rpms/cyrus-imapd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:c8s
rpms:c9-beta
rpms:c9s
rpms:c9
rpms:c8-beta
rpms:imports/c8/cyrus-imapd-3.0.7-27.el8_10
rpms:imports/c10s/cyrus-imapd-3.8.3-6.el10
rpms:imports/c9-beta/cyrus-imapd-3.4.8-1.el9
rpms:imports/c8/cyrus-imapd-3.0.7-26.el8_10
rpms:imports/c10s/cyrus-imapd-3.8.3-1.el10
rpms:imports/c10s/cyrus-imapd-3.8.3-5.el10
rpms:imports/c10s/cyrus-imapd-3.8.3-4.el10
rpms:imports/c9/cyrus-imapd-3.4.1-11.el9
rpms:imports/c9-beta/cyrus-imapd-3.4.1-10.el9
rpms:imports/c9/cyrus-imapd-3.4.1-7.el9
rpms:imports/c8/cyrus-imapd-3.0.7-24.el8
rpms:imports/c9-beta/cyrus-imapd-3.4.1-7.el9
rpms:imports/c8-beta/cyrus-imapd-3.0.7-24.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-24.el8
rpms:imports/c9/cyrus-imapd-3.4.1-6.el9
rpms:imports/c9-beta/cyrus-imapd-3.4.1-6.el9
rpms:imports/c9-beta/cyrus-imapd-3.4.1-4.el9
rpms:imports/c8/cyrus-imapd-3.0.7-23.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-23.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-20.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-19.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-16.el8
rpms:imports/c8/cyrus-imapd-3.0.7-20.el8_4.1
rpms:imports/c8s/cyrus-imapd-3.0.7-23.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-22.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-20.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-19.el8
rpms:imports/c8/cyrus-imapd-3.0.7-20.el8
rpms:imports/c8/cyrus-imapd-3.0.7-19.el8
rpms:imports/c8/cyrus-imapd-3.0.7-16.el8
rpms:imports/c8/cyrus-imapd-3.0.7-15.el8_0.1
rpms:imports/c8/cyrus-imapd-3.0.7-15.el8
...
pull from: rpms:c9-beta
Branches Tags
rpms:c8
rpms:c10s
rpms:c8s
rpms:c9-beta
rpms:c9s
rpms:c9
rpms:c8-beta
rpms:imports/c8/cyrus-imapd-3.0.7-27.el8_10
rpms:imports/c10s/cyrus-imapd-3.8.3-6.el10
rpms:imports/c9-beta/cyrus-imapd-3.4.8-1.el9
rpms:imports/c8/cyrus-imapd-3.0.7-26.el8_10
rpms:imports/c10s/cyrus-imapd-3.8.3-1.el10
rpms:imports/c10s/cyrus-imapd-3.8.3-5.el10
rpms:imports/c10s/cyrus-imapd-3.8.3-4.el10
rpms:imports/c9/cyrus-imapd-3.4.1-11.el9
rpms:imports/c9-beta/cyrus-imapd-3.4.1-10.el9
rpms:imports/c9/cyrus-imapd-3.4.1-7.el9
rpms:imports/c8/cyrus-imapd-3.0.7-24.el8
rpms:imports/c9-beta/cyrus-imapd-3.4.1-7.el9
rpms:imports/c8-beta/cyrus-imapd-3.0.7-24.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-24.el8
rpms:imports/c9/cyrus-imapd-3.4.1-6.el9
rpms:imports/c9-beta/cyrus-imapd-3.4.1-6.el9
rpms:imports/c9-beta/cyrus-imapd-3.4.1-4.el9
rpms:imports/c8/cyrus-imapd-3.0.7-23.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-23.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-20.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-19.el8
rpms:imports/c8-beta/cyrus-imapd-3.0.7-16.el8
rpms:imports/c8/cyrus-imapd-3.0.7-20.el8_4.1
rpms:imports/c8s/cyrus-imapd-3.0.7-23.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-22.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-20.el8
rpms:imports/c8s/cyrus-imapd-3.0.7-19.el8
rpms:imports/c8/cyrus-imapd-3.0.7-20.el8
rpms:imports/c8/cyrus-imapd-3.0.7-19.el8
rpms:imports/c8/cyrus-imapd-3.0.7-16.el8
rpms:imports/c8/cyrus-imapd-3.0.7-15.el8_0.1
rpms:imports/c8/cyrus-imapd-3.0.7-15.el8

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

31 changed files with 1872 additions and 2737 deletions
Show Stats Expand all files Collapse all files

5
.cyrus-imapd.metadata
View File

@ -1,3 +1,2 @@
b3157c127c9cc404ecb2672e0eb4f18cac2a2a73 SOURCES/cassandane-00bfe01.tar.gz
fdbc28a259af65792e23ce8da16faf323039139c SOURCES/cassandane-testdata-20170523.tar.gz
49e3f8bbecd391513b81e3ccf49ea2df84be522f SOURCES/cyrus-imapd-3.0.7.tar.gz
db177fede156dad2c57d11af4eee12c86ed650b1 SOURCES/cyrus-imapd-3.4.8.tar.gz
27de2e8344eca909bf8281745c3bd1c191b07f13 SOURCES/cyrus-imapd-3.4.8.tar.gz.sig

5
.gitignore vendored
View File

@ -1,3 +1,2 @@
SOURCES/cassandane-00bfe01.tar.gz
SOURCES/cassandane-testdata-20170523.tar.gz
SOURCES/cyrus-imapd-3.0.7.tar.gz
SOURCES/cyrus-imapd-3.4.8.tar.gz
SOURCES/cyrus-imapd-3.4.8.tar.gz.sig

1111
SOURCES/CHANGES.rpm
View File

File diff suppressed because it is too large Load Diff

205
SOURCES/cyrus-imapd-3.0-CVE-2021-33582.patch
View File

@ -1,205 +0,0 @@
diff --git a/imap/http_dav.c b/imap/http_dav.c
index 91bbc28b6b..a6fa5c8345 100644
--- a/imap/http_dav.c
+++ b/imap/http_dav.c
@@ -5494,7 +5494,7 @@ EXPORTED int meth_propfind(struct transaction_t *txn, void *params)
xmlDocPtr indoc = NULL, outdoc = NULL;
xmlNodePtr root, cur = NULL, props = NULL;
xmlNsPtr ns[NUM_NAMESPACE];
- struct hash_table ns_table = { 0, NULL, NULL };
+ struct hash_table ns_table = HASH_TABLE_INITIALIZER;
struct propfind_ctx fctx;
struct propfind_entry_list *elist = NULL;
@@ -7900,7 +7900,7 @@ int meth_report(struct transaction_t *txn, void *params)
xmlNodePtr inroot = NULL, outroot = NULL, cur, prop = NULL, props = NULL;
const struct report_type_t *report = NULL;
xmlNsPtr ns[NUM_NAMESPACE];
- struct hash_table ns_table = { 0, NULL, NULL };
+ struct hash_table ns_table = HASH_TABLE_INITIALIZER;
struct propfind_ctx fctx;
struct propfind_entry_list *elist = NULL;
diff --git a/lib/hash.c b/lib/hash.c
index 9703142c3b..84f2e80d28 100644
--- a/lib/hash.c
+++ b/lib/hash.c
@@ -43,10 +43,11 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
assert(table);
assert(size);
- table->size = size;
+ table->size = size;
+ table->seed = rand(); /* might be zero, that's okay */
/* Allocate the table -- different for using memory pools and not */
- if(use_mpool) {
+ if (use_mpool) {
/* Allocate an initial memory pool for 32 byte keys + the hash table
* + the buckets themselves */
table->pool =
@@ -72,7 +73,7 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
EXPORTED void *hash_insert(const char *key, void *data, hash_table *table)
{
- unsigned val = strhash(key) % table->size;
+ unsigned val = strhash_seeded(table->seed, key) % table->size;
bucket *ptr, *newptr;
bucket **prev;
@@ -153,9 +154,14 @@ EXPORTED void *hash_insert(const char *key, void *data, hash_table *table)
EXPORTED void *hash_lookup(const char *key, hash_table *table)
{
- unsigned val = strhash(key) % table->size;
+ unsigned val;
bucket *ptr;
+ if (!table->size)
+ return NULL;
+
+ val = strhash_seeded(table->seed, key) % table->size;
+
if (!(table->table)[val])
return NULL;
@@ -178,8 +184,7 @@ EXPORTED void *hash_lookup(const char *key, hash_table *table)
* since it will leak memory until you get rid of the entire hash table */
EXPORTED void *hash_del(const char *key, hash_table *table)
{
- unsigned val = strhash(key) % table->size;
- void *data;
+ unsigned val = strhash_seeded(table->seed, key) % table->size;
bucket *ptr, *last = NULL;
if (!(table->table)[val])
@@ -200,15 +205,10 @@ EXPORTED void *hash_del(const char *key, hash_table *table)
int cmpresult = strcmp(key, ptr->key);
if (!cmpresult)
{
+ void *data = ptr->data;
if (last != NULL )
{
- data = ptr -> data;
last -> next = ptr -> next;
- if(!table->pool) {
- free(ptr->key);
- free(ptr);
- }
- return data;
}
/*
@@ -221,15 +221,15 @@ EXPORTED void *hash_del(const char *key, hash_table *table)
else
{
- data = ptr->data;
(table->table)[val] = ptr->next;
- if(!table->pool) {
- free(ptr->key);
- free(ptr);
- }
- return data;
}
- } else if (cmpresult < 0) {
+ if(!table->pool) {
+ free(ptr->key);
+ free(ptr);
+ }
+ return data;
+ }
+ if (cmpresult < 0) {
/* its not here! */
return NULL;
}
diff --git a/lib/hash.h b/lib/hash.h
index 8051ac1760..cfa7da1ffa 100644
--- a/lib/hash.h
+++ b/lib/hash.h
@@ -3,10 +3,11 @@
#define HASH__H
#include <stddef.h> /* For size_t */
+#include <stdint.h>
#include "mpool.h"
#include "strarray.h"
-#define HASH_TABLE_INITIALIZER {0, NULL, NULL}
+#define HASH_TABLE_INITIALIZER {0, 0, NULL, NULL}
/*
** A hash table consists of an array of these buckets. Each bucket
@@ -32,6 +33,7 @@ typedef struct bucket {
typedef struct hash_table {
size_t size;
+ uint32_t seed;
bucket **table;
struct mpool *pool;
} hash_table;
diff --git a/lib/strhash.c b/lib/strhash.c
index d7c1741d2a..1b3251db73 100644
--- a/lib/strhash.c
+++ b/lib/strhash.c
@@ -42,17 +42,32 @@
#include "config.h"
-EXPORTED unsigned strhash(const char *string)
+#include "lib/strhash.h"
+
+/* The well-known djb2 algorithm (e.g. http://www.cse.yorku.ca/~oz/hash.html),
+ * with the addition of an optional seed to limit predictability.
+ *
+ * XXX return type 'unsigned' for back-compat to previous version, but
+ * XXX ought to be 'uint32_t'
+ */
+EXPORTED unsigned strhash_seeded_djb2(uint32_t seed, const char *string)
{
- unsigned ret_val = 0;
- int i;
+ const unsigned char *ustr = (const unsigned char *) string;
+ unsigned hash = 5381;
+ int c;
- while (*string)
- {
- i = (int) *string;
- ret_val ^= i;
- ret_val <<= 1;
- string ++;
- }
- return ret_val;
+ if (seed) {
+ /* treat the bytes of the seed as a prefix to the string */
+ unsigned i;
+ for (i = 0; i < sizeof seed; i++) {
+ c = seed & 0xff;
+ hash = ((hash << 5) + hash) ^ c;
+ seed >>= 8;
+ }
+ }
+
+ while ((c = *ustr++))
+ hash = ((hash << 5) + hash) ^ c;
+
+ return hash;
}
diff --git a/lib/strhash.h b/lib/strhash.h
index 34533fdffa..27339bb288 100644
--- a/lib/strhash.h
+++ b/lib/strhash.h
@@ -41,7 +41,11 @@
*/
#ifndef _STRHASH_H_
+#include <stdint.h>
-unsigned strhash(const char *string);
+unsigned strhash_seeded_djb2(uint32_t seed, const char *string);
+
+#define strhash(in) strhash_seeded_djb2((0), (in))
+#define strhash_seeded(sd, in) strhash_seeded_djb2((sd), (in))
#endif /* _STRHASH_H_ */

30
SOURCES/cyrus-imapd-CVE-2019-18928.patch
View File

@ -1,30 +0,0 @@
diff --git a/imap/httpd.c b/imap/httpd.c
index 5dcf38dc4..d2fdeb945 100644
--- a/imap/httpd.c
+++ b/imap/httpd.c
@@ -1729,6 +1729,25 @@ static int examine_request(struct transaction_t *txn)
txn->auth_chal.scheme = NULL;
}
+ /* Drop auth credentials, if not a backend in a Murder */
+ else if (!config_mupdate_server || !config_getstring(IMAPOPT_PROXYSERVERS)) {
+ syslog(LOG_DEBUG, "drop auth creds");
+
+ free(httpd_userid);
+ httpd_userid = NULL;
+
+ free(httpd_extrafolder);
+ httpd_extrafolder = NULL;
+
+ free(httpd_extradomain);
+ httpd_extradomain = NULL;
+
+ if (httpd_authstate) {
+ auth_freestate(httpd_authstate);
+ httpd_authstate = NULL;
+ }
+ }
+
/* Perform proxy authorization, if necessary */
else if (saslprops.authid &&
(hdr = spool_getheader(txn->req_hdrs, "Authorize-As")) &&

13
SOURCES/cyrus-imapd-CVE-2019-19783.patch
View File

@ -1,13 +0,0 @@
diff --git a/imap/lmtp_sieve.c b/imap/lmtp_sieve.c
index 4c3bbc3..d0abdd3 100644
--- a/imap/lmtp_sieve.c
+++ b/imap/lmtp_sieve.c
@@ -999,7 +999,7 @@ static int autosieve_createfolder(const char *userid, const struct auth_state *a
if (createsievefolder) {
/* Folder is already in internal namespace format */
r = mboxlist_createmailbox(internalname, 0, NULL,
- 1, userid, auth_state, 0, 0, 0, 1, NULL);
+ 0, userid, auth_state, 0, 0, 0, 1, NULL);
if (!r) {
mboxlist_changesub(internalname, userid, auth_state, 1, 1, 1);
syslog(LOG_DEBUG, "autosievefolder: User %s, folder %s creation succeeded",

23
SOURCES/cyrus-imapd-close_backup_fd_on_error.patch
View File

@ -1,23 +0,0 @@
From 725e1efbd923c6d15ba639e17bfd0baabc619daa Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pzhukov@redhat.com>
Date: Mon, 1 Oct 2018 15:55:35 +0200
Subject: [PATCH] Close file descriptior in case of error
Make static code analizers happy.
If stat() failed for some reason it may lead backup fd unclosed.
---
backup/lcb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/backup/lcb.c b/backup/lcb.c
index 8c4a0e31a..9a04b08f2 100644
--- a/backup/lcb.c
+++ b/backup/lcb.c
@@ -182,6 +182,7 @@ HIDDEN int backup_real_open(struct backup **backupp,
if (r) {
syslog(LOG_ERR, "IOERROR: (f)stat %s: %m", backup->data_fname);
r = IMAP_IOERROR;
+ close(fd);
goto error;
}

38
SOURCES/cyrus-imapd-close_backup_on_failure.patch
View File

@ -1,38 +0,0 @@
From 5d00f649b4d2a599905d1b9290c91a769909741d Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pzhukov@redhat.com>
Date: Mon, 24 Sep 2018 17:24:48 +0200
Subject: [PATCH] Close backup on failure.
Static analizers report this as memory leak issue.
---
backup/ctl_backups.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/backup/ctl_backups.c b/backup/ctl_backups.c
index 3d817e743..e532eedb7 100644
--- a/backup/ctl_backups.c
+++ b/backup/ctl_backups.c
@@ -955,6 +955,7 @@ static int lock_run_pipe(const char *userid, const char *fname,
if (r) {
printf("NO failed (%s)\n", error_message(r));
+ r = backup_close(&backup);
return EC_SOFTWARE; // FIXME would something else be more appropriate?
}
@@ -993,6 +994,7 @@ static int lock_run_sqlite(const char *userid, const char *fname,
fprintf(stderr, "unable to lock %s: %s\n",
userid ? userid : fname,
error_message(r));
+ r = backup_close(&backup);
return EC_SOFTWARE;
}
@@ -1053,6 +1055,7 @@ static int lock_run_exec(const char *userid, const char *fname,
fprintf(stderr, "unable to lock %s: %s\n",
userid ? userid : fname,
error_message(r));
+ r = backup_close(&backup);
return EC_SOFTWARE;
}

26
SOURCES/cyrus-imapd-cve_2019_11356.patch
View File

@ -1,26 +0,0 @@
diff --git a/imap/httpd.c b/imap/httpd.c
index dc53f8c..24b65e5 100644
--- a/imap/httpd.c
+++ b/imap/httpd.c
@@ -2202,7 +2202,7 @@ EXPORTED time_t calc_compile_time(const char *time, const char *date)
memset(&tm, 0, sizeof(struct tm));
tm.tm_isdst = -1;
sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
- sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
+ sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
tm.tm_year -= 1900;
for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) {
if (!strcmp(month, monthname[tm.tm_mon])) break;
diff --git a/imap/ical_support.c b/imap/ical_support.c
index 1d7550a..e1bda50 100644
--- a/imap/ical_support.c
+++ b/imap/ical_support.c
@@ -458,7 +458,7 @@ const char *get_icalcomponent_errstr(icalcomponent *ical)
/* Check if this is an empty property error */
if (sscanf(errstr,
- "No value for %s property", propname) == 1) {
+ "No value for %255s property", propname) == 1) {
/* Empty LOCATION is OK */
if (!strcasecmp(propname, "LOCATION")) continue;
if (!strcasecmp(propname, "COMMENT")) continue;

2
SOURCES/cyrus-imapd-init.service
View File

@ -9,4 +9,4 @@ ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-ca.pem
Type=oneshot
Group=mail
RemainAfterExit=no
ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640
ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640

17
SOURCES/cyrus-imapd-load-tombstones-for-cleanup.patch
View File

@ -1,17 +0,0 @@
diff --git a/imap/cyr_expire.c b/imap/cyr_expire.c
index bcb40ea..747414a 100644
--- a/imap/cyr_expire.c
+++ b/imap/cyr_expire.c
@@ -628,9 +628,10 @@ int main(int argc, char *argv[])
}
if (do_user)
- mboxlist_usermboxtree(do_user, expire, &erock, MBOXTREE_DELETED);
+ mboxlist_usermboxtree(do_user, expire, &erock, MBOXTREE_DELETED|MBOXTREE_TOMBSTONES);
else
- mboxlist_allmbox(find_prefix, expire, &erock, 0);
+ mboxlist_allmbox(find_prefix, expire, &erock,
+ MBOXTREE_TOMBSTONES);
syslog(LOG_NOTICE, "Expired %lu and expunged %lu out of %lu "
"messages from %lu mailboxes",

66
SOURCES/cyrus-imapd-master_rename.patch
View File

@ -1,66 +0,0 @@
diff --git a/Cassandane/Instance.pm b/cassandane/Cassandane/Instance.pm
index 1561143..c60396e 100644
--- a/Cassandane/Instance.pm
+++ b/Cassandane/Instance.pm
@@ -166,7 +166,7 @@ sub get_version
my $cyrus_master;
foreach my $d (qw( bin sbin libexec libexec/cyrus-imapd lib cyrus/bin ))
{
- my $try = "$cyrus_destdir$cyrus_prefix/$d/master";
+ my $try = "$cyrus_destdir$cyrus_prefix/$d/cyrus-master";
if (-x $try) {
$cyrus_master = $try;
last;
diff --git a/Cassandane/Instance.pm b/Cassandane/Instance.pm
index c60396e..7b2883a 100644
--- a/Cassandane/Instance.pm
+++ b/Cassandane/Instance.pm
@@ -546,7 +546,7 @@ sub _pid_file
{
my ($self, $name) = @_;
- $name ||= 'master';
+ $name ||= 'cyrus-master';
return $self->{basedir} . "/run/$name.pid";
}
@@ -569,7 +569,7 @@ sub _list_pid_files
closedir(RUNDIR);
@pidfiles = sort { $a cmp $b } @pidfiles;
- @pidfiles = ( 'master', grep { $_ ne 'master' } @pidfiles );
+ @pidfiles = ( 'cyrus-master', grep { $_ ne 'cyrus-master' } @pidfiles );
return @pidfiles;
}
@@ -877,7 +877,7 @@ sub _start_master
# Now start the master process.
my @cmd =
(
- 'master',
+ 'cyrus-master',
# The following is added automatically by _fork_command:
# '-C', $self->_imapd_conf(),
'-l', '255',
@@ -886,7 +886,7 @@ sub _start_master
'-M', $self->_master_conf(),
);
if (get_verbose) {
- my $logfile = $self->{basedir} . '/conf/master.log';
+ my $logfile = $self->{basedir} . '/conf/cyrus-master.log';
xlog "_start_master: logging to $logfile";
push(@cmd, '-L', $logfile);
}
diff --git a/Cassandane/Instance.pm b/Cassandane/Instance.pm
index 7b2883a..0c1e5fb 100644
--- a/Cassandane/Instance.pm
+++ b/Cassandane/Instance.pm
@@ -1301,7 +1301,7 @@ sub send_sighup
return if ($self->{_stopped});
xlog "sighup";
- my $pid = $self->_read_pid_file('master') or return;
+ my $pid = $self->_read_pid_file('cyrus-master') or return;
kill(SIGHUP, $pid) or die "Can't send signal SIGHUP to pid $pid: $!";
return 1;
}

73
SOURCES/cyrus-imapd-memory_leak_on_cleanup.patch
View File

@ -1,73 +0,0 @@
From acfc393638ad1b81a4234173b060bb63907ee52c Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pzhukov@redhat.com>
Date: Mon, 1 Oct 2018 15:51:01 +0200
Subject: [PATCH] Replace simple return with cleanup flow
Make cleanup more consistence to prevent leaks of memory pointed by
filter/base/res
---
ptclient/ldap.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
index 0b82d2c6b..65bae7bd6 100644
--- a/ptclient/ldap.c
+++ b/ptclient/ldap.c
@@ -1388,13 +1388,14 @@ static int ptsmodule_make_authstate_group(
if (strncmp(canon_id, "group:", 6)) { // Sanity check
*reply = "not a group identifier";
- return PTSM_FAIL;
+ rc = PTSM_FAIL;
+ goto done;
}
rc = ptsmodule_connect();
if (rc != PTSM_OK) {
*reply = "ptsmodule_connect() failed";
- return rc;
+ goto done;;
}
rc = ptsmodule_expand_tokens(ptsm->group_filter, canon_id+6, NULL, &filter);
@@ -1425,17 +1426,19 @@ static int ptsmodule_make_authstate_group(
if (rc != LDAP_SUCCESS) {
syslog(LOG_DEBUG, "(groups) Result from domain query not OK");
- return rc;
+ goto done;
} else {
syslog(LOG_DEBUG, "(groups) Result from domain query OK");
}
if (ldap_count_entries(ptsm->ld, res) < 1) {
syslog(LOG_ERR, "(groups) No domain %s found", domain);
- return PTSM_FAIL;
+ rc = PTSM_FAIL;
+ goto done;
} else if (ldap_count_entries(ptsm->ld, res) > 1) {
syslog(LOG_ERR, "(groups) Multiple domains %s found", domain);
- return PTSM_FAIL;
+ rc = PTSM_FAIL;
+ goto done;
} else {
syslog(LOG_DEBUG, "(groups) Domain %s found", domain);
if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
@@ -1452,7 +1455,7 @@ static int ptsmodule_make_authstate_group(
}
if (rc != PTSM_OK) {
- return rc;
+ goto done;
} else {
base = xstrdup(ptsm->group_base);
syslog(LOG_DEBUG, "Continuing with ptsm->group_base: %s", ptsm->group_base);
@@ -1462,7 +1465,7 @@ static int ptsmodule_make_authstate_group(
} else {
rc = ptsmodule_expand_tokens(ptsm->group_base, canon_id, NULL, &base);
if (rc != PTSM_OK)
- return rc;
+ goto done;
}
syslog(LOG_DEBUG, "(groups) about to search %s for %s", base, filter);

102
SOURCES/cyrus-imapd-memory_leak_on_cleanup_2.patch
View File

@ -1,102 +0,0 @@
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
index 7e48879..dafa724 100644
--- a/ptclient/ldap.c
+++ b/ptclient/ldap.c
@@ -932,7 +932,7 @@ static int ptsmodule_get_dn(
{
rc = ptsmodule_expand_tokens(ptsm->filter, canon_id, NULL, &filter);
if (rc != PTSM_OK)
- return rc;
+ goto done;
if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
syslog(LOG_DEBUG, "Attempting to get domain for %s from %s", canon_id, ptsm->domain_base_dn);
@@ -955,19 +955,23 @@ static int ptsmodule_get_dn(
ldap_unbind(ptsm->ld);
ptsm->ld = NULL;
syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc));
- return PTSM_RETRY;
+ rc = PTSM_RETRY;
+ goto done;
}
syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc));
- return PTSM_FAIL;
+ rc = PTSM_FAIL;
+ goto done;
}
if (ldap_count_entries(ptsm->ld, res) < 1) {
syslog(LOG_ERR, "No domain %s found", domain);
- return PTSM_FAIL;
+ rc = PTSM_FAIL;
+ goto done;
} else if (ldap_count_entries(ptsm->ld, res) > 1) {
syslog(LOG_ERR, "Multiple domains %s found", domain);
- return PTSM_FAIL;
+ rc = PTSM_FAIL;
+ goto done;
} else {
if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_result_attribute)) != NULL) {
@@ -982,7 +986,7 @@ static int ptsmodule_get_dn(
}
if (rc != PTSM_OK) {
- return rc;
+ goto done;
} else {
base = xstrdup(ptsm->base);
syslog(LOG_DEBUG, "Continuing with ptsm->base: %s", ptsm->base);
@@ -993,23 +997,23 @@ static int ptsmodule_get_dn(
} else {
rc = ptsmodule_expand_tokens(ptsm->base, canon_id, NULL, &base);
if (rc != PTSM_OK)
- return rc;
+ goto done;
}
rc = ldap_search_st(ptsm->ld, base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res);
if (rc != LDAP_SUCCESS) {
syslog(LOG_DEBUG, "Searching %s with %s failed", base, base);
- free(filter);
- free(base);
if (rc == LDAP_SERVER_DOWN) {
ldap_unbind(ptsm->ld);
ptsm->ld = NULL;
- return PTSM_RETRY;
+ rc = PTSM_RETRY;
+ goto done;
}
- return PTSM_FAIL;
+ rc = PTSM_FAIL;
+ goto done;
}
free(filter);
@@ -1035,6 +1039,13 @@ static int ptsmodule_get_dn(
}
return (*ret ? PTSM_OK : PTSM_FAIL);
+
+ done:
+ if (filter)
+ free(filter);
+ if (base)
+ free(base);
+ return rc;
}
@@ -1344,7 +1355,7 @@ static int ptsmodule_make_authstate_group(
rc = ptsmodule_connect();
if (rc != PTSM_OK) {
*reply = "ptsmodule_connect() failed";
- goto done;;
+ goto done;
}
rc = ptsmodule_expand_tokens(ptsm->group_filter, canon_id+6, NULL, &filter);

64
SOURCES/cyrus-imapd-ptclient-canonification_across_multiple_domains.patch
View File

@ -1,64 +0,0 @@
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
index 2fc306e..4dc9be1 100644
--- a/ptclient/ldap.c
+++ b/ptclient/ldap.c
@@ -934,7 +934,58 @@ static int ptsmodule_get_dn(
if (rc != PTSM_OK)
goto done;
- if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
+ if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') == NULL)) {
+ syslog(LOG_DEBUG, "collecting all domains from %s", ptsm->domain_base_dn);
+
+ snprintf(domain_filter, sizeof(domain_filter), ptsm->domain_filter, "*");
+
+ syslog(LOG_DEBUG, "Domain filter: %s", domain_filter);
+
+ rc = ldap_search_st(ptsm->ld, ptsm->domain_base_dn, ptsm->domain_scope, domain_filter, domain_attrs, 0, &(ptsm->timeout), &res);
+
+ if (rc != LDAP_SUCCESS) {
+ if (rc == LDAP_SERVER_DOWN) {
+ syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc));
+ ldap_unbind(ptsm->ld);
+ ptsm->ld = NULL;
+ return PTSM_RETRY;
+ }
+
+ syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc));
+ return PTSM_FAIL;
+ }
+ if (ldap_count_entries(ptsm->ld, res) < 1) {
+ syslog(LOG_ERR, "No domain found");
+ return PTSM_FAIL;
+ } else if (ldap_count_entries(ptsm->ld, res) >= 1) {
+ int count_matches = 0;
+ char *temp_base = NULL;
+ LDAPMessage *res2;
+ for (entry = ldap_first_entry(ptsm->ld, res); entry != NULL; entry = ldap_next_entry(ptsm->ld, entry)) {
+ if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_name_attribute)) != NULL) {
+ syslog(LOG_DEBUG, "we have a domain %s", vals[0]);
+ ptsmodule_standard_root_dn(vals[0], &temp_base);
+ rc = ldap_search_st(ptsm->ld, temp_base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res2);
+ if (rc == LDAP_SUCCESS && ldap_count_entries(ptsm->ld, res2) == 1) {
+ syslog(LOG_DEBUG, "Found %s in %s", canon_id, temp_base);
+ base = temp_base;
+ count_matches++;
+ }
+ }
+ }
+
+ if (count_matches > 1) {
+ syslog(LOG_ERR, "LDAP search for %s failed because it matches multiple accounts.", canon_id);
+ return PTSM_FAIL;
+ } else if (count_matches == 0) {
+ syslog(LOG_ERR, "LDAP search for %s failed because it does not match any account in all domains.", canon_id);
+ return PTSM_FAIL;
+ }
+
+ syslog(LOG_DEBUG, "we have found %s in %s", canon_id, base);
+ }
+ }
+ else if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
syslog(LOG_DEBUG, "Attempting to get domain for %s from %s", canon_id, ptsm->domain_base_dn);
/* Get the base dn to search from domain_base_dn searched on domain_scope with

68
SOURCES/cyrus-imapd-use_system_ciphers.patch
View File

@ -1,68 +0,0 @@
diff --git a/lib/imapoptions b/lib/imapoptions
index 37f8371..898b943 100644
--- a/lib/imapoptions
+++ b/lib/imapoptions
@@ -2207,12 +2207,12 @@ product version in the capabilities
{ "tls_cert_file", NULL, STRING, "2.5.0", "tls_server_cert" }
/* Deprecated in favor of \fItls_server_cert\fR. */
-{ "tls_cipher_list", "DEFAULT", STRING, "2.5.0", "tls_ciphers" }
+{ "tls_cipher_list", "PROFILE=SYSTEM", STRING, "2.5.0", "tls_ciphers" }
/* Deprecated in favor of \fItls_ciphers\fR. */
-{ "tls_ciphers", "DEFAULT", STRING }
+{ "tls_ciphers", "PROFILE=SYSTEM", STRING }
/* The list of SSL/TLS ciphers to allow. The format of the string
- (and definition of "DEFAULT") is described in \fBciphers(1)\fR.
+ (and definition of "PROFILE=SYSTEM") is described in \fBciphers(1)\fR.
.PP
See also Mozilla's server-side TLS recommendations:
.PP
diff --git a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
index c45d94b..495a2c7 100644
--- a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
+++ b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
@@ -4298,7 +4298,7 @@ FIELD DESCRIPTIONS
.. startblob tls_cipher_list
- ``tls_cipher_list:`` DEFAULT
+ ``tls_cipher_list:`` PROFILE=SYSTEM
Deprecated in favor of *tls_ciphers*.
@@ -4307,10 +4307,10 @@ FIELD DESCRIPTIONS
.. startblob tls_ciphers
- ``tls_ciphers:`` DEFAULT
+ ``tls_ciphers:`` PROFILE=SYSTEM
The list of SSL/TLS ciphers to allow. The format of the string
- (and definition of "DEFAULT") is described in **ciphers(1)**.
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
See also Mozilla's server-side TLS recommendations:
diff --git a/doc/text/imap/reference/manpages/configs/imapd.conf.txt b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
index 1801cd7..7c77154 100644
--- a/doc/text/imap/reference/manpages/configs/imapd.conf.txt
+++ b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
@@ -2675,14 +2675,14 @@ FIELD DESCRIPTIONS
Deprecated in favor of *tls_server_cert*.
- "tls_cipher_list:" DEFAULT
+ "tls_cipher_list:" PROFILE=SYSTEM
Deprecated in favor of *tls_ciphers*.
- "tls_ciphers:" DEFAULT
+ "tls_ciphers:" PROFILE=SYSTEM
The list of SSL/TLS ciphers to allow. The format of the string
- (and definition of "DEFAULT") is described in **ciphers(1)**.
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
See also Mozilla's server-side TLS recommendations:

409
SOURCES/cyrus-imapd.cvt_cyrusdb_all
View File

@ -1,409 +0,0 @@
#!/bin/bash
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# This script converts all db files of a cyrus installation from their
# existing format to the format required by the current installation.
# The format of current db files is determined using the 'file' command
# with a magic file added for skiplist db, the new format is read from
# a config file usually in /usr/share/cyrus-imapd/rpm/db.cfg, which is
# created while compiling. After converting, the db.cfg file is
# copied to a cache file usually at /var/lib/imap/rpm/db.cfg.cache to
# allow bypassing this converting script if both files are identical.
# While this is a bit less secure, it may be useful on big server where
# db converting is done automatically.
#
# This script can safely be run as root, it will reexec itself as user
# cyrus if needed.
#
# author: Simon Matter, Invoca Systems <simon.matter@invoca.ch>
# changelog
# v1.0.1, Oct 22 2002 Simon Matter <simon.matter@invoca.ch>
# - added two-step conversion method
#
# v1.0.2, Jan 10 2003 Simon Matter <simon.matter@invoca.ch>
# - fixed a bug where cvt_cyrusdb was called to convert empty or
# nonexistent files
#
# v1.0.3, Mar 14 2003 Simon Matter <simon.matter@invoca.ch>
# - fixed a problem with new versions of the file command
#
# v1.0.4
# - added GPL license
#
# v1.0.5, May 02 2003 Simon Matter <simon.matter@invoca.ch>
# - modified exec path
#
# v1.0.6, Jul 18 2003 Simon Matter <simon.matter@invoca.ch>
# - changed db3 to berkeley
# - added new db backends for 2.2
#
# v1.0.7, Jan 23 2004 Simon Matter <simon.matter@invoca.ch>
# - included some modifications from Luca Olivetti <luca@olivetti.cjb.net>
# - added masssievec functionality
#
# v1.0.8, Jan 28 2004 Simon Matter <simon.matter@invoca.ch>
# - convert sieve scripts to UTF-8 before calling masssievec
#
# v1.0.9, Jan 29 2004 Simon Matter <simon.matter@invoca.ch>
# - convert sieve scripts to UTF-8 only if sievec failed before
#
# v1.0.10, Feb 24 2004 Simon Matter <simon.matter@invoca.ch>
# - change su within init script to get input from
# /dev/null, this prevents hang when running in SELinux
#
# v1.0.11, Mar 02 2004 Simon Matter <simon.matter@invoca.ch>
# - fixed SELinux fix
#
# v1.0.12, Dec 16 2004 Simon Matter <simon.matter@invoca.ch>
# - use runuser instead of su if available
#
# v1.0.13, Jul 15 2005 Simon Matter <simon.matter@invoca.ch>
# - don't use flat in the two step conversion, use skiplist instead
#
# v1.0.14, Jul 18 2005 Simon Matter <simon.matter@invoca.ch>
# - replace the order of the magic files in the file call to make
# sure skiplist is detected correctly.
#
# v1.0.15, Aug 17 2005 Simon Matter <simon.matter@invoca.ch>
# - add functionality to export all berkeley db files to skiplist
#
# v1.1.0, Aug 18 2005 Simon Matter <simon.matter@invoca.ch>
# - fix export functionality, try to recover Berkeley databases
# as much as possible before any conversion.
#
# v1.1.1, Dec 05 2005 Simon Matter <simon.matter@invoca.ch>
# - run db_checkpoint in background with a timeout to prevent
# that cyrus-imapd doesn't start at all if it hangs.
#
# v1.1.2, Dec 06 2005 Simon Matter <simon.matter@invoca.ch>
# - make handling of db_checkpoint more robust
#
# v1.2.0, Jan 12 2006 Simon Matter <simon.matter@invoca.ch>
# - adopt for cyrus-imapd-2.3
#
# v1.2.1, Jan 13 2006 Simon Matter <simon.matter@invoca.ch>
# - code cleanup
#
# v1.2.2, Nov 29 2007 Simon Matter <simon.matter@invoca.ch>
# - add ability to handle "@include" options in imapd.conf, patch
# provided by Tim Bannister
#
# v1.2.3, Feb 07 2008 Simon Matter <simon.matter@invoca.ch>
# - add ability to handle tabs in imapd.conf, patch provided
# by Franz Knipp
# - disable default values for some config options like sievedir
#
# v1.2.4, Apr 23 2008 Simon Matter <simon.matter@invoca.ch>
# - add support for statuscache.db
#
# v1.3.0, Sep 29 2008 Simon Matter <simon.matter@invoca.ch>
# - add multi-instance support
#
# v1.3.1, Oct 09 2008 Simon Matter <simon.matter@invoca.ch>
# - improve variable handling
#
# v1.3.2, May 26 2009 Simon Matter <simon.matter@invoca.ch>
# - add some sanity checks to multi-instance support
#
# v1.3.3, May 27 2009 Simon Matter <simon.matter@invoca.ch>
# - make some cosmetic changes
#
# v1.3.4, Dec 22 2009 Simon Matter <simon.matter@invoca.ch>
# - add support for user_deny.db
VERSION=1.3.4
PIDFILE=/var/run/cyrus-master${INSTANCE}.pid
# instance config
CYRUSCONF=/etc/cyrus${INSTANCE}.conf
IMAPDCONF=/etc/imapd${INSTANCE}.conf
# make sure what we have is a valid instance
# and that config files are present
if [ -n "$INSTANCE" ]; then
[ -L /etc/rc.d/init.d/${BASENAME} ] || exit 0
fi
[ -f $CYRUSCONF ] || exit 0
[ -f $IMAPDCONF ] || exit 0
if [ -f $PIDFILE ]; then
read CYRUS_PID < $PIDFILE
if [ -n "$CYRUS_PID" ]; then
if ps -p $CYRUS_PID > /dev/null 2>&1; then
echo "ERROR: cyrus-master is running, unable to convert mailboxes!"
exit 1
fi
fi
fi
if [ ! -f $IMAPDCONF ]; then
echo "ERROR: configuration file '${IMAPDCONF}' not found, exiting!"
exit 1
fi
# fallback to su if runuser not available
if [ -x /sbin/runuser ]; then
RUNUSER=runuser
else
RUNUSER=su
fi
# force cyrus user for security reasons
if [ ! $(whoami) = "cyrus" ]; then
exec $RUNUSER - cyrus -c "cd $PWD < /dev/null ; INSTANCE=$INSTANCE $0 $*"
fi
# special function for migration
EXPORT=$1
# files get mode 0600
umask 166
# show version info in log files
echo "cvt_cyrusdb_all version: $VERSION"
# expand_config <path>
# handle "@include" sections from imapd style config file
expand_config() {
while read line; do
if printf "%s\n" "${line}" | grep -q '^@include:'; then
expand_config "$( printf "%s\n" "${line}" | cut -d : -f 2- | sed -e 's/^[\t ]*//' )"
else
printf "%s\n" "${line}"
fi
done < $1
}
# get_config <config> [<default>]
# extracts config option from config file
get_config() {
searchstr=$1
if config="$(expand_config $IMAPDCONF | egrep "^${searchstr}:")"; then
CFGVAL="$(printf "%s\n" "$config" | cut -d : -f 2- | sed -e 's/^[\t ]*//')"
else
if [ -z "$2" ]; then
echo "ERROR: config option '$1' not found in ${IMAPDCONF}, exiting!" 1>&2
return 1
fi
CFGVAL="$2"
fi
echo "get_config ${1}: $CFGVAL" 1>&2
echo "$CFGVAL"
}
# where to find files and directories
data_dir=/usr/share/cyrus-imapd/rpm
lib_dir=/usr/lib/cyrus-imapd
system_magic=$(file --version | awk '/magic file/ {print $4}')
cyrus_magic=${data_dir}/magic
cvt_cyrusdb=${lib_dir}/cvt_cyrusdb
sievec=${lib_dir}/sievec
masssievec=${lib_dir}/masssievec
imap_prefix=$(get_config configdirectory) || exit 1
sieve_dir=$(get_config sievedir) || exit 1
db_cfg=${data_dir}/db.cfg
db_current=${imap_prefix}/rpm/db.cfg.current
db_cache=${imap_prefix}/rpm/db.cfg.cache
# source default db backend config
. $db_cfg
# get configured db backend config
duplicate_db=$(get_config duplicate_db $duplicate_db) || exit 1
mboxlist_db=$(get_config mboxlist_db $mboxlist_db) || exit 1
seenstate_db=$(get_config seenstate_db $seenstate_db) || exit 1
subscription_db=$(get_config subscription_db $subscription_db) || exit 1
tlscache_db=$(get_config tlscache_db $tlscache_db) || exit 1
annotation_db=$(get_config annotation_db $annotation_db) || exit 1
mboxkey_db=$(get_config mboxkey_db $mboxkey_db) || exit 1
ptscache_db=$(get_config ptscache_db $ptscache_db) || exit 1
quota_db=$(get_config quota_db $quota_db) || exit 1
statuscache_db=$(get_config statuscache_db $statuscache_db) || exit 1
userdeny_db=$(get_config userdeny_db $userdeny_db) || exit 1
# remember current db backend config
{
echo "duplicate_db=${duplicate_db}"
echo "mboxlist_db=${mboxlist_db}"
echo "seenstate_db=${seenstate_db}"
echo "subscription_db=${subscription_db}"
echo "tlscache_db=${tlscache_db}"
echo "annotation_db=${annotation_db}"
echo "mboxkey_db=${mboxkey_db}"
echo "ptscache_db=${ptscache_db}"
echo "quota_db=${quota_db}"
echo "statuscache_db=${statuscache_db}"
echo "userdeny_db=${userdeny_db}"
echo "sieve_version=${sieve_version}"
} | sort > $db_current
# file_type <file>
file_type() {
this_type=$(file -b -m "${cyrus_magic}:${system_magic}" "$1" 2> /dev/null)
if echo "$this_type" | grep -qi skip > /dev/null 2>&1; then
echo skiplist
elif echo "$this_type" | grep -qi text > /dev/null 2>&1; then
echo flat
else
echo berkeley
fi
}
# cvt_file <file> <db>
cvt_file() {
target="$1"
new_db="$2"
if [ -s "$target" ]; then
old_db=$(file_type "$target")
if [ ! "$old_db" = "$new_db" ]; then
# The two-step conversion is paranoia against the filenames being encoded
# inside the database or logfiles (berkeley does this, for example).
rm -f "${target}.skiplist"
if [ "$old_db" = "skiplist" ]; then
cp -a "$target" "${target}.skiplist"
else
$cvt_cyrusdb -C $IMAPDCONF "$target" "$old_db" "${target}.skiplist" skiplist
fi
RETVAL=$?
ERRVAL=$(( $ERRVAL + $RETVAL ))
if [ $RETVAL -eq 0 ]; then
rm -f "$target"
if [ -s "${target}.skiplist" ]; then
if [ "$new_db" = "skiplist" ]; then
cp -a "${target}.skiplist" "$target"
else
$cvt_cyrusdb -C $IMAPDCONF "${target}.skiplist" skiplist "$target" "$new_db"
fi
fi
RETVAL=$?
ERRVAL=$(( $ERRVAL + $RETVAL ))
if [ $RETVAL -eq 0 ]; then
rm -f "${target}.skiplist"
else
echo "ERROR: unable to convert ${target}.skiplist from skiplist to $new_db"
fi
else
echo "ERROR: unable to convert $target from $old_db to skiplist"
fi
fi
fi
}
# cvt_to_utf8 <file>
cvt_to_utf8() {
target="$1"
if [ -s "$target" ]; then
if ! $sievec -C $IMAPDCONF "$target" "${target}.sievec"; then
iconv --from-code=ISO-8859-1 --to-code=UTF-8 --output="${target}.UTF-8" "$target"
if [ -s "${target}.UTF-8" ]; then
# preserve timestamp
touch --reference="${target}" "${target}.UTF-8"
mv -f "${target}.UTF-8" "$target"
else
ERRVAL=$(( $ERRVAL + 1 ))
fi
fi
rm -f "${target}.sievec"
fi
}
ERRVAL=0
# make sure our Berkeley databases are in a sane state
# wait for db_checkpoint to end successfully or kill it after a timeout
db_checkpoint -v -1 -h ${imap_prefix}/db &
DB_CHECK_PID=$!
CNT=0
while [ $CNT -lt 60 ]; do
if ! kill -0 $DB_CHECK_PID > /dev/null 2>&1; then
break
fi
sleep 1
let CNT+=1
done
if kill -0 $DB_CHECK_PID > /dev/null 2>&1; then
kill -USR1 $DB_CHECK_PID > /dev/null 2>&1
sleep 1
kill -KILL $DB_CHECK_PID > /dev/null 2>&1
wait $DB_CHECK_PID > /dev/null 2>&1
fi
# do a normal recovery
db_recover -v -h ${imap_prefix}/db
RETVAL=$?
if [ $RETVAL -ne 0 ]; then
# try a catastrophic recovery instead of normal recovery
db_recover -v -c -h ${imap_prefix}/db
RETVAL=$?
ERRVAL=$(( $ERRVAL + $RETVAL ))
if [ $RETVAL -ne 0 ]; then
echo "ERROR: catastrophic recovery of Berkeley databases failed"
fi
fi
if [ "$EXPORT" = "export" ]; then
# convert all db files to portable format for migration
# TODO: quota_db, we don't touch it for now
cvt_file ${imap_prefix}/deliver.db "skiplist"
cvt_file ${imap_prefix}/mailboxes.db "skiplist"
cvt_file ${imap_prefix}/tls_sessions.db "skiplist"
cvt_file ${imap_prefix}/annotations.db "skiplist"
cvt_file ${imap_prefix}/ptclient/ptscache.db "skiplist"
cvt_file ${imap_prefix}/statuscache.db "skiplist"
cvt_file ${imap_prefix}/user_deny.db "flat"
rm -vf ${imap_prefix}/db/log.*
rm -vf ${imap_prefix}/db/__db.*
else
# always convert db files which have been converted to skiplist
# TODO: quota_db, we don't touch it for now
cvt_file ${imap_prefix}/deliver.db "$duplicate_db"
cvt_file ${imap_prefix}/mailboxes.db "$mboxlist_db"
cvt_file ${imap_prefix}/tls_sessions.db "$tlscache_db"
cvt_file ${imap_prefix}/annotations.db "$annotation_db"
cvt_file ${imap_prefix}/ptclient/ptscache.db "$ptscache_db"
cvt_file ${imap_prefix}/statuscache.db "$statuscache_db"
cvt_file ${imap_prefix}/user_deny.db "$userdeny_db"
# do we have to convert all databases?
if ! cmp -s $db_current $db_cache; then
# we treat sieve scripts the same way like db files
find ${sieve_dir}/ -name "*.script" -type f | while read db_file trash; do
cvt_to_utf8 "$db_file"
done
$masssievec $sievec $IMAPDCONF
# convert all db files left
find ${imap_prefix}/user/ -name "*.seen" -type f | while read db_file trash; do
cvt_file "$db_file" "$seenstate_db"
done
find ${imap_prefix}/user/ -name "*.sub" -type f | while read db_file trash; do
cvt_file "$db_file" "$subscription_db"
done
find ${imap_prefix}/user/ -name "*.mboxkey" -type f | while read db_file trash; do
cvt_file "$db_file" "$mboxkey_db"
done
fi
fi
# update the config cache file so we can check whether something has changed
if [ $ERRVAL -eq 0 ]; then
mv -f $db_current $db_cache
else
rm -f $db_cache
rm -f $db_current
fi
exit $ERRVAL

3
SOURCES/cyrus-imapd.service
View File

@ -8,7 +8,8 @@ After=cyrus-imapd-init.service
[Service]
Type=simple
EnvironmentFile=/etc/sysconfig/cyrus-imapd
ExecStart=/usr/libexec/cyrus-imapd/cyrus-master $CYRUSOPTIONS
ExecStart=/usr/libexec/cyrus-imapd/master $CYRUSOPTIONS
ExecReload=/bin/kill -HUP $MAINPID
PrivateTmp=true
# Cyrus may spawn many processes in normal operation. These figures are higher

5
SOURCES/cyrus-imapd.sysusers Normal file
View File

@ -0,0 +1,5 @@
#Type Name ID GECOS Home directory Shell
g saslauth 76
g mail 12
u cyrus 76:mail "Cyrus IMAP Server" /var/lib/imap /sbin/nologin
m cyrus saslauth

17
SOURCES/ellie-pub.key Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFU5pZUBCAC+m05W9nJnBkrfFO9I+iimF1WCsSZNFoASJ3WEeZxIkOQO9BZj
aKf8EP/nK7nEfNGZ2m+OrAtQU/+I8Sk1ppHuwZgENLvRzLsBGbv80kDKBw31Nd1f
sCpVQs4b8zlohXjq0UN8tT5NcGJnGE7ahoOHzJk/0Ll76oVmOZvSw+WHBp1945m2
Q8CbIbfmyuv7NF6GtGDVilPeIPsDnh5w5usjpKsxjYHKpy6Rtf4MbcCLtkRbHFra
KJD+xum0PgPdCAEEbQsSXQgwOd0TZ59avRVVef674PjWqIuudUGUhJ/f9OWOj7LG
6QgJR6yvCy7Bc2eAN4RnIIzaUZGaJDKDCNozABEBAAG0ImVsbGllIHRpbW9uZXkg
PGVsbGllQGZhc3RtYWlsLmNvbT6JATgEEwECACIFAlU5pZUCGwMGCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheAAAoJEFVPBP6zY3jgb9gH/3GPDLGybo7SYZMtBmfe+Udf
tcRkTtH+o2pf2rh6KwPhhEDuOXWVCIUPWXsWIVU2K5Y8AdBIHOEoSUp3n8juV57I
u9CfDI718/WaHgEpYrq5DqyROAFr+sGahcb6C40+V/CeUSAmKVhFGniuALUSAQ+B
XVj/i2EAFNg/5ALkPYDnDYDqm7Ak6odDbktYQz987y38sg3EMC/2wi2EoOG1VWeG
twFD8HKmXZw+u6cYtFh9K1hOBZm+PhLHr3h1MHTuWYeBKkT3YqaGtXMwi704LlNr
HU8beOHSNBSsVYJ61B4kgBA7p+qnx6xIpU2KfAJl8cgjCYwrq8yo+Lm9TazagfM=
=dIwC
-----END PGP PUBLIC KEY BLOCK-----

16
SOURCES/patch-cassandane-fix-annotator
View File

@ -1,14 +1,14 @@
diff --git a/utils/annotator.pl b/utils/annotator.pl
index 94b84a2..0208831 100755
--- a/utils/annotator.pl
+++ b/utils/annotator.pl
diff --git a/cassandane/utils/annotator.pl b/cassandane/utils/annotator.pl
index 265c73f..8af3d58 100755
--- a/cassandane/utils/annotator.pl
+++ b/cassandane/utils/annotator.pl
@@ -140,6 +140,8 @@ GetOptions(
xlog "annotator $$ starting";
Cassandane::AnnotatorDaemon->run(
pid_file => $pidfile,
- port => $port
pid_file => $pidfile,
- port => $port
+ port => $port,
+ user => (getpwuid($<))[0],
+ group => (getgrgid($())[0],
+ user => (getpwuid($<))[0],
+ group => (getgrgid($())[0],
);
xlog "annotator $$ exiting";

38
SOURCES/patch-cassandane-no-syslog
View File

@ -1,8 +1,27 @@
diff --git a/Cassandane/Util/Log.pm b/Cassandane/Util/Log.pm
index 9cd93d5..8d3b3c1 100644
--- a/Cassandane/Util/Log.pm
+++ b/Cassandane/Util/Log.pm
@@ -52,16 +52,12 @@ our @EXPORT = qw(
diff --git a/cassandane/Cassandane/Instance.pm b/cassandane/Cassandane/Instance.pm
index da47518..53df2dd 100644
--- a/cassandane/Cassandane/Instance.pm
+++ b/cassandane/Cassandane/Instance.pm
@@ -2179,12 +2179,8 @@ sub setup_syslog_replacement
{
my ($self) = @_;
- if (not(-e 'utils/syslog.so') || not(-e 'utils/syslog_probe')) {
- xlog "utils/syslog.so not found (do you need to run 'make'?)";
- xlog "tests will not examine syslog output";
- $self->{have_syslog_replacement} = 0;
- return;
- }
+ $self->{have_syslog_replacement} = 0;
+ return;
$self->{syslog_fname} = "$self->{basedir}/conf/log/syslog";
$self->{have_syslog_replacement} = 1;
diff --git a/cassandane/Cassandane/Util/Log.pm b/cassandane/Cassandane/Util/Log.pm
index 2720801..73ae390 100644
--- a/cassandane/Cassandane/Util/Log.pm
+++ b/cassandane/Cassandane/Util/Log.pm
@@ -52,9 +52,6 @@ our @EXPORT = qw(
my $verbose = 0;
@ -11,10 +30,11 @@ index 9cd93d5..8d3b3c1 100644
-
sub xlog
{
my ($pkg, $file, $line) = caller;
$pkg =~ s/^Cassandane:://;
my $msg = "=====> " . $pkg . "[" . $line . "] " . join(' ', @_);
print STDERR "$msg\n";
my $id;
@@ -89,7 +86,6 @@ sub xlog
else {
print STDERR "$msg\n";
}
- syslog(LOG_ERR, "$msg");
}

43
SOURCES/patch-cyrus-default-configs
View File

@ -1,27 +1,3 @@
diff --git a/doc/examples/cyrus_conf/prefork.conf b/doc/examples/cyrus_conf/prefork.conf
index 4ce2c0f..3b1e6d7 100644
--- a/doc/examples/cyrus_conf/prefork.conf
+++ b/doc/examples/cyrus_conf/prefork.conf
@@ -19,15 +19,15 @@ SERVICES {
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
-# http cmd="httpd" listen="http" prefork=3
-# https cmd="httpd -s" listen="https" prefork=1
+ http cmd="httpd" listen="http" prefork=3
+ https cmd="httpd -s" listen="https" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
- lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
+ lmtpunix cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1
# this is only necessary if using notifications
-# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
+# notify cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" prefork=1
}
EVENTS {
diff --git a/doc/examples/imapd_conf/normal.conf b/doc/examples/imapd_conf/normal.conf
index 95b54e9..3935b77 100644
--- a/doc/examples/imapd_conf/normal.conf
@ -67,8 +43,8 @@ index 95b54e9..3935b77 100644
-#
-# Allowed values: caldav, carddav, domainkey, ischedule, rss
-httpmodules: caldav carddav
+# Enable supported modules
+httpmodules: caldav carddav
+# Fedora default: enable all modules besides admin and tzdist
+httpmodules: caldav carddav domainkey freebusy ischedule rss webdav
# If enabled, the partitions will also be hashed, in addition to the
# hashing done on configuration directories. This is recommended if one
@ -112,3 +88,18 @@ index 95b54e9..3935b77 100644
# File containing the global certificate used for ALL services (imap,
# pop3, lmtp, sieve)
#tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
diff --git a/doc/examples/cyrus_conf/prefork.conf b/doc/examples/cyrus_conf/prefork.conf
index 186fe66..ab97848 100644
--- a/doc/examples/cyrus_conf/prefork.conf
+++ b/doc/examples/cyrus_conf/prefork.conf
@@ -19,8 +19,8 @@ SERVICES {
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
-# http cmd="httpd" listen="http" prefork=3
-# https cmd="httpd -s" listen="https" prefork=1
+ http cmd="httpd" listen="http" prefork=3
+ https cmd="httpd -s" listen="https" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0

32
SOURCES/patch-cyrus-ldap-group-retriaval
View File

@ -1,32 +0,0 @@
commit 1152ce70af232fc4200bbeca18961f99e12d73df
Author: Felix Schumacher <felix.schumacher@internetallee.de>
Date: Wed Feb 6 19:02:11 2019 +0100
Return correct group names when groups are resolved by filter
This fixes an regression, that was introduced with 61f5296c0d727faee4726525a6812b200d946d83.
Back then the logic was changed from len(vals) != 1 to two if clauses len(vals) < 1 and len(vals) > 1
which logged errors and an else clause (which matched the correct number of len(val) == 1) that
got the old error handling code.
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
index 40c9adee3..457951928 100644
--- a/ptclient/ldap.c
+++ b/ptclient/ldap.c
@@ -1336,11 +1336,15 @@ static int ptsmodule_make_authstate_filter(
syslog(LOG_ERR, "No values for attribute '%s' on entry '%s'",
ptsm->member_attribute,
errdn);
+ *reply = "no values";
+ rc = PTSM_FAIL;
+ ldap_value_free(vals);
+ vals = NULL;
+ goto done;
} else if (ldap_count_values(vals) > 1) {
syslog(LOG_ERR, "Too many values for attribute '%s' on entry '%s'",
ptsm->member_attribute,
errdn);
- } else {
*reply = "too many values";
rc = PTSM_FAIL;
ldap_value_free(vals);

13
SOURCES/patch-cyrus-managesieve-linking
View File

@ -1,13 +0,0 @@
diff --git a/perl/sieve/managesieve/Makefile.PL.in b/perl/sieve/managesieve/Makefile.PL.in
index 2bb715d..422504d 100644
--- a/perl/sieve/managesieve/Makefile.PL.in
+++ b/perl/sieve/managesieve/Makefile.PL.in
@@ -69,7 +69,7 @@ WriteMakefile(
'ABSTRACT' => 'Cyrus Sieve management interface',
'VERSION_FROM' => "@top_srcdir@/perl/sieve/managesieve/managesieve.pm", # finds $VERSION
'MYEXTLIB' => '../lib/.libs/libisieve.a @top_builddir@/perl/.libs/libcyrus.a @top_builddir@/perl/.libs/libcyrus_min.a',
- 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@"],
+ 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@ -lsqlite3 -lpq -lmariadb"],
'CCFLAGS' => '@GCOV_CFLAGS@',
'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING'
'INC' => "-I@top_srcdir@/lib -I@top_srcdir@/perl/sieve -I@top_srcdir@/perl/sieve/lib @SASLFLAGS@ @SSL_CPPFLAGS@",

26
SOURCES/patch-cyrus-perl-linking Normal file
View File

@ -0,0 +1,26 @@
diff --git a/perl/sieve/managesieve/Makefile.PL.in b/perl/sieve/managesieve/Makefile.PL.in
index 7180b98..d589ebe 100644
--- a/perl/sieve/managesieve/Makefile.PL.in
+++ b/perl/sieve/managesieve/Makefile.PL.in
@@ -69,7 +69,7 @@ WriteMakefile(
'ABSTRACT' => 'Cyrus Sieve management interface',
'VERSION_FROM' => "@top_srcdir@/perl/sieve/managesieve/managesieve.pm", # finds $VERSION
'MYEXTLIB' => '../lib/.libs/libisieve.a @top_builddir@/perl/.libs/libcyrus.a @top_builddir@/perl/.libs/libcyrus_min.a',
- 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @LIB_REGEX@ @ZLIB@ @SQLITE_LIBADD@ @MYSQL_LIBADD@ @PGSQL_LIBADD@"],
+ 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @LIB_REGEX@ @ZLIB@ @SQLITE_LIBADD@ @MYSQL_LIBADD@ @PGSQL_LIBADD@ -lpcreposix"],
'CCFLAGS' => '@GCOV_CFLAGS@',
'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING'
'INC' => "-I@top_srcdir@/lib -I@top_srcdir@/perl/sieve -I@top_srcdir@/perl/sieve/lib @SASLFLAGS@ @SSL_CPPFLAGS@",
diff --git a/perl/imap/Makefile.PL.in b/perl/imap/Makefile.PL.in
index 71416cc..f76cda6 100644
--- a/perl/imap/Makefile.PL.in
+++ b/perl/imap/Makefile.PL.in
@@ -91,7 +91,7 @@ WriteMakefile(
'LD' => $Config{ld} . ' @GCOV_LDFLAGS@',
'OBJECT' => 'IMAP.o',
'MYEXTLIB' => '@top_builddir@/perl/.libs/libcyrus.a @top_builddir@/perl/.libs/libcyrus_min.a',
- 'LIBS' => [ "$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@ @GCOV_LIBS@ @LIBCAP_LIBS@"],
+ 'LIBS' => [ "$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@ @GCOV_LIBS@ @LIBCAP_LIBS@ -lpcreposix"],
'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING'
'INC' => "-I@top_srcdir@ -I@top_srcdir@/com_err/et @SASLFLAGS@ @SSL_CPPFLAGS@ @GCOV_CFLAGS@ -I@top_srcdir@/perl/imap",
'EXE_FILES' => [cyradm],

13
SOURCES/patch-cyrus-rename-quota Normal file
View File

@ -0,0 +1,13 @@
diff --git a/imap/imapd.c b/imap/imapd.c
index 3cc75f5..a22a356 100644
--- a/imap/imapd.c
+++ b/imap/imapd.c
@@ -8022,7 +8022,7 @@ static void cmd_reconstruct(const char *tag, const char *name, int recursive)
fclose(stdout);
fclose(stderr);
- ret = snprintf(buf, sizeof(buf), "%s/quota", SBIN_DIR);
+ ret = snprintf(buf, sizeof(buf), "%s/cyr_quota", SBIN_DIR);
if(ret < 0 || ret >= (int) sizeof(buf)) {
/* in child, so fatailing won't disconnect our user */
fatal("quota buffer not sufficiently big", EX_CONFIG);

6
SOURCES/cyrus-squatter-assert-crash.patch → SOURCES/patch-cyrus-squatter-assert-crash
View File

@ -1,8 +1,8 @@
diff --git a/imap/squatter.c b/imap/squatter.c
index 97daa73..d7ffbd0 100644
index 4419379..d00f003 100644
--- a/imap/squatter.c
+++ b/imap/squatter.c
@@ -332,8 +332,13 @@ static void expand_mboxnames(strarray_t *sa, int nmboxnames,
@@ -408,8 +408,13 @@ static void expand_mboxnames(strarray_t *sa, int nmboxnames,
else {
/* Translate any separators in mailboxname */
char *intname = mboxname_from_external(mboxnames[i], &squat_namespace, NULL);
@ -17,4 +17,4 @@ index 97daa73..d7ffbd0 100644
+ }
free(intname);
}
}

2
SOURCES/patch-cyrus-testsuite-timeout
View File

@ -7,7 +7,7 @@ index 46dc358..ca37f22 100644
/* Each test gets a maximum of 20 seconds. */
-#define TEST_TIMEOUT_MS (20*1000)
+#define TEST_TIMEOUT_MS (30*1000)
+#define TEST_TIMEOUT_MS (300*1000)
static jmp_buf jbuf;
static const char *code;

25
SOURCES/patch-vzic-proper-cflags
View File

@ -1,25 +0,0 @@
diff --git a/tools/vzic/Makefile b/tools/vzic/Makefile
index 8ae6afa..3882998 100644
--- a/tools/vzic/Makefile
+++ b/tools/vzic/Makefile
@@ -45,17 +45,17 @@ LIBICAL_LDADD = -lical
GLIB_CFLAGS = `pkg-config --cflags glib-2.0`
GLIB_LDADD = `pkg-config --libs glib-2.0`
-CFLAGS = -g -I../.. -DOLSON_DIR=\"$(OLSON_DIR)\" -DPRODUCT_ID='"$(PRODUCT_ID)"' -DTZID_PREFIX='"$(TZID_PREFIX)"' $(GLIB_CFLAGS) $(LIBICAL_CFLAGS)
+CFLAGS += -I../.. -DOLSON_DIR=\"$(OLSON_DIR)\" -DPRODUCT_ID='"$(PRODUCT_ID)"' -DTZID_PREFIX='"$(TZID_PREFIX)"' $(GLIB_CFLAGS) $(LIBICAL_CFLAGS)
OBJECTS = vzic.o vzic-parse.o vzic-dump.o vzic-output.o
all: vzic
vzic: $(OBJECTS)
- $(CC) $(OBJECTS) $(GLIB_LDADD) -o vzic
+ $(CC) $(LDFLAGS) $(OBJECTS) $(GLIB_LDADD) -o vzic
test-vzic: test-vzic.o
- $(CC) test-vzic.o $(LIBICAL_LDADD) -o test-vzic
+ $(CC) $(LDFLAGS) test-vzic.o $(LIBICAL_LDADD) -o test-vzic
# Dependencies.
$(OBJECTS): vzic.h

2113
SPECS/cyrus-imapd.spec
View File

File diff suppressed because it is too large Load Diff