Hello community, here is the log from the commit of package dovecot22 for openSUSE:Factory checked in at 2017-07-04 09:11:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot22 (Old) and /work/SRC/openSUSE:Factory/.dovecot22.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot22" Tue Jul 4 09:11:13 2017 rev:31 rq:507795 version:2.2.31 Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot22/dovecot22.changes 2017-06-28 10:36:52.666357270 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot22.new/dovecot22.changes 2017-07-04 09:11:30.693182653 +0200 @@ -1,0 +2,20 @@ +Mon Jul 3 11:09:39 UTC 2017 - mrueck...@suse.de + +- added de5d6bb50931ea243f582ace5a31abb11b619ffe.patch: + Do not attempt to deinitialize backend if it's not set + +------------------------------------------------------------------- +Mon Jul 3 10:45:21 UTC 2017 - mrueck...@suse.de + +- Fix notify extension + (https://www.dovecot.org/pipermail/dovecot/2017-June/108474.html) + bcb321bc62117d30bc53a872ca1154c0100aeefd.patch + 8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch + +------------------------------------------------------------------- +Tue Jun 27 10:51:08 UTC 2017 - mrueck...@suse.de + +- update dovecot-2.2.31-dhparams_fips_mode.patch to also work with + libressl + +------------------------------------------------------------------- New: ---- 8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch bcb321bc62117d30bc53a872ca1154c0100aeefd.patch de5d6bb50931ea243f582ace5a31abb11b619ffe.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot22.spec ++++++ --- /var/tmp/diff_new_pack.PxHMb9/_old 2017-07-04 09:11:31.861018425 +0200 +++ /var/tmp/diff_new_pack.PxHMb9/_new 2017-07-04 09:11:31.861018425 +0200 @@ -129,6 +129,9 @@ Patch: dovecot-2.2.18-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.2.18-better_ssl_defaults.patch Patch2: dovecot-2.2.31-dhparams_fips_mode.patch +Patch3: bcb321bc62117d30bc53a872ca1154c0100aeefd.patch +Patch4: 8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch +Patch5: de5d6bb50931ea243f582ace5a31abb11b619ffe.patch Summary: IMAP and POP3 Server Written Primarily with Security in Mind License: BSD-3-Clause and LGPL-2.1+ and MIT Group: Productivity/Networking/Email/Servers @@ -309,6 +312,9 @@ %patch -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 %{__gzip} -9v ChangeLog # Fix plugins dir. %{__sed} -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++++++ 8b2d740b8182c63b76ff7ef0dd5e01710228705a.patch ++++++ commit 8b2d740b8182c63b76ff7ef0dd5e01710228705a Author: Timo Sirainen <timo.sirai...@dovecot.fi> Date: Fri Jun 30 17:51:34 2017 +0300 imap: Add more error checking to NOTIFY parameter parsing This should make it clearer to realize when invalid syntax is being used rather than just ignoring the problem. diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c index 7d3fd60c7..641c1d7b1 100644 --- a/src/imap/cmd-notify.c +++ b/src/imap/cmd-notify.c @@ -41,6 +41,8 @@ static int cmd_notify_parse_fetch(struct imap_notify_context *ctx, const struct imap_arg *list) { + if (list->type == IMAP_ARG_EOL) + return -1; /* at least one attribute must be set */ return imap_fetch_att_list_parse(ctx->client, ctx->pool, list, &ctx->fetch_ctx, &ctx->error); } @@ -59,11 +61,17 @@ cmd_notify_set_selected(struct imap_notify_context *ctx, strcasecmp(str, "NONE") == 0) { /* no events for selected mailbox. this is also the default when NOTIFY command doesn't specify it explicitly */ + if (events[1].type != IMAP_ARG_EOL) + return -1; /* no extra parameters */ return 0; } if (!imap_arg_get_list(events, &list)) return -1; + if (events[1].type != IMAP_ARG_EOL) + return -1; /* no extra parameters */ + if (list->type == IMAP_ARG_EOL) + return -1; /* at least one event */ for (; list->type != IMAP_ARG_EOL; list++) { if (cmd_notify_parse_event(list, &event) < 0) @@ -322,6 +330,15 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) if (event_group->type == IMAP_ARG_EOL) return -1; mailboxes = event_group++; + /* check that the mailboxes parameter is valid */ + if (IMAP_ARG_IS_ASTRING(mailboxes)) + ; + else if (!imap_arg_get_list(mailboxes, &list)) + return -1; + else if (list->type == IMAP_ARG_EOL) { + /* should have at least one mailbox */ + return -1; + } } else { mailboxes = NULL; } ++++++ bcb321bc62117d30bc53a872ca1154c0100aeefd.patch ++++++ commit bcb321bc62117d30bc53a872ca1154c0100aeefd Author: Timo Sirainen <timo.sirai...@dovecot.fi> Date: Fri Jun 30 17:33:15 2017 +0300 imap: Fix NOTIFY parameter parsing by reverting earlier change I misread the RFC and wrote broken tests. Reverts 64d2efdc4b0bdf92249840e9db89b91c8dc0f3a3 diff --git a/src/imap/cmd-notify.c b/src/imap/cmd-notify.c index abba01785..7d3fd60c7 100644 --- a/src/imap/cmd-notify.c +++ b/src/imap/cmd-notify.c @@ -292,10 +292,10 @@ cmd_notify_set(struct imap_notify_context *ctx, const struct imap_arg *args) ctx->send_immediate_status = TRUE; args++; } + for (; args->type != IMAP_ARG_EOL; args++) { + if (!imap_arg_get_list(args, &event_group)) + return -1; - if (!imap_arg_get_list(args, &event_group)) - return -1; - for (; event_group->type != IMAP_ARG_EOL; event_group++) { /* filter-mailboxes */ if (!imap_arg_get_atom(event_group, &filter_mailboxes)) return -1; ++++++ de5d6bb50931ea243f582ace5a31abb11b619ffe.patch ++++++ >From de5d6bb50931ea243f582ace5a31abb11b619ffe Mon Sep 17 00:00:00 2001 From: Aki Tuomi <aki.tu...@dovecot.fi> Date: Wed, 17 May 2017 12:26:42 +0300 Subject: [PATCH] fts: Do not attempt to deinitialize backend if it's not set If FTS backend initialization fails or does not happen, flist->backend might end up being NULL, and attempt to deinitialize NULL won't end well. --- src/plugins/fts/fts-storage.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/plugins/fts/fts-storage.c b/src/plugins/fts/fts-storage.c index 32a49ade0..370ec8680 100644 --- a/src/plugins/fts/fts-storage.c +++ b/src/plugins/fts/fts-storage.c @@ -830,7 +830,8 @@ static void fts_mailbox_list_deinit(struct mailbox_list *list) { struct fts_mailbox_list *flist = FTS_LIST_CONTEXT(list); - fts_backend_deinit(&flist->backend); + if (flist->backend != NULL) + fts_backend_deinit(&flist->backend); flist->module_ctx.super.deinit(list); } ++++++ dovecot-2.2.31-dhparams_fips_mode.patch ++++++ --- /var/tmp/diff_new_pack.PxHMb9/_old 2017-07-04 09:11:31.985000990 +0200 +++ /var/tmp/diff_new_pack.PxHMb9/_new 2017-07-04 09:11:31.985000990 +0200 @@ -1,17 +1,19 @@ diff --git a/src/lib-ssl-iostream/iostream-openssl-params.c b/src/lib-ssl-iostream/iostream-openssl-params.c -index 5fdaa30de..edfc81ac3 100644 +index 5fdaa30de..576915371 100644 --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c -@@ -44,9 +44,14 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) +@@ -44,9 +44,16 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length, const char **error_r) { - if (generate_dh_parameters(512, output, error_r) < 0) + unsigned int minimal_dh_size = 512; ++ #ifdef OPENSSL_FIPS + if (FIPS_mode() > 0) { + minimal_dh_size = 2048; + i_warning("FIPS mode detected. Setting minimum DH params size from 512 to 2048. Accepting SSL connections after first start might take longer."); + }; ++ #endif + if (generate_dh_parameters(minimal_dh_size, output, error_r) < 0) return -1; - if (dh_length != 512) {