diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..53aeb1b --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/cassandane-00bfe01.tar.gz +/cassandane-testdata-20170523.tar.gz +/cyrus-imapd-3.0.7.tar.gz diff --git a/CHANGES.rpm b/CHANGES.rpm new file mode 100644 index 0000000..58eabdb --- /dev/null +++ b/CHANGES.rpm @@ -0,0 +1,1111 @@ +* Tue May 17 2016 Jitka Plesnikova - 2.4.18-3 +- Perl 5.24 rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 2.4.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Oct 01 2015 Jason L Tibbitts III - 2.4.18-1 +- Update to 2.4.18, rhbz#1267871 and rhbz#1267878 +- Backport ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0 to fix issues from + http://seclists.org/oss-sec/2015/q3/651 + +* Wed Sep 09 2015 Jason L Tibbitts III - 2.4.17-14 +- Use %%license tag +- Have -devel require the base package +- Minor cleanups + +* Sat Aug 08 2015 Jason L Tibbitts III - 2.4.17-13 +- Remove invalid Patch0: URL. +- Use HTTP for upstream source. +- pod2html was split out of the main perl package, breaking cyrus. + Add a build dep for it. + +* Wed Jul 29 2015 Kevin Fenzi 2.4.17-12 +- Rebuild for new librpm + +* Wed Jun 17 2015 Fedora Release Engineering - 2.4.17-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jun 05 2015 Jitka Plesnikova - 2.4.17-10 +- Perl 5.22 rebuild + +* Wed Aug 27 2014 Jitka Plesnikova - 2.4.17-9 +- Perl 5.20 rebuild + +* Sat Aug 16 2014 Fedora Release Engineering - 2.4.17-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.4.17-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 2.4.17-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Jul 18 2013 Petr Pisar - 2.4.17-5 +- Perl 5.18 rebuild + +* Fri Jul 12 2013 Michal Hlavinka - 2.4.17-4 +- spec clean up + +* Thu Apr 18 2013 Michal Hlavinka - 2.4.17-3 +- make sure binaries are hardened + +* Wed Feb 13 2013 Fedora Release Engineering - 2.4.17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Dec 1 2012 Jeroen van Meeuwen - 2.4.17-1 +- New upstream version, fixes upstream bugs: +- reconstruct doesn't retain internaldate correctly (#3733) +- Race condition in maibox rename (#3696) +- DBERROR db4: Transaction not specified for a transactional database (#3715) +- performance degradation on huge indexes in 2.4 branch (#3717) +- typo fix in imapd.conf man page (#3729) +- quota does not find all quotaroots if quotalegacy, fulldirhash and prefix are used and virtdomains is off (#3735) +- Mail delivered during XFER was lost (#3737) +- replication does not work on RENAME (#3742) +- Failed asserting during APPEND (#3754) + +* Fri Nov 30 2012 Michal Hlavinka - 2.4.16-5 +- do not use strict aliasing + +* Tue Aug 21 2012 Michal Hlavinka - 2.4.16-4 +- use new systemd rpm macros (#850079) + +* Wed Jul 18 2012 Fedora Release Engineering - 2.4.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Petr Pisar - 2.4.16-2 +- Perl 5.16 rebuild + +* Thu Apr 19 2012 Jeroen van Meeuwen - 2.4.16-1 +- New upstream release + +* Wed Apr 18 2012 Jeroen van Meeuwen - 2.4.15-1 +- New upstream release + +* Wed Apr 11 2012 Michal Hlavinka - 2.4.14-2 +- rebuilt because of new libdb + +* Wed Mar 14 2012 Michal Hlavinka - 2.4.14-1 +- updated to 2.4.14 + +* Tue Feb 07 2012 Michal Hlavinka - 2.4.13-3 +- use PraveTmp in systemd unit file + +* Fri Jan 13 2012 Fedora Release Engineering - 2.4.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Jan 02 2012 Jeroen van Meeuwen - 2.4.13-1 +- New upstream release + +* Wed Dec 07 2011 Michal Hlavinka - 2.4.12-5 +- do not use digest-md5 as part of default auth mechanisms, + it does not coop with pam + +* Tue Nov 22 2011 Michal Hlavinka - 2.4.12-4 +- reduce noisy logging, add option to turn on LOG_DEBUG syslog + messages again (thanks Philip Prindeville) (#754940) + +* Mon Oct 24 2011 Michal Hlavinka - 2.4.12-3 +- add login and digest-md5 as part of default auth mechanisms (#748278) + +* Tue Oct 11 2011 Michal Hlavinka - 2.4.12-2 +- do not hide errors if cyrus user can't be added + +* Wed Oct 05 2011 Michal Hlavinka - 2.4.12-1 +- cyrus-imapd updated to 2.4.12 +- fixes incomplete authentication checks in nntpd (Secunia SA46093) + +* Fri Sep 9 2011 Jeroen van Meeuwen - 2.4.11-1 +- update to 2.4.11 +- Fix CVE-2011-3208 (#734926, #736838) + +* Tue Aug 16 2011 Michal Hlavinka - 2.4.10-4 +- rebuild with db5 + +* Thu Jul 21 2011 Petr Sabata - 2.4.10-3 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 2.4.10-2 +- Perl mass rebuild + +* Wed Jul 6 2011 Jeroen van Meeuwen - 2.4.10-1 +- New upstream release + +* Wed Jun 22 2011 Iain Arnell 2.4.8-5 +- Patch to work with Perl 5.14 + +* Mon Jun 20 2011 Marcela Mašláňová - 2.4.8-4 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 2.4.8-3 +- Perl 5.14 mass rebuild + +* Mon May 09 2011 Michal Hlavinka - 2.4.8-2 +- fixed: systemd commands in %%post (thanks Bill Nottingham) + +* Thu Apr 14 2011 Michal Hlavinka - 2.4.8-1 +- cyrus-imapd updated to 2.4.8 +- fixed: cannot set unlimited quota through proxy +- fixed: reconstruct tries to set timestamps again and again +- fixed: response for LIST "" user is wrong +- fixed: THREAD command doesn't support quoted charset +- fixed crashes in mupdatetest and cyr_expire when using -x + +* Mon Apr 04 2011 Michal Hlaivnka - 2.4.7-2 +- now using systemd + +* Thu Mar 31 2011 Michal Hlavinka - 2.4.7-1 +- updated to 2.4.7 + +* Fri Feb 11 2011 Michal Hlavinka - 2.4.6-1 +- updated to 2.4.6 +- "autocreate" and "autosieve" features were removed + +* Tue Feb 08 2011 Fedora Release Engineering - 2.3.16-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jan 21 2011 Michal Hlavinka - 2.3.16-7 +- don't force sync io for all filesystems + +* Fri Jul 09 2010 Michal Hlavinka - 2.3.16-6 +- follow licensing guideline update +- devel sub-package has to have virtual static provides (#609604) + +* Mon Jun 07 2010 Michal Hlavinka - 2.3.16-5 +- spec cleanup +- simplified packaging (merge -perl in -utils) +- remove obsoleted and/or unmaintained additional sources/patches +- remove long time not used files from the cvs/srpm +- update additional sources/patches from their upstream + +* Tue Jun 01 2010 Marcela Maslanova - 2.3.16-4 +- Mass rebuild with perl-5.12.0 + +* Tue Apr 20 2010 Michal Hlavinka - 2.3.16-3 +- add support for QoS marked traffic (#576652) + +* Thu Jan 14 2010 Michal Hlavinka - 2.3.16-2 +- ignore user_denny.db if missing (#553011) +- fix location of certificates in default imapd.conf + +* Tue Dec 22 2009 Michal Hlavinka - 2.3.16-1 +- updated to 2.3.16 + +* Fri Dec 04 2009 Michal Hlavinka - 2.3.15-10 +- fix shell for daily cron job (#544182) + +* Fri Dec 04 2009 Stepan Kasal - 2.3.15-9 +- rebuild against perl 5.10.1 + +* Thu Nov 26 2009 Michal Hlavinka - 2.3.15-8 +- spec cleanup + +* Tue Nov 24 2009 Michal Hlavinka - 2.3.15-7 +- rebuild with new db4 (#540093) +- spec cleanup + +* Fri Nov 06 2009 Michal Hlavinka - 2.3.15-6 +- fix sourcing of /etc/sysconfig/cyrus-imapd (#533320) + +* Thu Nov 05 2009 Michal Hlavinka - 2.3.15-5 +- do not fill logs with mail (de)compression messages (#528093) + +* Thu Oct 29 2009 Michal Hlavinka - 2.3.15-4 +- spec cleanup + +* Fri Oct 09 2009 Michal Hlavinka - 2.3.15-3 +- fix cyrus user shell for db import (#528126) + +* Fri Sep 18 2009 Michal Hlavinka - 2.3.15-2 +- make init script LSB-compliant (#523227) + +* Fri Sep 18 2009 Michal Hlavinka - 2.3.15-1 +- fix buffer overflow in cyrus sieve (CVE-2009-3235) + +* Wed Sep 16 2009 Tomas Mraz - 2.3.14-6 +- use password-auth common PAM configuration instead of system-auth + +* Mon Sep 07 2009 Michal Hlavinka - 2.3.14-5 +- fix buffer overflow in cyrus sieve (#521010) + +* Fri Aug 21 2009 Tomas Mraz - 2.3.14-4 +- rebuilt with new openssl + +* Fri Jul 24 2009 Fedora Release Engineering - 2.3.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon May 25 2009 Michal Hlavinka - 2.3.14-2 +- rebuild because of changed dependencies + +* Thu Apr 02 2009 Michal Hlavinka - 2.3.14-1 +- updated to 2.3.14 + +* Wed Apr 01 2009 Michael Schwendt - 2.3.13-5 +- fix unowned directory (#483336). + +* Tue Feb 24 2009 Fedora Release Engineering - 2.3.13-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 02 2009 Michal Hlavinka - 2.3.13-3 +- fix directory ownership + +* Wed Jan 21 2009 Michal Hlavinka - 2.3.13-2 +- fix: #480138 - assertion failed: libcyr_cfg.c: cyrus_options[opt].opt == opt + +* Tue Jan 13 2009 Michal Hlavinka - 2.3.13-1 +- updated to 2.3.13 + +* Fri Sep 26 2008 Dan Horák - 2.3.11-1 +- update to latest upstream +- (temporarily) dropped the rmquota+deletemailbox patch (doesn't apply) + +* Wed Mar 19 2008 Rex Dieter - 2.3.9-12 +- cyrus-imapd conflicts with uw-imap (#222506) + +* Tue Mar 18 2008 Tom "spot" Callaway - 2.3.9-11 +- add Requires for versioned perl (libperl.so) + +* Wed Feb 20 2008 Fedora Release Engineering - 2.3.9-10 +- Autorebuild for GCC 4.3 + +* Fri Feb 08 2008 Tomas Janousek - 2.3.9-9 +- don't run cronjob if cyrus-imapd has never been started (#418191) + +* Tue Dec 04 2007 Tomas Janousek - 2.3.9-8 +- move certificate creation from -utils postinst to main package +- rebuild with newer openssl and openldap + +* Sun Sep 23 2007 Tomas Janousek - 2.3.9-7 +- updated the getgrouplist patch +- fixed a few undeclared functions (and int to pointer conversions) + +* Wed Aug 22 2007 Tomas Janousek - 2.3.9-6 +- update to latest upstream +- updated all patches from uoa and reenabled rmquota+deletemailbox + +* Thu Aug 16 2007 Tomas Janousek - 2.3.9-5.rc2 +- update to latest upstream beta + +* Tue Aug 14 2007 Tomas Janousek - 2.3.9-4.rc1 +- update to latest upstream beta +- temporarily dropped the rmquota+deletemailbox patch (doesn't apply) +- fixed to compile with newer glibc +- added the getgrouplist patch from RHEL-4, dropped groupcache patch +- dropped the allow_auth_plain patch +- buildrequire perl-devel + +* Mon Jul 23 2007 Tomas Janousek - 2.3.8-3.2 +- removed the lm_sensors-devel dependency, since it's properly required in + net-snmp-devel +- #248984 - cyrus-imapd.logrotate updated for rsyslog + +* Mon Apr 23 2007 Tomas Janousek - 2.3.8-3.1 +- the -devel subpackage no longer requires the main one + +* Wed Apr 11 2007 Tomas Janousek - 2.3.8-3 +- updated the no-bare-nl patch (#235569), thanks to Matthias Hensler + +* Wed Apr 04 2007 Tomas Janousek - 2.3.8-2 +- fixed mboxlist backup rotation (#197054) + +* Mon Mar 12 2007 Tomas Janousek - 2.3.8-1 +- update to latest upstream + +* Wed Jan 24 2007 Tomas Janousek - 2.3.7-8 +- compile with kerberos support + +* Wed Jan 24 2007 Tomas Janousek - 2.3.7-7 +- fixed Makefile typo (caused multiarch conflict) + +* Mon Jan 08 2007 Tomas Janousek - 2.3.7-6 +- #218046: applied patches to compile with db4-4.5 + +* Tue Dec 5 2006 John Dennis - 2.3.7-5 +- Resolves: bug# 218046: Cyrus-imapd in rawhide needs to be rebuilt + against new snmp package + +* Thu Oct 05 2006 Christian Iseli 2.3.7-4 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Mon Sep 18 2006 John Dennis - 2.3.7-3 +- bump rev for rebuild + +* Fri Aug 04 2006 Petr Rockai - 2.3.7-2 +- only buildrequire lm_sensors on i386 and x86_64, since it is not + available elsewhere + +* Sun Jul 23 2006 Petr Rockai - 2.3.7-1 +- update to latest upstream version, fixes a fair amount of issues +- forward-port the autocreate and rmquota patches (used latest + upstream patches, those are for 2.3.3) + +* Tue Jul 18 2006 Petr Rockai - 2.3.1-3 +- install perl modules into vendor_perl instead of site_perl +- change mode of perl .so files to 755 instead of 555 +- update pam configuration to use include directive instead + of deprecated pam_stack +- change prereq on cyrus-imapd-utils to requires + +* Tue Jul 11 2006 Petr Rockai - 2.3.1-2.99.test1 +- address bunch of rpmlint errors and warnings +- rename perl-Cyrus to cyrus-imapd-perl to be consistent with rest + of package (the cyrus modules are not part of cpan) +- added provides on cyrus-nntp and cyrus-murder (the functionality + is part of main package now) +- removed generation of README.buildoptions +- the two above made it possible to get rid of most build-time parameter + guessing from environment +- get rid of internal autoconf (iew) +- don't strip binaries, renders -debuginfo useless... +- remove prereq's in favour of newly added requires(...) + +* Tue Feb 28 2006 John Dennis - 2.3.1-2 +- bring up to Simon Matter's 2.3.1-2 release +- fix bug #173319, require cyrus-sasl-lib instead of cyrus-sasl +- fix bug #176470, hardcoded disttag +- add backend_sigsegv patch +- add replication_policycheck patch + +* Mon Jan 23 2006 Simon Matter 2.3.1-1 +- update to official autocreate and autosievefolder patches + +* Thu Jan 19 2006 Simon Matter 2.3.1-0.18 +- update rpm_set_permissions script +- add snmp support as build time option, disabled by default + because it doesn't build on older distributions + +* Wed Jan 18 2006 Simon Matter 2.3.1-0.15 +- add make_md5 patch + +* Mon Jan 16 2006 Simon Matter 2.3.1-0.13 +- add autosievefolder patch +- add rmquota+deletemailbox patch +- change default path for make_md5, add md5 directory + +* Fri Jan 13 2006 Simon Matter 2.3.1-0.10 +- spec file cleanup +- add more cvt_cyrusdb_all fixes +- fix pre/post scripts +- fix requirements +- add patch to set Invoca RPM config defaults +- add sync directory used for replication +- add autocreate patch + +* Thu Jan 12 2006 Simon Matter 2.3.1-0.8 +- update cvt_cyrusdb_all script +- build db.cfg on the fly + +* Thu Jan 05 2006 Simon Matter 2.3.1-0.5 +- create ptclient directory if ldap enabled + +* Wed Jan 04 2006 Simon Matter 2.3.1-0.4 +- build without ldap support if openldap is linked against SASLv1 + +* Tue Jan 03 2006 Simon Matter 2.3.1-0.3 +- fix ldap support + +* Mon Jan 02 2006 Simon Matter 2.3.1-0.2 +- add openldap-devel to buildprereq, build with ldap support + +* Wed Dec 21 2005 Simon Matter 2.3.1-0.1 +- update to 2.3.1, officially called BETA-quality release + +* Fri Dec 16 2005 Simon Matter 2.3.0-0.4 +- add skiplist.py to contrib/ +- port authid_normalize patch + +* Thu Dec 15 2005 Simon Matter 2.3.0-0.3 +- reintroduce subpackage utils, fix requirements +- move some utils to %%{_bindir}/ + +* Wed Dec 14 2005 Simon Matter 2.3.0-0.2 +- integrate subpackages murder, nntp, replication, utils + +* Tue Dec 13 2005 Simon Matter 2.3.0-0.1 +- update to 2.3.0, officially called BETA-quality release +- add replication subpackage + +* Fri Dec 09 2005 Simon Matter 2.2.12-15.1 +- add missing automake to buildprereq +- change package description + +* Tue Dec 06 2005 Simon Matter 2.2.12-15 +- update cvt_cyrusdb_all script +- update autocreate patches + +* Mon Dec 05 2005 Simon Matter 2.2.12-14 +- update cvt_cyrusdb_all script + +* Mon Nov 14 2005 Simon Matter 2.2.12-13 +- add 64bit quota support backported from 2.3 + +* Fri Nov 11 2005 Simon Matter 2.2.12-12 +- add quickstart/stop option to init script to bypass db import/export +- add authid_normalize patch +- add allow_auth_plain_proxying patch +- update gcc4 patch +- remove useless fdatasync patch +- add private autoconf used for build, remove autoconf dependency +- generate correct docs including man pages +- remove unneeded files from doc directory + +* Fri Nov 04 2005 Simon Matter 2.2.12-11 +- add mupdate thread-safe patch + +* Mon Oct 24 2005 Simon Matter 2.2.12-9.4 +- add spool patch, which is already fixed in CVS + +* Tue Aug 30 2005 Simon Matter 2.2.12-9.2 +- pull in CPPFLAGS and LDFLAGS from openssl's pkg-config data, if it exists + +* Wed Aug 24 2005 Simon Matter 2.2.12-9.1 +- add timsieved_reset_sasl_conn patch + +* Mon Aug 22 2005 Simon Matter 2.2.12-9 +- cosmetic changes in pre and post scripts + +* Fri Aug 19 2005 Simon Matter 2.2.12-8 +- add more pki dir fixes for inplace upgrades + +* Thu Aug 18 2005 Simon Matter 2.2.12-7 +- include requirement for Berkeley DB utils + +* Thu Aug 18 2005 Simon Matter 2.2.12-6 +- fix recovery problems with db4, which do not exist with db3 +- fix logic for handling ssl certs +- remove initlog from init script + +* Wed Aug 17 2005 Simon Matter 2.2.12-5 +- add notifytest to the distribution +- add functionality to convert all berkeley databases to skiplist + on shutdown and convert them back as needed on startup. This should + solve the upgrade problems with Berkeley databases. + +* Tue Aug 16 2005 Simon Matter 2.2.12-4.14 +- add gcc4 patch +- determine and handle pki directory for openssl correctly +- add skiplist recovery docs +- add notify_sms patch + +* Mon Jul 18 2005 Simon Matter 2.2.12-4.10 +- update cvt_cyrusdb_all script +- update autocreate patches + +* Fri Jul 15 2005 Simon Matter 2.2.12-4.9 +- add patch to remove ACLs with invalid identifier +- update cvt_cyrusdb_all script + +* Sat Jun 18 2005 Simon Matter 2.2.12-4.1 +- update munge8bit patch + +* Wed Jun 08 2005 Simon Matter 2.2.12-4 +- updated seenstate patch + +* Thu Jun 02 2005 Simon Matter +- removed nolinkimapspool patch, added singleinstancestore patch instead + +* Thu Jun 02 2005 Simon Matter +- added nolinkimapspool patch +- fix debug_package macro, it was still being expanded, + comments don't hide macro expansion +- change license field to BSD, its not exact BSD, but BSD is the closest + +* Fri Apr 22 2005 John Dennis - 2.2.12-6.fc4 +- the openssl package moved all its certs, CA, Makefile, etc. to /etc/pki + now we are consistent with the openssl directory changes. + +* Thu Apr 21 2005 John Dennis - 2.2.12-5.fc4 +- we finally have a common directory, /etc/pki for certs, so create + /etc/pki/cyrus-imapd and put the ssl pem file there. The /etc/cyrus-imapd + location will not be used, this change supercedes that. + +* Mon Apr 18 2005 John Dennis - 2.2.12-4.fc4 +- fix bug #141479, move ssl pem file from /usr/share/ssl/certs to /etc/cyrus-imapd/cyrus-imapd.pem +- change license field to BSD, its not exact BSD, but BSD is the closest. + +* Fri Apr 15 2005 John Dennis - 2.2.12-3.fc4 +- fix release field to be single digit + +* Fri Apr 15 2005 John Dennis - 2.2.12-1.2.fc4 +- fix debug_package macro, it was still being expanded, + comments don't hide macro expansion +- fix changelog chronological order +- fix bug 118832, cyrus-imapd is modifying /etc/services + +* Mon Apr 4 2005 John Dennis - 2.2.12-1.1.fc4 +- bring up to 2.2.12, includes security fix for CAN-2005-0546 + +* Mon Mar 07 2005 Simon Matter +- updated rmquota+deletemailbox patches + +* Fri Mar 4 2005 John Dennis - 2.2.10-11.4.fc4 +- fix gcc4 build problems + +* Thu Mar 3 2005 John Dennis 2.2.10-11.3.fc4 +- bump rev for build + +* Mon Feb 14 2005 Simon Matter +- updated to 2.2.12 +- updated autocreate and autosievefolder patches + +* Fri Feb 11 2005 John Dennis - 2.2.10-11.2.fc4 +- make _contribdir identical to Simon's, + I had been getting burned by rpm's bizarre handling of macros in comments + +* Thu Feb 10 2005 John Dennis - 2.2.10-11.1.fc4 +- bring up to date with Simon Matter's 2.2.10-11 rpm + +* Sat Feb 05 2005 Simon Matter +- updated autosievefolder patch + +* Tue Feb 01 2005 Simon Matter +- remove special ownership and permissions from deliver +- enable deliver-wrapper per default +- enable OutlookExpress seenstate patch per default + +* Wed Jan 19 2005 Simon Matter +- updated autocreate patch + +* Fri Jan 14 2005 Simon Matter +- spec file cleanup + +* Tue Jan 11 2005 Simon Matter +- updated autocreate patch + +* Fri Jan 07 2005 Simon Matter +- moved contrib dir into doc, made scripts not executable + +* Thu Jan 06 2005 Simon Matter +- added more fixes to the autocreate patch +- don't use %%_libdir for %%_cyrexecdir, it's a mess on x86_64 +- don't use %%_libdir for symlinks +- remove %%_libdir pachtes +- change pam configs to work on x86_64 +- changed default build option for IDLED to on +- changed rpm_set_permissions to honor partitions in /etc/imapd.conf + +* Tue Jan 04 2005 Simon Matter +- updated autocreate patch + +* Mon Dec 20 2004 Simon Matter +- remove idled docs when disabled, fixes RedHat's bug #142345 + +* Fri Dec 17 2004 Simon Matter +- removed allnumeric patch, not needed anymore +- made groupcache a compile time option +- rename nntp's pam service, fixes RedHat's bug #142672 + +* Thu Dec 16 2004 Simon Matter +- updated groupcache patch +- updated cvt_cyrusdb_all to use runuser instead of su if available +- added upd_groupcache tool + +* Wed Dec 15 2004 Simon Matter +- added groupfile patch to help those using nss_ldap + +* Thu Dec 02 2004 Simon Matter +- modified config directives and removed verify options + +* Thu Dec 2 2004 John Dennis 2.2.10-3.devel +- fix bug #141673, dup of bug #141470 + Also make cyrus.conf noreplace in addition to imapd.conf + Remove the verify overrides on the noreplace config files, + we do want config file changes visible when verifying + +* Wed Dec 1 2004 John Dennis 2.2.10-2.devel +- fix bug #141470, make imapd.conf a noreplace config file + +* Wed Dec 1 2004 John Dennis 2.2.10-1.devel +- update to Simon Matter's 2.2.10 RPM, + fixes bug #139382, + security advisories: CAN-2004-1011 CAN-2004-1012 CAN-2004-1013 CAN-2004-1015 + +* Wed Nov 24 2004 Simon Matter +- updated to 2.2.10 + +* Tue Nov 23 2004 Simon Matter +- updated to 2.2.9 + +* Fri Nov 19 2004 Simon Matter +- changed scripts to use runuser instead of su if available + +* Thu Nov 18 2004 Simon Matter +- changed requirement for file >= 3.35-1 from BuildPrereq to + Requires, fixes RedHat's bug #124991 +- added acceptinvalidfrom patch to fix RedHat's bug #137705 + +* Mon Oct 4 2004 Dan Walsh 2.2.6-2.FC3.6 +- Change cyrus init scripts and cron job to use runuser instead of su + +* Fri Aug 6 2004 John Dennis 2.2.6-2.FC3.5 +- remove obsoletes tag, fixes bugs #127448, #129274 + +* Wed Aug 4 2004 John Dennis +- replace commas in release field with dots, bump build number + +* Tue Aug 03 2004 Simon Matter +- fixed symlinks for x86_64, now uses the _libdir macro + reported by John Dennis, fixes RedHat's bug #128964 +- removed obsoletes tag, fixes RedHat's bugs #127448, #129274 + +* Mon Aug 2 2004 John Dennis 2.2.6-2,FC3,3 +- fix bug #128964, lib symlinks wrong on x86_64 + +* Thu Jul 29 2004 Simon Matter +- updated to 2.2.8 + +* Thu Jul 29 2004 Simon Matter +- updated autocreate and autosieve patches +- made authorization a compile time option +- added sieve-bc_eval patch + +* Tue Jul 27 2004 Simon Matter +- updated to 2.2.7 +- modified autocreate patch or 2.2.7 +- removed snmpargs patch which was needed for RedHat 6.2 + +* Tue Jul 13 2004 Simon Matter +- added mboxlist / mboxname patches from CVS + +* Tue Jul 06 2004 Simon Matter +- updated rmquota+deletemailbox patch + +* Sat Jul 3 2004 John Dennis - 2.2.6-2,FC3,1 +- bring up to date with Simon Matter's latest upstream rpm 2.2.6-2 +- comment out illegal tags Packager, Vendor, Distribution + build for FC3 + +* Wed Jun 30 2004 Simon Matter +- added quota patches from CVS + +* Fri Jun 25 2004 Simon Matter +- updated autocreate patch + +* Fri Jun 18 2004 Simon Matter +- updated to 2.2.6 + +* Fri Jun 11 2004 Simon Matter +- updated autocreate and autosieve patches + +* Tue Jun 01 2004 Simon Matter +- updated autocreate, autosieve and rmquota patches +- fixed rmquota patch to build on gcc v3.3.x +- added lmtp_sieve patch + +* Sat May 29 2004 Simon Matter +- updated to 2.2.5 + +* Fri May 28 2004 Simon Matter +- updated to 2.2.5 pre-release + +* Mon May 24 2004 Simon Matter +- added hash patch to fix a sig11 problem +- added noncritical typo patch + +* Fri May 21 2004 Simon Matter +- include OutlookExpress seenstate patch +- fixed allnumeric patch + +* Thu May 20 2004 Simon Matter +- don't enable cyrus-imapd per default +- rename fetchnews to cyrfetchnews to avoid namespace conflicts with leafnode +- replace fetchnews with cyrfetchnews in man pages +- replace master with cyrus-master in man pages + +* Tue May 18 2004 Simon Matter +- updated to 2.2.4 + +* Fri Apr 30 2004 Simon Matter +- Don't provides: imap + +* Wed Mar 17 2004 Simon Matter +- fix init script + +* Thu Mar 04 2004 Simon Matter +- strip binaries + +* Tue Mar 02 2004 Simon Matter +- add more SELinux fixes + +* Wed Feb 25 2004 Simon Matter +- add makedepend to path, thank you Andreas Piesk for reporting it + +* Mon Feb 23 2004 Dan Walsh +- change su within init script to get input from /dev/null + this prevents hang when running in SELinux +- don't use -fpie as default, it breaks different distributions + +* Thu Feb 19 2004 Simon Matter +- merged in most changes from Karsten Hopp's RedHat package +- fixed permissions of files in contrib, thank you + Edward Rudd for reporting it. +- modified snmp patch to make it build on RedHat 6.2 again + +* Tue Feb 03 2004 Karsten Hopp +- switch to Simon Matter's cyrus-imapd package, which has + some major improvements over the old Red Hat package. + - configdirectory moved from /var/imap to /var/lib/imap + - sasl_pwcheck_method changed to saslauthd +- needed to delete package/vendor tags for buildsystem. +- added USEPIE variable for linking with -fpie flag +- removed rpath from linker arguments +- removed email header from README.HOWTO-recover-mailboxes +- added lib64 patch +- use CFLAGS from specfile in imtest subdir +- disable -pie on ppc for now + +* Tue Feb 03 2004 Simon Matter +- added tls_ca_file: to imapd.conf +- updated autocreate patch which fixes a small sig11 problem + +* Thu Jan 29 2004 Simon Matter +- convert sieve scripts to UTF-8 only if sievec failed before +- add note to the readme about limiting loggin on busy servers +- added build time option to chose the syslog facility + +* Wed Jan 28 2004 Simon Matter +- sieve scripts are now converted to UTF-8 with cvt_cyrusdb_all + +* Tue Jan 27 2004 Simon Matter +- fixed problems with masssievec +- lots of small fixes in the init scripts + +* Fri Jan 23 2004 Simon Matter +- updated auto db converting functionality +- added auto masssievec functionality + +* Thu Jan 22 2004 Simon Matter +- updated autocreate/autosievefolder patches + +* Fri Jan 16 2004 Simon Matter +- updated to 2.2.3 + +* Wed Jan 14 2004 Simon Matter +- number of mailbox list dumps can now be configured + +* Fri Jan 02 2004 Simon Matter +- updated autosievefolder patch + +* Thu Dec 18 2003 Simon Matter +- updated autocreate/autosievefolder/rmquota patches + +* Tue Oct 28 2003 Simon Matter +- updated to 2.2.2-BETA + +* Tue Aug 05 2003 Simon Matter +- add sendmail m4 macro, some people were looking for it +- just one source for pam default configuration (they were all the same) +- added /etc/pam.d/lmtp +- added build support for RedHat Beta severn + +* Wed Jul 30 2003 Simon Matter +- updated autocreate patch to 0.8.1 +- removed creation of spool/config dirs, not needed anymore +- added cyrus_sharedbackup to contrib + +* Fri Jul 18 2003 Simon Matter +- modified for 2.2.1-BETA + +* Wed Jul 09 2003 Simon Matter +- modified rpm_set_permissions script + +* Mon Jul 07 2003 Simon Matter +- changed permissions on config and spool dirs +- modified init script + +* Thu Jul 03 2003 Simon Matter +- upgraded to 2.1.14 +- removed now obsolete forcedowncase patch +- use --with-extraident to add extra version information +- updated munge8bit patch + +* Wed Jun 04 2003 Simon Matter +- added RedHat 2.1ES support to the perlhack detection + +* Tue May 20 2003 Simon Matter +- upgraded autocreate patch + +* Fri May 09 2003 Simon Matter +- upgraded autocreate patch +- modified init script + +* Mon May 05 2003 Simon Matter +- upgraded to 2.1.13 +- replaced commands with macros, cleaned up spec file + +* Fri May 02 2003 Simon Matter +- added murder subpackage +- changed exec path to /usr/lib/cyrus-imapd + +* Thu May 01 2003 Simon Matter +- included modified munge8bit patch again + +* Tue Apr 29 2003 Simon Matter +- added new 8bit header patch +- upgraded IPv6 patch +- upgraded autocreate patch to 0.7 + +* Mon Apr 28 2003 Simon Matter +- added new autocreate patch + +* Mon Mar 31 2003 H-E Sandstrom +- added munge8bit patch + +* Mon Mar 24 2003 Simon Matter +- added createonpost fix patch + +* Thu Mar 20 2003 Simon Matter +- added functionality to patch the IPv6 patch on the fly if + autoconf > 2.13, we can now use newer autoconf again. + +* Tue Mar 18 2003 Paul Bender +- fixed spec file so that autoconf 2.13 will always be used, + since the IPv6 patch requires autoconf <= 2.13 + +* Fri Mar 14 2003 Simon Matter +- fixed problems with new file package + +* Thu Mar 13 2003 Simon Matter +- added kerberos include for RedHat Beta phoebe 2 +- added Henrique's forcedowncase patch + +* Mon Mar 03 2003 Simon Matter +- corrected imapd.conf + +* Sat Mar 01 2003 Simon Matter +- added note about lmtp socket in sendmail +- added flock patches + +* Fri Feb 07 2003 Simon Matter +- added build time option for fulldirhash + +* Wed Feb 05 2003 Simon Matter +- added IPV6 patch to source rpm +- fixed build on RedHat 6.2 + +* Tue Feb 04 2003 Simon Matter +- update to 2.1.12 +- added logrotate entry for /var/log/auth.log +- modified init script to use builtin daemon mode + +* Fri Jan 10 2003 Simon Matter +- small change in mboxlist backup script + +* Fri Jan 10 2003 Simon Matter +- fixed a cosmetic bug in cvt_cyrusdb_all +- added cron.daily job to backup mailboxes.db + +* Mon Jan 06 2003 Simon Matter +- add more entries to /etc/services + +* Wed Jan 01 2003 Simon Matter +- include snmpargs patch for build on RedHat 6.2 +- added build support for RedHat 6.2 + +* Mon Dec 30 2002 Simon Matter +- removed autoconf hack, not needed anymore +- enabled build on RedHat Beta Phoebe +- added services entry for lmtp +- cleanup spec file + +* Thu Dec 26 2002 Simon Matter +- removed BuildPrereq for e2fsprogs-devel + +* Thu Dec 12 2002 Simon Matter +- modified RedHat release detection +- added BuildPrereq for file + +* Thu Dec 05 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.11 +- upgrade IPV6 patch to 20021205 + +* Thu Nov 28 2002 Simon Matter +- Fixed some default attributes + +* Thu Nov 28 2002 Troels Arvin +- Explicitly changed files-section to + - use defattr for simple (root-owned 0644) files + - explictly set root as user/group owner where + the user/group ownership was previously indicated + as "-"; this allows building valid packages without + having to being root when building + +* Mon Nov 25 2002 Simon Matter +- changed default build option for IDLED to off +- included some useful info in README.* + +* Thu Nov 21 2002 Simon Matter +- added build time option for IDLED, thank you Roland Pope + +* Tue Nov 19 2002 Simon Matter +- fixed spec to really use fdatasync patch +- added createonpost patch + +* Thu Nov 14 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.10 +- build without IPv6 support by default + +* Tue Nov 12 2002 Simon Matter +- fixed db detection in .spec + +* Mon Oct 21 2002 Simon Matter +- updated cvt_cyrusdb_all script + +* Fri Oct 18 2002 Simon Matter +- added fdatasync patch + +* Thu Oct 03 2002 Simon Matter +- add RPM version 4.1 compatibility, which means remove installed + but not packaged files + +* Wed Sep 18 2002 Simon Matter +- added auto db converting functionality +- changed default for MBOXLIST_DB and SEEN_DB to skiplist + +* Mon Sep 16 2002 Simon Matter +- remove creation of cyrus user at build time +- added scripts from ftp://kalamazoolinux.org/pub/projects/awilliam/cyrus/ + +* Mon Sep 02 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.9 + +* Fri Aug 30 2002 Simon Matter +- included extra ident string + +* Thu Aug 29 2002 Simon Matter +- modified path in deliver-wrapper, thank you Richard L. Phipps +- added RedHat 2.1AS support to the perlhack detection +- added build time option to force syncronous updates on ext3 + +* Wed Aug 28 2002 Simon Matter +- added updated IPv6 patch from Hajimu UMEMOTO + +* Wed Aug 28 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.8 + +* Thu Aug 22 2002 Simon Matter +- included IPv6 patch from Hajimu UMEMOTO + +* Wed Aug 21 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.7 because of wrong version info + +* Wed Aug 21 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.6 + +* Mon Aug 19 2002 Simon Matter +- change db version detection, thank you Chris for reporting + +* Tue Aug 13 2002 Simon Matter +- fixed autoconf detection + +* Mon Aug 12 2002 Simon Matter +- included support for different autoconf versions +- modified the perl build and install process +- made some .spec changes to build on RedHat 7.x and limbo + +* Fri Aug 09 2002 Simon Matter +- included sieve matching patch + +* Thu Jun 27 2002 Simon Matter +- fixed %%post script where %%F was expanded to file.file + +* Wed Jun 26 2002 Simon Matter +- fixed missing man page + +* Tue Jun 25 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.5 + +* Mon Jun 24 2002 Simon Matter +- added compile time parameters to configure the package based on + the idea from Luca Olivetti +- make deliver-wrapper a compile time option + +* Fri May 03 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.4 + +* Mon Apr 22 2002 Simon Matter +- small initscript fix + +* Fri Mar 08 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.3 +- removed some stuff that was cleaned up in the sources +- added compile time options for db backends + +* Wed Mar 06 2002 Simon Matter +- removed requires perl-File-Temp for utils package, it's in the RedHat + perl RPM now + +* Fri Feb 22 2002 Simon Matter +- removed deliverdb/db + +* Wed Feb 20 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.2 + +* Mon Feb 11 2002 Simon Matter +- changed sasl_mech_list: PLAIN in /etc/imapd.conf +- added sieve to /etc/pam.d + +* Fri Feb 08 2002 Simon Matter +- added requires perl-File-Temp for utils package + +* Wed Feb 06 2002 Simon Matter +- added some %%dir flags +- removed /usr/lib/sasl/Cyrus.conf +- added conf templates +- build time option for usage of saslauth group + +* Tue Feb 05 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.1 +- dependency of cyrus-sasl >= 2.1.0-1 + +* Sun Feb 03 2002 Simon Matter +- saslauth group is only deleted on uninstall if there is no other + member in this group + +* Sat Feb 02 2002 Simon Matter +- changed start/stop level in init file + +* Tue Jan 29 2002 Simon Matter +- dependency of cyrus-sasl >= 1.5.24-22 +- dotstuffing patch for sendmail calls made by sieve for outgoing + mails +- patch for ability to force ipurge to traverse personal folders + +* Mon Jan 28 2002 Simon Matter +- minor spec file changes + +* Sat Jan 19 2002 Simon Matter +- changed default auth to pam +- remove several %%dir from %%files sections +- change from /usr/lib/cyrus -> /usr/libexec/cyrus +- rename source files to something like cyrus... +- added rehash tool +- changed to hashed spool + +* Fri Jan 18 2002 Simon Matter +- fixed init script +- fixed %%post section in spec + +* Thu Jan 17 2002 Simon Matter +- ready for first build + +* Wed Jan 09 2002 Simon Matter +- initial package, with help from other packages out there diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/README.rpm b/README.rpm new file mode 100644 index 0000000..1ed8fa0 --- /dev/null +++ b/README.rpm @@ -0,0 +1,34 @@ +--------------- +Cyrus IMAPd RPM +--------------- + +This is a _very_ 'quick and dirty' install howto. + +The following steps should lead you to a running Cyrus IMAP server: + +1) Install on a distribution which is supported by this RPM. Don't install + on a dirty system, where you have previously installed from source. +2) Don't install if you have a previous Cyrus IMAPd installation <=2.1.x on + your box. Upgrading any Invoca rpm based installation should be fine. +3) Make sure you understand that this RPM installs in FHS compliant + directories, like /var/lib/imap and /var/spool/imap +4) Make sure cyrus-sasl is installed. +5) Make sure saslauthd is running. If not, edit /etc/sysconfig/saslauthd as + needed and do 'chkconfig saslauthd on ; service saslauthd start' +6) Install the cyrus-imapd RPMs. +7) If it's your first install of Cyrus IMAPd, then set a password for the + cyrus user in whatever database you are using to authenticate. When + using a local account, this should be 'passwd cyrus'. +8) Make sure your MTA delivers to Cyrus IMAPd, I recommend LMTP for this. +9) Start Cyrus IMAPd with 'service cyrus-imapd start' +10) Run cyradm and create a user. Usually it's something like this: + 'cyradm --user=cyrus --auth=login localhost' +11) If you're using sendmail, be aware that cyrusv2.m4 included in standard + sendmail distribution uses socket /var/imap/socket/lmtp while this rpm + uses /var/lib/imap/socket/lmtp. +12) Check your syslog configuration. This RPM uses the mail facility to log + messages. On busy sites you may want to limit the mail facility to the + info priority with something like 'mail.info /var/log/maillog' in + /etc/syslog.conf. + +Enjoy! diff --git a/cassandane.ini b/cassandane.ini new file mode 100644 index 0000000..bbdb10c --- /dev/null +++ b/cassandane.ini @@ -0,0 +1,56 @@ +# A basic cassandane.ini file for running cassandane as part of the Fedora +# package build process. + +# The idea here is to run tests on the just-compiled version of cyrus-imapd. +# However, many of the build locations are just random temporary directories, and +# so this requires some finesse. + +[cassandane] +rootdir = CASSDIR/work +pwcheck = alwaystrue # This is enabled in Fedora builds +cleanup = no +maxworkers = 1 +base_port = 19100 + +#[valgrind] +#enabled = no + +# The installed copy +[cyrus default] +prefix = /usr +destdir = BUILDROOT +quota = cyr_quota + +# Replication testing disabled +# [cyrus replica] +# [cyrus murder] + +# Don't enable any of the gdb options but leave them here in case someone ever +# needs to do so +#[gdb] +# imapd = yes +# sync_server = yes +# lntpd = yes +# timsieved = yes +# backupd = yes + +[config] +altnamespace = no +unixhierarchysep = no +client_timeout = 60 + +#[caldavtalk] +#basedir = CASSDIR/cassandane/testdata + +[imaptest] +# Cassandane wants this to not be installed. Don't know why. To use it we +# have to make a directory and link things into it. +basedir = imaptest + +# [jmaptester] +# basedir = JMAP-Tester +# The JMAP modules end up needing JSON-Typist (which I could bundle) and CryptX (which is a bit too much to bundle) + +# [caldavtester] +# XXX Would need to include the source in the cyrus package just as cassandane is, and get it built before running tests +# basedir = ... diff --git a/cyrus-imapd-3.0-CVE-2021-33582.patch b/cyrus-imapd-3.0-CVE-2021-33582.patch new file mode 100644 index 0000000..aa5c3ba --- /dev/null +++ b/cyrus-imapd-3.0-CVE-2021-33582.patch @@ -0,0 +1,205 @@ +diff --git a/imap/http_dav.c b/imap/http_dav.c +index 91bbc28b6b..a6fa5c8345 100644 +--- a/imap/http_dav.c ++++ b/imap/http_dav.c +@@ -5494,7 +5494,7 @@ EXPORTED int meth_propfind(struct transaction_t *txn, void *params) + xmlDocPtr indoc = NULL, outdoc = NULL; + xmlNodePtr root, cur = NULL, props = NULL; + xmlNsPtr ns[NUM_NAMESPACE]; +- struct hash_table ns_table = { 0, NULL, NULL }; ++ struct hash_table ns_table = HASH_TABLE_INITIALIZER; + struct propfind_ctx fctx; + struct propfind_entry_list *elist = NULL; + +@@ -7900,7 +7900,7 @@ int meth_report(struct transaction_t *txn, void *params) + xmlNodePtr inroot = NULL, outroot = NULL, cur, prop = NULL, props = NULL; + const struct report_type_t *report = NULL; + xmlNsPtr ns[NUM_NAMESPACE]; +- struct hash_table ns_table = { 0, NULL, NULL }; ++ struct hash_table ns_table = HASH_TABLE_INITIALIZER; + struct propfind_ctx fctx; + struct propfind_entry_list *elist = NULL; + +diff --git a/lib/hash.c b/lib/hash.c +index 9703142c3b..84f2e80d28 100644 +--- a/lib/hash.c ++++ b/lib/hash.c +@@ -43,10 +43,11 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us + assert(table); + assert(size); + +- table->size = size; ++ table->size = size; ++ table->seed = rand(); /* might be zero, that's okay */ + + /* Allocate the table -- different for using memory pools and not */ +- if(use_mpool) { ++ if (use_mpool) { + /* Allocate an initial memory pool for 32 byte keys + the hash table + * + the buckets themselves */ + table->pool = +@@ -72,7 +73,7 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us + + EXPORTED void *hash_insert(const char *key, void *data, hash_table *table) + { +- unsigned val = strhash(key) % table->size; ++ unsigned val = strhash_seeded(table->seed, key) % table->size; + bucket *ptr, *newptr; + bucket **prev; + +@@ -153,9 +154,14 @@ EXPORTED void *hash_insert(const char *key, void *data, hash_table *table) + + EXPORTED void *hash_lookup(const char *key, hash_table *table) + { +- unsigned val = strhash(key) % table->size; ++ unsigned val; + bucket *ptr; + ++ if (!table->size) ++ return NULL; ++ ++ val = strhash_seeded(table->seed, key) % table->size; ++ + if (!(table->table)[val]) + return NULL; + +@@ -178,8 +184,7 @@ EXPORTED void *hash_lookup(const char *key, hash_table *table) + * since it will leak memory until you get rid of the entire hash table */ + EXPORTED void *hash_del(const char *key, hash_table *table) + { +- unsigned val = strhash(key) % table->size; +- void *data; ++ unsigned val = strhash_seeded(table->seed, key) % table->size; + bucket *ptr, *last = NULL; + + if (!(table->table)[val]) +@@ -200,15 +205,10 @@ EXPORTED void *hash_del(const char *key, hash_table *table) + int cmpresult = strcmp(key, ptr->key); + if (!cmpresult) + { ++ void *data = ptr->data; + if (last != NULL ) + { +- data = ptr -> data; + last -> next = ptr -> next; +- if(!table->pool) { +- free(ptr->key); +- free(ptr); +- } +- return data; + } + + /* +@@ -221,15 +221,15 @@ EXPORTED void *hash_del(const char *key, hash_table *table) + + else + { +- data = ptr->data; + (table->table)[val] = ptr->next; +- if(!table->pool) { +- free(ptr->key); +- free(ptr); +- } +- return data; + } +- } else if (cmpresult < 0) { ++ if(!table->pool) { ++ free(ptr->key); ++ free(ptr); ++ } ++ return data; ++ } ++ if (cmpresult < 0) { + /* its not here! */ + return NULL; + } +diff --git a/lib/hash.h b/lib/hash.h +index 8051ac1760..cfa7da1ffa 100644 +--- a/lib/hash.h ++++ b/lib/hash.h +@@ -3,10 +3,11 @@ + #define HASH__H + + #include /* For size_t */ ++#include + #include "mpool.h" + #include "strarray.h" + +-#define HASH_TABLE_INITIALIZER {0, NULL, NULL} ++#define HASH_TABLE_INITIALIZER {0, 0, NULL, NULL} + + /* + ** A hash table consists of an array of these buckets. Each bucket +@@ -32,6 +33,7 @@ typedef struct bucket { + + typedef struct hash_table { + size_t size; ++ uint32_t seed; + bucket **table; + struct mpool *pool; + } hash_table; +diff --git a/lib/strhash.c b/lib/strhash.c +index d7c1741d2a..1b3251db73 100644 +--- a/lib/strhash.c ++++ b/lib/strhash.c +@@ -42,17 +42,32 @@ + + #include "config.h" + +-EXPORTED unsigned strhash(const char *string) ++#include "lib/strhash.h" ++ ++/* The well-known djb2 algorithm (e.g. http://www.cse.yorku.ca/~oz/hash.html), ++ * with the addition of an optional seed to limit predictability. ++ * ++ * XXX return type 'unsigned' for back-compat to previous version, but ++ * XXX ought to be 'uint32_t' ++ */ ++EXPORTED unsigned strhash_seeded_djb2(uint32_t seed, const char *string) + { +- unsigned ret_val = 0; +- int i; ++ const unsigned char *ustr = (const unsigned char *) string; ++ unsigned hash = 5381; ++ int c; + +- while (*string) +- { +- i = (int) *string; +- ret_val ^= i; +- ret_val <<= 1; +- string ++; +- } +- return ret_val; ++ if (seed) { ++ /* treat the bytes of the seed as a prefix to the string */ ++ unsigned i; ++ for (i = 0; i < sizeof seed; i++) { ++ c = seed & 0xff; ++ hash = ((hash << 5) + hash) ^ c; ++ seed >>= 8; ++ } ++ } ++ ++ while ((c = *ustr++)) ++ hash = ((hash << 5) + hash) ^ c; ++ ++ return hash; + } +diff --git a/lib/strhash.h b/lib/strhash.h +index 34533fdffa..27339bb288 100644 +--- a/lib/strhash.h ++++ b/lib/strhash.h +@@ -41,7 +41,11 @@ + */ + + #ifndef _STRHASH_H_ ++#include + +-unsigned strhash(const char *string); ++unsigned strhash_seeded_djb2(uint32_t seed, const char *string); ++ ++#define strhash(in) strhash_seeded_djb2((0), (in)) ++#define strhash_seeded(sd, in) strhash_seeded_djb2((sd), (in)) + + #endif /* _STRHASH_H_ */ diff --git a/cyrus-imapd-CVE-2019-18928.patch b/cyrus-imapd-CVE-2019-18928.patch new file mode 100644 index 0000000..b5f2cb0 --- /dev/null +++ b/cyrus-imapd-CVE-2019-18928.patch @@ -0,0 +1,30 @@ +diff --git a/imap/httpd.c b/imap/httpd.c +index 5dcf38dc4..d2fdeb945 100644 +--- a/imap/httpd.c ++++ b/imap/httpd.c +@@ -1729,6 +1729,25 @@ static int examine_request(struct transaction_t *txn) + txn->auth_chal.scheme = NULL; + } + ++ /* Drop auth credentials, if not a backend in a Murder */ ++ else if (!config_mupdate_server || !config_getstring(IMAPOPT_PROXYSERVERS)) { ++ syslog(LOG_DEBUG, "drop auth creds"); ++ ++ free(httpd_userid); ++ httpd_userid = NULL; ++ ++ free(httpd_extrafolder); ++ httpd_extrafolder = NULL; ++ ++ free(httpd_extradomain); ++ httpd_extradomain = NULL; ++ ++ if (httpd_authstate) { ++ auth_freestate(httpd_authstate); ++ httpd_authstate = NULL; ++ } ++ } ++ + /* Perform proxy authorization, if necessary */ + else if (saslprops.authid && + (hdr = spool_getheader(txn->req_hdrs, "Authorize-As")) && diff --git a/cyrus-imapd-CVE-2019-19783.patch b/cyrus-imapd-CVE-2019-19783.patch new file mode 100644 index 0000000..ff8a626 --- /dev/null +++ b/cyrus-imapd-CVE-2019-19783.patch @@ -0,0 +1,13 @@ +diff --git a/imap/lmtp_sieve.c b/imap/lmtp_sieve.c +index 4c3bbc3..d0abdd3 100644 +--- a/imap/lmtp_sieve.c ++++ b/imap/lmtp_sieve.c +@@ -999,7 +999,7 @@ static int autosieve_createfolder(const char *userid, const struct auth_state *a + if (createsievefolder) { + /* Folder is already in internal namespace format */ + r = mboxlist_createmailbox(internalname, 0, NULL, +- 1, userid, auth_state, 0, 0, 0, 1, NULL); ++ 0, userid, auth_state, 0, 0, 0, 1, NULL); + if (!r) { + mboxlist_changesub(internalname, userid, auth_state, 1, 1, 1); + syslog(LOG_DEBUG, "autosievefolder: User %s, folder %s creation succeeded", diff --git a/cyrus-imapd-close_backup_fd_on_error.patch b/cyrus-imapd-close_backup_fd_on_error.patch new file mode 100644 index 0000000..7169d51 --- /dev/null +++ b/cyrus-imapd-close_backup_fd_on_error.patch @@ -0,0 +1,23 @@ +From 725e1efbd923c6d15ba639e17bfd0baabc619daa Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Mon, 1 Oct 2018 15:55:35 +0200 +Subject: [PATCH] Close file descriptior in case of error + +Make static code analizers happy. +If stat() failed for some reason it may lead backup fd unclosed. +--- + backup/lcb.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/backup/lcb.c b/backup/lcb.c +index 8c4a0e31a..9a04b08f2 100644 +--- a/backup/lcb.c ++++ b/backup/lcb.c +@@ -182,6 +182,7 @@ HIDDEN int backup_real_open(struct backup **backupp, + if (r) { + syslog(LOG_ERR, "IOERROR: (f)stat %s: %m", backup->data_fname); + r = IMAP_IOERROR; ++ close(fd); + goto error; + } + diff --git a/cyrus-imapd-close_backup_on_failure.patch b/cyrus-imapd-close_backup_on_failure.patch new file mode 100644 index 0000000..1639396 --- /dev/null +++ b/cyrus-imapd-close_backup_on_failure.patch @@ -0,0 +1,38 @@ +From 5d00f649b4d2a599905d1b9290c91a769909741d Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Mon, 24 Sep 2018 17:24:48 +0200 +Subject: [PATCH] Close backup on failure. + +Static analizers report this as memory leak issue. +--- + backup/ctl_backups.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/backup/ctl_backups.c b/backup/ctl_backups.c +index 3d817e743..e532eedb7 100644 +--- a/backup/ctl_backups.c ++++ b/backup/ctl_backups.c +@@ -955,6 +955,7 @@ static int lock_run_pipe(const char *userid, const char *fname, + + if (r) { + printf("NO failed (%s)\n", error_message(r)); ++ r = backup_close(&backup); + return EC_SOFTWARE; // FIXME would something else be more appropriate? + } + +@@ -993,6 +994,7 @@ static int lock_run_sqlite(const char *userid, const char *fname, + fprintf(stderr, "unable to lock %s: %s\n", + userid ? userid : fname, + error_message(r)); ++ r = backup_close(&backup); + return EC_SOFTWARE; + } + +@@ -1053,6 +1055,7 @@ static int lock_run_exec(const char *userid, const char *fname, + fprintf(stderr, "unable to lock %s: %s\n", + userid ? userid : fname, + error_message(r)); ++ r = backup_close(&backup); + return EC_SOFTWARE; + } + diff --git a/cyrus-imapd-cve_2019_11356.patch b/cyrus-imapd-cve_2019_11356.patch new file mode 100644 index 0000000..bfb3a48 --- /dev/null +++ b/cyrus-imapd-cve_2019_11356.patch @@ -0,0 +1,26 @@ +diff --git a/imap/httpd.c b/imap/httpd.c +index dc53f8c..24b65e5 100644 +--- a/imap/httpd.c ++++ b/imap/httpd.c +@@ -2202,7 +2202,7 @@ EXPORTED time_t calc_compile_time(const char *time, const char *date) + memset(&tm, 0, sizeof(struct tm)); + tm.tm_isdst = -1; + sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec); +- sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year); ++ sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year); + tm.tm_year -= 1900; + for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) { + if (!strcmp(month, monthname[tm.tm_mon])) break; +diff --git a/imap/ical_support.c b/imap/ical_support.c +index 1d7550a..e1bda50 100644 +--- a/imap/ical_support.c ++++ b/imap/ical_support.c +@@ -458,7 +458,7 @@ const char *get_icalcomponent_errstr(icalcomponent *ical) + + /* Check if this is an empty property error */ + if (sscanf(errstr, +- "No value for %s property", propname) == 1) { ++ "No value for %255s property", propname) == 1) { + /* Empty LOCATION is OK */ + if (!strcasecmp(propname, "LOCATION")) continue; + if (!strcasecmp(propname, "COMMENT")) continue; diff --git a/cyrus-imapd-init.service b/cyrus-imapd-init.service new file mode 100644 index 0000000..07909aa --- /dev/null +++ b/cyrus-imapd-init.service @@ -0,0 +1,12 @@ +[Unit] +Description=One-time configuration for cyrus-imapd + +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd.pem +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-key.pem +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-ca.pem + +[Service] +Type=oneshot +Group=mail +RemainAfterExit=no +ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640 diff --git a/cyrus-imapd-master_rename.patch b/cyrus-imapd-master_rename.patch new file mode 100644 index 0000000..d1a8a28 --- /dev/null +++ b/cyrus-imapd-master_rename.patch @@ -0,0 +1,66 @@ +diff --git a/Cassandane/Instance.pm b/cassandane/Cassandane/Instance.pm +index 1561143..c60396e 100644 +--- a/Cassandane/Instance.pm ++++ b/Cassandane/Instance.pm +@@ -166,7 +166,7 @@ sub get_version + my $cyrus_master; + foreach my $d (qw( bin sbin libexec libexec/cyrus-imapd lib cyrus/bin )) + { +- my $try = "$cyrus_destdir$cyrus_prefix/$d/master"; ++ my $try = "$cyrus_destdir$cyrus_prefix/$d/cyrus-master"; + if (-x $try) { + $cyrus_master = $try; + last; +diff --git a/Cassandane/Instance.pm b/Cassandane/Instance.pm +index c60396e..7b2883a 100644 +--- a/Cassandane/Instance.pm ++++ b/Cassandane/Instance.pm +@@ -546,7 +546,7 @@ sub _pid_file + { + my ($self, $name) = @_; + +- $name ||= 'master'; ++ $name ||= 'cyrus-master'; + + return $self->{basedir} . "/run/$name.pid"; + } +@@ -569,7 +569,7 @@ sub _list_pid_files + closedir(RUNDIR); + + @pidfiles = sort { $a cmp $b } @pidfiles; +- @pidfiles = ( 'master', grep { $_ ne 'master' } @pidfiles ); ++ @pidfiles = ( 'cyrus-master', grep { $_ ne 'cyrus-master' } @pidfiles ); + + return @pidfiles; + } +@@ -877,7 +877,7 @@ sub _start_master + # Now start the master process. + my @cmd = + ( +- 'master', ++ 'cyrus-master', + # The following is added automatically by _fork_command: + # '-C', $self->_imapd_conf(), + '-l', '255', +@@ -886,7 +886,7 @@ sub _start_master + '-M', $self->_master_conf(), + ); + if (get_verbose) { +- my $logfile = $self->{basedir} . '/conf/master.log'; ++ my $logfile = $self->{basedir} . '/conf/cyrus-master.log'; + xlog "_start_master: logging to $logfile"; + push(@cmd, '-L', $logfile); + } +diff --git a/Cassandane/Instance.pm b/Cassandane/Instance.pm +index 7b2883a..0c1e5fb 100644 +--- a/Cassandane/Instance.pm ++++ b/Cassandane/Instance.pm +@@ -1301,7 +1301,7 @@ sub send_sighup + return if ($self->{_stopped}); + xlog "sighup"; + +- my $pid = $self->_read_pid_file('master') or return; ++ my $pid = $self->_read_pid_file('cyrus-master') or return; + kill(SIGHUP, $pid) or die "Can't send signal SIGHUP to pid $pid: $!"; + return 1; + } diff --git a/cyrus-imapd-memory_leak_on_cleanup.patch b/cyrus-imapd-memory_leak_on_cleanup.patch new file mode 100644 index 0000000..d4d944b --- /dev/null +++ b/cyrus-imapd-memory_leak_on_cleanup.patch @@ -0,0 +1,73 @@ +From acfc393638ad1b81a4234173b060bb63907ee52c Mon Sep 17 00:00:00 2001 +From: Pavel Zhukov +Date: Mon, 1 Oct 2018 15:51:01 +0200 +Subject: [PATCH] Replace simple return with cleanup flow + +Make cleanup more consistence to prevent leaks of memory pointed by +filter/base/res +--- + ptclient/ldap.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +diff --git a/ptclient/ldap.c b/ptclient/ldap.c +index 0b82d2c6b..65bae7bd6 100644 +--- a/ptclient/ldap.c ++++ b/ptclient/ldap.c +@@ -1388,13 +1388,14 @@ static int ptsmodule_make_authstate_group( + + if (strncmp(canon_id, "group:", 6)) { // Sanity check + *reply = "not a group identifier"; +- return PTSM_FAIL; ++ rc = PTSM_FAIL; ++ goto done; + } + + rc = ptsmodule_connect(); + if (rc != PTSM_OK) { + *reply = "ptsmodule_connect() failed"; +- return rc; ++ goto done;; + } + + rc = ptsmodule_expand_tokens(ptsm->group_filter, canon_id+6, NULL, &filter); +@@ -1425,17 +1426,19 @@ static int ptsmodule_make_authstate_group( + + if (rc != LDAP_SUCCESS) { + syslog(LOG_DEBUG, "(groups) Result from domain query not OK"); +- return rc; ++ goto done; + } else { + syslog(LOG_DEBUG, "(groups) Result from domain query OK"); + } + + if (ldap_count_entries(ptsm->ld, res) < 1) { + syslog(LOG_ERR, "(groups) No domain %s found", domain); +- return PTSM_FAIL; ++ rc = PTSM_FAIL; ++ goto done; + } else if (ldap_count_entries(ptsm->ld, res) > 1) { + syslog(LOG_ERR, "(groups) Multiple domains %s found", domain); +- return PTSM_FAIL; ++ rc = PTSM_FAIL; ++ goto done; + } else { + syslog(LOG_DEBUG, "(groups) Domain %s found", domain); + if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) { +@@ -1452,7 +1455,7 @@ static int ptsmodule_make_authstate_group( + } + + if (rc != PTSM_OK) { +- return rc; ++ goto done; + } else { + base = xstrdup(ptsm->group_base); + syslog(LOG_DEBUG, "Continuing with ptsm->group_base: %s", ptsm->group_base); +@@ -1462,7 +1465,7 @@ static int ptsmodule_make_authstate_group( + } else { + rc = ptsmodule_expand_tokens(ptsm->group_base, canon_id, NULL, &base); + if (rc != PTSM_OK) +- return rc; ++ goto done; + } + + syslog(LOG_DEBUG, "(groups) about to search %s for %s", base, filter); diff --git a/cyrus-imapd-memory_leak_on_cleanup_2.patch b/cyrus-imapd-memory_leak_on_cleanup_2.patch new file mode 100644 index 0000000..8a5a11d --- /dev/null +++ b/cyrus-imapd-memory_leak_on_cleanup_2.patch @@ -0,0 +1,102 @@ +diff --git a/ptclient/ldap.c b/ptclient/ldap.c +index 7e48879..dafa724 100644 +--- a/ptclient/ldap.c ++++ b/ptclient/ldap.c +@@ -932,7 +932,7 @@ static int ptsmodule_get_dn( + { + rc = ptsmodule_expand_tokens(ptsm->filter, canon_id, NULL, &filter); + if (rc != PTSM_OK) +- return rc; ++ goto done; + + if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) { + syslog(LOG_DEBUG, "Attempting to get domain for %s from %s", canon_id, ptsm->domain_base_dn); +@@ -955,19 +955,23 @@ static int ptsmodule_get_dn( + ldap_unbind(ptsm->ld); + ptsm->ld = NULL; + syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc)); +- return PTSM_RETRY; ++ rc = PTSM_RETRY; ++ goto done; + } + + syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc)); +- return PTSM_FAIL; ++ rc = PTSM_FAIL; ++ goto done; + } + + if (ldap_count_entries(ptsm->ld, res) < 1) { + syslog(LOG_ERR, "No domain %s found", domain); +- return PTSM_FAIL; ++ rc = PTSM_FAIL; ++ goto done; + } else if (ldap_count_entries(ptsm->ld, res) > 1) { + syslog(LOG_ERR, "Multiple domains %s found", domain); +- return PTSM_FAIL; ++ rc = PTSM_FAIL; ++ goto done; + } else { + if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) { + if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_result_attribute)) != NULL) { +@@ -982,7 +986,7 @@ static int ptsmodule_get_dn( + } + + if (rc != PTSM_OK) { +- return rc; ++ goto done; + } else { + base = xstrdup(ptsm->base); + syslog(LOG_DEBUG, "Continuing with ptsm->base: %s", ptsm->base); +@@ -993,23 +997,23 @@ static int ptsmodule_get_dn( + } else { + rc = ptsmodule_expand_tokens(ptsm->base, canon_id, NULL, &base); + if (rc != PTSM_OK) +- return rc; ++ goto done; + } + + rc = ldap_search_st(ptsm->ld, base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res); + + if (rc != LDAP_SUCCESS) { + syslog(LOG_DEBUG, "Searching %s with %s failed", base, base); +- free(filter); +- free(base); + + if (rc == LDAP_SERVER_DOWN) { + ldap_unbind(ptsm->ld); + ptsm->ld = NULL; +- return PTSM_RETRY; ++ rc = PTSM_RETRY; ++ goto done; + } + +- return PTSM_FAIL; ++ rc = PTSM_FAIL; ++ goto done; + } + + free(filter); +@@ -1035,6 +1039,13 @@ static int ptsmodule_get_dn( + } + + return (*ret ? PTSM_OK : PTSM_FAIL); ++ ++ done: ++ if (filter) ++ free(filter); ++ if (base) ++ free(base); ++ return rc; + } + + +@@ -1344,7 +1355,7 @@ static int ptsmodule_make_authstate_group( + rc = ptsmodule_connect(); + if (rc != PTSM_OK) { + *reply = "ptsmodule_connect() failed"; +- goto done;; ++ goto done; + } + + rc = ptsmodule_expand_tokens(ptsm->group_filter, canon_id+6, NULL, &filter); diff --git a/cyrus-imapd-use_system_ciphers.patch b/cyrus-imapd-use_system_ciphers.patch new file mode 100644 index 0000000..0058469 --- /dev/null +++ b/cyrus-imapd-use_system_ciphers.patch @@ -0,0 +1,68 @@ +diff --git a/lib/imapoptions b/lib/imapoptions +index 37f8371..898b943 100644 +--- a/lib/imapoptions ++++ b/lib/imapoptions +@@ -2207,12 +2207,12 @@ product version in the capabilities + { "tls_cert_file", NULL, STRING, "2.5.0", "tls_server_cert" } + /* Deprecated in favor of \fItls_server_cert\fR. */ + +-{ "tls_cipher_list", "DEFAULT", STRING, "2.5.0", "tls_ciphers" } ++{ "tls_cipher_list", "PROFILE=SYSTEM", STRING, "2.5.0", "tls_ciphers" } + /* Deprecated in favor of \fItls_ciphers\fR. */ + +-{ "tls_ciphers", "DEFAULT", STRING } ++{ "tls_ciphers", "PROFILE=SYSTEM", STRING } + /* The list of SSL/TLS ciphers to allow. The format of the string +- (and definition of "DEFAULT") is described in \fBciphers(1)\fR. ++ (and definition of "PROFILE=SYSTEM") is described in \fBciphers(1)\fR. + .PP + See also Mozilla's server-side TLS recommendations: + .PP +diff --git a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt +index c45d94b..495a2c7 100644 +--- a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt ++++ b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt +@@ -4298,7 +4298,7 @@ FIELD DESCRIPTIONS + + .. startblob tls_cipher_list + +- ``tls_cipher_list:`` DEFAULT ++ ``tls_cipher_list:`` PROFILE=SYSTEM + + Deprecated in favor of *tls_ciphers*. + +@@ -4307,10 +4307,10 @@ FIELD DESCRIPTIONS + + .. startblob tls_ciphers + +- ``tls_ciphers:`` DEFAULT ++ ``tls_ciphers:`` PROFILE=SYSTEM + + The list of SSL/TLS ciphers to allow. The format of the string +- (and definition of "DEFAULT") is described in **ciphers(1)**. ++ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**. + + See also Mozilla's server-side TLS recommendations: + +diff --git a/doc/text/imap/reference/manpages/configs/imapd.conf.txt b/doc/text/imap/reference/manpages/configs/imapd.conf.txt +index 1801cd7..7c77154 100644 +--- a/doc/text/imap/reference/manpages/configs/imapd.conf.txt ++++ b/doc/text/imap/reference/manpages/configs/imapd.conf.txt +@@ -2675,14 +2675,14 @@ FIELD DESCRIPTIONS + + Deprecated in favor of *tls_server_cert*. + +- "tls_cipher_list:" DEFAULT ++ "tls_cipher_list:" PROFILE=SYSTEM + + Deprecated in favor of *tls_ciphers*. + +- "tls_ciphers:" DEFAULT ++ "tls_ciphers:" PROFILE=SYSTEM + + The list of SSL/TLS ciphers to allow. The format of the string +- (and definition of "DEFAULT") is described in **ciphers(1)**. ++ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**. + + See also Mozilla's server-side TLS recommendations: + diff --git a/cyrus-imapd.cron-daily b/cyrus-imapd.cron-daily new file mode 100644 index 0000000..ca897c0 --- /dev/null +++ b/cyrus-imapd.cron-daily @@ -0,0 +1,36 @@ +#!/bin/sh +# +# This file is run on a daily basis to perform a backup of your +# mailbox list which can be used to recreate mailboxes.db from backup. +# Restore is done using ctl_mboxlist after uncompressing the file. + +BACKDIR="/var/lib/imap/backup" +MBOXLIST="${BACKDIR}/mboxlist" +ROTATE=6 + +# fallback to su if runuser not available +if [ -x /sbin/runuser ]; then + RUNUSER=runuser +else + RUNUSER=su +fi + +# source custom configuration +if [ -f /etc/sysconfig/cyrus-imapd ]; then + . /etc/sysconfig/cyrus-imapd +fi + +[ -x /usr/sbin/ctl_mboxlist ] || exit 0 +[ -f /var/lib/imap/db/skipstamp ] || exit 0 + +# rotate mailbox lists +seq $[ $ROTATE - 1 ] -1 1 | while read i; do + [ -f ${MBOXLIST}.${i}.gz ] && mv -f ${MBOXLIST}.${i}.gz ${MBOXLIST}.$[ $i + 1 ].gz +done +[ -f ${MBOXLIST}.gz ] && mv -f ${MBOXLIST}.gz ${MBOXLIST}.1.gz + +# export mailboxes.db +$RUNUSER - cyrus -s /bin/sh -c "umask 077 < /dev/null ; /usr/sbin/ctl_mboxlist -d | gzip > ${MBOXLIST}.gz" + +exit 0 +# EOF diff --git a/cyrus-imapd.cvt_cyrusdb_all b/cyrus-imapd.cvt_cyrusdb_all new file mode 100644 index 0000000..5a5227d --- /dev/null +++ b/cyrus-imapd.cvt_cyrusdb_all @@ -0,0 +1,409 @@ +#!/bin/bash + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# This script converts all db files of a cyrus installation from their +# existing format to the format required by the current installation. +# The format of current db files is determined using the 'file' command +# with a magic file added for skiplist db, the new format is read from +# a config file usually in /usr/share/cyrus-imapd/rpm/db.cfg, which is +# created while compiling. After converting, the db.cfg file is +# copied to a cache file usually at /var/lib/imap/rpm/db.cfg.cache to +# allow bypassing this converting script if both files are identical. +# While this is a bit less secure, it may be useful on big server where +# db converting is done automatically. +# +# This script can safely be run as root, it will reexec itself as user +# cyrus if needed. +# +# author: Simon Matter, Invoca Systems + +# changelog +# v1.0.1, Oct 22 2002 Simon Matter +# - added two-step conversion method +# +# v1.0.2, Jan 10 2003 Simon Matter +# - fixed a bug where cvt_cyrusdb was called to convert empty or +# nonexistent files +# +# v1.0.3, Mar 14 2003 Simon Matter +# - fixed a problem with new versions of the file command +# +# v1.0.4 +# - added GPL license +# +# v1.0.5, May 02 2003 Simon Matter +# - modified exec path +# +# v1.0.6, Jul 18 2003 Simon Matter +# - changed db3 to berkeley +# - added new db backends for 2.2 +# +# v1.0.7, Jan 23 2004 Simon Matter +# - included some modifications from Luca Olivetti +# - added masssievec functionality +# +# v1.0.8, Jan 28 2004 Simon Matter +# - convert sieve scripts to UTF-8 before calling masssievec +# +# v1.0.9, Jan 29 2004 Simon Matter +# - convert sieve scripts to UTF-8 only if sievec failed before +# +# v1.0.10, Feb 24 2004 Simon Matter +# - change su within init script to get input from +# /dev/null, this prevents hang when running in SELinux +# +# v1.0.11, Mar 02 2004 Simon Matter +# - fixed SELinux fix +# +# v1.0.12, Dec 16 2004 Simon Matter +# - use runuser instead of su if available +# +# v1.0.13, Jul 15 2005 Simon Matter +# - don't use flat in the two step conversion, use skiplist instead +# +# v1.0.14, Jul 18 2005 Simon Matter +# - replace the order of the magic files in the file call to make +# sure skiplist is detected correctly. +# +# v1.0.15, Aug 17 2005 Simon Matter +# - add functionality to export all berkeley db files to skiplist +# +# v1.1.0, Aug 18 2005 Simon Matter +# - fix export functionality, try to recover Berkeley databases +# as much as possible before any conversion. +# +# v1.1.1, Dec 05 2005 Simon Matter +# - run db_checkpoint in background with a timeout to prevent +# that cyrus-imapd doesn't start at all if it hangs. +# +# v1.1.2, Dec 06 2005 Simon Matter +# - make handling of db_checkpoint more robust +# +# v1.2.0, Jan 12 2006 Simon Matter +# - adopt for cyrus-imapd-2.3 +# +# v1.2.1, Jan 13 2006 Simon Matter +# - code cleanup +# +# v1.2.2, Nov 29 2007 Simon Matter +# - add ability to handle "@include" options in imapd.conf, patch +# provided by Tim Bannister +# +# v1.2.3, Feb 07 2008 Simon Matter +# - add ability to handle tabs in imapd.conf, patch provided +# by Franz Knipp +# - disable default values for some config options like sievedir +# +# v1.2.4, Apr 23 2008 Simon Matter +# - add support for statuscache.db +# +# v1.3.0, Sep 29 2008 Simon Matter +# - add multi-instance support +# +# v1.3.1, Oct 09 2008 Simon Matter +# - improve variable handling +# +# v1.3.2, May 26 2009 Simon Matter +# - add some sanity checks to multi-instance support +# +# v1.3.3, May 27 2009 Simon Matter +# - make some cosmetic changes +# +# v1.3.4, Dec 22 2009 Simon Matter +# - add support for user_deny.db + +VERSION=1.3.4 + +PIDFILE=/var/run/cyrus-master${INSTANCE}.pid + +# instance config +CYRUSCONF=/etc/cyrus${INSTANCE}.conf +IMAPDCONF=/etc/imapd${INSTANCE}.conf + +# make sure what we have is a valid instance +# and that config files are present +if [ -n "$INSTANCE" ]; then + [ -L /etc/rc.d/init.d/${BASENAME} ] || exit 0 +fi +[ -f $CYRUSCONF ] || exit 0 +[ -f $IMAPDCONF ] || exit 0 + +if [ -f $PIDFILE ]; then + read CYRUS_PID < $PIDFILE + if [ -n "$CYRUS_PID" ]; then + if ps -p $CYRUS_PID > /dev/null 2>&1; then + echo "ERROR: cyrus-master is running, unable to convert mailboxes!" + exit 1 + fi + fi +fi + +if [ ! -f $IMAPDCONF ]; then + echo "ERROR: configuration file '${IMAPDCONF}' not found, exiting!" + exit 1 +fi + +# fallback to su if runuser not available +if [ -x /sbin/runuser ]; then + RUNUSER=runuser +else + RUNUSER=su +fi + +# force cyrus user for security reasons +if [ ! $(whoami) = "cyrus" ]; then + exec $RUNUSER - cyrus -c "cd $PWD < /dev/null ; INSTANCE=$INSTANCE $0 $*" +fi + +# special function for migration +EXPORT=$1 + +# files get mode 0600 +umask 166 + +# show version info in log files +echo "cvt_cyrusdb_all version: $VERSION" + +# expand_config +# handle "@include" sections from imapd style config file +expand_config() { + while read line; do + if printf "%s\n" "${line}" | grep -q '^@include:'; then + expand_config "$( printf "%s\n" "${line}" | cut -d : -f 2- | sed -e 's/^[\t ]*//' )" + else + printf "%s\n" "${line}" + fi + done < $1 +} + +# get_config [] +# extracts config option from config file +get_config() { + searchstr=$1 + if config="$(expand_config $IMAPDCONF | egrep "^${searchstr}:")"; then + CFGVAL="$(printf "%s\n" "$config" | cut -d : -f 2- | sed -e 's/^[\t ]*//')" + else + if [ -z "$2" ]; then + echo "ERROR: config option '$1' not found in ${IMAPDCONF}, exiting!" 1>&2 + return 1 + fi + CFGVAL="$2" + fi + echo "get_config ${1}: $CFGVAL" 1>&2 + echo "$CFGVAL" +} + +# where to find files and directories +data_dir=/usr/share/cyrus-imapd/rpm +lib_dir=/usr/lib/cyrus-imapd +system_magic=$(file --version | awk '/magic file/ {print $4}') +cyrus_magic=${data_dir}/magic +cvt_cyrusdb=${lib_dir}/cvt_cyrusdb +sievec=${lib_dir}/sievec +masssievec=${lib_dir}/masssievec +imap_prefix=$(get_config configdirectory) || exit 1 +sieve_dir=$(get_config sievedir) || exit 1 +db_cfg=${data_dir}/db.cfg +db_current=${imap_prefix}/rpm/db.cfg.current +db_cache=${imap_prefix}/rpm/db.cfg.cache + +# source default db backend config +. $db_cfg + +# get configured db backend config +duplicate_db=$(get_config duplicate_db $duplicate_db) || exit 1 +mboxlist_db=$(get_config mboxlist_db $mboxlist_db) || exit 1 +seenstate_db=$(get_config seenstate_db $seenstate_db) || exit 1 +subscription_db=$(get_config subscription_db $subscription_db) || exit 1 +tlscache_db=$(get_config tlscache_db $tlscache_db) || exit 1 +annotation_db=$(get_config annotation_db $annotation_db) || exit 1 +mboxkey_db=$(get_config mboxkey_db $mboxkey_db) || exit 1 +ptscache_db=$(get_config ptscache_db $ptscache_db) || exit 1 +quota_db=$(get_config quota_db $quota_db) || exit 1 +statuscache_db=$(get_config statuscache_db $statuscache_db) || exit 1 +userdeny_db=$(get_config userdeny_db $userdeny_db) || exit 1 + +# remember current db backend config +{ +echo "duplicate_db=${duplicate_db}" +echo "mboxlist_db=${mboxlist_db}" +echo "seenstate_db=${seenstate_db}" +echo "subscription_db=${subscription_db}" +echo "tlscache_db=${tlscache_db}" +echo "annotation_db=${annotation_db}" +echo "mboxkey_db=${mboxkey_db}" +echo "ptscache_db=${ptscache_db}" +echo "quota_db=${quota_db}" +echo "statuscache_db=${statuscache_db}" +echo "userdeny_db=${userdeny_db}" +echo "sieve_version=${sieve_version}" +} | sort > $db_current + +# file_type +file_type() { + this_type=$(file -b -m "${cyrus_magic}:${system_magic}" "$1" 2> /dev/null) + if echo "$this_type" | grep -qi skip > /dev/null 2>&1; then + echo skiplist + elif echo "$this_type" | grep -qi text > /dev/null 2>&1; then + echo flat + else + echo berkeley + fi +} + +# cvt_file +cvt_file() { + target="$1" + new_db="$2" + if [ -s "$target" ]; then + old_db=$(file_type "$target") + if [ ! "$old_db" = "$new_db" ]; then + # The two-step conversion is paranoia against the filenames being encoded + # inside the database or logfiles (berkeley does this, for example). + rm -f "${target}.skiplist" + if [ "$old_db" = "skiplist" ]; then + cp -a "$target" "${target}.skiplist" + else + $cvt_cyrusdb -C $IMAPDCONF "$target" "$old_db" "${target}.skiplist" skiplist + fi + RETVAL=$? + ERRVAL=$(( $ERRVAL + $RETVAL )) + if [ $RETVAL -eq 0 ]; then + rm -f "$target" + if [ -s "${target}.skiplist" ]; then + if [ "$new_db" = "skiplist" ]; then + cp -a "${target}.skiplist" "$target" + else + $cvt_cyrusdb -C $IMAPDCONF "${target}.skiplist" skiplist "$target" "$new_db" + fi + fi + RETVAL=$? + ERRVAL=$(( $ERRVAL + $RETVAL )) + if [ $RETVAL -eq 0 ]; then + rm -f "${target}.skiplist" + else + echo "ERROR: unable to convert ${target}.skiplist from skiplist to $new_db" + fi + else + echo "ERROR: unable to convert $target from $old_db to skiplist" + fi + fi + fi +} + +# cvt_to_utf8 +cvt_to_utf8() { + target="$1" + if [ -s "$target" ]; then + if ! $sievec -C $IMAPDCONF "$target" "${target}.sievec"; then + iconv --from-code=ISO-8859-1 --to-code=UTF-8 --output="${target}.UTF-8" "$target" + if [ -s "${target}.UTF-8" ]; then + # preserve timestamp + touch --reference="${target}" "${target}.UTF-8" + mv -f "${target}.UTF-8" "$target" + else + ERRVAL=$(( $ERRVAL + 1 )) + fi + fi + rm -f "${target}.sievec" + fi +} + +ERRVAL=0 + +# make sure our Berkeley databases are in a sane state +# wait for db_checkpoint to end successfully or kill it after a timeout +db_checkpoint -v -1 -h ${imap_prefix}/db & +DB_CHECK_PID=$! +CNT=0 +while [ $CNT -lt 60 ]; do + if ! kill -0 $DB_CHECK_PID > /dev/null 2>&1; then + break + fi + sleep 1 + let CNT+=1 +done +if kill -0 $DB_CHECK_PID > /dev/null 2>&1; then + kill -USR1 $DB_CHECK_PID > /dev/null 2>&1 + sleep 1 + kill -KILL $DB_CHECK_PID > /dev/null 2>&1 + wait $DB_CHECK_PID > /dev/null 2>&1 +fi + +# do a normal recovery +db_recover -v -h ${imap_prefix}/db +RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # try a catastrophic recovery instead of normal recovery + db_recover -v -c -h ${imap_prefix}/db + RETVAL=$? + ERRVAL=$(( $ERRVAL + $RETVAL )) + if [ $RETVAL -ne 0 ]; then + echo "ERROR: catastrophic recovery of Berkeley databases failed" + fi +fi + +if [ "$EXPORT" = "export" ]; then + # convert all db files to portable format for migration + # TODO: quota_db, we don't touch it for now + cvt_file ${imap_prefix}/deliver.db "skiplist" + cvt_file ${imap_prefix}/mailboxes.db "skiplist" + cvt_file ${imap_prefix}/tls_sessions.db "skiplist" + cvt_file ${imap_prefix}/annotations.db "skiplist" + cvt_file ${imap_prefix}/ptclient/ptscache.db "skiplist" + cvt_file ${imap_prefix}/statuscache.db "skiplist" + cvt_file ${imap_prefix}/user_deny.db "flat" + rm -vf ${imap_prefix}/db/log.* + rm -vf ${imap_prefix}/db/__db.* +else + # always convert db files which have been converted to skiplist + # TODO: quota_db, we don't touch it for now + cvt_file ${imap_prefix}/deliver.db "$duplicate_db" + cvt_file ${imap_prefix}/mailboxes.db "$mboxlist_db" + cvt_file ${imap_prefix}/tls_sessions.db "$tlscache_db" + cvt_file ${imap_prefix}/annotations.db "$annotation_db" + cvt_file ${imap_prefix}/ptclient/ptscache.db "$ptscache_db" + cvt_file ${imap_prefix}/statuscache.db "$statuscache_db" + cvt_file ${imap_prefix}/user_deny.db "$userdeny_db" + # do we have to convert all databases? + if ! cmp -s $db_current $db_cache; then + # we treat sieve scripts the same way like db files + find ${sieve_dir}/ -name "*.script" -type f | while read db_file trash; do + cvt_to_utf8 "$db_file" + done + $masssievec $sievec $IMAPDCONF + # convert all db files left + find ${imap_prefix}/user/ -name "*.seen" -type f | while read db_file trash; do + cvt_file "$db_file" "$seenstate_db" + done + find ${imap_prefix}/user/ -name "*.sub" -type f | while read db_file trash; do + cvt_file "$db_file" "$subscription_db" + done + find ${imap_prefix}/user/ -name "*.mboxkey" -type f | while read db_file trash; do + cvt_file "$db_file" "$mboxkey_db" + done + fi +fi + +# update the config cache file so we can check whether something has changed +if [ $ERRVAL -eq 0 ]; then + mv -f $db_current $db_cache +else + rm -f $db_cache + rm -f $db_current +fi + +exit $ERRVAL diff --git a/cyrus-imapd.logrotate b/cyrus-imapd.logrotate new file mode 100644 index 0000000..2f55827 --- /dev/null +++ b/cyrus-imapd.logrotate @@ -0,0 +1,7 @@ +/var/log/imapd.log /var/log/auth.log { + missingok + sharedscripts + postrotate + /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true + endscript +} diff --git a/cyrus-imapd.magic b/cyrus-imapd.magic new file mode 100644 index 0000000..85831fb --- /dev/null +++ b/cyrus-imapd.magic @@ -0,0 +1,9 @@ +# Magic +# Magic data for file(1) command. +# Format is described in magic(files), where: +# files is 5 on V7 and BSD, 4 on SV, and ?? in the SVID. + +#------------------------------------------------------------------------------ +# skiplist: file(1) magic Cyrus skiplist DB +# +0 string \241\002\213\015skiplist\ file\0\0\0 Cyrus skiplist DB diff --git a/cyrus-imapd.pam-config b/cyrus-imapd.pam-config new file mode 100644 index 0000000..5b9f05f --- /dev/null +++ b/cyrus-imapd.pam-config @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_nologin.so +auth include password-auth +account include password-auth +session include password-auth diff --git a/cyrus-imapd.service b/cyrus-imapd.service new file mode 100644 index 0000000..13891fc --- /dev/null +++ b/cyrus-imapd.service @@ -0,0 +1,21 @@ +[Unit] +Description=Cyrus-imapd IMAP/POP3 email server +After=local-fs.target network.target + +Requires=cyrus-imapd-init.service +After=cyrus-imapd-init.service + +[Service] +Type=simple +EnvironmentFile=/etc/sysconfig/cyrus-imapd +ExecStart=/usr/libexec/cyrus-imapd/cyrus-master $CYRUSOPTIONS +PrivateTmp=true + +# Cyrus may spawn many processes in normal operation. These figures are higher +# than the defaults, but may still need to be tuned for your local +# configuration. +TasksMax=2048 +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target diff --git a/cyrus-imapd.spec b/cyrus-imapd.spec new file mode 100644 index 0000000..40a3718 --- /dev/null +++ b/cyrus-imapd.spec @@ -0,0 +1,950 @@ +%define scmt(l:) %(c=%1; echo ${c:0:%{-l:%{-l*}}%{!-l:7}}) + +# Cassandane commit hash. Cassandane doesn't have releases often, but it +# receives constant development. This was fetched on 20180518. +%global cocas 00bfe0109f80437ed09154aca9fbd53eef8f1b09 + +# Cassandane run by default. '--without cassandane' disables. +%bcond_without cassandane + +Name: cyrus-imapd +Version: 3.0.7 +Release: 23%{?dist} + +%define ssl_pem_file_prefix /etc/pki/%name/%name + +# UID/GID 76 have long been reserved for Cyrus +%define uid 76 +%define gid 76 + +%define cyrususer cyrus +%define cyrusgroup mail +%define cyrexecdir %_libexecdir/%name + +Summary: A high-performance email, contacts and calendar server +License: BSD +URL: http://www.cyrusimap.org/ +Source0: http://www.cyrusimap.org/releases/%name-%version.tar.gz +Source1: CHANGES.rpm + +# Adapt a timeout to handle our slower builders +Patch0: patch-cyrus-testsuite-timeout + +# Upstream https://github.com/cyrusimap/cyrus-imapd/issues/2026 +Patch1: patch-cyrus-managesieve-linking + +# Fedora-specific patch for the default configuration file +Patch2: patch-cyrus-default-configs + +# vzic uses an old makefile that needs hacks to use the proper flags +Patch3: patch-vzic-proper-cflags + +Patch4: cyrus-imapd-close_backup_on_failure.patch +Patch5: cyrus-imapd-memory_leak_on_cleanup.patch +Patch6: cyrus-imapd-memory_leak_on_cleanup_2.patch +Patch7: cyrus-imapd-close_backup_fd_on_error.patch +Patch8: cyrus-imapd-cve_2019_11356.patch +Patch9: cyrus-imapd-CVE-2019-19783.patch +Patch10: cyrus-imapd-CVE-2019-18928.patch +Patch11: cyrus-imapd-use_system_ciphers.patch +Patch12: cyrus-imapd-3.0-CVE-2021-33582.patch + +Source10: cyrus-imapd.logrotate +Source11: cyrus-imapd.pam-config +Source12: cyrus-imapd.sysconfig +Source13: cyrus-imapd.cvt_cyrusdb_all +Source14: cyrus-imapd.magic +# XXX A systemd timer would probably be better +Source15: cyrus-imapd.cron-daily +Source16: README.rpm +Source17: cyrus-imapd.service +Source18: cyrus-imapd-init.service +Source19: cyrus-imapd.tmpfiles.conf + + + +# Source files for running the Cassandane test suite at build time. +Source80: https://github.com/cyrusimap/cassandane/archive/%cocas.tar.gz#/cassandane-%{scmt %cocas}.tar.gz + +# The CPAN version, and hence the Fedora-packaged version, of Net::CalDAVTalk +# doesn't include the testdata directory. Cassandane can use it for testing +# calendaring, so it's included here. +# This archive was generated by running: +# svn export https://github.com/brong/Net-CalDAVTalk/trunk/testdata +# tar cfz cassandane-testdata-20170523.tar.gz testdata +# Note that this changes very rarely. See +# https://github.com/brong/Net-CalDAVTalk/tree/master/testdata +Source81: cassandane-testdata-20170523.tar.gz + +# A template config file for cassandane; we will substitute in varions values. +Source82: cassandane.ini + +# These are source files and not patches because you can't use autosetup to +# apply patches to secondary unpacked source files. + +# Prevent cassandane from trying to syslog things +Source91: patch-cassandane-no-syslog + +# Tell the annotator script to run as the current user/group +# Upstream ticket https://github.com/cyrusimap/cyrus-imapd/issues/1995 +Source92: patch-cassandane-fix-annotator + +Source93: cyrus-imapd-master_rename.patch + +BuildRequires: autoconf automake bison flex gcc gcc-c++ git groff libtool +BuildRequires: pkgconfig systemd transfig + +BuildRequires: perl-devel perl-generators perl(ExtUtils::MakeMaker) +BuildRequires: perl(Pod::Html) + +BuildRequires: CUnit-devel cyrus-sasl-devel glib2-devel +BuildRequires: jansson-devel krb5-devel libical-devel libicu-devel +BuildRequires: libnghttp2-devel libxml2-devel mariadb-devel net-snmp-devel +BuildRequires: openldap-devel openssl-devel postgresql-devel +BuildRequires: sqlite-devel +BuildRequires: xapian-core-devel + +# Miscellaneous modules needed for 'make check' to function: +BuildRequires: cyrus-sasl-plain cyrus-sasl-md5 + +%if %{with cassandane} +# Additional packages required for cassandane to function +BuildRequires: imaptest net-tools words +BuildRequires: perl(AnyEvent) perl(BSD::Resource) perl(Clone) +BuildRequires: perl(experimental) perl(File::chdir) perl(File::Slurp) +BuildRequires: perl(IO::Socket::INET6) perl(Mail::IMAPTalk) +BuildRequires: perl(Config::IniFiles) perl(Mail::JMAPTalk) perl(Math::Int64) +BuildRequires: perl(Net::CalDAVTalk) perl(Net::CardDAVTalk) +BuildRequires: perl(Net::Server) perl(News::NNTPClient) perl(Path::Tiny) +BuildRequires: perl(String::CRC32) perl(Sys::Syslog) +BuildRequires: perl(Test::Unit::TestRunner) perl(Time::HiRes) +BuildRequires: perl(Unix::Syslog) perl(XML::DOM) perl(XML::Generator) + +# For tls tests +BuildRequires: sscg + +# These were only for JMAP-Tester +# perl(Moo), perl(Moose), perl(MooseX::Role::Parameterized) perl(Throwable), perl(Safe::Isa) +%endif + +Requires(pre): shadow-utils +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig +%{?systemd_requires} + +Requires: %name-utils = %version-%release +Recommends: %name-vzic = %version-%release +Requires: file libdb-utils sscg +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: cyrus-imapd = %{version}-%{release} + +%{?perl_default_filter} + +%description +The Cyrus IMAP (Internet Message Access Protocol) server provides access to +personal mail, system-wide bulletin boards, news-feeds, calendar and contacts +through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP +server is a scalable enterprise groupware system designed for use from small to +large enterprise environments using technologies based on well-established Open +Standards. + +A full Cyrus IMAP implementation allows a seamless mail and bulletin board +environment to be set up across one or more nodes. It differs from other IMAP +server implementations in that it is run on sealed nodes, where users are not +normally permitted to log in. The mailbox database is stored in parts of the +filesystem that are private to the Cyrus IMAP system. All user access to mail +is through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV +and/or CardDAV protocols. + +The private mailbox database design gives the Cyrus IMAP server large +advantages in efficiency, scalability, and administratability. Multiple +concurrent read/write connections to the same mailbox are permitted. The server +supports access control lists on mailboxes and storage quotas on mailbox +hierarchies. + + +%package devel +Summary: Cyrus IMAP server development files +Requires: %name%{?_isa} = %version-%release +Requires: pkgconfig + +%description devel +The %name-devel package contains header files and libraries +necessary for developing applications which use the imclient library. + + +%package doc-extra +Summary: Extra documentation for the Cyrus IMAP server +BuildArch: noarch + +%description doc-extra +This package contains the HTML documentation for the Cyrus IMAP server, as well +as some legacy and internal documentation not useful for normal operation of +the server. + + +%package utils +Summary: Cyrus IMAP server administration utilities + +%description utils +The cyrus-imapd-utils package contains administrative tools for the +Cyrus IMAP server. It can be installed on systems other than the +one running the server. + + +%package vzic +Summary: Utilities to convert timezone database files +License: GPLv2+ +Requires: %name = %version-%release +# Contains a lightly forked version of vzic. This seems to have been bundled +# into various other things and it's old, so I'm not sure where the upstream +# is. Here are a couple of possible upstreams: +# https://github.com/libical/vzic +# https://sourceforge.net/projects/vzic/ +# It is probably a good idea to split it out and package it separately, but the +# code here definitely differs from that at the second link above. +Provides: bundled(vzic) = 1.3 + +%description vzic +vzic is a program to convert the Olson timezone database files into VTIMEZONE +files compatible with the iCalendar specification (RFC2445). + +This package contains a forked version of vzic for internal use by the Cyrus +IMAP server. + +# Build dir is either $PWD, $(pwd) or % + +%prep +%autosetup -p1 -S git +echo %version > VERSION + +# Install the Fedora-specific documentation file +install -m 644 %SOURCE1 doc/ +install -m 644 %SOURCE16 doc/ + +# Unpack and prepare cassandane +tar xf %SOURCE80 +ln -s cassandane-%cocas cassandane +pushd cassandane +mkdir work +tar xf %SOURCE81 + +patch -p1 < %SOURCE91 +patch -p1 < %SOURCE92 +patch -p1 < %SOURCE93 + +cp %SOURCE82 cassandane.ini +# RF rpm-buildroot-usage +sed -i \ + -e "s!CASSDIR!$(pwd)!" \ + -e "s!BUILDROOT!%buildroot!" \ + cassandane.ini + +popd + +# Drop expired certificates and generate new ones +pushd cunit +rm -rf *pem +%{_bindir}/sscg --package %{name} --cert-file cert.pem --cert-key-file key.pem --ca-file cacert.pem +popd + +## Modify docs master --> cyrus-master +#%{__perl} -pi -e "s@master\(8\)@cyrus-master(8)@" man/*5 man/*8 lib/imapoptions +#sed -i -e 's|\([^-]\)master|\1cyrus-master|g;s|^master|cyrus-master|g;s|Master|Cyrus-master|g;s|MASTER|CYRUS-MASTER|g' \ +# man/master.8 doc/man.html + + +%build +# This is the test suite, which doesn't build much but does verify its dependencies. +# If this is done after the configure call, the one thing it does build fails +# because the configure macro puts some hardening flags into the environment. +%if %{with cassandane} +pushd cassandane +make +popd +%endif + +# Notes about configure options: +# --enable-objectstore +# It's experimental, and it doesn't appear that either openio or caringo are +# in Fedora. +# --with-cyrus-prefix and --with-service-path went away; use --with-libexecdir= +# instead. + +# Needed because of Patch4. +autoreconf -vi + +%configure \ + --disable-silent-rules \ + \ + --libexecdir=%cyrexecdir \ + --with-extraident="%release Fedora" \ + --with-krbimpl=mit \ + --with-ldap=/usr \ + --with-libwrap=no \ + --with-mysql \ + --with-pgsql \ + --with-perl=%__perl \ + --with-snmp \ + --with-syslogfacility=MAIL \ + \ + --enable-autocreate \ + --enable-backup \ + --enable-calalarmd \ + --enable-http \ + --enable-idled \ + --enable-jmap \ + --enable-murder \ + --enable-nntp \ + --enable-replication \ + --enable-unit-tests \ + --enable-xapian \ +%if 0%{?fedora} && 0%{?fedora} >= 0 + --with-clamav \ +%endif +# + +# The configure script will set up the Perl makefiles, but not in the way +# Fedora needs them. So regenerate them manually. +for i in perl/annotator perl/imap perl/sieve/managesieve; do + pushd $i + rm -f Makefile + perl Makefile.PL INSTALLDIRS=vendor # NO_PERLOCAL=1 NO_PACKLIST=1 + popd +done + +%make_build + +# This isn't built by default, but this package has always installed it. +make notifyd/notifytest + +# Also not built by default, but the tools are needed for serving timezone info +make -C tools/vzic + +# Modify docs master --> cyrus-master +%{__perl} -pi -e "s@master\(8\)@cyrus-master(8)@" man/*5 man/*8 lib/imapoptions +sed -i -e 's|\([^-]\)master|\1cyrus-master|g;s|^master|cyrus-master|g;s|Master|Cyrus-master|g;s|MASTER|CYRUS-MASTER|g' \ + man/master.8 doc/legacy/man.html + +%install +make install DESTDIR=%buildroot + +# Create directories +install -d \ + %buildroot/etc/{rc.d/init.d,logrotate.d,pam.d,sysconfig,cron.daily} \ + %buildroot/%_libdir/sasl \ + %buildroot/var/spool/imap \ + %buildroot/var/lib/imap/{user,quota,proc,log,msg,socket,db,sieve,sync,md5,rpm,backup,meta} \ + %buildroot/var/lib/imap/ptclient \ + %buildroot/%_datadir/%name/rpm \ + %buildroot/%cyrexecdir \ + %buildroot/etc/pki/%name + +install -d -m 0750 \ + %buildroot/run/cyrus \ + %buildroot/run/cyrus/socket + +install -d -m 0700 \ + %buildroot/run/cyrus/db \ + %buildroot/run/cyrus/lock \ + %buildroot/run/cyrus/proc + +# Some tools which aren't installed by the makefile which we have always installed +install -m 755 notifyd/notifytest %buildroot%_bindir/ +install -m 755 perl/imap/cyradm %buildroot%_bindir/ +for i in arbitronsort.pl masssievec mkimap mknewsgroups rehash translatesieve; do + install -m 755 tools/$i %buildroot/%cyrexecdir/ +done + +for i in vzic vzic-test.pl vzic-merge.pl vzic-dump.pl; do + install -m 755 tools/vzic/$i %buildroot/%cyrexecdir/ +done + +# Install additional files +install -p -m 644 %SOURCE10 %buildroot/etc/logrotate.d/%name +install -p -m 644 %SOURCE11 %buildroot/etc/pam.d/pop +install -p -m 644 %SOURCE11 %buildroot/etc/pam.d/imap +install -p -m 644 %SOURCE11 %buildroot/etc/pam.d/sieve +install -p -m 644 %SOURCE11 %buildroot/etc/pam.d/mupdate +install -p -m 644 %SOURCE11 %buildroot/etc/pam.d/lmtp +install -p -m 644 %SOURCE11 %buildroot/etc/pam.d/nntp +install -p -m 644 %SOURCE11 %buildroot/etc/pam.d/csync +install -p -m 644 %SOURCE12 %buildroot/etc/sysconfig/%name +install -p -m 755 %SOURCE13 %buildroot/%cyrexecdir/cvt_cyrusdb_all +install -p -m 644 %SOURCE14 %buildroot/%_datadir/%name/rpm/magic +install -p -m 755 %SOURCE15 %buildroot/etc/cron.daily/%name +install -p -m 644 doc/examples/cyrus_conf/prefork.conf %buildroot/etc/cyrus.conf +install -p -m 644 doc/examples/imapd_conf/normal.conf %buildroot/etc/imapd.conf +install -p -D -m 644 %SOURCE17 %buildroot/%_unitdir/cyrus-imapd.service +install -p -D -m 644 %SOURCE18 %buildroot/%_unitdir/cyrus-imapd-init.service +install -p -D -m 644 %SOURCE19 %buildroot/%_tmpfilesdir/cyrus-imapd.conf + +# Rename 'master' binary and manpage to avoid clash with postfix +mv -f %{buildroot}%{cyrexecdir}/master %{buildroot}%{cyrexecdir}/cyrus-master + +# mv -f %{buildroot}%{_mandir}/man8/master.8 %{buildroot}%{_mandir}/man8/cyrus-master.8 + +# Rename 'fetchnews' binary and manpage to avoid clash with leafnode +#mv -f %{buildroot}%{cyrexecdir}/fetchnews %{buildroot}%{cyrexecdir}/cyrfetchnews +#mv -f %{buildroot}%{_mandir}/man8/fetchnews.8 %{buildroot}%{_mandir}/man8/cyrfetchnews.8 +#%{__perl} -pi -e 's|fetchnews|cyrfetchnews|g;s|Fetchnews|Cyrfetchnews|g;s/FETCHNEWS/CYRFETCHNEWS/g' \ +# %{buildroot}%{_mandir}/man8/cyrfetchnews.8 + +#remove executable bit from docs +for ddir in doc perl/imap/examples +do + find $ddir -type f -exec chmod -x {} \; +done + + +# Cleanup of doc dir +find doc perl -name CVS -type d -prune -exec rm -rf {} \; +find doc perl -name .cvsignore -type f -exec rm -f {} \; +rm -f doc/Makefile.dist* +rm -f doc/text/htmlstrip.c +rm -f doc/text/Makefile +rm -rf doc/man + +# fix permissions on perl .so files +find %buildroot/%_libdir/perl5/ -type f -name "*.so" -exec chmod 755 {} \; + +# Generate db config file +# XXX Is this still necessary? +( grep '^{' lib/imapoptions | grep _db | cut -d'"' -f 2,4 | \ + sed -e 's/^ *//' -e 's/-nosync//' -e 's/ *$//' -e 's/"/=/' + echo sieve_version=2.2.3 ) | sort > %buildroot/%_datadir/%name/rpm/db.cfg + +# Cyrus has various files with extremely conflicting names. Some of these are +# not unexpected ("imapd" itself) but some like "httpd" are rather surprising. + +# Where there are only conflicting manpages, they have been moved to a "8cyrus" +# section. If the binary was renamed, then the manpages are renamed to match +# but a internal replacement has not been done. This may lead to more +# confusion but involves modifying fewer upstream files. + +# Actual binary conflicts +# Rename 'fetchnews' binary and manpage to avoid clash with leafnode +mv %buildroot/%_sbindir/fetchnews %buildroot/%_sbindir/cyr_fetchnews +mv %buildroot/%_mandir/man8/fetchnews.8 %buildroot/%_mandir/man8/cyr_fetchnews.8 + +# Fix conflict with dump +mv %buildroot/%_sbindir/restore %buildroot/%_sbindir/cyr_restore +mv %buildroot/%_mandir/man8/restore.8 %buildroot/%_mandir/man8/cyr_restore.8 + +# Fix conceptual conflict with quota +mv %buildroot/%_sbindir/quota %buildroot/%_sbindir/cyr_quota +mv %buildroot/%_mandir/man8/quota.8 %buildroot/%_mandir/man8/cyr_quota.8 + +# fix conflicts with uw-imap +mv %buildroot/%_mandir/man8/imapd.8 %buildroot/%_mandir/man8/imapd.8cyrus +mv %buildroot/%_mandir/man8/pop3d.8 %buildroot/%_mandir/man8/pop3d.8cyrus + +# Rename 'master' manpage +mv %buildroot/%_mandir/man8/master.8 %buildroot/%_mandir/man8/master.8cyrus + +# Rename 'httpd' manpage to avoid clash with Apache +mv %buildroot/%_mandir/man8/httpd.8 %buildroot/%_mandir/man8/httpd.8cyrus + +# Old cyrus packages used to keep some executables in /usr/lib/cyrus-imapd +# RF hardcoded-library-path in %%buildroot/usr/lib/cyrus-imapd +mkdir %buildroot/usr/lib/cyrus-imapd +pushd %buildroot/usr/lib/cyrus-imapd +ln -s ../../sbin/deliver +popd + +#remove executable bit from docs +for ddir in doc perl/imap/examples +do + find $ddir -type f -exec chmod -x {} \; +done + +# Remove pointless libtool archives +rm %buildroot/%_libdir/*.la + +# Remove installed but not packaged files +rm %buildroot/%cyrexecdir/pop3proxyd +find %buildroot -name "perllocal.pod" -exec rm {} \; +find %buildroot -name ".packlist" -exec rm {} \; + + +%check +## First of all check if imaptest is functional at all +imaptest -h 2>&1 > /dev/null || (echo "Imaptest is not functional" && exit 1) +make %{?_smp_mflags} check || exit 1 + +%ifarch ppc64le %ix86 +exit 0 +%endif + +%if %{without cassandane} +exit 0 +%endif + +# Run the Cassandane test suite. This will exhaustively test the various +# server components, but running it in a mock chroot is rather an exercise. +pushd cassandane + +mkdir -p imaptest/src +ln -s /usr/bin/imaptest imaptest/src +ln -s /usr/share/imaptest/tests imaptest/src + +export LD_LIBRARY_PATH=%buildroot/%_libdir +export CYRUS_USER=$USER + +# Construct the set of excluded tests to pass to Cassandane +# --------------------------------------------------------- +exclude+=("!Master.maxforkrate") # Some builders are too slow to complete this test properly +tests=( + # This is more a test of system performance and according to upstream won't + # be reliable on shared hardware like our builders. + Metronome + + # This tests coredumping and won't work on a machine where systemd + # intercepts coredumps, which includes our builders. + Cassandane::Test::Core + + # Upstream recommends disabling this because it has an internal race and + # will fail randomly. https://github.com/cyrusimap/cassandane/issues/17 + Master.sighup_recycling + + # Fails because our Xapian is too old for proper CJK support. 1.5 will be + # OK, but it is not yet released. The alternative is to bundle. + SearchFuzzy.cjk_words + + # These additionaly fail because Cyrus 3.0.7 no longer enables + # SNIPPET_EMPTY_WITHOUT_MATCH when the Cyrus-patched Xapian is not in use. + # https://github.com/cyrusimap/cyrus-imapd/commit/f008060cb53b3286fcedf7b8b4dd12c1980d665f + SearchFuzzy.normalize_snippets + SearchFuzzy.snippet_wildcard + SearchFuzzy.snippets_termcover + SearchFuzzy.snippets_escapehtml + SearchFuzzy.stem_verbs + + # As of yet unexplained + # https://github.com/cyrusimap/cyrus-imapd/issues/2047 + Admin.imap_admins + + # Upstream on IRC indicates that these two are expected to fail on 3.0. + Carddav.sharing_contactpaths + Metadata.set_specialuse_twice + + # This one needs a patch to xapian. + # https://github.com/cyrusimap/cyrus-imapd/issues/2348 + SearchFuzzy.search_subjectsnippet + + # this one is not working on builder machines + Conversations.xconvfetch +) +for i in ${tests[@]}; do exclude+=("!$i"); done + +%if 0%{?fedora} <= 28 +# imaptest on F28 has bugs which make some additional tests fail +tests=( + # Three new failures with imaptest 20170719 + # https://github.com/cyrusimap/cyrus-imapd/issues/2087 + ImapTest.append-binary + ImapTest.fetch-binary-mime + ImapTest.urlauth-binary + + # This one seems to fail randomly. + ImapTest.urlauth2 +) +for i in ${tests[@]}; do exclude+=("!$i"); done +%endif + +%if 0%{?fedora} <= 26 +# Some F26-specific test exclusions +tests=( + # These all fail because F26 perl doesn't support quad types in unpack. + Metadata.expunge_messages + Metadata.msg_replication_new_mas_partial_wwd + Metadata.msg_replication_new_rep + Metadata.msg_replication_new_mas + Metadata.msg_replication_exp_bot + Metadata.msg_replication_new_mas_partial_wwsw + Metadata.msg_replication_exp_mas + Metadata.msg_replication_mod_mas + Metadata.msg_replication_exp_rep + Metadata.msg_replication_mod_bot_msl + Metadata.msg_replication_new_bot_mse_gul + Metadata.msg_replication_mod_bot_msh + Metadata.msg_replication_new_bot_mse_guh + Metadata.msg_replication_mod_rep +) +for i in ${tests[@]}; do exclude+=("!$i"); done +%endif + +# Add -vvv for too much output +./testrunner.pl %{?_smp_mflags} -v -f pretty ${exclude[@]} 2>&1 + + +%pre +# Create 'cyrus' user on target host +getent group saslauth >/dev/null || /usr/sbin/groupadd -g %gid -r saslauth +getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /var/lib/imap -g %cyrusgroup \ + -G saslauth -s /sbin/nologin -u %uid -r %cyrususer + +%post +/sbin/ldconfig +%systemd_post cyrus-imapd.service + +%preun +%systemd_preun cyrus-imapd.service + +%postun +/sbin/ldconfig +%systemd_postun_with_restart cyrus-imapd.service + + +%files +%license COPYING +%doc README.md doc/README.* doc/examples doc/text doc/CHANGES.rpm + +%_datadir/cyrus-imapd +%_libdir/libcyrus*.so.* +%_mandir/man5/* +%_mandir/man8/* + +%dir /etc/pki/cyrus-imapd +%attr(0644,root,%cyrusgroup) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %ssl_pem_file_prefix-ca.pem +%attr(0644,root,%cyrusgroup) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %ssl_pem_file_prefix.pem +%attr(0640,root,%cyrusgroup) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %ssl_pem_file_prefix-key.pem + +%config(noreplace) /etc/cyrus.conf +%config(noreplace) /etc/imapd.conf +%config(noreplace) /etc/logrotate.d/cyrus-imapd +%config(noreplace) /etc/sysconfig/cyrus-imapd +%config(noreplace) /etc/pam.d/* + +/etc/cron.daily/cyrus-imapd +%_unitdir/cyrus-imapd.service +%_unitdir/cyrus-imapd-init.service +%_tmpfilesdir/cyrus-imapd.conf + +%dir %cyrexecdir/ +%cyrexecdir/[a-uw-z]* + +# This creates some directories which in the default configuration cyrus will +# never use because they are placed under /run instead. However, old +# configurations or setup advice from the 'net might reference them, and so +# it's simpler to just leave them in the package. +%attr(0750,%cyrususer,%cyrusgroup) %dir /var/lib/imap/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/backup/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/db/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/log/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/meta/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/md5/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/msg/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/proc/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/ptclient/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/quota/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/rpm/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/sieve/ +%attr(0750,%cyrususer,%cyrusgroup) /var/lib/imap/socket +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/sync/ +%attr(0700,%cyrususer,%cyrusgroup) /var/lib/imap/user/ +%attr(0700,%cyrususer,%cyrusgroup) /var/spool/imap/ + +# The new locations +%attr(0750,%cyrususer,%cyrusgroup) %dir /run/cyrus/ +%attr(0700,%cyrususer,%cyrusgroup) /run/cyrus/db/ +%attr(0700,%cyrususer,%cyrusgroup) /run/cyrus/lock/ +%attr(0700,%cyrususer,%cyrusgroup) /run/cyrus/proc/ +%attr(0750,%cyrususer,%cyrusgroup) /run/cyrus/socket/ + + +%files devel +%_includedir/cyrus/ +%_libdir/libcyrus*.so +%_libdir/pkgconfig/*.pc +%_mandir/man3/imclient.3* + + +%files doc-extra +%doc doc/html doc/internal doc/legacy + + +%files utils +%license COPYING +%doc perl/imap/README +%doc perl/imap/Changes +%doc perl/imap/examples +%{_bindir}/* +%{_sbindir}/* +%{perl_vendorarch}/auto/Cyrus +%{perl_vendorarch}/Cyrus +%{perl_vendorlib}/Cyrus +%{_mandir}/man3/*.3pm* +%{_mandir}/man1/* +# RF hardcoded-library-path in /usr/lib/cyrus-imapd +/usr/lib/cyrus-imapd + + +%files vzic +%cyrexecdir/vzic* + + +%changelog +* Wed Sep 01 2021 Tomas Korbar - 3.0.7-23 +- Fix CVE-2021-33582 +- Also disable unstable test +- Resolves: CVE-2021-33582 + +* Thu May 27 2021 Pavel Zhukov - 3.0.7-22 +- rebuild with xapian support + +* Fri Nov 6 2020 Pavel Zhukov - 3.0.7-20 +- Use PROFILE=SYSTEM as default configuration for tls_ciphers + +* Thu Apr 23 2020 Pavel Zhukov - 3.0.7-19 +- change ownership of pki files (#1710722) + +* Thu Apr 23 2020 Pavel Zhukov - 3.0.7-18 +- Move old changelog into separate file (#1671239) + +* Tue Apr 21 2020 Pavel Zhukov - 3.0.7-17 +- Add fix for CVE-2019-19783 +- Add fix for CVE-2019-18928 + +* Fri Jun 7 2019 Pavel Zhukov - 3.0.7-16 +- Resolves: #1718195 - don't overrun buffer when parsing strings with sscanf() + +* Mon Oct 8 2018 Pavel Zhukov - 3.0.7-15 +- Related: #1602472 - Fix rpmdiff warnings + +* Mon Oct 8 2018 Pavel Zhukov - 3.0.7-14 +- Related: #1602472 - Fix misused syntax warning + +* Tue Oct 2 2018 Pavel Zhukov - 3.0.7-13 +- Related: #1602472 - Fix few covscan warnings + +* Sun Aug 12 2018 Pavel Zhukov - 3.0.7-12 +- Rename master -> cyrus-master in documentation + +* Thu Aug 9 2018 Josef Ridky - 3.0.7-11 +- Rebuild for Net-SNMP + +* Wed Aug 8 2018 Pavel Zhukov - 3.0.7-10 +- Rename master -> cyrus-master + +* Wed Aug 8 2018 Pavel Zhukov - 3.0.7-9 +- Load supported modules only + +* Mon Aug 6 2018 Pavel Zhukov - 3.0.7-7 +- Resolves: №1611713 - Generate SSl cerificates for starttls test + +* Mon Jun 25 2018 Pavel Zhukov - 3.0.7-6 +- Drop shapelib in RHEL + +* Fri Jun 22 2018 Pavel Zhukov - 3.0.7-5 +- Drop xapian support + +* Tue May 22 2018 Pavel Zhukov - 3.0.7-4 +- Disable clamav support for non Fedora's +- Disable forktest due to builders slowness + +* Fri May 18 2018 Jason L Tibbitts III - 3.0.7-2 +- Really enable mysql and clamav support. + +* Fri May 18 2018 Jason L Tibbitts III - 3.0.7-1 +- Update to 3.0.7. +- Update Cassandane checkout. +- Update excluded Cassandane test list. + +* Tue May 01 2018 Jason L Tibbitts III - 3.0.6-1 +- Update to 3.0.6. +- Remove upstreamed patches and renumber the rest. +- Disable one new failing test: + https://github.com/cyrusimap/cyrus-imapd/issues/2332 + +* Mon Apr 30 2018 Pete Walter - 3.0.5-15 +- Rebuild for ICU 61.1 + +* Tue Apr 17 2018 Jason L Tibbitts III - 3.0.5-14 +- Update Cassandane again, fixing a broken test. + +* Fri Apr 13 2018 Jason L Tibbitts III - 3.0.5-13 +- Update Cassandane, fixing a few tests and a class of weird random build + failures. + +* Fri Apr 06 2018 Jason L Tibbitts III - 3.0.5-12 +- Update list of excluded tests. +- Update Cassandane snapshot; use new base_port config setting. No need to + patch that in now. +- Add four new expected-to-fail tests from new Cassandane snapshot. +- Add patch to collect extra Cassandane logging in case we hit some of those + sporadic failures again. + +* Tue Apr 03 2018 Jason L Tibbitts III - 3.0.5-11 +- Re-enable imaptest on >= F29. +- F29's imaptest fixes several bugs, allowing all tests to be run there. +- Relocate cassandane base port to hopefully work better in koji. + +* Mon Apr 02 2018 Jason L Tibbitts III - 3.0.5-10 +- Update cassandane checkout to fix a test that was broken by DST. +- Add patch to fix sieve scripts for usernames containing a dot. +- Disable imaptest in cassandane until + https://bugzilla.redhat.com/show_bug.cgi?id=1562970 is fixed. +- Re-enable tests on s390; it seems to be better now. + +* Thu Mar 15 2018 Jason L Tibbitts III - 3.0.5-9 +- Re-enable clamav on ppc64. + +* Thu Mar 01 2018 Jason L Tibbitts III - 3.0.5-8 +- Bump client_timeout value in test suite. + +* Thu Mar 01 2018 Jason L Tibbitts III - 3.0.5-7 +- Add patch to fix imtest (rhbz#1543481). +- Fix vzic makefile to use proper cflags (rhbz#1550543). + +* Mon Feb 26 2018 Jason L Tibbitts III - 3.0.5-6 +- Update cassandane checkout. +- Add two new build dependencies. +- Remove all JMAP-related tests from the exclusion lists, since cassandane no + longer runs any JMAP tests on cyrus 3.0. +- Collapse unused test skip lists. +- Add ten additional skipped tests, after consultation with upstream. + +* Mon Feb 26 2018 Jason L Tibbitts III - 3.0.5-5 +- Add patch to fix segfaults in squatter. +- Exclude one test on all releases instead of just F28+. +- Remove --cleanup from cassandane invocation. + +* Wed Feb 07 2018 Fedora Release Engineering - 3.0.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 09 2018 Jason L Tibbitts III - 3.0.5-3 +- Re-enable clamav and mariadb support as those are now built with openssl 1.1. +- But no clamav on ppc64 because of + https://bugzilla.redhat.com/show_bug.cgi?id=1534071 + +* Thu Jan 04 2018 Jason L Tibbitts III - 3.0.5-2 +- Reorganize some test exclusions so things build on all releases. + +* Thu Jan 04 2018 Jason L Tibbitts III - 3.0.5-1 +- Update to 3.0.5. +- Add one new failing test. +- Remove one now-passing test on rawhide. + +* Mon Dec 18 2017 Pavel Zhukov - 3.0.4-6 +- Rebuild with new net-snmp + +* Thu Nov 30 2017 Pete Walter - 3.0.4-5 +- Rebuild for ICU 60.1 + +* Wed Nov 29 2017 Pavel Zhukov - 3.0.4-4 +- Do not require tcp_wrappers (#1518759) + +* Tue Nov 14 2017 Jason L Tibbitts III - 3.0.4-3 +- Rebuild for new libical. +- Add patch to fix compilation error with new libical. +- Disable two tests which fail due to the new libical. + +* Tue Oct 24 2017 Jason L Tibbitts III - 3.0.4-2 +- Fix typo in default config; + https://bugzilla.redhat.com/show_bug.cgi?id=1506000 + +* Tue Sep 05 2017 Pavel Zhukov - 3.0.4-1 +- Update to 3.0.4 +- Patched cassandane for new behaviour. It should be updated idealy. +- Disable ImapTest.urlauth2 test; it seems to fail randomly regardless of + architecture. + +* Fri Aug 11 2017 Jason L Tibbitts III - 3.0.3-1 +- Update to 3.0.3, which contains an important security fix. The fix is not + embargoed but no CVE has been assigned yet. +- Drop patches merged upstream. +- An update of imaptest has resulted in three additional cassandane failures, + reported upstream as https://github.com/cyrusimap/cyrus-imapd/issues/2087. + In order to get the security fix out without delay, those three tests have been + disabled. + +* Fri Aug 11 2017 Igor Gnatenko - 3.0.2-9 +- Rebuilt after RPM update (№ 3) + +* Thu Aug 10 2017 Igor Gnatenko - 3.0.2-8 +- Rebuilt for RPM soname bump + +* Wed Aug 02 2017 Fedora Release Engineering - 3.0.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.0.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jun 30 2017 Jason L Tibbitts III - 3.0.2-5 +- Add two patches from upstream which fix JMAPCalendars issues on 32-bit and + big-endian architectures. +- Clean up test invocation and exclusion list. More tests pass now. + +* Wed Jun 28 2017 Jason L Tibbitts III - 3.0.2-4 +- Explicitly set specialusealways: 1 in the default config. + +* Tue Jun 27 2017 Jason L Tibbitts III - 3.0.2-3 +- Patch the provided imapd.conf and cyrus.conf to more closely match previous + Fedora defaults and directories included in this package and to enable + features which are supported by the Fedora build. +- Add tmpfiles.d configuration file for directories in /run. + +* Tue Jun 27 2017 Jason L Tibbitts III - 3.0.2-2 +- Exclude one more test from 32-bit arches. Looks like this failure crept in + with the Cassandane update. + +* Thu Jun 22 2017 Jason L Tibbitts III - 3.0.2-1 +- Update to 3.0.2. +- New Cassandane snapshot, with more tests (all of which are passing). + +* Tue Jun 20 2017 Jason L Tibbitts III - 3.0.1-7 +- Add old /usr/lib/cyrus-imapd directory to the utils package and add a symlink + there to the deliver binary. This should help a bit with migrations. +- Add upstream patch to fix reconstruct failures on 32-bit architectures. + Re-enable those five Cassandane tests. + +* Thu Jun 15 2017 Jason L Tibbitts III - 3.0.1-6 +- Rename two commands: quota -> cyr_quota, restore -> cyr_restore. +- Fix Cassandane to handle those renames. +- Fix location of cyr_fetchnews. +- Fix Perl 5.26-related module linking issue which caused a test failure. + Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1461669 + +* Tue Jun 06 2017 Jason L Tibbitts III - 3.0.1-5 +- Use proper path to ctl_mboxlist in cron file. +- Add patch to increase individual test timeout. Sometimes armv7hl can't + complete a single test in 20 seconds. +- Disable the Metronome tests; upstream says that they just won't reliably on + shared hardware. +- Don't bother running Cassandane on s390x for now. The machines are simply + too slow. + +* Tue Jun 06 2017 Jitka Plesnikova - 3.0.1-4 +- Perl 5.26 rebuild + +* Fri Jun 02 2017 Jason L Tibbitts III - 3.0.1-3 +- Remove clamav from build requirements. +- Add --cleanup to Cassandane call to hopefully reduce build disk usage. +- Disable maxforkrate test on s390x; our builders are too slow to run it. + +* Fri Jun 02 2017 Jason L Tibbitts III - 3.0.1-2 +- Add patch to fix up some endianness issues. +- Enable both test suites on all architectures. +- Add arch-specific excludes for a few Cassandane tests. + +* Thu Apr 20 2017 Jason L Tibbitts III - 3.0.1-1 +- Initial attempt at importing 3.0. Many new dependencies. +- Use a stock sample imapd.conf file instead of a Fedora-provided one. + +* Fri Feb 10 2017 Fedora Release Engineering - 2.5.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 09 2017 Jason L Tibbitts III - 2.5.10-2 +- Rename httpd manpage to "cyrhttpd" to avoid conflict with the httpd package. + +* Wed Nov 23 2016 Jason L Tibbitts III - 2.5.10-1 +- Initial update to the 2.5 series. +- Significant spec cleanups. +- Add sscg dep and follow + https://fedoraproject.org/wiki/Packaging:Initial_Service_Setup for initial + cert generation. +- Change default conf to use the system crypto policy. + +* Sat Jan 01 2000 Pavel Zhukov - 0.0.1-1 +- See /usr/share/doc/cyrus-imapd/CHANGELOG.rpm for more history diff --git a/cyrus-imapd.sysconfig b/cyrus-imapd.sysconfig new file mode 100644 index 0000000..ad8bec5 --- /dev/null +++ b/cyrus-imapd.sysconfig @@ -0,0 +1,5 @@ +# Options to cyrus-master +CYRUSOPTIONS="" + +# Mailbox list dumps are rotated n times via cron.daily +#ROTATE=6 diff --git a/cyrus-imapd.tmpfiles.conf b/cyrus-imapd.tmpfiles.conf new file mode 100644 index 0000000..14a2791 --- /dev/null +++ b/cyrus-imapd.tmpfiles.conf @@ -0,0 +1,5 @@ +d /run/cyrus 0750 cyrus mail - +d /run/cyrus/db 0700 cyrus mail - +d /run/cyrus/lock 0700 cyrus mail - +d /run/cyrus/proc 0700 cyrus mail - +d /run/cyrus/socket 0750 cyrus mail - diff --git a/patch-cassandane-fix-annotator b/patch-cassandane-fix-annotator new file mode 100644 index 0000000..1899ae0 --- /dev/null +++ b/patch-cassandane-fix-annotator @@ -0,0 +1,14 @@ +diff --git a/utils/annotator.pl b/utils/annotator.pl +index 94b84a2..0208831 100755 +--- a/utils/annotator.pl ++++ b/utils/annotator.pl +@@ -140,6 +140,8 @@ GetOptions( + xlog "annotator $$ starting"; + Cassandane::AnnotatorDaemon->run( + pid_file => $pidfile, +- port => $port ++ port => $port, ++ user => (getpwuid($<))[0], ++ group => (getgrgid($())[0], + ); + xlog "annotator $$ exiting"; diff --git a/patch-cassandane-no-syslog b/patch-cassandane-no-syslog new file mode 100644 index 0000000..67d30b3 --- /dev/null +++ b/patch-cassandane-no-syslog @@ -0,0 +1,21 @@ +diff --git a/Cassandane/Util/Log.pm b/Cassandane/Util/Log.pm +index 9cd93d5..8d3b3c1 100644 +--- a/Cassandane/Util/Log.pm ++++ b/Cassandane/Util/Log.pm +@@ -52,16 +52,12 @@ our @EXPORT = qw( + + my $verbose = 0; + +-openlog('cassandane', '', LOG_LOCAL6) +- or die "Cannot openlog"; +- + sub xlog + { + my ($pkg, $file, $line) = caller; + $pkg =~ s/^Cassandane:://; + my $msg = "=====> " . $pkg . "[" . $line . "] " . join(' ', @_); + print STDERR "$msg\n"; +- syslog(LOG_ERR, "$msg"); + } + + sub set_verbose diff --git a/patch-cyrus-default-configs b/patch-cyrus-default-configs new file mode 100644 index 0000000..ca3c93f --- /dev/null +++ b/patch-cyrus-default-configs @@ -0,0 +1,114 @@ +diff --git a/doc/examples/cyrus_conf/prefork.conf b/doc/examples/cyrus_conf/prefork.conf +index 4ce2c0f..3b1e6d7 100644 +--- a/doc/examples/cyrus_conf/prefork.conf ++++ b/doc/examples/cyrus_conf/prefork.conf +@@ -19,15 +19,15 @@ SERVICES { + # nntps cmd="nntpd -s" listen="nntps" prefork=1 + + # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS +-# http cmd="httpd" listen="http" prefork=3 +-# https cmd="httpd -s" listen="https" prefork=1 ++ http cmd="httpd" listen="http" prefork=3 ++ https cmd="httpd -s" listen="https" prefork=1 + + # at least one LMTP is required for delivery + # lmtp cmd="lmtpd" listen="lmtp" prefork=0 +- lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 ++ lmtpunix cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1 + + # this is only necessary if using notifications +-# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1 ++# notify cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" prefork=1 + } + + EVENTS { +diff --git a/doc/examples/imapd_conf/normal.conf b/doc/examples/imapd_conf/normal.conf +index 95b54e9..3935b77 100644 +--- a/doc/examples/imapd_conf/normal.conf ++++ b/doc/examples/imapd_conf/normal.conf +@@ -10,7 +10,7 @@ admins: cyrus + ################################################################### + + # Configuration directory +-configdirectory: /var/lib/cyrus ++configdirectory: /var/lib/imap + + # Directories for proc and lock files + proc_path: /run/cyrus/proc +@@ -19,18 +19,18 @@ mboxname_lockpath: /run/cyrus/lock + # Locations for DB files + # The following DB are recreated upon initialization, so should live in + # ephemeral storage for best performance. +-duplicate_db_path: /run/cyrus/deliver.db +-ptscache_db_path: /run/cyrus/ptscache.db +-statuscache_db_path: /run/cyrus/statuscache.db +-tls_sessions_db_path: /run/cyrus/tls_sessions.db ++duplicate_db_path: /run/cyrus/db/deliver.db ++ptscache_db_path: /run/cyrus/db/ptscache.db ++statuscache_db_path: /run/cyrus/db/statuscache.db ++tls_sessions_db_path: /run/cyrus/db/tls_sessions.db + + # Which partition to use for default mailboxes + defaultpartition: default +-partition-default: /var/spool/cyrus/mail ++partition-default: /var/spool/imap + + # If sieveusehomedir is false (the default), this directory is searched + # for Sieve scripts. +-sievedir: /var/spool/sieve ++sievedir: /var/lib/imap/sieve + + ################################################################### + ## Important: KEEP THESE IN SYNC WITH cyrus.conf +@@ -51,19 +51,16 @@ syslog_prefix: cyrus + # Space-separated list of HTTP modules that will be enabled in + # httpd(8). This option has no effect on modules that are disabled at + # compile time due to missing dependencies (e.g. libical). +-# +-# Allowed values: caldav, carddav, domainkey, ischedule, rss +-httpmodules: caldav carddav ++# Enable supported modules ++httpmodules: caldav carddav + + # If enabled, the partitions will also be hashed, in addition to the + # hashing done on configuration directories. This is recommended if one + # partition has a very bushy mailbox tree. + hashimapspool: true + +-# Enable virtual domains +-# and set default domain to localhost +-virtdomains: yes +-defaultdomain: localhost ++# Disable virtual domains by default ++virtdomains: off + + ################################################################### + ## User experience settings +@@ -72,6 +69,14 @@ defaultdomain: localhost + # Minimum time between POP mail fetches in minutes + popminpoll: 1 + ++# Conversation support is required for jmap ++conversations: 1 ++conversations_db: twoskip ++ ++# This will default to on in 3.1, and improves compatibility with some Apple ++# devices. Upstream https://github.com/cyrusimap/cyrus-imapd/issues/1556 ++specialusealways: 1 ++ + ################################################################### + ## User Authentication settings + ################################################################### +@@ -99,6 +104,12 @@ sasl_auto_transition: no + ## SSL/TLS Options + ################################################################### + ++# These three files will automatically be generated by the systemd unit when ++# the service starts for the first time. ++tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem ++tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd-key.pem ++tls_client_ca_file: /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem ++ + # File containing the global certificate used for ALL services (imap, + # pop3, lmtp, sieve) + #tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem diff --git a/patch-cyrus-managesieve-linking b/patch-cyrus-managesieve-linking new file mode 100644 index 0000000..1347c44 --- /dev/null +++ b/patch-cyrus-managesieve-linking @@ -0,0 +1,13 @@ +diff --git a/perl/sieve/managesieve/Makefile.PL.in b/perl/sieve/managesieve/Makefile.PL.in +index 2bb715d..422504d 100644 +--- a/perl/sieve/managesieve/Makefile.PL.in ++++ b/perl/sieve/managesieve/Makefile.PL.in +@@ -69,7 +69,7 @@ WriteMakefile( + 'ABSTRACT' => 'Cyrus Sieve management interface', + 'VERSION_FROM' => "@top_srcdir@/perl/sieve/managesieve/managesieve.pm", # finds $VERSION + 'MYEXTLIB' => '../lib/.libs/libisieve.a @top_builddir@/perl/.libs/libcyrus.a @top_builddir@/perl/.libs/libcyrus_min.a', +- 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@"], ++ 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@ -lsqlite3 -lpq -lmariadb"], + 'CCFLAGS' => '@GCOV_CFLAGS@', + 'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING' + 'INC' => "-I@top_srcdir@/lib -I@top_srcdir@/perl/sieve -I@top_srcdir@/perl/sieve/lib @SASLFLAGS@ @SSL_CPPFLAGS@", diff --git a/patch-cyrus-testsuite-timeout b/patch-cyrus-testsuite-timeout new file mode 100644 index 0000000..74fa4f8 --- /dev/null +++ b/patch-cyrus-testsuite-timeout @@ -0,0 +1,13 @@ +diff --git a/cunit/unit.c b/cunit/unit.c +index 46dc358..ca37f22 100644 +--- a/cunit/unit.c ++++ b/cunit/unit.c +@@ -97,7 +97,7 @@ EXPORTED void fatal(const char *s, int code) + } + + /* Each test gets a maximum of 20 seconds. */ +-#define TEST_TIMEOUT_MS (20*1000) ++#define TEST_TIMEOUT_MS (30*1000) + + static jmp_buf jbuf; + static const char *code; diff --git a/patch-vzic-proper-cflags b/patch-vzic-proper-cflags new file mode 100644 index 0000000..0e299b3 --- /dev/null +++ b/patch-vzic-proper-cflags @@ -0,0 +1,25 @@ +diff --git a/tools/vzic/Makefile b/tools/vzic/Makefile +index 8ae6afa..3882998 100644 +--- a/tools/vzic/Makefile ++++ b/tools/vzic/Makefile +@@ -45,17 +45,17 @@ LIBICAL_LDADD = -lical + GLIB_CFLAGS = `pkg-config --cflags glib-2.0` + GLIB_LDADD = `pkg-config --libs glib-2.0` + +-CFLAGS = -g -I../.. -DOLSON_DIR=\"$(OLSON_DIR)\" -DPRODUCT_ID='"$(PRODUCT_ID)"' -DTZID_PREFIX='"$(TZID_PREFIX)"' $(GLIB_CFLAGS) $(LIBICAL_CFLAGS) ++CFLAGS += -I../.. -DOLSON_DIR=\"$(OLSON_DIR)\" -DPRODUCT_ID='"$(PRODUCT_ID)"' -DTZID_PREFIX='"$(TZID_PREFIX)"' $(GLIB_CFLAGS) $(LIBICAL_CFLAGS) + + OBJECTS = vzic.o vzic-parse.o vzic-dump.o vzic-output.o + + all: vzic + + vzic: $(OBJECTS) +- $(CC) $(OBJECTS) $(GLIB_LDADD) -o vzic ++ $(CC) $(LDFLAGS) $(OBJECTS) $(GLIB_LDADD) -o vzic + + test-vzic: test-vzic.o +- $(CC) test-vzic.o $(LIBICAL_LDADD) -o test-vzic ++ $(CC) $(LDFLAGS) test-vzic.o $(LIBICAL_LDADD) -o test-vzic + + # Dependencies. + $(OBJECTS): vzic.h diff --git a/sources b/sources new file mode 100644 index 0000000..a8d1e76 --- /dev/null +++ b/sources @@ -0,0 +1,3 @@ +SHA512 (cassandane-00bfe01.tar.gz) = 96f2ca6cbf36c8f9df2b4762ca572b5ba597ca305408f992d6671cba2845f990c8d3cf35ae91ea44da9ea825c9b4c6b1e5fb314b27c31cf4c63805699ab46ab6 +SHA512 (cassandane-testdata-20170523.tar.gz) = 705f5af6a31fe3b8d6e8027bbddbedb2f64d65997f8a06620ec07fcd30a95d98ac3f3fbef7af5080684ee21be1c5b8bcad2374b2749f0571099e780355a04420 +SHA512 (cyrus-imapd-3.0.7.tar.gz) = 6f9af658df6ae6e4463bb52c672c7e8d49482c8e5542985825f099ea8b76291d1598a2a5c92711ae642b0d053c5168792f1832eeb15d1fdeb4b8d2efcfb4d9b9