|
|
|
@ -1,28 +1,26 @@
|
|
|
|
|
%global __provides_exclude_from %{_docdir}
|
|
|
|
|
%global __requires_exclude_from %{_docdir}
|
|
|
|
|
|
|
|
|
|
Summary: Secure imap and pop3 server
|
|
|
|
|
Name: dovecot
|
|
|
|
|
Epoch: 1
|
|
|
|
|
Version: 2.3.16
|
|
|
|
|
%global prever %{nil}
|
|
|
|
|
Release: 11%{?dist}.1
|
|
|
|
|
Release: 6%{?dist}
|
|
|
|
|
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
|
|
|
|
|
License: MIT and LGPLv2
|
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
|
|
|
|
|
URL: https://www.dovecot.org/
|
|
|
|
|
Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
|
|
|
|
URL: http://www.dovecot.org/
|
|
|
|
|
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
|
|
|
|
Source1: dovecot.init
|
|
|
|
|
Source2: dovecot.pam
|
|
|
|
|
%global pigeonholever 0.5.16
|
|
|
|
|
Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
|
|
|
|
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
|
|
|
|
Source9: dovecot.sysconfig
|
|
|
|
|
Source10: dovecot.tmpfilesd
|
|
|
|
|
|
|
|
|
|
#our own
|
|
|
|
|
Source14: dovecot.conf.5
|
|
|
|
|
Source15: prestartscript
|
|
|
|
|
Source16: dovecot.sysusers
|
|
|
|
|
|
|
|
|
|
# 3x Fedora/RHEL specific
|
|
|
|
|
Patch1: dovecot-2.0-defaultconfig.patch
|
|
|
|
@ -34,65 +32,60 @@ Patch6: dovecot-2.1.10-waitonline.patch
|
|
|
|
|
|
|
|
|
|
Patch8: dovecot-2.2.20-initbysystemd.patch
|
|
|
|
|
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
|
|
|
|
|
Patch15: dovecot-2.3.11-bigkey.patch
|
|
|
|
|
|
|
|
|
|
# sent upstream, rhbz#1630380
|
|
|
|
|
Patch11: dovecot-2.2.36-aclfix.patch
|
|
|
|
|
|
|
|
|
|
Patch13: dovecot-2.2.36-bigkey.patch
|
|
|
|
|
|
|
|
|
|
# do not use own implementation of HMAC, use OpenSSL for certification purposes
|
|
|
|
|
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
|
|
|
|
|
# hard to break circular dependency between lib and lib-dcrypt
|
|
|
|
|
Patch16: dovecot-2.3.6-opensslhmac.patch
|
|
|
|
|
Patch14: dovecot-2.3.6-opensslhmac.patch
|
|
|
|
|
|
|
|
|
|
Patch17: dovecot-2.3.14-opensslv3.patch
|
|
|
|
|
|
|
|
|
|
# FTBFS
|
|
|
|
|
Patch18: dovecot-2.3.15-fixvalcond.patch
|
|
|
|
|
Patch19: dovecot-2.3.15-valbasherr.patch
|
|
|
|
|
Patch20: dovecot-2.3.16-ftbfsbigend.patch
|
|
|
|
|
# from upstream, for dovecot < 2.3.17, s390x FTBFS fix
|
|
|
|
|
Patch15: dovecot-2.3.16-ftbfsbigend.patch
|
|
|
|
|
Patch16: dovecot-2.3.16-keeplzma.patch
|
|
|
|
|
|
|
|
|
|
# from upstream, for <= 2.3.19.1, rhbz#2106232
|
|
|
|
|
Patch21: dovecot-2.3.19.1-7bad6a24.patch
|
|
|
|
|
Patch17: dovecot-2.3.19.1-7bad6a24.patch
|
|
|
|
|
|
|
|
|
|
# from upstream, for < 2.3.19.1, rhbz#2128857
|
|
|
|
|
Patch22: dovecot-2.3.18-bdf447e4.patch
|
|
|
|
|
Patch23: dovecot-2.3.18-9f300239..4596d399.patch
|
|
|
|
|
|
|
|
|
|
# from upstream, for < 2.3.21, RHEL-25434
|
|
|
|
|
Patch24: dovecot-2.3.16-d7705bc6.patch
|
|
|
|
|
Patch18: dovecot-2.3.18-9f300239..4596d399.patch
|
|
|
|
|
Patch19: dovecot-2.3.18-bdf447e4.patch
|
|
|
|
|
|
|
|
|
|
# fix test failing due to too long path with all the mock path prefixes
|
|
|
|
|
Patch27: dovecot-2.3.21-test-socket-path.patch
|
|
|
|
|
# from upstream, for < 2.3.21, RHEL-22854
|
|
|
|
|
Patch20: dovecot-2.3.16-d7705bc6.patch
|
|
|
|
|
|
|
|
|
|
# from upstream for < 2.3.21.1, RHEL-55211
|
|
|
|
|
# from upstream for < 2.3.21.1, RHEL-55206
|
|
|
|
|
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch
|
|
|
|
|
Patch28: dovecot-2.3.21.1-CVE-2024-23184.patch
|
|
|
|
|
Patch21: dovecot-2.3.21.1-CVE-2024-23184.patch
|
|
|
|
|
|
|
|
|
|
# from upstream for < 2.3.21.1, RHEL-55225
|
|
|
|
|
# from upstream for < 2.3.21.1, RHEL-55219
|
|
|
|
|
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
|
|
|
|
|
Patch29: dovecot-2.3.21.1-CVE-2024-23185.patch
|
|
|
|
|
Patch22: dovecot-2.3.21.1-CVE-2024-23185.patch
|
|
|
|
|
|
|
|
|
|
BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
|
|
|
|
|
# fix test failing due to too long path with all the mock path prefixes
|
|
|
|
|
Patch23: dovecot-2.3.21-test-socket-path.patch
|
|
|
|
|
|
|
|
|
|
Source15: prestartscript
|
|
|
|
|
|
|
|
|
|
BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
|
|
|
|
|
BuildRequires: libtool, autoconf, automake, pkgconfig
|
|
|
|
|
BuildRequires: sqlite-devel
|
|
|
|
|
BuildRequires: libpq-devel
|
|
|
|
|
BuildRequires: postgresql-devel
|
|
|
|
|
#BuildRequires: libpq-devel
|
|
|
|
|
BuildRequires: mariadb-connector-c-devel
|
|
|
|
|
BuildRequires: libxcrypt-devel
|
|
|
|
|
#BuildRequires: libxcrypt-devel
|
|
|
|
|
BuildRequires: openldap-devel
|
|
|
|
|
BuildRequires: krb5-devel
|
|
|
|
|
BuildRequires: quota-devel
|
|
|
|
|
BuildRequires: rpcgen
|
|
|
|
|
BuildRequires: xz-devel
|
|
|
|
|
BuildRequires: lz4-devel
|
|
|
|
|
BuildRequires: libzstd-devel
|
|
|
|
|
%if %{?rhel}0 == 0
|
|
|
|
|
BuildRequires: libsodium-devel
|
|
|
|
|
%endif
|
|
|
|
|
BuildRequires: libicu-devel
|
|
|
|
|
BuildRequires: libexttextcat-devel
|
|
|
|
|
BuildRequires: libstemmer-devel
|
|
|
|
|
BuildRequires: multilib-rpm-config
|
|
|
|
|
BuildRequires: flex, bison
|
|
|
|
|
BuildRequires: systemd-devel
|
|
|
|
|
# for dovecot.sysusers
|
|
|
|
|
BuildRequires: systemd-rpm-macros
|
|
|
|
|
#BuildRequires: libsodium-devel
|
|
|
|
|
#BuildRequires: libexttextcat-devel
|
|
|
|
|
#BuildRequires: libstemmer-devel
|
|
|
|
|
|
|
|
|
|
# gettext-devel is needed for running autoconf because of the
|
|
|
|
|
# presence of AM_ICONV
|
|
|
|
@ -103,19 +96,33 @@ Requires: openssl >= 0.9.7f-4
|
|
|
|
|
|
|
|
|
|
# Package includes an initscript service file, needs to require initscripts package
|
|
|
|
|
Requires(pre): shadow-utils
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
Requires: systemd
|
|
|
|
|
Requires(post): systemd-units
|
|
|
|
|
Requires(preun): systemd-units
|
|
|
|
|
Requires(postun): systemd-units
|
|
|
|
|
%else
|
|
|
|
|
Requires: initscripts
|
|
|
|
|
Requires(post): chkconfig
|
|
|
|
|
Requires(preun): chkconfig initscripts
|
|
|
|
|
Requires(postun): initscripts
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{?fedora}0 > 150 || %{?rhel}0 >60
|
|
|
|
|
#clucene in fedora <=15 and rhel<=6 is too old
|
|
|
|
|
BuildRequires: clucene-core-devel
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%global ssldir %{_sysconfdir}/pki/%{name}
|
|
|
|
|
|
|
|
|
|
%if %{?fedora}00%{?rhel} < 6
|
|
|
|
|
%global _initddir %{_initrddir}
|
|
|
|
|
BuildRequires: curl-devel expat-devel
|
|
|
|
|
%else
|
|
|
|
|
BuildRequires: libcurl-devel expat-devel
|
|
|
|
|
BuildRequires: make
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%global restart_flag /run/%{name}/%{name}-restart-after-rpm-install
|
|
|
|
|
%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
|
|
|
|
@ -127,6 +134,7 @@ The SQL drivers and authentication plug-ins are in their subpackages.
|
|
|
|
|
%package pigeonhole
|
|
|
|
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
|
|
|
Summary: Sieve and managesieve plug-in for dovecot
|
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
License: MIT and LGPLv2
|
|
|
|
|
|
|
|
|
|
%description pigeonhole
|
|
|
|
@ -135,18 +143,21 @@ This package provides sieve and managesieve plug-in for dovecot LDA.
|
|
|
|
|
%package pgsql
|
|
|
|
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
|
|
|
Summary: Postgres SQL back end for dovecot
|
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
%description pgsql
|
|
|
|
|
This package provides the Postgres SQL back end for dovecot-auth etc.
|
|
|
|
|
|
|
|
|
|
%package mysql
|
|
|
|
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
|
|
|
Summary: MySQL back end for dovecot
|
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
%description mysql
|
|
|
|
|
This package provides the MySQL back end for dovecot-auth etc.
|
|
|
|
|
|
|
|
|
|
%package devel
|
|
|
|
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
|
|
|
|
Summary: Development files for dovecot
|
|
|
|
|
Group: Development/Libraries
|
|
|
|
|
%description devel
|
|
|
|
|
This package provides the development files for dovecot.
|
|
|
|
|
|
|
|
|
@ -158,26 +169,22 @@ This package provides the development files for dovecot.
|
|
|
|
|
%patch -P 6 -p1 -b .waitonline
|
|
|
|
|
%patch -P 8 -p1 -b .initbysystemd
|
|
|
|
|
%patch -P 9 -p1 -b .systemd_w_protectsystem
|
|
|
|
|
%patch -P 15 -p1 -b .bigkey
|
|
|
|
|
%patch -P 16 -p1 -b .opensslhmac
|
|
|
|
|
%patch -P 17 -p1 -b .opensslv3
|
|
|
|
|
%patch -P 18 -p1 -b .fixvalcond
|
|
|
|
|
%patch -P 19 -p1 -b .valbasherr
|
|
|
|
|
%patch -P 20 -p1 -b .ftbfsbigend
|
|
|
|
|
%patch -P 21 -p1 -b .7bad6a24
|
|
|
|
|
%patch -P 22 -p1 -b .bdf447e4
|
|
|
|
|
%patch -P 24 -p1 -b .d7705bc6
|
|
|
|
|
%patch -P 27 -p1 -b .test-socket-path
|
|
|
|
|
%patch -P 28 -p1 -b .CVE-2024-23184
|
|
|
|
|
%patch -P 29 -p1 -b .CVE-2024-23185
|
|
|
|
|
|
|
|
|
|
cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/
|
|
|
|
|
# valgrind would fail with shell wrapper
|
|
|
|
|
echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude
|
|
|
|
|
|
|
|
|
|
%patch -P 11 -p1 -b .aclfix
|
|
|
|
|
%patch -P 13 -p1 -b .bigkey
|
|
|
|
|
%patch -P 14 -p1 -b .opensslhmac
|
|
|
|
|
%patch -P 15 -p1 -b .ftbfsbigend
|
|
|
|
|
%patch -P 16 -p1 -b .keeplzma
|
|
|
|
|
%patch -P 17 -p1 -b .7bad6a24
|
|
|
|
|
%patch -P 19 -p1 -b .bdf447e4
|
|
|
|
|
%patch -P 20 -p1 -b .d7705bc6
|
|
|
|
|
%patch -P 21 -p1 -b .CVE-2024-23184
|
|
|
|
|
%patch -P 22 -p1 -b .CVE-2024-23185
|
|
|
|
|
%patch -P 23 -p1 -b .test-socket-path
|
|
|
|
|
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
|
|
|
|
%patch -P 23 -p1 -b .9f300239..4596d399
|
|
|
|
|
%patch -P 18 -p1 -b .9f300239..4596d399
|
|
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
@ -185,8 +192,11 @@ sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src
|
|
|
|
|
%global _hardened_build 1
|
|
|
|
|
export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"
|
|
|
|
|
export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
|
|
|
|
|
# el6 autoconf too old to regen; use packaged files (#1082384)
|
|
|
|
|
%if %{?fedora}00%{?rhel} > 6
|
|
|
|
|
mkdir -p m4
|
|
|
|
|
autoreconf -I . -fiv #required for aarch64 support
|
|
|
|
|
%endif
|
|
|
|
|
%configure \
|
|
|
|
|
INSTALL_DATA="install -c -p -m644" \
|
|
|
|
|
--with-rundir=%{_rundir}/%{name} \
|
|
|
|
@ -204,18 +214,17 @@ autoreconf -I . -fiv #required for aarch64 support
|
|
|
|
|
--with-mysql \
|
|
|
|
|
--with-sqlite \
|
|
|
|
|
--with-zlib \
|
|
|
|
|
--with-zstd \
|
|
|
|
|
--with-libcap \
|
|
|
|
|
--with-icu \
|
|
|
|
|
--with-lucene \
|
|
|
|
|
--with-ssl=openssl \
|
|
|
|
|
--with-ssldir=%{ssldir} \
|
|
|
|
|
--with-solr \
|
|
|
|
|
--with-systemdsystemunitdir=%{_unitdir} \
|
|
|
|
|
--with-docs
|
|
|
|
|
|
|
|
|
|
sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf
|
|
|
|
|
|
|
|
|
|
%make_build
|
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
|
|
|
|
|
|
#pigeonhole
|
|
|
|
|
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
|
|
|
@ -230,13 +239,13 @@ pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
|
|
|
|
--with-dovecot=../ \
|
|
|
|
|
--without-unfinished-features
|
|
|
|
|
|
|
|
|
|
%make_build
|
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
|
|
%make_install
|
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
|
|
# move doc dir back to build dir so doc macro in files section can use it
|
|
|
|
|
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall
|
|
|
|
@ -245,13 +254,17 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/
|
|
|
|
|
%multilib_fix_c_header --file %{_includedir}/dovecot/config.h
|
|
|
|
|
|
|
|
|
|
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
|
|
|
|
%make_install
|
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
|
|
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
|
|
|
|
|
|
|
|
|
install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
%if %{?fedora}00%{?rhel} < 6
|
|
|
|
|
sed -i 's|password-auth|system-auth|' %{SOURCE2}
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot
|
|
|
|
|
|
|
|
|
|
#install man pages
|
|
|
|
@ -260,8 +273,6 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5
|
|
|
|
|
#install waitonline script
|
|
|
|
|
install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript
|
|
|
|
|
|
|
|
|
|
install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers
|
|
|
|
|
|
|
|
|
|
# generate ghost .pem files
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{ssldir}/private
|
|
|
|
@ -270,9 +281,14 @@ chmod 600 $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem
|
|
|
|
|
touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
|
|
|
|
chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
|
|
|
|
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf
|
|
|
|
|
%else
|
|
|
|
|
install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot
|
|
|
|
|
install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login}
|
|
|
|
|
|
|
|
|
|
# Install dovecot configuration and dovecot-openssl.cnf
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
|
|
|
|
@ -299,63 +315,78 @@ popd
|
|
|
|
|
|
|
|
|
|
%pre
|
|
|
|
|
#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid
|
|
|
|
|
%sysusers_create_compat %{SOURCE16}
|
|
|
|
|
getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot
|
|
|
|
|
getent passwd dovecot >/dev/null || \
|
|
|
|
|
useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot
|
|
|
|
|
|
|
|
|
|
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
|
|
|
|
then
|
|
|
|
|
# during LEAPP upgrade, services are not running anyway
|
|
|
|
|
|
|
|
|
|
# do not let dovecot run during upgrade rhbz#134325
|
|
|
|
|
if [ "$1" = "2" ]; then
|
|
|
|
|
rm -f %restart_flag
|
|
|
|
|
/bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:
|
|
|
|
|
/bin/systemctl stop %{name}.service >/dev/null 2>&1
|
|
|
|
|
fi
|
|
|
|
|
getent group dovenull >/dev/null || groupadd -r dovenull
|
|
|
|
|
getent passwd dovenull >/dev/null || \
|
|
|
|
|
useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull
|
|
|
|
|
|
|
|
|
|
# do not let dovecot run during upgrade rhbz#134325
|
|
|
|
|
if [ "$1" = "2" ]; then
|
|
|
|
|
rm -f %restart_flag
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
/bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:
|
|
|
|
|
/bin/systemctl stop %{name}.service >/dev/null 2>&1
|
|
|
|
|
%else
|
|
|
|
|
/sbin/service %{name} status >/dev/null 2>&1 && touch %restart_flag ||:
|
|
|
|
|
/sbin/service %{name} stop >/dev/null 2>&1
|
|
|
|
|
%endif
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
%post
|
|
|
|
|
if [ $1 -eq 1 ]
|
|
|
|
|
then
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
%systemd_post dovecot.service
|
|
|
|
|
%else
|
|
|
|
|
/sbin/chkconfig --add %{name}
|
|
|
|
|
%endif
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
install -d -m 0755 -g dovecot -d /run/dovecot
|
|
|
|
|
install -d -m 0755 -d /run/dovecot/empty
|
|
|
|
|
install -d -m 0750 -g dovenull -d /run/dovecot/login
|
|
|
|
|
install -d -m 0750 -g dovenull -d /run/dovecot/token-login
|
|
|
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot ||:
|
|
|
|
|
install -d -m 0755 -g dovecot -d /var/run/dovecot
|
|
|
|
|
install -d -m 0755 -d /var/run/dovecot/empty
|
|
|
|
|
install -d -m 0750 -g dovenull -d /var/run/dovecot/login
|
|
|
|
|
install -d -m 0750 -g dovenull -d /var/run/dovecot/token-login
|
|
|
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot ||:
|
|
|
|
|
|
|
|
|
|
%preun
|
|
|
|
|
if [ $1 = 0 ]; then
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
/bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
|
|
|
|
/bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
|
|
|
|
rm -rf /run/dovecot
|
|
|
|
|
%else
|
|
|
|
|
/sbin/service %{name} stop > /dev/null 2>&1
|
|
|
|
|
/sbin/chkconfig --del %{name}
|
|
|
|
|
%endif
|
|
|
|
|
rm -rf /var/run/dovecot
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
%postun
|
|
|
|
|
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
|
|
|
|
then
|
|
|
|
|
# during LEAPP upgrade, services are not running anyway
|
|
|
|
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
if [ "$1" -ge "1" -a -e %restart_flag ]; then
|
|
|
|
|
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
|
|
|
|
rm -f %restart_flag
|
|
|
|
|
fi
|
|
|
|
|
if [ "$1" -ge "1" -a -e %restart_flag ]; then
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
|
|
|
|
%else
|
|
|
|
|
/sbin/service %{name} start >/dev/null 2>&1 || :
|
|
|
|
|
%endif
|
|
|
|
|
rm -f %restart_flag
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
%posttrans
|
|
|
|
|
|
|
|
|
|
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
|
|
|
|
then
|
|
|
|
|
# during LEAPP upgrade, services are not running anyway
|
|
|
|
|
|
|
|
|
|
# dovecot should be started again in %%postun, but it's not executed on reinstall
|
|
|
|
|
# if it was already started, restart_flag won't be here, so it's ok to test it again
|
|
|
|
|
if [ -e %restart_flag ]; then
|
|
|
|
|
# dovecot should be started again in %%postun, but it's not executed on reinstall
|
|
|
|
|
# if it was already started, restart_flag won't be here, so it's ok to test it again
|
|
|
|
|
if [ -e %restart_flag ]; then
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
|
|
|
|
rm -f %restart_flag
|
|
|
|
|
fi
|
|
|
|
|
%else
|
|
|
|
|
/sbin/service %{name} start >/dev/null 2>&1 || :
|
|
|
|
|
%endif
|
|
|
|
|
rm -f %restart_flag
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
%check
|
|
|
|
@ -373,11 +404,15 @@ make check
|
|
|
|
|
%{_bindir}/dovecot-sysreport
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
|
|
|
%_tmpfilesdir/dovecot.conf
|
|
|
|
|
%{_sysusersdir}/dovecot.sysusers
|
|
|
|
|
%{_unitdir}/dovecot.service
|
|
|
|
|
%{_unitdir}/dovecot-init.service
|
|
|
|
|
%{_unitdir}/dovecot.socket
|
|
|
|
|
%else
|
|
|
|
|
%{_initddir}/dovecot
|
|
|
|
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%dir %{_sysconfdir}/dovecot
|
|
|
|
|
%dir %{_sysconfdir}/dovecot/conf.d
|
|
|
|
@ -448,10 +483,10 @@ make check
|
|
|
|
|
%{_libexecdir}/%{name}
|
|
|
|
|
%exclude %{_libexecdir}/%{name}/managesieve*
|
|
|
|
|
|
|
|
|
|
%dir %attr(0755,root,dovecot) %ghost /run/dovecot
|
|
|
|
|
%attr(0750,root,dovenull) %ghost /run/dovecot/login
|
|
|
|
|
%attr(0750,root,dovenull) %ghost /run/dovecot/token-login
|
|
|
|
|
%attr(0755,root,root) %ghost /run/dovecot/empty
|
|
|
|
|
%dir %attr(0755,root,dovecot) %ghost /var/run/dovecot
|
|
|
|
|
%attr(0750,root,dovenull) %ghost /var/run/dovecot/login
|
|
|
|
|
%attr(0750,root,dovenull) %ghost /var/run/dovecot/token-login
|
|
|
|
|
%attr(0755,root,root) %ghost /var/run/dovecot/empty
|
|
|
|
|
|
|
|
|
|
%attr(0750,dovecot,dovecot) /var/lib/dovecot
|
|
|
|
|
|
|
|
|
@ -509,257 +544,117 @@ make check
|
|
|
|
|
%{_libdir}/%{name}/dict/libdriver_pgsql.so
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Mon Sep 02 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-11.1
|
|
|
|
|
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55211)
|
|
|
|
|
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55225)
|
|
|
|
|
|
|
|
|
|
* Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-11
|
|
|
|
|
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-25434)
|
|
|
|
|
|
|
|
|
|
* Tue Aug 15 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-10
|
|
|
|
|
- fix leaking mailboxes if virtual mailbox can't be opened (#2231408)
|
|
|
|
|
|
|
|
|
|
* Sat May 27 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-9
|
|
|
|
|
- add buildrequire of rpcgen to enable rquota support(#2157045)
|
|
|
|
|
|
|
|
|
|
* Tue Sep 13 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-8
|
|
|
|
|
- do not run systemd commands during leapp upgrade (#2119385)
|
|
|
|
|
* Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-6
|
|
|
|
|
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219)
|
|
|
|
|
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55206)
|
|
|
|
|
|
|
|
|
|
* Tue Jul 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-7
|
|
|
|
|
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106232)
|
|
|
|
|
* Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-5
|
|
|
|
|
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-22854)
|
|
|
|
|
|
|
|
|
|
* Wed Jul 06 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-6
|
|
|
|
|
- fix possible nonzero return value of postinst script(#2053368)
|
|
|
|
|
* Fri Aug 04 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
|
|
|
|
|
- fix leaking mailboxes if virtual mailbox can't be opened (#2128857)
|
|
|
|
|
|
|
|
|
|
* Tue Jul 05 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-5
|
|
|
|
|
- workaround sysuers macro defficiency (#2095399)
|
|
|
|
|
* Tue Jul 19 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
|
|
|
|
|
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106231)
|
|
|
|
|
|
|
|
|
|
* Tue Jul 05 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
|
|
|
|
|
- use systemd-sysusers for user creation (#2095399)
|
|
|
|
|
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2
|
|
|
|
|
- do not disable xz/lzma for now despite being deprecated
|
|
|
|
|
|
|
|
|
|
* Wed Nov 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
|
|
|
|
|
- re-enable LTO build (#1990080)
|
|
|
|
|
|
|
|
|
|
* Wed Oct 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2
|
|
|
|
|
- set first_valid_uid to 1000 to match system default (#2009716)
|
|
|
|
|
|
|
|
|
|
* Fri Aug 20 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
|
|
|
|
|
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
|
|
|
|
|
- dovecot updated to 2.3.16, pigeonhole to 0.5.16
|
|
|
|
|
- fixes several regressions (#1997583)
|
|
|
|
|
|
|
|
|
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.15-2
|
|
|
|
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
|
|
Related: rhbz#1991688
|
|
|
|
|
|
|
|
|
|
* Wed Jul 21 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.15-1
|
|
|
|
|
- dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
|
|
|
|
|
- CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
|
|
|
|
|
JWT tokens. This may be used to supply attacker controlled keys to
|
|
|
|
|
validate tokens, if attacker has local access (#1979833)
|
|
|
|
|
- CVE-2021-33515: On-path attacker could have injected plaintext commands
|
|
|
|
|
before STARTTLS negotiation that would be executed after STARTTLS
|
|
|
|
|
finished with the client
|
|
|
|
|
- Add TSLv1.3 support to min_protocols.
|
|
|
|
|
|
|
|
|
|
* Wed Jul 14 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-5
|
|
|
|
|
- fix mail storage block count parsing (#1974281)
|
|
|
|
|
|
|
|
|
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-4
|
|
|
|
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
|
|
|
Related: rhbz#1971065
|
|
|
|
|
|
|
|
|
|
* Fri Jun 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-3
|
|
|
|
|
- compatibility with openssl 3.0 (#1962035)
|
|
|
|
|
|
|
|
|
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-2
|
|
|
|
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
|
|
|
|
|
|
|
* Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
|
|
|
|
|
- dovecot updated to 2.3.14, pigeonhole to 0.5.14
|
|
|
|
|
- use OpenSSL's implementation of HMAC
|
|
|
|
|
- Remove autocreate, expire, snarf and mail-filter plugins.
|
|
|
|
|
- Remove cydir storage driver.
|
|
|
|
|
- Remove XZ/LZMA write support. Read support will be removed in future release.
|
|
|
|
|
|
|
|
|
|
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
|
|
|
|
|
- rebuild for libpq ABI fix rhbz#1908268
|
|
|
|
|
|
|
|
|
|
* Mon Feb 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-6
|
|
|
|
|
- use make macros
|
|
|
|
|
|
|
|
|
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.13-5
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-4
|
|
|
|
|
- fix multilib issues
|
|
|
|
|
|
|
|
|
|
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-3
|
|
|
|
|
- bump release and rebuild
|
|
|
|
|
|
|
|
|
|
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-2
|
|
|
|
|
- fix rundir location
|
|
|
|
|
|
|
|
|
|
* Wed Jan 06 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-1
|
|
|
|
|
- fix release number
|
|
|
|
|
|
|
|
|
|
* Mon Jan 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-0
|
|
|
|
|
- dovecot updated to 2.3.13, pigeonhole to 0.5.13
|
|
|
|
|
- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
|
|
|
|
|
allow logged in user to access other people's emails and filesystem
|
|
|
|
|
information.
|
|
|
|
|
- Metric filter and global event filter variable syntax changed to a
|
|
|
|
|
SQL-like format.
|
|
|
|
|
- auth: Added new aliases for %{variables}. Usage of the old ones is
|
|
|
|
|
possible, but discouraged.
|
|
|
|
|
- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
|
|
|
|
|
mechanism and related password schemes.
|
|
|
|
|
- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
|
|
|
|
|
- auth: Removed postfix postmap socket
|
|
|
|
|
|
|
|
|
|
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7
|
|
|
|
|
- change run directory from /var/run to /run (#1777922)
|
|
|
|
|
|
|
|
|
|
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-6
|
|
|
|
|
- use bigger default key size (#1882939)
|
|
|
|
|
|
|
|
|
|
* Wed Sep 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-5
|
|
|
|
|
- fix gssapi issue
|
|
|
|
|
|
|
|
|
|
* Wed Aug 26 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-4
|
|
|
|
|
- fix FTBFS on 32bit systems
|
|
|
|
|
|
|
|
|
|
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 1:2.3.11.3-2
|
|
|
|
|
- Disable LTO
|
|
|
|
|
|
|
|
|
|
* Sat Aug 15 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-1
|
|
|
|
|
- CVE-2020-12100: Parsing mails with a large number of MIME parts could
|
|
|
|
|
have resulted in excessive CPU usage or a crash due to running out of
|
|
|
|
|
stack memory.
|
|
|
|
|
- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
|
|
|
|
|
message buffer size, which leads to reading past allocation which can
|
|
|
|
|
lead to crash.
|
|
|
|
|
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
|
|
|
|
|
address that has the empty quoted string as local-part causes the lmtp
|
|
|
|
|
service to crash.
|
|
|
|
|
- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
|
|
|
|
|
zero-length message, which leads to assert-crash later on.
|
|
|
|
|
|
|
|
|
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-3
|
|
|
|
|
- Second attempt - Rebuilt for
|
|
|
|
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
|
|
|
|
|
* Mon May 18 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10.1-1
|
|
|
|
|
- dovecot updated to 2.3.10.1
|
|
|
|
|
- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957
|
|
|
|
|
|
|
|
|
|
* Tue Apr 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10-1
|
|
|
|
|
- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10
|
|
|
|
|
|
|
|
|
|
* Wed Feb 12 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.3-1
|
|
|
|
|
- dovecot updated to 2.3.9.3
|
|
|
|
|
- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS
|
|
|
|
|
submission-login and lmtp processes.
|
|
|
|
|
- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.9.2-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
|
|
- fix CVE-2021-33515 plaintext commands injection (#1980014)
|
|
|
|
|
|
|
|
|
|
* Thu Dec 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.2-1
|
|
|
|
|
- CVE-2019-19722: Mails with group addresses in From or To fields
|
|
|
|
|
caused crash in push notification drivers.
|
|
|
|
|
|
|
|
|
|
* Wed Dec 04 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9-1
|
|
|
|
|
- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9
|
|
|
|
|
|
|
|
|
|
* Thu Oct 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
|
|
|
|
|
- dovecot updated to 2.3.8, pigeonhole 0.5.8
|
|
|
|
|
|
|
|
|
|
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.7.2-1
|
|
|
|
|
- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
|
|
|
|
|
- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
|
|
|
|
|
when scanning data in quoted strings, leading to out of bounds heap
|
|
|
|
|
memory writes
|
|
|
|
|
|
|
|
|
|
* Mon Aug 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:1-2.3.7.1
|
|
|
|
|
- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1
|
|
|
|
|
* Wed Feb 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-9
|
|
|
|
|
- fix CVE-2020-24386 IMAP hibernation function allows mail access (#1913534)
|
|
|
|
|
|
|
|
|
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.6-4
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
|
* Tue Jan 12 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-8
|
|
|
|
|
- fix CVE-2020-25275 denial of service via mail MIME parsing (#1914019)
|
|
|
|
|
|
|
|
|
|
* Fri May 31 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-3
|
|
|
|
|
- disable gcc 9 stack reuse temporarily
|
|
|
|
|
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-7
|
|
|
|
|
- change run directory from /var/run to /run (#1805947)
|
|
|
|
|
|
|
|
|
|
* Mon May 13 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-2
|
|
|
|
|
- use /run instead of /var/run (#1706372)
|
|
|
|
|
* Wed Dec 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-6
|
|
|
|
|
- fix mail storage block count parsing (#1894418)
|
|
|
|
|
- MIME parser crashed when boundaries were wrong (#1888111)
|
|
|
|
|
|
|
|
|
|
* Thu May 02 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-1
|
|
|
|
|
- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6
|
|
|
|
|
* Mon Nov 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-5
|
|
|
|
|
- multilib compatibility (#1853137)
|
|
|
|
|
|
|
|
|
|
* Thu Apr 18 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.2-1
|
|
|
|
|
- dovecot updated to 2.3.5.2
|
|
|
|
|
- fixes CVE-2019-10691: Trying to login with 8bit username containing
|
|
|
|
|
invalid UTF8 input causes auth process to crash if auth policy is enabled.
|
|
|
|
|
* Fri Aug 07 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-4
|
|
|
|
|
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
|
|
|
|
|
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
|
|
|
|
|
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
|
|
|
|
|
|
|
|
|
|
* Thu Mar 28 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.1-1
|
|
|
|
|
- dovecot updated to 2.3.5.1
|
|
|
|
|
- CVE-2019-7524: Missing input buffer size validation leads into
|
|
|
|
|
arbitrary buffer overflow when reading fts or pop3 uidl header
|
|
|
|
|
from Dovecot index.
|
|
|
|
|
* Mon Jun 01 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-3
|
|
|
|
|
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
|
|
|
|
|
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines
|
|
|
|
|
leads to use-after-free (#1840357)
|
|
|
|
|
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart
|
|
|
|
|
leads to DoS (#1840356)
|
|
|
|
|
|
|
|
|
|
* Wed Mar 06 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5-1
|
|
|
|
|
- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5
|
|
|
|
|
* Thu Jan 09 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-2
|
|
|
|
|
- fix default attributes for ghost files
|
|
|
|
|
|
|
|
|
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.4-3
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
|
|
* Tue Nov 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
|
|
|
|
|
- dovecot updated to 2.3.8 with pigeonhole updated to 0.5.8 (#1653117)
|
|
|
|
|
|
|
|
|
|
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:2.3.4-2
|
|
|
|
|
- Rebuilt for libcrypt.so.2 (#1666033)
|
|
|
|
|
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-10
|
|
|
|
|
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
|
|
|
|
|
when scanning data in quoted strings, leading to out of bounds heap
|
|
|
|
|
memory writes (#1741788)
|
|
|
|
|
|
|
|
|
|
* Wed Jan 09 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.4-1
|
|
|
|
|
- dovecot updated to 2.3.4, pigeonhole updated to 0.5.4
|
|
|
|
|
* Fri Aug 23 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-9
|
|
|
|
|
- reset errno before iterating through users (#1630410)
|
|
|
|
|
|
|
|
|
|
* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.3-1
|
|
|
|
|
- dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3
|
|
|
|
|
- doveconf hides more secrets now in the default output
|
|
|
|
|
- NUL bytes in mail headers can cause truncated replies when fetched.
|
|
|
|
|
- virtual plugin: Some searches used 100% CPU for many seconds
|
|
|
|
|
- dsync assert-crashed with acl plugin in some situations.
|
|
|
|
|
- imapc: Fixed various assert-crashes when reconnecting to server.
|
|
|
|
|
* Mon Jun 17 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-8
|
|
|
|
|
- fix CVE-2019-3814: improper certificate validation (#1674370)
|
|
|
|
|
|
|
|
|
|
* Fri Jun 14 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-7
|
|
|
|
|
- do not print error message when restorecon is not present
|
|
|
|
|
during install (#1626395)
|
|
|
|
|
- change default config to use minimal UID = 1000 (#1630410)
|
|
|
|
|
|
|
|
|
|
* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-4
|
|
|
|
|
- fix dovecot-init service syntax error (#1635017)
|
|
|
|
|
* Mon Jun 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-6
|
|
|
|
|
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749)
|
|
|
|
|
|
|
|
|
|
* Mon Aug 13 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-3
|
|
|
|
|
- do not try to generate ssl-params as its obsolete (#1614640)
|
|
|
|
|
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-5
|
|
|
|
|
- make key not that bigger (#1618714)
|
|
|
|
|
|
|
|
|
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2.1-2
|
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
|
|
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-4
|
|
|
|
|
- generated key was too small (#1618714)
|
|
|
|
|
|
|
|
|
|
* Tue Jul 10 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-1
|
|
|
|
|
- SSL/TLS servers may have crashed during client disconnection
|
|
|
|
|
* Wed Sep 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-3
|
|
|
|
|
- fix global ACL directory configuration search path (#1630383)
|
|
|
|
|
- update first/last_valid_gid range patch (#1630410)
|
|
|
|
|
|
|
|
|
|
* Mon Jul 09 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2-1
|
|
|
|
|
- dovecot updated to 2.3.2, pigeonhole to 0.5.2
|
|
|
|
|
* Mon Jul 30 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-2
|
|
|
|
|
- fix defaut permissions of gost run files
|
|
|
|
|
|
|
|
|
|
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-2
|
|
|
|
|
- fix ftbfs - murmurhash3 check fail
|
|
|
|
|
* Thu Jun 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-1
|
|
|
|
|
- dovecot updated to 2.2.36, pigeonhole to 0.4.24
|
|
|
|
|
|
|
|
|
|
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-1
|
|
|
|
|
- dovecot updated to 2.3.1, pigeonhole updated to 0.5.1
|
|
|
|
|
* Thu May 24 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-3
|
|
|
|
|
- disable tcp_wrappers as it's not available in rhel8
|
|
|
|
|
|
|
|
|
|
* Tue Mar 27 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-3
|
|
|
|
|
- use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520)
|
|
|
|
|
* Thu Apr 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-2
|
|
|
|
|
- include crypt.h explicitely
|
|
|
|
|
|
|
|
|
|
* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-2
|
|
|
|
|
- add gcc buildrequire
|
|
|
|
|
* Wed Mar 21 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-1
|
|
|
|
|
- dovecot updated to 2.2.35, pigeonhole updated to 0.4.23
|
|
|
|
|
|
|
|
|
|
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-1
|
|
|
|
|
- dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1
|
|
|
|
|
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.34-1
|
|
|
|
|
- dovecot updated to 2.2.34, pigeonhole updated to 0.4.22
|
|
|
|
|
- fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive
|
|
|
|
|
memory usage, causing imap-login/pop3-login VSZ limit to be reached
|
|
|
|
|
and the process restarted. This happens only if Dovecot config has
|
|
|
|
|
local_name { } or local { } configuration blocks and attacker uses
|
|
|
|
|
randomly generated SNI servernames.
|
|
|
|
|
- fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or
|
|
|
|
|
leak memory contents to attacker. For example, these memory contents
|
|
|
|
|
might contain parts of an email from another user if the same imap
|
|
|
|
|
process is reused for multiple users.
|
|
|
|
|
- fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login
|
|
|
|
|
process.
|
|
|
|
|
|
|
|
|
|
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.2.33.2-5
|
|
|
|
|
- Escape macros in %%changelog
|
|
|
|
|