From dea656944c674f82a621d08ddc2a0ba27139b043 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 23 Nov 2010 10:10:40 +0100 Subject: [PATCH] - fix regression with valid_chroot_dirs being ignored (#654083) --- dovecot-2.0-bz654083.patch | 55 ++++++++++++++++++++++++++++++++++++++ dovecot.spec | 8 +++++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 dovecot-2.0-bz654083.patch diff --git a/dovecot-2.0-bz654083.patch b/dovecot-2.0-bz654083.patch new file mode 100644 index 0000000..e9aa226 --- /dev/null +++ b/dovecot-2.0-bz654083.patch @@ -0,0 +1,55 @@ +# HG changeset patch +# User Timo Sirainen +# Date 1289937106 0 +# Node ID eeaf30cfad368fd0311b87d874f2d5b27a504e0f +# Parent f78260c108b0d86e5aa746e7e98a8015b8f691e7 +Fixed home=/home/./user style chrooting to work again. + +--- a/src/lib-storage/mail-storage-service.c Tue Nov 16 19:32:51 2010 +0000 ++++ b/src/lib-storage/mail-storage-service.c Tue Nov 16 19:51:46 2010 +0000 +@@ -167,7 +167,9 @@ + const struct auth_user_reply *reply, + const char **error_r) + { +- const char *const *str, *line; ++ const char *home = reply->home; ++ const char *chroot = reply->chroot; ++ const char *const *str, *line, *p; + unsigned int i, count; + int ret = 0; + +@@ -181,18 +183,26 @@ + if (reply->gid != (uid_t)-1) + set_keyval(ctx, user, "mail_gid", dec2str(reply->gid)); + +- if (reply->home != NULL) ++ if (home != NULL && chroot == NULL && ++ *user->user_set->valid_chroot_dirs != '\0' && ++ (p = strstr(home, "/./")) != NULL) { ++ /* wu-ftpd like /./ - check only if there's even ++ a possibility of using them (non-empty valid_chroot_dirs) */ ++ chroot = t_strdup_until(home, p); ++ home = p + 2; ++ } ++ ++ if (home != NULL) + set_keyval(ctx, user, "mail_home", reply->home); + +- if (reply->chroot != NULL) { +- if (!validate_chroot(user->user_set, reply->chroot)) { ++ if (chroot != NULL) { ++ if (!validate_chroot(user->user_set, chroot)) { + *error_r = t_strdup_printf( + "userdb returned invalid chroot directory: %s " +- "(see valid_chroot_dirs setting)", +- reply->chroot); ++ "(see valid_chroot_dirs setting)", chroot); + return -1; + } +- set_keyval(ctx, user, "mail_chroot", reply->chroot); ++ set_keyval(ctx, user, "mail_chroot", chroot); + } + + str = array_get(&reply->extra_fields, &count); + + diff --git a/dovecot.spec b/dovecot.spec index 219d97b..b46a5a9 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -2,7 +2,7 @@ Summary: Secure imap and pop3 server Name: dovecot Epoch: 1 Version: 2.0.7 -Release: 1%{?dist} +Release: 2%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -27,6 +27,9 @@ Patch1: dovecot-2.0-defaultconfig.patch Patch2: dovecot-1.0.beta2-mkcert-permissions.patch Patch3: dovecot-1.0.rc7-mkcert-paths.patch +#for dovecot < 2.0.8 +Patch4: dovecot-2.0-bz654083.patch + Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel BuildRequires: libtool, autoconf, automake, pkgconfig @@ -361,6 +364,9 @@ make check %{_libdir}/%{name}/dict/libdriver_pgsql.so %changelog +* Tue Nov 23 2010 Michal Hlavinka - 1:2.0.7-2 +- fix regression with valid_chroot_dirs being ignored (#654083) + * Tue Nov 09 2010 Michal Hlavinka - 1:2.0.7-1 - dovecot updated to 2.0.7 - IMAP: Fixed LIST-STATUS when listing subscriptions with subscriptions=no namespaces.