Hello community,
here is the log from the commit of package dovecot
checked in at Mon Nov 6 22:47:46 CET 2006.
--------
--- dovecot/dovecot.changes 2006-10-19 17:31:37.000000000 +0200
+++ /mounts/work_src_done/STABLE/dovecot/dovecot.changes 2006-11-06 18:10:19.000000000 +0100
@@ -1,0 +2,49 @@
+Mon Nov 6 00:28:53 CET 2006 - mrueckert@suse.de
+
+- updated dovecot-1.0.rc12_auth+ldap_fixes.patch:
+ deliver now fetches $HOME from the /etc/passwd if not running as
+ root. That way deliver can be used from .forward.
+
+-------------------------------------------------------------------
+Sun Nov 5 20:43:09 CET 2006 - mrueckert@suse.de
+
+- update to version 1.0rc12:
+ | - rc11 didn't compile with some compilers
+ | - default_mail_env fallbacking was broken with --exec-mail
+- added dovecot-1.0.rc12_auth+ldap_fixes.patch:
+ a few small auth and ldap fixes from the 1.0 branch
+- rediffed dovecot-1.0.cvs_pie.patch
+
+-------------------------------------------------------------------
+Sun Nov 5 01:35:28 CET 2006 - mrueckert@suse.de
+
+- update to version 1.0rc11:
+ | * Renamed default_mail_env to mail_location. default_mail_env
+ | still works for backwards compatibility.
+ | * deliver: When sending rejects, don't include Content-Type in
+ | the rejected mail's headers.
+ | * LDAP changes:
+ | * If auth binds are used, bind back to the default dn
+ | before doing a search. Otherwise it could fail if a user
+ | gave an invalid password.
+ | * Initial binding at connect is now done asynchronously.
+ | * Use pass_attrs even with auth_bind=yes since it may
+ | contain useful non-password fields.
+ |
+ | + passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and
+ | PROTO=TCP environments to the checkpassword binary so we're
+ | UCSPI (and vchkpw) compatible.
+ | - mbox handling was a bit broken in rc10
+ | - Using Dovecot via inetd kept crashing dovecot master
+ | - deliver: Don't crash with -f "". Changed the default from
+ | envelope to be "MAILER-DAEMON".
+ | - INBOX wasn't shown with LSUB command if only prefixed
+ | namespaces were used.
+ | - passdb ldap: Reconnecting to LDAP server wasn't working with
+ | auth binds.
+ | - passdb sql: Non-plaintext authentication didn't work
+ | - MySQL passdb ignored all non-password checks, such as
+ | allow_nets
+ | - trash plugin was broken
+
+-------------------------------------------------------------------
Old:
----
dovecot-1.0.rc10.tar.gz
New:
----
dovecot-1.0.rc12.tar.gz
dovecot-1.0.rc12_auth+ldap_fixes.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dovecot.spec ++++++
--- /var/tmp/diff_new_pack.sp8sfi/_old 2006-11-06 22:45:40.000000000 +0100
+++ /var/tmp/diff_new_pack.sp8sfi/_new 2006-11-06 22:45:40.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package dovecot (Version 1.0.rc10)
+# spec file for package dovecot (Version 1.0.rc12)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -14,7 +14,7 @@
%define makeinstall make install DESTDIR=%{buildroot}
%define pkg_name dovecot
#
-Version: 1.0.rc10
+Version: 1.0.rc12
Release: 1
#
Group: Productivity/Networking/Email/Servers
@@ -42,6 +42,7 @@
Source4: %{pkg_name}.README.SuSE
Patch: dovecot-1.0.cvs_pie.patch
Patch1: dovecot-sieve.cvs_pie.patch
+Patch2: dovecot-1.0.rc12_auth+ldap_fixes.patch
#
Summary: IMAP and POP3 Server Written Primarily with Security in Mind
@@ -64,6 +65,7 @@
%setup -a 1
%patch
%patch1
+%patch2
%{__sed} -i -e 's|#ssl_disable = no|ssl_disable = yes|' %{pkg_name}-example.conf
%{__sed} -i -e 's|/usr/libexec|%{_libdir}|g' %{pkg_name}-example.conf
@@ -229,6 +231,46 @@
%dir %attr(0750, root, root) %{_var}/lib/%{pkg_name}/
%changelog -n dovecot
+* Mon Nov 06 2006 - mrueckert@suse.de
+- updated dovecot-1.0.rc12_auth+ldap_fixes.patch:
+ deliver now fetches $HOME from the /etc/passwd if not running as
+ root. That way deliver can be used from .forward.
+* Sun Nov 05 2006 - mrueckert@suse.de
+- update to version 1.0rc12:
+ | - rc11 didn't compile with some compilers
+ | - default_mail_env fallbacking was broken with --exec-mail
+- added dovecot-1.0.rc12_auth+ldap_fixes.patch:
+ a few small auth and ldap fixes from the 1.0 branch
+- rediffed dovecot-1.0.cvs_pie.patch
+* Sun Nov 05 2006 - mrueckert@suse.de
+- update to version 1.0rc11:
+ | * Renamed default_mail_env to mail_location. default_mail_env
+ | still works for backwards compatibility.
+ | * deliver: When sending rejects, don't include Content-Type in
+ | the rejected mail's headers.
+ | * LDAP changes:
+ | * If auth binds are used, bind back to the default dn
+ | before doing a search. Otherwise it could fail if a user
+ | gave an invalid password.
+ | * Initial binding at connect is now done asynchronously.
+ | * Use pass_attrs even with auth_bind=yes since it may
+ | contain useful non-password fields.
+ |
+ | + passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and
+ | PROTO=TCP environments to the checkpassword binary so we're
+ | UCSPI (and vchkpw) compatible.
+ | - mbox handling was a bit broken in rc10
+ | - Using Dovecot via inetd kept crashing dovecot master
+ | - deliver: Don't crash with -f "". Changed the default from
+ | envelope to be "MAILER-DAEMON".
+ | - INBOX wasn't shown with LSUB command if only prefixed
+ | namespaces were used.
+ | - passdb ldap: Reconnecting to LDAP server wasn't working with
+ | auth binds.
+ | - passdb sql: Non-plaintext authentication didn't work
+ | - MySQL passdb ignored all non-password checks, such as
+ | allow_nets
+ | - trash plugin was broken
* Tue Oct 17 2006 - mrueckert@suse.de
- synced in the change from Andreas Schwab to build with newer
autotools. slightly modified it to work on older distributions.
@@ -341,9 +383,9 @@
| hopefully fixes the occational hangs with it
| - Several fixes to handling LIST command more correctly.
- additional changes from v1.0.rc5
-- Saving to mboxes still caused assert-crashes
+ - Saving to mboxes still caused assert-crashes
- additional changes from v1.0.rc4
-- Saving to mboxes caused assert-crashes
+ - Saving to mboxes caused assert-crashes
- additional changes from v1.0.rc3
| - SSL connections hanged sometimes, especially when saving messages.
| - mbox: Mail bodies were saved with CR+LF linefeeds
++++++ dovecot-1.0.cvs_pie.patch ++++++
--- /var/tmp/diff_new_pack.sp8sfi/_old 2006-11-06 22:45:40.000000000 +0100
+++ /var/tmp/diff_new_pack.sp8sfi/_new 2006-11-06 22:45:40.000000000 +0100
@@ -2,7 +2,7 @@
===================================================================
--- configure.in.orig
+++ configure.in
-@@ -28,6 +28,15 @@
+@@ -29,6 +29,15 @@
fi,
want_ipv6=yes)
@@ -16,9 +16,9 @@
+ want_pie=no)
+
AC_ARG_ENABLE(debug,
- [ --enable-debug Enable some extra checks for debugging],
+ [ --enable-debug Enable some extra expensive checks for developers],
if test x$enableval = xyes; then
-@@ -1665,6 +1674,29 @@
+@@ -1754,6 +1763,29 @@
])
AM_CONDITIONAL(BUILD_ZLIB, test "$have_zlib" = "yes")
++++++ dovecot-1.0.rc10.tar.gz -> dovecot-1.0.rc12.tar.gz ++++++
++++ 2679 lines of diff (skipped)
++++++ dovecot-1.0.rc12_auth+ldap_fixes.patch ++++++
Index: ChangeLog
===================================================================
--- ChangeLog.orig
+++ ChangeLog
@@ -1,3 +1,47 @@
+2006-11-05 20:47 Timo Sirainen
+
+ * src/deliver/deliver.c: If we're executing as a normal system
+ user, get the HOME environment from passwd if it's not set. This
+ makes it possible to run deliver from .forward.
+
+2006-11-05 20:12 Timo Sirainen
+
+ * src/lib-storage/index/index-fetch.h: This file hasn't been used
+ for a long time.
+
+2006-11-05 17:55 Timo Sirainen
+
+ * src/master/master-settings.c: If both mail_location and
+ default_mail_env are set in the config file, give an error.
+
+2006-11-05 17:30 Timo Sirainen
+
+ * doc/dovecot-ldap.conf: Comment updates
+
+2006-11-05 16:38 Timo Sirainen
+
+ * doc/: dovecot-ldap.conf, dovecot-sql.conf: Added comments that
+ the files should be owned by root and 0600. Some cleanups to
+ dovecot-ldap.conf.
+
+2006-11-05 16:12 Timo Sirainen
+
+ * src/auth/auth-request-handler.c: Don't send "pass" back if it's
+ already set, or if it's not known.
+
+2006-11-05 16:01 Timo Sirainen
+
+ * dovecot-example.conf: Added missing imap_capability setting.
+
+2006-11-05 15:51 Timo Sirainen
+
+ * src/auth/auth-request.c: If proxy is returned, set also no_login
+ automatically, since it's always wanted in such case anyway.
+
+2006-11-05 11:25 Timo Sirainen
+
+ * NEWS, configure.in: Released 1.0.rc12
+
2006-11-05 10:58 Timo Sirainen
* src/master/master-settings.c: default_mail_env fallbacking was
Index: doc/dovecot-ldap.conf
===================================================================
--- doc/dovecot-ldap.conf.orig
+++ doc/dovecot-ldap.conf
@@ -1,5 +1,7 @@
-# NOTE: If you're not using authentication binds (which is default), you'll
-# have to give dovecot-auth read access to userPassword field in LDAP server
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# NOTE: If you're not using authentication binds, you'll need to give
+# dovecot-auth read access to userPassword field in the LDAP server.
# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
# already be something like this:
@@ -71,12 +73,13 @@
# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
-# home: Home directory
-# mail: MAIL environment
-# system_user: System user name (for getting user's groups from /etc/group)
-# - For virtual users you don't want to use this, so this defaults to none.
-# uid: System user ID
-# gid: System group ID
+# uid - System UID
+# gid - System GID
+# home - Home directory
+# mail - Mail location
+#
+# There are also other special fields which can be returned, see
+# http://wiki.dovecot.org/UserDatabase/ExtraFields
#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
# Filter for user lookup. Some variables can be used (see
@@ -90,6 +93,8 @@
# user: Virtual user name (user@domain), if you wish to change the
# user-given username to something else
# password: Password, may optionally start with {type}, eg. {crypt}
+# There are also other special fields which can be returned, see
+# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
#pass_attrs = uid=user,userPassword=password
# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
Index: doc/dovecot-sql.conf
===================================================================
--- doc/dovecot-sql.conf.orig
+++ doc/dovecot-sql.conf
@@ -1,3 +1,5 @@
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
# For the sql passdb module, you'll need a database with a table that
# contains fields for at least the userid and password. If you want to
# use the user@domain syntax, you might want to have a separate domain
@@ -54,7 +56,8 @@
# Default password scheme.
#
-# List of supported schemes is in: http://wiki.dovecot.org/Authentication
+# List of supported schemes is in
+# http://wiki.dovecot.org/Authentication/PasswordSchemes
#
#default_pass_scheme = PLAIN-MD5
@@ -62,7 +65,7 @@
#
# This query must return only one row with "user" and "password" columns.
# The query can also return other fields which have a special meaning, see
-# http://wiki.dovecot.org/AuthSpecials
+# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
#
# The "user" column is needed to make sure the username gets used with exactly
# the same casing as it's in the database. Note that if you store username and
@@ -87,15 +90,16 @@
# Query to retrieve the user information.
#
-# The query must return only one row. The columns to return are:
-# home - Home directory
-# mail - MAIL environment
-# system_user - System user name (for getting user's groups from /etc/group)
+# The query must return only one row. Commonly returned columns are:
# uid - System UID
# gid - System GID
+# home - Home directory
+# mail - Mail location
#
# Either home or mail is required. uid and gid are required. If more than one
-# row is returned or there's missing fields, login will automatically fail.
+# row is returned or there are missing fields, the login will fail. For a list
+# of all fields that can be returned, see
+# http://wiki.dovecot.org/UserDatabase/ExtraFields
#
# Examples
# user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d'
Index: dovecot-example.conf
===================================================================
--- dovecot-example.conf.orig
+++ dovecot-example.conf
@@ -509,6 +509,9 @@
# Many clients however don't understand it and ask the CAPABILITY anyway.
#login_greeting_capability = no
+ # Override the IMAP CAPABILITY response.
+ #imap_capability =
+
# Workarounds for various client bugs:
# delay-newmail:
# Send EXISTS/RECENT new mail notifications only when replying to NOOP
@@ -761,6 +764,7 @@
# database (passwd usually), you can use static userdb.
# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
# authentication to actually work.
+ # http://wiki.dovecot.org/PasswordDatabase/PAM
passdb pam {
# [session=yes] [setcred=yes] [cache_key=<key>] [<service name>]
#
@@ -793,16 +797,18 @@
# /etc/passwd or similar, using getpwnam()
# In many systems nowadays this uses Name Service Switch, which is
- # configured in /etc/nsswitch.conf. WARNING: nss_ldap is known to be broken
- # with Dovecot. Don't use it, or users might log in as each others!
+ # configured in /etc/nsswitch.conf.
+ # http://wiki.dovecot.org/AuthDatabase/Passwd
#passdb passwd {
#}
# /etc/shadow or similiar, using getspnam(). Deprecated by PAM nowadays.
+ # http://wiki.dovecot.org/PasswordDatabase/Shadow
#passdb shadow {
#}
- # BSD authentication. Used by at least OpenBSD.
+ # PAM-like authentication for OpenBSD.
+ # http://wiki.dovecot.org/PasswordDatabase/BSDAuth
#passdb bsdauth {
# [cache_key=<key>] - See cache_key in PAM for explanation.
#args =
@@ -849,7 +855,9 @@
# /etc/passwd or similar, using getpwnam()
# In many systems nowadays this uses Name Service Switch, which is
- # configured in /etc/nsswitch.conf.
+ # configured in /etc/nsswitch.conf. WARNING: nss_ldap is known to be broken
+ # with Dovecot. Don't use it, or users might log in as each others!
+ # http://wiki.dovecot.org/AuthDatabase/Passwd
userdb passwd {
}
Index: src/auth/auth-request.c
===================================================================
--- src/auth/auth-request.c.orig
+++ src/auth/auth-request.c
@@ -846,6 +846,7 @@
/* we're proxying authentication for this user. send
password back if using plaintext authentication. */
request->proxy = TRUE;
+ request->no_login = TRUE;
value = NULL;
}
Index: src/auth/auth-request-handler.c
===================================================================
--- src/auth/auth-request-handler.c.orig
+++ src/auth/auth-request-handler.c
@@ -111,6 +111,7 @@
string_t *str;
const char **fields, *extra_fields;
unsigned int src, dest;
+ bool seen_pass = FALSE;
extra_fields = request->extra_fields == NULL ? NULL :
auth_stream_reply_export(request->extra_fields);
@@ -125,20 +126,23 @@
}
str = t_str_new(128);
- if (request->proxy) {
- /* we're proxying - send back the password that was
- sent by user (not the password in passdb). */
- str_printfa(str, "pass=%s", request->mech_password);
- }
-
fields = t_strsplit(extra_fields, "\t");
for (src = dest = 0; fields[src] != NULL; src++) {
if (strncmp(fields[src], "userdb_", 7) != 0) {
if (str_len(str) > 0)
str_append_c(str, '\t');
+ if (!seen_pass && strncmp(fields[src], "pass=", 5) == 0)
+ seen_pass = TRUE;
str_append(str, fields[src]);
}
}
+
+ if (request->proxy && !seen_pass && request->mech_password != NULL) {
+ /* we're proxying - send back the password that was
+ sent by user (not the password in passdb). */
+ str_printfa(str, "pass=%s", request->mech_password);
+ }
+
return str_len(str) == 0 ? NULL : str_c(str);
}
Index: src/deliver/deliver.c
===================================================================
--- src/deliver/deliver.c.orig
+++ src/deliver/deliver.c
@@ -462,13 +462,15 @@
if (destination != NULL)
user = destination;
else if (process_euid != 0) {
- /* we're non-root. get our username. */
+ /* we're non-root. get our username and possibly our home. */
struct passwd *pw;
pw = getpwuid(process_euid);
- if (pw != NULL)
+ if (pw != NULL) {
user = t_strdup(pw->pw_name);
- else {
+ if (getenv("HOME") == NULL)
+ env_put(t_strconcat("HOME=", pw->pw_dir, NULL));
+ } else {
i_fatal("Couldn't lookup our username (uid=%s)",
dec2str(process_euid));
}
Index: src/master/master-settings.c
===================================================================
--- src/master/master-settings.c.orig
+++ src/master/master-settings.c
@@ -874,6 +874,10 @@
if (*set->mail_location == '\0') {
/* keep this for backwards compatibility */
set->mail_location = set->default_mail_env;
+ } else if (*set->default_mail_env != '\0') {
+ i_error("Both mail_location and default_mail_env set. "
+ "Use only one of them.");
+ return FALSE;
}
return nochecks ? TRUE : settings_verify(set);
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org