From febef4fd55e54cd4a500d52c16b3b3863e77256bec56e28ea16ea608ec3e6612 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Mon, 4 Jan 2021 16:18:10 +0000 Subject: [PATCH] Accepting request 860209 from home:adkorte:branches:server:mail - update to 2.3.13 and pigeonhole to 0.5.13 Dovecot 2.3.13 * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to allow logged in user to access other people's emails and filesystem information. * Metric filter and global event filter variable syntax changed to a SQL-like format. See https://doc.dovecot.org/configuration_manual/event_filter/ * auth: Added new aliases for %{variables}. Usage of the old ones is possible, but discouraged. * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth mechanism and related password schemes. * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. * auth: Removed postfix postmap socket + auth: Added new fields for auth server events. These fields are now also available for all auth events. See https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server for details. + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated and imap_client_unhibernate_retried events. See https://doc.dovecot.org/admin_manual/list_of_events/ for details. + lib-index: Added new mail_index_recreated event. See https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + lib-sql: Support TLS options for cassandra driver. This requires cpp-driver v2.15 (or later) to work reliably. + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now added to existing mails if mail_attachment_detection_option=add-flags and it can be done inexpensively. + login proxy: Added login_proxy_max_reconnects setting (default 3) to control how many reconnections are attempted. OBS-URL: https://build.opensuse.org/request/show/860209 OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=87 --- dovecot-2.3-pigeonhole-0.5.13.tar.gz | 3 + dovecot-2.3-pigeonhole-0.5.13.tar.gz.sig | 17 +++ dovecot-2.3.11.3-ftbfs1.patch | 15 -- dovecot-2.3.11.3-ftbfs2.patch | 22 --- dovecot-2.3.11.3-gssapi-nul.patch | 22 --- dovecot-2.3.11.3.tar.gz | 3 - dovecot-2.3.11.3.tar.gz.sig | 17 --- dovecot-2.3.13.tar.gz | 3 + dovecot-2.3.13.tar.gz.sig | 17 +++ dovecot23.changes | 181 +++++++++++++++++++++++ dovecot23.spec | 16 +- 11 files changed, 225 insertions(+), 91 deletions(-) create mode 100644 dovecot-2.3-pigeonhole-0.5.13.tar.gz create mode 100644 dovecot-2.3-pigeonhole-0.5.13.tar.gz.sig delete mode 100644 dovecot-2.3.11.3-ftbfs1.patch delete mode 100644 dovecot-2.3.11.3-ftbfs2.patch delete mode 100644 dovecot-2.3.11.3-gssapi-nul.patch delete mode 100644 dovecot-2.3.11.3.tar.gz delete mode 100644 dovecot-2.3.11.3.tar.gz.sig create mode 100644 dovecot-2.3.13.tar.gz create mode 100644 dovecot-2.3.13.tar.gz.sig diff --git a/dovecot-2.3-pigeonhole-0.5.13.tar.gz b/dovecot-2.3-pigeonhole-0.5.13.tar.gz new file mode 100644 index 0000000..3ab72aa --- /dev/null +++ b/dovecot-2.3-pigeonhole-0.5.13.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:911fe566da5b638eab1b11105314300bc9049cc3832d4bd2aed44c265013bf17 +size 1908839 diff --git a/dovecot-2.3-pigeonhole-0.5.13.tar.gz.sig b/dovecot-2.3-pigeonhole-0.5.13.tar.gz.sig new file mode 100644 index 0000000..49b22f3 --- /dev/null +++ b/dovecot-2.3-pigeonhole-0.5.13.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAl/yu38XHGRvdmVjb3Qt +Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaE8qw//b7fp+mFRsFnqtVB+VDgFB2e8 +oB6f1EaeCkzCkYDFxdYcuHiXAgXOHDezBAhJmQTI+h4NkPdodiz0bx/bKQoOrRGW +fS0pY1cT6n/6oDZsLTZGLDt5HOLrFtg8PTIcOQ3MIO5nOdy1Jo3bkRslNvL/87N1 +cQGJENuVv71jS6gNdPfjcseCYPr3UudGBmFlSAYXKJX+xgoJezQA+T+4VGmvj/RM +3Ib7lFs8ZrWAhnOvRp4Q9H4j2efuIUGt8o1IdcFLIml7t1ahGsEwr93ZPoTrSkAc +o9swm1FIfUaa2L8V05jDEj/s4raWJkhcZt2ViIGMC1UrXk08f1Qi0h4570p8Pxsa +qPui1iv9KbCKz1i1vC+Uk3d4FFt6/n9YmabGDZLEDmYx/I+RGd+o2YtaJvaOe3oU +9WYFRXnor1d2cyJsvNO5wuRIMlm+HAkhZhP6amwukbiZ+YQ3ZoJot4PuvrmO5yqQ +sOTjm2qFYUckZaCbzAPUypNMms/lujbFf1/LS2/E9+Pe33cJ2eHopmmcvA/9duxo +YFCs0GJEDdMifVRRdcO0jlX13SISlIIJMs1LhAOom8T6IFtD5k/Ddaodf7Ov4AxX +AWVFhSheQp8aBgDbULjqYSW9CJ7nLIkn4FVRfBUzIcG2MYuZdyr0dw9uQLi8stRH +pVMTu+Omdf9sbleogp4= +=OJTQ +-----END PGP SIGNATURE----- diff --git a/dovecot-2.3.11.3-ftbfs1.patch b/dovecot-2.3.11.3-ftbfs1.patch deleted file mode 100644 index d3a403a..0000000 --- a/dovecot-2.3.11.3-ftbfs1.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index cf05370035..0a030a2be0 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -196,8 +196,8 @@ test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_ - { - string_t *apop_challenge = t_str_new(128); - -- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(), -- connect_uid, process_start_time+10); -+ str_printfa(apop_challenge,"<%lx.%lx.%"PRIxTIME_T".", (unsigned long)getpid(), -+ (unsigned long)connect_uid, process_start_time+10); - str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26); - *len_r = apop_challenge->used; - return apop_challenge->data; diff --git a/dovecot-2.3.11.3-ftbfs2.patch b/dovecot-2.3.11.3-ftbfs2.patch deleted file mode 100644 index d498add..0000000 --- a/dovecot-2.3.11.3-ftbfs2.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c -index 0a030a2be0..0a22ff46d0 100644 ---- a/src/auth/test-mech.c -+++ b/src/auth/test-mech.c -@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct auth_request *request, - } - - static inline const unsigned char * --test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) -+test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r) - { - string_t *apop_challenge = t_str_new(128); - -@@ -323,7 +323,7 @@ static void test_mechs(void) - struct test_case *test_case = &tests[running_test]; - const struct mech_module *mech = test_case->mech; - struct auth_request *request; -- const char *testname = t_strdup_printf("auth mech %s %d/%lu", -+ const char *testname = t_strdup_printf("auth mech %s %d/%zu", - mech->mech_name, - running_test+1, - N_ELEMENTS(tests)); diff --git a/dovecot-2.3.11.3-gssapi-nul.patch b/dovecot-2.3.11.3-gssapi-nul.patch deleted file mode 100644 index 2907465..0000000 --- a/dovecot-2.3.11.3-gssapi-nul.patch +++ /dev/null @@ -1,22 +0,0 @@ -From aae316881127017af2ba20e478251132a05f7dc0 Mon Sep 17 00:00:00 2001 -From: "Paul G. Banks" -Date: Sun, 16 Aug 2020 10:57:36 +0100 -Subject: [PATCH] Fix: GSSAPI can contain NUL. - ---- - src/auth/mech-gssapi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c -index f29e48da88..966273d388 100644 ---- a/src/auth/mech-gssapi.c -+++ b/src/auth/mech-gssapi.c -@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request) - const struct mech_module mech_gssapi = { - "GSSAPI", - -- .flags = 0, -+ .flags = MECH_SEC_ALLOW_NULS, - .passdb_need = MECH_PASSDB_NEED_NOTHING, - - mech_gssapi_auth_new, diff --git a/dovecot-2.3.11.3.tar.gz b/dovecot-2.3.11.3.tar.gz deleted file mode 100644 index f0183c9..0000000 --- a/dovecot-2.3.11.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d3d9ea9010277f57eb5b9f4166a5d2ba539b172bd6d5a2b2529a6db524baafdc -size 7353412 diff --git a/dovecot-2.3.11.3.tar.gz.sig b/dovecot-2.3.11.3.tar.gz.sig deleted file mode 100644 index f4d6fa5..0000000 --- a/dovecot-2.3.11.3.tar.gz.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAl8z40wXHGRvdmVjb3Qt -Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaFrkw//c5eVa6F4iC8Fl9YAnBAqzYi5 -d2Jy4kOYCLJnSq1FTp+0Bh6iyxIFBVFanubpqNoxxNtvzbjuKGlpB+a4yvvyY4tf -zjOvOtAVxzxvVurMxinnLjLtNdUSP55IDWmOVBZC3XipbrkCTkkpbnZBlcm9YxTJ -9+wT4KWX8o+hddNZZ7A7GVb4J1eHeAdAkXslWSzCBPRhsSFKvUPmZtklbxfZCZiw -Ug7MspDT60oFOkRGiZ08CYbYsNKw7MFeqXxEIAHq/XX64blE3i3XudTq1m4I3j9V -1+Pzr8UB1qXG3zP1Tysdhn06GzwU3BVrWTrr8QmaYaQtWM1LC/ffF0uqVzWSNrud -yMoGc3n2bH7CZmtiIFBLhNohe9MkUusTjKSKxj7659tH/Pq+I1XZ8dtXc0eNaNUi -LYKmGf0l3T4cyB+INWN/1sLMsUJ25XhUABJo0C5Ovv8jsSqoPE/sglvBNLqad+cy -tvPm6JrivOu2hMgSMjCfc5Z3/I6Qyv9m3HVg1V08HlT9T+TDpW3V3zLfYHI9UZib -UjAKI5Fs4HYvv2v03irqlo9rkfpWCrtrd4G1dG3erM9rWe68vewtUP9nMI9UYC3g -jClpSmg2o8uZj0imj60JE0+HoBLa+tk52M2Umiil0EVAE9dbT91qdWaeP+pylDvM -oRClJm6uemmLrtE9MHk= -=rtpE ------END PGP SIGNATURE----- diff --git a/dovecot-2.3.13.tar.gz b/dovecot-2.3.13.tar.gz new file mode 100644 index 0000000..a7ccb20 --- /dev/null +++ b/dovecot-2.3.13.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3f875b80ec11a452480690108660030978c94fa8e796ad6d943a874b496f1c4 +size 7456073 diff --git a/dovecot-2.3.13.tar.gz.sig b/dovecot-2.3.13.tar.gz.sig new file mode 100644 index 0000000..6ff9192 --- /dev/null +++ b/dovecot-2.3.13.tar.gz.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJLBAABCAA1FiEEK+dKqz7nVN+5yA0zGKNIru1AnaEFAl/yu3IXHGRvdmVjb3Qt +Y2VAZG92ZWNvdC5vcmcACgkQGKNIru1AnaFxwg/9HOfizq4fLMPRI9AHgouZis5/ +GaQI2u1cI6eGr/+rtuArP1u067KBIyST1cxQq5c3FmYZHWILj3nAKAYpQaRM57mT +/fshtKNBRWJxYLzkbAQqfji2Pkzso8a8hBjj+cpD3ipcjXzBQGPzLaMmSWqNTvj/ +AURY5q5eMN+cqnV27S+GDenId9wXHx15R0dxbLUsDY4P+kbiopEIQcQG3WoGJtiW +p1aolB2LCcKEtRSZkIWC1+A4CwMfFC8+/KgT4tsNWsCr9oTSSqYrDgQH6UOFL1O6 +dmiekdCpaoAIYxhvD/mKXV0YH8wn0HCP6YOxf/6g4GQNZLBqsyxiy988li5VnUVm +Lq26RsYeXOuuq5YsNI2deyaJbeGKeJQSQLfH1n/z2nXP+iTE7BItqUe3yQS1Xsbl +Oxuj8jfxaE0RGq3X5iICxyd36KzbDq1tL1nuKlwI9CoiBCxDURMMGtdi6vme/p3q +itWyiwYRuB3PkXDSRL4ZFz/MBBT2NglGqjvStXO4Q9C9afV070E5ZnufNp62+SAr +pTLRb75ILBy2XagVm63w0nVNWGDPsIDS7WjsMJq7GMoshMoC/WLQsq3hS+4ZWnf3 +oK2C4EiMW7pzLK4vm8rM/OQtCxWxJRdHdjuSuRGsH2LfxSRRxRWFHLKcAZpUwIP5 +xSd8abhsc676L2zgCbo= +=TFqL +-----END PGP SIGNATURE----- diff --git a/dovecot23.changes b/dovecot23.changes index 1ae8df7..8e87a6a 100644 --- a/dovecot23.changes +++ b/dovecot23.changes @@ -1,3 +1,184 @@ +------------------------------------------------------------------- +Mon Jan 4 12:16:00 UTC 2021 - Arjen de Korte + +- update to 2.3.13 and pigeonhole to 0.5.13 + + Dovecot 2.3.13 + * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to + allow logged in user to access other people's emails and filesystem + information. + * Metric filter and global event filter variable syntax changed to a + SQL-like format. See + https://doc.dovecot.org/configuration_manual/event_filter/ + * auth: Added new aliases for %{variables}. Usage of the old ones is + possible, but discouraged. + * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth + mechanism and related password schemes. + * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail. + * auth: Removed postfix postmap socket + + auth: Added new fields for auth server events. These fields are now + also available for all auth events. See + https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server + for details. + + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated + and imap_client_unhibernate_retried events. See + https://doc.dovecot.org/admin_manual/list_of_events/ for details. + + lib-index: Added new mail_index_recreated event. See + https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated + + lib-sql: Support TLS options for cassandra driver. This requires + cpp-driver v2.15 (or later) to work reliably. + + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now + added to existing mails if mail_attachment_detection_option=add-flags + and it can be done inexpensively. + + login proxy: Added login_proxy_max_reconnects setting (default 3) to + control how many reconnections are attempted. + + login proxy: imap/pop3/submission/managesieve proxying now supports + reconnection retrying on more than just connect() failure. Any error + except a non-temporary authentication failure will result in reconnect + attempts. + - auth: Lua passdb/userdb leaks stack elements per call, eventually + causing the stack to become too deep and crashing the auth or + auth-worker process. + - auth: SASL authentication PLAIN mechanism could be used to trigger + read buffer overflow. However, this doesn't seem to be exploitable in + any way. + - auth: v2.3.11 regression: GSSAPI authentication fails because dovecot + disallows NUL bytes for it. + - dict: Process used too much CPU when iterating keys, because each key + used a separate write() syscall. + - doveadm-server: Crash could occur if logging was done outside command + handling. For example http-client could have done debug logging + afterwards, resulting in either segfault or + Panic: file http-client.c: line 642 (http_client_context_close): + assertion failed: (cctx->clients_list == NULL). + - doveadm-server: v2.3.11 regression: Trying to connect to doveadm server + process via starttls assert-crashed if there were no ssl=yes listeners: + Panic: file master-service-ssl.c: line 22 (master_service_ssl_init): + assertion failed: (service->ssl_ctx_initialized). + - fts-solr: HTTP requests may have assert-crashed: + Panic: file http-client-request.c: line 1232 + (http_client_request_send_more): + assertion failed: (req->payload_input != NULL) + - imap: IMAP NOTIFY could crash with a segmentation fault due to a bad + configuration that causes errors. Sending the error responses to the + client can cause the segmentation fault. This can for example happen + when several namespaces use the same mail storage location. + - imap: IMAP NOTIFY used on a shared namespace that doesn't actually + exist (e.g. public namespace for a nonexistent user) can crash with a + panic: + Panic: Leaked view for index /tmp/home/asdf/mdbox/dovecot.list.index: + Opened in (null):0 + - imap: IMAP session can crash with QRESYNC extension if many changes + are done before asking for expunged mails since last sync. + - imap: Process might hang indefinitely if client disconnects after + sending some long-running commands pipelined, for example FETCH+LOGOUT. + - lib-compress: Mitigate crashes when configuring a not compiled in + compression. Errors with compression configuration now distinguish + between not supported and unknown. + - lib-compression: Using xz/lzma compression in v2.3.11 could have + written truncated output in some situations. This would result in + "Broken pipe" read errors when trying to read it back. + - lib-compression: zstd compression could have crashed in some situations: + Panic: file ostream.c: line 287 (o_stream_sendv_int): assertion + failed: (!stream->blocking) + - lib-dict: dict client could have crashed in some rare situations when + iterating keys. + - lib-http: Fix several assert-crashes in HTTP client. + - lib-index: v2.3.11 regression: When mails were expunged at the same + time as lots of new content was being saved to the cache (e.g. cache + file was lost and is being re-filled) a deadlock could occur with + dovecot.index.cache / dovecot.index.log. + - lib-index: v2.3.11 regression: dovecot.index.cache file was being + purged (rewritten) too often when it had a field that hadn't been + accessed for over 1 month, but less than 2 months. Every cache file + change caused a purging in this situation. + - lib-mail: MIME parts were not returned correctly by Dovecot MIME parser. + Regression caused by fixing CVE-2020-12100. + - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE + was written in a way that may have caused confusion for both IMAP + clients and Dovecot itself when parsing it. The truncated part is now + written out using application/octet-stream MIME type. + - lib-mail: v2.3.11 regression: Mail delivery / parsing crashed when the + 10000th MIME part was message/rfc822 (or if parent was multipart/digest): + Panic: file message-parser.c: line 167 (message_part_append): + assertion failed: (ctx->total_parts_count <= ctx->max_total_mime_parts). + - lib-oauth2: Dovecot incorrectly required oauth2 server introspection + reply to contain username with invalid token. + - lib-ssl-iostream, lib-dcrypt: Fix building with OpenSSL that has + deprecated APIs disabled. + - lib-storage: When mail's size is different from the cached one (in + dovecot.index.cache or Maildir S=size in the filename), this is + handled by logging "Cached message size smaller/larger than expected" + error. However, in some situations this also ended up crashing with: + Panic: file istream.c: line 315 (i_stream_read_memarea): + assertion failed: (old_size <= _stream->pos - _stream->skip). + - lib-storage: v2.3 regression: Copying/moving mails was taking much more + memory than before. This was mainly visible when copying/moving + thousands of mails in a single transaction. + - lib-storage: v2.3.11 regression: Searching messages assert-crashed + (without FTS): Panic: file message-parser.c: line 174 + (message_part_finish): + assertion failed: (ctx->nested_parts_count > 0). + - lib: Dovecot v2.3 moved signal handlers around in ioloops, + causing more CPU usage than in v2.2. + - lib: Fixed JSON parsing: '\' escape sequence may have wrongly resulted + in error if it happened to be at read boundary. Any NUL characters and + '\u0000' will now result in parsing error instead of silently + truncating the data. + - lmtp, submission: Server may hang if SSL client connection disconnects + during the delivery. If this happened repeated, it could have ended + up reaching process_limit and preventing any further lmtp/submission + deliveries. + - lmtp: Proxy does not always properly log TLS connection problems as + errors; in some cases, only a debug message is logged if enabled. + - lmtp: The LMTP service can hang when commands are pipelined. This can + particularly occur when one command in the middle of the pipeline fails. + One example of this occurs for proxied LMTP transactions in which the + final DATA or BDAT command is pipelined after a failing RCPT command. + - login-proxy: The login_source_ips setting has no effect, and therefore + the proxy source IPs are not cycled through as they should be. + - master: Process was using 100% CPU in some situations when a broken + service was being throttled. + - pop3-login: POP3 login would fail with "Input buffer full" if the + initial response for SASL was too long. + - stats: Crash would occur when generating openmetrics data for metrics + using aggregating functions. + + Pigeonhole 0.5.13 + - duplicate: The test was handled badly in a multiscript (sieve_before, + sieve_after) scenario in which an earlier script in the sequence with + a duplicate test succeeded, while a later script caused a runtime + failure. In that case, the message is recorded for duplicate tracking, + while the message may not actually have been delivered in the end. + - editheader: Sieve interpreter entered infinite loop at startup when + the "editheader" configuration listed an invalid header name. This + problem can only be triggered by the administrator. + - relational: The Sieve relational extension can cause a segfault at + compile time. This is triggered by invalid script syntax. The segfault + happens when this match type is the last argument of the test command. + This situation is not possible in a valid script; positional arguments + are normally present after that, which would prevent the segfault. + - sieve: For some Sieve commands the provided mailbox name is not + properly checked for UTF-8 validity, which can cause assert crashes at + runtime when an invalid mailbox name is encountered. This can be + caused by the user by writing a bad Sieve script involving the + affected commands ("mailboxexists", "specialuse_exists"). + This can be triggered by the remote sender only when the user has + written a Sieve script that passes message content to one of the + affected commands. + - sieve: Large sequences of 8-bit octets passed to certain Sieve + commands that create or modify message headers that allow UTF-8 text + (vacation, notify and addheader) can cause the delivery or IMAP + process (when IMAPSieve is used) to enter a memory-consuming + semi-infinite loop that ends when the process exceeds its memory + limits. Logged in users can cause these hangs only for their own + processes. + +- drop upstreamed patches: + - dovecot-2.3.11.3-ftbfs1.patch + - dovecot-2.3.11.3-ftbfs2.patch + - dovecot-2.3.11.3-gssapi-nul.patch + ------------------------------------------------------------------- Tue Nov 24 07:59:06 UTC 2020 - Guillaume GARDET diff --git a/dovecot23.spec b/dovecot23.spec index 851c64c..60d2342 100644 --- a/dovecot23.spec +++ b/dovecot23.spec @@ -1,7 +1,7 @@ # # spec file for package dovecot23 # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,11 +19,11 @@ %global _lto_cflags %{nil} Name: dovecot23 -Version: 2.3.11.3 +Version: 2.3.13 Release: 0 %define pkg_name dovecot -%define dovecot_version 2.3.11.3 -%define dovecot_pigeonhole_version 0.5.11 +%define dovecot_version 2.3.13 +%define dovecot_pigeonhole_version 0.5.13 %define dovecot_branch 2.3 %define dovecot_pigeonhole_source_dir %{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version} %define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole @@ -149,11 +149,6 @@ Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch # https://github.com/dovecot/core/pull/126 Patch2: allow-tls1.3-only.patch -# https://github.com/dovecot/core/pull/133 -Patch3: dovecot-2.3.11.3-gssapi-nul.patch -# Fix 32-bit test - Similar to https://github.com/dovecot/core/pull/134 -Patch4: dovecot-2.3.11.3-ftbfs1.patch -Patch5: dovecot-2.3.11.3-ftbfs2.patch Summary: IMAP and POP3 Server Written Primarily with Security in Mind License: BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -334,9 +329,6 @@ dovecot tree. %patch -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf