Mailinglist Archive: opensuse-commit (1903 mails)

< Previous Next >
commit dovecot23 for openSUSE:Factory
Hello community,

here is the log from the commit of package dovecot23 for openSUSE:Factory
checked in at 2019-04-04 15:22:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old)
and /work/SRC/openSUSE:Factory/.dovecot23.new.3908 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dovecot23"

Thu Apr 4 15:22:16 2019 rev:16 rq:689340 version:2.3.5.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2019-02-06
14:07:26.686648974 +0100
+++ /work/SRC/openSUSE:Factory/.dovecot23.new.3908/dovecot23.changes
2019-04-04 15:27:27.338899173 +0200
@@ -1,0 +2,68 @@
+Thu Mar 28 12:36:55 UTC 2019 - Marcus Rueckert <mrueckert@xxxxxxx>
+
+- update to 2.3.5.1
+ * CVE-2019-7524: Missing input buffer size validation leads into
+ arbitrary buffer overflow when reading fts or pop3 uidl header
+ from Dovecot index. Exploiting this requires direct write
+ access to the index files.
+
+-------------------------------------------------------------------
+Fri Mar 8 18:09:00 UTC 2019 - Marcus Rueckert <mrueckert@xxxxxxx>
+
+- update to 2.3.5
+ + Lua push notification driver: mail keywords and flags are
+ provided in MessageNew and MessageAppend events.
+ + submission: Implement support for plugins.
+ + auth: When auth_policy_log_only=yes, only log what the policy
+ server response would do without actually doing it.
+ + auth: Always log policy server decisions with auth_verbose=yes
+ - v2.3.[34]: doveadm log errors: Output was missing user/session
+ - lda: Debug log lines could have shown slightly corrupted
+ - login proxy: Login processes may have crashed in various ways
+ when login_proxy_max_disconnect_delay was set.
+ - imap: Fix crash with Maildir+zlib if client disconnects during
+ APPEND
+ - lmtp proxy: Fix potential assert-crash
+ - lmtp/submission: Fix crash when SMTP client transaction times
+ out
+ - submission: Split large XCLIENT commands to 512 bytes per
+ command, so Postfix accepts them.
+ - submission: Fix crash when client sends invalid BURL command
+ - submission: relay backend: VRFY command: Avoid forwarding 500
+ and 502 replies back to client.
+ - lib-http: Fix potential assert-crash when DNS lookup fails
+ - lib-fts: Fix search query generation when one language ignores
+ a token (e.g. via stopwords).
+- update pigeonhole to 0.5.5
+ + IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting
+ which causes messages discarded by an IMAPSieve script to be
+ expunged immediately, rather than only being marked as
+ "\Deleted" (which is still the default behavior).
+ - IMAPSieve: Fix panic crash occurring when a COPY command copies
+ messages from a virtual mailbox where the source messages
+ originate from more than a single real mailbox.
+ - imap4flags extension: Fix deleting all keywords. When the
+ action resulted in all keywords being removed, no changes were
+ actually applied.
+ - variables extension: Fix truncation of UTF-8 variable content.
+ The maximum size of Sieve variables was enforced by truncating
+ the variable string content bluntly at the limit, but this does
+ not consider UTF-8 code point boundaries. This resulted in
+ broken UTF-8 strings. This problem also surfaced for variable
+ modifiers, such as the ":encodeurl" modifier provided by the
+ Sieve "enotify" extension. In that case, the resulting URI
+ escaping could also be truncated inappropriately.
+ - IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message.
+ Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context
+ that modify the message, stored the message a second time,
+ rather than replacing the originally stored unmodified message.
+ - Fix segmentation fault occurring when both the
+ sieve_extprograms plugin (for the Sieve interpreter) and the
+ imap_filter_sieve plugin (for IMAP) are loaded at the same
+ time. A symbol was defined by both plugins, causing a clash
+ when both were loaded.
+- drop patches which were backports
+ - 10048229...de42b54a.patch
+ - 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch
+
+-------------------------------------------------------------------

Old:
----
10048229...de42b54a.patch
3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch
dovecot-2.3-pigeonhole-0.5.4.tar.gz
dovecot-2.3-pigeonhole-0.5.4.tar.gz.sig
dovecot-2.3.4.1.tar.gz
dovecot-2.3.4.1.tar.gz.sig

New:
----
dovecot-2.3-pigeonhole-0.5.5.tar.gz
dovecot-2.3-pigeonhole-0.5.5.tar.gz.sig
dovecot-2.3.5.1.tar.gz
dovecot-2.3.5.1.tar.gz.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dovecot23.spec ++++++
--- /var/tmp/diff_new_pack.UGxRLu/_old 2019-04-04 15:27:32.458901144 +0200
+++ /var/tmp/diff_new_pack.UGxRLu/_new 2019-04-04 15:27:32.466901146 +0200
@@ -17,11 +17,11 @@


Name: dovecot23
-Version: 2.3.4.1
+Version: 2.3.5.1
Release: 0
%define pkg_name dovecot
-%define dovecot_version 2.3.4.1
-%define dovecot_pigeonhole_version 0.5.4
+%define dovecot_version 2.3.5.1
+%define dovecot_pigeonhole_version 0.5.5
%define dovecot_branch 2.3
%define dovecot_pigeonhole_source_dir
%{pkg_name}-%{dovecot_branch}-pigeonhole-%{dovecot_pigeonhole_version}
%define dovecot_pigeonhole_docdir %{_docdir}/%{pkg_name}/dovecot-pigeonhole
@@ -137,8 +137,6 @@
Source12: dovecot23.keyring
Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch
-Patch2: 10048229...de42b54a.patch
-Patch3: 3c5101ffdd2a8115e03ed7180d53578765dea4c9.patch
Summary: IMAP and POP3 Server Written Primarily with Security in Mind
License: BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers
@@ -318,8 +316,6 @@
%setup -q -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
-%patch2 -p1
-%patch3 -p1
gzip -9v ChangeLog
# Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir =
%{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf

++++++ dovecot-2.3-pigeonhole-0.5.4.tar.gz ->
dovecot-2.3-pigeonhole-0.5.5.tar.gz ++++++
++++ 4714 lines of diff (skipped)

++++++ dovecot-2.3-pigeonhole-0.5.4.tar.gz -> dovecot-2.3.5.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/dovecot23/dovecot-2.3-pigeonhole-0.5.4.tar.gz
/work/SRC/openSUSE:Factory/.dovecot23.new.3908/dovecot-2.3.5.1.tar.gz differ:
char 5, line 1



< Previous Next >
This Thread