROCH8nFQbNKu5 -U+BeYxuB0b6zJ6+zmptBWr8dkbPZ1gxc8hgbfRM5PMgn+C1uiiJ4YKNDCco1k5h6 -dj7JsgXpUILPPxFkJaUcGHG7u6BAtS5M6OxtjgTJM6FwjSzZsl5ZkuB/O1wuojrv -IJykKbE0fi9diz+CKSyiL8ge5FbxwFxei5jCVB3pAkdNnY9r+DBdOmnjmO2lYFkO -4zvkk2uK/zBHnR28DaAwLRziNNdGs/5QnEOGTx8d6XK5irHOdWUZ83H/LdAbhiKs -cNT5o0Wx0nnG0g/j6p2Clrmz8cVDuBtqE+Z2qDhHOc6VtEQXTkR4Z+wWNCJwHtCx -uws5jCHv9HcI/3AcxpzV99NofD/VJEs7C6Bmv1bhV3N9Rs6cq0KdcJYBSRsmTN4k -KBT7nRc4RCRvyiG/nmK6qO9YfGaShfalTXBzCuCcg5KSEC8J20Cv6NZUtXI4xom4 -buaw657Ss94YGId1dLzhKp7YJMHCNmtN/tIOlQpSls6D9JLCTSIkKNVg7mx5rf92 -R7Oa9ixWp1YFyX0G9agFBr4De43ATRFvRcUq+EVm8DJ3nx7emVFLFWEXzg7GJzVh -znJGpiGYdtsLpLeYHBA= -=0YWo ------END PGP SIGNATURE----- diff --git a/dovecot-2.3-pigeonhole-0.5.21.tar.gz b/dovecot-2.3-pigeonhole-0.5.21.tar.gz new file mode 100644 index 0000000..6f3586e --- /dev/null +++ b/dovecot-2.3-pigeonhole-0.5.21.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1ca71d2659076712058a72030288f150b2b076b0306453471c5261498d3ded27 +size 1955945 diff --git a/dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig b/dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig new file mode 100644 index 0000000..b38ac98 --- /dev/null +++ b/dovecot-2.3-pigeonhole-0.5.21.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmUD/LgXHGRvdmVjb3Qt +Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaEOrw//XMtJvAS4s+6VIJ1faAQFztKS +8lo3e6dd+EHKEMz70mXu/5tdEQS7JkiN+9O6CbjNY0+/zHmYmXXXiVCvldpSqDhe +9c2mIOeAg0C2EVY5Qf/RJ940ByF4Kd/ulUY6exaUycJkUccNEYgBGVWOnIwNDlV/ +hCLlJy1540nApo7ys9XVh3+WO2I3a8xVm5cRug6j0FD93rhmWc7dpeCe40j7xz0q +pMKGbGlQueRgeZ1NO7Qp+9ZIVyy9xIZIuNt13GwhD830ObpE2aGFfW6yxdmIRrgK +/wIp+fzdMbPLNbtmCdh1NXz88zC6KbEII1rHaL/KejK7XtOkzR06yOJYr/tgJN+s +BnWGQbCAVfBUMWdnvzgs0nTgzqattlXPqoD1v3TkMYXKYcf9Tow9RGNaDk0DXGCH +bx3+oBkfjUEvxDU7td4F7DMVjBQZpwhNA/TiGraabtPQKfR4zFcYQUyw3T3G+Rv3 +PZ32mTmC9TTN5blTxamvsrK2SpFT3uXm1ch019228pul0DtcvjcdZFgkyWl3I0Xy +Na/GEPlVodVVTx0cAGbUCeS6Ja3UG9Le4KjfYOEQ8gBeo5dD4/hrs0ZXHBri7XcW +0ackeYB4JrSDALumjbHTRL+vo9d0FbtpkxBq9RMXM/xVqMpzfSo3Ac3bViBh05pX +BXYU8Uy5LU0VjN7FpOI= +=a386 +-----END PGP SIGNATURE----- diff --git a/dovecot-2.3.20.tar.gz b/dovecot-2.3.20.tar.gz deleted file mode 100644 index fd22e76..0000000 --- a/dovecot-2.3.20.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:caa832eb968148abdf35ee9d0f534b779fa732c0ce4a913d9ab8c3469b218552 -size 7805735 diff --git a/dovecot-2.3.20.tar.gz.sig b/dovecot-2.3.20.tar.gz.sig deleted file mode 100644 index 596b545..0000000 --- a/dovecot-2.3.20.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmOkCDwXHGRvdmVjb3Qt -Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGPwxAAwmyTGtrDSyJzzjAuDP0lQVfo -v6MjLxmsS2LqrnA6coGpVszc5TsCMOhkk2TYpbIPk1G6Mc5ToW9ZrWKXZcyrk9hv -b2VSM04JF1eF+2D9jc4r0eCbrYVx4x0/UVvlZytsaq9b3Gw59NExS4BjOSzByOBD -QF3lUdlS1ZGb0iI6dJwlWcmIKJ9RsT2P4GodfkXZf68gi82yMEEtaYxeQzpQqarH -dZdl5UGWMUB+eP3VzeqtoPSRmFhLOu4hhKKBOSTK7JX8hNnzWyV0YQ89ZBksJsRb -PK5ou16tiWFzmnQ43Sy2W6FLfTog36YXVfvJaCc2zOzrcxD2oykLYealjEfBSUeg -FHaSIP8XCnV42PT3MQO931Zt7HphD3VSGslb3p+/fFmpZUtOKjVaNROlD1hvggr7 -A88YBZE6zffu1Xx9aNBTNu/NV3jFuQdfqpBT/jxwV/hEWaHgBjOwedGsNtiNE3bl -FdPc5JuJyOMAzXlAjy6IStL9LCQJpjbXOOgbDLo0KiZUh+K2faFOVcJNmAkhmWSd -jYq28HOmHfo7MIoa4CdmBQHKtKSR/OVaOIOOzVSUVCnlTuXm8qQQG5xjjToFN99U -TFbJiPvm+/HT6QyeNHH4mO6dUTZ9YdBuyj30P0Rffq0E4fZgz3ZBezwWSYj4bwXx -T63m4IEsocH8pQRKpJ0= -=aSIL ------END PGP SIGNATURE----- diff --git a/dovecot-2.3.21.tar.gz b/dovecot-2.3.21.tar.gz new file mode 100644 index 0000000..86c64a8 --- /dev/null +++ b/dovecot-2.3.21.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d +size 7837242 diff --git a/dovecot-2.3.21.tar.gz.sig b/dovecot-2.3.21.tar.gz.sig new file mode 100644 index 0000000..81ec178 --- /dev/null +++ b/dovecot-2.3.21.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJLBAABCgA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAmUD/KAXHGRvdmVjb3Qt +Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaGv3Q//bB9M8lEVqTyljhPFphhNLJvj +zxh9U08nUOpOV9X+IfVX4PcorS5SqrPU45ohVmstLhMf6+ONHLWqE9GHFJrwsvtC +/aPdX5ZPQN7/H76hW9rD+m9ytCkKC+sH2tf4RR8IWtfVjF2cU+jRbMcGSJ2SbKS4 +APOEMJgdtmh5vZTHMYCSv0+8+pi4LNm3pth6XbbneJ8cmoLlZ3kjUn63pb8atkwF +fhSNIMjb3ZKE4kJT+p01Q18DO5X4DQuPrjiuRPHLpe+PbsUYdu44Wuu+vsM/eSO2 +RQ3C+uoFg2DfhwkjLxiiTli+bnKONUKpBae3ckG1GO6cBqtPuDEIea2dcPOjJ3Ga +Vpssy+iq7qvGIZDC5YPmdRH6O0k4r0ntTljFlpg2SW7afE2tC1ipadCcwOsF9dUZ +DDF89o+k8s0kl8486YTIeTSwGBWJCQJPzmdA8hBxCcVTvvo5G+N2xxX6ZL+wqG3Y +vV43n/Xvi4GkrOS7Rp+SOMGS5E4/+VB2udC3qm1s6cFm0bFVXMGwbzFnKqpcGaYX +UDmbZAkKA4pCkEdNJIz1QUpNtQnf1vGHaMeW+IAW5xPjKJ15/M+GPZ0yeqv2Gt6I +v1J0EM5ZkgNJ+9NU093QxORdXrTD7bDMa5yOv/7ih+9Cx4r9GhdgS/T/3LZIncrg +xpKXvK/XKM7RFMhOnz4= +=fueB +-----END PGP SIGNATURE----- diff --git a/dovecot23.changes b/dovecot23.changes index 02b6707..d6b2989 100644 --- a/dovecot23.changes +++ b/dovecot23.changes @@ -1,3 +1,125 @@ +------------------------------------------------------------------- +Fri Sep 15 12:12:44 UTC 2023 - Arjen de Korte + +- update to 2.3.21 and pigeonhole 0.5.21 + + Dovecot 2.3.21 + * lib-oauth2: Allow JWT tokens to be validated with missing typ field. + The typ field is left out by some key issuers to conserve space, + notably kubernetes. Now missing typ is tolerated, but if present, it + still must be "jwt". + + auth: Auth passdb and userdb reply can contain "event_=value" + which will be added to login event and mail user event respectively. + + lib-master: Set process title during various initialization stages to + clearly describe what the process is waiting on. + + lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it + by 0..30% based on username's hash to reduce the chance of load spikes. + + lib-storage: The temp file scan has been moved from the open of the + mailbox to the close, to reduce the latency perceived by users. + + stats: If metric has fields specified, all these fields are + exported as counters to prometheus exposition. + See https://doc.dovecot.org/configuration_manual/stats/openmetrics/. + - *-login: Processes might have crashed when a SSL connection disconnects + uncleanly. + - acl: When plugin was loaded \HasChildren and \HasNoChildren flags + were calculated incorrectly for mailboxes containing '*' and '%' + in their names. + - auth: Crash occured if a connection to PostgreSQL database server + failed during startup. + - auth: Logins with invalid passwords (e.g. unknown scheme) in passdb + were failing with "password mismatch" instead of "internal error". + - auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol + specific error message on all errors. This especially broke OIDC + discovery. + - dbox: When last_temp_file_scan header wasn't set (especially after + dsync migration), the next mailbox open always triggers the temp file + scan. This could have caused a load spike after migrations. Fixed by + using the mailbox directory's atime when the header isn't set, which + usually moves the scan time into the future. + - dict-redis: A crash would occur on transaction rollback. + - dsync: Infinite loop causing out of memory would occur when handling + mailbox deletion from remote end and hierarchy separators would differ. + - dsync: Incremental dsync failed for folder names ending with '%', + unless BROKENCHAR was set. Also folder names with '%' elsewhere in + them caused each incremental dsync to unnecessarily rename the folder + to a temporary name and back. v2.3.19 regression. + - imap-hibernate: If an IMAP client unhibernation timed out with + "(version received)", the unhibernation could still have successfully + finished later on and continued working normally. This was rather + confusing, because imap-hibernate already logged that the client got + disconnected. Avoid this by forcing the connection to shutdown on + unhibernation timeout. + - imapc: Crashed when a folder mapped through the virtual plugin + disappears from the storage. + - imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously + selected mailbox could have been processed as if they belonged to the + new mailbox currently being selected. This could have caused warnings. + - lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have + disconnected HTTP clients before the response is fully sent. This + happened only on busy servers where kernel's socket buffers were + rather full. + - lib-http: Fixed a potential crash on http-server if a client + disconnected early. v2.3.18 regression. + - lib-index: Index file corruption could have caused a crash. Fixes: + Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set): + assertion failed: (min_file_seq <= max_file_seq). + - lib-index: Purging an existing >1GB cache file can crash. Now cache + files still above 1GB after purging are removed. Fixes: + Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset): + assertion failed: (offset < 0x40000000) + - lib-lua: A HTTP client could not resolve DNS names in mail processes, + because it expected "the dns-client" socket to exist in the current + directory. + - lib-oauth2: Dovecot would send client_id and client_secret as POST + parameters to the introspection server. These need to be optionally in + Basic auth instead. + - lib-oauth2: JWT aud validation was not performed if aud was missing + from a token, but was configured on Dovecot. + - lib-oauth2: JWT key type check was too strict. + - lib-oauth2: JWT token audience was not validated against client_id as + required by the specification. + - lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused + CRL check failures for outgoing SSL/TLS connections, although it was + supposed to affect checking CRLs only for client-side SSL + certificates. v2.3.17 regression. + - lib-sql: MySQL driver leaked memory when connection failed. + - lib-storage: Various fixes when running into out of disk space. + - master: Service idle_kill setting didn't work properly on busy + servers. It was very unlikely that any process was idling long enough + to become killed. Also the idle_kill handling code was using quite a + lot of CPU on the master process when there were a lot of processes + (e.g. imap). The new behavior is to track the lowest number of idling + processes every idle_kill time interval and then kill that many idling + processes. + - mdbox: Temp file scan was done for always empty directories. + - mdbox: The fdatasync() call was done in wrong parent directory when + writing mails. Also on a failure it crashed instead of logging an error. + - notify_status: The plugin crashes if any user initialization fails. + - pop3: Sending command with the ':' character caused an assert-crash. + v2.3.18 regression. Fixes: Panic: event_reason_code_prefix(): name has ':' + - stats: Fix panic when a nonexistent event exporter was referenced while + adding a new metric dynamically via doveadm stats add. This produces + a proper error now. + - stats: If process exported a lot of events and then exited, some of + the last events may have become lost. + - stats: Invalid Prometheus label names were created with specific + histogram group_by configurations. Prometheus rejected these labels. + - welcome: The plugin didn't execute in some situations that created + INBOX but didn't open it, e.g. if GETMETADATA was used before the + INBOX was opened. + + Pigeonhole v0.5.21 + - sieve: Using the deleteheader action on a message with a broken/invalid + header can cause the Sieve interpreter to crash with an assert panic. + This can happen e.g. when the message is missing the empty EOH line + between the headers and the body of the message. Fixes: + Panic: file edit-mail.c: line 820 (edit_mail_headers_parse): + assertion failed: (body_offset > 0). + - sieve: Pigeonhole added an extra Message-ID header during mail + forwarding when the existing one was invalid. Now it adds the + Message-ID only if it is entirely missing. Existing Message-ID(s) are + left unchanged. + ------------------------------------------------------------------- Mon Mar 27 09:15:10 UTC 2023 - Martin Liška diff --git a/dovecot23.spec b/dovecot23.spec index 32850a3..d1b16ae 100644 --- a/dovecot23.spec +++ b/dovecot23.spec @@ -17,11 +17,11 @@ Name: dovecot23 -Version: 2.3.20 +Version: 2.3.21 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.20 -%define dovecot_pigeonhole_version 0.5.20 +%define dovecot_version 2.3.21 +%define dovecot_pigeonhole_version 0.5.21 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole