SHA256
1
0
forked from pool/dovecot23
Commit Graph

64 Commits

Author SHA256 Message Date
f739a90376 Accepting request 1111575 from home:adkorte:branches:server:mail
- update to 2.3.21 and pigeonhole 0.5.21
  Dovecot 2.3.21
  * lib-oauth2: Allow JWT tokens to be validated with missing typ field.
    The typ field is left out by some key issuers to conserve space,
    notably kubernetes. Now missing typ is tolerated, but if present, it
    still must be "jwt".
  + auth: Auth passdb and userdb reply can contain "event_<name>=value"
    which will be added to login event and mail user event respectively.
  + lib-master: Set process title during various initialization stages to
    clearly describe what the process is waiting on.
  + lib-storage: The mail_temp_scan_interval is now fuzzed incrementing it
    by 0..30% based on username's hash to reduce the chance of load spikes.
  + lib-storage: The temp file scan has been moved from the open of the
    mailbox to the close, to reduce the latency perceived by users.
  + stats: If metric has fields specified, all these fields are
    exported as counters to prometheus exposition.
    See https://doc.dovecot.org/configuration_manual/stats/openmetrics/.

OBS-URL: https://build.opensuse.org/request/show/1111575
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=117
2023-09-15 14:23:31 +00:00
a08d42cae4 Accepting request 1075272 from home:marxin:branches:server:mail
Update patch comment.

OBS-URL: https://build.opensuse.org/request/show/1075272
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=116
2023-03-29 14:27:17 +00:00
011563c0e6 Accepting request 1074621 from home:marxin:branches:server:mail
- Add upstream fix-strict-aliasing.patch that addresses violation
  of strict aliasing.

- Enable LTO now as it works now (boo#1156301).

OBS-URL: https://build.opensuse.org/request/show/1074621
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=114
2023-03-27 09:34:43 +00:00
Dirk Stoecker
bd41626afb Accepting request 1063508 from home:adkorte:branches:server:mail
- Add patch to fix building with OpenSSL-3 (boo#1207958)
  + fix-build-with-openssl-3.patch

OBS-URL: https://build.opensuse.org/request/show/1063508
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=112
2023-02-07 10:24:58 +00:00
e26b83b3e6 Accepting request 1044344 from home:stroeder:network
update to 2.3.20 and pigeonhole 0.5.20

OBS-URL: https://build.opensuse.org/request/show/1044344
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=110
2022-12-23 16:13:10 +00:00
d3b7eeff46 Accepting request 1043991 from home:thiagomacieira
- Add support for Zstandard (zstd) to the compression (zlib) plugin: zstd has a
  better compression ratio than gzip for the same amount of CPU work, or takes
  less CPU to compress the same. It's also faster to decompress.
- Add dovecot-2.3.19-fix-doveadm-sync-special-folders.patch:
  Patches from the release-2.3 branch that fix issues importing the INBOX
  folder from a Cyrus IMAP server and dealing with auto-creating folders that
  haven't yet been created

OBS-URL: https://build.opensuse.org/request/show/1043991
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=108
2022-12-21 07:28:56 +00:00
aca9b3f546 Accepting request 982632 from home:stroeder:network
- update to 2.3.19.1
  * doveadm deduplicate: Non-duplicate mails were deleted. v2.3.19 regression.
  * auth: Crash would occur when iterating multiple backends.
    Fixes: Panic: file userdb-blocking.c: line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)

OBS-URL: https://build.opensuse.org/request/show/982632
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=106
2022-06-15 09:21:59 +00:00
Christian Wittmer
1ee2e837ae Accepting request 976125 from home:adkorte:branches:server:mail
- update to 2.3.19 and pigeonhole 0.5.19
  Dovecot 2.3.19
  + Added mail_user_session_finished event, which is emitted when the mail
    user session is finished (e.g. imap, pop3, lmtp). It also includes
    fields with some process statistics information.
    See https://doc.dovecot.org/admin_manual/list_of_events/ for more
    information.
  + Added process_shutdown_filter setting. When an event matches the filter,
    the process will be shutdown after the current connection(s) have
    finished. This is intended to reduce memory usage of long-running imap
    processes that keep a lot of memory allocated instead of freeing it to
    the OS.
  + auth: Add cache hit indicator to auth passdb/userdb finished events.
    See https://doc.dovecot.org/admin_manual/list_of_events/ for more
    information.
  + doveadm deduplicate: Performance is improved significantly.
  + imapc: COPY commands were sent one mail at a time to the remote IMAP
    server. Now the copying is buffered, so multiple mails can be copied
    with a single COPY command.
  + lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
    https://doc.dovecot.org/admin_manual/lua/ for more information.
  - auth: Cache lookup would use incorrect cache key after username change.
  - auth: Improve handling unexpected LDAP connection errors/hangs.
    Try to fix up these cases by reconnecting to the LDAP server and
    aborting LDAP requests earlier.
  - auth: Process crashed if userdb iteration was attempted while auth-workers
    were already full handling auth requests.
  - auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
    introspection requests.
  - dict: Timeouts may have been leaked at deinit.

OBS-URL: https://build.opensuse.org/request/show/976125
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=104
2022-05-10 20:18:42 +00:00
78d92b0077 Accepting request 951413 from home:stroeder:network
update to 2.3.18 and pigeonhole to 0.5.18

FWIW it works for me on Tumbleweed x86_64.

OBS-URL: https://build.opensuse.org/request/show/951413
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=103
2022-02-04 01:43:45 +00:00
27be5ff268 Accepting request 951326 from home:dimstar:Factory
Fix typo in changes

OBS-URL: https://build.opensuse.org/request/show/951326
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=102
2022-02-03 21:00:58 +00:00
5c9be102f7 Accepting request 936363 from home:stroeder:network
update to 2.3.17.1 and pigeonhole to 0.5.17.1

OBS-URL: https://build.opensuse.org/request/show/936363
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=99
2021-12-08 02:44:45 +00:00
e60385e579 Accepting request 911327 from home:stroeder:network
update to 2.3.16 and pigeonhole to 0.5.16 with back-port fix for big-endian platforms

OBS-URL: https://build.opensuse.org/request/show/911327
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=98
2021-08-16 09:39:47 +00:00
bb5015881c - use lua 5.1 for sle12
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=97
2021-06-22 15:14:08 +00:00
4aa711e725 Accepting request 901209 from home:stroeder:network
- update to 2.3.15 and pigeonhole to 0.5.15:
  * security fixes for CVE-2021-29157, CVE-2021-33515, and CVE-2020-28200

FWIW: It seems to work for me on Tumbleweed x64_64.

OBS-URL: https://build.opensuse.org/request/show/901209
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=96
2021-06-21 17:08:49 +00:00
66ae4aab60 Accepting request 893083 from home:favogt:branches:server:mail
- Add patch to fix insecure default openssl.cnf (boo#1184552):
  * openssl-cnf-default_bits-2048.patch
- Use %autosetup

OBS-URL: https://build.opensuse.org/request/show/893083
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=94
2021-05-15 19:51:48 +00:00
572034c16b Accepting request 876725 from home:stroeder:branches:server:mail
- update to 2.3.14 and pigeonhole to 0.5.14
  * removed obsolete fix-timeval_cmp_margin-for-32bit-systems.patch
  Dovecot 2.3.14
  * Added new aliases for some variables. Usage of the old ones is possible,
    but discouraged. (These were partially added already to v2.3.13.)
    See https://doc.dovecot.org/configuration_manual/config_file/config_variables/
    for more information.
  * Optimize imap/pop3/submission/managesieve proxies to use less CPU at
    the cost of extra memory usage.
  * Remove autocreate, expire, snarf and mail-filter plugins.
  * Remove cydir storage driver.
  * Remove XZ/LZMA write support. Read support will be removed in future release.
  * doveadm -D: Add timestamps to debug output even when LOG_STDERR_TIMESTAMP
    environment variable is not set. Timestamp format is taken from
    log_timestamp setting.
  * If BROKENCHAR or listescape plugin is used, the escaped folder names
    may be slightly different from before in some situations. This is
    unlikely to cause issues, although caching clients may redownload the
    folders.
  * imapc: It now enables BROKENCHAR=~ by default to escape remote folder
    names if necessary. This also means that if there are any '~'
    characters in the remote folder names, they will be visible as "~7e".
  * imapc: When using local index files folder names were escaped on
    filesystem a bit differently. This affects only if there are folder
    names that actually require escaping, which isn't so common. The old
    style folders will be automatically deleted from filesystem.
  * stats: Update exported metrics to be compliant with OpenMetrics standard.
  + doveadm: Add an optional '-p' parameter to metadata list command. If
    enabled, "/private", and "/shared" metadata prefixes will be prepended
    to the keys in the list output.
  + doveconf: Support environment variables in config files. See
    https://doc.dovecot.org/configuration_manual/config_file/config_file_syntax/#environment-variables
    for more details.
  + indexer-worker: Change indexer to disconnect from indexer-worker
    after each request. This allows service indexer-worker's service_count &
    idle_kill settings to work. These can be used to restart indexer-worker
    processes once in a while to reduce their memory usage.
  - auth: "nodelay" with various authentication mechanisms such as apop
    and digest-md5 crashed AUTH process if authentication failed.
  - auth: Auth lua script generating an error triggered an assertion
    failure: Panic: file db-lua.c: line 630 (auth_lua_call_password_verify):
    assertion failed: (lua_gettop(script->L) == 0).
  - configure: Fix libunwind detection to work on other than x86_64 systems.
  - doveadm-server: Process could crash if logging was done outside command
    handling. For example http-client could have done debug logging
    afterwards, resulting in either segfault or Panic:
    file http-client.c: line 642 (http_client_context_close):
    assertion failed: (cctx->clients_list == NULL).
  - dsync: Folder name escaping with BROKENCHAR didn't work completely
    correctly. This especially caused problems with dsync-migrations using
    imapc where some of the remote folder names may not have been accessible.
  - dsync: doveadm sync + imapc doesn't always sync all mails when doing
    an incremental sync (-1), which could lead to mail loss when it's used
    for migration. This happens only when GUIDs aren't used (i.e.
    imapc without imapc_features=guid-forced).
  - fts-tika: When tika server returns error, some mails cause Panic:
    file message-parser.c: line 802 (message_parser_deinit_from_parts):
    assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))
  - lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have
    resulted in crashes. This exposed that Dovecot was wrongly accepting
    atoms in "nstring" handling. Changed the IMAP parsing to be more
    strict about this now.
  - lib-index: If dovecot.index.cache has corrupted message size, fetching
    BODY/BODYSTRUCTURE may cause assert-crash:
    Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish):
    assertion failed: (mail->data.parts != NULL).
  - lib-index: Minor error handling and race condition fixes related to
    rotating dovecot.index.log. These didn't usually cause problems,
    unless the log files were rotated rapidly.
  - lib-lua: Lua scripts using coroutines or lua libraries using coroutines
    (e.g., cqueues) panicked.
  - Message PREVIEW handled whitespace wrong so first space would get
    eaten from between words.
  - FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively.
  - lib-mail: When max nested MIME parts were reached, IMAP BODYSTRUCTURE
    was written in a way that may have caused confusion for IMAP clients
    and also Dovecot itself when parsing it. The truncated part is now
    written out using application/octet-stream MIME type.
  - lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to
    use them: Panic: file hmac.c: line 26 (hmac_init): assertion failed:
    (meth->context_size <= MAC_MAX_CONTEXT_SIZE).
  - event filters: NOT keyword did not have the correct associativity.
    NOT a AND b were getting parsed as NOT (a AND b) instead of
    (NOT a) AND b.
  - Ignore ECONNRESET when closing socket. This avoids logging useless
    errors on systems like FreeBSD.
  - event filters: event filter syntax error may lead to Panic:
    file event-filter.c: line 137 (event_filter_parse): assertion failed:
    (state.output == NULL)
  - lib: timeval_cmp_margin() was broken on 32-bit systems. This could
    potentially have caused HTTP timeouts to be handled incorrectly.
  - log: instance_name wasn't used as syslog ident by the log process.
  - master: After a service reached process_limit and client_limit, it
    could have taken up to 1 second to realize that more client connections
    became available. During this time client connections could have been
    unnecessarily rejected and a warning logged:
    Warning: service(...): process_limit (...) reached, client connections are being dropped
  - stats: Crash would occur when generating openmetrics data for metrics
    using aggregating functions.
  - stats: Event filters comparing against empty strings crash the stats
    process.
  Pigeonhole 0.5.14
  * IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as
    script name argument.

OBS-URL: https://build.opensuse.org/request/show/876725
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=92
2021-03-04 11:59:19 +00:00
Christian Wittmer
83e56214df Accepting request 869119 from home:adkorte:branches:server:mail
- add BuildRequires openssl-devel >= 1.0.1
- add fix-timeval_cmp_margin-for-32bit-systems.patch
  Fix timeval_cmp_margin for 32-bit systems
  https://github.com/dovecot/core/pull/149

OBS-URL: https://build.opensuse.org/request/show/869119
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=90
2021-02-05 09:43:05 +00:00
Peter Varkoly
febef4fd55 Accepting request 860209 from home:adkorte:branches:server:mail
- update to 2.3.13 and pigeonhole to 0.5.13
  Dovecot 2.3.13
  * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
    allow logged in user to access other people's emails and filesystem
    information.
  * Metric filter and global event filter variable syntax changed to a
    SQL-like format. See
    https://doc.dovecot.org/configuration_manual/event_filter/
  * auth: Added new aliases for %{variables}. Usage of the old ones is
    possible, but discouraged.
  * auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
    mechanism and related password schemes.
  * auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
  * auth: Removed postfix postmap socket
  + auth: Added new fields for auth server events. These fields are now
    also available for all auth events. See
    https://doc.dovecot.org/admin_manual/list_of_events/#authentication-server
    for details.
  + imap-hibernate: Added imap_client_hibernated, imap_client_unhibernated
    and imap_client_unhibernate_retried events. See
    https://doc.dovecot.org/admin_manual/list_of_events/ for details.
  + lib-index: Added new mail_index_recreated event. See
    https://doc.dovecot.org/admin_manual/list_of_events/#mail-index-recreated
  + lib-sql: Support TLS options for cassandra driver. This requires
    cpp-driver v2.15 (or later) to work reliably.
  + lib-storage: Missing $HasAttachment / $HasNoAttachment flags are now
    added to existing mails if mail_attachment_detection_option=add-flags
    and it can be done inexpensively.
  + login proxy: Added login_proxy_max_reconnects setting (default 3) to
    control how many reconnections are attempted.

OBS-URL: https://build.opensuse.org/request/show/860209
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=87
2021-01-04 16:18:10 +00:00
Peter Varkoly
c45a5554e7 Accepting request 850375 from home:Guillaume_G:branches:server:mail
- Fix test on 32-bit:
  * dovecot-2.3.11.3-ftbfs1.patch
  * dovecot-2.3.11.3-ftbfs2.patch

OBS-URL: https://build.opensuse.org/request/show/850375
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=85
2020-11-25 07:48:23 +00:00
Peter Varkoly
a14e5a99e9 Accepting request 846304 from home:kukuk:container
- dovecot is already creating the user accounts, no need to duplicate
  the code as this package does not need them.
- Don't hard require systemd

OBS-URL: https://build.opensuse.org/request/show/846304
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=83
2020-11-18 10:15:29 +00:00
a55aae303c Accepting request 834577 from home:adkorte
- add dovecot-2.3.11.3-gssapi-nul.patch:
  Fix for bug introduced in v2.3.11.3. It appears GSSAPI can contain NUL.
  https://github.com/dovecot/core/pull/133

OBS-URL: https://build.opensuse.org/request/show/834577
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=81
2020-09-15 12:29:29 +00:00
42ae3bc819 - libsodium is not strictly required, it is only required for the
argon password scheme. This is now no longer supported on sle12

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=79
2020-08-31 15:27:50 +00:00
e5278c2201 Accepting request 826219 from home:adkorte
- update to 2.3.11.3 and pigeonhole to 0.5.11
  Dovecot 2.3.11.3
  - pop3-login: Login didn't handle commands in multiple IP packets properly.
    This mainly affected large XCLIENT commands or a large SASL initial
    response parameter in the AUTH command.
  - pop3: pop3_deleted_flag setting was broken, causing:
    Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
    assertion failed: (range[count-1].seq2 <= max_seq)
  Dovecot 2.3.11.2
  - auth: Lua passdb/userdb leaks stack elements per call, eventually
    causing the stack to become too deep and crashing the auth or
    auth-worker process.
  - lib-mail: v2.3.11 regression: MIME parts not returned correctly by
    Dovecot MIME parser.
  - pop3-login: Login would fail with "Input buffer full" if the initial
    response for SASL was too long.
  Dovecot 2.3.11
  * CVE-2020-12100: Parsing mails with a large number of MIME parts could
    have resulted in excessive CPU usage or a crash due to running out of
    stack memory.
  * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
    message buffer size, which leads to reading past allocation which can
    lead to crash.
  * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
    address that has the empty quoted string as local-part causes the lmtp
    service to crash.
  * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
    zero-length message, which leads to assert-crash later on.
  * Events: Fix inconsistency in events. See event documentation in
    https://doc.dovecot.org.

OBS-URL: https://build.opensuse.org/request/show/826219
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=76
2020-08-13 12:18:47 +00:00
28dac82f7b Accepting request 806987 from home:stroeder:branches:server:mail
update to 2.3.10.1 with security fixes

OBS-URL: https://build.opensuse.org/request/show/806987
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=71
2020-05-18 16:25:27 +00:00
c112b436c3 Allow setting TLSv1.3 as minimum TLS version
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=69
2020-04-29 21:26:47 +00:00
21a5cd0499 Accepting request 784360 from home:adkorte:branches:server:mail
- update to 2.3.10 and pigeonhole to 0.5.10
  Dovecot 2.3.10
  * Disable retpoline migitations by default. These can cause severe
    performance regressions, so they should be only enabled when
    applicable.
  * IMAP MOVE now commits transactions in batches of 1000 mails. This
    helps especially with lazy_expunge when moving a lot of mails. It
    mainly avoids situations where multiple IMAP sessions are running the
    same MOVE command and duplicating the mails in the lazy_expunge folder.
    With this change there can still be some duplication, but the MOVE
    always progresses forward. Also if the MOVE fails at some point, the
    changes up to the last 1000 mails are still committed instead of
    rolled back. Note that the COPY command behavior hasn't changed,
    because it is required by IMAP standard to be an atomic operation.
  * IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails.
    This helps especially with lazy_expunge when expunging a lot of mails
    (e.g. millions) to make sure that the progress always moves forward
    even if the process is killed.
  * Autoexpunging now expunges mails in batches of 1000 mails. This helps
    especially with lazy_expunge when expunging a lot of mails
    (e.g. millions) to make sure that the progress always moves forward
    even if the process is killed.
  + Add tool for generating sysreport called dovecot-sysreport.
    This generates a bundle of information usually needed for support
    requests.
  + Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457).
  + Add metric { group_by } setting. This allows automatically creating
    new metrics based on the fields you want to group statistics by.
    NOTE: This feature is considered experimental and syntax is subject
    to change in future release.
  + auth: Support SCRAM-SHA-256 authentication mechanism.
  + imap: Support the new IMAP STATUS=SIZE extension.
  + Use TCP_QUICKACK to reduce latency for some TCP connections.
  + quota-status: Made the service more robust against erroneous use with
    Postfix ACL policies other than smtpd_recipient_restrictions.
  + Add "revision" field support to imap_id_send setting. Using
    "revision *" will send in IMAP ID command response the short commit
    hash of the Dovecot git source tree HEAD (same as in dovecot --version).
  + IMAP ENVELOPE includes now all addresses when there are multiple
    headers (From, To, Cc, etc.) The standard way of having multiple
    addresses is to just list them all in a single header. It's
    non-standard to have multiple headers. However, since MTAs allow these
    mails to pass through and different software may handle them in
    different ways, it's better from security point of view to show all
    the addresses.
  + Event filters now support using "field_name=" to match a field that
    doesn't exist or has an empty value. For example use "error=" to match
    only events that didn't fail.
  - acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA
    commands.
  - cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be
    treated as "uncertain write failure".
  - dict-redis: Using quota_clone configured with dict-redis could have
    crashed when Redis responded slowly.
  - fts-solr: The XML response parser fails to parse large/chunked responses
    correctly. This leads to spurious parse errors, most notably: "Error:
    fts_solr: received invalid uid '0'".
  - imap-hibernate: Communication trouble with imap-master leads to
    segfault.
  - imap-hibernate: Unhibernation retrying wasn't working.
  - imap: Fixed auth lookup privilege problem when imap process was reused
    and user was being un-hibernated.
  - Fix potential crash when copying/moving mails within the same folder.
    This happened only when there were a lot of fields in dovecot.index.cache.
  - lib-index: Recreating dovecot.index.cache file could have crashed when
    merging bitmask fields.
  - lib-index: Using public/shared folders with INDEXPVT configured to use
    private \Seen flags, trying to search seen/unseen in an empty folder
    crashes with segfault.
  - lib-mail: Large base64-encoded mails weren't decoded properly.
    This could have affected searching/indexing mails and message snippet
    generation.
  - lib-mail: Message with only quoted text could have caused message
    snippet to ignore its 200 character limit and return the entire
    message. This was added also to dovecot.index.cache file, which
    increased disk space and memory usage unnecessarily.
    v2.3.9.2 regression (previous versions cached the quoted snippet as
    empty). In a large mail quoted text could have become wrongly added
    to the snippet, possibly mixed together with non-quoted text.
  - lib-smtp: client could have assert-crashed if STARTTLS handshake
    finished earlier than usually.
  - lib-ssl-iostream: remove -static flag for lib-ssl-iostream linking to
    prevent a compile issue.
  - lib-storage: Mailbox synchronization may have assert-crashed in some
    rare situations.
  - lib-storage: mdbox didn't preserve date.saved with dsync.
  - lib: Don't require EAI_{ADDRFAMILY,NODATA}, breaks FreeBSD
  - master: Some services could respawn unthrottled if they crash during
    startup.
  - push-notification: Do not send push_notification_finished event if
    nothing was done. This happens when mail transaction is started and
    ended with no changes.
  - quota-status: Addresses with special characters in the local part caused
    problems in the interaction between Postfix and Dovecot. Postfix sent
    its own internal representation in the recipient field, while Dovecot
    expected a valid RFC5321 mailbox address.
  - submission-login: SESSION was not correctly encoded field for the
    XCLIENT command. Particularly, a '+' character introduced by the
    session ID's Base64 encoding causes problems.
  - submission: Fix submission_max_mail_size to work correctly on 32-bit
    systems.
  - submission: Trusted connections crashed in second connection's EHLO
    if submission-login { service_count } is something else than 1 (which
    is the default).
  - submission: XCLIENT command was never used in the protocol exchange
    with the relay MTA when submission_backend_capabilities is configured,
    even when the relay MTA was properly configured to accept the XCLIENT
    command.
  Pigeonhole 0.5.10
  * imap_sieve_filter: Change result action logging to include IMAP UID
  - vacation: Addresses were compared case-sensitively.

OBS-URL: https://build.opensuse.org/request/show/784360
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=67
2020-03-14 16:19:45 +00:00
8b548c1efa Accepting request 779407 from home:dimstar:Factory
- Update dovecot-2.3.0-dont_use_etc_ssl_certs.patch: since we
  change CERTDIR to /etc/ssl/private, it is rather evil to then err
  out claiming /etc/ssl/certs would not exist. The error message
  should mention the directory it tested for.

OBS-URL: https://build.opensuse.org/request/show/779407
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=65
2020-02-26 13:41:24 +00:00
5ab2c237ea Accepting request 773697 from home:adkorte:branches:server:mail
- update to 2.3.9.3
  * CVE-2020-7046: Truncated UTF-8 can be used to DoS
    submission-login and lmtp processes.
  * CVE-2020-7957: Specially crafted mail can crash snippet generation.

OBS-URL: https://build.opensuse.org/request/show/773697
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=63
2020-02-12 23:17:47 +00:00
Wolfgang Rosenauer
b4cecef615 Accepting request 758889 from home:varkoly:branches:server:mail
- Adapt package changes in mysql-devel

OBS-URL: https://build.opensuse.org/request/show/758889
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=61
2020-01-11 08:39:16 +00:00
Lars Vogdt
75113b87e9 Accepting request 756989 from home:stroeder:branches:server:mail
update to 2.3.9.2 with security fixes

OBS-URL: https://build.opensuse.org/request/show/756989
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=59
2019-12-17 21:27:17 +00:00
5228e3fbb8 Accepting request 746586 from home:adkorte:branches:server:mail
- Disable Link Time Optimization (LTO) (boo#1156301)

OBS-URL: https://build.opensuse.org/request/show/746586
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=57
2019-11-08 16:10:55 +00:00
7b89c83568 Accepting request 736329 from home:stroeder:branches:server:mail
update to 2.3.8 and pigeonhole to 0.5.8

OBS-URL: https://build.opensuse.org/request/show/736329
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=55
2019-10-09 16:25:24 +00:00
2cb5006e53 - update to 2.3.7.2
* CVE-2019-11500: IMAP protocol parser does not properly handle
    NUL byte when scanning data in quoted strings, leading to out
    of bounds heap memory writes. Found by Nick Roessler and Rafi
    Rubin.
- update pigeonhole to 0.5.7.2
  * CVE-2019-11500: ManageSieve protocol parser does not properly
    handle NUL byte when scanning data in quoted strings, leading
    to out of bounds heap memory writes. Found by Nick Roessler and
    Rafi Rubin.
- refreshed patches to apply cleanly again:
  dovecot-2.3.0-better_ssl_defaults.patch
  dovecot-2.3.0-dont_use_etc_ssl_certs.patch

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=52
2019-08-28 17:07:06 +00:00
b0eea71fbb Accepting request 718004 from home:stroeder:branches:server:mail
update to 2.3.7.1 and pigeonhole to 0.5.7.1

OBS-URL: https://build.opensuse.org/request/show/718004
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=50
2019-07-24 13:30:23 +00:00
Lars Vogdt
9777cde63e Accepting request 704275 from home:varkoly:branches:server:mail
- bsc#1134242 - upgrade from 42.3 to 15.1: dovecot shows Unknown
  protocol 'SSLv2'
  * remove !SSLv2 from existing ssl_protocols configuration
    during upgrade

OBS-URL: https://build.opensuse.org/request/show/704275
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=49
2019-06-17 05:44:13 +00:00
6686f19e4a - update pigeonhole to 0.5.6
+ sieve: Redirect loop prevention is sometimes ineffective.
    Improve existing loop detection by also recognizing the
    X-Sieve-Redirected-From header in incoming messages and
    dropping redirect actions when it points to the sending
    account. This header is already added by the redirect action,
    so this improvement only adds an additional use of this header.
  - sieve: Prevent execution of implicit keep upon temporary
    failure occurring at runtime.

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=47
2019-04-30 13:50:19 +00:00
1f53965469 - update to 2.3.6: (boo#1133624 boo#1133625)
* CVE-2019-11494: Submission-login crashed with signal 11 due to
    null pointer access when authentication was aborted by
    disconnecting.
  * CVE-2019-11499: Submission-login crashed when authentication
    was started over TLS secured channel and invalid authentication
    message was sent.
  * auth: Support password grant with passdb oauth2.
  + Use system default CAs for outbound TLS connections.
  + Simplify array handling with new helper macros.
  + fts_solr: Enable configuring batch_size and soft_commit features.
  - lmtp/submission: Fixed various bugs in XCLIENT handling,
    including a hang when XCLIENT commands were sent infinitely to
    the remote server.
  - lmtp/submission: Forwarded multi-line replies were erroneously
    sent as two replies to the client.
  - lib-smtp: client: Message was not guaranteed to contain CRLF
    consistently when CHUNKING was used.
  - fts_solr: Plugin was no longer compatible with Solr 7.
  - Make it possible to disable certificate checking without
    setting ssl_client_ca_* settings.
  - pop3c: SSL support was broken.
  - mysql: Closing connection twice lead to crash on some systems.
  - auth: Multiple oauth2 passdbs crashed auth process on deinit.
  - HTTP client connection errors infrequently triggered a
    segmentation fault when the connection was idle and not used
    for a particular client instance.
- drop https://github.com/dovecot/core/commit/3c5101ffd.patch

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=46
2019-04-30 13:41:27 +00:00
8b970068e3 - backport https://github.com/dovecot/core/commit/3c5101ffd.patch
[PATCH] driver-mysql: Avoid double-closing MySQL connection

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=45
2019-04-29 22:20:50 +00:00
6e450a619d - update to 2.3.5.2 (boo#1132501)
* CVE-2019-10691: Trying to login with 8bit username containing
    invalid UTF8 input causes auth process to crash if auth policy
    is enabled. This could be used rather easily to cause a DoS.
    Similar crash also happens during mail delivery when using
    invalid UTF8 in From or Subject header when OX push
    notification driver is used.
- update to 2.3.5.1 (boo#1130116)

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=43
2019-04-18 11:49:39 +00:00
5865d4af03 - update to 2.3.5.1
* CVE-2019-7524: Missing input buffer size validation leads into
    arbitrary buffer overflow when reading fts or pop3 uidl header
    from Dovecot index. Exploiting this requires direct write
    access to the index files.

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=41
2019-03-28 12:47:57 +00:00
be50c964a0 - update to 2.3.5 and pigeonhole to 0.5.5
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=40
2019-03-08 18:12:37 +00:00
850a9b2907 - update to 2.3.4.1 (boo#1123022)
* CVE-2019-3814: If imap/pop3/managesieve/submission client has
    trusted certificate with missing username field
    (ssl_cert_username_field), under some configurations Dovecot
    mistakenly trusts the username provided via authentication
    instead of failing.
  * ssl_cert_username_field setting was ignored with external
    SMTP AUTH, because none of the MTAs (Postfix, Exim) currently
    send the cert_username field. This may have allowed users with
    trusted certificate to specify any username in the
    authentication. This bug didn't affect Dovecot's Submission
    service.

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=38
2019-02-05 14:50:04 +00:00
d6d0b37521 Accepting request 666836 from home:adkorte:branches:openSUSE:Factory
- add buildrequires zlib-devel which used to be pulled in by other
  buildrequires, but no longer is

OBS-URL: https://build.opensuse.org/request/show/666836
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=36
2019-01-21 09:39:59 +00:00
Andreas Schneider
fbdf7e7877 Accepting request 655860 from home:darix:branches:server:mail
- added 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch:
  fix crash with mysql/mariadb

OBS-URL: https://build.opensuse.org/request/show/655860
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=34
2018-12-06 17:41:29 +00:00
16852df8e8 - added 10048229...de42b54a.patch:
Fix build failures on TW i586

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=32
2018-11-25 00:21:54 +00:00
a5908002a7 - update to 2.3.4
- update pigeonhole to 0.5.4

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=31
2018-11-24 00:58:20 +00:00
b79e7ee68f Accepting request 639469 from home:darix:playground
- update pigeonhole to 0.5.3
- update to 2.3.3

OBS-URL: https://build.opensuse.org/request/show/639469
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=29
2018-10-01 23:03:57 +00:00
00a2ea2380 Accepting request 622786 from home:wrosenauer:devel
OBS-URL: https://build.opensuse.org/request/show/622786
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=27
2018-07-14 12:55:30 +00:00
7469ea6825 - added
4ff4bd024a.patch

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=26
2018-07-13 21:27:39 +00:00
05ca6d7f03 - update to 2.3.2.1
- SSL/TLS servers may have crashed during client disconnection
  - lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may have
    sometimes assert-crashed.
  - v2.3.2: "make check" may have crashed with 32bit systems

OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=24
2018-07-11 14:24:36 +00:00