rpms/cyrus-imapd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import cyrus-imapd-3.0.7-19.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-07-28 07:16:25 -04:00 committed by Stepan Oksanichenko
parent e6e04d5879
commit cc1a2f7d65
6 changed files with 69 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cyrus-imapd.metadata
View File

@ -1,3 +1,4 @@
b537ecfca22df8a41f53d07d88d9547a1cb63d7d SOURCES/CHANGES.rpm
e39754f688d98ac0040df85e8850a2e330c6235d SOURCES/README.rpm
b3157c127c9cc404ecb2672e0eb4f18cac2a2a73 SOURCES/cassandane-00bfe01.tar.gz
fdbc28a259af65792e23ce8da16faf323039139c SOURCES/cassandane-testdata-20170523.tar.gz

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
SOURCES/CHANGES.rpm
SOURCES/README.rpm
SOURCES/cassandane-00bfe01.tar.gz
SOURCES/cassandane-testdata-20170523.tar.gz

30
SOURCES/cyrus-imapd-CVE-2019-18928.patch Normal file
View File

@ -0,0 +1,30 @@
diff --git a/imap/httpd.c b/imap/httpd.c
index 5dcf38dc4..d2fdeb945 100644
--- a/imap/httpd.c
+++ b/imap/httpd.c
@@ -1729,6 +1729,25 @@ static int examine_request(struct transaction_t *txn)
txn->auth_chal.scheme = NULL;
}
+ /* Drop auth credentials, if not a backend in a Murder */
+ else if (!config_mupdate_server || !config_getstring(IMAPOPT_PROXYSERVERS)) {
+ syslog(LOG_DEBUG, "drop auth creds");
+
+ free(httpd_userid);
+ httpd_userid = NULL;
+
+ free(httpd_extrafolder);
+ httpd_extrafolder = NULL;
+
+ free(httpd_extradomain);
+ httpd_extradomain = NULL;
+
+ if (httpd_authstate) {
+ auth_freestate(httpd_authstate);
+ httpd_authstate = NULL;
+ }
+ }
+
/* Perform proxy authorization, if necessary */
else if (saslprops.authid &&
(hdr = spool_getheader(txn->req_hdrs, "Authorize-As")) &&

13
SOURCES/cyrus-imapd-CVE-2019-19783.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/imap/lmtp_sieve.c b/imap/lmtp_sieve.c
index 4c3bbc3..d0abdd3 100644
--- a/imap/lmtp_sieve.c
+++ b/imap/lmtp_sieve.c
@@ -999,7 +999,7 @@ static int autosieve_createfolder(const char *userid, const struct auth_state *a
if (createsievefolder) {
/* Folder is already in internal namespace format */
r = mboxlist_createmailbox(internalname, 0, NULL,
- 1, userid, auth_state, 0, 0, 0, 1, NULL);
+ 0, userid, auth_state, 0, 0, 0, 1, NULL);
if (!r) {
mboxlist_changesub(internalname, userid, auth_state, 1, 1, 1);
syslog(LOG_DEBUG, "autosievefolder: User %s, folder %s creation succeeded",

3
SOURCES/cyrus-imapd-init.service
View File

@ -7,5 +7,6 @@ ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-ca.pem
[Service]
Type=oneshot
Group=mail
RemainAfterExit=no
ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem
ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640

220
SPECS/cyrus-imapd.spec
View File

@ -9,9 +9,9 @@
Name: cyrus-imapd
Version: 3.0.7
Release: 16%{?dist}
Release: 19%{?dist}
%define ssl_pem_file /etc/pki/%name/%name.pem
%define ssl_pem_file_prefix /etc/pki/%name/%name
# UID/GID 76 have long been reserved for Cyrus
%define uid 76
@ -25,6 +25,7 @@ Summary: A high-performance email, contacts and calendar server
License: BSD
URL: http://www.cyrusimap.org/
Source0: http://www.cyrusimap.org/releases/%name-%version.tar.gz
Source1: CHANGES.rpm
# Adapt a timeout to handle our slower builders
Patch0: patch-cyrus-testsuite-timeout
@ -43,6 +44,8 @@ Patch5: cyrus-imapd-memory_leak_on_cleanup.patch
Patch6: cyrus-imapd-memory_leak_on_cleanup_2.patch
Patch7: cyrus-imapd-close_backup_fd_on_error.patch
Patch8: cyrus-imapd-cve_2019_11356.patch
Patch9: cyrus-imapd-CVE-2019-19783.patch
Patch10: cyrus-imapd-CVE-2019-18928.patch
Source10: cyrus-imapd.logrotate
Source11: cyrus-imapd.pam-config
@ -217,6 +220,7 @@ IMAP server.
echo %version > VERSION
# Install the Fedora-specific documentation file
install -m 644 %SOURCE1 doc/
install -m 644 %SOURCE16 doc/
# Unpack and prepare cassandane
@ -411,9 +415,6 @@ find %buildroot/%_libdir/perl5/ -type f -name "*.so" -exec chmod 755 {} \;
sed -e 's/^ *//' -e 's/-nosync//' -e 's/ *$//' -e 's/"/=/'
echo sieve_version=2.2.3 ) | sort > %buildroot/%_datadir/%name/rpm/db.cfg
# create the ghost pem file
touch %buildroot/%ssl_pem_file
# Cyrus has various files with extremely conflicting names. Some of these are
# not unexpected ("imapd" itself) but some like "httpd" are rather surprising.
@ -589,7 +590,7 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
%files
%license COPYING
%doc README.md doc/README.* doc/examples doc/text
%doc README.md doc/README.* doc/examples doc/text doc/CHANGES.rpm
%_datadir/cyrus-imapd
%_libdir/libcyrus*.so.*
@ -597,8 +598,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
%_mandir/man8/*
%dir /etc/pki/cyrus-imapd
%attr(0640,root,%cyrusgroup) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %ssl_pem_file
%attr(0644,root,%cyrusgroup) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %ssl_pem_file_prefix-ca.pem
%attr(0644,root,%cyrusgroup) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %ssl_pem_file_prefix.pem
%attr(0640,root,%cyrusgroup) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %ssl_pem_file_prefix-key.pem
%config(noreplace) /etc/cyrus.conf
%config(noreplace) /etc/imapd.conf
@ -675,6 +677,16 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
%changelog
* Thu Apr 23 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-19
- change ownership of pki files (#1710722)
* Thu Apr 23 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-18
- Move old changelog into separate file (#1671239)
* Tue Apr 21 2020 Pavel Zhukov <pavel@desktop.zhukoff.net> - 3.0.7-17
- Add fix for CVE-2019-19783
- Add fix for CVE-2019-18928
* Fri Jun 7 2019 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-16
- Resolves: #1718195 - don't overrun buffer when parsing strings with sscanf()
@ -915,193 +927,5 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
cert generation.
- Change default conf to use the system crypto policy.
* Tue May 17 2016 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.18-3
- Perl 5.24 rebuild
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.18-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Oct 01 2015 Jason L Tibbitts III <tibbs@math.uh.edu> - 2.4.18-1
- Update to 2.4.18, rhbz#1267871 and rhbz#1267878
- Backport ff4e6c71d932b3e6bbfa67d76f095e27ff21bad0 to fix issues from
http://seclists.org/oss-sec/2015/q3/651
* Wed Sep 09 2015 Jason L Tibbitts III <tibbs@math.uh.edu> - 2.4.17-14
- Use %%license tag
- Have -devel require the base package
- Minor cleanups
* Sat Aug 08 2015 Jason L Tibbitts III <tibbs@math.uh.edu> - 2.4.17-13
- Remove invalid Patch0: URL.
- Use HTTP for upstream source.
- pod2html was split out of the main perl package, breaking cyrus.
Add a build dep for it.
* Wed Jul 29 2015 Kevin Fenzi <kevin@scrye.com> 2.4.17-12
- Rebuild for new librpm
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.17-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Fri Jun 05 2015 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.17-10
- Perl 5.22 rebuild
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@redhat.com> - 2.4.17-9
- Perl 5.20 rebuild
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.17-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.17-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.17-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Jul 18 2013 Petr Pisar <ppisar@redhat.com> - 2.4.17-5
- Perl 5.18 rebuild
* Fri Jul 12 2013 Michal Hlavinka <mhlavink@redhat.com> - 2.4.17-4
- spec clean up
* Thu Apr 18 2013 Michal Hlavinka <mhlavink@redhat.com> - 2.4.17-3
- make sure binaries are hardened
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Dec 1 2012 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 2.4.17-1
- New upstream version, fixes upstream bugs:
- reconstruct doesn't retain internaldate correctly (#3733)
- Race condition in maibox rename (#3696)
- DBERROR db4: Transaction not specified for a transactional database (#3715)
- performance degradation on huge indexes in 2.4 branch (#3717)
- typo fix in imapd.conf man page (#3729)
- quota does not find all quotaroots if quotalegacy, fulldirhash and prefix are used and virtdomains is off (#3735)
- Mail delivered during XFER was lost (#3737)
- replication does not work on RENAME (#3742)
- Failed asserting during APPEND (#3754)
* Fri Nov 30 2012 Michal Hlavinka <mhlavink@redhat.com> - 2.4.16-5
- do not use strict aliasing
* Tue Aug 21 2012 Michal Hlavinka <mhlavink@redhat.com> - 2.4.16-4
- use new systemd rpm macros (#850079)
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jun 11 2012 Petr Pisar <ppisar@redhat.com> - 2.4.16-2
- Perl 5.16 rebuild
* Thu Apr 19 2012 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 2.4.16-1
- New upstream release
* Wed Apr 18 2012 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 2.4.15-1
- New upstream release
* Wed Apr 11 2012 Michal Hlavinka <mhlavink@redhat.com> - 2.4.14-2
- rebuilt because of new libdb
* Wed Mar 14 2012 Michal Hlavinka <mhlavink@redhat.com> - 2.4.14-1
- updated to 2.4.14
* Tue Feb 07 2012 Michal Hlavinka <mhlavink@redhat.com> - 2.4.13-3
- use PraveTmp in systemd unit file
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Jan 02 2012 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 2.4.13-1
- New upstream release
* Wed Dec 07 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.12-5
- do not use digest-md5 as part of default auth mechanisms,
it does not coop with pam
* Tue Nov 22 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.12-4
- reduce noisy logging, add option to turn on LOG_DEBUG syslog
messages again (thanks Philip Prindeville) (#754940)
* Mon Oct 24 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.12-3
- add login and digest-md5 as part of default auth mechanisms (#748278)
* Tue Oct 11 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.12-2
- do not hide errors if cyrus user can't be added
* Wed Oct 05 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.12-1
- cyrus-imapd updated to 2.4.12
- fixes incomplete authentication checks in nntpd (Secunia SA46093)
* Fri Sep 9 2011 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 2.4.11-1
- update to 2.4.11
- Fix CVE-2011-3208 (#734926, #736838)
* Tue Aug 16 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.10-4
- rebuild with db5
* Thu Jul 21 2011 Petr Sabata <contyk@redhat.com> - 2.4.10-3
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <contyk@redhat.com> - 2.4.10-2
- Perl mass rebuild
* Wed Jul 6 2011 Jeroen van Meeuwen <kanarip@kanarip.com> - 2.4.10-1
- New upstream release
* Wed Jun 22 2011 Iain Arnell <iarnell@gmail.com> 2.4.8-5
- Patch to work with Perl 5.14
* Mon Jun 20 2011 Marcela Mašláňová <mmaslano@redhat.com> - 2.4.8-4
- Perl mass rebuild
* Fri Jun 10 2011 Marcela Mašláňová <mmaslano@redhat.com> - 2.4.8-3
- Perl 5.14 mass rebuild
* Mon May 09 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.8-2
- fixed: systemd commands in %%post (thanks Bill Nottingham)
* Thu Apr 14 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.8-1
- cyrus-imapd updated to 2.4.8
- fixed: cannot set unlimited quota through proxy
- fixed: reconstruct tries to set timestamps again and again
- fixed: response for LIST "" user is wrong
- fixed: THREAD command doesn't support quoted charset
- fixed crashes in mupdatetest and cyr_expire when using -x
* Mon Apr 04 2011 Michal Hlaivnka <mhlavink@redhat.com> - 2.4.7-2
- now using systemd
* Thu Mar 31 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.7-1
- updated to 2.4.7
* Fri Feb 11 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.4.6-1
- updated to 2.4.6
- "autocreate" and "autosieve" features were removed
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.16-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Jan 21 2011 Michal Hlavinka <mhlavink@redhat.com> - 2.3.16-7
- don't force sync io for all filesystems
* Fri Jul 09 2010 Michal Hlavinka <mhlavink@redhat.com> - 2.3.16-6
- follow licensing guideline update
- devel sub-package has to have virtual static provides (#609604)
* Mon Jun 07 2010 Michal Hlavinka <mhlavink@redhat.com> - 2.3.16-5
- spec cleanup
- simplified packaging (merge -perl in -utils)
- remove obsoleted and/or unmaintained additional sources/patches
- remove long time not used files from the cvs/srpm
- update additional sources/patches from their upstream
* Tue Jun 01 2010 Marcela Maslanova <mmaslano@redhat.com> - 2.3.16-4
- Mass rebuild with perl-5.12.0
* Tue Apr 20 2010 Michal Hlavinka <mhlavink@redhat.com> - 2.3.16-3
- add support for QoS marked traffic (#576652)
* Thu Jan 14 2010 Michal Hlavinka <mhlavink@redhat.com> - 2.3.16-2
- ignore user_denny.db if missing (#553011)
- fix location of certificates in default imapd.conf
* Sat Jan 01 2000 Pavel Zhukov <pzhukov@redhat.com> - 0.0.1-1
- See /usr/share/doc/cyrus-imapd/CHANGELOG.rpm for more history