Fix merge conflict

add missed files
New version.
2025-11-13 07:47:54 +01:00 · 2025-10-29 13:24:57 +01:00 · 2025-10-29 12:22:10 +01:00 · 2025-08-22 10:38:27 +02:00
7 changed files with 144 additions and 29 deletions
--- a/dovecot-2.4.1-4.tar.gz
+++ b/dovecot-2.4.1-4.tar.gz
--- a/dovecot-2.4.2.tar.gz
+++ b/dovecot-2.4.2.tar.gz
--- a/dovecot-fix-gssapi.patch
+++ b/dovecot-fix-gssapi.patch
@@ -1,12 +0,0 @@
-diff -Naur dovecot-2.4.1-4/src/auth/mech-gssapi.c dovecot-2.4.1-4.new/src/auth/mech-gssapi.c
--- dovecot-2.4.1-4/src/auth/mech-gssapi.c	2025-03-28 12:32:27.000000000 +0100
-+++ dovecot-2.4.1-4.new/src/auth/mech-gssapi.c	2025-05-23 14:09:17.765742203 +0200
-@@ -672,7 +672,7 @@
- 
- 	if (data_size == 0) {
- 		/* The client should go first */
-		auth_request_handler_reply_continue(request, NULL, 0);
-+		auth_request_handler_reply_continue(request, uchar_empty_ptr, 0);
- 	} else {
- 		mech_gssapi_auth_continue(request, data, data_size);
- 	}
--- a/dovecot-pigeonhole-2.4.1-4.tar.gz
+++ b/dovecot-pigeonhole-2.4.1-4.tar.gz
--- a/dovecot-pigeonhole-2.4.2.tar.gz
+++ b/dovecot-pigeonhole-2.4.2.tar.gz
--- a/dovecot24.changes
+++ b/dovecot24.changes
@@ -1,3 +1,129 @@
+-------------------------------------------------------------------
+Wed Oct 29 09:39:55 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- drop dovecot-fix-gssapi.patch
+
+-------------------------------------------------------------------
+Wed Oct 29 09:33:52 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update dovecot to 2.4.2 (boo#1252839 CVE-2025-30189)
+  - Critical bug fixes
+    - CVE-2025-30189: Passdb oauth2 (not oauth2 mechanism), passdb
+      passwd, passdb bsdauth, and userdb passwd drivers would cause
+      users to be cached with same cache key when auth cache was
+      enabled.
+  - Changes
+    - auth: Remove proxy_always field.
+    - config: Change settings history parsing to use python3.
+    - doveadm: Print table formatter - Print empty values as "-".
+    - imapc: Propagate remote error codes properly.
+    - lda: Default mail_home=$HOME environment if not using userdb
+      lookup
+    - lib-dcrypt: Salt for new version 2 keys has been increased to
+      16 bytes.
+    - lib-dregex: Add libpcre2 based regular expression support to
+      Dovecot, if the library is missing, disable all regular
+      expressions. This adds libpcre2-32 as build dependency.
+    - lib-oauth2: jwt - Allow nbf and iat to point 1 second into
+      future.
+    - lib: Replace libicu with our own unicode library. Removes
+      libicu as build dependency.
+    - login-common: If proxying fails due to remote having invalid
+      SSL cert, don't reconnect.
+  - New features
+    - auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp
+      fields, see
+      https://doc.dovecot.org/latest/core/summaries/settings.html#ssl_peer_certificate_fingerprint_hash
+      for more information.
+    - config: Add support for $SET:filter/path/setting.
+    - config: Improve @group includes to work with overwriting
+      their settings.
+    - doveadm kick: Add support for kicking multiple usernames
+    - doveadm mailbox status: Add support for deleted status item.
+    - imap, imap-client: Add experimental partial IMAP4rev2
+      support.
+    - imap: Implement support for UTF8=ACCEPT for APPEND
+    - lib-oauth2, oauth2: Add oauth2_token_expire_grace setting.
+    - lmtp: lmtp-client - Support command pipelining.
+    - login-common: Support local/remote blocks better.
+    - master: accept() unix/inet connections before creating child
+      process to handle it. This reduces timeouts when child
+      processes are slow to spawn themselves.
+  - Bug fixes
+    - SMTPUTF8 was accepted even when it wasn't enabled.
+    - auth, *-login: Direct logging with -L parameter was not
+      working.
+    - auth: Crash occured when OAUTH token validation failed with
+      oauth2_use_worker_with_mech=yes.
+    - auth: Invalid field handling crashes were fixed.
+    - auth: ldap - Potential crash could happen at deinit.
+    - auth: mech-gssapi - Server sending empty initial response
+      would cause errors.
+    - auth: mech-winbind - GSS-SPNEGO mechanism was erroneously
+      marked as
+    - not accepting NUL.
+    - config: Multiple issues with $SET handling has been fixed.
+    - configure: Building without LDAP didn't work.
+    - doveadm: If source user didn't exist, a crash would occur.
+    - imap, pop3, submission, imap-urlauth: USER environment usage
+      was broken when running standalone.
+    - imap-hibernate: Statistics would get truncated on
+      unhibernation.
+    - imap: "SEARCH MIMEPART FILENAME ENDS" command could have
+      accessed memory outside allocated buffer, resulting in a
+      crash.
+    - imapc: Fetching partial headers would cause other cached
+      headers to be cached empty, breaking e.g. imap envelope
+      responses when caching to disk.
+    - imapc: Shared namespace's INBOX mailbox was not always
+      uppercased.
+    - imapc: imapc_features=guid-forced GUID generation was not
+      working correctly.
+    - lda: USER environment was not accepted if -d hasn't been
+      specified.
+    - lib-http: http-url - Significant path percent encoding
+      through parse and create was not preserved. This is mainly
+      important for Dovecot's Lua bindings for lib-http.
+    - lib-settings: Crash would occur when using %variables in
+      SET_FILE type settings.
+    - lib-storage: Attachment flags were attempted to be added for
+      readonly mailboxes with mail_attachment_flags=add-flags.
+    - lib-storage: Root directory for unusable shared namespaces
+      was unnecessarily attempted to be created.
+    - lib: Crash would occur when config was reloaded and logging
+      to syslog.
+    - login-common: Crash might have occured when login proxy was
+      destroyed.
+    - sqlite: The sqlite_journal_mode=wal setting didn't actually
+      do anything.
+    - Many other bugs have been fixed.
+- Update pigeonhole to 2.4.2
+  - Changes
+    - lib-sieve: Use new regular expression library in core.
+    - managesieve: Add default
+      service_extra_groups=$SET:default_internal_group.
+  - New features
+    - lib-sieve: Add support for "extlists" extension.
+    - lib-sieve: regex - Allow unicode comparator.
+  - Bug fixes
+    - lib-sieve-tool: sieve-tool - All sieve_script settings were
+      overriden.
+    - lib-sieve: storage: dict: sieve_script_dict filter was
+      missing from settings.
+    - sieve-ldap-storage: Fix compile without LDAP.
+
+-------------------------------------------------------------------
+Fri Aug 22 08:30:47 UTC 2025 - Giacomo Leidi <giacomo.leidi@suse.com>
+
+ - Allow for %is_opensuse to be unset, following up to
+  https://src.suse.de/products/SLFO/pulls/204 (bsc#1248485).
+
+-------------------------------------------------------------------
+Thu Aug 14 06:45:21 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Enable build for all arches again. The build failure on 32bit has
+  been addressed upstream.
+
 -------------------------------------------------------------------
 Tue Aug  5 10:57:55 UTC 2025 - Peter Varkoly <varkoly@suse.com>

--- a/dovecot24.spec
+++ b/dovecot24.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package dovecot24
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,8 @@


 %define pkg_name dovecot
-%define dovecot_version 2.4.1-4
-%define dovecot_pigeonhole_version 2.4.1-4
+%define dovecot_version 2.4.2
+%define dovecot_pigeonhole_version 2.4.2
 %define dovecot_branch  2.4
 %define dovecot_pigeonhole_source_dir %{pkg_name}-pigeonhole-%{dovecot_pigeonhole_version}
 %define dovecot_pigeonhole_docdir     %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -34,7 +34,7 @@
 %bcond_without zstd
 %bcond_without xapian
 %bcond_without libstemmer
-%if %{is_opensuse}
+%if 0%{?is_opensuse}
 %bcond_without apparmor
 %bcond_without textcat
 %else
@@ -44,12 +44,10 @@
 %bcond_with run_tests

 Name:           dovecot24
-Version:        2.4.1
+Version:        2.4.2
 Release:        0
 Summary:        IMAP and POP3 Server Written Primarily with Security in Mind
 License:        BSD-3-Clause AND LGPL-2.1-or-later AND MIT
-# https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/message/PCUTU3IE6RZXQQMWCAB7UP4XN6SPFPFX/
-ExcludeArch:    %ix86 %arm
 Group:          Productivity/Networking/Email/Servers
 URL:            https://www.dovecot.org
 Source:         https://www.dovecot.org/releases/%{dovecot_branch}/%{pkg_name}-%{dovecot_version}.tar.gz
@@ -64,8 +62,6 @@ Patch0:         dovecot-2.3.0-dont_use_etc_ssl_certs.patch
 Patch1:         dovecot-2.4.0-lua_json.patch
 # PATCH-FIX-OPENSUSE
 Patch2:         dovecot-2.3.17-env_script_interpreter.patch
-# PATCH-FIX-OPENSUSE
-Patch3:         dovecot-fix-gssapi.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -93,6 +89,7 @@ BuildRequires:  libmysqlclient-devel
 BuildRequires:  openldap2-devel >= 2.5.0
 BuildRequires:  pam-devel
 %endif
+BuildRequires:  pkgconfig(libpcre2-32)
 BuildRequires:  pkgconfig(libpq)
 BuildRequires:  pkgconfig(libsystemd)
 %ifnarch s390x
@@ -300,7 +297,7 @@ gzip -9v ChangeLog

 %build
 # export CFLAGS="%%{optflags} -Wno-sign-compare"
-./autogen.sh
+# ./autogen.sh
 %configure                                          \
    --docdir=%{_docdir}/%{pkg_name}                 \
    --with-moduledir=%{_libdir}/%{pkg_name}/modules \
@@ -340,7 +337,7 @@ gzip -9v ChangeLog
 %make_build

 pushd %{dovecot_pigeonhole_source_dir}
-    ./autogen.sh
+    # ./autogen.sh
    %configure --with-dovecot=../ \
      --with-ldap=plugin \
      --docdir="%{dovecot_pigeonhole_docdir}"
@@ -490,6 +487,7 @@ fi
 %{_prefix}/lib/%{pkg_name}/quota-status
 %{_prefix}/lib/%{pkg_name}/managesieve
 %{_prefix}/lib/%{pkg_name}/managesieve-login
+%{_prefix}/lib/%{pkg_name}/settings-history.py
 %{_libdir}/%{pkg_name}/libdovecot.so.*
 %{_libdir}/%{pkg_name}/libdovecot-ldap.so.*
 %{_libdir}/%{pkg_name}/libdovecot-lua.so.*
@@ -503,6 +501,7 @@ fi
 %{_libdir}/%{pkg_name}/libdovecot-dsync.so.*
 %{_libdir}/%{pkg_name}/libdovecot-sieve.so.*
 %{_libdir}/%{pkg_name}/libdovecot-managesieve.so.*
+%{_libdir}/%{pkg_name}/libdovecot-gssapi.so.*
 # plugins
 %dir %{_libdir}/%{pkg_name}
 %dir %{_libdir}/%{pkg_name}/modules/
@@ -545,6 +544,7 @@ fi
 %{_libdir}/%{pkg_name}/modules/auth/libauthdb_ldap.so
 %{_libdir}/%{pkg_name}/modules/auth/libauthdb_lua.so
 %{_libdir}/%{pkg_name}/modules/auth/libmech_gssapi.so
+%{_libdir}/%{pkg_name}/modules/auth/libmech_gss_spnego.so
 %dir %{_libdir}/%{pkg_name}/modules/dict/
 %{_libdir}/%{pkg_name}/modules/dict/libdict_ldap.so
 # more dict modules are in the sql packages
@@ -686,5 +686,6 @@ fi
 %{_libdir}/%{pkg_name}/libdovecot-dsync.so
 %{_libdir}/%{pkg_name}/libdovecot-sieve.so
 %{_libdir}/%{pkg_name}/libdovecot-managesieve.so
+%{_libdir}/%{pkg_name}/libdovecot-gssapi.so

 %changelog
Author	SHA256	Message	Date
Peter Varkoly	485f1f9d8b	Fix merge conflict	2025-11-13 07:47:54 +01:00
Peter Varkoly	23e768a024	add missed files	2025-10-29 13:24:57 +01:00
Peter Varkoly	e7e9649a2c	New version. Fix bsc#1252839	2025-10-29 12:22:10 +01:00
Giacomo Leidi	98c4588427	Allow for %is_opensuse to be unset, following up to https://src.suse.de/products/SLFO/pulls/204 (bsc#1248485).	2025-08-22 10:38:27 +02:00