baserev update by copy to link target

• Files Changed
• Browse Source

- libsodium is not strictly required, it is only required for the
  argon password scheme. This is now no longer supported on sle12

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

add bugnumbers

• Files Changed
• Browse Source

- update to 2.3.11.3 and pigeonhole to 0.5.11
  Dovecot 2.3.11.3
  - pop3-login: Login didn't handle commands in multiple IP packets properly.
    This mainly affected large XCLIENT commands or a large SASL initial
    response parameter in the AUTH command.
  - pop3: pop3_deleted_flag setting was broken, causing:
    Panic: file seq-range-array.c: line 472 (seq_range_array_invert):
    assertion failed: (range[count-1].seq2 <= max_seq)
  Dovecot 2.3.11.2
  - auth: Lua passdb/userdb leaks stack elements per call, eventually
    causing the stack to become too deep and crashing the auth or
    auth-worker process.
  - lib-mail: v2.3.11 regression: MIME parts not returned correctly by
    Dovecot MIME parser.
  - pop3-login: Login would fail with "Input buffer full" if the initial
    response for SASL was too long.
  Dovecot 2.3.11
  * CVE-2020-12100: Parsing mails with a large number of MIME parts could
    have resulted in excessive CPU usage or a crash due to running out of
    stack memory.
  * CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
    message buffer size, which leads to reading past allocation which can
    lead to crash.
  * CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
    address that has the empty quoted string as local-part causes the lmtp
    service to crash.
  * CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
    zero-length message, which leads to assert-crash later on.
  * Events: Fix inconsistency in events. See event documentation in
    https://doc.dovecot.org.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update tls 1.3 patch to allow building with tls 1.0

• Files Changed
• Browse Source

- add bugnumbers

• Files Changed
• Browse Source

update to 2.3.10.1 with security fixes

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

Allow setting TLSv1.3 as minimum TLS version

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 2.3.10 and pigeonhole to 0.5.10
  Dovecot 2.3.10
  * Disable retpoline migitations by default. These can cause severe
    performance regressions, so they should be only enabled when
    applicable.
  * IMAP MOVE now commits transactions in batches of 1000 mails. This
    helps especially with lazy_expunge when moving a lot of mails. It
    mainly avoids situations where multiple IMAP sessions are running the
    same MOVE command and duplicating the mails in the lazy_expunge folder.
    With this change there can still be some duplication, but the MOVE
    always progresses forward. Also if the MOVE fails at some point, the
    changes up to the last 1000 mails are still committed instead of
    rolled back. Note that the COPY command behavior hasn't changed,
    because it is required by IMAP standard to be an atomic operation.
  * IMAP EXPUNGE and CLOSE now expunges mails in batches of 1000 mails.
    This helps especially with lazy_expunge when expunging a lot of mails
    (e.g. millions) to make sure that the progress always moves forward
    even if the process is killed.
  * Autoexpunging now expunges mails in batches of 1000 mails. This helps
    especially with lazy_expunge when expunging a lot of mails
    (e.g. millions) to make sure that the progress always moves forward
    even if the process is killed.
  + Add tool for generating sysreport called dovecot-sysreport.
    This generates a bundle of information usually needed for support
    requests.
  + Add support for the new IMAP \Important SPECIAL-USE flag (RFC 8457).
  + Add metric { group_by } setting. This allows automatically creating
    new metrics based on the fields you want to group statistics by.
    NOTE: This feature is considered experimental and syntax is subject
    to change in future release.
  + auth: Support SCRAM-SHA-256 authentication mechanism.
  + imap: Support the new IMAP STATUS=SIZE extension.
  + Use TCP_QUICKACK to reduce latency for some TCP connections.
  + quota-status: Made the service more robust against erroneous use with
    Postfix ACL policies other than smtpd_recipient_restrictions.
  + Add "revision" field support to imap_id_send setting. Using
    "revision *" will send in IMAP ID command response the short commit
    hash of the Dovecot git source tree HEAD (same as in dovecot --version).
  + IMAP ENVELOPE includes now all addresses when there are multiple
    headers (From, To, Cc, etc.) The standard way of having multiple
    addresses is to just list them all in a single header. It's
    non-standard to have multiple headers. However, since MTAs allow these
    mails to pass through and different software may handle them in
    different ways, it's better from security point of view to show all
    the addresses.
  + Event filters now support using "field_name=" to match a field that
    doesn't exist or has an empty value. For example use "error=" to match
    only events that didn't fail.
  - acl: INBOX ACLs shouldn't apply for IMAP GETMETADATA/SETMETADATA
    commands.
  - cassandra: CASS_ERROR_SERVER_WRITE_FAILURE error should also be
    treated as "uncertain write failure".
  - dict-redis: Using quota_clone configured with dict-redis could have
    crashed when Redis responded slowly.
  - fts-solr: The XML response parser fails to parse large/chunked responses
    correctly. This leads to spurious parse errors, most notably: "Error:
    fts_solr: received invalid uid '0'".
  - imap-hibernate: Communication trouble with imap-master leads to
    segfault.
  - imap-hibernate: Unhibernation retrying wasn't working.
  - imap: Fixed auth lookup privilege problem when imap process was reused
    and user was being un-hibernated.
  - Fix potential crash when copying/moving mails within the same folder.
    This happened only when there were a lot of fields in dovecot.index.cache.
  - lib-index: Recreating dovecot.index.cache file could have crashed when
    merging bitmask fields.
  - lib-index: Using public/shared folders with INDEXPVT configured to use
    private \Seen flags, trying to search seen/unseen in an empty folder
    crashes with segfault.
  - lib-mail: Large base64-encoded mails weren't decoded properly.
    This could have affected searching/indexing mails and message snippet
    generation.
  - lib-mail: Message with only quoted text could have caused message
    snippet to ignore its 200 character limit and return the entire
    message. This was added also to dovecot.index.cache file, which
    increased disk space and memory usage unnecessarily.
    v2.3.9.2 regression (previous versions cached the quoted snippet as
    empty). In a large mail quoted text could have become wrongly added
    to the snippet, possibly mixed together with non-quoted text.
  - lib-smtp: client could have assert-crashed if STARTTLS handshake
    finished earlier than usually.
  - lib-ssl-iostream: remove -static flag for lib-ssl-iostream linking to
    prevent a compile issue.
  - lib-storage: Mailbox synchronization may have assert-crashed in some
    rare situations.
  - lib-storage: mdbox didn't preserve date.saved with dsync.
  - lib: Don't require EAI_{ADDRFAMILY,NODATA}, breaks FreeBSD
  - master: Some services could respawn unthrottled if they crash during
    startup.
  - push-notification: Do not send push_notification_finished event if
    nothing was done. This happens when mail transaction is started and
    ended with no changes.
  - quota-status: Addresses with special characters in the local part caused
    problems in the interaction between Postfix and Dovecot. Postfix sent
    its own internal representation in the recipient field, while Dovecot
    expected a valid RFC5321 mailbox address.
  - submission-login: SESSION was not correctly encoded field for the
    XCLIENT command. Particularly, a '+' character introduced by the
    session ID's Base64 encoding causes problems.
  - submission: Fix submission_max_mail_size to work correctly on 32-bit
    systems.
  - submission: Trusted connections crashed in second connection's EHLO
    if submission-login { service_count } is something else than 1 (which
    is the default).
  - submission: XCLIENT command was never used in the protocol exchange
    with the relay MTA when submission_backend_capabilities is configured,
    even when the relay MTA was properly configured to accept the XCLIENT
    command.
  Pigeonhole 0.5.10
  * imap_sieve_filter: Change result action logging to include IMAP UID
  - vacation: Addresses were compared case-sensitively.
  

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update dovecot-2.3.0-dont_use_etc_ssl_certs.patch: since we
  change CERTDIR to /etc/ssl/private, it is rather evil to then err
  out claiming /etc/ssl/certs would not exist. The error message
  should mention the directory it tested for.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- update to 2.3.9.3
  * CVE-2020-7046: Truncated UTF-8 can be used to DoS
    submission-login and lmtp processes.
  * CVE-2020-7957: Specially crafted mail can crash snippet generation.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Adapt package changes in mysql-devel

• Files Changed
• Browse Source