# Detect the distribution in use %global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' %global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' %global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) %global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) %global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) # Identify CentOS Linux and Scientific Linux as rhel %if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" %global __distinit rhel %endif # Dist tag for Fedora is still "fc" %if "%{__distinit}" == "f" %global __distinit fc %endif # Define prerel for betas, release candidates etc. #global prerel rc7 # Remember to bump dovecot_release and sieve_release with every release %global dovecot_epoch 1 %global dovecot_version 2.2.36.4 %global dovecot_release %{?prerel:0.}2.0%{?prerel:.%{prerel}}.cf.%{__distinit}%{__distvers} %global sieve_epoch 3 %global sieve_version 0.4.24.2 %global sieve_release 2.0.cf.%{__distinit}%{__distvers} %global manage_sieve_epoch %{sieve_epoch} %global manage_sieve_version %{sieve_version} %global manage_sieve_release %{sieve_release} %global pigeonhole_dir dovecot-2.2-pigeonhole-%{sieve_version} # Need to tweak dependencies differently if we have rpm 4.9 onwards %global rpm49 %(rpm --version | perl -p -e 's/^.* (\\d+)\\.(\\d+).*/sprintf("%d.%03d",$1,$2) ge 4.009 ? 1 : 0/e' 2>/dev/null || echo 0) # Use systemd activation from Fedora 15 %if "%{__distinit}" == "fc" && %{__distvers} >= 15 %global use_systemd 1 %endif %if "%{__distinit}" == "rhel" && %{__distvers} >= 7 %global use_systemd 1 %endif # clucene-core-devel ≥ 2.3 needed for lucene plugin %if "%{__distinit}" == "fc" && %{__distvers} >= 16 %global build_lucene 1 %endif %if "%{__distinit}" == "rhel" && %{__distvers} >= 7 %global build_lucene 1 %endif # Use private /tmp from Fedora 17 %if "%{__distinit}" == "fc" && %{__distvers} >= 18 %global private_tmp 1 %endif %if "%{__distinit}" == "rhel" && %{__distvers} >= 7 %global private_tmp 1 %endif # Use system crypto policy from Fedora 21 %if "%{__distinit}" == "fc" && %{__distvers} >= 21 %global system_crypto_policy 1 %endif %if "%{__distinit}" == "rhel" && %{__distvers} >= 8 %global system_crypto_policy 1 %endif # Use systemd ProtectSystem=full from Fedora 22 %if "%{__distinit}" == "fc" && %{__distvers} >= 22 %global systemd_protect_system 1 %endif %if "%{__distinit}" == "rhel" && %{__distvers} >= 8 %global systemd_protect_system 1 %endif # ECC support only available in OpenSSL from Fedora 18, RHEL-6 onwards %if "%{__distinit}" == "fc" && %{__distvers} >= 18 %global openssl_ecc_support 1 %endif %if "%{__distinit}" == "rhel" && %{__distvers} >= 6 %global openssl_ecc_support 1 %endif # This macro only defined by default around Fedora 18 time %{!?_tmpfilesdir:%global _tmpfilesdir %{_prefix}/lib/tmpfiles.d} # Don't build with tcp_wrappers support from Fedora 28 onwards %if ( "%{__distinit}" == "fc" && %{__distvers} < 28 ) || ( "%{__distinit}" == "rhel" && %{__distvers} < 8 ) %global mysql_devel mysql-devel %else %global mysql_devel mariadb-connector-c-devel %endif # Don't build with tcp_wrappers support from Fedora 28 onwards %if "%{__distinit}" == "fc" && %{__distvers} < 28 %global tcp_wrappers_support 1 %endif %if "%{__distinit}" == "rhel" && %{__distvers} < 8 %global tcp_wrappers_support 1 %endif # Move to unversioned documentation directories from F-20 # https://fedoraproject.org/wiki/Changes/UnversionedDocdirs %{!?_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} # Flag file used during package updates %global restart_flag %{_localstatedir}/run/dovecot/dovecot-restart-after-rpm-install Summary: Dovecot IMAP server Name: dovecot Epoch: %{dovecot_epoch} Version: %{dovecot_version} Release: %{dovecot_release} # dovecot itself is MIT, a few sources are PD License: MIT and LGPLv2 URL: http://www.dovecot.org/ Source0: http://www.dovecot.org/releases/2.2/dovecot-%{dovecot_version}%{?prerel:.%{prerel}}.tar.gz Source8: http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-%{sieve_version}.tar.gz Source1: dovecot.init Source2: dovecot.pam Source3: dovecot.sysconfig # Cope with /var/run on tmpfs Source10: dovecot.tmpfilesd # Our own Source14: dovecot.conf.5 # Wait for network Patch6: dovecot-2.2.21-waitonline.patch Source15: prestartscript # Fedora / RHEL patches Patch1: dovecot-2.0-defaultconfig.patch Patch2: dovecot-1.0.beta2-mkcert-permissions.patch Patch9: dovecot-2.2.28-systemd_w_protectsystem.patch Patch10: dovecot-2.2-gidcheck.patch Patch11: dovecot-2.2.36-aclfix.patch # Upstream patches # (none) # Local patches Patch500: dovecot-2.2.35-SSLDIR.patch Patch505: dovecot-2.2.27-crypto-policy.patch Patch506: dovecot-2.2.22-privatetmp.patch BuildRequires: bzip2-devel %if 0%{?build_lucene} BuildRequires: clucene-core-devel >= 2.3 %endif BuildRequires: coreutils BuildRequires: findutils BuildRequires: gcc-c++ BuildRequires: expat-devel %{?el6:< 2.1} BuildRequires: krb5-devel >= 1.3 BuildRequires: libcap-devel BuildRequires: libcurl-devel BuildRequires: %{mysql_devel} BuildRequires: openldap-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: perl-interpreter BuildRequires: pkgconfig BuildRequires: postgresql-devel BuildRequires: quota-devel BuildRequires: sed BuildRequires: sqlite-devel %if 0%{?tcp_wrappers_support} BuildRequires: tcp_wrappers-devel %endif BuildRequires: xz-devel BuildRequires: zlib-devel # openssl needed for mkcert.sh Requires: openssl %if 0%{?use_systemd:1} BuildRequires: systemd-units Requires: systemd Requires(postun): systemd %else Requires: initscripts Requires(postun): initscripts, /sbin/chkconfig Requires(preun): /sbin/chkconfig %endif # Old packages merged into dovecot Obsoletes: dovecot-sqlite < %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} Obsoletes: dovecot-ldap < %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} Obsoletes: dovecot-gssapi < %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} Provides: dovecot-sqlite = %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} Provides: dovecot-ldap = %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} Provides: dovecot-gssapi = %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} Requires(pre): shadow-utils Requires(post): openssl # Avoid doc-file dependencies and provides (rpm 4.9 onwards) %global __requires_exclude_from ^%{_docdir} %global __provides_exclude_from ^%{_docdir} %global docdir %{_pkgdocdir} %global dovecot_uid 97 %global dovecot_gid 97 %description Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either maildir or mbox formats. %package devel Summary: Headers and configuration script needed for building plug-ins Requires: dovecot = %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} # The devel package needs to require the same packages as the main package buildrequires Requires: gcc-c++, openssl-devel, openldap-devel, pam-devel, pkgconfig, zlib-devel Requires: %{mysql_devel} %if 0%{?tcp_wrappers_support} Requires: tcp_wrappers-devel %endif %description devel This package provides header files and configuration scripts required for building plug-ins for the dovecot IMAP/POP3 server. %package pigeonhole Summary: Sieve and Managesieve plug-in for dovecot URL: http://pigeonhole.dovecot.org/ License: LGPLv2 Requires: dovecot = %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} # Old packages merged into pigeonhole Obsoletes: dovecot-sieve < %{sieve_epoch}:%{sieve_version}-%{sieve_release} Obsoletes: dovecot-managesieve < %{manage_sieve_epoch}:%{manage_sieve_version}-%{manage_sieve_release} Provides: dovecot-sieve = %{sieve_epoch}:%{sieve_version}-%{sieve_release} Provides: dovecot-managesieve = %{manage_sieve_epoch}:%{manage_sieve_version}-%{manage_sieve_release} %description pigeonhole This package provides the sieve and managesieve plug-ins (version %{sieve_version}) for dovecot LDA. %package pgsql Summary: Postgres SQL back end for dovecot Requires: dovecot = %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} %description pgsql This package provides the Postgres SQL back end for dovecot-auth etc. %package mysql Summary: MySQL back end for dovecot Requires: dovecot = %{dovecot_epoch}:%{dovecot_version}-%{dovecot_release} %description mysql This package provides the MySQL back end for dovecot-auth etc. %prep %setup -q -n dovecot-%{dovecot_version}%{?prerel:.%{prerel}} -a 8 %patch1 -p1 -b .default-settings %patch2 -p1 -b .mkcert-permissions %patch6 -p1 -b .waitonline # Use ProtectSystem=full from f22 onwards # Introduced in systemd 214 %if 0%{?systemd_protect_system} %patch9 -b .systemd_w_protectsystem %endif # Fix regression in Global ACL directory (#1630380) # https://dovecot.org/list/dovecot/2018-September/112938.html %patch11 -p1 -b .aclfix # Setting first_valid_gid/last_valid_gid lead to (wrong) error messages (#1280436) %patch10 -p1 -b .gidcheck # Fix lucene include path %if 0%{?build_lucene} sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in %endif # SSL certificates are in /etc/pki %patch500 sed -i -e 's#@SSLDIR@#%{_sysconfdir}/pki/dovecot#g' doc/example-config/conf.d/10-ssl.conf doc/mkcert.sh # Use system crypto policy from Fedora 21 onwards %if 0%{?system_crypto_policy} %patch505 -b .crypt %endif # Only use private /tmp from Fedora 18 %if ! 0%{?private_tmp} %patch506 -p1 -b .privatetmp %endif # PAM Configuration cp -p %{SOURCE2} . # Copy in dovecot.conf manpage cp -p %{SOURCE14} . # Remove spurious exec permissions from source files find src -name '*.c' -print0 | xargs -0 chmod -c 644 # If we have rpm < 4.9, we need to filter out the perl provides/requires ourselves # These all come from the documentation/examples %if ! %{rpm49} %global __perl_provides /bin/true %global __perl_requires /bin/true %endif %build # Required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules export CFLAGS="%{optflags} -fno-strict-aliasing" # Harden the build if supported %if 0%{?fedora} > 15 || 0%{?rhel} > 6 %global _hardened_build 1 export CFLAGS="%{__global_cflags} -fno-strict-aliasing" export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{__global_ldflags}" %endif %configure \ INSTALL_DATA="install -c -p -m644" \ --docdir=%{docdir} \ --disable-dependency-tracking \ --disable-rpath \ --disable-static \ --with-bzlib \ --with-docs \ --with-gssapi=plugin \ --with-ldap=plugin \ --with-libcap \ %{?tcp_wrappers_support:--with-libwrap} \ %{?build_lucene: --with-lucene} \ --with-mysql \ --with-nss \ --with-pam \ --with-pgsql \ --with-shadow \ --with-solr \ --with-sqlite \ --with-sql=plugin \ --with-ssl=openssl \ --with-ssldir=%{_sysconfdir}/pki/dovecot \ %{?use_systemd: --with-systemdsystemunitdir=%{_unitdir}} \ --with-zlib make %{?_smp_mflags} # Pigeonhole cd %{pigeonhole_dir} %configure \ INSTALL_DATA="install -c -p -m644" \ --disable-static \ --with-dovecot=../ make %{?_smp_mflags} cd - %install # Install dovecot make install DESTDIR=%{buildroot} # We'll package the dovecot documentation ourselves mv %{buildroot}%{docdir} $(pwd)/dovecot-docs # Install Pigeonhole cd %{pigeonhole_dir} make install DESTDIR=%{buildroot} cd - # We'll package the pigeonhole documentation ourselves too mv %{buildroot}%{docdir} $(pwd)/pigeonhole-docs cd %{pigeonhole_dir} ln AUTHORS ChangeLog %{!?_licensedir:COPYING COPYING.LGPL} INSTALL NEWS README ../pigeonhole-docs/ cd - # Create state directories with appropriate permissions mkdir -p %{buildroot}%{_localstatedir}/run/dovecot/empty chmod 755 %{buildroot}%{_localstatedir}/run/dovecot chmod 755 %{buildroot}%{_localstatedir}/run/dovecot/empty mkdir -p %{buildroot}%{_localstatedir}/run/dovecot/login chmod 750 %{buildroot}%{_localstatedir}/run/dovecot/login mkdir -p %{buildroot}%{_localstatedir}/run/dovecot/token-login chmod 750 %{buildroot}%{_localstatedir}/run/dovecot/token-login mkdir -p %{buildroot}%{_localstatedir}/lib/dovecot chmod 750 %{buildroot}%{_localstatedir}/lib/dovecot # Make sure state directories are created at boot time for systems # with /var/run on tmpfs, else install the SysV initscript %if 0%{?use_systemd:1} install -p -D -m 644 %{SOURCE10} %{buildroot}%{_tmpfilesdir}/dovecot.conf %else install -p -D -m 755 %{SOURCE1} %{buildroot}%{_initddir}/dovecot install -p -D -m 600 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/dovecot %endif # Install the certificate generating script in %%{_libexecdir}/dovecot install -p -m 755 doc/mkcert.sh %{buildroot}%{_libexecdir}/dovecot/mkcert.sh # Install waitonline script install -p -D -m 755 %{SOURCE15} %{buildroot}%{_libexecdir}/dovecot/prestartscript # Generate ghost .pem files mkdir -p %{buildroot}%{_sysconfdir}/pki/dovecot/{certs,private} : > %{buildroot}%{_sysconfdir}/pki/dovecot/certs/dovecot.pem : > %{buildroot}%{_sysconfdir}/pki/dovecot/private/dovecot.pem # Install dovecot configuration and dovecot-openssl.cnf mkdir -p %{buildroot}%{_sysconfdir}/dovecot/conf.d mkdir -p %{buildroot}%{_sysconfdir}/pki/dovecot install -p -m 644 dovecot-docs/example-config/dovecot.conf %{buildroot}%{_sysconfdir}/dovecot install -p -m 644 dovecot-docs/example-config/conf.d/*.conf %{buildroot}%{_sysconfdir}/dovecot/conf.d install -p -m 644 dovecot-docs/example-config/conf.d/*.conf.ext %{buildroot}%{_sysconfdir}/dovecot/conf.d install -p -m 644 pigeonhole-docs/example-config/conf.d/*.conf %{buildroot}%{_sysconfdir}/dovecot/conf.d install -p -m 644 pigeonhole-docs/example-config/conf.d/*.conf.ext %{buildroot}%{_sysconfdir}/dovecot/conf.d || : install -p -m 644 doc/dovecot-openssl.cnf %{buildroot}%{_sysconfdir}/pki/dovecot/dovecot-openssl.cnf # PAM Configuration mkdir -p %{buildroot}%{_sysconfdir}/pam.d install -p -m 644 dovecot.pam %{buildroot}%{_sysconfdir}/pam.d/dovecot # Install additional manpages install -p -D -m 644 dovecot.conf.5 %{buildroot}%{_mandir}/man5/dovecot.conf.5 # Blow away static libraries find %{buildroot}%{_libdir}/dovecot -name '*.a' -delete # Blow away libtool archives find %{buildroot}%{_libdir}/dovecot -name '*.la' -delete # Blow away unwanted documentation rm %{buildroot}%{_sysconfdir}/dovecot/README cd dovecot-docs rm securecoding.txt thread-refs.txt cd - %check make check make -C %{pigeonhole_dir} check %pre # Create account for dovecot to run as /usr/bin/getent group dovecot > /dev/null || \ /usr/sbin/groupadd -g %{dovecot_gid} -r dovecot /usr/bin/getent passwd dovecot > /dev/null || \ /usr/sbin/useradd -r -u %{dovecot_uid} -g dovecot \ -d %{_libexecdir}/dovecot -M -s /sbin/nologin \ -c "Dovecot IMAP Server" dovecot /usr/bin/getent group dovenull > /dev/null || \ /usr/sbin/groupadd -r dovenull /usr/bin/getent passwd dovenull > /dev/null || \ /usr/sbin/useradd -r -g dovenull \ -d %{_libexecdir}/dovecot -s /sbin/nologin \ -c "Dovecot's unauthorized user" dovenull # Do not let dovecot run during upgrade (#134325) if [ "$1" = "2" ]; then rm -f %{restart_flag} %if 0%{?use_systemd:1} /bin/systemctl is-active dovecot.service &>/dev/null && touch %{restart_flag} || : /bin/systemctl stop dovecot.service &>/dev/null %else /sbin/service dovecot status &>/dev/null && touch %{restart_flag} || : /sbin/service dovecot stop &>/dev/null %endif fi %post if [ $1 -eq 1 ]; then %if 0%{?use_systemd:1} /bin/systemctl daemon-reload &> /dev/null || : %else /sbin/chkconfig --add dovecot || : %endif fi # Migrate SSL certificates from old locations if present # Use cp rather than mv to avoid breakage of existing configuration [ -f %{_sysconfdir}/pki/dovecot/dovecot.pem -a ! -e %{_sysconfdir}/pki/dovecot/certs/dovecot.pem ] && cp -p %{_sysconfdir}/pki/dovecot/dovecot.pem %{_sysconfdir}/pki/dovecot/certs/dovecot.pem [ -f %{_datadir}/ssl/certs/dovecot.pem -a ! -e %{_sysconfdir}/pki/dovecot/certs/dovecot.pem ] && cp -p %{_datadir}/ssl/certs/dovecot.pem %{_sysconfdir}/pki/dovecot/certs/dovecot.pem || : [ -f %{_datadir}/ssl/private/dovecot.pem -a ! -e %{_sysconfdir}/pki/dovecot/private/dovecot.pem ] && cp -p %{_datadir}/ssl/private/dovecot.pem %{_sysconfdir}/pki/dovecot/private/dovecot.pem || : # Create SSL keys/certs [ ! -f %{_sysconfdir}/pki/dovecot/certs/dovecot.pem ] && %{_libexecdir}/dovecot/mkcert.sh &> /dev/null || : # Create SSL parameters [ ! -f %{_localstatedir}/lib/dovecot/ssl-parameters.dat ] && %{_libexecdir}/dovecot/ssl-params &>/dev/null exit 0 %preun if [ $1 = 0 ]; then %if 0%{?use_systemd:1} /bin/systemctl disable dovecot.service dovecot.socket &> /dev/null || : /bin/systemctl stop dovecot.service dovecot.socket &> /dev/null || : %else %{_initddir}/dovecot stop &> /dev/null || : /sbin/chkconfig --del dovecot %endif rm -rf %{_localstatedir}/run/dovecot fi %postun # service restarted in %%postun rather than %%post for the benefit of people doing composes in chroots %if 0%{?use_systemd:1} /bin/systemctl daemon-reload &> /dev/null || : %endif if [ "$1" -ge "1" -a -e %{restart_flag} ]; then %if 0%{?use_systemd:1} /bin/systemctl start dovecot.service &> /dev/null || : %else %{_initddir}/dovecot start &> /dev/null || : %endif rm -f %{restart_flag} fi %posttrans # dovecot should be started again in %%postun, but it's not executed on reinstall; # if it was already started, restart_flag won't be here, so it's ok to test it again if [ -e %{restart_flag} ]; then %if 0%{?use_systemd:1} /bin/systemctl start dovecot.service &> /dev/null || : %else %{_initddir}/dovecot start &> /dev/null || : %endif rm -f %{restart_flag} fi %files %if 0%{?use_systemd:1} %{_tmpfilesdir}/dovecot.conf %{_unitdir}/dovecot.service %{_unitdir}/dovecot.socket %else %{_initddir}/dovecot %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot %endif %if 0%{?_licensedir:1} %license COPYING COPYING.LGPL COPYING.MIT %else %doc COPYING COPYING.LGPL COPYING.MIT %endif %doc dovecot-docs/* AUTHORS ChangeLog NEWS README %dir %{_sysconfdir}/dovecot/ %dir %{_sysconfdir}/dovecot/conf.d/ %config(noreplace) %{_sysconfdir}/dovecot/dovecot.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-auth.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-director.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-imap.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-lmtp.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-pop3.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-acl.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-plugin.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-quota.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-checkpassword.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-deny.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-dict.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-ldap.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-master.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-passwdfile.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext %config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-vpopmail.conf.ext %config(noreplace) %{_sysconfdir}/pam.d/dovecot %config(noreplace) %{_sysconfdir}/pki/dovecot/dovecot-openssl.cnf %dir %{_sysconfdir}/pki/dovecot/ %dir %{_sysconfdir}/pki/dovecot/certs/ %dir %{_sysconfdir}/pki/dovecot/private/ %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/dovecot/certs/dovecot.pem %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/dovecot/private/dovecot.pem %{_bindir}/doveadm %{_bindir}/doveconf %{_bindir}/dsync %{_sbindir}/dovecot %dir %{_libexecdir}/dovecot/ %{_libexecdir}/dovecot/aggregator %{_libexecdir}/dovecot/anvil %{_libexecdir}/dovecot/auth %{_libexecdir}/dovecot/checkpassword-reply %{_libexecdir}/dovecot/config %{_libexecdir}/dovecot/decode2text.sh %{_libexecdir}/dovecot/deliver %{_libexecdir}/dovecot/dict %{_libexecdir}/dovecot/director %{_libexecdir}/dovecot/dns-client %{_libexecdir}/dovecot/doveadm-server %{_libexecdir}/dovecot/dovecot-lda %{_libexecdir}/dovecot/gdbhelper %{_libexecdir}/dovecot/imap %{_libexecdir}/dovecot/imap-hibernate %{_libexecdir}/dovecot/imap-login %{_libexecdir}/dovecot/imap-urlauth %{_libexecdir}/dovecot/imap-urlauth-login %{_libexecdir}/dovecot/imap-urlauth-worker %{_libexecdir}/dovecot/indexer %{_libexecdir}/dovecot/indexer-worker %{_libexecdir}/dovecot/ipc %{_libexecdir}/dovecot/lmtp %{_libexecdir}/dovecot/log %{_libexecdir}/dovecot/maildirlock %{_libexecdir}/dovecot/mkcert.sh %{_libexecdir}/dovecot/pop3 %{_libexecdir}/dovecot/pop3-login %{_libexecdir}/dovecot/prestartscript %{_libexecdir}/dovecot/quota-status %{_libexecdir}/dovecot/rawlog %{_libexecdir}/dovecot/replicator %{_libexecdir}/dovecot/script %{_libexecdir}/dovecot/script-login %{_libexecdir}/dovecot/ssl-params %{_libexecdir}/dovecot/stats %if 0%{?tcp_wrappers_support} %{_libexecdir}/dovecot/tcpwrap %endif %{_libexecdir}/dovecot/xml2text # Note: %%{_libdir}/dovecot/*.so are plug-ins, not devel files %dir %{_libdir}/dovecot/ %dir %{_libdir}/dovecot/auth/ %dir %{_libdir}/dovecot/dict/ %dir %{_libdir}/dovecot/doveadm/ %dir %{_libdir}/dovecot/settings/ %dir %{_libdir}/dovecot/stats/ %{_libdir}/dovecot/auth/lib20_auth_var_expand_crypt.so %{_libdir}/dovecot/auth/libauthdb_imap.so %{_libdir}/dovecot/auth/libauthdb_ldap.so %{_libdir}/dovecot/auth/libmech_gssapi.so %{_libdir}/dovecot/auth/libdriver_sqlite.so %{_libdir}/dovecot/dict/libdict_ldap.so %{_libdir}/dovecot/dict/libdriver_sqlite.so %{_libdir}/dovecot/doveadm/lib10_doveadm_acl_plugin.so %{_libdir}/dovecot/doveadm/lib10_doveadm_expire_plugin.so %{_libdir}/dovecot/doveadm/lib10_doveadm_quota_plugin.so %{_libdir}/dovecot/doveadm/lib20_doveadm_fts_plugin.so %if 0%{?build_lucene} %{_libdir}/dovecot/doveadm/lib20_doveadm_fts_lucene_plugin.so %endif %{_libdir}/dovecot/doveadm/libdoveadm_mail_crypt_plugin.so %{_libdir}/dovecot/libdriver_sqlite.so %{_libdir}/dovecot/libdovecot.so.0 %{_libdir}/dovecot/libdovecot.so.0.0.0 %{_libdir}/dovecot/libdovecot-compression.so.0 %{_libdir}/dovecot/libdovecot-compression.so.0.0.0 %{_libdir}/dovecot/libdovecot-dsync.so.0 %{_libdir}/dovecot/libdovecot-dsync.so.0.0.0 %{_libdir}/dovecot/libdovecot-fts.so.0 %{_libdir}/dovecot/libdovecot-fts.so.0.0.0 %{_libdir}/dovecot/libdovecot-lda.so.0 %{_libdir}/dovecot/libdovecot-lda.so.0.0.0 %{_libdir}/dovecot/libdovecot-ldap.so.0 %{_libdir}/dovecot/libdovecot-ldap.so.0.0.0 %{_libdir}/dovecot/libdovecot-login.so.0 %{_libdir}/dovecot/libdovecot-login.so.0.0.0 %{_libdir}/dovecot/libdovecot-sieve.so.0 %{_libdir}/dovecot/libdovecot-sieve.so.0.0.0 %{_libdir}/dovecot/libdovecot-sql.so.0 %{_libdir}/dovecot/libdovecot-sql.so.0.0.0 %{_libdir}/dovecot/libdovecot-storage.so.0 %{_libdir}/dovecot/libdovecot-storage.so.0.0.0 %{_libdir}/dovecot/lib01_acl_plugin.so %{_libdir}/dovecot/lib02_imap_acl_plugin.so %{_libdir}/dovecot/lib02_lazy_expunge_plugin.so %{_libdir}/dovecot/lib05_mail_crypt_acl_plugin.so %{_libdir}/dovecot/lib05_pop3_migration_plugin.so %{_libdir}/dovecot/lib05_snarf_plugin.so %{_libdir}/dovecot/lib10_last_login_plugin.so %{_libdir}/dovecot/lib10_mail_crypt_plugin.so %{_libdir}/dovecot/lib10_mail_filter_plugin.so %{_libdir}/dovecot/lib10_quota_plugin.so %{_libdir}/dovecot/lib11_imap_quota_plugin.so %{_libdir}/dovecot/lib11_trash_plugin.so %{_libdir}/dovecot/lib15_notify_plugin.so %{_libdir}/dovecot/lib20_autocreate_plugin.so %{_libdir}/dovecot/lib20_charset_alias_plugin.so %{_libdir}/dovecot/lib20_expire_plugin.so %{_libdir}/dovecot/lib20_fts_plugin.so %{_libdir}/dovecot/lib20_listescape_plugin.so %{_libdir}/dovecot/lib20_mail_log_plugin.so %{_libdir}/dovecot/lib20_mailbox_alias_plugin.so %{_libdir}/dovecot/lib20_notify_status_plugin.so %{_libdir}/dovecot/lib20_push_notification_plugin.so %{_libdir}/dovecot/lib20_quota_clone_plugin.so %{_libdir}/dovecot/lib20_replication_plugin.so %{_libdir}/dovecot/lib20_var_expand_crypt.so %{_libdir}/dovecot/lib20_virtual_plugin.so %{_libdir}/dovecot/lib20_zlib_plugin.so %if 0%{?build_lucene} %{_libdir}/dovecot/lib21_fts_lucene_plugin.so %endif %{_libdir}/dovecot/lib21_fts_solr_plugin.so %{_libdir}/dovecot/lib21_fts_squat_plugin.so %{_libdir}/dovecot/lib30_imap_zlib_plugin.so %{_libdir}/dovecot/lib90_stats_plugin.so %{_libdir}/dovecot/lib95_imap_stats_plugin.so %{_libdir}/dovecot/lib99_welcome_plugin.so %if 0%{?openssl_ecc_support} %{_libdir}/dovecot/libdcrypt_openssl.so %endif %{_libdir}/dovecot/libfs_compress.so %{_libdir}/dovecot/libfs_crypt.so %{_libdir}/dovecot/libfs_mail_crypt.so %{_libdir}/dovecot/libssl_iostream_openssl.so %{_libdir}/dovecot/stats/libstats_auth.so %{_libdir}/dovecot/stats/libstats_mail.so %attr(0755,root,dovecot) %dir %{_localstatedir}/run/dovecot/ %dir %{_localstatedir}/run/dovecot/empty/ %attr(0750,root,dovenull) %dir %{_localstatedir}/run/dovecot/login/ %attr(0750,root,dovenull) %dir %{_localstatedir}/run/dovecot/token-login/ %attr(0750,dovecot,dovecot) %dir %{_localstatedir}/lib/dovecot/ %dir %{_datadir}/dovecot/ %dir %{_datadir}/dovecot/stopwords/ %{_datadir}/dovecot/stopwords/stopwords_da.txt %{_datadir}/dovecot/stopwords/stopwords_de.txt %{_datadir}/dovecot/stopwords/stopwords_en.txt %{_datadir}/dovecot/stopwords/stopwords_es.txt %{_datadir}/dovecot/stopwords/stopwords_fi.txt %{_datadir}/dovecot/stopwords/stopwords_fr.txt %{_datadir}/dovecot/stopwords/stopwords_it.txt %{_datadir}/dovecot/stopwords/stopwords_nl.txt %{_datadir}/dovecot/stopwords/stopwords_no.txt %{_datadir}/dovecot/stopwords/stopwords_pt.txt %{_datadir}/dovecot/stopwords/stopwords_ro.txt %{_datadir}/dovecot/stopwords/stopwords_ru.txt %{_datadir}/dovecot/stopwords/stopwords_sv.txt %{_mandir}/man1/deliver.1* %{_mandir}/man1/doveadm.1* %{_mandir}/man1/doveadm-acl.1* %{_mandir}/man1/doveadm-altmove.1* %{_mandir}/man1/doveadm-auth.1* %{_mandir}/man1/doveadm-backup.1* %{_mandir}/man1/doveadm-batch.1* %{_mandir}/man1/doveadm-config.1* %{_mandir}/man1/doveadm-copy.1* %{_mandir}/man1/doveadm-deduplicate.1* %{_mandir}/man1/doveadm-director.1* %{_mandir}/man1/doveadm-dump.1* %{_mandir}/man1/doveadm-exec.1* %{_mandir}/man1/doveadm-expunge.1* %{_mandir}/man1/doveadm-fetch.1* %{_mandir}/man1/doveadm-flags.1* %{_mandir}/man1/doveadm-force-resync.1* %{_mandir}/man1/doveadm-fs.1* %{_mandir}/man1/doveadm-fts.1* %{_mandir}/man1/doveadm-help.1* %{_mandir}/man1/doveadm-import.1* %{_mandir}/man1/doveadm-index.1* %{_mandir}/man1/doveadm-instance.1* %{_mandir}/man1/doveadm-kick.1* %{_mandir}/man1/doveadm-log.1* %{_mandir}/man1/doveadm-mailbox.1* %{_mandir}/man1/doveadm-mailbox-cryptokey.1* %{_mandir}/man1/doveadm-mount.1* %{_mandir}/man1/doveadm-move.1* %{_mandir}/man1/doveadm-penalty.1* %{_mandir}/man1/doveadm-proxy.1* %{_mandir}/man1/doveadm-purge.1* %{_mandir}/man1/doveadm-pw.1* %{_mandir}/man1/doveadm-quota.1* %{_mandir}/man1/doveadm-rebuild.1* %{_mandir}/man1/doveadm-reload.1* %{_mandir}/man1/doveadm-replicator.1* %{_mandir}/man1/doveadm-search.1* %{_mandir}/man1/doveadm-stats.1* %{_mandir}/man1/doveadm-stop.1* %{_mandir}/man1/doveadm-sync.1* %{_mandir}/man1/doveadm-user.1* %{_mandir}/man1/doveadm-who.1* %{_mandir}/man1/doveconf.1* %{_mandir}/man1/dovecot.1* %{_mandir}/man1/dovecot-lda.1* %{_mandir}/man1/dsync.1* %{_mandir}/man5/dovecot.conf.5* %{_mandir}/man7/doveadm-search-query.7* %files devel %{_includedir}/dovecot/ %{_datadir}/aclocal/dovecot.m4 %{_datadir}/aclocal/dovecot-pigeonhole.m4 %{_libdir}/dovecot/dovecot-config %{_libdir}/dovecot/libdovecot.so %{_libdir}/dovecot/libdovecot-compression.so %{_libdir}/dovecot/libdovecot-dsync.so %{_libdir}/dovecot/libdovecot-fts.so %{_libdir}/dovecot/libdovecot-lda.so %{_libdir}/dovecot/libdovecot-ldap.so %{_libdir}/dovecot/libdovecot-login.so %{_libdir}/dovecot/libdovecot-sieve.so %{_libdir}/dovecot/libdovecot-sql.so %{_libdir}/dovecot/libdovecot-storage.so %files pigeonhole %if 0%{?_licensedir:1} %license %{pigeonhole_dir}/COPYING %{pigeonhole_dir}/COPYING.LGPL %endif %doc pigeonhole-docs/* %config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-managesieve.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-sieve.conf %config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-sieve-extprograms.conf %{_bindir}/sievec %{_bindir}/sieve-dump %{_bindir}/sieve-filter %{_bindir}/sieve-test %{_libdir}/dovecot/lib90_sieve_plugin.so %{_libdir}/dovecot/lib95_imap_filter_sieve_plugin.so %{_libdir}/dovecot/lib95_imap_sieve_plugin.so %{_libdir}/dovecot/doveadm/lib10_doveadm_sieve_plugin.so %{_libdir}/dovecot/settings/libmanagesieve_settings.so %{_libdir}/dovecot/settings/libmanagesieve_login_settings.so %{_libdir}/dovecot/settings/libpigeonhole_settings.so %{_libdir}/dovecot/sieve/ %{_libexecdir}/dovecot/managesieve %{_libexecdir}/dovecot/managesieve-login %{_mandir}/man1/doveadm-sieve.1* %{_mandir}/man1/sievec.1* %{_mandir}/man1/sieved.1* %{_mandir}/man1/sieve-dump.1* %{_mandir}/man1/sieve-filter.1* %{_mandir}/man1/sieve-test.1* %{_mandir}/man7/pigeonhole.7* %files mysql %{_libdir}/dovecot/libdriver_mysql.so %{_libdir}/dovecot/auth/libdriver_mysql.so %{_libdir}/dovecot/dict/libdriver_mysql.so %files pgsql %{_libdir}/dovecot/libdriver_pgsql.so %{_libdir}/dovecot/auth/libdriver_pgsql.so %{_libdir}/dovecot/dict/libdriver_pgsql.so %changelog * Wed Dec 18 2019 Paul Howarth - 1:2.2.36.4-2.0.cf - Setting first_valid_gid/last_valid_gid lead to (wrong) error messages (#1280436) - Fix regression in Global ACL directory (#1630380) https://dovecot.org/list/dovecot/2018-September/112938.html - Drop support for building with unreleased pigeonhole versions * Thu Aug 29 2019 Paul Howarth - 1:2.2.36.4-1.0.cf - Update dovecot to 2.2.36.4 - CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes - Update pigeonhole to 0.4.24.2 - CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes * Fri Mar 29 2019 Paul Howarth - 1:2.2.36.3-1.0.cf - Update dovecot to 2.2.36.3 - CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index; exploiting this requires direct write access to the index files * Tue Feb 5 2019 Paul Howarth - 1:2.2.36.1-1.0.cf - Update dovecot to 2.2.36.1 - CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing - ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field; this may have allowed users with trusted certificate to specify any username in the authentication (this bug didn't affect Dovecot's Submission service) - pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT - director: Kicking a user assert-crashes if login process is very slow - lda/lmtp: Fix assert-crash with some Sieve scripts when mail_attachment_detection_options=add-flags-on-save - fs-compress: Using maybe-gz assert-crashed when reading 0 sized file - Snippet generation crashed with invalid Content-Type:multipart - Update pigeonhole to 0.4.24.1 - imapsieve: Added imapsieve_expunge_discarded setting, which causes discarded messages to be expunged immediately - Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that modify the message, store the message a second time, rather than replacing the originally stored unmodified message - imapsieve: Fix crash when COPYing mails from a virtual mailbox when the source messages originate from more than a single real mailbox - imap_filter_sieve plugin: Implement the missing UID FILTER command - imap_filter_sieve plugin: Fix FILTER to work with pipelining * Tue May 29 2018 Paul Howarth - 1:2.2.36-1.0.cf - Update dovecot to 2.2.36 - login-proxy: If ssl_require_crl=no, allow revoked certificates; also don't do CRL checks for incoming client certificates - stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening /proc/self/io; this may still cause security problems if the process is ptrace()d at the same time - instead, open it while still running as root - doveadm: Added mailbox cache decision&remove commands; see doveadm-mailbox(1) man page for details - doveadm: Added rebuild attachments command for rebuilding $HasAttachment or $HasNoAttachment flags for matching mails; see doveadm-rebuild(1) man page for details - cassandra: Use fallback_consistency on more types of errors - cassandra: Fix consistency=quorum to work - dsync: Lock file generation failed if home directory didn't exist - In some configs if namespace root directory didn't yet exist, Dovecot failed to create mailboxes.lock when trying to create mailboxes - Snippet generation for HTML mails didn't ignore &entities inside blockquotes, producing strange looking snippets - imapc: Fix assert-crash if getting disconnected and after reconnection all mails in the selected mailbox are gone - pop3c: Handle unexpected server disconnections without assert-crash - fts: Fixes to indexing mails via virtual mailboxes - fts: If mails contained NUL characters, the text around it wasn't indexed - Obsolete dovecot.index.cache offsets were sometimes used; trying to fetch a field that was just added to cache file may not have always found it - dict-sql: Fix crash when reading NULL value from database - Update pigeonhole to 0.4.24 - Implement plugin for the a vendor-defined IMAP capability called "FILTER=SIEVE"; it adds the ability to manually invoke Sieve filtering in IMAP (more information can be found in doc/plugins/imap_filter_sieve.txt) - Fix assert panics triggered by empty messages that are being forwarded using redirect or vnd.dovecot.report; this does not likely normally occur, but this is seen as a result of certain benign failures in object storage - Make the length of the subject header for the vacation response configurable and enforce the limit in UTF-8 codepoints rather than bytes; the subject header for a vacation response was statically truncated to 256 bytes, which is too limited for multi-byte UTF-8 characters - Sieve editheader extension: Fix assertion panic occurring when it is used to manipulate a message header with a very large header field - Properly abort execution of the sieve_discard script upon error; before, the LDA Sieve plugin attempted to execute the sieve_discard script when an error occurs, which can lead to the message being lost - Fix the interaction between quota and the sieve_discard script; when quota was used together with a sieve_discard script, the message delivery did not bounce when the quota was exceeded * Wed Mar 28 2018 Paul Howarth - 1:2.2.35-1.0.cf - Update dovecot to 2.2.35 - charset_alias: Compile failed with Solaris Studio - Fix local name handling in v2.2.34 SNI code - imapc: Don't try to add mails to index if they already exist there - imapc: If email is modified in istream_opened hook, mail size isn't updated - lib-dcrypt: When reading encrypted data, more data would not be read if buffer was not consumed causing panic or hang - notify: When notify plugin is used and transaction commit fails in dsync, crash occurred - sdbox: When delivering to a mailbox that is over quota, temp files were not cleaned up when saving or copying fails - Update pigeonhole to 0.4.23 - editheader extension: Corrected the stream position calculations performed while making the modified message available as a stream; Pigeonhole Sieve crashed in LMTP with an assertion panic when the Sieve editheader extension was used before the message was redirected - fileinto extension: Fix assert panic occurring when fileinto is used without being listed in the require line, while the copy extension is listed there; this is a very old bug - imapsieve plugin: Do not log an error for messages that disappear concurrently while applying Sieve scripts; this is a further improvement on the imapsieve fix in the previous release (which fixed a panic); this event is now logged as a debug message * Fri Mar 2 2018 Paul Howarth - 1:2.2.34-1.0.cf - Update dovecot to 2.2.34 - CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted; this happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames - CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak memory contents to attacker, e.g. these memory contents might contain parts of an email from another user if the same imap process is reused for multiple users - CVE-2017-15132: Aborted SASL authentication leaks memory in login process - Linux: Core dumping is no longer enabled by default via PR_SET_DUMPABLE, because this may allow attackers to bypass chroot/group restrictions; nowadays core dumps can be safely enabled by using "sysctl -w fs.suid_dumpable=2", and if the old behaviour is wanted, it can still be enabled by setting: import_environment=$import_environment PR_SET_DUMPABLE=1 - doveconf output now includes the hostname - New mail_attachment_detection_options setting controls when $HasAttachment and $HasNoAttachment keywords are set for mails - imap: Support fetching body snippets using FETCH (SNIPPET) or (SNIPPET (LAZY=FUZZY)) - fs-compress: Automatically detect whether input is compressed or not; prefix the compression algorithm with "maybe-" to enable the detection, for example: "compress:maybe-gz:6:..." - Added settings to change dovecot.index* files' optimization behavior; see https://wiki2.dovecot.org/IndexFiles#Settings - Auth cache can now utilize auth workers to do password hash verification by setting auth_cache_verify_password_with_worker=yes - Added charset_alias plugin (https://wiki2.dovecot.org/Plugins/CharsetAlias) - imap_logout_format and pop3_logout_format settings now support all of the generic variables (e.g. %%{rip}, %%{session}, etc.) - Added auth_policy_check_before_auth, auth_policy_check_after_auth and auth_policy_report_after_auth settings - v2.2.33: doveadm-server: Various fixes related to log handling - v2.2.33: doveadm failed when trying to access UNIX socket that didn't require authentication - v2.2.33: doveadm log reopen stopped working - v2.2.30+: IMAP stopped advertising SPECIAL-USE capability - v2.2.30+: IMAP stopped sending untagged OK/NO storage notifications - replication: dsync sent unnecessary replication notification for changes it did internally; NOTE: Folder creates, renames, deletes and subscribes still trigger unnecessary replication notifications, but these should be rather rare - mail_always/never_cache_fields setting changes weren't applied for existing dovecot.index.cache files - Fix compiling and other problems with OpenSSL v1.1 - auth policy: With master user logins, lookup using login username - FTS reindexed all mails unnecessarily after loss of dovecot.index.cache file - mdbox rebuild repeatedly failed with "missing map extension" - SSL connections may have been hanging with imapc or doveadm client - cassandra: Using protocol v3 (Cassandra v2.1) caused memory leaks and also timestamps weren't set to queries - fs-crypt silently ignored public/private keys specified in configuration (mail_crypt_global_public/private_key) and just emitted plaintext output - lock_method=dotlock caused crashes - imapc: Reconnection may cause crashes and other errors - Update pigeonhole to 0.4.22 - Fixed filesystem path handling problem: sieve plugin could have assert-crashed with specific path lengths with: "Panic: file realpath.c: line 86 (path_normalize): assertion failed: (npath_pos + 1 < npath + asize)" - Sieve extprograms plugin: Large output from "execute" command crashed delivery; fixed buffering issue in code that handles output from the external program - editheader extension: Extensively reworked the low-level implementation of adding and removing headers, which solved a few integer arithmetic problems reported by Clang runtime checks, but also improves code structure and reliability in general - imapsieve: Fix assert crash occurring when selected messages are expunged concurrently by the time Sieve filter is to be applied - imap4flags extension: Fix binary byte-code corruption occurring when the setflag, addflag, or removeflag command's flag-list is a variable - enotify extension: mailto method: Fixed parsing of mailto URI with only a header part - enotify extension: mailto method: Make sure "From:" header is set to a usable address and not "(null)" - Fixed writing address headers to outgoing messages; it sometimes erroneously applied another layer of MIME header encoding - Remove tcp_wrappers from Fedora 28 onwards (#1518761) - Use mariadb-connector-c-devel instead of mysql-devel from Fedora 28 onwards (#1493624) - Work around presence of incompatible expat21 in EPEL-6 * Mon Oct 30 2017 Paul Howarth - 1:2.2.33.2-1.0.cf - Update dovecot to 2.2.33.2 - doveadm: Fix crash in proxying (or dsync replication) if remote is running older than v2.2.33 - auth: Fix memory leak in %%{ldap_dn} - dict-sql: Fix data types to work correctly with Cassandra - Update pigeonhole to 0.4.21 - redirect action: Always set the X-Sieve-Redirected-From header to sieve_user_email if configured; previously, it would use the envelope recipient instead if available, which makes no sense if the primary e-mail address is available - vacation extension: Allow ignoring the envelope sender while composing the "To:" header for the reply; this change adds a new setting "sieve_vacation_to_header_ignore_envelope", which, when enabled, means the "To:" header is always composed from headers in the source message and thus allows ignoring the envelope, which is useful e.g. when SRS is used - vacation extension: Compose the "To:" header from the full sender address found in the first "Sender:", "From:" or "Resent-From:" header - LDA Sieve plugin: Fixed sequential execution of LDAP-based scripts; a missing LDAP-based script could cause the script sequence to exit earlier - sieve-filter: Removed the (now) duplicate utf8 to mutf7 mailbox name conversion, which caused problems with mailbox names containing UTF-8 characters; the Dovecot API was changed years ago, but apparently sieve-filter was never updated * Thu Oct 12 2017 Paul Howarth - 1:2.2.33.1-1.0.cf - Update dovecot to 2.2.33.1 - dovecot-lda was logging to stderr instead of to the log file * Wed Oct 11 2017 Paul Howarth - 1:2.2.33-1.0.cf - Update dovecot to 2.2.33 - doveadm director commands wait for the changes to be visible in the whole ring before they return; this is especially useful in testing - Environments listed in import_environment setting are now set or preserved when executing standalone commands (e.g. doveadm) - doveadm proxy: Support proxying logs; previously the logs were visible only in the backend's logs - Added %%{if}; see https://wiki2.dovecot.org/Variables#Conditionals - Added a new notify_status plugin, which can be used to update dict with current status of a mailbox when it changes. See https://wiki2.dovecot.org/Plugins/NotifyStatus - Mailbox list index can be disabled for a namespace by appending ":LISTINDEX=" to location setting - dsync/imapc: Added dsync_hashed_headers setting to specify which headers are used to match emails - pop3-migration: Add pop3_migration_ignore_extra_uidls=yes to ignore mails that are visible in POP3 but not IMAP; this could happen if new mails were delivered during the migration run - pop3-migration: Further improvements to help with Zimbra - pop3-migration: Cache POP3 UIDLs in imapc's dovecot.index.cache if indexes are enabled; these are used to optimize incremental syncs - cassandra, dict-sql: Use prepared statements if protocol version>3 - auth: Added %%{ldap_dn} variable for passdb/userdb ldap - acl: The "create" (k) permission in global acl-file was sometimes ignored, allowing users to create mailboxes when they shouldn't have - sdbox: Mails were always opened when expunging, unless mail_attachment_fs was explicitly set to empty - lmtp/doveadm proxy: hostip passdb field was ignored, which caused unnecessary DNS lookups if host field wasn't an IP - lmtp proxy: Fix crash when receiving unexpected reply in RCPT TO - quota_clone: Update also when quota is unlimited (broken in v2.2.31) - mbox, zlib: Fix assert-crash when accessing compressed mbox - doveadm director kick -f parameter didn't work - doveadm director flush resulted flushing all hosts, if wasn't an IP address - director: Various fixes to handling backend/director changes at abnormal times, especially while ring was unsynced; these could have resulted in crashes, non-optimal behaviour or ignoring some of the changes - director: Use less CPU in imap-login processes when moving/kicking many users - lmtp: Session IDs were duplicated/confusing with multiple RCPT TOs when lmtp_rcpt_check_quota=yes - doveadm sync -1 fails when local mailboxes exist that do not exist remotely; this commonly happened when lazy_expunge mailbox was autocreated when incremental sync expunged mails - pop3: rawlog_dir setting didn't work * Tue Aug 29 2017 Paul Howarth - 1:2.2.32-2.0.cf - Update pigeonhole to 0.4.20 - Made the retention period for redirect duplicate identifiers configurable, and changed the default retention period from 24 to 12 hours; for accounts that perform many redirects, the lda-dupes database could grow to impractical sizes - sieve-filter: Fixed memory leak: forgot to clean up script binary at end of execution - managesieve-login: Fixed handling of AUTHENTICATE command: a second authenticate command would be parsed incorrectly, a problem was caused by changes in the previous release - LDA Sieve plugin: Fixed minor memory leak caused by not cleaning up the sieve_discard script * Fri Aug 25 2017 Paul Howarth - 1:2.2.32-1.0.cf - Update dovecot to 2.2.32 - imapc: Info-level line is logged every time when successfully connected to the remote server: this includes local/remote IP/port, which can be useful for matching against external logs - config: Log a warning if plugin { key=no } is used explicitly; v2.3 will support "no" properly in plugin settings, but for now any value at all for a boolean plugin setting is treated as "yes", even if it's written as explicit "no" - this change will now warn that it most likely won't work as intended - Various optimizations to avoid accessing files/directories when it's not necessary; especially avoid accessing mail root directories when INDEX directories point to a different filesystem - mail_location can now include ITERINDEX parameter, which tells Dovecot to perform mailbox listing from the INDEX path instead of from the mail root path; it's mainly useful when the INDEX storage is on a faster storage - mail_location can now include VOLATILEDIR= parameter; this is used for creating lock files and in future potentially other files that don't need to exist permanently - the path could point to tmpfs for example (this is especially useful to avoid creating lock files to NFS or other remote filesystems) - mail_location's LISTINDEX= can now contain a full path; this allows storing mailbox list index to a different storage than the rest of the indexes, for example to tmpfs - mail_location can now include NO-NOSELECT parameter; this automatically deletes any \NoSelect mailboxes that have no children (these mailboxes are sometimes confusing to users) - mail_location can now include BROKENCHAR= parameter; this can be useful with imapc to access mailbox names that aren't valid mUTF-7 charset from remote servers - If mailbox_list_index_very_dirty_syncs=yes, the list index is no longer refreshed against filesystem when listing mailboxes; this allows the mailbox listing to be done entirely by only reading the mailbox list index - Added mailbox_list_index_include_inbox setting to control whether INBOX's STATUS information should be cached in the mailbox list index: the default is "no", but it may be useful to change it to "yes", especially if LISTINDEX points to tmpfs - userdb can return chdir=, which overrides mail_home for the chdir location; this can be useful to avoid accessing home directory on login - userdb can return postlogin= to specify per-user imap/pop3 postlogin socket path - cassandra: Add support for result paging by adding page_size= parameter to the connect setting - dsync/imapc, pop3-migration plugin: Strip also trailing tabs from headers when matching mails; this helps with migrations from Zimbra - imap_logout_format supports now %%{appended} and %%{autoexpunged} - virtual plugin: Optimize IDLE to use mailbox list index for finding out when something has changed - Added apparmor plugin (see https://wiki2.dovecot.org/Plugins/Apparmor) - virtual plugin: A lot of fixes; in many cases it was also working very inefficiently or even incorrectly - imap: NOTIFY parameter parsing was incorrectly "fixed" in v2.2.31; it was actually (mostly) working in previous versions, but broken in v2.2.31 - Modseq tracking didn't always work correctly; this could have caused imap unhibernation to fail or IMAP QRESYNC/CONDSTORE extensions to not work perfectly - mdbox: "Inconsistency in map index" wasn't fixed automatically - dict-ldap: %%variable values used in the LDAP filter weren't escaped - quota=count: quota_warning = -storage=.. was never executed (try #2); v2.2.31 fixed it for -messages, but not for -storage - imapc: ≥ 32 kB mail bodies were supposed to be cached for subsequent FETCHes, but weren't - quota-status service didn't support recipient_delimiter - acl: Don't access dovecot-acl-list files with acl_globals_only=yes - mail_location: If INDEX dir is set, mailbox deletion deletes its childrens' indexes; for example if "box" is deleted, "box/child" index directory was deleted as well (but mails were preserved) - director: v2.2.31 caused rapid reconnection loops to directors that were down * Thu Aug 3 2017 Paul Howarth - 1:2.2.31-5.0.cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Paul Howarth - 1:2.2.31-4.0.cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Jul 21 2017 Paul Howarth - 1:2.2.31-3.0.cf - Enable tcpwrap support (#1450587) - Revert commit breaking NOTIFY support * Tue Jun 27 2017 Paul Howarth - 1:2.2.31-1.0.cf - Update dovecot to 2.2.31 - LMTP: Removed "(Dovecot)" from added Received headers; some installations want to hide it, and there's not really any good reason for anyone to have it - Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates - dsync/imapc, pop3-migration plugin: Strip trailing whitespace from headers when matching mails; this helps with migrations from Zimbra - acl: Add acl_globals_only setting to disable looking up per-mailbox dovecot-acl files - Parse invalid message addresses better; this mainly affects the generated IMAP ENVELOPE replies - v2.2.30 wasn't fixing corrupted dovecot.index.cache files properly; it could have deleted wrong mail's cache or assert-crashed - v2.2.30 mail-crypt-acl plugin was assert-crashing - v2.2.30 welcome plugin wasn't working - Various fixes to handling mailbox listing, especially related to handling non-existent autocreated/autosubscribed mailboxes and ACLs - Global ACL file was parsed as if it was local ACL file, which caused some of the ACL rule interactions not to work exactly as intended - auth: forward_* fields didn't work properly: only the first forward field was working, and only if the first passdb lookup succeeded - Using mail_sort_max_read_count sometimes caused "Broken sort-* indexes, resetting" errors - Using mail_sort_max_read_count may have caused very high CPU usage - Message address parsing could have crashed on invalid input - imapc_features=fetch-headers wasn't always working correctly and caused the full header to be fetched - imapc: Various bugfixes related to connection failure handling - quota=imapc sent unnecessary FETCH RFC822.SIZE to server when expunging mails - quota=count: quota_warning = -storage=.. was never executed - quota=count: Add support for "ns" parameter - dsync: Fix incremental syncing for mails that don't have Date or Message-ID headers - imap: Fix hang when client sends pipelined SEARCH + EXPUNGE/CLOSE/LOGOUT - oauth2: Token validation didn't accept empty server responses - imap: NOTIFY command has been almost completely broken since the beginning; it seems nobody has been trying to use it - Update pigeonhole to 0.4.19 - This release adjusts Pigeonhole to several changes in the Dovecot API, making it depend on Dovecot v2.2.31 - Fixed bug in handling of implicit keep in some cases: implicit side-effects, such as assigned flags, were not always applied correctly - include extension: Fixed segfault that (sometimes) occurred when the global script location was left unconfigured * Mon Jun 12 2017 Paul Howarth - 1:2.2.30.2-1.0.cf - Update dovecot to 2.2.30.2 - auth: Multiple failed authentications within short time caused crashes - push-notification: OX driver crashed at deinit * Thu Jun 1 2017 Paul Howarth - 1:2.2.30.1-1.0.cf - Update dovecot to 2.2.30.1 - quota_warning scripts weren't working in v2.2.30 - vpopmail still wasn't compiling * Wed May 31 2017 Paul Howarth - 1:2.2.30-1.0.cf - Update dovecot to 2.2.30 - auth: Use timing safe comparisons for everything related to passwords; it's unlikely that these could have been used for practical attacks, especially because Dovecot delays and flushes all failed authentications in 2 second intervals, and it could have worked only when passwords were stored in plaintext in the passdb - master process sends SIGQUIT to all running children at shutdown, which instructs them to close all the socket listeners immediately; this way, restarting Dovecot should no longer fail due to some processes keeping the listeners open for a long time - auth: Add passdb { mechanisms=none } to match separate passdb lookup - auth: Add passdb { username_filter } to use passdb only if user matches the filter (see https://wiki2.dovecot.org/PasswordDatabase) - dsync: Add dsync_commit_msgs_interval setting, which attempts to commit the transaction after saving this many new messages; because of the way dsync works, it may not always be possible if mails are copied or UIDs need to change - imapc: Support imapc_features=search without ESEARCH extension - imapc: Add imapc_features=fetch-bodystructure to pass through remote server's FETCH BODY and BODYSTRUCTURE - imapc: Add quota=imapc backend to use GETQUOTA/GETQUOTAROOT on the remote server - passdb imap: Add allow_invalid_cert and ssl_ca_file parameters - If dovecot.index.cache corruption is detected, reset only the one corrupted mail instead of the whole file - doveadm mailbox status: Add "firstsaved" field - director_flush_socket: Add old host's up/down and vhost count as parameters - More fixes to automatically fix corruption in dovecot.list.index - dsync-server: Fix support for dsync_features=empty-header-workaround - imapc: Various bugfixes, including infinite loops on some errors - IMAP NOTIFY wasn't working for non-INBOX if IMAP client hadn't enabled modseq tracking via CONDSTORE/QRESYNC - fts-lucene: Fix it to work again with mbox format - Some internal error messages may have contained garbage in v2.2.29 - mail-crypt: Re-encrypt when copying/moving mails and per-mailbox keys are used, otherwise the copied mails can't be opened - vpopmail: Fix compiling * Thu Apr 13 2017 Paul Howarth - 1:2.2.29.1-1.0.cf - Update dovecot to 2.2.29.1 - imapc reconnection fix was forgotten from 2.2.29 release, which also made "make check" fail in a unit test - dict-sql: Merging multiple UPDATEs to a single statement wasn't actually working - Fixed building with vpopmail - Update pigeonhole to 0.4.18 - imapsieve plugin: Implemented the copy_source_after rule action - imapsieve plugin: Added non-standard Sieve environment items for the source and destination mailbox - multiscript: The execution of the discard script had an implicit "keep", rather than an implicit "discard" * Tue Apr 11 2017 Paul Howarth - 1:2.2.29-1.0.cf - Update dovecot to 2.2.29 (see NEWS for details) - Bug fixes include not expanding %%variables in passdb/userdb dict keys; if dict was used as the authentication passdb, using specially crafted %%variables in the username could be used to cause DoS (CVE-2017-2669) - Drop support for EOL distributions prior to F-13 - Drop BuildRoot: and Group: tags - Drop explicit buildroot cleaning in %%install section - Drop explicit %%clean section - BR: quota-devel unconditionally - Drop ICE and fallocate64 patches - /etc/pam.d/password-auth is always available now * Wed Mar 1 2017 Paul Howarth - 1:2.2.28-1.1.cf - Update pigeonhole to 0.4.17 - LDA Sieve plugin: Fixed handling of an early explicit keep during multiscript execution: action side-effects and the message snapshot would be lost at the final stage where the implicit keep is evaluated, which could result in the IMAP flags assigned to the message to be forgotten or that headers modified by the "editheader" extension would revert to their original state - file script storage: Amended the up-to-date time stamp comparison for on-disk binaries to include nanoseconds, which will fix problems occurring when both binary and script are saved within the same second; this fix is ineffective on older systems that have no support for nanoseconds in stat() timestamps, which should be pretty rare nowadays - file script storage: Improve saving and listing permission error to include more details - imapsieve plugin: Make sure "INBOX" is upper case in static mailbox rules; otherwise, the mailbox name would never match, since matching is performed case-sensitively and Dovecot only returns the upper-cased "INBOX" - imapsieve plugin: Fixed assert failure occurring when used with virtual mailboxes - doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's string value * Sat Feb 25 2017 Paul Howarth - 1:2.2.28-1.0.cf - Update dovecot to 2.2.28 (see NEWS for details) - Update patches as needed * Sun Feb 12 2017 Paul Howarth - 1:2.2.27-3.0.cf - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Thu Dec 15 2016 Paul Howarth - 1:2.2.27-2.0.cf - Fix big endian issue (#1403760) * Mon Dec 5 2016 Paul Howarth - 1:2.2.27-1.0.cf - Update dovecot to 2.2.27 - dovecot.list.index.log rotation sizes/times were changed so that the .log file stays smaller and .log.2 is deleted sooner - Added mail_crypt plugin that allows encryption of stored emails (see http://wiki2.dovecot.org/Plugins/MailCrypt) - stats: Global stats can be sent to Carbon server by setting stats_carbon_server=ip:port - imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send ID/XCLIENT - Added generic hash modifier for %%variables: %%{;rounds=,truncate=,salt=s>:field}; hash algorithm is any of the supported ones, e.g. md5, sha1, sha256, and also "pkcs5" is supported using SHA256, e.g. %%{sha256:user} or %%{md5;truncate=32:user} - Added support for SHA3-256 and SHA3-512 hashes - config: Support DNS wildcards in local_name, e.g. local_name *.example.com { .. } matches anything.example.com, but not multiple.anything.example.com - config: Support multiple names in local_name, e.g. local_name "1.example.com 2.example.com" { .. } - Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set - director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts - Index files may have been thought incorrectly lost, causing "Missing middle file seq=.." to be logged and index rebuild; this happened more easily with IMAP hibernation enabled - Various fixes to restoring state correctly in un-hibernation - dovecot.index files were commonly 4 bytes per email too large; this is because 3 bytes per email were being wasted that could have been used for IMAP keywords - Various fixes to handle dovecot.list.index corruption better - lib-fts: Fixed assert-crash in address tokenizer with specific input - Fixed assert-crash in HTML to text parsing with specific input (e.g. for FTS indexing or snippet generation) - doveadm sync -1: Fixed handling mailbox GUID conflicts - sdbox, mdbox: Perform full index rebuild if corruption is detected inside lib-index, which runs index fsck - quota: Don't skip quota checks when moving mails between different quota roots - search: Multiple sequence sets or UID sets in search parameters weren't handled correctly; they were incorrectly merged together - Update patches as needed - Add patch to fix broken configure check for mysql_ssl_set - Add patch to skip some additional tests if there's no ECC support in OpenSSL - Add patch to fix more configure tests broken with -Werror=implicit-function-declaration * Mon Oct 31 2016 Paul Howarth - 1:2.2.26.0-1.0.cf - Update dovecot to 2.2.26.0 - Fixed some compiling issues - auth: Fixed assert-crash when using NTLM or SKEY mechanisms and multiple passdbs - auth: Fixed crash when exporting to auth-worker passdb extra fields that had empty values - dsync: Fixed assert-crash in dsync_brain_sync_mailbox_deinit - Update pigeonhole to 0.4.16 - Part of the Sieve extprograms implementation was moved to Dovecot, which means that this release depends on Dovecot v2.2.26+ - ManageSieve: The PUTSCRIPT command now allows uploading empty Sieve scripts; there was really no good reason to disallow doing that - Sieve vnd.dovecot.report extension: - Added a Dovecot-Reporting-User field to the report body, which contains the e-mail address of the user sending the report - Added support for configuring the "From:" address used in the report - LDA sieve plugin: Implemented support for a "discard script" that is run when the message is going to be discarded; this allows doing something other than throwing the message away for good - Sieve vnd.dovecot.environment extension: Added vnd.dovecot.config.* environment items; these environment items map to sieve_env_* settings from the plugin {} section in the configuration (such values can of course also be returned from userdb) - Sieve vacation extension: Use the Microsoft X-Auto-Response-Suppress header to prevent unwanted responses from and to (older) Microsoft products - ManageSieve: Added rawlog_dir setting to store ManageSieve traffic logs; this replaces at least partially the rawlog plugin (mimics similar IMAP/POP3 change) - doveadm sieve plugin: synchronization: Prevent setting file timestamps to unix epoch time, which occurred when Dovecot passed the timestamp as 'unknown' during synchronization - Sieve exprograms plugin: Fixed spurious '+' sometimes returned at the end of socket-based program output - imapsieve plugin: Fixed crash occurring in specific situations - Performed various fixes based on static analysis and Clang warnings - Update old OpenSSL compatibility patch * Fri Oct 28 2016 Paul Howarth - 1:2.2.26-1.0.cf - Update dovecot to 2.2.26 - Cumulative bugfix and enhancement release: see NEWS for details - Add patch to support building on old distributions with OpenSSL < 0.9.8m and hence no SSL_clear_options, and also check for EC_KEY_new when deciding whether or not to build dcrypt as the existing test for EVP_PKEY_CTX_new_id passes on Fedora 12 to 17 and then the build fails due to missing EC support * Mon Aug 1 2016 Paul Howarth - 1:2.2.25-1.1.cf - Update pigeonhole to 0.4.15 - vacation extension: The sieve_user_email setting is now used in the check for implicit delivery - imapsieve plugin: For any mail transaction, the mailbox was opened a second time, even if no mailbox rule matched; this was unintentional, useless and caused problems when the imapsieve plugin was used with other plugins like acl - extprograms plugin: Significantly improved error handling; no stream errors were logged - extprograms plugin: Fixed bug in handling of result code from remote program (script service) - extprograms plugin: Connection to remote program service was not retried - Several small fixes based on static analysis - Fixed handling of quoted string localparts in email addresses * Mon Jul 4 2016 Paul Howarth - 1:2.2.25-1.0.cf - Update dovecot to 2.2.25 - lmtp: Start tracking lmtp_user_concurrency_limit and reject already at RCPT TO stage, which avoids MTA unnecessarily completing DATA only to get an error - doveadm: Previously, only mail settings were read from protocol doveadm { .. } section: now, all settings are - quota: Added quota_over_flag_lazy_check setting, which avoids checking quota_over_flag always at startup; instead, it's checked only when quota is being read for some other purpose - auth: Added a new auth policy service: http://wiki2.dovecot.org/Authentication/Policy - auth: Added PBKDF2 password scheme - auth: Added %%{auth_user}, %%{auth_username} and %%{auth_domain} - auth: Added ":remove" suffix to extra field names to remove them - auth: Added "delay_until=[+]" passdb extra field; the auth will wait until and optionally some randomness and then return success - dict proxy: Added idle_msecs= parameter; support async operations - Performance improvements for handling large mailboxes - Added lib-dcrypt API for providing cryptographic functions - Added "doveadm mailbox update" command - imap commands' output now includes timing spent on the "syncing" stage if it's larger than 0 - cassandra: Added metrics= to connect setting to output internal statistics in JSON format every second to - doveadm mailbox delete: Added -e parameter to delete only empty mailboxes; Added --unsafe option to quickly delete a mailbox, bypassing lazy_expunge and quota plugins - doveadm user and auth cache flush are now available via doveadm-server - doveadm service stop will stop specified services while leaving the rest of Dovecot running - quota optimization: Avoid reading mail sizes for backends that don't need them (count, fs, dirsize) - Added mailbox { autoexpunge_max_mails= } setting - Added welcome plugin: http://wiki2.dovecot.org/Plugins/Welcome - fts: Added fts_autoindex_exclude setting - v2.2.24's MIME parser was assert-crashing on mails having truncated MIME headers - auth: With multiple userdbs the final success/failure result wasn't always correct: the last userdb's result was always used - doveadm backup was sometimes deleting entire mailboxes unnecessarily - doveadm: Command -parameters weren't being sent to doveadm-server - If dovecot.index read failed e.g. because mmap() reached VSZ limit, an empty index could have been opened instead, corrupting the mailbox state - imapc: Fixed EXPUNGE handling when imapc_features didn't have modseq - lazy-expunge: Fixed a crash when copying failed, plus various other fixes - fts-lucene: Fixed crash on index rescan - auth_stats=yes produced broken output - dict-ldap: Various fixes - dict-sql: NULL values crashed; now they're treated as "not found" - Add patch with upstream fixes for compatibility with old distributions - Simplify find commands using -delete - Specify all build requirements * Thu Apr 28 2016 Paul Howarth - 1:2.2.24-1.0.cf - Update dovecot to 2.2.24 - doveconf now warns if it sees a global setting being changed when the same setting was already set inside some filters (a common mistake has been adding more plugins to a global mail_plugins setting after it was already set inside protocol { .. }, which caused the global setting to be ignored for that protocol) - LMTP proxy: Increased default timeout 30s -> 125s, which makes it less likely to reach the timeout and cause duplicate deliveries - LMTP and indexer now append ":suffix" to session IDs to make it unique for the specific user's delivery (fixes duplicate session ID warnings in stats process) - Added dict-ldap for performing read-only LDAP dict lookups - lazy-expunge: All mails can be saved to a single specified mailbox - mailbox { autoexpunge } supports now wildcards in mailbox names - doveadm HTTP API: Added support for proxy commands - imapc: Reconnect when getting disconnected in non-selected state - imapc: Added imapc_features=modseq to access MODSEQs/HIGHESTMODSEQ; this is especially useful for incremental dsync - doveadm auth/user: Auth lookup performs debug logging if -o auth_debug=yes is given to doveadm - Added passdb/userdb { auth_verbose=yes|no } setting - Cassandra: Added user, password, num_threads, connect_timeout and request_timeout settings - doveadm user -e : Print with %%variables expanded - Huge header lines could have caused Dovecot to use too much memory (depending on config and used IMAP commands); typically this would result in only the single user's process dying with out of memory due to reaching service { vsz_limit } - not a global DoS - dsync: Detect and handle invalid/stale -s state string better - dsync: Fixed crash caused by specific mailbox renames - auth: Auth cache is now disabled passwd-file; it was unnecessary and it broke %%variables in extra fields - fts-tika: Don't crash if it returns 500 error - dict-redis: Fixed timeout handling - SEARCH INTHREAD was crashing - stats: Only a single fifo_listeners was supported, making it impossible to use both auth_stats=yes and mail stats plugin - SSL errors were logged in separate "Stacked error" log lines instead of as part of the disconnection reason - MIME body parser didn't handle properly when a child MIME part's --boundary had the same prefix as the parent - Update pigeonhole to 0.4.14 - The address test now allows specifying the X-Original-To header - Implemented the Sieve imapsieve extension and its IMAP counterpart (RFC 6785) as a set of plugins, which allows running Sieve scripts at IMAP activity, rather than at delivery - Adjusted the Sieve ihave extension to allow capability tests to be performed at runtime; this way, scripts can be written that work both at delivery and from IMAP - Implemented support for runtime trace debugging, which works much like the Dovecot rawlog facility - Added a "sieve_user_email" setting that configures the user's primary email address; this is mainly useful to have a user email address available in IMAP, where envelope data is unavailable - Implemented the dovecot-specific "vnd.dovecot.report" extension, which allows sending report messages in the Message Abuse Reporting Format (RFC 5965) - extprograms plugin: Fixed epoll() panic caused by closing the output FD before the output stream - Made sure that the local part of a mail address is encoded properly using quoted string syntax when it is not a dot-atom - Update fallocate64 patch * Thu Mar 31 2016 Paul Howarth - 1:2.2.23-1.0.cf - Update dovecot to 2.2.23 - Various fixes to doveadm; in particular, running commands via doveadm-server was broken - director: Fixed user weakness getting stuck in some situations - director: Fixed a situation where directors keep re-sending different states to each other and never becoming synced - director: Fixed assert-crash related to a slow "user killed" reply - Fixed assert-crash related to istream-concat, which could have been triggered at least by a Sieve script - Update pigeonhole to 0.4.13 - redirect action: Added the list-id header to the duplicate ID for mail loop prevention; this means that the message sent directly to the user and the message coming through the mailing list itself are treated as different messages by the loop detection of the redirect command, even though their Message-ID may be identical - Changed the Sieve number type to uint64_t, which means that Sieve numbers can now technically range up to 2^64; some other Sieve implementation allowed this, making this change necessary for successful migration - Implemented the sieve_implicit_extensions setting; the extensions listed in this setting do not need to be enabled explicitly using the Sieve "require" command (this behavior directly violates the standard, but can be necessary for compatibility with some existing implementations of Sieve - do not use this setting unless you really need to!) - redirect action: Made mail loop detection more robust by forcibly adding a Message-ID header if it is missing - Prevent logging a useless "script not found" error message for LDAP scripts for which the entry exists but no attribute containing a script; this is not necessarily an error - extprograms plugin: Changed the communication channel between parent and child process for a directly forked program from a socketpair to a double pipe; Linux does not support /dev/stdin, /dev/stdout and friends for sockets, which for some shell program authors may be confusing, so that is why it is changed - when using the script service, these device nodes are still not usable though * Wed Mar 16 2016 Paul Howarth - 1:2.2.22-1.0.cf - Update dovecot to 2.2.22 - Added doveadm HTTP API: see http://wiki2.dovecot.org/Design/DoveadmProtocol/HTTP - virtual plugin: Mailbox filtering can now be done based on the mailbox metadata - see http://wiki2.dovecot.org/Plugins/Virtual - stats: Added doveadm stats reset to reset global stats - stats: Added authentication statistics if auth_stats=yes - dsync, imapc, pop3c and pop3-migration: Many optimizations, improvements and error handling fixes - doveadm: Most commands now stop soon after SIGINT/SIGTERM - auth: Auth caching was done too aggressively when %%variables were used in default_fields, override_fields or LDAP pass/user_attrs; userdb result_* were also ignored when user was found from cache - imap: Fixed various assert-crashes caused v2.2.20+; some of them caught actual hangs or otherwise unwanted behavior towards IMAP clients - Expunges were forgotten in some situations, for example when pipelining multiple IMAP MOVE commands - quota: Per-namespaces quota were broken for dict and count backends in v2.2.20+ - fts-solr: Search queries were using OR instead of AND as the separator for multi-token search queries in v2.2.20+ - Single instance storage support wasn't really working in v2.2.16+ - dbox: POP3 message ordering wasn't working correctly - virtual plugin: Fixed crashes related to backend mailbox deletions - Update systemd unit file patches - Use systemd ProtectSystem=full from Fedora 22 onwards * Thu Feb 11 2016 Paul Howarth - 1:2.2.21-4.0.cf - Update pigeonhole to 0.4.12 - Implemented the Sieve extracttext extension (RFC 5703; Section 7); it is now possible to extract body text from a message into a variable - Increased ABI version due to changes in the Sieve interpreter's object definitions - multiscript: Fixed bug in handling of (implicit) keep; final keep action was always executed as though there was a failure, which caused the keep action to revert back to the initial message, int turn causing editheader actions to be ignored - managesieve-login: Fixed proxy to allow SASL mechanisms other than PLAIN; previously, the proxy would fail if the server did not support the PLAIN mechanism - ldap storage: Prevent segfault occurring when assigning certain (global) configuration options * Thu Feb 4 2016 Paul Howarth - 1:2.2.21-3.0.cf - Update pigeonhole to 0.4.11 - Sieve mime extension: Fixed the header :mime :anychild test to work properly outside a foreverypart loop - Several fixes in message body part handling: - Fixed assert failure occurring when text extraction is attempted on an empty or broken text part - Fixed assert failure in handling of body parts that are converted to text - Fixed header unfolding for (mime) headers parsed from any mime part - Fixed trimming for (mime) headers parsed from any mime part - Fixed erroneous changes to the message part tree structure performed when re-parsing the message - LDA Sieve plugin: Fixed logging of actions; sometimes the configured log format was not followed - LDA Sieve plugin: Fixed bug in error handling of script storage initialization - Sieve Extprograms plugin: Ignored ENOTCONN error in shutdown(fd, SHUT_WR) call - Fixed duplication of discard actions in the script result; each discard was counted as a separate action, which means that action limit would be crossed too early - Made sure that quota errors never get logged as errors in syslog - Fixed handling of implicit keep for a partially executed transaction that yielded a temporary failure - Fixed handling of global errors; if master and user error handler were identical, in some cases the log message could be lost - Fixed AIX compile issue in message body parser * Mon Dec 14 2015 Paul Howarth - 1:2.2.21-1.0.cf - Update dovecot to 2.2.21 - doveadm mailbox list (and some others) were broken in v2.2.20 - director: Fixed making backend changes when running with only a single director server - virtual plugin: Fixed crash when trying to open nonexistent autocreated backend mailbox - Update pigeonhole to 0.4.10 - Implemented the Sieve mime and foreverypart extensions (RFC 5703); the interaction with the editheader extension needs some work, but this should not influence most uses, i.e., changes by the editheader extension are not always visible using foreverypart/mime - Sieve body extension: Properly implemented the `:text' body transform; it now extracts text for HTML message parts - Sieve enotify extension: mailto method: Implemented the sieve_notify_mailto_envelope_from setting, which allows configuring the source of the notification sender address for e-mail notifications; this is similar to what already can be configured for redirect - Added a sieve_enabled (defaults to 'yes') setting that allows explicitly disabling Sieve processing for particular users; this used to be possible by setting 'sieve=', but ever since the sieve_before, sieve_after and sieve_default settings were added, this method was no longer reliable - variables extension: Fixed handling of empty string by the ':length' set modifier; an empty string yielded an empty string rather than "0" - Fixed memory leak in the Sieve script byte code dumping facility; extension contexts were never actually freed - Fixed handling of implicit keep when the last Sieve script is a global one; in that case the implicit keep action was executed in global context, which could mean that trivial (quota) errors ended up in the system log file, rather than the user log file - doveadm sieve plugin: Fixed crashes caused by incorrect context allocation in the sieve command implementations * Tue Dec 8 2015 Paul Howarth - 1:2.2.20-1.0.cf - Update dovecot to 2.2.20 - Added mailbox { autoexpunge=