7 changed files with 5 additions and 1257 deletions
--- a/.cyrus-imapd.metadata
+++ b/.cyrus-imapd.metadata
@ -1,3 +1,5 @@
+b537ecfca22df8a41f53d07d88d9547a1cb63d7d SOURCES/CHANGES.rpm
+e39754f688d98ac0040df85e8850a2e330c6235d SOURCES/README.rpm
 b3157c127c9cc404ecb2672e0eb4f18cac2a2a73 SOURCES/cassandane-00bfe01.tar.gz
 fdbc28a259af65792e23ce8da16faf323039139c SOURCES/cassandane-testdata-20170523.tar.gz
 49e3f8bbecd391513b81e3ccf49ea2df84be522f SOURCES/cyrus-imapd-3.0.7.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
+SOURCES/CHANGES.rpm
+SOURCES/README.rpm
 SOURCES/cassandane-00bfe01.tar.gz
 SOURCES/cassandane-testdata-20170523.tar.gz
 SOURCES/cyrus-imapd-3.0.7.tar.gz
--- a/SOURCES/CHANGES.rpm
+++ b/SOURCES/CHANGES.rpm
--- a/SOURCES/README.rpm
+++ b/SOURCES/README.rpm
@ -1,34 +0,0 @@
---------------
-Cyrus IMAPd RPM
---------------
-
-This is a _very_ 'quick and dirty' install howto.
-
-The following steps should lead you to a running Cyrus IMAP server:
-
-1)  Install on a distribution which is supported by this RPM. Don't install
-    on a dirty system, where you have previously installed from source.
-2)  Don't install if you have a previous Cyrus IMAPd installation <=2.1.x on
-    your box. Upgrading any Invoca rpm based installation should be fine.
-3)  Make sure you understand that this RPM installs in FHS compliant
-    directories, like /var/lib/imap and /var/spool/imap
-4)  Make sure cyrus-sasl is installed.
-5)  Make sure saslauthd is running. If not, edit /etc/sysconfig/saslauthd as
-    needed and do 'chkconfig saslauthd on ; service saslauthd start'
-6)  Install the cyrus-imapd RPMs.
-7)  If it's your first install of Cyrus IMAPd, then set a password for the
-    cyrus user in whatever database you are using to authenticate. When
-    using a local account, this should be 'passwd cyrus'.
-8)  Make sure your MTA delivers to Cyrus IMAPd, I recommend LMTP for this.
-9)  Start Cyrus IMAPd with 'service cyrus-imapd start'
-10) Run cyradm and create a user. Usually it's something like this:
-    'cyradm --user=cyrus --auth=login localhost'
-11) If you're using sendmail, be aware that cyrusv2.m4 included in standard
-    sendmail distribution uses socket /var/imap/socket/lmtp while this rpm
-    uses /var/lib/imap/socket/lmtp.
-12) Check your syslog configuration. This RPM uses the mail facility to log
-    messages. On busy sites you may want to limit the mail facility to the
-    info priority with something like 'mail.info    /var/log/maillog' in
-    /etc/syslog.conf.
-
-Enjoy!
--- a/SOURCES/cyrus-imapd-ptclient-canonification_across_multiple_domains.patch
+++ b/SOURCES/cyrus-imapd-ptclient-canonification_across_multiple_domains.patch
@ -1,64 +0,0 @@
-diff --git a/ptclient/ldap.c b/ptclient/ldap.c
-index 2fc306e..4dc9be1 100644
--- a/ptclient/ldap.c
-+++ b/ptclient/ldap.c
-@@ -934,7 +934,58 @@ static int ptsmodule_get_dn(
-         if (rc != PTSM_OK)
-             goto done;
- 
-        if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
-+        if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') == NULL)) {
-+            syslog(LOG_DEBUG, "collecting all domains from %s", ptsm->domain_base_dn);
-+
-+            snprintf(domain_filter, sizeof(domain_filter), ptsm->domain_filter, "*");
-+
-+            syslog(LOG_DEBUG, "Domain filter: %s", domain_filter);
-+
-+            rc = ldap_search_st(ptsm->ld, ptsm->domain_base_dn, ptsm->domain_scope, domain_filter, domain_attrs, 0, &(ptsm->timeout), &res);
-+
-+            if (rc != LDAP_SUCCESS) {
-+                if (rc == LDAP_SERVER_DOWN) {
-+                    syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc));
-+                    ldap_unbind(ptsm->ld);
-+                    ptsm->ld = NULL;
-+                    return PTSM_RETRY;
-+                }
-+
-+                syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc));
-+                return PTSM_FAIL;
-+            }
-+            if (ldap_count_entries(ptsm->ld, res) < 1) {
-+                syslog(LOG_ERR, "No domain found");
-+                return PTSM_FAIL;
-+            } else if (ldap_count_entries(ptsm->ld, res) >= 1) {
-+                int count_matches = 0;
-+                char *temp_base = NULL;
-+                LDAPMessage *res2;
-+                for (entry = ldap_first_entry(ptsm->ld, res); entry != NULL; entry = ldap_next_entry(ptsm->ld, entry)) {
-+                    if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_name_attribute)) != NULL) {
-+                        syslog(LOG_DEBUG, "we have a domain %s", vals[0]);
-+                        ptsmodule_standard_root_dn(vals[0], &temp_base);
-+                        rc = ldap_search_st(ptsm->ld, temp_base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res2);
-+                        if (rc == LDAP_SUCCESS && ldap_count_entries(ptsm->ld, res2) == 1) {
-+                            syslog(LOG_DEBUG, "Found %s in %s", canon_id, temp_base);
-+                            base = temp_base;
-+                            count_matches++;
-+                        }
-+                    }
-+                }
-+
-+                if (count_matches > 1) {
-+                    syslog(LOG_ERR, "LDAP search for %s failed because it matches multiple accounts.", canon_id);
-+                    return PTSM_FAIL;
-+                } else if (count_matches == 0) {
-+                    syslog(LOG_ERR, "LDAP search for %s failed because it does not match any account in all domains.", canon_id);
-+                    return PTSM_FAIL;
-+                }
-+
-+                syslog(LOG_DEBUG, "we have found %s in %s", canon_id, base);
-+            }
-+        }
-+        else if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
-             syslog(LOG_DEBUG, "Attempting to get domain for %s from %s", canon_id, ptsm->domain_base_dn);
- 
-             /* Get the base dn to search from domain_base_dn searched on domain_scope with
--- a/SOURCES/patch-cyrus-ldap-group-retriaval
+++ b/SOURCES/patch-cyrus-ldap-group-retriaval
@ -1,32 +0,0 @@
-commit 1152ce70af232fc4200bbeca18961f99e12d73df
-Author: Felix Schumacher <felix.schumacher@internetallee.de>
-Date:   Wed Feb 6 19:02:11 2019 +0100
-
-    Return correct group names when groups are resolved by filter
-    
-    This fixes an regression, that was introduced with 61f5296c0d727faee4726525a6812b200d946d83.
-    Back then the logic was changed from len(vals) != 1 to two if clauses len(vals) < 1 and len(vals) > 1
-    which logged errors and an else clause (which matched the correct number of len(val) == 1) that
-    got the old error handling code.
-
-diff --git a/ptclient/ldap.c b/ptclient/ldap.c
-index 40c9adee3..457951928 100644
--- a/ptclient/ldap.c
-+++ b/ptclient/ldap.c
-@@ -1336,11 +1336,15 @@ static int ptsmodule_make_authstate_filter(
-             syslog(LOG_ERR, "No values for attribute '%s' on entry '%s'",
-                             ptsm->member_attribute,
-                             errdn);
-+            *reply = "no values";
-+            rc = PTSM_FAIL;
-+            ldap_value_free(vals);
-+            vals = NULL;
-+            goto done;
-         } else if (ldap_count_values(vals) > 1) {
-             syslog(LOG_ERR, "Too many values for attribute '%s' on entry '%s'",
-                             ptsm->member_attribute,
-                             errdn);
-        } else {
-             *reply = "too many values";
-             rc = PTSM_FAIL;
-             ldap_value_free(vals);
--- a/SPECS/cyrus-imapd.spec
+++ b/SPECS/cyrus-imapd.spec
@ -9,7 +9,7 @@

 Name: cyrus-imapd
 Version: 3.0.7
-Release: 27%{?dist}
+Release: 24%{?dist}

 %define ssl_pem_file_prefix /etc/pki/%name/%name

@ -52,10 +52,6 @@ Patch12: cyrus-imapd-3.0-CVE-2021-33582.patch
 Patch13: cyrus-squatter-assert-crash.patch
 # https://github.com/cyrusimap/cyrus-imapd/commit/562ac9d7abd3b928315c7f0672d0f1a8995ca625
 Patch14: cyrus-imapd-load-tombstones-for-cleanup.patch
-# https://github.com/cyrusimap/cyrus-imapd/commit/ed1a17b09e2e03788852e122f213b88352bc24b9
-Patch15: cyrus-imapd-ptclient-canonification_across_multiple_domains.patch
-# https://github.com/cyrusimap/cyrus-imapd/commit/1152ce70af232fc4200bbeca18961f99e12d73df
-Patch16: patch-cyrus-ldap-group-retriaval

 Source10: cyrus-imapd.logrotate
 Source11: cyrus-imapd.pam-config
@ -693,17 +689,6 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v


 %changelog
-* Tue Oct 29 2024 Martin Osvald <mosvald@redhat.com> - 3.0.7-27
- Fix regression while retrieving ldap group names
- Resolves: RHEL-61691
-
-* Mon Jul 01 2024 Martin Osvald <mosvald@redhat.com> - 3.0.7-26
- Update fmf plans and gating for c8s
-
-* Sat Jun 22 2024 Martin Osvald <mosvald@redhat.com> - 3.0.7-25
- ptclient: implement canonification across multiple domains
-  Resolves: RHEL-10710
-
 * Mon Jun 13 2022 Martin Osvald <mosvald@redhat.com> - 3.0.7-24
 - Resolves: #1911689 - Fatal error when running "squatter -r user"
 - Resolves: #1941255 - Wait for network-online target