%global __provides_exclude_from %{_docdir}

%global __requires_exclude_from %{_docdir}

## FIXME: lto and annobin breaks build atm, retest after 2021-08

#%global _lto_cflags %nil

#%undefine _annotated_build

Summary: Secure imap and pop3 server

Name: dovecot

Epoch: 1

Version: 2.3.16

%global prever %{nil}

Release: 1%{?dist}

#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2

License: MIT and LGPLv2

URL: https://www.dovecot.org/

Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz

Source1: dovecot.init

Source2: dovecot.pam

%global pigeonholever 0.5.16

Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz

Source9: dovecot.sysconfig

Source10: dovecot.tmpfilesd

#our own

Source14: dovecot.conf.5

# 3x Fedora/RHEL specific

Patch1: dovecot-2.0-defaultconfig.patch

Patch2: dovecot-1.0.beta2-mkcert-permissions.patch

Patch3: dovecot-1.0.rc7-mkcert-paths.patch

#wait for network

Patch6: dovecot-2.1.10-waitonline.patch

Patch8: dovecot-2.2.20-initbysystemd.patch

Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch

Patch10: dovecot-2.3.0.1-libxcrypt.patch

Patch15: dovecot-2.3.11-bigkey.patch

# do not use own implementation of HMAC, use OpenSSL for certification purposes

# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces

# hard to break circular dependency between lib and lib-dcrypt

Patch16: dovecot-2.3.6-opensslhmac.patch

Patch17: dovecot-2.3.14-opensslv3.patch

# FTBFS

Patch18: dovecot-2.3.15-fixvalcond.patch

Patch19: dovecot-2.3.15-valbasherr.patch

Patch20: dovecot-2.3.16-ftbfsbigend.patch

Source15: prestartscript

BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel

BuildRequires: libtool, autoconf, automake, pkgconfig

BuildRequires: sqlite-devel

BuildRequires: libpq-devel

BuildRequires: mariadb-connector-c-devel

BuildRequires: libxcrypt-devel

BuildRequires: openldap-devel

BuildRequires: krb5-devel

BuildRequires: quota-devel

BuildRequires: xz-devel

BuildRequires: lz4-devel

BuildRequires: libzstd-devel

%if %{?rhel}0 == 0

BuildRequires: libsodium-devel

%endif

BuildRequires: libicu-devel

BuildRequires: libexttextcat-devel

BuildRequires: libstemmer-devel

BuildRequires: multilib-rpm-config

BuildRequires: flex, bison

BuildRequires: systemd-devel

# gettext-devel is needed for running autoconf because of the

# presence of AM_ICONV

BuildRequires: gettext-devel

# Explicit Runtime Requirements for executalbe

Requires: openssl >= 0.9.7f-4

# Package includes an initscript service file, needs to require initscripts package

Requires(pre): shadow-utils

Requires: systemd

Requires(post): systemd-units

Requires(preun): systemd-units

Requires(postun): systemd-units

BuildRequires: clucene-core-devel

%global ssldir %{_sysconfdir}/pki/%{name}

BuildRequires: libcurl-devel expat-devel

BuildRequires: make

%global restart_flag /run/%{name}/%{name}-restart-after-rpm-install

%description

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security 

primarily in mind.  It also contains a small POP3 server.  It supports mail 

in either of maildir or mbox formats.

The SQL drivers and authentication plug-ins are in their subpackages.

%package pigeonhole

Requires: %{name} = %{epoch}:%{version}-%{release}

Summary: Sieve and managesieve plug-in for dovecot

License: MIT and LGPLv2

%description pigeonhole

This package provides sieve and managesieve plug-in for dovecot LDA.

%package pgsql

Requires: %{name} = %{epoch}:%{version}-%{release}

Summary: Postgres SQL back end for dovecot

%description pgsql

This package provides the Postgres SQL back end for dovecot-auth etc.

%package mysql

Requires: %{name} = %{epoch}:%{version}-%{release}

Summary: MySQL back end for dovecot

%description mysql

This package provides the MySQL back end for dovecot-auth etc.

%package devel

Requires: %{name} = %{epoch}:%{version}-%{release}

Summary: Development files for dovecot

%description devel

This package provides the development files for dovecot.

%prep

%setup -q -n %{name}-%{version}%{?prever} -a 8

%patch1 -p1 -b .default-settings

%patch2 -p1 -b .mkcert-permissions

%patch3 -p1 -b .mkcert-paths

%patch6 -p1 -b .waitonline

%patch8 -p1 -b .initbysystemd

%patch9 -p1 -b .systemd_w_protectsystem

%patch15 -p1 -b .bigkey

%patch16 -p1 -b .opensslhmac

%patch17 -p1 -b .opensslv3

%patch18 -p1 -b .fixvalcond

%patch19 -p1 -b .valbasherr

%patch20 -p1 -b .ftbfsbigend

cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/

# valgrind would fail with shell wrapper

echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude

#pushd dovecot-2*3-pigeonhole-%{pigeonholever}

#popd

sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in

%build

# This package references hidden symbols during an LTO link.  This needs further

# investigation.  Until then, disable LTO

%define _lto_cflags %{nil}

#required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules

%global _hardened_build 1

export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"

export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"

mkdir -p m4

autoreconf -I . -fiv #required for aarch64 support

%configure                       \

    INSTALL_DATA="install -c -p -m644" \

    --with-rundir=%{_rundir}/%{name}   \

    --with-systemd               \

    --docdir=%{_docdir}/%{name}  \

    --disable-static             \

    --disable-rpath              \

    --with-nss                   \

    --with-shadow                \

    --with-pam                   \

    --with-gssapi=plugin         \

    --with-ldap=plugin           \

    --with-sql=plugin            \

    --with-pgsql                 \

    --with-mysql                 \

    --with-sqlite                \

    --with-zlib                  \

    --with-zstd                  \

    --with-libcap                \

    --with-icu                   \

    --with-lucene                \

    --with-ssl=openssl           \

    --with-ssldir=%{ssldir}      \

    --with-solr                  \

    --with-systemdsystemunitdir=%{_unitdir}  \

    --with-docs

sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf

%make_build

#pigeonhole

pushd dovecot-2*3-pigeonhole-%{pigeonholever}

# required for snapshot

[ -f configure ] || autoreconf -fiv

[ -f ChangeLog ] || echo "Pigeonhole ChangeLog is not available, yet" >ChangeLog

%configure                             \

    INSTALL_DATA="install -c -p -m644" \

    --disable-static                   \

    --with-dovecot=../                 \

    --without-unfinished-features

%make_build

popd

%install

rm -rf $RPM_BUILD_ROOT

%make_install

# move doc dir back to build dir so doc macro in files section can use it

mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall

# fix multilib issues

%multilib_fix_c_header --file %{_includedir}/dovecot/config.h

pushd dovecot-2*3-pigeonhole-%{pigeonholever}

%make_install

mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole

install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole

popd

install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot

#install man pages

install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5

#install waitonline script

install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript

# generate ghost .pem files

mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs

mkdir -p $RPM_BUILD_ROOT%{ssldir}/private

touch $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem

chmod 600 $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem

touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem

chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem

install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf

mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login}

# Install dovecot configuration and dovecot-openssl.cnf

mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d

install -p -m 644 docinstall/example-config/dovecot.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot

install -p -m 644 docinstall/example-config/conf.d/*.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d

install -p -m 644 $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole/example-config/conf.d/*.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d

install -p -m 644 docinstall/example-config/conf.d/*.conf.ext $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d

install -p -m 644 $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole/example-config/conf.d/*.conf.ext $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d ||:

install -p -m 644 doc/dovecot-openssl.cnf $RPM_BUILD_ROOT%{ssldir}/dovecot-openssl.cnf

install -p -m755 doc/mkcert.sh $RPM_BUILD_ROOT%{_libexecdir}/%{name}/mkcert.sh

mkdir -p $RPM_BUILD_ROOT/var/lib/dovecot

#remove the libtool archives

find $RPM_BUILD_ROOT%{_libdir}/%{name}/ -name '*.la' | xargs rm -f

#remove what we don't want

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/README

pushd docinstall

rm -f securecoding.txt thread-refs.txt

popd

%pre

#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid 

getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot

getent passwd dovecot >/dev/null || \

useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot

getent group dovenull >/dev/null || groupadd -r dovenull

getent passwd dovenull >/dev/null || \

useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull

# do not let dovecot run during upgrade rhbz#134325

if [ "$1" = "2" ]; then

  rm -f %restart_flag

  /bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:

  /bin/systemctl stop %{name}.service >/dev/null 2>&1

fi

%post

if [ $1 -eq 1 ]

then

  %systemd_post dovecot.service

fi

install -d -m 0755 -g dovecot -d /run/dovecot

install -d -m 0755 -d /run/dovecot/empty

install -d -m 0750 -g dovenull -d /run/dovecot/login

install -d -m 0750 -g dovenull -d /run/dovecot/token-login

[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot

%preun

if [ $1 = 0 ]; then

        /bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || :

        /bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || :

    rm -rf /run/dovecot

fi

%postun

/bin/systemctl daemon-reload >/dev/null 2>&1 || :

if [ "$1" -ge "1" -a -e %restart_flag ]; then

    /bin/systemctl start dovecot.service >/dev/null 2>&1 || :

rm -f %restart_flag

fi

%posttrans

# dovecot should be started again in %%postun, but it's not executed on reinstall

# if it was already started, restart_flag won't be here, so it's ok to test it again

if [ -e %restart_flag ]; then

    /bin/systemctl start dovecot.service >/dev/null 2>&1 || :

rm -f %restart_flag

fi

%check

make check

cd dovecot-2*3-pigeonhole-%{pigeonholever}

make check

%files

%doc docinstall/* AUTHORS ChangeLog COPYING COPYING.LGPL COPYING.MIT NEWS README

%{_sbindir}/dovecot

%{_bindir}/doveadm

%{_bindir}/doveconf

%{_bindir}/dsync

%{_bindir}/dovecot-sysreport

%_tmpfilesdir/dovecot.conf

%{_unitdir}/dovecot.service

%{_unitdir}/dovecot-init.service

%{_unitdir}/dovecot.socket

%dir %{_sysconfdir}/dovecot

%dir %{_sysconfdir}/dovecot/conf.d

%config(noreplace) %{_sysconfdir}/dovecot/dovecot.conf

#list all so we'll be noticed if upstream changes anything

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-auth.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-director.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-logging.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-mail.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-master.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-metrics.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/10-ssl.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-lda.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/15-mailboxes.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-imap.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-lmtp.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-pop3.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-submission.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-acl.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-quota.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-plugin.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-checkpassword.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-deny.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-dict.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-ldap.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-master.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-passwdfile.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-sql.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-static.conf.ext

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/auth-system.conf.ext

%config(noreplace) %{_sysconfdir}/pam.d/dovecot

%config(noreplace) %{ssldir}/dovecot-openssl.cnf

%dir %{ssldir}

%dir %{ssldir}/certs

%dir %{ssldir}/private

%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/certs/dovecot.pem

%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/private/dovecot.pem

%dir %{_libdir}/dovecot

%dir %{_libdir}/dovecot/auth

%dir %{_libdir}/dovecot/dict

%{_libdir}/dovecot/doveadm

%exclude %{_libdir}/dovecot/doveadm/*sieve*

%{_libdir}/dovecot/*.so.*

#these (*.so files) are plugins, not devel files

%{_libdir}/dovecot/*_plugin.so

%exclude %{_libdir}/dovecot/*_sieve_plugin.so

%{_libdir}/dovecot/auth/lib20_auth_var_expand_crypt.so

%{_libdir}/dovecot/auth/libauthdb_imap.so

%{_libdir}/dovecot/auth/libauthdb_ldap.so

%{_libdir}/dovecot/auth/libmech_gssapi.so

%{_libdir}/dovecot/auth/libdriver_sqlite.so

%{_libdir}/dovecot/dict/libdriver_sqlite.so

%{_libdir}/dovecot/dict/libdict_ldap.so

%{_libdir}/dovecot/libdriver_sqlite.so

%{_libdir}/dovecot/libssl_iostream_openssl.so

%{_libdir}/dovecot/libfs_compress.so

%{_libdir}/dovecot/libfs_crypt.so

%{_libdir}/dovecot/libfs_mail_crypt.so

%{_libdir}/dovecot/libdcrypt_openssl.so

%{_libdir}/dovecot/lib20_var_expand_crypt.so

%{_libdir}/dovecot/old-stats/libold_stats_mail.so

%{_libdir}/dovecot/old-stats/libstats_auth.so

%dir %{_libdir}/dovecot/settings

%{_libexecdir}/%{name}

%exclude %{_libexecdir}/%{name}/managesieve*

%dir %attr(0755,root,dovecot) %ghost /run/dovecot

%attr(0750,root,dovenull) %ghost /run/dovecot/login

%attr(0750,root,dovenull) %ghost /run/dovecot/token-login

%attr(0755,root,root) %ghost /run/dovecot/empty

%attr(0750,dovecot,dovecot) /var/lib/dovecot

%{_datadir}/%{name}

%{_mandir}/man1/deliver.1*

%{_mandir}/man1/doveadm*.1*

%{_mandir}/man1/doveconf.1*

%{_mandir}/man1/dovecot*.1*

%{_mandir}/man1/dsync.1*

%{_mandir}/man5/dovecot.conf.5*

%{_mandir}/man7/doveadm-search-query.7*

%files devel

%{_includedir}/dovecot

%{_datadir}/aclocal/dovecot*.m4

%{_libdir}/dovecot/libdovecot*.so

%{_libdir}/dovecot/dovecot-config

%files pigeonhole

%{_bindir}/sieve-dump

%{_bindir}/sieve-filter

%{_bindir}/sieve-test

%{_bindir}/sievec

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/20-managesieve.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-sieve.conf

%config(noreplace) %{_sysconfdir}/dovecot/conf.d/90-sieve-extprograms.conf

%{_docdir}/%{name}-pigeonhole

%{_libexecdir}/%{name}/managesieve

%{_libexecdir}/%{name}/managesieve-login

%{_libdir}/dovecot/doveadm/*sieve*

%{_libdir}/dovecot/*_sieve_plugin.so

%{_libdir}/dovecot/settings/libmanagesieve_*.so

%{_libdir}/dovecot/settings/libpigeonhole_*.so

%{_libdir}/dovecot/sieve/

%{_mandir}/man1/sieve-dump.1*

%{_mandir}/man1/sieve-filter.1*

%{_mandir}/man1/sieve-test.1*

%{_mandir}/man1/sievec.1*

%{_mandir}/man1/sieved.1*

%{_mandir}/man7/pigeonhole.7*

%files mysql

%{_libdir}/%{name}/libdriver_mysql.so

%{_libdir}/%{name}/auth/libdriver_mysql.so

%{_libdir}/%{name}/dict/libdriver_mysql.so

%files pgsql

%{_libdir}/%{name}/libdriver_pgsql.so

%{_libdir}/%{name}/auth/libdriver_pgsql.so

%{_libdir}/%{name}/dict/libdriver_pgsql.so

%changelog

* Fri Aug 20 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1

- dovecot updated to 2.3.16, pigeonhole to 0.5.16

- fixes several regressions (#1997583)

* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.15-2

- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags

  Related: rhbz#1991688

* Wed Jul 21 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.15-1

- dovecot updated to 2.3.15, pigeonhole updated to 0.5.15

- CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in

  JWT tokens. This may be used to supply attacker controlled keys to

  validate tokens, if attacker has local access (#1979833)

- CVE-2021-33515: On-path attacker could have injected plaintext commands

  before STARTTLS negotiation that would be executed after STARTTLS

  finished with the client

- Add TSLv1.3 support to min_protocols.

* Wed Jul 14 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-5

- fix mail storage block count parsing (#1974281)

* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-4

- Rebuilt for RHEL 9 BETA for openssl 3.0

  Related: rhbz#1971065

* Fri Jun 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-3

- compatibility with openssl 3.0 (#1962035)

* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-2

- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

* Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1

- dovecot updated to 2.3.14, pigeonhole to 0.5.14

- use OpenSSL's implementation of HMAC

- Remove autocreate, expire, snarf and mail-filter plugins.

- Remove cydir storage driver.

- Remove XZ/LZMA write support. Read support will be removed in future release.

* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7

- rebuild for libpq ABI fix rhbz#1908268

* Mon Feb 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-6

- use make macros

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.13-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-4

- fix multilib issues

* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-3

- bump release and rebuild

* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-2

- fix rundir location

* Wed Jan 06 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-1

- fix release number

* Mon Jan 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-0

- dovecot updated to 2.3.13, pigeonhole to 0.5.13

- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to

  allow logged in user to access other people's emails and filesystem

  information.

- Metric filter and global event filter variable syntax changed to a

  SQL-like format. 

- auth: Added new aliases for %{variables}. Usage of the old ones is

  possible, but discouraged.

- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth

  mechanism and related password schemes.

- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.

- auth: Removed postfix postmap socket

* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7

- change run directory from /var/run to /run (#1777922)

* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-6

- use bigger default key size (#1882939)

* Wed Sep 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-5

- fix gssapi issue

* Wed Aug 26 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-4

- fix FTBFS on 32bit systems

* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 1:2.3.11.3-2

- Disable LTO

* Sat Aug 15 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-1

- CVE-2020-12100: Parsing mails with a large number of MIME parts could

  have resulted in excessive CPU usage or a crash due to running out of

  stack memory.

- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check

  message buffer size, which leads to reading past allocation which can

  lead to crash.

- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an

  address that has the empty quoted string as local-part causes the lmtp

  service to crash.

- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts

  zero-length message, which leads to assert-crash later on.

* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-3

- Second attempt - Rebuilt for

  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Mon May 18 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10.1-1

- dovecot updated to 2.3.10.1

- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957

* Tue Apr 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10-1

- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10

* Wed Feb 12 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.3-1

- dovecot updated to 2.3.9.3

- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS

      submission-login and lmtp processes.

- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.

* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.9.2-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Thu Dec 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.2-1

- CVE-2019-19722: Mails with group addresses in From or To fields

  caused crash in push notification drivers.

* Wed Dec 04 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9-1

- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9 

* Thu Oct 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1

- dovecot updated to 2.3.8, pigeonhole 0.5.8

* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.7.2-1

- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2

- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte

  when scanning data in quoted strings, leading to out of bounds heap

  memory writes

* Mon Aug 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:1-2.3.7.1

- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1

* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.6-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Fri May 31 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-3

- disable gcc 9 stack reuse temporarily

* Mon May 13 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-2

- use /run instead of /var/run (#1706372)

* Thu May 02 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-1

- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6

* Thu Apr 18 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.2-1

- dovecot updated to 2.3.5.2

- fixes CVE-2019-10691: Trying to login with 8bit username containing

  invalid UTF8 input causes auth process to crash if auth policy is enabled.

* Thu Mar 28 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.1-1

- dovecot updated to 2.3.5.1

- CVE-2019-7524: Missing input buffer size validation leads into

  arbitrary buffer overflow when reading fts or pop3 uidl header

  from Dovecot index.

* Wed Mar 06 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5-1

- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5

* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.4-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:2.3.4-2

- Rebuilt for libcrypt.so.2 (#1666033)

* Wed Jan 09 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.4-1

- dovecot updated to 2.3.4, pigeonhole updated to 0.5.4

* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.3-1

- dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3

- doveconf hides more secrets now in the default output

- NUL bytes in mail headers can cause truncated replies when fetched. 

- virtual plugin: Some searches used 100% CPU for many seconds 

- dsync assert-crashed with acl plugin in some situations. 

- imapc: Fixed various assert-crashes when reconnecting to server. 

* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-4

- fix dovecot-init service syntax error (#1635017)

* Mon Aug 13 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-3

- do not try to generate ssl-params as its obsolete (#1614640)

* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Tue Jul 10 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-1

- SSL/TLS servers may have crashed during client disconnection

* Mon Jul 09 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2-1

- dovecot updated to 2.3.2, pigeonhole to 0.5.2

* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-2

- fix ftbfs - murmurhash3 check fail

* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-1

- dovecot updated to 2.3.1, pigeonhole updated to 0.5.1

* Tue Mar 27 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-3

- use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520)

* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-2

- add gcc buildrequire

* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-1

- dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1

* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.2.33.2-5

- Escape macros in %%changelog

* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.2.33.2-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:2.2.33.2-3

- Rebuilt for switch to libxcrypt

* Mon Jan 08 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.33.2-2

- remove tcp_wrappers on Fedora 28 and later (#1518761)

- use use mariadb-connector-c-devel instead of mysql-devel on Fedora 28 and later (#1493624)

* Tue Oct 24 2017 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.33.2-1

- dovecot updated to 2.2.33.2

- doveadm: Fix crash in proxying (or dsync replication) if remote is

  running older than v2.2.33

- auth: Fix memory leak in %%{ldap_dn}

- dict-sql: Fix data types to work correctly with Cassandra

* Wed Oct 18 2017 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.33.1-1

- dovecot updated to 2.2.33.1, pigeonhole updated to 

- Added %%{if}, see https://wiki2.dovecot.org/Variables#Conditionals

- sdbox: Mails were always opened when expunging, unless

  mail_attachment_fs was explicitly set to empty.

- lmtp/doveadm proxy: hostip passdb field was ignored, which caused