RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/dovecot#29ed947aaea4a89dbadcab2fd9c843ae48a7d156

.gitignore

@@ -0,0 +1,2 @@
+/dovecot-*.tar.gz
+/pigeonhole-*.tar.bz2

dovecot-1.0.beta2-mkcert-permissions.patch

@@ -0,0 +1,11 @@
+--- dovecot-1.0.beta2/doc/mkcert.sh.configfile	2006-01-16 21:14:54.000000000 +0100
++++ dovecot-1.0.beta2/doc/mkcert.sh	2006-01-26 14:28:38.000000000 +0100
+@@ -29,6 +29,7 @@
+ fi
+ 
+ $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
+-chmod 0600 $KEYFILE
++chown root:root $CERTFILE $KEYFILE
++chmod 0600 $CERTFILE $KEYFILE
+ echo 
+ $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2

dovecot-1.0.rc7-mkcert-paths.patch

@@ -0,0 +1,14 @@
+diff -up dovecot-2.2.27/doc/mkcert.sh.mkcert-paths dovecot-2.2.27/doc/mkcert.sh
+--- dovecot-2.2.27/doc/mkcert.sh.mkcert-paths	2016-12-05 10:26:07.913515286 +0100
++++ dovecot-2.2.27/doc/mkcert.sh	2016-12-05 10:28:25.439634417 +0100
+@@ -5,8 +5,8 @@
+ 
+ umask 077
+ OPENSSL=${OPENSSL-openssl}
+-SSLDIR=${SSLDIR-/etc/ssl}
+-OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
++SSLDIR=${SSLDIR-/etc/pki/dovecot}
++OPENSSLCONFIG=${OPENSSLCONFIG-/etc/pki/dovecot/dovecot-openssl.cnf}
+ 
+ CERTDIR=$SSLDIR/certs
+ KEYDIR=$SSLDIR/private

dovecot-2.0-defaultconfig.patch

@@ -0,0 +1,33 @@
+diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
+--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
++++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf	2018-03-01 10:29:38.208368555 +0100
+@@ -322,6 +322,7 @@ protocol !indexer-worker {
+ # them simultaneously.
+ #mbox_read_locks = fcntl
+ #mbox_write_locks = dotlock fcntl
++mbox_write_locks = fcntl
+ 
+ # Maximum time to wait for lock (all of them) before aborting.
+ #mbox_lock_timeout = 5 mins
+diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
+--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings	2018-02-28 15:28:57.000000000 +0100
++++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf	2018-03-01 10:33:54.779499044 +0100
+@@ -3,7 +3,9 @@
+ ##
+ 
+ # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
+-#ssl = yes
++# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
++# plain imap and pop3 are still allowed for local connections
++ssl = required
+ 
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
+ #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
+ # To disable non-EC DH, use:
+ #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
++ssl_cipher_list = PROFILE=SYSTEM
+ 
+ # Colon separated list of elliptic curves to use. Empty value (the default)
+ # means use the defaults from the SSL library. P-521:P-384:P-256 would be an

dovecot-2.1-privatetmp.patch

@@ -0,0 +1,11 @@
+diff -up dovecot-2.2.19/dovecot.service.in.privatetmp dovecot-2.2.19/dovecot.service.in
+--- dovecot-2.2.19/dovecot.service.in.privatetmp	2015-10-05 12:50:24.273780394 +0200
++++ dovecot-2.2.19/dovecot.service.in	2015-10-05 12:50:56.281621589 +0200
+@@ -26,6 +26,7 @@ After=local-fs.target network.target
+ Type=simple
+ ExecStart=@sbindir@/dovecot -F $OPTIONS
+ ExecReload=@sbindir@/dovecot reload
++PrivateTmp=true
+ NonBlocking=yes
+ 
+ [Install]

dovecot-2.1.10-waitonline.patch

@@ -0,0 +1,11 @@
+diff -up dovecot-2.3.0.1/dovecot.service.in.waitonline dovecot-2.3.0.1/dovecot.service.in
+--- dovecot-2.3.0.1/dovecot.service.in.waitonline	2018-03-01 10:35:39.888371078 +0100
++++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:36:29.738784661 +0100
+@@ -12,6 +12,7 @@ After=local-fs.target network-online.tar
+ 
+ [Service]
+ Type=simple
++ExecStartPre=/usr/libexec/dovecot/prestartscript
+ ExecStart=@sbindir@/dovecot -F
+ PIDFile=@rundir@/master.pid
+ ExecReload=@bindir@/doveadm reload

dovecot-2.1.4-postreleasefix.patch

@@ -0,0 +1,27 @@
+# HG changeset patch
+# User Timo Sirainen <tss@iki.fi>
+# Date 1334041779 -10800
+# Node ID 20e1aa322b1e3b7d47c7cb1b6ff68a8d07fe6c9d
+# Parent  0b59dbb1a288153d2eb26d47cd9f7a953335c66f
+lib-storage: mail_user_try_home_expand() now looks up home only when needed.
+Before a recent code cleanup the lookup was always done, but if the home
+didn't exist it still just happened to return success. The cleanup changed
+it to return failure, which broke the original behavior.
+
+diff -r 0b59dbb1a288 -r 20e1aa322b1e src/lib-storage/mail-user.c
+--- a/src/lib-storage/mail-user.c	Tue Apr 10 09:52:35 2012 +0300
++++ b/src/lib-storage/mail-user.c	Tue Apr 10 10:09:39 2012 +0300
+@@ -343,6 +343,11 @@
+ {
+ 	const char *home, *path = *pathp;
+ 
++	if (strncmp(path, "~/", 2) != 0) {
++		/* no need to expand home */
++		return 0;
++	}
++
+ 	if (mail_user_get_home(user, &home) <= 0)
+ 		return -1;
+ 
+
+

dovecot-2.2-80ed82a93c1a.patch

@@ -0,0 +1,450 @@
+
+# HG changeset patch
+# User Timo Sirainen <tss@iki.fi>
+# Date 1416386277 -32400
+# Node ID 80ed82a93c1af5f6885e75a34007eb52d0692a8d
+# Parent  31262a892ba7302bfea6e70e17d3acd468736d70
+mbox: Added more (and earlier) detection for errors in mbox istreams.
+
+diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/istream-raw-mbox.c
+--- a/src/lib-storage/index/mbox/istream-raw-mbox.c	Wed Nov 19 17:37:18 2014 +0900
++++ b/src/lib-storage/index/mbox/istream-raw-mbox.c	Wed Nov 19 17:37:57 2014 +0900
+@@ -506,7 +506,8 @@
+ 	return rstream->from_offset;
+ }
+ 
+-uoff_t istream_raw_mbox_get_header_offset(struct istream *stream)
++int istream_raw_mbox_get_header_offset(struct istream *stream,
++				       uoff_t *hdr_offset_r)
+ {
+ 	struct raw_mbox_istream *rstream =
+ 		(struct raw_mbox_istream *)stream->real_stream;
+@@ -520,13 +521,17 @@
+ 		i_error("Unexpectedly lost From-line from mbox file %s at "
+ 			"%"PRIuUOFF_T, i_stream_get_name(stream),
+ 			rstream->from_offset);
+-		return (uoff_t)-1;
++		return -1;
+ 	}
++	if (stream->stream_errno != 0)
++		return -1;
+ 
+-	return rstream->hdr_offset;
++	*hdr_offset_r = rstream->hdr_offset;
++	return 0;
+ }
+ 
+-uoff_t istream_raw_mbox_get_body_offset(struct istream *stream)
++int istream_raw_mbox_get_body_offset(struct istream *stream,
++				     uoff_t *body_offset_r)
+ {
+ 	struct raw_mbox_istream *rstream =
+ 		(struct raw_mbox_istream *)stream->real_stream;
+@@ -534,8 +539,10 @@
+ 
+ 	i_assert(rstream->seeked);
+ 
+-	if (rstream->body_offset != (uoff_t)-1)
+-		return rstream->body_offset;
++	if (rstream->body_offset != (uoff_t)-1) {
++		*body_offset_r = rstream->body_offset;
++		return 0;
++	}
+ 
+ 	offset = stream->v_offset;
+ 	i_stream_seek(stream, rstream->hdr_offset);
+@@ -551,27 +558,30 @@
+ 			} else {
+ 				i_assert(rstream->body_offset != (uoff_t)-1);
+ 			}
+-			break;
++			return -1;
+ 		}
+ 	}
+ 
+ 	i_stream_seek(stream, offset);
+-	return rstream->body_offset;
++	*body_offset_r = rstream->body_offset;
++	return 0;
+ }
+ 
+-uoff_t istream_raw_mbox_get_body_size(struct istream *stream,
+-				      uoff_t expected_body_size)
++int istream_raw_mbox_get_body_size(struct istream *stream,
++				   uoff_t expected_body_size,
++				   uoff_t *body_size_r)
+ {
+ 	struct raw_mbox_istream *rstream =
+ 		(struct raw_mbox_istream *)stream->real_stream;
+ 	const unsigned char *data;
+ 	size_t size;
+-	uoff_t old_offset, body_size, next_body_offset;
++	uoff_t old_offset, body_offset, body_size, next_body_offset;
+ 
+ 	i_assert(rstream->seeked);
+ 	i_assert(rstream->hdr_offset != (uoff_t)-1);
+ 
+-	(void)istream_raw_mbox_get_body_offset(stream);
++	if (istream_raw_mbox_get_body_offset(stream, &body_offset) < 0)
++		return -1;
+ 	body_size = rstream->mail_size == (uoff_t)-1 ? (uoff_t)-1 :
+ 		rstream->mail_size - (rstream->body_offset -
+ 				      rstream->hdr_offset);
+@@ -580,8 +590,10 @@
+ 		/* if we already have the existing body size, use it as long as
+ 		   it's >= expected body_size. otherwise the previous parsing
+ 		   may have stopped at a From_-line that belongs to the body. */
+-		if (body_size != (uoff_t)-1 && body_size >= expected_body_size)
+-			return body_size;
++		if (body_size != (uoff_t)-1 && body_size >= expected_body_size) {
++			*body_size_r = body_size;
++			return 0;
++		}
+ 
+ 		next_body_offset = rstream->body_offset + expected_body_size;
+ 		/* If header_missing_eoh is set, the message body begins with
+@@ -600,21 +612,27 @@
+ 			rstream->mail_size =
+ 				next_body_offset - rstream->hdr_offset;
+ 			i_stream_seek(stream, old_offset);
+-			return expected_body_size;
++			*body_size_r = expected_body_size;
++			return 0;
+ 		}
+ 		/* invalid expected_body_size */
+ 	}
+-	if (body_size != (uoff_t)-1)
+-		return body_size;
++	if (body_size != (uoff_t)-1) {
++		*body_size_r = body_size;
++		return 0;
++	}
+ 
+ 	/* have to read through the message body */
+ 	while (i_stream_read_data(stream, &data, &size, 0) > 0)
+ 		i_stream_skip(stream, size);
+ 	i_stream_seek(stream, old_offset);
++	if (stream->stream_errno != 0)
++		return -1;
+ 
+ 	i_assert(rstream->mail_size != (uoff_t)-1);
+-	return rstream->mail_size -
++	*body_size_r = rstream->mail_size -
+ 		(rstream->body_offset - rstream->hdr_offset);
++	return 0;
+ }
+ 
+ time_t istream_raw_mbox_get_received_time(struct istream *stream)
+@@ -651,13 +669,15 @@
+ 	return rstream->crlf_ending;
+ }
+ 
+-void istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size)
++int istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size)
+ {
+ 	struct raw_mbox_istream *rstream =
+ 		(struct raw_mbox_istream *)stream->real_stream;
+ 	uoff_t body_size;
+ 
+-	body_size = istream_raw_mbox_get_body_size(stream, expected_body_size);
++	if (istream_raw_mbox_get_body_size(stream, expected_body_size,
++					   &body_size) < 0)
++		return -1;
+ 	rstream->mail_size = (uoff_t)-1;
+ 
+ 	rstream->received_time = rstream->next_received_time;
+@@ -678,6 +698,7 @@
+ 
+ 	rstream->eof = FALSE;
+ 	rstream->istream.istream.eof = FALSE;
++	return 0;
+ }
+ 
+ int istream_raw_mbox_seek(struct istream *stream, uoff_t offset)
+@@ -698,10 +719,8 @@
+ 	/* if seeked is FALSE, we unlocked in the middle. don't try to use
+ 	   any cached state then. */
+ 	if (rstream->mail_size != (uoff_t)-1 && rstream->seeked &&
+-	    rstream->hdr_offset + rstream->mail_size == offset) {
+-		istream_raw_mbox_next(stream, (uoff_t)-1);
+-		return 0;
+-	}
++	    rstream->hdr_offset + rstream->mail_size == offset)
++		return istream_raw_mbox_next(stream, (uoff_t)-1);
+ 
+ 	if (offset == rstream->from_offset && rstream->seeked) {
+ 		/* back to beginning of current message */
+diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/istream-raw-mbox.h
+--- a/src/lib-storage/index/mbox/istream-raw-mbox.h	Wed Nov 19 17:37:18 2014 +0900
++++ b/src/lib-storage/index/mbox/istream-raw-mbox.h	Wed Nov 19 17:37:57 2014 +0900
+@@ -9,15 +9,18 @@
+ /* Return offset to beginning of the "\nFrom"-line. */
+ uoff_t istream_raw_mbox_get_start_offset(struct istream *stream);
+ /* Return offset to beginning of the headers. */
+-uoff_t istream_raw_mbox_get_header_offset(struct istream *stream);
++int istream_raw_mbox_get_header_offset(struct istream *stream,
++				       uoff_t *hdr_offset_r);
+ /* Return offset to beginning of the body. */
+-uoff_t istream_raw_mbox_get_body_offset(struct istream *stream);
++int istream_raw_mbox_get_body_offset(struct istream *stream,
++				     uoff_t *body_offset_r);
+ 
+ /* Return the number of bytes in the body of this message. If
+    expected_body_size isn't (uoff_t)-1, we'll use it as potentially valid body
+    size to avoid actually reading through the whole message. */
+-uoff_t istream_raw_mbox_get_body_size(struct istream *stream,
+-				      uoff_t expected_body_size);
++int istream_raw_mbox_get_body_size(struct istream *stream,
++				   uoff_t expected_body_size,
++				   uoff_t *body_size_r);
+ 
+ /* Return received time of current message, or (time_t)-1 if the timestamp is
+    broken. */
+@@ -30,7 +33,7 @@
+ 
+ /* Jump to next message. If expected_body_size isn't (uoff_t)-1, we'll use it
+    as potentially valid body size. */
+-void istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size);
++int istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size);
+ 
+ /* Seek to message at given offset. offset must point to beginning of
+    "\nFrom ", or 0 for beginning of file. Returns -1 if it offset doesn't
+diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-mail.c
+--- a/src/lib-storage/index/mbox/mbox-mail.c	Wed Nov 19 17:37:18 2014 +0900
++++ b/src/lib-storage/index/mbox/mbox-mail.c	Wed Nov 19 17:37:57 2014 +0900
+@@ -304,10 +304,10 @@
+ 		return -1;
+ 
+ 	/* our header size varies, so don't do any caching */
+-	body_offset = istream_raw_mbox_get_body_offset(mbox->mbox_stream);
+-	if (body_offset == (uoff_t)-1) {
++	if (istream_raw_mbox_get_body_offset(mbox->mbox_stream, &body_offset) < 0) {
+ 		mail_storage_set_critical(_mail->box->storage,
+-					  "Couldn't get mbox size");
++			"mbox %s: Couldn't get body offset for uid=%u",
++			mailbox_get_path(&mbox->box), mail->mail.mail.uid);
+ 		return -1;
+ 	}
+ 
+@@ -319,8 +319,13 @@
+ 		body_size = (uoff_t)-1;
+ 
+ 	/* verify that the calculated body size is correct */
+-	body_size = istream_raw_mbox_get_body_size(mbox->mbox_stream,
+-						   body_size);
++	if (istream_raw_mbox_get_body_size(mbox->mbox_stream,
++					   body_size, &body_size) < 0) {
++		mail_storage_set_critical(_mail->box->storage,
++			"mbox %s: Couldn't get body size for uid=%u",
++			mailbox_get_path(&mbox->box), mail->mail.mail.uid);
++		return -1;
++	}
+ 
+ 	data->physical_size = hdr_size.physical_size + body_size;
+ 	*size_r = data->physical_size;
+@@ -352,7 +357,12 @@
+ 	}
+ 
+ 	raw_stream = mbox->mbox_stream;
+-	hdr_offset = istream_raw_mbox_get_header_offset(raw_stream);
++	if (istream_raw_mbox_get_header_offset(raw_stream, &hdr_offset) < 0) {
++		mail_storage_set_critical(mbox->box.storage,
++			"mbox %s: Couldn't get header offset for uid=%u",
++			mailbox_get_path(&mbox->box), mail->mail.mail.uid);
++		return -1;
++	}
+ 	i_stream_seek(raw_stream, hdr_offset);
+ 
+ 	if (next_offset != (uoff_t)-1)
+diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-parse.c
+--- a/src/lib-storage/index/mbox/mbox-sync-parse.c	Wed Nov 19 17:37:18 2014 +0900
++++ b/src/lib-storage/index/mbox/mbox-sync-parse.c	Wed Nov 19 17:37:57 2014 +0900
+@@ -453,8 +453,8 @@
+ 	return strcasecmp(key, func->header);
+ }
+ 
+-void mbox_sync_parse_next_mail(struct istream *input,
+-			       struct mbox_sync_mail_context *ctx)
++int mbox_sync_parse_next_mail(struct istream *input,
++			      struct mbox_sync_mail_context *ctx)
+ {
+ 	struct mbox_sync_context *sync_ctx = ctx->sync_ctx;
+ 	struct message_header_parser_ctx *hdr_ctx;
+@@ -545,6 +545,12 @@
+ 	}
+ 
+ 	ctx->body_offset = input->v_offset;
++	if (input->stream_errno != 0) {
++		mbox_sync_set_critical(ctx->sync_ctx, "read(%s) failed: %s",
++			i_stream_get_name(input), i_stream_get_error(input));
++		return -1;
++	}
++	return 0;
+ }
+ 
+ bool mbox_sync_parse_match_mail(struct mbox_mailbox *mbox,
+diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-private.h
+--- a/src/lib-storage/index/mbox/mbox-sync-private.h	Wed Nov 19 17:37:18 2014 +0900
++++ b/src/lib-storage/index/mbox/mbox-sync-private.h	Wed Nov 19 17:37:57 2014 +0900
+@@ -158,8 +158,8 @@
+ void mbox_sync_set_critical(struct mbox_sync_context *sync_ctx,
+ 			    const char *fmt, ...) ATTR_FORMAT(2, 3);
+ 
+-void mbox_sync_parse_next_mail(struct istream *input,
+-			       struct mbox_sync_mail_context *ctx);
++int mbox_sync_parse_next_mail(struct istream *input,
++			      struct mbox_sync_mail_context *ctx);
+ bool mbox_sync_parse_match_mail(struct mbox_mailbox *mbox,
+ 				struct mail_index_view *view, uint32_t seq);
+ 
+diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-rewrite.c
+--- a/src/lib-storage/index/mbox/mbox-sync-rewrite.c	Wed Nov 19 17:37:18 2014 +0900
++++ b/src/lib-storage/index/mbox/mbox-sync-rewrite.c	Wed Nov 19 17:37:57 2014 +0900
+@@ -318,11 +318,11 @@
+ 	return 1;
+ }
+ 
+-static void mbox_sync_read_next(struct mbox_sync_context *sync_ctx,
+-				struct mbox_sync_mail_context *mail_ctx,
+-				struct mbox_sync_mail *mails,
+-				uint32_t seq, uint32_t idx,
+-				uoff_t expunged_space)
++static int mbox_sync_read_next(struct mbox_sync_context *sync_ctx,
++			       struct mbox_sync_mail_context *mail_ctx,
++			       struct mbox_sync_mail *mails,
++			       uint32_t seq, uint32_t idx,
++			       uoff_t expunged_space)
+ {
+ 	unsigned int first_mail_expunge_extra;
+ 	uint32_t orig_next_uid;
+@@ -332,8 +332,12 @@
+ 	mail_ctx->seq = seq;
+ 	mail_ctx->header = sync_ctx->header;
+ 
+-	mail_ctx->mail.offset =
+-		istream_raw_mbox_get_header_offset(sync_ctx->input);
++	if (istream_raw_mbox_get_header_offset(sync_ctx->input,
++					       &mail_ctx->mail.offset) < 0) {
++		mbox_sync_set_critical(sync_ctx,
++			"Couldn't get header offset for seq=%u", seq);
++		return -1;
++	}
+ 	mail_ctx->mail.body_size = mails[idx].body_size;
+ 
+ 	orig_next_uid = sync_ctx->next_uid;
+@@ -361,7 +365,8 @@
+ 		mails[idx].from_offset += first_mail_expunge_extra;
+ 	}
+ 
+-	mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx);
++	if (mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx) < 0)
++		return -1;
+ 	i_assert(mail_ctx->mail.pseudo == mails[idx].pseudo);
+ 
+ 	/* set next_uid back before updating the headers. this is important
+@@ -381,6 +386,7 @@
+ 		if (mail_ctx->have_eoh)
+ 			str_append_c(mail_ctx->header, '\n');
+ 	}
++	return 0;
+ }
+ 
+ static int mbox_sync_read_and_move(struct mbox_sync_context *sync_ctx,
+@@ -398,8 +404,9 @@
+ 		if (mbox_sync_seek(sync_ctx, mails[idx].from_offset) < 0)
+ 			return -1;
+ 
+-		mbox_sync_read_next(sync_ctx, &new_mail_ctx, mails, seq, idx,
+-				    expunged_space);
++		if (mbox_sync_read_next(sync_ctx, &new_mail_ctx, mails, seq, idx,
++					expunged_space) < 0)
++			return -1;
+ 		mail_ctx = &new_mail_ctx;
+ 	} else {
+ 		i_assert(seq == mail_ctx->seq);
+diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync.c
+--- a/src/lib-storage/index/mbox/mbox-sync.c	Wed Nov 19 17:37:18 2014 +0900
++++ b/src/lib-storage/index/mbox/mbox-sync.c	Wed Nov 19 17:37:57 2014 +0900
+@@ -131,8 +131,10 @@
+ mbox_sync_read_next_mail(struct mbox_sync_context *sync_ctx,
+ 			 struct mbox_sync_mail_context *mail_ctx)
+ {
++	uoff_t offset;
++
+ 	/* get EOF */
+-	(void)istream_raw_mbox_get_header_offset(sync_ctx->input);
++	(void)istream_raw_mbox_get_header_offset(sync_ctx->input, &offset);
+ 	if (istream_raw_mbox_is_eof(sync_ctx->input))
+ 		return 0;
+ 
+@@ -144,19 +146,27 @@
+ 
+ 	mail_ctx->mail.from_offset =
+ 		istream_raw_mbox_get_start_offset(sync_ctx->input);
+-	mail_ctx->mail.offset =
+-		istream_raw_mbox_get_header_offset(sync_ctx->input);
++	if (istream_raw_mbox_get_header_offset(sync_ctx->input, &mail_ctx->mail.offset) < 0) {
++		mbox_sync_set_critical(sync_ctx,
++			"Couldn't get header offset for seq=%u", mail_ctx->seq);
++		return -1;
++	}
+ 
+-	mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx);
++	if (mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx) < 0)
++		return -1;
++	if (istream_raw_mbox_is_corrupted(sync_ctx->input))
++		return -1;
++
+ 	i_assert(sync_ctx->input->v_offset != mail_ctx->mail.from_offset ||
+ 		 sync_ctx->input->eof);
+ 
+-	if (istream_raw_mbox_is_corrupted(sync_ctx->input))
++	if (istream_raw_mbox_get_body_size(sync_ctx->input,
++					   mail_ctx->content_length,
++					   &mail_ctx->mail.body_size) < 0) {
++		mbox_sync_set_critical(sync_ctx,
++			"Couldn't get body size for seq=%u", mail_ctx->seq);
+ 		return -1;
+-
+-	mail_ctx->mail.body_size =
+-		istream_raw_mbox_get_body_size(sync_ctx->input,
+-					       mail_ctx->content_length);
++	}
+ 	i_assert(mail_ctx->mail.body_size < OFF_T_MAX);
+ 
+ 	if ((mail_ctx->mail.flags & MAIL_RECENT) != 0 &&
+@@ -810,7 +820,7 @@
+ mbox_sync_seek_to_seq(struct mbox_sync_context *sync_ctx, uint32_t seq)
+ {
+ 	struct mbox_mailbox *mbox = sync_ctx->mbox;
+-	uoff_t old_offset;
++	uoff_t old_offset, offset;
+ 	uint32_t uid;
+ 	int ret;
+         bool deleted;
+@@ -864,7 +874,11 @@
+ 
+         sync_ctx->idx_seq = seq;
+ 	sync_ctx->dest_first_mail = sync_ctx->seq == 0;
+-        (void)istream_raw_mbox_get_body_offset(sync_ctx->input);
++	if (istream_raw_mbox_get_body_offset(sync_ctx->input, &offset) < 0) {
++		mbox_sync_set_critical(sync_ctx,
++			"Message body offset lookup failed");
++		return -1;
++	}
+ 	return 1;
+ }
+ 
+@@ -1149,8 +1163,9 @@
+ 			sync_ctx->idx_seq++;
+ 		}
+ 
+-		istream_raw_mbox_next(sync_ctx->input,
+-				      mail_ctx->mail.body_size);
++		if (istream_raw_mbox_next(sync_ctx->input,
++					  mail_ctx->mail.body_size) < 0)
++			return -1;
+ 		offset = istream_raw_mbox_get_start_offset(sync_ctx->input);
+ 
+ 		if (sync_ctx->need_space_seq != 0) {
+

dovecot-2.2.20-initbysystemd.patch

@@ -0,0 +1,46 @@
+diff -up dovecot-2.3.0.1/dovecot-init.service.initbysystemd dovecot-2.3.0.1/dovecot-init.service
+--- dovecot-2.3.0.1/dovecot-init.service.initbysystemd	2018-03-01 10:38:22.059716008 +0100
++++ dovecot-2.3.0.1/dovecot-init.service	2018-03-01 10:38:22.059716008 +0100
+@@ -0,0 +1,13 @@
++[Unit]
++Description=One-time Dovecot init service
++ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem
++
++[Service]
++Type=oneshot
++RemainAfterExit=no
++ExecStart=/bin/sh -c '\
++if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
++then\
++  SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
++fi'
++
+diff -up dovecot-2.3.0.1/dovecot.service.in.initbysystemd dovecot-2.3.0.1/dovecot.service.in
+--- dovecot-2.3.0.1/dovecot.service.in.initbysystemd	2018-03-01 10:38:22.060716016 +0100
++++ dovecot-2.3.0.1/dovecot.service.in	2018-03-01 10:40:45.524901319 +0100
+@@ -8,7 +8,8 @@
+ Description=Dovecot IMAP/POP3 email server
+ Documentation=man:dovecot(1)
+ Documentation=http://wiki2.dovecot.org/
+-After=local-fs.target network-online.target
++After=local-fs.target network-online.target dovecot-init.service
++Requires=dovecot-init.service
+ 
+ [Service]
+ Type=simple
+diff -up dovecot-2.3.0.1/Makefile.am.initbysystemd dovecot-2.3.0.1/Makefile.am
+--- dovecot-2.3.0.1/Makefile.am.initbysystemd	2018-02-28 15:28:57.000000000 +0100
++++ dovecot-2.3.0.1/Makefile.am	2018-03-01 10:38:22.060716016 +0100
+@@ -63,9 +63,10 @@ if HAVE_SYSTEMD
+ 
+ systemdsystemunit_DATA = \
+         dovecot.socket \
+-        dovecot.service
++        dovecot.service \
++        dovecot-init.service
+ else
+-EXTRA_DIST += dovecot.socket dovecot.service.in
++EXTRA_DIST += dovecot.socket dovecot.service.in dovecot-init.service
+ endif
+ 
+ install-exec-hook:

dovecot-2.2.22-systemd_w_protectsystem.patch

@@ -0,0 +1,11 @@
+diff -up dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem dovecot-2.3.2/dovecot.service.in
+--- dovecot-2.3.2/dovecot.service.in.systemd_w_protectsystem	2018-07-09 12:00:13.359193526 +0200
++++ dovecot-2.3.2/dovecot.service.in	2018-07-09 12:00:46.387716884 +0200
+@@ -23,6 +23,7 @@ ExecReload=@bindir@/doveadm reload
+ ExecStop=@bindir@/doveadm stop
+ PrivateTmp=true
+ NonBlocking=yes
++# this will make /usr /boot /etc read only for dovecot
+ ProtectSystem=full
+ ProtectHome=no
+ PrivateDevices=true

dovecot-2.3.0.1-libxcrypt.patch

@@ -0,0 +1,11 @@
+diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
+--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt       2018-02-28 15:28:58.000000000 +0100
++++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
+@@ -14,6 +14,7 @@
+ #  define _XPG6 /* Some Solaris versions require this, some break with this */
+ #endif
+ #include <unistd.h>
++#include <crypt.h>
+ 
+ #include "mycrypt.h"
+ 

dovecot-2.3.11.3-ftbfs1.patch

@@ -0,0 +1,15 @@
+diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
+index cf05370035..0a030a2be0 100644
+--- a/src/auth/test-mech.c
++++ b/src/auth/test-mech.c
+@@ -196,8 +196,8 @@ test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_
+ {
+ 	string_t *apop_challenge = t_str_new(128);
+ 
+-	str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(),
+-		    connect_uid, process_start_time+10);
++	str_printfa(apop_challenge,"<%lx.%lx.%"PRIxTIME_T".", (unsigned long)getpid(),
++		    (unsigned long)connect_uid, process_start_time+10);
+ 	str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26);
+ 	*len_r = apop_challenge->used;
+ 	return apop_challenge->data;

dovecot-2.3.11.3-ftbfs2.patch

@@ -0,0 +1,22 @@
+diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c
+index 0a030a2be0..0a22ff46d0 100644
+--- a/src/auth/test-mech.c
++++ b/src/auth/test-mech.c
+@@ -192,7 +192,7 @@ static void test_mech_handle_challenge(struct auth_request *request,
+ }
+ 
+ static inline const unsigned char *
+-test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r)
++test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r)
+ {
+ 	string_t *apop_challenge = t_str_new(128);
+ 
+@@ -323,7 +323,7 @@ static void test_mechs(void)
+ 		struct test_case *test_case = &tests[running_test];
+ 		const struct mech_module *mech = test_case->mech;
+ 		struct auth_request *request;
+-		const char *testname = t_strdup_printf("auth mech %s %d/%lu",
++		const char *testname = t_strdup_printf("auth mech %s %d/%zu",
+ 						       mech->mech_name,
+ 						       running_test+1,
+ 						       N_ELEMENTS(tests));

dovecot-2.3.11.3-gssapi.patch

@@ -0,0 +1,13 @@
+diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c
+index f29e48da88..966273d388 100644
+--- a/src/auth/mech-gssapi.c
++++ b/src/auth/mech-gssapi.c
+@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request)
+ const struct mech_module mech_gssapi = {
+ 	"GSSAPI",
+ 
+-	.flags = 0,
++	.flags = MECH_SEC_ALLOW_NULS,
+ 	.passdb_need = MECH_PASSDB_NEED_NOTHING,
+ 
+ 	mech_gssapi_auth_new,

dovecot.conf.5

@@ -0,0 +1,19 @@
+.TH DOVECOT.CONF 5 2010/06/27 "dovecot" "File Formats and Conventions"
+.SH NAME
+\fBdovecot.conf\fP \- The configuration file for dovecot imap and pop3 server
+
+.SH FULL PATH
+.B /etc/dovecot.conf
+
+.SH DESCRIPTION
+The dovecot.conf file is a configuration file for the
+.BR dovecot (1)
+imap and pop3 server. The dovecot.conf configuration file contains description to all available options. Some of these options are described also in offline wiki documentation placed in /usr/share/doc/dovecot*/wiki/.
+
+For backup purposes unmodified version of dovecot.conf can be found in /usr/share/doc/dovecot-<version>/example-config/dovecot.conf.default
+
+.SH "SEE ALSO"
+.BR doveadm (1),
+.BR dovecot (1),
+.I /usr/share/doc/dovecot*/wiki/
+.I /usr/share/doc/dovecot*/dovecot.conf.default

dovecot.init

@@ -0,0 +1,108 @@
+#!/bin/bash
+#
+#	/etc/rc.d/init.d/dovecot
+#
+# Starts the dovecot daemon
+#
+# chkconfig: - 65 35
+# description: Dovecot Imap Server
+# processname: dovecot
+# config: /etc/dovecot.conf
+# config: /etc/sysconfig/dovecot
+# pidfile: /var/run/dovecot/master.pid
+
+### BEGIN INIT INFO
+# Provides: dovecot
+# Required-Start: $local_fs $network
+# Required-Stop: $local_fs $network
+# Should-Start: $remote_fs
+# Should-Stop: $remote_fs
+# Default-Start: 
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: start and stop Dovecot Imap server
+# Description: Dovecot is an IMAP server for Linux/UNIX-like systems,
+#              written with security primarily in mind.  It also contains
+#              a small POP3 server.
+### END INIT INFO
+
+# Source function library.
+. /etc/init.d/functions
+
+if [ -f /etc/sysconfig/dovecot -a $UID -eq 0 ]; then
+    . /etc/sysconfig/dovecot
+fi
+
+RETVAL=0
+prog="Dovecot Imap"
+exec="/usr/sbin/dovecot"
+config="/etc/dovecot/dovecot.conf"
+pidfile="/var/run/dovecot/master.pid"
+lockfile="/var/lock/subsys/dovecot"
+
+start() {
+	[ $UID -eq 0 ] || exit 4
+	[ -x $exec ] || exit 5
+	[ -f $config ] || exit 6
+
+        echo -n $"Starting $prog: "
+	daemon --pidfile $pidfile $exec $OPTIONS
+	RETVAL=$?
+	[ $RETVAL -eq 0 ] && touch  $lockfile
+	echo
+}
+
+stop() {
+	[ $UID -eq 0 ] || exit 4
+	echo -n $"Stopping $prog: "
+	killproc -p $pidfile $exec
+	RETVAL=$?
+	[ $RETVAL -eq 0 ] && rm -f $lockfile
+	echo
+}
+
+reload() {
+	[ $UID -eq 0 ] || exit 4
+	echo -n $"Reloading $prog: "
+	killproc -p $pidfile $exec -HUP
+	RETVAL=$?
+	echo
+}
+
+#
+#	See how we were called.
+#
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  reload)
+	reload
+	;;
+  force-reload|restart)
+	stop
+	sleep 1
+	start
+	RETVAL=$?
+	;;
+  condrestart|try-restart)
+	if [ -f $lockfile ]; then
+	    stop
+	    sleep 3
+	    start
+	fi
+	;;
+  status)
+	status -p $pidfile $exec
+	RETVAL=$?
+	;;
+  *)
+	echo $"Usage: $0 {condrestart|try-restart|start|stop|restart|reload|force-reload|status}"
+	RETVAL=2
+	[ "$1" = 'usage' ] && RETVAL=0
+esac
+
+exit $RETVAL
+

dovecot.pam

@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth       required     pam_nologin.so
+auth       include      password-auth
+account    include      password-auth
+session    include      password-auth

dovecot.sysconfig

@@ -0,0 +1,3 @@
+# Here you can specify your dovecot command line options.
+#
+#OPTIONS=""

dovecot.tmpfilesd

@@ -0,0 +1,2 @@
+d /run/dovecot 0755 root dovecot -
+

prestartscript

@@ -0,0 +1,3 @@
+#!/bin/sh
+/bin/systemctl -q is-enabled NetworkManager.service >/dev/null 2>&1 && /usr/bin/nm-online -q --timeout 30 ||:
+

sources

@@ -0,0 +1,2 @@
+SHA512 (dovecot-2.3.11.3.tar.gz) = d83e52a7faab918a8e6f6257acc5936b81733c10489affd042c3a043cb842db060286cba9978be378e4958e9ac2e60b55ce289d7f3a88df08e7637e4785e23bb
+SHA512 (dovecot-2.3-pigeonhole-0.5.11.tar.gz) = 793d93edc50192c52654e2f7244d3e01aaa4e69f786e3ecfcd658a4ab26a5099cc5319cb93221150db4ce94bc4515ffb38115b1d0eeb6e052b956efec680b33d