From b8c63ea314d00e496ca06464c977c13288d76c8f Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 4 Dec 2025 11:29:01 +0000 Subject: [PATCH] Import from AlmaLinux stable repository --- SOURCES/dovecot-2.3-ph_optglob.patch | 48 ++++++++++++++++++++++ SOURCES/dovecot-2.3-ph_scriptcmp.patch | 12 ++++++ SOURCES/dovecot-2.3.15-fixvalcond.patch | 6 +-- SOURCES/dovecot.init | 0 SPECS/dovecot.spec | 54 ++++++++++++++++++------- 5 files changed, 102 insertions(+), 18 deletions(-) create mode 100644 SOURCES/dovecot-2.3-ph_optglob.patch create mode 100644 SOURCES/dovecot-2.3-ph_scriptcmp.patch mode change 100644 => 100755 SOURCES/dovecot.init diff --git a/SOURCES/dovecot-2.3-ph_optglob.patch b/SOURCES/dovecot-2.3-ph_optglob.patch new file mode 100644 index 0000000..d31527c --- /dev/null +++ b/SOURCES/dovecot-2.3-ph_optglob.patch @@ -0,0 +1,48 @@ +diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c +--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2024-06-04 09:11:28.514189662 +0200 ++++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2024-06-04 09:18:23.219809778 +0200 +@@ -368,11 +368,13 @@ static bool opc_include_dump + return FALSE; + + sieve_code_descend(denv); +- sieve_code_dumpf(denv, "script: `%s' from %s %s%s[ID: %d, BLOCK: %d]", ++ sieve_code_dumpf(denv, "script: `%s' from %s %s%s%s[ID: %d, BLOCK: %d]", + sieve_script_name(included->script), sieve_script_location(included->script), + ((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""), + ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""), +- include_id, sieve_binary_block_get_id(included->block)); ++ (included->block == NULL ? "(missing) " : ""), ++ include_id, ++ (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block))); + + return TRUE; + } +diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c +--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2023-09-14 15:18:26.000000000 +0200 ++++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2024-06-04 09:10:45.187823805 +0200 +@@ -693,6 +693,25 @@ int ext_include_execute_include(const st + } + + ctx = ext_include_get_interpreter_context(this_ext, renv->interp); ++ if (included->block == NULL) { ++ if ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0) { ++ sieve_runtime_trace( ++ renv, SIEVE_TRLVL_NONE, ++ "include: skipped include for script '%s' " ++ "[inc id: %d, block: NULL]; optional and unavailable", ++ sieve_script_name(included->script), ++ include_id); ++ return result; ++ } else { ++ sieve_runtime_trace( ++ renv, SIEVE_TRLVL_NONE, ++ "include: unavailable script '%s' " ++ "[inc id: %d, block: NULL]", ++ sieve_script_name(included->script), ++ include_id); ++ return SIEVE_EXEC_BIN_CORRUPT; ++ } ++ } + block_id = sieve_binary_block_get_id(included->block); + + /* If :once modifier is specified, check for duplicate include */ diff --git a/SOURCES/dovecot-2.3-ph_scriptcmp.patch b/SOURCES/dovecot-2.3-ph_scriptcmp.patch new file mode 100644 index 0000000..2bcaade --- /dev/null +++ b/SOURCES/dovecot-2.3-ph_scriptcmp.patch @@ -0,0 +1,12 @@ +diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c +--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 2024-06-03 13:35:24.408858593 +0200 ++++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c 2024-06-03 13:35:24.434858849 +0200 +@@ -800,7 +800,7 @@ static bool sieve_file_script_equals + (struct sieve_file_script *)other; + + return ( CMP_DEV_T(fscript->st.st_dev, fother->st.st_dev) && +- fscript->st.st_ino == fother->st.st_ino ); ++ fscript->st.st_ino == fother->st.st_ino && (fscript->st.st_ino != 0 || script->location != NULL && other->location != NULL && strcmp(script->location, other->location) == 0)); + } + + /* diff --git a/SOURCES/dovecot-2.3.15-fixvalcond.patch b/SOURCES/dovecot-2.3.15-fixvalcond.patch index 82bdafc..223e9fc 100644 --- a/SOURCES/dovecot-2.3.15-fixvalcond.patch +++ b/SOURCES/dovecot-2.3.15-fixvalcond.patch @@ -1,6 +1,6 @@ -diff -up dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c ---- dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200 -+++ dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200 +diff -up dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c +--- dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200 ++++ dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200 @@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream { struct sieve_dict_script *dscript = diff --git a/SOURCES/dovecot.init b/SOURCES/dovecot.init old mode 100644 new mode 100755 diff --git a/SPECS/dovecot.spec b/SPECS/dovecot.spec index 2890613..db33f50 100644 --- a/SPECS/dovecot.spec +++ b/SPECS/dovecot.spec @@ -6,7 +6,7 @@ Name: dovecot Epoch: 1 Version: 2.3.16 %global prever %{nil} -Release: 11%{?dist}.1 +Release: 15%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 @@ -58,14 +58,18 @@ Patch23: dovecot-2.3.18-9f300239..4596d399.patch # from upstream, for < 2.3.21, RHEL-25434 Patch24: dovecot-2.3.16-d7705bc6.patch +# sent upstream, issue #RHEL-52541 +Patch25: dovecot-2.3-ph_optglob.patch +Patch26: dovecot-2.3-ph_scriptcmp.patch + # fix test failing due to too long path with all the mock path prefixes Patch27: dovecot-2.3.21-test-socket-path.patch -# from upstream for < 2.3.21.1, RHEL-55211 +# from upstream for < 2.3.21.1, RHEL-55212 # https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch Patch28: dovecot-2.3.21.1-CVE-2024-23184.patch -# from upstream for < 2.3.21.1, RHEL-55225 +# from upstream for < 2.3.21.1, RHEL-55224 # https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch Patch29: dovecot-2.3.21.1-CVE-2024-23185.patch @@ -152,6 +156,10 @@ This package provides the development files for dovecot. %prep %setup -q -n %{name}-%{version}%{?prever} -a 8 + +# standardize name, so we don't have to update patches and scripts +mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole + %patch -P 1 -p1 -b .default-settings %patch -P 2 -p1 -b .mkcert-permissions %patch -P 3 -p1 -b .mkcert-paths @@ -167,15 +175,16 @@ This package provides the development files for dovecot. %patch -P 21 -p1 -b .7bad6a24 %patch -P 22 -p1 -b .bdf447e4 %patch -P 24 -p1 -b .d7705bc6 +%patch -P 25 -p1 -b .ph_optglob +%patch -P 26 -p1 -b .ph_scriptcmp %patch -P 27 -p1 -b .test-socket-path %patch -P 28 -p1 -b .CVE-2024-23184 %patch -P 29 -p1 -b .CVE-2024-23185 - -cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/ +cp run-test-valgrind.supp dovecot-pigeonhole/ # valgrind would fail with shell wrapper -echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude +echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude -pushd dovecot-2*3-pigeonhole-%{pigeonholever} +pushd dovecot-pigeonhole %patch -P 23 -p1 -b .9f300239..4596d399 popd sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in @@ -218,7 +227,7 @@ sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10 %make_build #pigeonhole -pushd dovecot-2*3-pigeonhole-%{pigeonholever} +pushd dovecot-pigeonhole # required for snapshot [ -f configure ] || autoreconf -fiv @@ -244,7 +253,7 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/ # fix multilib issues %multilib_fix_c_header --file %{_includedir}/dovecot/config.h -pushd dovecot-2*3-pigeonhole-%{pigeonholever} +pushd dovecot-pigeonhole %make_install mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole @@ -260,7 +269,7 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5 #install waitonline script install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript -install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers +install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.conf # generate ghost .pem files mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs @@ -359,8 +368,14 @@ then fi %check +# some time sensitive tests fail on aarch64, just log the result +%ifarch aarch64 +make check ||: +%else make check -cd dovecot-2*3-pigeonhole-%{pigeonholever} +%endif + +cd dovecot-pigeonhole make check %files @@ -374,7 +389,7 @@ make check %_tmpfilesdir/dovecot.conf -%{_sysusersdir}/dovecot.sysusers +%{_sysusersdir}/dovecot.conf %{_unitdir}/dovecot.service %{_unitdir}/dovecot-init.service %{_unitdir}/dovecot.socket @@ -509,9 +524,18 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog -* Mon Sep 02 2024 Michal Hlavinka - 1:2.3.16-11.1 -- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55211) -- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55225) +* Wed Feb 05 2025 Michal Hlavinka - 1:2.3.16-15 +- fix sysusers config file name (RHEL-77322) + +* Tue Aug 20 2024 Michal Hlavinka - 1:2.3.16-14 +- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55212) +- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55224) + +* Mon Aug 05 2024 Michal Hlavinka - 1:2.3.16-13 +- rebuild with updated tests + +* Mon Aug 05 2024 Michal Hlavinka - 1:2.3.16-12 +- fix crash when user has sieve script that includes two missing scripts (RHEL-37160) * Fri Feb 16 2024 Michal Hlavinka - 1:2.3.16-11 - fixes assert-crash when IMAP client uses QRESYNC (#RHEL-25434)