From 1c2897ae9118f9a7f8798f377f90c5d1ee142eb4 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 1 Mar 2022 05:16:54 -0500
Subject: [PATCH] import dovecot-2.3.16-3.el9

---
 SOURCES/dovecot-2.0-defaultconfig.patch | 23 ++++++++++++++++-------
 SPECS/dovecot.spec                      | 15 +++++++--------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/SOURCES/dovecot-2.0-defaultconfig.patch b/SOURCES/dovecot-2.0-defaultconfig.patch
index c18dd47..21f00ec 100644
--- a/SOURCES/dovecot-2.0-defaultconfig.patch
+++ b/SOURCES/dovecot-2.0-defaultconfig.patch
@@ -1,6 +1,15 @@
-diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
---- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
-+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf	2018-03-01 10:29:38.208368555 +0100
+diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf
+--- dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings	2021-08-06 11:25:51.000000000 +0200
++++ dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf	2021-10-27 11:13:45.666956339 +0200
+@@ -175,7 +175,7 @@ namespace inbox {
+ # to make sure that users can't log in as daemons or other system users.
+ # Note that denying root logins is hardcoded to dovecot binary and can't
+ # be done even if first_valid_uid is set to 0.
+-#first_valid_uid = 500
++first_valid_uid = 1000
+ #last_valid_uid = 0
+ 
+ # Valid GID range for users, defaults to non-root/wheel. Users having
 @@ -322,6 +322,7 @@ protocol !indexer-worker {
  # them simultaneously.
  #mbox_read_locks = fcntl
@@ -9,9 +18,9 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings
  
  # Maximum time to wait for lock (all of them) before aborting.
  #mbox_lock_timeout = 5 mins
-diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
---- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
-+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf	2018-03-01 10:33:54.779499044 +0100
+diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings	2021-08-06 11:25:51.000000000 +0200
++++ dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf	2021-10-27 11:13:02.834533975 +0200
 @@ -3,7 +3,9 @@
  ##
  
@@ -23,7 +32,7 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings
  
  # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
  # dropping root privileges, so keep the key file unreadable by anyone but
-@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
+@@ -64,6 +66,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
  #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
  # To disable non-EC DH, use:
  #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
diff --git a/SPECS/dovecot.spec b/SPECS/dovecot.spec
index 76e77fa..3dfda59 100644
--- a/SPECS/dovecot.spec
+++ b/SPECS/dovecot.spec
@@ -1,16 +1,12 @@
 %global __provides_exclude_from %{_docdir}
 %global __requires_exclude_from %{_docdir}
 
-## FIXME: lto and annobin breaks build atm, retest after 2021-08
-#%global _lto_cflags %nil
-#%undefine _annotated_build
-
 Summary: Secure imap and pop3 server
 Name: dovecot
 Epoch: 1
 Version: 2.3.16
 %global prever %{nil}
-Release: 1%{?dist}
+Release: 3%{?dist}
 #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
 License: MIT and LGPLv2
 
@@ -154,9 +150,6 @@ echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.excl
 sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
 
 %build
-# This package references hidden symbols during an LTO link.  This needs further
-# investigation.  Until then, disable LTO
-%define _lto_cflags %{nil}
 #required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules
 %global _hardened_build 1
 export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"
@@ -473,6 +466,12 @@ make check
 %{_libdir}/%{name}/dict/libdriver_pgsql.so
 
 %changelog
+* Wed Nov 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
+- re-enable LTO build (#1990080)
+
+* Wed Oct 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2
+- set first_valid_uid to 1000 to match system default (#2009716)
+
 * Fri Aug 20 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
 - dovecot updated to 2.3.16, pigeonhole to 0.5.16
 - fixes several regressions (#1997583)