SHA256
1
0
forked from pool/dovecot23
Commit Graph

30 Commits

Author SHA256 Message Date
1f53965469 - update to 2.3.6: (boo#1133624 boo#1133625)
* CVE-2019-11494: Submission-login crashed with signal 11 due to
    null pointer access when authentication was aborted by
    disconnecting.
  * CVE-2019-11499: Submission-login crashed when authentication
    was started over TLS secured channel and invalid authentication
    message was sent.
  * auth: Support password grant with passdb oauth2.
  + Use system default CAs for outbound TLS connections.
  + Simplify array handling with new helper macros.
  + fts_solr: Enable configuring batch_size and soft_commit features.
  - lmtp/submission: Fixed various bugs in XCLIENT handling,
    including a hang when XCLIENT commands were sent infinitely to
    the remote server.
  - lmtp/submission: Forwarded multi-line replies were erroneously
    sent as two replies to the client.
  - lib-smtp: client: Message was not guaranteed to contain CRLF
    consistently when CHUNKING was used.
  - fts_solr: Plugin was no longer compatible with Solr 7.
  - Make it possible to disable certificate checking without
    setting ssl_client_ca_* settings.
  - pop3c: SSL support was broken.
  - mysql: Closing connection twice lead to crash on some systems.
  - auth: Multiple oauth2 passdbs crashed auth process on deinit.
  - HTTP client connection errors infrequently triggered a
    segmentation fault when the connection was idle and not used
    for a particular client instance.
- drop https://github.com/dovecot/core/commit/3c5101ffd.patch

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=46
2019-04-30 13:41:27 +00:00
8b970068e3 - backport https://github.com/dovecot/core/commit/3c5101ffd.patch
[PATCH] driver-mysql: Avoid double-closing MySQL connection

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=45
2019-04-29 22:20:50 +00:00
6e450a619d - update to 2.3.5.2 (boo#1132501)
* CVE-2019-10691: Trying to login with 8bit username containing
    invalid UTF8 input causes auth process to crash if auth policy
    is enabled. This could be used rather easily to cause a DoS.
    Similar crash also happens during mail delivery when using
    invalid UTF8 in From or Subject header when OX push
    notification driver is used.
- update to 2.3.5.1 (boo#1130116)

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=43
2019-04-18 11:49:39 +00:00
5865d4af03 - update to 2.3.5.1
* CVE-2019-7524: Missing input buffer size validation leads into
    arbitrary buffer overflow when reading fts or pop3 uidl header
    from Dovecot index. Exploiting this requires direct write
    access to the index files.

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=41
2019-03-28 12:47:57 +00:00
be50c964a0 - update to 2.3.5 and pigeonhole to 0.5.5
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=40
2019-03-08 18:12:37 +00:00
850a9b2907 - update to 2.3.4.1 (boo#1123022)
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
    trusted certificate with missing username field
    (ssl_cert_username_field), under some configurations Dovecot
    mistakenly trusts the username provided via authentication
    instead of failing.
  * ssl_cert_username_field setting was ignored with external
    SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
    send the cert_username field. This may have allowed users with
    trusted certificate to specify any username in the
    authentication. This bug didn't affect Dovecot's Submission
    service.

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=38
2019-02-05 14:50:04 +00:00
d6d0b37521 Accepting request 666836 from home:adkorte:branches:openSUSE:Factory
- add buildrequires zlib-devel which used to be pulled in by other
  buildrequires, but no longer is

OBS-URL: https://build.opensuse.org/request/show/666836
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=36
2019-01-21 09:39:59 +00:00
Andreas Schneider
fbdf7e7877 Accepting request 655860 from home:darix:branches:server:mail
- added 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch:
  fix crash with mysql/mariadb

OBS-URL: https://build.opensuse.org/request/show/655860
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=34
2018-12-06 17:41:29 +00:00
16852df8e8 - added 10048229...de42b54a.patch:
Fix build failures on TW i586

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=32
2018-11-25 00:21:54 +00:00
a5908002a7 - update to 2.3.4
- update pigeonhole to 0.5.4

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=31
2018-11-24 00:58:20 +00:00
b79e7ee68f Accepting request 639469 from home:darix:playground
- update pigeonhole to 0.5.3
- update to 2.3.3

OBS-URL: https://build.opensuse.org/request/show/639469
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=29
2018-10-01 23:03:57 +00:00
00a2ea2380 Accepting request 622786 from home:wrosenauer:devel
OBS-URL: https://build.opensuse.org/request/show/622786
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=27
2018-07-14 12:55:30 +00:00
7469ea6825 - added
4ff4bd024a.patch

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=26
2018-07-13 21:27:39 +00:00
05ca6d7f03 - update to 2.3.2.1
- SSL/TLS servers may have crashed during client disconnection
  - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
    sometimes assert-crashed.
  - v2.3.2: "make check" may have crashed with 32bit systems

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=24
2018-07-11 14:24:36 +00:00
2e1370b609 - update to 2.3.2 and pigeonhole to 0.5.2
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=22
2018-06-30 20:12:10 +00:00
b58afc96cb Accepting request 611852 from home:kbabioch:branches:server:mail
- Use OpenPGP signatures provided upstream
- Added dovecot23.keyring, which contains the keys from the upstream projects

OBS-URL: https://build.opensuse.org/request/show/611852
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=20
2018-05-29 12:51:15 +00:00
0d4e201210 - added 847790d5aab84df38256a6f9b4849af0eb408419.patch:
Fix crash for over quota users

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=19
2018-05-27 10:51:16 +00:00
Peter Varkoly
7dc58a5a76 - bnc#1088911 - dovecot23 can not build ond s390
add: 35497604d80090a02619024aeec069b32568e4b4.diff
  add: 5522b8b3d3ed1a99c3b63bb120216af0bd427403.diff

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=17
2018-04-10 15:49:53 +00:00
319672653d - update to 2.3.1
- update pigeonhole to 0.5.1

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=15
2018-03-28 09:15:55 +00:00
8c7fb8e145 Accepting request 586345 from home:dimstar:Factory
- Fix License tag.

OBS-URL: https://build.opensuse.org/request/show/586345
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=13
2018-03-13 10:46:07 +00:00
c8f004f09f - added 23da0fa1b30cc11bcc1d467674a0950c527e9ff1.patch
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=12
2018-03-07 12:30:33 +00:00
36e64eaff2 - update license to SPDX-3
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=11
2018-03-07 12:11:05 +00:00
655f47397d add bugnumbers
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=10
2018-03-07 12:01:48 +00:00
611d2263be - update pigeonhole to 0.5.0.1
- imap4flags extension: Fix binary corruption occurring when
    setflag/addflag/removeflag flag-list is a variable.
  - sieve-extprograms plugin: Fix segfault occurring when used in
    IMAPSieve context.
- drop 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=8
2018-03-06 19:34:39 +00:00
572e38fe4f - pull backport patch dovecot-2.3.0.1-over-quota-lmtp-crash.patch
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=7
2018-03-06 18:03:27 +00:00
355adda1ff - update to 2.3.0.1
* CVE-2017-15130: TLS SNI config lookups may lead to excessive
    memory usage, causing imap-login/pop3-login VSZ limit to be
    reached and the process restarted. This happens only if Dovecot
    config has local_name { } or local { } configuration blocks and
    attacker uses randomly generated SNI servernames.
  * CVE-2017-14461: Parsing invalid email addresses may cause a
    crash or leak memory contents to attacker. For example, these
    memory contents might contain parts of an email from another
    user if the same imap process is reused for multiple users.
    First discovered by Aleksandar Nikolic of Cisco Talos.
    Independently also discovered by "flxflndy" via HackerOne.
  * CVE-2017-15132: Aborted SASL authentication leaks memory in
    login process.
  * Linux: Core dumping is no longer enabled by default via
    PR_SET_DUMPABLE, because this may allow attackers to bypass
    chroot/group restrictions. Found by cPanel Security Team.
    Nowadays core dumps can be safely enabled by using "sysctl -w
    fs.suid_dumpable=2". If the old behaviour is wanted, it can
    still be enabled by setting:
    import_environment=$import_environment PR_SET_DUMPABLE=1
  - imap-login with SSL/TLS connections may end up in infinite loop

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=6
2018-03-06 13:53:55 +00:00
4ea5f55590 Accepting request 559954 from home:jengelh:branches:server:mail
- Replace %__-type macro indirections.
  Replace xargs rm by built in -delete of find(1).
- Run ldconfig directly via %post -p.
- Check for users in %pre before creating them, and do not suppress
  errors about it.

OBS-URL: https://build.opensuse.org/request/show/559954
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=3
2018-01-09 13:47:47 +00:00
Dominique Leuenberger
61e5cd10da Accepting request 559875 from server:mail
2.3 branch

OBS-URL: https://build.opensuse.org/request/show/559875
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=1
2018-01-09 13:51:34 +00:00
c8ae08e7fc - backport 321a39be974deb2e7eff7b2a509a3ee6ff2e5ae1.patch
fixes crash with imap sieve

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=2
2017-12-25 18:51:39 +00:00
0235820ac5 Accepting request 559675 from home:darix:playground
new package of 2.3.0

OBS-URL: https://build.opensuse.org/request/show/559675
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=1
2017-12-24 02:20:56 +00:00