Compare commits
No commits in common. "c9-beta" and "c8" have entirely different histories.
@ -1,2 +1,3 @@
|
|||||||
db177fede156dad2c57d11af4eee12c86ed650b1 SOURCES/cyrus-imapd-3.4.8.tar.gz
|
b3157c127c9cc404ecb2672e0eb4f18cac2a2a73 SOURCES/cassandane-00bfe01.tar.gz
|
||||||
27de2e8344eca909bf8281745c3bd1c191b07f13 SOURCES/cyrus-imapd-3.4.8.tar.gz.sig
|
fdbc28a259af65792e23ce8da16faf323039139c SOURCES/cassandane-testdata-20170523.tar.gz
|
||||||
|
49e3f8bbecd391513b81e3ccf49ea2df84be522f SOURCES/cyrus-imapd-3.0.7.tar.gz
|
||||||
|
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
SOURCES/cyrus-imapd-3.4.8.tar.gz
|
SOURCES/cassandane-00bfe01.tar.gz
|
||||||
SOURCES/cyrus-imapd-3.4.8.tar.gz.sig
|
SOURCES/cassandane-testdata-20170523.tar.gz
|
||||||
|
SOURCES/cyrus-imapd-3.0.7.tar.gz
|
||||||
|
1111
SOURCES/CHANGES.rpm
Normal file
1111
SOURCES/CHANGES.rpm
Normal file
File diff suppressed because it is too large
Load Diff
205
SOURCES/cyrus-imapd-3.0-CVE-2021-33582.patch
Normal file
205
SOURCES/cyrus-imapd-3.0-CVE-2021-33582.patch
Normal file
@ -0,0 +1,205 @@
|
|||||||
|
diff --git a/imap/http_dav.c b/imap/http_dav.c
|
||||||
|
index 91bbc28b6b..a6fa5c8345 100644
|
||||||
|
--- a/imap/http_dav.c
|
||||||
|
+++ b/imap/http_dav.c
|
||||||
|
@@ -5494,7 +5494,7 @@ EXPORTED int meth_propfind(struct transaction_t *txn, void *params)
|
||||||
|
xmlDocPtr indoc = NULL, outdoc = NULL;
|
||||||
|
xmlNodePtr root, cur = NULL, props = NULL;
|
||||||
|
xmlNsPtr ns[NUM_NAMESPACE];
|
||||||
|
- struct hash_table ns_table = { 0, NULL, NULL };
|
||||||
|
+ struct hash_table ns_table = HASH_TABLE_INITIALIZER;
|
||||||
|
struct propfind_ctx fctx;
|
||||||
|
struct propfind_entry_list *elist = NULL;
|
||||||
|
|
||||||
|
@@ -7900,7 +7900,7 @@ int meth_report(struct transaction_t *txn, void *params)
|
||||||
|
xmlNodePtr inroot = NULL, outroot = NULL, cur, prop = NULL, props = NULL;
|
||||||
|
const struct report_type_t *report = NULL;
|
||||||
|
xmlNsPtr ns[NUM_NAMESPACE];
|
||||||
|
- struct hash_table ns_table = { 0, NULL, NULL };
|
||||||
|
+ struct hash_table ns_table = HASH_TABLE_INITIALIZER;
|
||||||
|
struct propfind_ctx fctx;
|
||||||
|
struct propfind_entry_list *elist = NULL;
|
||||||
|
|
||||||
|
diff --git a/lib/hash.c b/lib/hash.c
|
||||||
|
index 9703142c3b..84f2e80d28 100644
|
||||||
|
--- a/lib/hash.c
|
||||||
|
+++ b/lib/hash.c
|
||||||
|
@@ -43,10 +43,11 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
|
||||||
|
assert(table);
|
||||||
|
assert(size);
|
||||||
|
|
||||||
|
- table->size = size;
|
||||||
|
+ table->size = size;
|
||||||
|
+ table->seed = rand(); /* might be zero, that's okay */
|
||||||
|
|
||||||
|
/* Allocate the table -- different for using memory pools and not */
|
||||||
|
- if(use_mpool) {
|
||||||
|
+ if (use_mpool) {
|
||||||
|
/* Allocate an initial memory pool for 32 byte keys + the hash table
|
||||||
|
* + the buckets themselves */
|
||||||
|
table->pool =
|
||||||
|
@@ -72,7 +73,7 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
|
||||||
|
|
||||||
|
EXPORTED void *hash_insert(const char *key, void *data, hash_table *table)
|
||||||
|
{
|
||||||
|
- unsigned val = strhash(key) % table->size;
|
||||||
|
+ unsigned val = strhash_seeded(table->seed, key) % table->size;
|
||||||
|
bucket *ptr, *newptr;
|
||||||
|
bucket **prev;
|
||||||
|
|
||||||
|
@@ -153,9 +154,14 @@ EXPORTED void *hash_insert(const char *key, void *data, hash_table *table)
|
||||||
|
|
||||||
|
EXPORTED void *hash_lookup(const char *key, hash_table *table)
|
||||||
|
{
|
||||||
|
- unsigned val = strhash(key) % table->size;
|
||||||
|
+ unsigned val;
|
||||||
|
bucket *ptr;
|
||||||
|
|
||||||
|
+ if (!table->size)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
+ val = strhash_seeded(table->seed, key) % table->size;
|
||||||
|
+
|
||||||
|
if (!(table->table)[val])
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
@@ -178,8 +184,7 @@ EXPORTED void *hash_lookup(const char *key, hash_table *table)
|
||||||
|
* since it will leak memory until you get rid of the entire hash table */
|
||||||
|
EXPORTED void *hash_del(const char *key, hash_table *table)
|
||||||
|
{
|
||||||
|
- unsigned val = strhash(key) % table->size;
|
||||||
|
- void *data;
|
||||||
|
+ unsigned val = strhash_seeded(table->seed, key) % table->size;
|
||||||
|
bucket *ptr, *last = NULL;
|
||||||
|
|
||||||
|
if (!(table->table)[val])
|
||||||
|
@@ -200,15 +205,10 @@ EXPORTED void *hash_del(const char *key, hash_table *table)
|
||||||
|
int cmpresult = strcmp(key, ptr->key);
|
||||||
|
if (!cmpresult)
|
||||||
|
{
|
||||||
|
+ void *data = ptr->data;
|
||||||
|
if (last != NULL )
|
||||||
|
{
|
||||||
|
- data = ptr -> data;
|
||||||
|
last -> next = ptr -> next;
|
||||||
|
- if(!table->pool) {
|
||||||
|
- free(ptr->key);
|
||||||
|
- free(ptr);
|
||||||
|
- }
|
||||||
|
- return data;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -221,15 +221,15 @@ EXPORTED void *hash_del(const char *key, hash_table *table)
|
||||||
|
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- data = ptr->data;
|
||||||
|
(table->table)[val] = ptr->next;
|
||||||
|
- if(!table->pool) {
|
||||||
|
- free(ptr->key);
|
||||||
|
- free(ptr);
|
||||||
|
- }
|
||||||
|
- return data;
|
||||||
|
}
|
||||||
|
- } else if (cmpresult < 0) {
|
||||||
|
+ if(!table->pool) {
|
||||||
|
+ free(ptr->key);
|
||||||
|
+ free(ptr);
|
||||||
|
+ }
|
||||||
|
+ return data;
|
||||||
|
+ }
|
||||||
|
+ if (cmpresult < 0) {
|
||||||
|
/* its not here! */
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
diff --git a/lib/hash.h b/lib/hash.h
|
||||||
|
index 8051ac1760..cfa7da1ffa 100644
|
||||||
|
--- a/lib/hash.h
|
||||||
|
+++ b/lib/hash.h
|
||||||
|
@@ -3,10 +3,11 @@
|
||||||
|
#define HASH__H
|
||||||
|
|
||||||
|
#include <stddef.h> /* For size_t */
|
||||||
|
+#include <stdint.h>
|
||||||
|
#include "mpool.h"
|
||||||
|
#include "strarray.h"
|
||||||
|
|
||||||
|
-#define HASH_TABLE_INITIALIZER {0, NULL, NULL}
|
||||||
|
+#define HASH_TABLE_INITIALIZER {0, 0, NULL, NULL}
|
||||||
|
|
||||||
|
/*
|
||||||
|
** A hash table consists of an array of these buckets. Each bucket
|
||||||
|
@@ -32,6 +33,7 @@ typedef struct bucket {
|
||||||
|
|
||||||
|
typedef struct hash_table {
|
||||||
|
size_t size;
|
||||||
|
+ uint32_t seed;
|
||||||
|
bucket **table;
|
||||||
|
struct mpool *pool;
|
||||||
|
} hash_table;
|
||||||
|
diff --git a/lib/strhash.c b/lib/strhash.c
|
||||||
|
index d7c1741d2a..1b3251db73 100644
|
||||||
|
--- a/lib/strhash.c
|
||||||
|
+++ b/lib/strhash.c
|
||||||
|
@@ -42,17 +42,32 @@
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
-EXPORTED unsigned strhash(const char *string)
|
||||||
|
+#include "lib/strhash.h"
|
||||||
|
+
|
||||||
|
+/* The well-known djb2 algorithm (e.g. http://www.cse.yorku.ca/~oz/hash.html),
|
||||||
|
+ * with the addition of an optional seed to limit predictability.
|
||||||
|
+ *
|
||||||
|
+ * XXX return type 'unsigned' for back-compat to previous version, but
|
||||||
|
+ * XXX ought to be 'uint32_t'
|
||||||
|
+ */
|
||||||
|
+EXPORTED unsigned strhash_seeded_djb2(uint32_t seed, const char *string)
|
||||||
|
{
|
||||||
|
- unsigned ret_val = 0;
|
||||||
|
- int i;
|
||||||
|
+ const unsigned char *ustr = (const unsigned char *) string;
|
||||||
|
+ unsigned hash = 5381;
|
||||||
|
+ int c;
|
||||||
|
|
||||||
|
- while (*string)
|
||||||
|
- {
|
||||||
|
- i = (int) *string;
|
||||||
|
- ret_val ^= i;
|
||||||
|
- ret_val <<= 1;
|
||||||
|
- string ++;
|
||||||
|
- }
|
||||||
|
- return ret_val;
|
||||||
|
+ if (seed) {
|
||||||
|
+ /* treat the bytes of the seed as a prefix to the string */
|
||||||
|
+ unsigned i;
|
||||||
|
+ for (i = 0; i < sizeof seed; i++) {
|
||||||
|
+ c = seed & 0xff;
|
||||||
|
+ hash = ((hash << 5) + hash) ^ c;
|
||||||
|
+ seed >>= 8;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ while ((c = *ustr++))
|
||||||
|
+ hash = ((hash << 5) + hash) ^ c;
|
||||||
|
+
|
||||||
|
+ return hash;
|
||||||
|
}
|
||||||
|
diff --git a/lib/strhash.h b/lib/strhash.h
|
||||||
|
index 34533fdffa..27339bb288 100644
|
||||||
|
--- a/lib/strhash.h
|
||||||
|
+++ b/lib/strhash.h
|
||||||
|
@@ -41,7 +41,11 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _STRHASH_H_
|
||||||
|
+#include <stdint.h>
|
||||||
|
|
||||||
|
-unsigned strhash(const char *string);
|
||||||
|
+unsigned strhash_seeded_djb2(uint32_t seed, const char *string);
|
||||||
|
+
|
||||||
|
+#define strhash(in) strhash_seeded_djb2((0), (in))
|
||||||
|
+#define strhash_seeded(sd, in) strhash_seeded_djb2((sd), (in))
|
||||||
|
|
||||||
|
#endif /* _STRHASH_H_ */
|
30
SOURCES/cyrus-imapd-CVE-2019-18928.patch
Normal file
30
SOURCES/cyrus-imapd-CVE-2019-18928.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
diff --git a/imap/httpd.c b/imap/httpd.c
|
||||||
|
index 5dcf38dc4..d2fdeb945 100644
|
||||||
|
--- a/imap/httpd.c
|
||||||
|
+++ b/imap/httpd.c
|
||||||
|
@@ -1729,6 +1729,25 @@ static int examine_request(struct transaction_t *txn)
|
||||||
|
txn->auth_chal.scheme = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Drop auth credentials, if not a backend in a Murder */
|
||||||
|
+ else if (!config_mupdate_server || !config_getstring(IMAPOPT_PROXYSERVERS)) {
|
||||||
|
+ syslog(LOG_DEBUG, "drop auth creds");
|
||||||
|
+
|
||||||
|
+ free(httpd_userid);
|
||||||
|
+ httpd_userid = NULL;
|
||||||
|
+
|
||||||
|
+ free(httpd_extrafolder);
|
||||||
|
+ httpd_extrafolder = NULL;
|
||||||
|
+
|
||||||
|
+ free(httpd_extradomain);
|
||||||
|
+ httpd_extradomain = NULL;
|
||||||
|
+
|
||||||
|
+ if (httpd_authstate) {
|
||||||
|
+ auth_freestate(httpd_authstate);
|
||||||
|
+ httpd_authstate = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Perform proxy authorization, if necessary */
|
||||||
|
else if (saslprops.authid &&
|
||||||
|
(hdr = spool_getheader(txn->req_hdrs, "Authorize-As")) &&
|
13
SOURCES/cyrus-imapd-CVE-2019-19783.patch
Normal file
13
SOURCES/cyrus-imapd-CVE-2019-19783.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/imap/lmtp_sieve.c b/imap/lmtp_sieve.c
|
||||||
|
index 4c3bbc3..d0abdd3 100644
|
||||||
|
--- a/imap/lmtp_sieve.c
|
||||||
|
+++ b/imap/lmtp_sieve.c
|
||||||
|
@@ -999,7 +999,7 @@ static int autosieve_createfolder(const char *userid, const struct auth_state *a
|
||||||
|
if (createsievefolder) {
|
||||||
|
/* Folder is already in internal namespace format */
|
||||||
|
r = mboxlist_createmailbox(internalname, 0, NULL,
|
||||||
|
- 1, userid, auth_state, 0, 0, 0, 1, NULL);
|
||||||
|
+ 0, userid, auth_state, 0, 0, 0, 1, NULL);
|
||||||
|
if (!r) {
|
||||||
|
mboxlist_changesub(internalname, userid, auth_state, 1, 1, 1);
|
||||||
|
syslog(LOG_DEBUG, "autosievefolder: User %s, folder %s creation succeeded",
|
23
SOURCES/cyrus-imapd-close_backup_fd_on_error.patch
Normal file
23
SOURCES/cyrus-imapd-close_backup_fd_on_error.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
From 725e1efbd923c6d15ba639e17bfd0baabc619daa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pavel Zhukov <pzhukov@redhat.com>
|
||||||
|
Date: Mon, 1 Oct 2018 15:55:35 +0200
|
||||||
|
Subject: [PATCH] Close file descriptior in case of error
|
||||||
|
|
||||||
|
Make static code analizers happy.
|
||||||
|
If stat() failed for some reason it may lead backup fd unclosed.
|
||||||
|
---
|
||||||
|
backup/lcb.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/backup/lcb.c b/backup/lcb.c
|
||||||
|
index 8c4a0e31a..9a04b08f2 100644
|
||||||
|
--- a/backup/lcb.c
|
||||||
|
+++ b/backup/lcb.c
|
||||||
|
@@ -182,6 +182,7 @@ HIDDEN int backup_real_open(struct backup **backupp,
|
||||||
|
if (r) {
|
||||||
|
syslog(LOG_ERR, "IOERROR: (f)stat %s: %m", backup->data_fname);
|
||||||
|
r = IMAP_IOERROR;
|
||||||
|
+ close(fd);
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
38
SOURCES/cyrus-imapd-close_backup_on_failure.patch
Normal file
38
SOURCES/cyrus-imapd-close_backup_on_failure.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From 5d00f649b4d2a599905d1b9290c91a769909741d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pavel Zhukov <pzhukov@redhat.com>
|
||||||
|
Date: Mon, 24 Sep 2018 17:24:48 +0200
|
||||||
|
Subject: [PATCH] Close backup on failure.
|
||||||
|
|
||||||
|
Static analizers report this as memory leak issue.
|
||||||
|
---
|
||||||
|
backup/ctl_backups.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/backup/ctl_backups.c b/backup/ctl_backups.c
|
||||||
|
index 3d817e743..e532eedb7 100644
|
||||||
|
--- a/backup/ctl_backups.c
|
||||||
|
+++ b/backup/ctl_backups.c
|
||||||
|
@@ -955,6 +955,7 @@ static int lock_run_pipe(const char *userid, const char *fname,
|
||||||
|
|
||||||
|
if (r) {
|
||||||
|
printf("NO failed (%s)\n", error_message(r));
|
||||||
|
+ r = backup_close(&backup);
|
||||||
|
return EC_SOFTWARE; // FIXME would something else be more appropriate?
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -993,6 +994,7 @@ static int lock_run_sqlite(const char *userid, const char *fname,
|
||||||
|
fprintf(stderr, "unable to lock %s: %s\n",
|
||||||
|
userid ? userid : fname,
|
||||||
|
error_message(r));
|
||||||
|
+ r = backup_close(&backup);
|
||||||
|
return EC_SOFTWARE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1053,6 +1055,7 @@ static int lock_run_exec(const char *userid, const char *fname,
|
||||||
|
fprintf(stderr, "unable to lock %s: %s\n",
|
||||||
|
userid ? userid : fname,
|
||||||
|
error_message(r));
|
||||||
|
+ r = backup_close(&backup);
|
||||||
|
return EC_SOFTWARE;
|
||||||
|
}
|
||||||
|
|
26
SOURCES/cyrus-imapd-cve_2019_11356.patch
Normal file
26
SOURCES/cyrus-imapd-cve_2019_11356.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
diff --git a/imap/httpd.c b/imap/httpd.c
|
||||||
|
index dc53f8c..24b65e5 100644
|
||||||
|
--- a/imap/httpd.c
|
||||||
|
+++ b/imap/httpd.c
|
||||||
|
@@ -2202,7 +2202,7 @@ EXPORTED time_t calc_compile_time(const char *time, const char *date)
|
||||||
|
memset(&tm, 0, sizeof(struct tm));
|
||||||
|
tm.tm_isdst = -1;
|
||||||
|
sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
|
||||||
|
- sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
|
||||||
|
+ sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
|
||||||
|
tm.tm_year -= 1900;
|
||||||
|
for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) {
|
||||||
|
if (!strcmp(month, monthname[tm.tm_mon])) break;
|
||||||
|
diff --git a/imap/ical_support.c b/imap/ical_support.c
|
||||||
|
index 1d7550a..e1bda50 100644
|
||||||
|
--- a/imap/ical_support.c
|
||||||
|
+++ b/imap/ical_support.c
|
||||||
|
@@ -458,7 +458,7 @@ const char *get_icalcomponent_errstr(icalcomponent *ical)
|
||||||
|
|
||||||
|
/* Check if this is an empty property error */
|
||||||
|
if (sscanf(errstr,
|
||||||
|
- "No value for %s property", propname) == 1) {
|
||||||
|
+ "No value for %255s property", propname) == 1) {
|
||||||
|
/* Empty LOCATION is OK */
|
||||||
|
if (!strcasecmp(propname, "LOCATION")) continue;
|
||||||
|
if (!strcasecmp(propname, "COMMENT")) continue;
|
@ -9,4 +9,4 @@ ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd-ca.pem
|
|||||||
Type=oneshot
|
Type=oneshot
|
||||||
Group=mail
|
Group=mail
|
||||||
RemainAfterExit=no
|
RemainAfterExit=no
|
||||||
ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640
|
ExecStart=/usr/bin/sscg --package cyrus-imapd --cert-file /etc/pki/cyrus-imapd/cyrus-imapd.pem --cert-key-file /etc/pki/cyrus-imapd/cyrus-imapd-key.pem --ca-file /etc/pki/cyrus-imapd/cyrus-imapd-ca.pem --cert-key-mode=0640
|
||||||
|
17
SOURCES/cyrus-imapd-load-tombstones-for-cleanup.patch
Normal file
17
SOURCES/cyrus-imapd-load-tombstones-for-cleanup.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
diff --git a/imap/cyr_expire.c b/imap/cyr_expire.c
|
||||||
|
index bcb40ea..747414a 100644
|
||||||
|
--- a/imap/cyr_expire.c
|
||||||
|
+++ b/imap/cyr_expire.c
|
||||||
|
@@ -628,9 +628,10 @@ int main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
|
||||||
|
if (do_user)
|
||||||
|
- mboxlist_usermboxtree(do_user, expire, &erock, MBOXTREE_DELETED);
|
||||||
|
+ mboxlist_usermboxtree(do_user, expire, &erock, MBOXTREE_DELETED|MBOXTREE_TOMBSTONES);
|
||||||
|
else
|
||||||
|
- mboxlist_allmbox(find_prefix, expire, &erock, 0);
|
||||||
|
+ mboxlist_allmbox(find_prefix, expire, &erock,
|
||||||
|
+ MBOXTREE_TOMBSTONES);
|
||||||
|
|
||||||
|
syslog(LOG_NOTICE, "Expired %lu and expunged %lu out of %lu "
|
||||||
|
"messages from %lu mailboxes",
|
66
SOURCES/cyrus-imapd-master_rename.patch
Normal file
66
SOURCES/cyrus-imapd-master_rename.patch
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
diff --git a/Cassandane/Instance.pm b/cassandane/Cassandane/Instance.pm
|
||||||
|
index 1561143..c60396e 100644
|
||||||
|
--- a/Cassandane/Instance.pm
|
||||||
|
+++ b/Cassandane/Instance.pm
|
||||||
|
@@ -166,7 +166,7 @@ sub get_version
|
||||||
|
my $cyrus_master;
|
||||||
|
foreach my $d (qw( bin sbin libexec libexec/cyrus-imapd lib cyrus/bin ))
|
||||||
|
{
|
||||||
|
- my $try = "$cyrus_destdir$cyrus_prefix/$d/master";
|
||||||
|
+ my $try = "$cyrus_destdir$cyrus_prefix/$d/cyrus-master";
|
||||||
|
if (-x $try) {
|
||||||
|
$cyrus_master = $try;
|
||||||
|
last;
|
||||||
|
diff --git a/Cassandane/Instance.pm b/Cassandane/Instance.pm
|
||||||
|
index c60396e..7b2883a 100644
|
||||||
|
--- a/Cassandane/Instance.pm
|
||||||
|
+++ b/Cassandane/Instance.pm
|
||||||
|
@@ -546,7 +546,7 @@ sub _pid_file
|
||||||
|
{
|
||||||
|
my ($self, $name) = @_;
|
||||||
|
|
||||||
|
- $name ||= 'master';
|
||||||
|
+ $name ||= 'cyrus-master';
|
||||||
|
|
||||||
|
return $self->{basedir} . "/run/$name.pid";
|
||||||
|
}
|
||||||
|
@@ -569,7 +569,7 @@ sub _list_pid_files
|
||||||
|
closedir(RUNDIR);
|
||||||
|
|
||||||
|
@pidfiles = sort { $a cmp $b } @pidfiles;
|
||||||
|
- @pidfiles = ( 'master', grep { $_ ne 'master' } @pidfiles );
|
||||||
|
+ @pidfiles = ( 'cyrus-master', grep { $_ ne 'cyrus-master' } @pidfiles );
|
||||||
|
|
||||||
|
return @pidfiles;
|
||||||
|
}
|
||||||
|
@@ -877,7 +877,7 @@ sub _start_master
|
||||||
|
# Now start the master process.
|
||||||
|
my @cmd =
|
||||||
|
(
|
||||||
|
- 'master',
|
||||||
|
+ 'cyrus-master',
|
||||||
|
# The following is added automatically by _fork_command:
|
||||||
|
# '-C', $self->_imapd_conf(),
|
||||||
|
'-l', '255',
|
||||||
|
@@ -886,7 +886,7 @@ sub _start_master
|
||||||
|
'-M', $self->_master_conf(),
|
||||||
|
);
|
||||||
|
if (get_verbose) {
|
||||||
|
- my $logfile = $self->{basedir} . '/conf/master.log';
|
||||||
|
+ my $logfile = $self->{basedir} . '/conf/cyrus-master.log';
|
||||||
|
xlog "_start_master: logging to $logfile";
|
||||||
|
push(@cmd, '-L', $logfile);
|
||||||
|
}
|
||||||
|
diff --git a/Cassandane/Instance.pm b/Cassandane/Instance.pm
|
||||||
|
index 7b2883a..0c1e5fb 100644
|
||||||
|
--- a/Cassandane/Instance.pm
|
||||||
|
+++ b/Cassandane/Instance.pm
|
||||||
|
@@ -1301,7 +1301,7 @@ sub send_sighup
|
||||||
|
return if ($self->{_stopped});
|
||||||
|
xlog "sighup";
|
||||||
|
|
||||||
|
- my $pid = $self->_read_pid_file('master') or return;
|
||||||
|
+ my $pid = $self->_read_pid_file('cyrus-master') or return;
|
||||||
|
kill(SIGHUP, $pid) or die "Can't send signal SIGHUP to pid $pid: $!";
|
||||||
|
return 1;
|
||||||
|
}
|
73
SOURCES/cyrus-imapd-memory_leak_on_cleanup.patch
Normal file
73
SOURCES/cyrus-imapd-memory_leak_on_cleanup.patch
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
From acfc393638ad1b81a4234173b060bb63907ee52c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Pavel Zhukov <pzhukov@redhat.com>
|
||||||
|
Date: Mon, 1 Oct 2018 15:51:01 +0200
|
||||||
|
Subject: [PATCH] Replace simple return with cleanup flow
|
||||||
|
|
||||||
|
Make cleanup more consistence to prevent leaks of memory pointed by
|
||||||
|
filter/base/res
|
||||||
|
---
|
||||||
|
ptclient/ldap.c | 17 ++++++++++-------
|
||||||
|
1 file changed, 10 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
|
||||||
|
index 0b82d2c6b..65bae7bd6 100644
|
||||||
|
--- a/ptclient/ldap.c
|
||||||
|
+++ b/ptclient/ldap.c
|
||||||
|
@@ -1388,13 +1388,14 @@ static int ptsmodule_make_authstate_group(
|
||||||
|
|
||||||
|
if (strncmp(canon_id, "group:", 6)) { // Sanity check
|
||||||
|
*reply = "not a group identifier";
|
||||||
|
- return PTSM_FAIL;
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ptsmodule_connect();
|
||||||
|
if (rc != PTSM_OK) {
|
||||||
|
*reply = "ptsmodule_connect() failed";
|
||||||
|
- return rc;
|
||||||
|
+ goto done;;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ptsmodule_expand_tokens(ptsm->group_filter, canon_id+6, NULL, &filter);
|
||||||
|
@@ -1425,17 +1426,19 @@ static int ptsmodule_make_authstate_group(
|
||||||
|
|
||||||
|
if (rc != LDAP_SUCCESS) {
|
||||||
|
syslog(LOG_DEBUG, "(groups) Result from domain query not OK");
|
||||||
|
- return rc;
|
||||||
|
+ goto done;
|
||||||
|
} else {
|
||||||
|
syslog(LOG_DEBUG, "(groups) Result from domain query OK");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ldap_count_entries(ptsm->ld, res) < 1) {
|
||||||
|
syslog(LOG_ERR, "(groups) No domain %s found", domain);
|
||||||
|
- return PTSM_FAIL;
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ goto done;
|
||||||
|
} else if (ldap_count_entries(ptsm->ld, res) > 1) {
|
||||||
|
syslog(LOG_ERR, "(groups) Multiple domains %s found", domain);
|
||||||
|
- return PTSM_FAIL;
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ goto done;
|
||||||
|
} else {
|
||||||
|
syslog(LOG_DEBUG, "(groups) Domain %s found", domain);
|
||||||
|
if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
|
||||||
|
@@ -1452,7 +1455,7 @@ static int ptsmodule_make_authstate_group(
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc != PTSM_OK) {
|
||||||
|
- return rc;
|
||||||
|
+ goto done;
|
||||||
|
} else {
|
||||||
|
base = xstrdup(ptsm->group_base);
|
||||||
|
syslog(LOG_DEBUG, "Continuing with ptsm->group_base: %s", ptsm->group_base);
|
||||||
|
@@ -1462,7 +1465,7 @@ static int ptsmodule_make_authstate_group(
|
||||||
|
} else {
|
||||||
|
rc = ptsmodule_expand_tokens(ptsm->group_base, canon_id, NULL, &base);
|
||||||
|
if (rc != PTSM_OK)
|
||||||
|
- return rc;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
syslog(LOG_DEBUG, "(groups) about to search %s for %s", base, filter);
|
102
SOURCES/cyrus-imapd-memory_leak_on_cleanup_2.patch
Normal file
102
SOURCES/cyrus-imapd-memory_leak_on_cleanup_2.patch
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
|
||||||
|
index 7e48879..dafa724 100644
|
||||||
|
--- a/ptclient/ldap.c
|
||||||
|
+++ b/ptclient/ldap.c
|
||||||
|
@@ -932,7 +932,7 @@ static int ptsmodule_get_dn(
|
||||||
|
{
|
||||||
|
rc = ptsmodule_expand_tokens(ptsm->filter, canon_id, NULL, &filter);
|
||||||
|
if (rc != PTSM_OK)
|
||||||
|
- return rc;
|
||||||
|
+ goto done;
|
||||||
|
|
||||||
|
if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
|
||||||
|
syslog(LOG_DEBUG, "Attempting to get domain for %s from %s", canon_id, ptsm->domain_base_dn);
|
||||||
|
@@ -955,19 +955,23 @@ static int ptsmodule_get_dn(
|
||||||
|
ldap_unbind(ptsm->ld);
|
||||||
|
ptsm->ld = NULL;
|
||||||
|
syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc));
|
||||||
|
- return PTSM_RETRY;
|
||||||
|
+ rc = PTSM_RETRY;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc));
|
||||||
|
- return PTSM_FAIL;
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ldap_count_entries(ptsm->ld, res) < 1) {
|
||||||
|
syslog(LOG_ERR, "No domain %s found", domain);
|
||||||
|
- return PTSM_FAIL;
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ goto done;
|
||||||
|
} else if (ldap_count_entries(ptsm->ld, res) > 1) {
|
||||||
|
syslog(LOG_ERR, "Multiple domains %s found", domain);
|
||||||
|
- return PTSM_FAIL;
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ goto done;
|
||||||
|
} else {
|
||||||
|
if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
|
||||||
|
if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_result_attribute)) != NULL) {
|
||||||
|
@@ -982,7 +986,7 @@ static int ptsmodule_get_dn(
|
||||||
|
}
|
||||||
|
|
||||||
|
if (rc != PTSM_OK) {
|
||||||
|
- return rc;
|
||||||
|
+ goto done;
|
||||||
|
} else {
|
||||||
|
base = xstrdup(ptsm->base);
|
||||||
|
syslog(LOG_DEBUG, "Continuing with ptsm->base: %s", ptsm->base);
|
||||||
|
@@ -993,23 +997,23 @@ static int ptsmodule_get_dn(
|
||||||
|
} else {
|
||||||
|
rc = ptsmodule_expand_tokens(ptsm->base, canon_id, NULL, &base);
|
||||||
|
if (rc != PTSM_OK)
|
||||||
|
- return rc;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ldap_search_st(ptsm->ld, base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res);
|
||||||
|
|
||||||
|
if (rc != LDAP_SUCCESS) {
|
||||||
|
syslog(LOG_DEBUG, "Searching %s with %s failed", base, base);
|
||||||
|
- free(filter);
|
||||||
|
- free(base);
|
||||||
|
|
||||||
|
if (rc == LDAP_SERVER_DOWN) {
|
||||||
|
ldap_unbind(ptsm->ld);
|
||||||
|
ptsm->ld = NULL;
|
||||||
|
- return PTSM_RETRY;
|
||||||
|
+ rc = PTSM_RETRY;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
- return PTSM_FAIL;
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
free(filter);
|
||||||
|
@@ -1035,6 +1039,13 @@ static int ptsmodule_get_dn(
|
||||||
|
}
|
||||||
|
|
||||||
|
return (*ret ? PTSM_OK : PTSM_FAIL);
|
||||||
|
+
|
||||||
|
+ done:
|
||||||
|
+ if (filter)
|
||||||
|
+ free(filter);
|
||||||
|
+ if (base)
|
||||||
|
+ free(base);
|
||||||
|
+ return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -1344,7 +1355,7 @@ static int ptsmodule_make_authstate_group(
|
||||||
|
rc = ptsmodule_connect();
|
||||||
|
if (rc != PTSM_OK) {
|
||||||
|
*reply = "ptsmodule_connect() failed";
|
||||||
|
- goto done;;
|
||||||
|
+ goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = ptsmodule_expand_tokens(ptsm->group_filter, canon_id+6, NULL, &filter);
|
@ -0,0 +1,64 @@
|
|||||||
|
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
|
||||||
|
index 2fc306e..4dc9be1 100644
|
||||||
|
--- a/ptclient/ldap.c
|
||||||
|
+++ b/ptclient/ldap.c
|
||||||
|
@@ -934,7 +934,58 @@ static int ptsmodule_get_dn(
|
||||||
|
if (rc != PTSM_OK)
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
- if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
|
||||||
|
+ if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') == NULL)) {
|
||||||
|
+ syslog(LOG_DEBUG, "collecting all domains from %s", ptsm->domain_base_dn);
|
||||||
|
+
|
||||||
|
+ snprintf(domain_filter, sizeof(domain_filter), ptsm->domain_filter, "*");
|
||||||
|
+
|
||||||
|
+ syslog(LOG_DEBUG, "Domain filter: %s", domain_filter);
|
||||||
|
+
|
||||||
|
+ rc = ldap_search_st(ptsm->ld, ptsm->domain_base_dn, ptsm->domain_scope, domain_filter, domain_attrs, 0, &(ptsm->timeout), &res);
|
||||||
|
+
|
||||||
|
+ if (rc != LDAP_SUCCESS) {
|
||||||
|
+ if (rc == LDAP_SERVER_DOWN) {
|
||||||
|
+ syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc));
|
||||||
|
+ ldap_unbind(ptsm->ld);
|
||||||
|
+ ptsm->ld = NULL;
|
||||||
|
+ return PTSM_RETRY;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc));
|
||||||
|
+ return PTSM_FAIL;
|
||||||
|
+ }
|
||||||
|
+ if (ldap_count_entries(ptsm->ld, res) < 1) {
|
||||||
|
+ syslog(LOG_ERR, "No domain found");
|
||||||
|
+ return PTSM_FAIL;
|
||||||
|
+ } else if (ldap_count_entries(ptsm->ld, res) >= 1) {
|
||||||
|
+ int count_matches = 0;
|
||||||
|
+ char *temp_base = NULL;
|
||||||
|
+ LDAPMessage *res2;
|
||||||
|
+ for (entry = ldap_first_entry(ptsm->ld, res); entry != NULL; entry = ldap_next_entry(ptsm->ld, entry)) {
|
||||||
|
+ if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_name_attribute)) != NULL) {
|
||||||
|
+ syslog(LOG_DEBUG, "we have a domain %s", vals[0]);
|
||||||
|
+ ptsmodule_standard_root_dn(vals[0], &temp_base);
|
||||||
|
+ rc = ldap_search_st(ptsm->ld, temp_base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res2);
|
||||||
|
+ if (rc == LDAP_SUCCESS && ldap_count_entries(ptsm->ld, res2) == 1) {
|
||||||
|
+ syslog(LOG_DEBUG, "Found %s in %s", canon_id, temp_base);
|
||||||
|
+ base = temp_base;
|
||||||
|
+ count_matches++;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (count_matches > 1) {
|
||||||
|
+ syslog(LOG_ERR, "LDAP search for %s failed because it matches multiple accounts.", canon_id);
|
||||||
|
+ return PTSM_FAIL;
|
||||||
|
+ } else if (count_matches == 0) {
|
||||||
|
+ syslog(LOG_ERR, "LDAP search for %s failed because it does not match any account in all domains.", canon_id);
|
||||||
|
+ return PTSM_FAIL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ syslog(LOG_DEBUG, "we have found %s in %s", canon_id, base);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ else if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') != NULL)) {
|
||||||
|
syslog(LOG_DEBUG, "Attempting to get domain for %s from %s", canon_id, ptsm->domain_base_dn);
|
||||||
|
|
||||||
|
/* Get the base dn to search from domain_base_dn searched on domain_scope with
|
68
SOURCES/cyrus-imapd-use_system_ciphers.patch
Normal file
68
SOURCES/cyrus-imapd-use_system_ciphers.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
diff --git a/lib/imapoptions b/lib/imapoptions
|
||||||
|
index 37f8371..898b943 100644
|
||||||
|
--- a/lib/imapoptions
|
||||||
|
+++ b/lib/imapoptions
|
||||||
|
@@ -2207,12 +2207,12 @@ product version in the capabilities
|
||||||
|
{ "tls_cert_file", NULL, STRING, "2.5.0", "tls_server_cert" }
|
||||||
|
/* Deprecated in favor of \fItls_server_cert\fR. */
|
||||||
|
|
||||||
|
-{ "tls_cipher_list", "DEFAULT", STRING, "2.5.0", "tls_ciphers" }
|
||||||
|
+{ "tls_cipher_list", "PROFILE=SYSTEM", STRING, "2.5.0", "tls_ciphers" }
|
||||||
|
/* Deprecated in favor of \fItls_ciphers\fR. */
|
||||||
|
|
||||||
|
-{ "tls_ciphers", "DEFAULT", STRING }
|
||||||
|
+{ "tls_ciphers", "PROFILE=SYSTEM", STRING }
|
||||||
|
/* The list of SSL/TLS ciphers to allow. The format of the string
|
||||||
|
- (and definition of "DEFAULT") is described in \fBciphers(1)\fR.
|
||||||
|
+ (and definition of "PROFILE=SYSTEM") is described in \fBciphers(1)\fR.
|
||||||
|
.PP
|
||||||
|
See also Mozilla's server-side TLS recommendations:
|
||||||
|
.PP
|
||||||
|
diff --git a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
index c45d94b..495a2c7 100644
|
||||||
|
--- a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
+++ b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
@@ -4298,7 +4298,7 @@ FIELD DESCRIPTIONS
|
||||||
|
|
||||||
|
.. startblob tls_cipher_list
|
||||||
|
|
||||||
|
- ``tls_cipher_list:`` DEFAULT
|
||||||
|
+ ``tls_cipher_list:`` PROFILE=SYSTEM
|
||||||
|
|
||||||
|
Deprecated in favor of *tls_ciphers*.
|
||||||
|
|
||||||
|
@@ -4307,10 +4307,10 @@ FIELD DESCRIPTIONS
|
||||||
|
|
||||||
|
.. startblob tls_ciphers
|
||||||
|
|
||||||
|
- ``tls_ciphers:`` DEFAULT
|
||||||
|
+ ``tls_ciphers:`` PROFILE=SYSTEM
|
||||||
|
|
||||||
|
The list of SSL/TLS ciphers to allow. The format of the string
|
||||||
|
- (and definition of "DEFAULT") is described in **ciphers(1)**.
|
||||||
|
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
|
||||||
|
|
||||||
|
See also Mozilla's server-side TLS recommendations:
|
||||||
|
|
||||||
|
diff --git a/doc/text/imap/reference/manpages/configs/imapd.conf.txt b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
index 1801cd7..7c77154 100644
|
||||||
|
--- a/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
+++ b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
@@ -2675,14 +2675,14 @@ FIELD DESCRIPTIONS
|
||||||
|
|
||||||
|
Deprecated in favor of *tls_server_cert*.
|
||||||
|
|
||||||
|
- "tls_cipher_list:" DEFAULT
|
||||||
|
+ "tls_cipher_list:" PROFILE=SYSTEM
|
||||||
|
|
||||||
|
Deprecated in favor of *tls_ciphers*.
|
||||||
|
|
||||||
|
- "tls_ciphers:" DEFAULT
|
||||||
|
+ "tls_ciphers:" PROFILE=SYSTEM
|
||||||
|
|
||||||
|
The list of SSL/TLS ciphers to allow. The format of the string
|
||||||
|
- (and definition of "DEFAULT") is described in **ciphers(1)**.
|
||||||
|
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
|
||||||
|
|
||||||
|
See also Mozilla's server-side TLS recommendations:
|
||||||
|
|
409
SOURCES/cyrus-imapd.cvt_cyrusdb_all
Normal file
409
SOURCES/cyrus-imapd.cvt_cyrusdb_all
Normal file
@ -0,0 +1,409 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
|
# This script converts all db files of a cyrus installation from their
|
||||||
|
# existing format to the format required by the current installation.
|
||||||
|
# The format of current db files is determined using the 'file' command
|
||||||
|
# with a magic file added for skiplist db, the new format is read from
|
||||||
|
# a config file usually in /usr/share/cyrus-imapd/rpm/db.cfg, which is
|
||||||
|
# created while compiling. After converting, the db.cfg file is
|
||||||
|
# copied to a cache file usually at /var/lib/imap/rpm/db.cfg.cache to
|
||||||
|
# allow bypassing this converting script if both files are identical.
|
||||||
|
# While this is a bit less secure, it may be useful on big server where
|
||||||
|
# db converting is done automatically.
|
||||||
|
#
|
||||||
|
# This script can safely be run as root, it will reexec itself as user
|
||||||
|
# cyrus if needed.
|
||||||
|
#
|
||||||
|
# author: Simon Matter, Invoca Systems <simon.matter@invoca.ch>
|
||||||
|
|
||||||
|
# changelog
|
||||||
|
# v1.0.1, Oct 22 2002 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - added two-step conversion method
|
||||||
|
#
|
||||||
|
# v1.0.2, Jan 10 2003 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - fixed a bug where cvt_cyrusdb was called to convert empty or
|
||||||
|
# nonexistent files
|
||||||
|
#
|
||||||
|
# v1.0.3, Mar 14 2003 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - fixed a problem with new versions of the file command
|
||||||
|
#
|
||||||
|
# v1.0.4
|
||||||
|
# - added GPL license
|
||||||
|
#
|
||||||
|
# v1.0.5, May 02 2003 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - modified exec path
|
||||||
|
#
|
||||||
|
# v1.0.6, Jul 18 2003 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - changed db3 to berkeley
|
||||||
|
# - added new db backends for 2.2
|
||||||
|
#
|
||||||
|
# v1.0.7, Jan 23 2004 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - included some modifications from Luca Olivetti <luca@olivetti.cjb.net>
|
||||||
|
# - added masssievec functionality
|
||||||
|
#
|
||||||
|
# v1.0.8, Jan 28 2004 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - convert sieve scripts to UTF-8 before calling masssievec
|
||||||
|
#
|
||||||
|
# v1.0.9, Jan 29 2004 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - convert sieve scripts to UTF-8 only if sievec failed before
|
||||||
|
#
|
||||||
|
# v1.0.10, Feb 24 2004 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - change su within init script to get input from
|
||||||
|
# /dev/null, this prevents hang when running in SELinux
|
||||||
|
#
|
||||||
|
# v1.0.11, Mar 02 2004 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - fixed SELinux fix
|
||||||
|
#
|
||||||
|
# v1.0.12, Dec 16 2004 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - use runuser instead of su if available
|
||||||
|
#
|
||||||
|
# v1.0.13, Jul 15 2005 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - don't use flat in the two step conversion, use skiplist instead
|
||||||
|
#
|
||||||
|
# v1.0.14, Jul 18 2005 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - replace the order of the magic files in the file call to make
|
||||||
|
# sure skiplist is detected correctly.
|
||||||
|
#
|
||||||
|
# v1.0.15, Aug 17 2005 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - add functionality to export all berkeley db files to skiplist
|
||||||
|
#
|
||||||
|
# v1.1.0, Aug 18 2005 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - fix export functionality, try to recover Berkeley databases
|
||||||
|
# as much as possible before any conversion.
|
||||||
|
#
|
||||||
|
# v1.1.1, Dec 05 2005 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - run db_checkpoint in background with a timeout to prevent
|
||||||
|
# that cyrus-imapd doesn't start at all if it hangs.
|
||||||
|
#
|
||||||
|
# v1.1.2, Dec 06 2005 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - make handling of db_checkpoint more robust
|
||||||
|
#
|
||||||
|
# v1.2.0, Jan 12 2006 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - adopt for cyrus-imapd-2.3
|
||||||
|
#
|
||||||
|
# v1.2.1, Jan 13 2006 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - code cleanup
|
||||||
|
#
|
||||||
|
# v1.2.2, Nov 29 2007 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - add ability to handle "@include" options in imapd.conf, patch
|
||||||
|
# provided by Tim Bannister
|
||||||
|
#
|
||||||
|
# v1.2.3, Feb 07 2008 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - add ability to handle tabs in imapd.conf, patch provided
|
||||||
|
# by Franz Knipp
|
||||||
|
# - disable default values for some config options like sievedir
|
||||||
|
#
|
||||||
|
# v1.2.4, Apr 23 2008 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - add support for statuscache.db
|
||||||
|
#
|
||||||
|
# v1.3.0, Sep 29 2008 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - add multi-instance support
|
||||||
|
#
|
||||||
|
# v1.3.1, Oct 09 2008 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - improve variable handling
|
||||||
|
#
|
||||||
|
# v1.3.2, May 26 2009 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - add some sanity checks to multi-instance support
|
||||||
|
#
|
||||||
|
# v1.3.3, May 27 2009 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - make some cosmetic changes
|
||||||
|
#
|
||||||
|
# v1.3.4, Dec 22 2009 Simon Matter <simon.matter@invoca.ch>
|
||||||
|
# - add support for user_deny.db
|
||||||
|
|
||||||
|
VERSION=1.3.4
|
||||||
|
|
||||||
|
PIDFILE=/var/run/cyrus-master${INSTANCE}.pid
|
||||||
|
|
||||||
|
# instance config
|
||||||
|
CYRUSCONF=/etc/cyrus${INSTANCE}.conf
|
||||||
|
IMAPDCONF=/etc/imapd${INSTANCE}.conf
|
||||||
|
|
||||||
|
# make sure what we have is a valid instance
|
||||||
|
# and that config files are present
|
||||||
|
if [ -n "$INSTANCE" ]; then
|
||||||
|
[ -L /etc/rc.d/init.d/${BASENAME} ] || exit 0
|
||||||
|
fi
|
||||||
|
[ -f $CYRUSCONF ] || exit 0
|
||||||
|
[ -f $IMAPDCONF ] || exit 0
|
||||||
|
|
||||||
|
if [ -f $PIDFILE ]; then
|
||||||
|
read CYRUS_PID < $PIDFILE
|
||||||
|
if [ -n "$CYRUS_PID" ]; then
|
||||||
|
if ps -p $CYRUS_PID > /dev/null 2>&1; then
|
||||||
|
echo "ERROR: cyrus-master is running, unable to convert mailboxes!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f $IMAPDCONF ]; then
|
||||||
|
echo "ERROR: configuration file '${IMAPDCONF}' not found, exiting!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# fallback to su if runuser not available
|
||||||
|
if [ -x /sbin/runuser ]; then
|
||||||
|
RUNUSER=runuser
|
||||||
|
else
|
||||||
|
RUNUSER=su
|
||||||
|
fi
|
||||||
|
|
||||||
|
# force cyrus user for security reasons
|
||||||
|
if [ ! $(whoami) = "cyrus" ]; then
|
||||||
|
exec $RUNUSER - cyrus -c "cd $PWD < /dev/null ; INSTANCE=$INSTANCE $0 $*"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# special function for migration
|
||||||
|
EXPORT=$1
|
||||||
|
|
||||||
|
# files get mode 0600
|
||||||
|
umask 166
|
||||||
|
|
||||||
|
# show version info in log files
|
||||||
|
echo "cvt_cyrusdb_all version: $VERSION"
|
||||||
|
|
||||||
|
# expand_config <path>
|
||||||
|
# handle "@include" sections from imapd style config file
|
||||||
|
expand_config() {
|
||||||
|
while read line; do
|
||||||
|
if printf "%s\n" "${line}" | grep -q '^@include:'; then
|
||||||
|
expand_config "$( printf "%s\n" "${line}" | cut -d : -f 2- | sed -e 's/^[\t ]*//' )"
|
||||||
|
else
|
||||||
|
printf "%s\n" "${line}"
|
||||||
|
fi
|
||||||
|
done < $1
|
||||||
|
}
|
||||||
|
|
||||||
|
# get_config <config> [<default>]
|
||||||
|
# extracts config option from config file
|
||||||
|
get_config() {
|
||||||
|
searchstr=$1
|
||||||
|
if config="$(expand_config $IMAPDCONF | egrep "^${searchstr}:")"; then
|
||||||
|
CFGVAL="$(printf "%s\n" "$config" | cut -d : -f 2- | sed -e 's/^[\t ]*//')"
|
||||||
|
else
|
||||||
|
if [ -z "$2" ]; then
|
||||||
|
echo "ERROR: config option '$1' not found in ${IMAPDCONF}, exiting!" 1>&2
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
CFGVAL="$2"
|
||||||
|
fi
|
||||||
|
echo "get_config ${1}: $CFGVAL" 1>&2
|
||||||
|
echo "$CFGVAL"
|
||||||
|
}
|
||||||
|
|
||||||
|
# where to find files and directories
|
||||||
|
data_dir=/usr/share/cyrus-imapd/rpm
|
||||||
|
lib_dir=/usr/lib/cyrus-imapd
|
||||||
|
system_magic=$(file --version | awk '/magic file/ {print $4}')
|
||||||
|
cyrus_magic=${data_dir}/magic
|
||||||
|
cvt_cyrusdb=${lib_dir}/cvt_cyrusdb
|
||||||
|
sievec=${lib_dir}/sievec
|
||||||
|
masssievec=${lib_dir}/masssievec
|
||||||
|
imap_prefix=$(get_config configdirectory) || exit 1
|
||||||
|
sieve_dir=$(get_config sievedir) || exit 1
|
||||||
|
db_cfg=${data_dir}/db.cfg
|
||||||
|
db_current=${imap_prefix}/rpm/db.cfg.current
|
||||||
|
db_cache=${imap_prefix}/rpm/db.cfg.cache
|
||||||
|
|
||||||
|
# source default db backend config
|
||||||
|
. $db_cfg
|
||||||
|
|
||||||
|
# get configured db backend config
|
||||||
|
duplicate_db=$(get_config duplicate_db $duplicate_db) || exit 1
|
||||||
|
mboxlist_db=$(get_config mboxlist_db $mboxlist_db) || exit 1
|
||||||
|
seenstate_db=$(get_config seenstate_db $seenstate_db) || exit 1
|
||||||
|
subscription_db=$(get_config subscription_db $subscription_db) || exit 1
|
||||||
|
tlscache_db=$(get_config tlscache_db $tlscache_db) || exit 1
|
||||||
|
annotation_db=$(get_config annotation_db $annotation_db) || exit 1
|
||||||
|
mboxkey_db=$(get_config mboxkey_db $mboxkey_db) || exit 1
|
||||||
|
ptscache_db=$(get_config ptscache_db $ptscache_db) || exit 1
|
||||||
|
quota_db=$(get_config quota_db $quota_db) || exit 1
|
||||||
|
statuscache_db=$(get_config statuscache_db $statuscache_db) || exit 1
|
||||||
|
userdeny_db=$(get_config userdeny_db $userdeny_db) || exit 1
|
||||||
|
|
||||||
|
# remember current db backend config
|
||||||
|
{
|
||||||
|
echo "duplicate_db=${duplicate_db}"
|
||||||
|
echo "mboxlist_db=${mboxlist_db}"
|
||||||
|
echo "seenstate_db=${seenstate_db}"
|
||||||
|
echo "subscription_db=${subscription_db}"
|
||||||
|
echo "tlscache_db=${tlscache_db}"
|
||||||
|
echo "annotation_db=${annotation_db}"
|
||||||
|
echo "mboxkey_db=${mboxkey_db}"
|
||||||
|
echo "ptscache_db=${ptscache_db}"
|
||||||
|
echo "quota_db=${quota_db}"
|
||||||
|
echo "statuscache_db=${statuscache_db}"
|
||||||
|
echo "userdeny_db=${userdeny_db}"
|
||||||
|
echo "sieve_version=${sieve_version}"
|
||||||
|
} | sort > $db_current
|
||||||
|
|
||||||
|
# file_type <file>
|
||||||
|
file_type() {
|
||||||
|
this_type=$(file -b -m "${cyrus_magic}:${system_magic}" "$1" 2> /dev/null)
|
||||||
|
if echo "$this_type" | grep -qi skip > /dev/null 2>&1; then
|
||||||
|
echo skiplist
|
||||||
|
elif echo "$this_type" | grep -qi text > /dev/null 2>&1; then
|
||||||
|
echo flat
|
||||||
|
else
|
||||||
|
echo berkeley
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# cvt_file <file> <db>
|
||||||
|
cvt_file() {
|
||||||
|
target="$1"
|
||||||
|
new_db="$2"
|
||||||
|
if [ -s "$target" ]; then
|
||||||
|
old_db=$(file_type "$target")
|
||||||
|
if [ ! "$old_db" = "$new_db" ]; then
|
||||||
|
# The two-step conversion is paranoia against the filenames being encoded
|
||||||
|
# inside the database or logfiles (berkeley does this, for example).
|
||||||
|
rm -f "${target}.skiplist"
|
||||||
|
if [ "$old_db" = "skiplist" ]; then
|
||||||
|
cp -a "$target" "${target}.skiplist"
|
||||||
|
else
|
||||||
|
$cvt_cyrusdb -C $IMAPDCONF "$target" "$old_db" "${target}.skiplist" skiplist
|
||||||
|
fi
|
||||||
|
RETVAL=$?
|
||||||
|
ERRVAL=$(( $ERRVAL + $RETVAL ))
|
||||||
|
if [ $RETVAL -eq 0 ]; then
|
||||||
|
rm -f "$target"
|
||||||
|
if [ -s "${target}.skiplist" ]; then
|
||||||
|
if [ "$new_db" = "skiplist" ]; then
|
||||||
|
cp -a "${target}.skiplist" "$target"
|
||||||
|
else
|
||||||
|
$cvt_cyrusdb -C $IMAPDCONF "${target}.skiplist" skiplist "$target" "$new_db"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
RETVAL=$?
|
||||||
|
ERRVAL=$(( $ERRVAL + $RETVAL ))
|
||||||
|
if [ $RETVAL -eq 0 ]; then
|
||||||
|
rm -f "${target}.skiplist"
|
||||||
|
else
|
||||||
|
echo "ERROR: unable to convert ${target}.skiplist from skiplist to $new_db"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "ERROR: unable to convert $target from $old_db to skiplist"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# cvt_to_utf8 <file>
|
||||||
|
cvt_to_utf8() {
|
||||||
|
target="$1"
|
||||||
|
if [ -s "$target" ]; then
|
||||||
|
if ! $sievec -C $IMAPDCONF "$target" "${target}.sievec"; then
|
||||||
|
iconv --from-code=ISO-8859-1 --to-code=UTF-8 --output="${target}.UTF-8" "$target"
|
||||||
|
if [ -s "${target}.UTF-8" ]; then
|
||||||
|
# preserve timestamp
|
||||||
|
touch --reference="${target}" "${target}.UTF-8"
|
||||||
|
mv -f "${target}.UTF-8" "$target"
|
||||||
|
else
|
||||||
|
ERRVAL=$(( $ERRVAL + 1 ))
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
rm -f "${target}.sievec"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
ERRVAL=0
|
||||||
|
|
||||||
|
# make sure our Berkeley databases are in a sane state
|
||||||
|
# wait for db_checkpoint to end successfully or kill it after a timeout
|
||||||
|
db_checkpoint -v -1 -h ${imap_prefix}/db &
|
||||||
|
DB_CHECK_PID=$!
|
||||||
|
CNT=0
|
||||||
|
while [ $CNT -lt 60 ]; do
|
||||||
|
if ! kill -0 $DB_CHECK_PID > /dev/null 2>&1; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
let CNT+=1
|
||||||
|
done
|
||||||
|
if kill -0 $DB_CHECK_PID > /dev/null 2>&1; then
|
||||||
|
kill -USR1 $DB_CHECK_PID > /dev/null 2>&1
|
||||||
|
sleep 1
|
||||||
|
kill -KILL $DB_CHECK_PID > /dev/null 2>&1
|
||||||
|
wait $DB_CHECK_PID > /dev/null 2>&1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# do a normal recovery
|
||||||
|
db_recover -v -h ${imap_prefix}/db
|
||||||
|
RETVAL=$?
|
||||||
|
if [ $RETVAL -ne 0 ]; then
|
||||||
|
# try a catastrophic recovery instead of normal recovery
|
||||||
|
db_recover -v -c -h ${imap_prefix}/db
|
||||||
|
RETVAL=$?
|
||||||
|
ERRVAL=$(( $ERRVAL + $RETVAL ))
|
||||||
|
if [ $RETVAL -ne 0 ]; then
|
||||||
|
echo "ERROR: catastrophic recovery of Berkeley databases failed"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$EXPORT" = "export" ]; then
|
||||||
|
# convert all db files to portable format for migration
|
||||||
|
# TODO: quota_db, we don't touch it for now
|
||||||
|
cvt_file ${imap_prefix}/deliver.db "skiplist"
|
||||||
|
cvt_file ${imap_prefix}/mailboxes.db "skiplist"
|
||||||
|
cvt_file ${imap_prefix}/tls_sessions.db "skiplist"
|
||||||
|
cvt_file ${imap_prefix}/annotations.db "skiplist"
|
||||||
|
cvt_file ${imap_prefix}/ptclient/ptscache.db "skiplist"
|
||||||
|
cvt_file ${imap_prefix}/statuscache.db "skiplist"
|
||||||
|
cvt_file ${imap_prefix}/user_deny.db "flat"
|
||||||
|
rm -vf ${imap_prefix}/db/log.*
|
||||||
|
rm -vf ${imap_prefix}/db/__db.*
|
||||||
|
else
|
||||||
|
# always convert db files which have been converted to skiplist
|
||||||
|
# TODO: quota_db, we don't touch it for now
|
||||||
|
cvt_file ${imap_prefix}/deliver.db "$duplicate_db"
|
||||||
|
cvt_file ${imap_prefix}/mailboxes.db "$mboxlist_db"
|
||||||
|
cvt_file ${imap_prefix}/tls_sessions.db "$tlscache_db"
|
||||||
|
cvt_file ${imap_prefix}/annotations.db "$annotation_db"
|
||||||
|
cvt_file ${imap_prefix}/ptclient/ptscache.db "$ptscache_db"
|
||||||
|
cvt_file ${imap_prefix}/statuscache.db "$statuscache_db"
|
||||||
|
cvt_file ${imap_prefix}/user_deny.db "$userdeny_db"
|
||||||
|
# do we have to convert all databases?
|
||||||
|
if ! cmp -s $db_current $db_cache; then
|
||||||
|
# we treat sieve scripts the same way like db files
|
||||||
|
find ${sieve_dir}/ -name "*.script" -type f | while read db_file trash; do
|
||||||
|
cvt_to_utf8 "$db_file"
|
||||||
|
done
|
||||||
|
$masssievec $sievec $IMAPDCONF
|
||||||
|
# convert all db files left
|
||||||
|
find ${imap_prefix}/user/ -name "*.seen" -type f | while read db_file trash; do
|
||||||
|
cvt_file "$db_file" "$seenstate_db"
|
||||||
|
done
|
||||||
|
find ${imap_prefix}/user/ -name "*.sub" -type f | while read db_file trash; do
|
||||||
|
cvt_file "$db_file" "$subscription_db"
|
||||||
|
done
|
||||||
|
find ${imap_prefix}/user/ -name "*.mboxkey" -type f | while read db_file trash; do
|
||||||
|
cvt_file "$db_file" "$mboxkey_db"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# update the config cache file so we can check whether something has changed
|
||||||
|
if [ $ERRVAL -eq 0 ]; then
|
||||||
|
mv -f $db_current $db_cache
|
||||||
|
else
|
||||||
|
rm -f $db_cache
|
||||||
|
rm -f $db_current
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit $ERRVAL
|
@ -8,8 +8,7 @@ After=cyrus-imapd-init.service
|
|||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
EnvironmentFile=/etc/sysconfig/cyrus-imapd
|
EnvironmentFile=/etc/sysconfig/cyrus-imapd
|
||||||
ExecStart=/usr/libexec/cyrus-imapd/master $CYRUSOPTIONS
|
ExecStart=/usr/libexec/cyrus-imapd/cyrus-master $CYRUSOPTIONS
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
|
||||||
PrivateTmp=true
|
PrivateTmp=true
|
||||||
|
|
||||||
# Cyrus may spawn many processes in normal operation. These figures are higher
|
# Cyrus may spawn many processes in normal operation. These figures are higher
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
#Type Name ID GECOS Home directory Shell
|
|
||||||
g saslauth 76
|
|
||||||
g mail 12
|
|
||||||
u cyrus 76:mail "Cyrus IMAP Server" /var/lib/imap /sbin/nologin
|
|
||||||
m cyrus saslauth
|
|
@ -1,8 +1,8 @@
|
|||||||
diff --git a/imap/squatter.c b/imap/squatter.c
|
diff --git a/imap/squatter.c b/imap/squatter.c
|
||||||
index 4419379..d00f003 100644
|
index 97daa73..d7ffbd0 100644
|
||||||
--- a/imap/squatter.c
|
--- a/imap/squatter.c
|
||||||
+++ b/imap/squatter.c
|
+++ b/imap/squatter.c
|
||||||
@@ -408,8 +408,13 @@ static void expand_mboxnames(strarray_t *sa, int nmboxnames,
|
@@ -332,8 +332,13 @@ static void expand_mboxnames(strarray_t *sa, int nmboxnames,
|
||||||
else {
|
else {
|
||||||
/* Translate any separators in mailboxname */
|
/* Translate any separators in mailboxname */
|
||||||
char *intname = mboxname_from_external(mboxnames[i], &squat_namespace, NULL);
|
char *intname = mboxname_from_external(mboxnames[i], &squat_namespace, NULL);
|
||||||
@ -17,4 +17,4 @@ index 4419379..d00f003 100644
|
|||||||
+ }
|
+ }
|
||||||
free(intname);
|
free(intname);
|
||||||
}
|
}
|
||||||
|
}
|
@ -1,17 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
mQENBFU5pZUBCAC+m05W9nJnBkrfFO9I+iimF1WCsSZNFoASJ3WEeZxIkOQO9BZj
|
|
||||||
aKf8EP/nK7nEfNGZ2m+OrAtQU/+I8Sk1ppHuwZgENLvRzLsBGbv80kDKBw31Nd1f
|
|
||||||
sCpVQs4b8zlohXjq0UN8tT5NcGJnGE7ahoOHzJk/0Ll76oVmOZvSw+WHBp1945m2
|
|
||||||
Q8CbIbfmyuv7NF6GtGDVilPeIPsDnh5w5usjpKsxjYHKpy6Rtf4MbcCLtkRbHFra
|
|
||||||
KJD+xum0PgPdCAEEbQsSXQgwOd0TZ59avRVVef674PjWqIuudUGUhJ/f9OWOj7LG
|
|
||||||
6QgJR6yvCy7Bc2eAN4RnIIzaUZGaJDKDCNozABEBAAG0ImVsbGllIHRpbW9uZXkg
|
|
||||||
PGVsbGllQGZhc3RtYWlsLmNvbT6JATgEEwECACIFAlU5pZUCGwMGCwkIBwMCBhUI
|
|
||||||
AgkKCwQWAgMBAh4BAheAAAoJEFVPBP6zY3jgb9gH/3GPDLGybo7SYZMtBmfe+Udf
|
|
||||||
tcRkTtH+o2pf2rh6KwPhhEDuOXWVCIUPWXsWIVU2K5Y8AdBIHOEoSUp3n8juV57I
|
|
||||||
u9CfDI718/WaHgEpYrq5DqyROAFr+sGahcb6C40+V/CeUSAmKVhFGniuALUSAQ+B
|
|
||||||
XVj/i2EAFNg/5ALkPYDnDYDqm7Ak6odDbktYQz987y38sg3EMC/2wi2EoOG1VWeG
|
|
||||||
twFD8HKmXZw+u6cYtFh9K1hOBZm+PhLHr3h1MHTuWYeBKkT3YqaGtXMwi704LlNr
|
|
||||||
HU8beOHSNBSsVYJ61B4kgBA7p+qnx6xIpU2KfAJl8cgjCYwrq8yo+Lm9TazagfM=
|
|
||||||
=dIwC
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -1,14 +1,14 @@
|
|||||||
diff --git a/cassandane/utils/annotator.pl b/cassandane/utils/annotator.pl
|
diff --git a/utils/annotator.pl b/utils/annotator.pl
|
||||||
index 265c73f..8af3d58 100755
|
index 94b84a2..0208831 100755
|
||||||
--- a/cassandane/utils/annotator.pl
|
--- a/utils/annotator.pl
|
||||||
+++ b/cassandane/utils/annotator.pl
|
+++ b/utils/annotator.pl
|
||||||
@@ -140,6 +140,8 @@ GetOptions(
|
@@ -140,6 +140,8 @@ GetOptions(
|
||||||
xlog "annotator $$ starting";
|
xlog "annotator $$ starting";
|
||||||
Cassandane::AnnotatorDaemon->run(
|
Cassandane::AnnotatorDaemon->run(
|
||||||
pid_file => $pidfile,
|
pid_file => $pidfile,
|
||||||
- port => $port
|
- port => $port
|
||||||
+ port => $port,
|
+ port => $port,
|
||||||
+ user => (getpwuid($<))[0],
|
+ user => (getpwuid($<))[0],
|
||||||
+ group => (getgrgid($())[0],
|
+ group => (getgrgid($())[0],
|
||||||
);
|
);
|
||||||
xlog "annotator $$ exiting";
|
xlog "annotator $$ exiting";
|
||||||
|
@ -1,27 +1,8 @@
|
|||||||
diff --git a/cassandane/Cassandane/Instance.pm b/cassandane/Cassandane/Instance.pm
|
diff --git a/Cassandane/Util/Log.pm b/Cassandane/Util/Log.pm
|
||||||
index da47518..53df2dd 100644
|
index 9cd93d5..8d3b3c1 100644
|
||||||
--- a/cassandane/Cassandane/Instance.pm
|
--- a/Cassandane/Util/Log.pm
|
||||||
+++ b/cassandane/Cassandane/Instance.pm
|
+++ b/Cassandane/Util/Log.pm
|
||||||
@@ -2179,12 +2179,8 @@ sub setup_syslog_replacement
|
@@ -52,16 +52,12 @@ our @EXPORT = qw(
|
||||||
{
|
|
||||||
my ($self) = @_;
|
|
||||||
|
|
||||||
- if (not(-e 'utils/syslog.so') || not(-e 'utils/syslog_probe')) {
|
|
||||||
- xlog "utils/syslog.so not found (do you need to run 'make'?)";
|
|
||||||
- xlog "tests will not examine syslog output";
|
|
||||||
- $self->{have_syslog_replacement} = 0;
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
+ $self->{have_syslog_replacement} = 0;
|
|
||||||
+ return;
|
|
||||||
|
|
||||||
$self->{syslog_fname} = "$self->{basedir}/conf/log/syslog";
|
|
||||||
$self->{have_syslog_replacement} = 1;
|
|
||||||
diff --git a/cassandane/Cassandane/Util/Log.pm b/cassandane/Cassandane/Util/Log.pm
|
|
||||||
index 2720801..73ae390 100644
|
|
||||||
--- a/cassandane/Cassandane/Util/Log.pm
|
|
||||||
+++ b/cassandane/Cassandane/Util/Log.pm
|
|
||||||
@@ -52,9 +52,6 @@ our @EXPORT = qw(
|
|
||||||
|
|
||||||
my $verbose = 0;
|
my $verbose = 0;
|
||||||
|
|
||||||
@ -30,11 +11,10 @@ index 2720801..73ae390 100644
|
|||||||
-
|
-
|
||||||
sub xlog
|
sub xlog
|
||||||
{
|
{
|
||||||
my $id;
|
my ($pkg, $file, $line) = caller;
|
||||||
@@ -89,7 +86,6 @@ sub xlog
|
$pkg =~ s/^Cassandane:://;
|
||||||
else {
|
my $msg = "=====> " . $pkg . "[" . $line . "] " . join(' ', @_);
|
||||||
print STDERR "$msg\n";
|
print STDERR "$msg\n";
|
||||||
}
|
|
||||||
- syslog(LOG_ERR, "$msg");
|
- syslog(LOG_ERR, "$msg");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,3 +1,27 @@
|
|||||||
|
diff --git a/doc/examples/cyrus_conf/prefork.conf b/doc/examples/cyrus_conf/prefork.conf
|
||||||
|
index 4ce2c0f..3b1e6d7 100644
|
||||||
|
--- a/doc/examples/cyrus_conf/prefork.conf
|
||||||
|
+++ b/doc/examples/cyrus_conf/prefork.conf
|
||||||
|
@@ -19,15 +19,15 @@ SERVICES {
|
||||||
|
# nntps cmd="nntpd -s" listen="nntps" prefork=1
|
||||||
|
|
||||||
|
# these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
|
||||||
|
-# http cmd="httpd" listen="http" prefork=3
|
||||||
|
-# https cmd="httpd -s" listen="https" prefork=1
|
||||||
|
+ http cmd="httpd" listen="http" prefork=3
|
||||||
|
+ https cmd="httpd -s" listen="https" prefork=1
|
||||||
|
|
||||||
|
# at least one LMTP is required for delivery
|
||||||
|
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
|
||||||
|
- lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
|
||||||
|
+ lmtpunix cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1
|
||||||
|
|
||||||
|
# this is only necessary if using notifications
|
||||||
|
-# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
|
||||||
|
+# notify cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" prefork=1
|
||||||
|
}
|
||||||
|
|
||||||
|
EVENTS {
|
||||||
diff --git a/doc/examples/imapd_conf/normal.conf b/doc/examples/imapd_conf/normal.conf
|
diff --git a/doc/examples/imapd_conf/normal.conf b/doc/examples/imapd_conf/normal.conf
|
||||||
index 95b54e9..3935b77 100644
|
index 95b54e9..3935b77 100644
|
||||||
--- a/doc/examples/imapd_conf/normal.conf
|
--- a/doc/examples/imapd_conf/normal.conf
|
||||||
@ -43,8 +67,8 @@ index 95b54e9..3935b77 100644
|
|||||||
-#
|
-#
|
||||||
-# Allowed values: caldav, carddav, domainkey, ischedule, rss
|
-# Allowed values: caldav, carddav, domainkey, ischedule, rss
|
||||||
-httpmodules: caldav carddav
|
-httpmodules: caldav carddav
|
||||||
+# Fedora default: enable all modules besides admin and tzdist
|
+# Enable supported modules
|
||||||
+httpmodules: caldav carddav domainkey freebusy ischedule rss webdav
|
+httpmodules: caldav carddav
|
||||||
|
|
||||||
# If enabled, the partitions will also be hashed, in addition to the
|
# If enabled, the partitions will also be hashed, in addition to the
|
||||||
# hashing done on configuration directories. This is recommended if one
|
# hashing done on configuration directories. This is recommended if one
|
||||||
@ -88,18 +112,3 @@ index 95b54e9..3935b77 100644
|
|||||||
# File containing the global certificate used for ALL services (imap,
|
# File containing the global certificate used for ALL services (imap,
|
||||||
# pop3, lmtp, sieve)
|
# pop3, lmtp, sieve)
|
||||||
#tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
#tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
diff --git a/doc/examples/cyrus_conf/prefork.conf b/doc/examples/cyrus_conf/prefork.conf
|
|
||||||
index 186fe66..ab97848 100644
|
|
||||||
--- a/doc/examples/cyrus_conf/prefork.conf
|
|
||||||
+++ b/doc/examples/cyrus_conf/prefork.conf
|
|
||||||
@@ -19,8 +19,8 @@ SERVICES {
|
|
||||||
# nntps cmd="nntpd -s" listen="nntps" prefork=1
|
|
||||||
|
|
||||||
# these are only necessary if using HTTP for CalDAV, CardDAV, or RSS
|
|
||||||
-# http cmd="httpd" listen="http" prefork=3
|
|
||||||
-# https cmd="httpd -s" listen="https" prefork=1
|
|
||||||
+ http cmd="httpd" listen="http" prefork=3
|
|
||||||
+ https cmd="httpd -s" listen="https" prefork=1
|
|
||||||
|
|
||||||
# at least one LMTP is required for delivery
|
|
||||||
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
|
|
||||||
|
32
SOURCES/patch-cyrus-ldap-group-retriaval
Normal file
32
SOURCES/patch-cyrus-ldap-group-retriaval
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
commit 1152ce70af232fc4200bbeca18961f99e12d73df
|
||||||
|
Author: Felix Schumacher <felix.schumacher@internetallee.de>
|
||||||
|
Date: Wed Feb 6 19:02:11 2019 +0100
|
||||||
|
|
||||||
|
Return correct group names when groups are resolved by filter
|
||||||
|
|
||||||
|
This fixes an regression, that was introduced with 61f5296c0d727faee4726525a6812b200d946d83.
|
||||||
|
Back then the logic was changed from len(vals) != 1 to two if clauses len(vals) < 1 and len(vals) > 1
|
||||||
|
which logged errors and an else clause (which matched the correct number of len(val) == 1) that
|
||||||
|
got the old error handling code.
|
||||||
|
|
||||||
|
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
|
||||||
|
index 40c9adee3..457951928 100644
|
||||||
|
--- a/ptclient/ldap.c
|
||||||
|
+++ b/ptclient/ldap.c
|
||||||
|
@@ -1336,11 +1336,15 @@ static int ptsmodule_make_authstate_filter(
|
||||||
|
syslog(LOG_ERR, "No values for attribute '%s' on entry '%s'",
|
||||||
|
ptsm->member_attribute,
|
||||||
|
errdn);
|
||||||
|
+ *reply = "no values";
|
||||||
|
+ rc = PTSM_FAIL;
|
||||||
|
+ ldap_value_free(vals);
|
||||||
|
+ vals = NULL;
|
||||||
|
+ goto done;
|
||||||
|
} else if (ldap_count_values(vals) > 1) {
|
||||||
|
syslog(LOG_ERR, "Too many values for attribute '%s' on entry '%s'",
|
||||||
|
ptsm->member_attribute,
|
||||||
|
errdn);
|
||||||
|
- } else {
|
||||||
|
*reply = "too many values";
|
||||||
|
rc = PTSM_FAIL;
|
||||||
|
ldap_value_free(vals);
|
13
SOURCES/patch-cyrus-managesieve-linking
Normal file
13
SOURCES/patch-cyrus-managesieve-linking
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/perl/sieve/managesieve/Makefile.PL.in b/perl/sieve/managesieve/Makefile.PL.in
|
||||||
|
index 2bb715d..422504d 100644
|
||||||
|
--- a/perl/sieve/managesieve/Makefile.PL.in
|
||||||
|
+++ b/perl/sieve/managesieve/Makefile.PL.in
|
||||||
|
@@ -69,7 +69,7 @@ WriteMakefile(
|
||||||
|
'ABSTRACT' => 'Cyrus Sieve management interface',
|
||||||
|
'VERSION_FROM' => "@top_srcdir@/perl/sieve/managesieve/managesieve.pm", # finds $VERSION
|
||||||
|
'MYEXTLIB' => '../lib/.libs/libisieve.a @top_builddir@/perl/.libs/libcyrus.a @top_builddir@/perl/.libs/libcyrus_min.a',
|
||||||
|
- 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@"],
|
||||||
|
+ 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@ -lsqlite3 -lpq -lmariadb"],
|
||||||
|
'CCFLAGS' => '@GCOV_CFLAGS@',
|
||||||
|
'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING'
|
||||||
|
'INC' => "-I@top_srcdir@/lib -I@top_srcdir@/perl/sieve -I@top_srcdir@/perl/sieve/lib @SASLFLAGS@ @SSL_CPPFLAGS@",
|
@ -1,26 +0,0 @@
|
|||||||
diff --git a/perl/sieve/managesieve/Makefile.PL.in b/perl/sieve/managesieve/Makefile.PL.in
|
|
||||||
index 7180b98..d589ebe 100644
|
|
||||||
--- a/perl/sieve/managesieve/Makefile.PL.in
|
|
||||||
+++ b/perl/sieve/managesieve/Makefile.PL.in
|
|
||||||
@@ -69,7 +69,7 @@ WriteMakefile(
|
|
||||||
'ABSTRACT' => 'Cyrus Sieve management interface',
|
|
||||||
'VERSION_FROM' => "@top_srcdir@/perl/sieve/managesieve/managesieve.pm", # finds $VERSION
|
|
||||||
'MYEXTLIB' => '../lib/.libs/libisieve.a @top_builddir@/perl/.libs/libcyrus.a @top_builddir@/perl/.libs/libcyrus_min.a',
|
|
||||||
- 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @LIB_REGEX@ @ZLIB@ @SQLITE_LIBADD@ @MYSQL_LIBADD@ @PGSQL_LIBADD@"],
|
|
||||||
+ 'LIBS' => ["$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @LIB_REGEX@ @ZLIB@ @SQLITE_LIBADD@ @MYSQL_LIBADD@ @PGSQL_LIBADD@ -lpcreposix"],
|
|
||||||
'CCFLAGS' => '@GCOV_CFLAGS@',
|
|
||||||
'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING'
|
|
||||||
'INC' => "-I@top_srcdir@/lib -I@top_srcdir@/perl/sieve -I@top_srcdir@/perl/sieve/lib @SASLFLAGS@ @SSL_CPPFLAGS@",
|
|
||||||
diff --git a/perl/imap/Makefile.PL.in b/perl/imap/Makefile.PL.in
|
|
||||||
index 71416cc..f76cda6 100644
|
|
||||||
--- a/perl/imap/Makefile.PL.in
|
|
||||||
+++ b/perl/imap/Makefile.PL.in
|
|
||||||
@@ -91,7 +91,7 @@ WriteMakefile(
|
|
||||||
'LD' => $Config{ld} . ' @GCOV_LDFLAGS@',
|
|
||||||
'OBJECT' => 'IMAP.o',
|
|
||||||
'MYEXTLIB' => '@top_builddir@/perl/.libs/libcyrus.a @top_builddir@/perl/.libs/libcyrus_min.a',
|
|
||||||
- 'LIBS' => [ "$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@ @GCOV_LIBS@ @LIBCAP_LIBS@"],
|
|
||||||
+ 'LIBS' => [ "$LIB_SASL @SSL_LIBS@ @LIB_UUID@ @ZLIB@ @GCOV_LIBS@ @LIBCAP_LIBS@ -lpcreposix"],
|
|
||||||
'DEFINE' => '-DPERL_POLLUTE', # e.g., '-DHAVE_SOMETHING'
|
|
||||||
'INC' => "-I@top_srcdir@ -I@top_srcdir@/com_err/et @SASLFLAGS@ @SSL_CPPFLAGS@ @GCOV_CFLAGS@ -I@top_srcdir@/perl/imap",
|
|
||||||
'EXE_FILES' => [cyradm],
|
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/imap/imapd.c b/imap/imapd.c
|
|
||||||
index 3cc75f5..a22a356 100644
|
|
||||||
--- a/imap/imapd.c
|
|
||||||
+++ b/imap/imapd.c
|
|
||||||
@@ -8022,7 +8022,7 @@ static void cmd_reconstruct(const char *tag, const char *name, int recursive)
|
|
||||||
fclose(stdout);
|
|
||||||
fclose(stderr);
|
|
||||||
|
|
||||||
- ret = snprintf(buf, sizeof(buf), "%s/quota", SBIN_DIR);
|
|
||||||
+ ret = snprintf(buf, sizeof(buf), "%s/cyr_quota", SBIN_DIR);
|
|
||||||
if(ret < 0 || ret >= (int) sizeof(buf)) {
|
|
||||||
/* in child, so fatailing won't disconnect our user */
|
|
||||||
fatal("quota buffer not sufficiently big", EX_CONFIG);
|
|
@ -7,7 +7,7 @@ index 46dc358..ca37f22 100644
|
|||||||
|
|
||||||
/* Each test gets a maximum of 20 seconds. */
|
/* Each test gets a maximum of 20 seconds. */
|
||||||
-#define TEST_TIMEOUT_MS (20*1000)
|
-#define TEST_TIMEOUT_MS (20*1000)
|
||||||
+#define TEST_TIMEOUT_MS (300*1000)
|
+#define TEST_TIMEOUT_MS (30*1000)
|
||||||
|
|
||||||
static jmp_buf jbuf;
|
static jmp_buf jbuf;
|
||||||
static const char *code;
|
static const char *code;
|
||||||
|
25
SOURCES/patch-vzic-proper-cflags
Normal file
25
SOURCES/patch-vzic-proper-cflags
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
diff --git a/tools/vzic/Makefile b/tools/vzic/Makefile
|
||||||
|
index 8ae6afa..3882998 100644
|
||||||
|
--- a/tools/vzic/Makefile
|
||||||
|
+++ b/tools/vzic/Makefile
|
||||||
|
@@ -45,17 +45,17 @@ LIBICAL_LDADD = -lical
|
||||||
|
GLIB_CFLAGS = `pkg-config --cflags glib-2.0`
|
||||||
|
GLIB_LDADD = `pkg-config --libs glib-2.0`
|
||||||
|
|
||||||
|
-CFLAGS = -g -I../.. -DOLSON_DIR=\"$(OLSON_DIR)\" -DPRODUCT_ID='"$(PRODUCT_ID)"' -DTZID_PREFIX='"$(TZID_PREFIX)"' $(GLIB_CFLAGS) $(LIBICAL_CFLAGS)
|
||||||
|
+CFLAGS += -I../.. -DOLSON_DIR=\"$(OLSON_DIR)\" -DPRODUCT_ID='"$(PRODUCT_ID)"' -DTZID_PREFIX='"$(TZID_PREFIX)"' $(GLIB_CFLAGS) $(LIBICAL_CFLAGS)
|
||||||
|
|
||||||
|
OBJECTS = vzic.o vzic-parse.o vzic-dump.o vzic-output.o
|
||||||
|
|
||||||
|
all: vzic
|
||||||
|
|
||||||
|
vzic: $(OBJECTS)
|
||||||
|
- $(CC) $(OBJECTS) $(GLIB_LDADD) -o vzic
|
||||||
|
+ $(CC) $(LDFLAGS) $(OBJECTS) $(GLIB_LDADD) -o vzic
|
||||||
|
|
||||||
|
test-vzic: test-vzic.o
|
||||||
|
- $(CC) test-vzic.o $(LIBICAL_LDADD) -o test-vzic
|
||||||
|
+ $(CC) $(LDFLAGS) test-vzic.o $(LIBICAL_LDADD) -o test-vzic
|
||||||
|
|
||||||
|
# Dependencies.
|
||||||
|
$(OBJECTS): vzic.h
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user