Compare commits
No commits in common. "c10s" and "c8" have entirely different histories.
2
.dovecot.metadata
Normal file
2
.dovecot.metadata
Normal file
@ -0,0 +1,2 @@
|
||||
4673c244c6ea73ee3da0bb61d0206a1fe3d0be0e SOURCES/dovecot-2.3-pigeonhole-0.5.16.tar.gz
|
||||
b5c598ae8b9901bfabdf2c93271f57cde0bde73e SOURCES/dovecot-2.3.16.tar.gz
|
@ -1 +0,0 @@
|
||||
1
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
/dovecot-*.tar.gz
|
||||
/pigeonhole-*.tar.bz2
|
||||
SOURCES/dovecot-2.3-pigeonhole-0.5.16.tar.gz
|
||||
SOURCES/dovecot-2.3.16.tar.gz
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf
|
||||
--- dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf 2021-10-27 11:13:45.666956339 +0200
|
||||
@@ -175,7 +175,7 @@ namespace inbox {
|
||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100
|
||||
@@ -165,7 +165,7 @@ namespace inbox {
|
||||
# to make sure that users can't log in as daemons or other system users.
|
||||
# Note that denying root logins is hardcoded to dovecot binary and can't
|
||||
# be done even if first_valid_uid is set to 0.
|
||||
@ -18,9 +18,9 @@ diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings
|
||||
|
||||
# Maximum time to wait for lock (all of them) before aborting.
|
||||
#mbox_lock_timeout = 5 mins
|
||||
diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf
|
||||
--- dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf 2021-10-27 11:13:02.834533975 +0200
|
||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100
|
||||
@@ -3,7 +3,9 @@
|
||||
##
|
||||
|
||||
@ -32,7 +32,7 @@ diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings d
|
||||
|
||||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
||||
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||
@@ -64,6 +66,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
|
||||
@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
|
||||
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
# To disable non-EC DH, use:
|
||||
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
11
SOURCES/dovecot-2.1.10-waitonline.patch
Normal file
11
SOURCES/dovecot-2.1.10-waitonline.patch
Normal file
@ -0,0 +1,11 @@
|
||||
diff -up dovecot-2.3.15/dovecot.service.in.waitonline dovecot-2.3.15/dovecot.service.in
|
||||
--- dovecot-2.3.15/dovecot.service.in.waitonline 2021-06-21 20:19:19.560494654 +0200
|
||||
+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:21:17.443066248 +0200
|
||||
@@ -15,6 +15,7 @@ After=local-fs.target network-online.tar
|
||||
|
||||
[Service]
|
||||
Type=@systemdservicetype@
|
||||
+ExecStartPre=/usr/libexec/dovecot/prestartscript
|
||||
ExecStart=@sbindir@/dovecot -F
|
||||
ExecReload=@bindir@/doveadm reload
|
||||
ExecStop=@bindir@/doveadm stop
|
@ -25,9 +25,9 @@ diff -up dovecot-2.3.15/dovecot.service.in.initbysystemd dovecot-2.3.15/dovecot.
|
||||
-After=local-fs.target network-online.target
|
||||
+After=local-fs.target network-online.target dovecot-init.service
|
||||
+Requires=dovecot-init.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=@systemdservicetype@
|
||||
diff -up dovecot-2.3.15/Makefile.am.initbysystemd dovecot-2.3.15/Makefile.am
|
||||
--- dovecot-2.3.15/Makefile.am.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
||||
+++ dovecot-2.3.15/Makefile.am 2021-06-21 20:24:26.676765849 +0200
|
13
SOURCES/dovecot-2.2.36-aclfix.patch
Normal file
13
SOURCES/dovecot-2.2.36-aclfix.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c
|
||||
--- dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix 2018-09-18 15:00:08.778823903 +0200
|
||||
+++ dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c 2018-09-18 15:00:08.814823737 +0200
|
||||
@@ -161,8 +161,7 @@ acl_backend_vfile_object_init(struct acl
|
||||
T_BEGIN {
|
||||
if (*name == '\0' ||
|
||||
mailbox_list_is_valid_name(_backend->list, name, &error)) {
|
||||
- vname = *name == '\0' ? "" :
|
||||
- mailbox_list_get_vname(_backend->list, name);
|
||||
+ vname = mailbox_list_get_vname(_backend->list, name);
|
||||
|
||||
dir = acl_backend_vfile_get_local_dir(_backend, name, vname);
|
||||
aclobj->local_path = dir == NULL ? NULL :
|
17
SOURCES/dovecot-2.3.16-d7705bc6.patch
Normal file
17
SOURCES/dovecot-2.3.16-d7705bc6.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff --git a/src/lib-index/mail-index-sync.c b/src/lib-index/mail-index-sync.c
|
||||
index 6322ee1869..c847f1cc01 100644
|
||||
--- a/src/lib-index/mail-index-sync.c
|
||||
+++ b/src/lib-index/mail-index-sync.c
|
||||
@@ -544,6 +544,12 @@ static bool mail_index_sync_view_have_any(struct mail_index_view *view,
|
||||
return TRUE;
|
||||
|
||||
mail_transaction_log_get_head(view->index->log, &log_seq, &log_offset);
|
||||
+ if (log_seq < view->map->hdr.log_file_seq ||
|
||||
+ ((log_seq == view->map->hdr.log_file_seq &&
|
||||
+ log_offset < view->map->hdr.log_file_tail_offset))) {
|
||||
+ /* invalid offsets - let the syncing handle the error */
|
||||
+ return TRUE;
|
||||
+ }
|
||||
if (mail_transaction_log_view_set(view->log_view,
|
||||
view->map->hdr.log_file_seq,
|
||||
view->map->hdr.log_file_tail_offset,
|
53
SOURCES/dovecot-2.3.16-ftbfsbigend.patch
Normal file
53
SOURCES/dovecot-2.3.16-ftbfsbigend.patch
Normal file
@ -0,0 +1,53 @@
|
||||
commit ec4595097067a736717ef202fe8542b1b4bc2dd5
|
||||
Author: Timo Sirainen <timo.sirainen@open-xchange.com>
|
||||
Date: Tue Aug 10 12:22:08 2021 +0300
|
||||
|
||||
lib-index: Fix storing cache fields' last_used with 64bit big endian CPUs
|
||||
|
||||
diff --git a/src/lib-index/mail-cache-fields.c b/src/lib-index/mail-cache-fields.c
|
||||
index e929fb559d..429e0d234c 100644
|
||||
--- a/src/lib-index/mail-cache-fields.c
|
||||
+++ b/src/lib-index/mail-cache-fields.c
|
||||
@@ -524,6 +524,19 @@ static void copy_to_buf_byte(struct mail_cache *cache, buffer_t *dest,
|
||||
}
|
||||
}
|
||||
|
||||
+static void
|
||||
+copy_to_buf_last_used(struct mail_cache *cache, buffer_t *dest, bool add_new)
|
||||
+{
|
||||
+ size_t offset = offsetof(struct mail_cache_field, last_used);
|
||||
+#if defined(WORDS_BIGENDIAN) && SIZEOF_VOID_P == 8
|
||||
+ /* 64bit time_t with big endian CPUs: copy the last 32 bits instead of
|
||||
+ the first 32 bits (that are always 0). The 32 bits are enough until
|
||||
+ year 2106, so we're not in a hurry to use 64 bits on disk. */
|
||||
+ offset += sizeof(uint32_t);
|
||||
+#endif
|
||||
+ copy_to_buf(cache, dest, add_new, offset, sizeof(uint32_t));
|
||||
+}
|
||||
+
|
||||
static int mail_cache_header_fields_update_locked(struct mail_cache *cache)
|
||||
{
|
||||
buffer_t *buffer;
|
||||
@@ -536,9 +549,7 @@ static int mail_cache_header_fields_update_locked(struct mail_cache *cache)
|
||||
|
||||
buffer = t_buffer_create(256);
|
||||
|
||||
- copy_to_buf(cache, buffer, FALSE,
|
||||
- offsetof(struct mail_cache_field, last_used),
|
||||
- sizeof(uint32_t));
|
||||
+ copy_to_buf_last_used(cache, buffer, FALSE);
|
||||
ret = mail_cache_write(cache, buffer->data, buffer->used,
|
||||
offset + MAIL_CACHE_FIELD_LAST_USED());
|
||||
if (ret == 0) {
|
||||
@@ -599,9 +610,7 @@ void mail_cache_header_fields_get(struct mail_cache *cache, buffer_t *dest)
|
||||
buffer_append(dest, &hdr, sizeof(hdr));
|
||||
|
||||
/* we have to keep the field order for the existing fields. */
|
||||
- copy_to_buf(cache, dest, TRUE,
|
||||
- offsetof(struct mail_cache_field, last_used),
|
||||
- sizeof(uint32_t));
|
||||
+ copy_to_buf_last_used(cache, dest, TRUE);
|
||||
copy_to_buf(cache, dest, TRUE,
|
||||
offsetof(struct mail_cache_field, field_size),
|
||||
sizeof(uint32_t));
|
||||
|
353
SOURCES/dovecot-2.3.16-keeplzma.patch
Normal file
353
SOURCES/dovecot-2.3.16-keeplzma.patch
Normal file
@ -0,0 +1,353 @@
|
||||
diff -up dovecot-2.3.16/configure.ac.keeplzma dovecot-2.3.16/configure.ac
|
||||
--- dovecot-2.3.16/configure.ac.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/configure.ac 2022-02-28 13:58:02.337149927 +0100
|
||||
@@ -173,7 +173,7 @@ AS_HELP_STRING([--with-bzlib], [Build wi
|
||||
want_bzlib=auto)
|
||||
|
||||
AC_ARG_WITH(lzma,
|
||||
-AS_HELP_STRING([--with-lzma], [Build with LZMA decompression support (auto)]),
|
||||
+AS_HELP_STRING([--with-lzma], [Build with LZMA compression support (auto)]),
|
||||
TEST_WITH(lzma, $withval),
|
||||
want_lzma=auto)
|
||||
|
||||
diff -up dovecot-2.3.16/run-test-valgrind.supp.keeplzma dovecot-2.3.16/run-test-valgrind.supp
|
||||
--- dovecot-2.3.16/run-test-valgrind.supp.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/run-test-valgrind.supp 2022-02-28 13:58:02.337149927 +0100
|
||||
@@ -5,6 +5,17 @@
|
||||
obj:*/bash
|
||||
}
|
||||
{
|
||||
+ <liblzma>
|
||||
+ Memcheck:Cond
|
||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
||||
+ fun:lzma_stream_encoder
|
||||
+ fun:lzma_easy_encoder
|
||||
+}
|
||||
+{
|
||||
<openssl_centos6_i386_v1_0_1_compression_methods>
|
||||
Memcheck:Leak
|
||||
fun:malloc
|
||||
diff -up dovecot-2.3.16/src/lib-compression/compression.c.keeplzma dovecot-2.3.16/src/lib-compression/compression.c
|
||||
--- dovecot-2.3.16/src/lib-compression/compression.c.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-compression/compression.c 2022-02-28 14:22:32.467944396 +0100
|
||||
@@ -25,6 +25,7 @@
|
||||
#endif
|
||||
#ifndef HAVE_LZMA
|
||||
# define i_stream_create_lzma NULL
|
||||
+# define o_stream_create_lzma NULL
|
||||
#endif
|
||||
#ifndef HAVE_LZ4
|
||||
# define i_stream_create_lz4 NULL
|
||||
@@ -216,7 +217,7 @@ const struct compression_handler compres
|
||||
.ext = ".xz",
|
||||
.is_compressed = is_compressed_xz,
|
||||
.create_istream = i_stream_create_lzma,
|
||||
- .create_ostream = NULL,
|
||||
+ .create_ostream = o_stream_create_lzma,
|
||||
.get_min_level = compression_get_min_level_unsupported,
|
||||
.get_default_level = compression_get_default_level_unsupported,
|
||||
.get_max_level = compression_get_max_level_unsupported,
|
||||
diff -up dovecot-2.3.16/src/lib-compression/Makefile.am.keeplzma dovecot-2.3.16/src/lib-compression/Makefile.am
|
||||
--- dovecot-2.3.16/src/lib-compression/Makefile.am.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-compression/Makefile.am 2022-02-28 13:58:02.337149927 +0100
|
||||
@@ -13,6 +13,7 @@ libcompression_la_SOURCES = \
|
||||
istream-zlib.c \
|
||||
istream-bzlib.c \
|
||||
istream-zstd.c \
|
||||
+ ostream-lzma.c \
|
||||
ostream-lz4.c \
|
||||
ostream-zlib.c \
|
||||
ostream-bzlib.c \
|
||||
diff -up dovecot-2.3.16/src/lib-compression/ostream-lzma.c.keeplzma dovecot-2.3.16/src/lib-compression/ostream-lzma.c
|
||||
--- dovecot-2.3.16/src/lib-compression/ostream-lzma.c.keeplzma 2022-02-28 13:58:02.338149934 +0100
|
||||
+++ dovecot-2.3.16/src/lib-compression/ostream-lzma.c 2022-02-28 13:58:02.338149934 +0100
|
||||
@@ -0,0 +1,263 @@
|
||||
+/* Copyright (c) 2010-2018 Dovecot authors, see the included COPYING file */
|
||||
+
|
||||
+#include "lib.h"
|
||||
+
|
||||
+#ifdef HAVE_LZMA
|
||||
+
|
||||
+#include "ostream-private.h"
|
||||
+#include "ostream-zlib.h"
|
||||
+#include <lzma.h>
|
||||
+
|
||||
+#define CHUNK_SIZE (1024*64)
|
||||
+
|
||||
+struct lzma_ostream {
|
||||
+ struct ostream_private ostream;
|
||||
+ lzma_stream strm;
|
||||
+
|
||||
+ unsigned char outbuf[CHUNK_SIZE];
|
||||
+ unsigned int outbuf_offset, outbuf_used;
|
||||
+
|
||||
+ bool flushed:1;
|
||||
+};
|
||||
+
|
||||
+static void o_stream_lzma_close(struct iostream_private *stream,
|
||||
+ bool close_parent)
|
||||
+{
|
||||
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
|
||||
+ i_assert(zstream->ostream.finished ||
|
||||
+ zstream->ostream.ostream.stream_errno != 0 ||
|
||||
+ zstream->ostream.error_handling_disabled);
|
||||
+ lzma_end(&zstream->strm);
|
||||
+ if (close_parent)
|
||||
+ o_stream_close(zstream->ostream.parent);
|
||||
+}
|
||||
+
|
||||
+static int o_stream_zlib_send_outbuf(struct lzma_ostream *zstream)
|
||||
+{
|
||||
+ ssize_t ret;
|
||||
+ size_t size;
|
||||
+
|
||||
+ if (zstream->outbuf_used == 0)
|
||||
+ return 1;
|
||||
+
|
||||
+ size = zstream->outbuf_used - zstream->outbuf_offset;
|
||||
+ i_assert(size > 0);
|
||||
+ ret = o_stream_send(zstream->ostream.parent,
|
||||
+ zstream->outbuf + zstream->outbuf_offset, size);
|
||||
+ if (ret < 0) {
|
||||
+ o_stream_copy_error_from_parent(&zstream->ostream);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if ((size_t)ret != size) {
|
||||
+ zstream->outbuf_offset += ret;
|
||||
+ return 0;
|
||||
+ }
|
||||
+ zstream->outbuf_offset = 0;
|
||||
+ zstream->outbuf_used = 0;
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static ssize_t
|
||||
+o_stream_lzma_send_chunk(struct lzma_ostream *zstream,
|
||||
+ const void *data, size_t size)
|
||||
+{
|
||||
+ lzma_stream *zs = &zstream->strm;
|
||||
+ int ret;
|
||||
+
|
||||
+ i_assert(zstream->outbuf_used == 0);
|
||||
+
|
||||
+ zs->next_in = (void *)data;
|
||||
+ zs->avail_in = size;
|
||||
+ while (zs->avail_in > 0) {
|
||||
+ if (zs->avail_out == 0) {
|
||||
+ /* previous block was compressed. send it and start
|
||||
+ compression for a new block. */
|
||||
+ zs->next_out = zstream->outbuf;
|
||||
+ zs->avail_out = sizeof(zstream->outbuf);
|
||||
+
|
||||
+ zstream->outbuf_used = sizeof(zstream->outbuf);
|
||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) < 0)
|
||||
+ return -1;
|
||||
+ if (ret == 0) {
|
||||
+ /* parent stream's buffer full */
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ ret = lzma_code(zs, LZMA_RUN);
|
||||
+ switch (ret) {
|
||||
+ case LZMA_OK:
|
||||
+ break;
|
||||
+ case LZMA_MEM_ERROR:
|
||||
+ i_fatal_status(FATAL_OUTOFMEM,
|
||||
+ "lzma.write(%s): Out of memory",
|
||||
+ o_stream_get_name(&zstream->ostream.ostream));
|
||||
+ default:
|
||||
+ i_panic("lzma.write(%s) failed with unexpected code %d",
|
||||
+ o_stream_get_name(&zstream->ostream.ostream), ret);
|
||||
+ }
|
||||
+ }
|
||||
+ size -= zs->avail_in;
|
||||
+
|
||||
+ return size;
|
||||
+}
|
||||
+
|
||||
+static int o_stream_lzma_send_flush(struct lzma_ostream *zstream, bool final)
|
||||
+{
|
||||
+ lzma_stream *zs = &zstream->strm;
|
||||
+ size_t len;
|
||||
+ bool done = FALSE;
|
||||
+ int ret;
|
||||
+
|
||||
+ i_assert(zs->avail_in == 0);
|
||||
+
|
||||
+ if (zstream->flushed) {
|
||||
+ i_assert(zstream->outbuf_used == 0);
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ if ((ret = o_stream_flush_parent_if_needed(&zstream->ostream)) <= 0)
|
||||
+ return ret;
|
||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0)
|
||||
+ return ret;
|
||||
+
|
||||
+ if (!final)
|
||||
+ return 1;
|
||||
+
|
||||
+ i_assert(zstream->outbuf_used == 0);
|
||||
+ do {
|
||||
+ len = sizeof(zstream->outbuf) - zs->avail_out;
|
||||
+ if (len != 0) {
|
||||
+ zs->next_out = zstream->outbuf;
|
||||
+ zs->avail_out = sizeof(zstream->outbuf);
|
||||
+
|
||||
+ zstream->outbuf_used = len;
|
||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0)
|
||||
+ return ret;
|
||||
+ if (done)
|
||||
+ break;
|
||||
+ }
|
||||
+ ret = lzma_code(zs, LZMA_FINISH);
|
||||
+ switch (ret) {
|
||||
+ case LZMA_OK:
|
||||
+ /* still unfinished - need to call lzma_code() again */
|
||||
+ break;
|
||||
+ case LZMA_STREAM_END:
|
||||
+ /* output is fully finished */
|
||||
+ done = TRUE;
|
||||
+ break;
|
||||
+ case LZMA_MEM_ERROR:
|
||||
+ i_fatal_status(FATAL_OUTOFMEM,
|
||||
+ "lzma.write(%s): Out of memory",
|
||||
+ o_stream_get_name(&zstream->ostream.ostream));
|
||||
+ default:
|
||||
+ i_panic("lzma.write(%s) flush failed with unexpected code %d",
|
||||
+ o_stream_get_name(&zstream->ostream.ostream), ret);
|
||||
+ }
|
||||
+ } while (zs->avail_out != sizeof(zstream->outbuf));
|
||||
+
|
||||
+ if (final)
|
||||
+ zstream->flushed = TRUE;
|
||||
+ i_assert(zstream->outbuf_used == 0);
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+static int o_stream_lzma_flush(struct ostream_private *stream)
|
||||
+{
|
||||
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
|
||||
+ int ret;
|
||||
+
|
||||
+ if ((ret = o_stream_lzma_send_flush(zstream, stream->finished)) < 0)
|
||||
+ return -1;
|
||||
+ else if (ret > 0)
|
||||
+ return o_stream_flush_parent(stream);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static size_t
|
||||
+o_stream_lzma_get_buffer_used_size(const struct ostream_private *stream)
|
||||
+{
|
||||
+ const struct lzma_ostream *zstream =
|
||||
+ (const struct lzma_ostream *)stream;
|
||||
+
|
||||
+ /* outbuf has already compressed data that we're trying to send to the
|
||||
+ parent stream. We're not including lzma's internal compression
|
||||
+ buffer size. */
|
||||
+ return (zstream->outbuf_used - zstream->outbuf_offset) +
|
||||
+ o_stream_get_buffer_used_size(stream->parent);
|
||||
+}
|
||||
+
|
||||
+static size_t
|
||||
+o_stream_lzma_get_buffer_avail_size(const struct ostream_private *stream)
|
||||
+{
|
||||
+ /* FIXME: not correct - this is counting compressed size, which may be
|
||||
+ too larger than uncompressed size in some situations. Fixing would
|
||||
+ require some kind of additional buffering. */
|
||||
+ return o_stream_get_buffer_avail_size(stream->parent);
|
||||
+}
|
||||
+
|
||||
+static ssize_t
|
||||
+o_stream_lzma_sendv(struct ostream_private *stream,
|
||||
+ const struct const_iovec *iov, unsigned int iov_count)
|
||||
+{
|
||||
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
|
||||
+ ssize_t ret, bytes = 0;
|
||||
+ unsigned int i;
|
||||
+
|
||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0) {
|
||||
+ /* error / we still couldn't flush existing data to
|
||||
+ parent stream. */
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < iov_count; i++) {
|
||||
+ ret = o_stream_lzma_send_chunk(zstream, iov[i].iov_base,
|
||||
+ iov[i].iov_len);
|
||||
+ if (ret < 0)
|
||||
+ return -1;
|
||||
+ bytes += ret;
|
||||
+ if ((size_t)ret != iov[i].iov_len)
|
||||
+ break;
|
||||
+ }
|
||||
+ stream->ostream.offset += bytes;
|
||||
+
|
||||
+ /* avail_in!=0 check is used to detect errors. if it's non-zero here
|
||||
+ it simply means we didn't send all the data */
|
||||
+ zstream->strm.avail_in = 0;
|
||||
+ return bytes;
|
||||
+}
|
||||
+
|
||||
+struct ostream *o_stream_create_lzma(struct ostream *output, int level)
|
||||
+{
|
||||
+ struct lzma_ostream *zstream;
|
||||
+ lzma_ret ret;
|
||||
+
|
||||
+ i_assert(level >= 1 && level <= 9);
|
||||
+
|
||||
+ zstream = i_new(struct lzma_ostream, 1);
|
||||
+ zstream->ostream.sendv = o_stream_lzma_sendv;
|
||||
+ zstream->ostream.flush = o_stream_lzma_flush;
|
||||
+ zstream->ostream.get_buffer_used_size =
|
||||
+ o_stream_lzma_get_buffer_used_size;
|
||||
+ zstream->ostream.get_buffer_avail_size =
|
||||
+ o_stream_lzma_get_buffer_avail_size;
|
||||
+ zstream->ostream.iostream.close = o_stream_lzma_close;
|
||||
+
|
||||
+ ret = lzma_easy_encoder(&zstream->strm, level, LZMA_CHECK_CRC64);
|
||||
+ switch (ret) {
|
||||
+ case LZMA_OK:
|
||||
+ break;
|
||||
+ case LZMA_MEM_ERROR:
|
||||
+ i_fatal_status(FATAL_OUTOFMEM, "lzma: Out of memory");
|
||||
+ case LZMA_OPTIONS_ERROR:
|
||||
+ i_fatal("lzma: Invalid level");
|
||||
+ default:
|
||||
+ i_fatal("lzma_easy_encoder() failed with %d", ret);
|
||||
+ }
|
||||
+
|
||||
+ zstream->strm.next_out = zstream->outbuf;
|
||||
+ zstream->strm.avail_out = sizeof(zstream->outbuf);
|
||||
+ return o_stream_create(&zstream->ostream, output,
|
||||
+ o_stream_get_fd(output));
|
||||
+}
|
||||
+#endif
|
||||
diff -up dovecot-2.3.16/src/lib-compression/ostream-zlib.h.keeplzma dovecot-2.3.16/src/lib-compression/ostream-zlib.h
|
||||
--- dovecot-2.3.16/src/lib-compression/ostream-zlib.h.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-compression/ostream-zlib.h 2022-02-28 13:58:02.338149934 +0100
|
||||
@@ -4,6 +4,7 @@
|
||||
struct ostream *o_stream_create_gz(struct ostream *output, int level);
|
||||
struct ostream *o_stream_create_deflate(struct ostream *output, int level);
|
||||
struct ostream *o_stream_create_bz2(struct ostream *output, int level);
|
||||
+struct ostream *o_stream_create_lzma(struct ostream *output, int level);
|
||||
struct ostream *o_stream_create_lz4(struct ostream *output, int level);
|
||||
struct ostream *o_stream_create_zstd(struct ostream *output, int level);
|
||||
|
||||
diff -up dovecot-2.3.16/src/lib-compression/test-compression.c.keeplzma dovecot-2.3.16/src/lib-compression/test-compression.c
|
||||
--- dovecot-2.3.16/src/lib-compression/test-compression.c.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-compression/test-compression.c 2022-02-28 13:58:02.338149934 +0100
|
||||
@@ -730,7 +730,6 @@ static void test_compression_int(bool au
|
||||
|
||||
for (i = 0; compression_handlers[i].name != NULL; i++) {
|
||||
if (compression_handlers[i].create_istream != NULL &&
|
||||
- compression_handlers[i].create_ostream != NULL &&
|
||||
(!autodetect ||
|
||||
compression_handlers[i].is_compressed != NULL)) T_BEGIN {
|
||||
if (compression_handlers[i].is_compressed != NULL &&
|
578
SOURCES/dovecot-2.3.18-9f300239..4596d399.patch
Normal file
578
SOURCES/dovecot-2.3.18-9f300239..4596d399.patch
Normal file
@ -0,0 +1,578 @@
|
||||
From 9f3002393fe1c1fe317121d03591569dac120739 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Tue, 17 Aug 2021 19:09:13 +0200
|
||||
Subject: [PATCH 01/12] lib-sieve: sieve-interpreter - Fix field mixup in debug
|
||||
message.
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-interpreter.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-interpreter.c b/src/lib-sieve/sieve-interpreter.c
|
||||
index 9ee6c659..274e142d 100644
|
||||
--- a/src/lib-sieve/sieve-interpreter.c
|
||||
+++ b/src/lib-sieve/sieve-interpreter.c
|
||||
@@ -1003,8 +1003,8 @@ int sieve_interpreter_continue(struct sieve_interpreter *interp,
|
||||
}
|
||||
e_debug(e->event(), "Finished running script `%s' "
|
||||
"(status=%s, resource usage: %s)",
|
||||
- sieve_execution_exitcode_to_str(ret),
|
||||
sieve_binary_source(interp->runenv.sbin),
|
||||
+ sieve_execution_exitcode_to_str(ret),
|
||||
sieve_resource_usage_get_summary(&interp->rusage));
|
||||
interp->running = FALSE;
|
||||
}
|
||||
|
||||
From 54e020c1212f626049bffc6c6fea8e606a893af2 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 01:44:23 +0200
|
||||
Subject: [PATCH 02/12] lib-sieve: sieve-result - Remove success parameter from
|
||||
sieve_result_implicit_keep_execute().
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 18 ++++++++----------
|
||||
1 file changed, 8 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 55eb9f54..d3f2f925 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1475,8 +1475,7 @@ void sieve_result_execution_destroy(struct sieve_result_execution **_rexec)
|
||||
}
|
||||
|
||||
static void
|
||||
-sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec,
|
||||
- bool success)
|
||||
+sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec)
|
||||
{
|
||||
const struct sieve_action_exec_env *aenv = &rexec->action_env;
|
||||
struct sieve_result *result = aenv->result;
|
||||
@@ -1486,6 +1485,7 @@ sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec,
|
||||
struct sieve_action_execution *aexec_keep = &rexec->keep;
|
||||
struct sieve_result_action *ract_keep = &rexec->keep_action;
|
||||
struct sieve_action *act_keep = &ract_keep->action;
|
||||
+ bool success = (rexec->status == SIEVE_EXEC_OK);
|
||||
|
||||
if (rexec->keep_equiv_action != NULL) {
|
||||
e_debug(rexec->event, "No implicit keep needed "
|
||||
@@ -1579,8 +1579,8 @@ sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec,
|
||||
}
|
||||
}
|
||||
|
||||
- e_debug(rexec->event, "Execute implicit keep (failure=%s)",
|
||||
- (!success ? "yes" : "no"));
|
||||
+ e_debug(rexec->event, "Execute implicit keep (status=%s)",
|
||||
+ sieve_execution_exitcode_to_str(rexec->status));
|
||||
|
||||
/* Initialize side effects */
|
||||
sieve_action_execution_add_side_effects(rexec, aexec_keep, ract_keep);
|
||||
@@ -1633,7 +1633,7 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec,
|
||||
/* Start keep if necessary */
|
||||
if (act_keep->def == NULL ||
|
||||
aexec_keep->state != SIEVE_ACTION_EXECUTION_STATE_EXECUTED) {
|
||||
- sieve_result_implicit_keep_execute(rexec, success);
|
||||
+ sieve_result_implicit_keep_execute(rexec);
|
||||
/* Switch to failure keep if necessary. */
|
||||
} else if (rexec->keep_success && !success){
|
||||
e_debug(rexec->event, "Switch to failure implicit keep");
|
||||
@@ -1645,7 +1645,7 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec,
|
||||
i_zero(aexec_keep);
|
||||
|
||||
/* Start failure keep action. */
|
||||
- sieve_result_implicit_keep_execute(rexec, success);
|
||||
+ sieve_result_implicit_keep_execute(rexec);
|
||||
}
|
||||
if (act_keep->def == NULL)
|
||||
return rexec->keep_status;
|
||||
@@ -1931,10 +1931,8 @@ int sieve_result_execute(struct sieve_result_execution *rexec, int status,
|
||||
/* Execute implicit keep if the transaction failed or when the
|
||||
implicit keep was not canceled during transaction.
|
||||
*/
|
||||
- if (rexec->status != SIEVE_EXEC_OK || rexec->keep_implicit) {
|
||||
- sieve_result_implicit_keep_execute(
|
||||
- rexec, (rexec->status == SIEVE_EXEC_OK));
|
||||
- }
|
||||
+ if (rexec->status != SIEVE_EXEC_OK || rexec->keep_implicit)
|
||||
+ sieve_result_implicit_keep_execute(rexec);
|
||||
}
|
||||
|
||||
/* Transaction commit/rollback */
|
||||
|
||||
From 291f2fdb77b86db566dca7c028dd93fc741f6b31 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 01:40:57 +0200
|
||||
Subject: [PATCH 03/12] lib-sieve: sieve-result - Remove success parameter from
|
||||
sieve_result_implicit_keep_finalize().
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 11 +++++------
|
||||
1 file changed, 5 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index d3f2f925..3cf2c02a 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1603,8 +1603,7 @@ sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec)
|
||||
}
|
||||
|
||||
static int
|
||||
-sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec,
|
||||
- bool success)
|
||||
+sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
{
|
||||
const struct sieve_action_exec_env *aenv = &rexec->action_env;
|
||||
const struct sieve_execute_env *eenv = aenv->exec_env;
|
||||
@@ -1612,6 +1611,7 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec,
|
||||
struct sieve_result_action *ract_keep = &rexec->keep_action;
|
||||
struct sieve_action *act_keep = &ract_keep->action;
|
||||
int commit_status = SIEVE_EXEC_OK;
|
||||
+ bool success = (rexec->status == SIEVE_EXEC_OK);
|
||||
|
||||
if (rexec->keep_equiv_action != NULL) {
|
||||
struct sieve_action_execution *ke_aexec =
|
||||
@@ -1627,8 +1627,8 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec,
|
||||
return rexec->keep_status;
|
||||
}
|
||||
|
||||
- e_debug(rexec->event, "Finalize implicit keep (failure=%s)",
|
||||
- (!success ? "yes" : "no"));
|
||||
+ e_debug(rexec->event, "Finalize implicit keep (status=%s)",
|
||||
+ sieve_execution_exitcode_to_str(rexec->status));
|
||||
|
||||
/* Start keep if necessary */
|
||||
if (act_keep->def == NULL ||
|
||||
@@ -1950,8 +1950,7 @@ int sieve_result_execute(struct sieve_result_execution *rexec, int status,
|
||||
implicit keep was not canceled during transaction.
|
||||
*/
|
||||
if (rexec->status != SIEVE_EXEC_OK || rexec->keep_implicit) {
|
||||
- ret = sieve_result_implicit_keep_finalize(
|
||||
- rexec, (rexec->status == SIEVE_EXEC_OK));
|
||||
+ ret = sieve_result_implicit_keep_finalize(rexec);
|
||||
switch (ret) {
|
||||
case SIEVE_EXEC_OK:
|
||||
if (result_status == SIEVE_EXEC_TEMP_FAILURE)
|
||||
|
||||
From 10e347e3c9eb5e7bf5bc6f178389005357f527fe Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 02:07:01 +0200
|
||||
Subject: [PATCH 04/12] lib-sieve: sieve-result - Move temp failure status
|
||||
checks into sieve_result_implicit_keep_execute().
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 38 ++++++++++++++++++++++++------------
|
||||
1 file changed, 26 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 3cf2c02a..44afeef7 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -934,6 +934,7 @@ struct sieve_result_execution {
|
||||
bool keep_success:1;
|
||||
bool keep_explicit:1;
|
||||
bool keep_implicit:1;
|
||||
+ bool keep_finalizing:1;
|
||||
bool seen_delivery:1;
|
||||
bool executed:1;
|
||||
bool executed_delivery:1;
|
||||
@@ -1485,7 +1486,24 @@ sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec)
|
||||
struct sieve_action_execution *aexec_keep = &rexec->keep;
|
||||
struct sieve_result_action *ract_keep = &rexec->keep_action;
|
||||
struct sieve_action *act_keep = &ract_keep->action;
|
||||
- bool success = (rexec->status == SIEVE_EXEC_OK);
|
||||
+ bool success = FALSE;
|
||||
+
|
||||
+ switch (rexec->status) {
|
||||
+ case SIEVE_EXEC_OK:
|
||||
+ success = TRUE;
|
||||
+ break;
|
||||
+ case SIEVE_EXEC_TEMP_FAILURE:
|
||||
+ case SIEVE_EXEC_RESOURCE_LIMIT:
|
||||
+ if (rexec->executed)
|
||||
+ break;
|
||||
+ if (rexec->committed)
|
||||
+ break;
|
||||
+ if (rexec->keep_finalizing)
|
||||
+ break;
|
||||
+ return;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
if (rexec->keep_equiv_action != NULL) {
|
||||
e_debug(rexec->event, "No implicit keep needed "
|
||||
@@ -1630,6 +1648,8 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
e_debug(rexec->event, "Finalize implicit keep (status=%s)",
|
||||
sieve_execution_exitcode_to_str(rexec->status));
|
||||
|
||||
+ rexec->keep_finalizing = TRUE;
|
||||
+
|
||||
/* Start keep if necessary */
|
||||
if (act_keep->def == NULL ||
|
||||
aexec_keep->state != SIEVE_ACTION_EXECUTION_STATE_EXECUTED) {
|
||||
@@ -1923,17 +1943,11 @@ int sieve_result_execute(struct sieve_result_execution *rexec, int status,
|
||||
return rexec->status;
|
||||
}
|
||||
|
||||
- /* Execute implicit keep if necessary */
|
||||
-
|
||||
- if (rexec->executed ||
|
||||
- (rexec->status != SIEVE_EXEC_TEMP_FAILURE &&
|
||||
- rexec->status != SIEVE_EXEC_RESOURCE_LIMIT)) {
|
||||
- /* Execute implicit keep if the transaction failed or when the
|
||||
- implicit keep was not canceled during transaction.
|
||||
- */
|
||||
- if (rexec->status != SIEVE_EXEC_OK || rexec->keep_implicit)
|
||||
- sieve_result_implicit_keep_execute(rexec);
|
||||
- }
|
||||
+ /* Execute implicit keep if the transaction failed or when the
|
||||
+ implicit keep was not canceled during transaction.
|
||||
+ */
|
||||
+ if (rexec->status != SIEVE_EXEC_OK || rexec->keep_implicit)
|
||||
+ sieve_result_implicit_keep_execute(rexec);
|
||||
|
||||
/* Transaction commit/rollback */
|
||||
|
||||
|
||||
From c84e6e5d8d1d8b03a0ba5958804d200c6e1916d8 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 02:26:32 +0200
|
||||
Subject: [PATCH 05/12] lib-sieve: sieve-result - Move temp failure status
|
||||
checks into sieve_result_implicit_keep_finalize().
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 56 +++++++++++++++++++++---------------
|
||||
1 file changed, 33 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 44afeef7..10cc3b95 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1629,7 +1629,20 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
struct sieve_result_action *ract_keep = &rexec->keep_action;
|
||||
struct sieve_action *act_keep = &ract_keep->action;
|
||||
int commit_status = SIEVE_EXEC_OK;
|
||||
- bool success = (rexec->status == SIEVE_EXEC_OK);
|
||||
+ bool success = FALSE;
|
||||
+
|
||||
+ switch (rexec->status) {
|
||||
+ case SIEVE_EXEC_OK:
|
||||
+ success = TRUE;
|
||||
+ break;
|
||||
+ case SIEVE_EXEC_TEMP_FAILURE:
|
||||
+ case SIEVE_EXEC_RESOURCE_LIMIT:
|
||||
+ if (rexec->committed)
|
||||
+ break;
|
||||
+ return rexec->status;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
|
||||
if (rexec->keep_equiv_action != NULL) {
|
||||
struct sieve_action_execution *ke_aexec =
|
||||
@@ -1957,32 +1970,29 @@ int sieve_result_execute(struct sieve_result_execution *rexec, int status,
|
||||
/* Commit implicit keep if necessary */
|
||||
|
||||
result_status = rexec->status;
|
||||
- if (rexec->committed ||
|
||||
- (rexec->status != SIEVE_EXEC_TEMP_FAILURE &&
|
||||
- rexec->status != SIEVE_EXEC_RESOURCE_LIMIT)) {
|
||||
- /* Commit implicit keep if the transaction failed or when the
|
||||
- implicit keep was not canceled during transaction.
|
||||
- */
|
||||
- if (rexec->status != SIEVE_EXEC_OK || rexec->keep_implicit) {
|
||||
- ret = sieve_result_implicit_keep_finalize(rexec);
|
||||
- switch (ret) {
|
||||
- case SIEVE_EXEC_OK:
|
||||
- if (result_status == SIEVE_EXEC_TEMP_FAILURE)
|
||||
- result_status = SIEVE_EXEC_FAILURE;
|
||||
+
|
||||
+ /* Commit implicit keep if the transaction failed or when the
|
||||
+ implicit keep was not canceled during transaction.
|
||||
+ */
|
||||
+ if (rexec->status != SIEVE_EXEC_OK || rexec->keep_implicit) {
|
||||
+ ret = sieve_result_implicit_keep_finalize(rexec);
|
||||
+ switch (ret) {
|
||||
+ case SIEVE_EXEC_OK:
|
||||
+ if (result_status == SIEVE_EXEC_TEMP_FAILURE)
|
||||
+ result_status = SIEVE_EXEC_FAILURE;
|
||||
+ break;
|
||||
+ case SIEVE_EXEC_TEMP_FAILURE:
|
||||
+ if (!rexec->committed) {
|
||||
+ result_status = ret;
|
||||
break;
|
||||
- case SIEVE_EXEC_TEMP_FAILURE:
|
||||
- if (!rexec->committed) {
|
||||
- result_status = ret;
|
||||
- break;
|
||||
- }
|
||||
- /* fall through */
|
||||
- default:
|
||||
- result_status = SIEVE_EXEC_KEEP_FAILED;
|
||||
}
|
||||
+ /* fall through */
|
||||
+ default:
|
||||
+ result_status = SIEVE_EXEC_KEEP_FAILED;
|
||||
}
|
||||
- if (rexec->status == SIEVE_EXEC_OK)
|
||||
- rexec->status = result_status;
|
||||
}
|
||||
+ if (rexec->status == SIEVE_EXEC_OK)
|
||||
+ rexec->status = result_status;
|
||||
|
||||
/* Finish execution */
|
||||
|
||||
|
||||
From 92b4b06d5d8deeefdd17d5fb18d7f0d23e8e414b Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 02:46:18 +0200
|
||||
Subject: [PATCH 06/12] lib-sieve: sieve-result - Skip implicit keep in
|
||||
execution stage upon temp failure.
|
||||
|
||||
It will be executed in the commit phase if necessary; don't do it early; it will
|
||||
only be rolled back.
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 10cc3b95..82354831 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1494,8 +1494,6 @@ sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec)
|
||||
break;
|
||||
case SIEVE_EXEC_TEMP_FAILURE:
|
||||
case SIEVE_EXEC_RESOURCE_LIMIT:
|
||||
- if (rexec->executed)
|
||||
- break;
|
||||
if (rexec->committed)
|
||||
break;
|
||||
if (rexec->keep_finalizing)
|
||||
|
||||
From f2b81cc6ebaa3001bde693f7abdb990f467f7831 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 02:56:32 +0200
|
||||
Subject: [PATCH 07/12] lib-sieve: sieve-result - Fix handling of resource
|
||||
limit status after implicit keep commit.
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 82354831..96582075 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1980,6 +1980,7 @@ int sieve_result_execute(struct sieve_result_execution *rexec, int status,
|
||||
result_status = SIEVE_EXEC_FAILURE;
|
||||
break;
|
||||
case SIEVE_EXEC_TEMP_FAILURE:
|
||||
+ case SIEVE_EXEC_RESOURCE_LIMIT:
|
||||
if (!rexec->committed) {
|
||||
result_status = ret;
|
||||
break;
|
||||
|
||||
From 293f0027106a725e4cbcf56b673f1eedda00c317 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 02:54:25 +0200
|
||||
Subject: [PATCH 08/12] lib-sieve: sieve-result - Fix resource leak occurring
|
||||
when implicit keep is executed before temporary failure at commit.
|
||||
|
||||
In the commit phase the implicit keep was never finalized, meaning that it was
|
||||
not rolled back and thus not cleaned up properly. This leads to a memory leak
|
||||
and a mailbox reference leak. This in turn causes an assert crash at the end
|
||||
of delivery when the mail user is destroyed.
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 18 ++++++++++++++----
|
||||
1 file changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 96582075..10ea349c 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1627,7 +1627,7 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
struct sieve_result_action *ract_keep = &rexec->keep_action;
|
||||
struct sieve_action *act_keep = &ract_keep->action;
|
||||
int commit_status = SIEVE_EXEC_OK;
|
||||
- bool success = FALSE;
|
||||
+ bool success = FALSE, temp_failure = FALSE;
|
||||
|
||||
switch (rexec->status) {
|
||||
case SIEVE_EXEC_OK:
|
||||
@@ -1637,7 +1637,15 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
case SIEVE_EXEC_RESOURCE_LIMIT:
|
||||
if (rexec->committed)
|
||||
break;
|
||||
- return rexec->status;
|
||||
+
|
||||
+ if (aexec_keep->state !=
|
||||
+ SIEVE_ACTION_EXECUTION_STATE_EXECUTED)
|
||||
+ return rexec->status;
|
||||
+ /* Roll back for temporary failure when no other action
|
||||
+ is committed. */
|
||||
+ commit_status = rexec->status;
|
||||
+ temp_failure = TRUE;
|
||||
+ break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -1662,8 +1670,10 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
rexec->keep_finalizing = TRUE;
|
||||
|
||||
/* Start keep if necessary */
|
||||
- if (act_keep->def == NULL ||
|
||||
- aexec_keep->state != SIEVE_ACTION_EXECUTION_STATE_EXECUTED) {
|
||||
+ if (temp_failure) {
|
||||
+ rexec->keep_status = rexec->status;
|
||||
+ } else if (act_keep->def == NULL ||
|
||||
+ aexec_keep->state != SIEVE_ACTION_EXECUTION_STATE_EXECUTED) {
|
||||
sieve_result_implicit_keep_execute(rexec);
|
||||
/* Switch to failure keep if necessary. */
|
||||
} else if (rexec->keep_success && !success){
|
||||
|
||||
From 81bd53d6c9fa14fc6b32304e49dddb8fd022de91 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 13:29:41 +0200
|
||||
Subject: [PATCH 09/12] lib-sieve: sieve-result - Assert that implicit keep is
|
||||
executed in sieve_result_implicit_keep_finalize().
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 10ea349c..de97d6ae 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1691,6 +1691,8 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
if (act_keep->def == NULL)
|
||||
return rexec->keep_status;
|
||||
|
||||
+ i_assert(aexec_keep->state == SIEVE_ACTION_EXECUTION_STATE_EXECUTED);
|
||||
+
|
||||
/* Finalize keep action */
|
||||
rexec->keep_status = sieve_result_action_commit_or_rollback(
|
||||
rexec, aexec_keep, rexec->keep_status, &commit_status);
|
||||
|
||||
From dbf5b62ba82766a7d824e81005b2517d96984ef0 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 02:43:05 +0200
|
||||
Subject: [PATCH 10/12] lib-sieve: sieve-result - Add debug messages for temp
|
||||
failure handling.
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 28 +++++++++++++++++++++++++---
|
||||
1 file changed, 25 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index de97d6ae..c21c8017 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1494,10 +1494,21 @@ sieve_result_implicit_keep_execute(struct sieve_result_execution *rexec)
|
||||
break;
|
||||
case SIEVE_EXEC_TEMP_FAILURE:
|
||||
case SIEVE_EXEC_RESOURCE_LIMIT:
|
||||
- if (rexec->committed)
|
||||
+ if (rexec->committed) {
|
||||
+ e_debug(rexec->event,
|
||||
+ "Temporary failure occurred (status=%s), "
|
||||
+ "but other actions were already committed: "
|
||||
+ "execute failure implicit keep",
|
||||
+ sieve_execution_exitcode_to_str(rexec->status));
|
||||
break;
|
||||
+ }
|
||||
if (rexec->keep_finalizing)
|
||||
break;
|
||||
+
|
||||
+ e_debug(rexec->event,
|
||||
+ "Skip implicit keep for temporary failure "
|
||||
+ "(state=execute, status=%s)",
|
||||
+ sieve_execution_exitcode_to_str(rexec->status));
|
||||
return;
|
||||
default:
|
||||
break;
|
||||
@@ -1635,12 +1646,23 @@ sieve_result_implicit_keep_finalize(struct sieve_result_execution *rexec)
|
||||
break;
|
||||
case SIEVE_EXEC_TEMP_FAILURE:
|
||||
case SIEVE_EXEC_RESOURCE_LIMIT:
|
||||
- if (rexec->committed)
|
||||
+ if (rexec->committed) {
|
||||
+ e_debug(rexec->event,
|
||||
+ "Temporary failure occurred (status=%s), "
|
||||
+ "but other actions were already committed: "
|
||||
+ "commit failure implicit keep",
|
||||
+ sieve_execution_exitcode_to_str(rexec->status));
|
||||
break;
|
||||
+ }
|
||||
|
||||
if (aexec_keep->state !=
|
||||
- SIEVE_ACTION_EXECUTION_STATE_EXECUTED)
|
||||
+ SIEVE_ACTION_EXECUTION_STATE_EXECUTED) {
|
||||
+ e_debug(rexec->event,
|
||||
+ "Skip implicit keep for temporary failure "
|
||||
+ "(state=commit, status=%s)",
|
||||
+ sieve_execution_exitcode_to_str(rexec->status));
|
||||
return rexec->status;
|
||||
+ }
|
||||
/* Roll back for temporary failure when no other action
|
||||
is committed. */
|
||||
commit_status = rexec->status;
|
||||
|
||||
From 65d771c15bf443690580dbb0643556794106522b Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 13:26:26 +0200
|
||||
Subject: [PATCH 11/12] lib-sieve: sieve-result - Indicate in
|
||||
sieve_result_transaction_execute() debug message whether actions were
|
||||
executed.
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index c21c8017..6f3cb954 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1796,10 +1796,11 @@ sieve_result_transaction_execute(struct sieve_result_execution *rexec,
|
||||
}
|
||||
|
||||
e_debug(rexec->event, "Finished executing actions "
|
||||
- "(status=%s, keep=%s)",
|
||||
+ "(status=%s, keep=%s, executed=%s)",
|
||||
sieve_execution_exitcode_to_str(status),
|
||||
(rexec->keep_explicit ? "explicit" :
|
||||
- (rexec->keep_implicit ? "implicit" : "none")));
|
||||
+ (rexec->keep_implicit ? "implicit" : "none")),
|
||||
+ (rexec->executed ? "yes" : "no"));
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
From 4596d39908a868783fae9a0c2fd264409c0aaa96 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Bosch <stephan.bosch@open-xchange.com>
|
||||
Date: Wed, 18 Aug 2021 13:27:50 +0200
|
||||
Subject: [PATCH 12/12] lib-sieve: sieve-result - Indicate in
|
||||
sieve_result_transaction_finalize() debug message whether actions were
|
||||
committed.
|
||||
|
||||
---
|
||||
src/lib-sieve/sieve-result.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/lib-sieve/sieve-result.c b/src/lib-sieve/sieve-result.c
|
||||
index 6f3cb954..effd6f28 100644
|
||||
--- a/src/lib-sieve/sieve-result.c
|
||||
+++ b/src/lib-sieve/sieve-result.c
|
||||
@@ -1859,10 +1859,11 @@ sieve_result_transaction_commit_or_rollback(
|
||||
}
|
||||
|
||||
e_debug(rexec->event, "Finished finalizing actions "
|
||||
- "(status=%s, keep=%s)",
|
||||
+ "(status=%s, keep=%s, committed=%s)",
|
||||
sieve_execution_exitcode_to_str(status),
|
||||
(rexec->keep_explicit ? "explicit" :
|
||||
- (rexec->keep_implicit ? "implicit" : "none")));
|
||||
+ (rexec->keep_implicit ? "implicit" : "none")),
|
||||
+ (rexec->committed ? "yes" : "no"));
|
||||
|
||||
return commit_status;
|
||||
}
|
31
SOURCES/dovecot-2.3.18-bdf447e4.patch
Normal file
31
SOURCES/dovecot-2.3.18-bdf447e4.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From bdf4474ed82aaf964e7d94e72ca56b496e3815f9 Mon Sep 17 00:00:00 2001
|
||||
From: Timo Sirainen <timo.sirainen@open-xchange.com>
|
||||
Date: Fri, 1 Oct 2021 15:08:45 +0300
|
||||
Subject: [PATCH] virtual: Fix leaking mailboxes if virtual mailbox can't be
|
||||
opened
|
||||
|
||||
Fixes also a crash at deinit:
|
||||
Panic: file mail-user.c: line 232 (mail_user_deinit): assertion failed: ((*user)->refcount == 1)
|
||||
---
|
||||
src/plugins/virtual/virtual-storage.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/plugins/virtual/virtual-storage.c b/src/plugins/virtual/virtual-storage.c
|
||||
index 2f31503d53..a0779cc186 100644
|
||||
--- a/src/plugins/virtual/virtual-storage.c
|
||||
+++ b/src/plugins/virtual/virtual-storage.c
|
||||
@@ -495,12 +495,12 @@ static int virtual_mailbox_open(struct mailbox *box)
|
||||
ret = virtual_mailboxes_open(mbox, box->flags);
|
||||
array_pop_back(&mbox->storage->open_stack);
|
||||
}
|
||||
+ if (ret == 0)
|
||||
+ ret = index_storage_mailbox_open(box, FALSE);
|
||||
if (ret < 0) {
|
||||
virtual_mailbox_close_internal(mbox);
|
||||
return -1;
|
||||
}
|
||||
- if (index_storage_mailbox_open(box, FALSE) < 0)
|
||||
- return -1;
|
||||
|
||||
mbox->virtual_ext_id =
|
||||
mail_index_ext_register(mbox->box.index, "virtual", 0,
|
@ -1,20 +1,7 @@
|
||||
From f020e139c519121d9630a966310ea8e100ee33b7 Mon Sep 17 00:00:00 2001
|
||||
From: Marco Bettini <marco.bettini@open-xchange.com>
|
||||
Date: Fri, 12 Apr 2024 15:06:43 +0000
|
||||
Subject: [PATCH 1/2] lib-mail: message-header-parser - Limit header block to
|
||||
10MB by default
|
||||
|
||||
---
|
||||
src/lib-mail/message-header-parser.c | 48 ++++++++++++----
|
||||
src/lib-mail/message-header-parser.h | 10 ++++
|
||||
src/lib-mail/test-message-header-parser.c | 67 +++++++++++++++++++++++
|
||||
3 files changed, 114 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/lib-mail/message-header-parser.c b/src/lib-mail/message-header-parser.c
|
||||
index c5026f1bb7..5e020bbeb3 100644
|
||||
--- a/src/lib-mail/message-header-parser.c
|
||||
+++ b/src/lib-mail/message-header-parser.c
|
||||
@@ -21,6 +21,9 @@ struct message_header_parser_ctx {
|
||||
diff -up dovecot-2.3.16/src/lib-mail/message-header-parser.c.CVE-2024-23185 dovecot-2.3.16/src/lib-mail/message-header-parser.c
|
||||
--- dovecot-2.3.16/src/lib-mail/message-header-parser.c.CVE-2024-23185 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-mail/message-header-parser.c 2024-08-20 23:29:25.214183880 +0200
|
||||
@@ -17,6 +17,9 @@ struct message_header_parser_ctx {
|
||||
string_t *name;
|
||||
buffer_t *value_buf;
|
||||
|
||||
@ -24,7 +11,7 @@ index c5026f1bb7..5e020bbeb3 100644
|
||||
enum message_header_parser_flags flags;
|
||||
bool skip_line:1;
|
||||
bool has_nuls:1;
|
||||
@@ -38,6 +41,7 @@ message_parse_header_init(struct istream *input, struct message_size *hdr_size,
|
||||
@@ -34,6 +37,7 @@ message_parse_header_init(struct istream
|
||||
ctx->name = str_new(default_pool, 128);
|
||||
ctx->flags = flags;
|
||||
ctx->value_buf = buffer_create_dynamic(default_pool, 4096);
|
||||
@ -32,7 +19,7 @@ index c5026f1bb7..5e020bbeb3 100644
|
||||
i_stream_ref(input);
|
||||
|
||||
if (hdr_size != NULL)
|
||||
@@ -45,6 +49,21 @@ message_parse_header_init(struct istream *input, struct message_size *hdr_size,
|
||||
@@ -41,6 +45,21 @@ message_parse_header_init(struct istream
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@ -54,7 +41,7 @@ index c5026f1bb7..5e020bbeb3 100644
|
||||
void message_parse_header_deinit(struct message_header_parser_ctx **_ctx)
|
||||
{
|
||||
struct message_header_parser_ctx *ctx = *_ctx;
|
||||
@@ -77,6 +96,7 @@ int message_parse_header_next(struct message_header_parser_ctx *ctx,
|
||||
@@ -73,6 +92,7 @@ int message_parse_header_next(struct mes
|
||||
/* new header line */
|
||||
line->name_offset = ctx->input->v_offset;
|
||||
colon_pos = UINT_MAX;
|
||||
@ -62,8 +49,8 @@ index c5026f1bb7..5e020bbeb3 100644
|
||||
buffer_set_used_size(ctx->value_buf, 0);
|
||||
}
|
||||
|
||||
@@ -342,33 +362,39 @@ int message_parse_header_next(struct message_header_parser_ctx *ctx,
|
||||
}
|
||||
@@ -326,33 +346,39 @@ int message_parse_header_next(struct mes
|
||||
line->middle = str_data(ctx->name) + line->name_len + 1;
|
||||
}
|
||||
|
||||
+ line->value_len = I_MIN(line->value_len, ctx->header_block_max_size);
|
||||
@ -113,10 +100,9 @@ index c5026f1bb7..5e020bbeb3 100644
|
||||
line->full_value = ctx->value_buf->data;
|
||||
line->full_value_len = ctx->value_buf->used;
|
||||
} else {
|
||||
diff --git a/src/lib-mail/message-header-parser.h b/src/lib-mail/message-header-parser.h
|
||||
index ce0825c8e5..43cf95e56a 100644
|
||||
--- a/src/lib-mail/message-header-parser.h
|
||||
+++ b/src/lib-mail/message-header-parser.h
|
||||
diff -up dovecot-2.3.16/src/lib-mail/message-header-parser.h.CVE-2024-23185 dovecot-2.3.16/src/lib-mail/message-header-parser.h
|
||||
--- dovecot-2.3.16/src/lib-mail/message-header-parser.h.CVE-2024-23185 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-mail/message-header-parser.h 2024-08-20 22:55:36.530652449 +0200
|
||||
@@ -1,6 +1,9 @@
|
||||
#ifndef MESSAGE_HEADER_PARSER_H
|
||||
#define MESSAGE_HEADER_PARSER_H
|
||||
@ -127,7 +113,7 @@ index ce0825c8e5..43cf95e56a 100644
|
||||
#define IS_LWSP(c) \
|
||||
((c) == ' ' || (c) == '\t')
|
||||
|
||||
@@ -48,6 +51,13 @@ message_parse_header_init(struct istream *input, struct message_size *hdr_size,
|
||||
@@ -48,6 +51,13 @@ message_parse_header_init(struct istream
|
||||
enum message_header_parser_flags flags) ATTR_NULL(2);
|
||||
void message_parse_header_deinit(struct message_header_parser_ctx **ctx);
|
||||
|
||||
@ -141,11 +127,85 @@ index ce0825c8e5..43cf95e56a 100644
|
||||
/* Read and return next header line. Returns 1 if header is returned, 0 if
|
||||
input stream is non-blocking and more data needs to be read, -1 when all is
|
||||
done or error occurred (see stream's error status). */
|
||||
diff --git a/src/lib-mail/test-message-header-parser.c b/src/lib-mail/test-message-header-parser.c
|
||||
index 700d3413f1..93d8842002 100644
|
||||
--- a/src/lib-mail/test-message-header-parser.c
|
||||
+++ b/src/lib-mail/test-message-header-parser.c
|
||||
@@ -463,6 +463,71 @@ static void test_message_header_parser_extra_crlf_in_name(void)
|
||||
diff -up dovecot-2.3.16/src/lib-mail/message-parser.c.CVE-2024-23185 dovecot-2.3.16/src/lib-mail/message-parser.c
|
||||
--- dovecot-2.3.16/src/lib-mail/message-parser.c.CVE-2024-23185 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-mail/message-parser.c 2024-08-20 22:55:36.531652458 +0200
|
||||
@@ -617,7 +617,18 @@ static int parse_next_header(struct mess
|
||||
}
|
||||
if (ret < 0) {
|
||||
/* no boundary */
|
||||
+ size_t headers_available =
|
||||
+ ctx->all_headers_max_size > ctx->all_headers_total_size ?
|
||||
+ ctx->all_headers_max_size - ctx->all_headers_total_size : 0;
|
||||
+ message_parse_header_lower_limit(ctx->hdr_parser_ctx, headers_available);
|
||||
ret = message_parse_header_next(ctx->hdr_parser_ctx, &hdr);
|
||||
+ if (ret > 0) {
|
||||
+ if (!hdr->continues) {
|
||||
+ ctx->all_headers_total_size += hdr->name_len;
|
||||
+ ctx->all_headers_total_size += hdr->middle_len;
|
||||
+ }
|
||||
+ ctx->all_headers_total_size += hdr->value_len;
|
||||
+ }
|
||||
if (ret == 0 || (ret < 0 && ctx->input->stream_errno != 0)) {
|
||||
ctx->want_count = i_stream_get_data_size(ctx->input) + 1;
|
||||
return ret;
|
||||
@@ -762,6 +773,9 @@ message_parser_init_int(struct istream *
|
||||
ctx->max_total_mime_parts = set->max_total_mime_parts != 0 ?
|
||||
set->max_total_mime_parts :
|
||||
MESSAGE_PARSER_DEFAULT_MAX_TOTAL_MIME_PARTS;
|
||||
+ ctx->all_headers_max_size = set->all_headers_max_size != 0 ?
|
||||
+ set->all_headers_max_size :
|
||||
+ MESSAGE_PARSER_DEFAULT_ALL_HEADERS_MAX_SIZE;
|
||||
ctx->input = input;
|
||||
i_stream_ref(input);
|
||||
return ctx;
|
||||
@@ -779,6 +793,7 @@ message_parser_init(pool_t part_pool, st
|
||||
ctx->next_part = &ctx->part->children;
|
||||
ctx->parse_next_block = parse_next_header_init;
|
||||
ctx->total_parts_count = 1;
|
||||
+ ctx->all_headers_total_size = 0;
|
||||
i_array_init(&ctx->next_part_stack, 4);
|
||||
return ctx;
|
||||
}
|
||||
diff -up dovecot-2.3.16/src/lib-mail/message-parser.h.CVE-2024-23185 dovecot-2.3.16/src/lib-mail/message-parser.h
|
||||
--- dovecot-2.3.16/src/lib-mail/message-parser.h.CVE-2024-23185 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-mail/message-parser.h 2024-08-20 22:55:36.531652458 +0200
|
||||
@@ -19,6 +19,7 @@ enum message_parser_flags {
|
||||
|
||||
#define MESSAGE_PARSER_DEFAULT_MAX_NESTED_MIME_PARTS 100
|
||||
#define MESSAGE_PARSER_DEFAULT_MAX_TOTAL_MIME_PARTS 10000
|
||||
+#define MESSAGE_PARSER_DEFAULT_ALL_HEADERS_MAX_SIZE ((size_t) 50 * 1024*1024)
|
||||
|
||||
struct message_parser_settings {
|
||||
enum message_header_parser_flags hdr_flags;
|
||||
@@ -30,6 +31,11 @@ struct message_parser_settings {
|
||||
/* Maximum MIME parts in total.
|
||||
0 = MESSAGE_PARSER_DEFAULT_MAX_TOTAL_MIME_PARTS. */
|
||||
unsigned int max_total_mime_parts;
|
||||
+
|
||||
+ /* Maximum bytes fore headers in top header plus all
|
||||
+ MIME sections headers
|
||||
+ 0 = MESSAGE_PARSER_DEFAULT_ALL_HEADERS_MAX_SIZE */
|
||||
+ size_t all_headers_max_size;
|
||||
};
|
||||
|
||||
struct message_parser_ctx;
|
||||
diff -up dovecot-2.3.16/src/lib-mail/message-parser-private.h.CVE-2024-23185 dovecot-2.3.16/src/lib-mail/message-parser-private.h
|
||||
--- dovecot-2.3.16/src/lib-mail/message-parser-private.h.CVE-2024-23185 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-mail/message-parser-private.h 2024-08-20 22:55:36.531652458 +0200
|
||||
@@ -30,6 +30,8 @@ struct message_parser_ctx {
|
||||
enum message_parser_flags flags;
|
||||
unsigned int max_nested_mime_parts;
|
||||
unsigned int max_total_mime_parts;
|
||||
+ size_t all_headers_max_size;
|
||||
+ size_t all_headers_total_size;
|
||||
|
||||
char *last_boundary;
|
||||
struct message_boundary *boundaries;
|
||||
diff -up dovecot-2.3.16/src/lib-mail/test-message-header-parser.c.CVE-2024-23185 dovecot-2.3.16/src/lib-mail/test-message-header-parser.c
|
||||
--- dovecot-2.3.16/src/lib-mail/test-message-header-parser.c.CVE-2024-23185 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-mail/test-message-header-parser.c 2024-08-20 23:23:18.169196280 +0200
|
||||
@@ -332,6 +332,71 @@ static void test_message_header_parser_n
|
||||
test_end();
|
||||
}
|
||||
|
||||
@ -217,112 +277,18 @@ index 700d3413f1..93d8842002 100644
|
||||
int main(void)
|
||||
{
|
||||
static void (*const test_functions[])(void) = {
|
||||
@@ -473,6 +538,8 @@ int main(void)
|
||||
@@ -341,6 +406,8 @@ int main(void)
|
||||
test_message_header_parser_extra_cr_in_eoh,
|
||||
test_message_header_parser_no_eoh,
|
||||
test_message_header_parser_nul,
|
||||
test_message_header_parser_extra_crlf_in_name,
|
||||
+ test_message_header_truncation_flag0,
|
||||
+ test_message_header_truncation_clean_oneline,
|
||||
NULL
|
||||
};
|
||||
return test_run(test_functions);
|
||||
|
||||
From ce88c33abc37e408592eff70aeefa28f803effb9 Mon Sep 17 00:00:00 2001
|
||||
From: Marco Bettini <marco.bettini@open-xchange.com>
|
||||
Date: Wed, 24 Apr 2024 10:45:46 +0000
|
||||
Subject: [PATCH 2/2] lib-mail: message-parser - Limit headers total count to
|
||||
50MB by default
|
||||
|
||||
(including top headers and all mime-sections headers)
|
||||
---
|
||||
src/lib-mail/message-parser-private.h | 2 +
|
||||
src/lib-mail/message-parser.c | 15 +++
|
||||
src/lib-mail/message-parser.h | 6 +
|
||||
src/lib-mail/test-message-parser.c | 154 ++++++++++++++++++++++++++
|
||||
4 files changed, 177 insertions(+)
|
||||
|
||||
diff --git a/src/lib-mail/message-parser-private.h b/src/lib-mail/message-parser-private.h
|
||||
index 41c32daf3a..8b362a9e71 100644
|
||||
--- a/src/lib-mail/message-parser-private.h
|
||||
+++ b/src/lib-mail/message-parser-private.h
|
||||
@@ -30,6 +30,8 @@ struct message_parser_ctx {
|
||||
enum message_parser_flags flags;
|
||||
unsigned int max_nested_mime_parts;
|
||||
unsigned int max_total_mime_parts;
|
||||
+ size_t all_headers_max_size;
|
||||
+ size_t all_headers_total_size;
|
||||
|
||||
char *last_boundary;
|
||||
struct message_boundary *boundaries;
|
||||
diff --git a/src/lib-mail/message-parser.c b/src/lib-mail/message-parser.c
|
||||
index 9a9c9a3515..c7e3b1e96a 100644
|
||||
--- a/src/lib-mail/message-parser.c
|
||||
+++ b/src/lib-mail/message-parser.c
|
||||
@@ -617,7 +617,18 @@ static int parse_next_header(struct message_parser_ctx *ctx,
|
||||
}
|
||||
if (ret < 0) {
|
||||
/* no boundary */
|
||||
+ size_t headers_available =
|
||||
+ ctx->all_headers_max_size > ctx->all_headers_total_size ?
|
||||
+ ctx->all_headers_max_size - ctx->all_headers_total_size : 0;
|
||||
+ message_parse_header_lower_limit(ctx->hdr_parser_ctx, headers_available);
|
||||
ret = message_parse_header_next(ctx->hdr_parser_ctx, &hdr);
|
||||
+ if (ret > 0) {
|
||||
+ if (!hdr->continues) {
|
||||
+ ctx->all_headers_total_size += hdr->name_len;
|
||||
+ ctx->all_headers_total_size += hdr->middle_len;
|
||||
+ }
|
||||
+ ctx->all_headers_total_size += hdr->value_len;
|
||||
+ }
|
||||
if (ret == 0 || (ret < 0 && ctx->input->stream_errno != 0)) {
|
||||
ctx->want_count = i_stream_get_data_size(ctx->input) + 1;
|
||||
return ret;
|
||||
@@ -762,6 +773,9 @@ message_parser_init_int(struct istream *input,
|
||||
ctx->max_total_mime_parts = set->max_total_mime_parts != 0 ?
|
||||
set->max_total_mime_parts :
|
||||
MESSAGE_PARSER_DEFAULT_MAX_TOTAL_MIME_PARTS;
|
||||
+ ctx->all_headers_max_size = set->all_headers_max_size != 0 ?
|
||||
+ set->all_headers_max_size :
|
||||
+ MESSAGE_PARSER_DEFAULT_ALL_HEADERS_MAX_SIZE;
|
||||
ctx->input = input;
|
||||
i_stream_ref(input);
|
||||
return ctx;
|
||||
@@ -779,6 +793,7 @@ message_parser_init(pool_t part_pool, struct istream *input,
|
||||
ctx->next_part = &ctx->part->children;
|
||||
ctx->parse_next_block = parse_next_header_init;
|
||||
ctx->total_parts_count = 1;
|
||||
+ ctx->all_headers_total_size = 0;
|
||||
i_array_init(&ctx->next_part_stack, 4);
|
||||
return ctx;
|
||||
}
|
||||
diff --git a/src/lib-mail/message-parser.h b/src/lib-mail/message-parser.h
|
||||
index f19e526284..8d70d73f05 100644
|
||||
--- a/src/lib-mail/message-parser.h
|
||||
+++ b/src/lib-mail/message-parser.h
|
||||
@@ -19,6 +19,7 @@ enum message_parser_flags {
|
||||
|
||||
#define MESSAGE_PARSER_DEFAULT_MAX_NESTED_MIME_PARTS 100
|
||||
#define MESSAGE_PARSER_DEFAULT_MAX_TOTAL_MIME_PARTS 10000
|
||||
+#define MESSAGE_PARSER_DEFAULT_ALL_HEADERS_MAX_SIZE ((size_t) 50 * 1024*1024)
|
||||
|
||||
struct message_parser_settings {
|
||||
enum message_header_parser_flags hdr_flags;
|
||||
@@ -30,6 +31,11 @@ struct message_parser_settings {
|
||||
/* Maximum MIME parts in total.
|
||||
0 = MESSAGE_PARSER_DEFAULT_MAX_TOTAL_MIME_PARTS. */
|
||||
unsigned int max_total_mime_parts;
|
||||
+
|
||||
+ /* Maximum bytes fore headers in top header plus all
|
||||
+ MIME sections headers
|
||||
+ 0 = MESSAGE_PARSER_DEFAULT_ALL_HEADERS_MAX_SIZE */
|
||||
+ size_t all_headers_max_size;
|
||||
};
|
||||
|
||||
struct message_parser_ctx;
|
||||
diff --git a/src/lib-mail/test-message-parser.c b/src/lib-mail/test-message-parser.c
|
||||
index 663bfe8c5a..b6bada2303 100644
|
||||
--- a/src/lib-mail/test-message-parser.c
|
||||
+++ b/src/lib-mail/test-message-parser.c
|
||||
diff -up dovecot-2.3.16/src/lib-mail/test-message-parser.c.CVE-2024-23185 dovecot-2.3.16/src/lib-mail/test-message-parser.c
|
||||
--- dovecot-2.3.16/src/lib-mail/test-message-parser.c.CVE-2024-23185 2021-08-06 11:25:51.000000000 +0200
|
||||
+++ dovecot-2.3.16/src/lib-mail/test-message-parser.c 2024-08-20 22:55:36.531652458 +0200
|
||||
@@ -1369,6 +1369,158 @@ static const char input_msg[] =
|
||||
test_end();
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/auth/auth-token.c
|
||||
--- dovecot-2.3.18/src/auth/auth-token.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/auth-token.c 2022-02-09 09:27:15.887883359 +0100
|
||||
diff -up dovecot-2.3.14/src/auth/auth-token.c.opensslhmac dovecot-2.3.14/src/auth/auth-token.c
|
||||
--- dovecot-2.3.14/src/auth/auth-token.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/auth-token.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
|
||||
const char *auth_token_get(const char *service, const char *session_pid,
|
||||
const char *username, const char *session_id)
|
||||
@ -26,9 +26,9 @@ diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/aut
|
||||
|
||||
return binary_to_hex(result, sizeof(result));
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.18/src/auth/mech-cram-md5.c
|
||||
--- dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/mech-cram-md5.c 2022-02-09 09:27:15.887883359 +0100
|
||||
diff -up dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.14/src/auth/mech-cram-md5.c
|
||||
--- dovecot-2.3.14/src/auth/mech-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/mech-cram-md5.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
|
||||
{
|
||||
|
||||
@ -52,10 +52,10 @@ diff -up dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.18/src/
|
||||
|
||||
response_hex = binary_to_hex(digest, sizeof(digest));
|
||||
|
||||
diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/auth/mech-scram.c
|
||||
--- dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/mech-scram.c 2022-02-09 09:31:50.927146858 +0100
|
||||
@@ -93,7 +93,7 @@ get_scram_server_first(struct scram_auth
|
||||
diff -up dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac dovecot-2.3.14/src/auth/mech-scram.c
|
||||
--- dovecot-2.3.14/src/auth/mech-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/mech-scram.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -78,7 +78,7 @@ static const char *get_scram_server_firs
|
||||
static const char *get_scram_server_final(struct scram_auth_request *request)
|
||||
{
|
||||
const struct hash_method *hmethod = request->hash_method;
|
||||
@ -64,7 +64,7 @@ diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/aut
|
||||
const char *auth_message;
|
||||
unsigned char server_signature[hmethod->digest_size];
|
||||
string_t *str;
|
||||
@@ -109,9 +109,9 @@ static const char *get_scram_server_fina
|
||||
@@ -87,9 +87,9 @@ static const char *get_scram_server_fina
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
|
||||
@ -75,9 +75,9 @@ diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/aut
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, server_signature);
|
||||
|
||||
/* RFC 5802, Section 7:
|
||||
|
||||
@@ -292,7 +292,7 @@ parse_scram_client_first(struct scram_au
|
||||
str = t_str_new(MAX_BASE64_ENCODED_SIZE(sizeof(server_signature)));
|
||||
str_append(str, "v=");
|
||||
@@ -228,7 +228,7 @@ static bool parse_scram_client_first(str
|
||||
static bool verify_credentials(struct scram_auth_request *request)
|
||||
{
|
||||
const struct hash_method *hmethod = request->hash_method;
|
||||
@ -86,7 +86,7 @@ diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/aut
|
||||
const char *auth_message;
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
unsigned char client_signature[hmethod->digest_size];
|
||||
@@ -310,9 +310,9 @@ static bool verify_credentials(struct sc
|
||||
@@ -239,9 +239,9 @@ static bool verify_credentials(struct sc
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
|
||||
@ -97,11 +97,11 @@ diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/aut
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client_signature);
|
||||
|
||||
/* ClientProof := ClientKey XOR ClientSignature */
|
||||
const unsigned char *proof_data = request->proof->data;
|
||||
diff -up dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme.c
|
||||
--- dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/password-scheme.c 2022-02-09 09:27:15.888883345 +0100
|
||||
for (i = 0; i < sizeof(client_signature); i++)
|
||||
diff -up dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme.c
|
||||
--- dovecot-2.3.14/src/auth/password-scheme.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/password-scheme.c 2021-03-22 20:44:13.022912242 +0100
|
||||
@@ -639,11 +639,11 @@ static void
|
||||
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
@ -116,9 +116,9 @@ diff -up dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac dovecot-2.3.18/sr
|
||||
strlen(plaintext), &hash_method_md5);
|
||||
hmac_md5_get_cram_context(&ctx, context_digest);
|
||||
|
||||
diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme-scram.c
|
||||
--- dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/password-scheme-scram.c 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.14/src/auth/password-scheme-scram.c
|
||||
--- dovecot-2.3.14/src/auth/password-scheme-scram.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/auth/password-scheme-scram.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
|
||||
const unsigned char *salt, size_t salt_size, unsigned int i,
|
||||
unsigned char *result)
|
||||
@ -208,9 +208,9 @@ diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3
|
||||
str_append_c(str, ',');
|
||||
base64_encode(server_key, sizeof(server_key), str);
|
||||
|
||||
diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
||||
--- dovecot-2.3.18/src/lib/hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac.c 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/hmac.c.opensslhmac dovecot-2.3.14/src/lib/hmac.c
|
||||
--- dovecot-2.3.14/src/lib/hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -7,6 +7,10 @@
|
||||
* This software is released under the MIT license.
|
||||
*/
|
||||
@ -448,9 +448,9 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
||||
- safe_memset(prk, 0, sizeof(prk));
|
||||
- safe_memset(okm, 0, sizeof(okm));
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.c
|
||||
--- dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac-cram-md5.c 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.c
|
||||
--- dovecot-2.3.14/src/lib/hmac-cram-md5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -9,10 +9,10 @@
|
||||
#include "md5.h"
|
||||
#include "hmac-cram-md5.h"
|
||||
@ -477,9 +477,9 @@ diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/l
|
||||
const unsigned char *cdp;
|
||||
|
||||
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
||||
diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.h
|
||||
--- dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac-cram-md5.h 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.14/src/lib/hmac-cram-md5.h
|
||||
--- dovecot-2.3.14/src/lib/hmac-cram-md5.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac-cram-md5.h 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -5,9 +5,9 @@
|
||||
|
||||
#define CRAM_MD5_CONTEXTLEN 32
|
||||
@ -492,9 +492,9 @@ diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/l
|
||||
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
||||
|
||||
|
||||
diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
||||
--- dovecot-2.3.18/src/lib/hmac.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac.h 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/hmac.h.opensslhmac dovecot-2.3.14/src/lib/hmac.h
|
||||
--- dovecot-2.3.14/src/lib/hmac.h.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/hmac.h 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -4,60 +4,97 @@
|
||||
#include "hash-method.h"
|
||||
#include "sha1.h"
|
||||
@ -606,9 +606,9 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
||||
okm_buffer, okm_len);
|
||||
return okm_buffer;
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c
|
||||
--- dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c
|
||||
--- dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib-imap-urlauth/imap-urlauth.c 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
|
||||
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
||||
size_t *token_len_r)
|
||||
@ -629,10 +629,10 @@ diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-
|
||||
|
||||
*token_len_r = SHA1_RESULTLEN + 1;
|
||||
return token;
|
||||
diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/Makefile.am
|
||||
--- dovecot-2.3.18/src/lib/Makefile.am.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/Makefile.am 2022-02-09 09:27:15.889883331 +0100
|
||||
@@ -354,6 +354,9 @@ headers = \
|
||||
diff -up dovecot-2.3.14/src/lib/Makefile.am.opensslhmac dovecot-2.3.14/src/lib/Makefile.am
|
||||
--- dovecot-2.3.14/src/lib/Makefile.am.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/Makefile.am 2021-03-22 20:44:13.023912229 +0100
|
||||
@@ -352,6 +352,9 @@ headers = \
|
||||
wildcard-match.h \
|
||||
write-full.h
|
||||
|
||||
@ -642,10 +642,10 @@ diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/M
|
||||
test_programs = test-lib
|
||||
noinst_PROGRAMS = $(test_programs)
|
||||
|
||||
diff -up dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c
|
||||
--- dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100
|
||||
@@ -144,14 +144,14 @@ oauth2_validate_hmac(const struct oauth2
|
||||
diff -up dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c
|
||||
--- dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib-oauth2/oauth2-jwt.c 2021-03-22 20:44:13.024912217 +0100
|
||||
@@ -106,14 +106,14 @@ oauth2_validate_hmac(const struct oauth2
|
||||
if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
|
||||
return -1;
|
||||
|
||||
@ -666,10 +666,10 @@ diff -up dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.18/s
|
||||
|
||||
buffer_t *their_digest =
|
||||
t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
|
||||
diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c
|
||||
--- dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100
|
||||
@@ -248,7 +248,7 @@ static void save_key_azp_to(const char *
|
||||
diff -up dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c
|
||||
--- dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib-oauth2/test-oauth2-jwt.c 2021-03-22 20:46:09.524440794 +0100
|
||||
@@ -236,7 +236,7 @@ static void save_key_to(const char *algo
|
||||
static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
@ -678,7 +678,7 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
|
||||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
@@ -258,7 +258,7 @@ static void sign_jwt_token_hs256(buffer_
|
||||
@@ -246,7 +246,7 @@ static void sign_jwt_token_hs256(buffer_
|
||||
static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
@ -687,7 +687,7 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
|
||||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
@@ -268,7 +268,7 @@ static void sign_jwt_token_hs384(buffer_
|
||||
@@ -256,7 +256,7 @@ static void sign_jwt_token_hs384(buffer_
|
||||
static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
@ -696,9 +696,9 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
|
||||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5.c
|
||||
--- dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/pkcs5.c 2022-02-09 09:27:15.889883331 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac dovecot-2.3.14/src/lib/pkcs5.c
|
||||
--- dovecot-2.3.14/src/lib/pkcs5.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/pkcs5.c 2021-03-22 20:44:13.024912217 +0100
|
||||
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
|
||||
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
|
||||
unsigned char dk[l * hash->digest_size];
|
||||
@ -733,9 +733,9 @@ diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5
|
||||
for(i = 0; i < hash->digest_size; i++)
|
||||
block[i] ^= U_c[i];
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac dovecot-2.3.18/src/lib/test-hmac.c
|
||||
--- dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/test-hmac.c 2022-02-09 09:27:15.889883331 +0100
|
||||
diff -up dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac dovecot-2.3.14/src/lib/test-hmac.c
|
||||
--- dovecot-2.3.14/src/lib/test-hmac.c.opensslhmac 2021-03-04 09:38:06.000000000 +0100
|
||||
+++ dovecot-2.3.14/src/lib/test-hmac.c 2021-03-22 20:44:13.024912217 +0100
|
||||
@@ -206,11 +206,11 @@ static void test_hmac_rfc(void)
|
||||
test_begin("hmac sha256 rfc4231 vectors");
|
||||
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
|
@ -1,28 +1,26 @@
|
||||
%global __provides_exclude_from %{_docdir}
|
||||
%global __requires_exclude_from %{_docdir}
|
||||
|
||||
Summary: Secure imap and pop3 server
|
||||
Name: dovecot
|
||||
Epoch: 1
|
||||
Version: 2.3.21
|
||||
Version: 2.3.16
|
||||
%global prever %{nil}
|
||||
Release: 15%{?dist}
|
||||
Release: 6%{?dist}
|
||||
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
|
||||
License: MIT AND LGPL-2.1-only
|
||||
License: MIT and LGPLv2
|
||||
Group: System Environment/Daemons
|
||||
|
||||
URL: https://www.dovecot.org/
|
||||
Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
||||
URL: http://www.dovecot.org/
|
||||
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
||||
Source1: dovecot.init
|
||||
Source2: dovecot.pam
|
||||
%global pigeonholever 0.5.21
|
||||
Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
||||
%global pigeonholever 0.5.16
|
||||
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
||||
Source9: dovecot.sysconfig
|
||||
Source10: dovecot.tmpfilesd
|
||||
|
||||
#our own
|
||||
Source14: dovecot.conf.5
|
||||
Source15: prestartscript
|
||||
Source16: dovecot.sysusers
|
||||
|
||||
# 3x Fedora/RHEL specific
|
||||
Patch1: dovecot-2.0-defaultconfig.patch
|
||||
@ -34,67 +32,60 @@ Patch6: dovecot-2.1.10-waitonline.patch
|
||||
|
||||
Patch8: dovecot-2.2.20-initbysystemd.patch
|
||||
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
|
||||
Patch10: dovecot-2.3.0.1-libxcrypt.patch
|
||||
Patch15: dovecot-2.3.11-bigkey.patch
|
||||
|
||||
# sent upstream, rhbz#1630380
|
||||
Patch11: dovecot-2.2.36-aclfix.patch
|
||||
|
||||
Patch13: dovecot-2.2.36-bigkey.patch
|
||||
|
||||
# do not use own implementation of HMAC, use OpenSSL for certification purposes
|
||||
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
|
||||
# hard to break circular dependency between lib and lib-dcrypt
|
||||
Patch16: dovecot-2.3.6-opensslhmac.patch
|
||||
Patch14: dovecot-2.3.6-opensslhmac.patch
|
||||
|
||||
# FTBFS
|
||||
Patch17: dovecot-2.3.15-fixvalcond.patch
|
||||
Patch18: dovecot-2.3.15-valbasherr.patch
|
||||
Patch20: dovecot-2.3.14-opensslv3.patch
|
||||
Patch21: dovecot-2.3.19.1-7bad6a24.patch
|
||||
Patch22: dovecot-configure-c99.patch
|
||||
# from upstream, for dovecot < 2.3.17, s390x FTBFS fix
|
||||
Patch15: dovecot-2.3.16-ftbfsbigend.patch
|
||||
Patch16: dovecot-2.3.16-keeplzma.patch
|
||||
|
||||
# Fedora/RHEL specific, drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes
|
||||
Patch23: dovecot-2.3.20-nolibotp.patch
|
||||
# from upstream, for <= 2.3.19.1, rhbz#2106232
|
||||
Patch17: dovecot-2.3.19.1-7bad6a24.patch
|
||||
|
||||
# adapted from 2.4 dovecot, issue #RHEL-33733
|
||||
Patch24: dovecot-2.3.21-noengine.patch
|
||||
# from upstream, for < 2.3.19.1, rhbz#2128857
|
||||
Patch18: dovecot-2.3.18-9f300239..4596d399.patch
|
||||
Patch19: dovecot-2.3.18-bdf447e4.patch
|
||||
|
||||
# sent upstream, issue #RHEL-52541
|
||||
Patch25: dovecot-2.3-ph_optglob.patch
|
||||
Patch26: dovecot-2.3-ph_scriptcmp.patch
|
||||
# from upstream, for < 2.3.21, RHEL-22854
|
||||
Patch20: dovecot-2.3.16-d7705bc6.patch
|
||||
|
||||
# from upstream for < 2.3.21.1, RHEL-55206
|
||||
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch
|
||||
Patch21: dovecot-2.3.21.1-CVE-2024-23184.patch
|
||||
|
||||
# from upstream for < 2.3.21.1, RHEL-55219
|
||||
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
|
||||
Patch22: dovecot-2.3.21.1-CVE-2024-23185.patch
|
||||
|
||||
# fix test failing due to too long path with all the mock path prefixes
|
||||
Patch27: dovecot-2.3.21-test-socket-path.patch
|
||||
Patch23: dovecot-2.3.21-test-socket-path.patch
|
||||
|
||||
# from upstream for < 2.3.21.1, RHEL-55205
|
||||
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch
|
||||
Patch28: dovecot-2.3.21.1-CVE-2024-23184.patch
|
||||
Source15: prestartscript
|
||||
|
||||
# from upstream for < 2.3.21.1, RHEL-55218
|
||||
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
|
||||
Patch29: dovecot-2.3.21.1-CVE-2024-23185.patch
|
||||
|
||||
BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
|
||||
BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
|
||||
BuildRequires: libtool, autoconf, automake, pkgconfig
|
||||
BuildRequires: sqlite-devel
|
||||
BuildRequires: libpq-devel
|
||||
BuildRequires: postgresql-devel
|
||||
#BuildRequires: libpq-devel
|
||||
BuildRequires: mariadb-connector-c-devel
|
||||
BuildRequires: libxcrypt-devel
|
||||
#BuildRequires: libxcrypt-devel
|
||||
BuildRequires: openldap-devel
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: quota-devel
|
||||
BuildRequires: xz-devel
|
||||
BuildRequires: lz4-devel
|
||||
BuildRequires: libzstd-devel
|
||||
%if %{?rhel}0 == 0
|
||||
BuildRequires: libsodium-devel
|
||||
BuildRequires: lua-devel
|
||||
%endif
|
||||
BuildRequires: libicu-devel
|
||||
%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38
|
||||
BuildRequires: libexttextcat-devel
|
||||
BuildRequires: clucene-core-devel
|
||||
%endif
|
||||
BuildRequires: multilib-rpm-config
|
||||
BuildRequires: flex, bison
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: systemd-rpm-macros
|
||||
#BuildRequires: libsodium-devel
|
||||
#BuildRequires: libexttextcat-devel
|
||||
#BuildRequires: libstemmer-devel
|
||||
|
||||
# gettext-devel is needed for running autoconf because of the
|
||||
# presence of AM_ICONV
|
||||
@ -105,17 +96,33 @@ Requires: openssl >= 0.9.7f-4
|
||||
|
||||
# Package includes an initscript service file, needs to require initscripts package
|
||||
Requires(pre): shadow-utils
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
Requires: systemd
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
%else
|
||||
Requires: initscripts
|
||||
Requires(post): chkconfig
|
||||
Requires(preun): chkconfig initscripts
|
||||
Requires(postun): initscripts
|
||||
%endif
|
||||
|
||||
%if %{?fedora}0 > 150 || %{?rhel}0 >60
|
||||
#clucene in fedora <=15 and rhel<=6 is too old
|
||||
BuildRequires: clucene-core-devel
|
||||
%endif
|
||||
|
||||
%global ssldir %{_sysconfdir}/pki/%{name}
|
||||
|
||||
%if %{?fedora}00%{?rhel} < 6
|
||||
%global _initddir %{_initrddir}
|
||||
BuildRequires: curl-devel expat-devel
|
||||
%else
|
||||
BuildRequires: libcurl-devel expat-devel
|
||||
BuildRequires: make
|
||||
%endif
|
||||
|
||||
%global restart_flag /run/%{name}/%{name}-restart-after-rpm-install
|
||||
%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install
|
||||
|
||||
%description
|
||||
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
|
||||
@ -127,7 +134,8 @@ The SQL drivers and authentication plug-ins are in their subpackages.
|
||||
%package pigeonhole
|
||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||
Summary: Sieve and managesieve plug-in for dovecot
|
||||
License: MIT AND LGPL-2.1-only
|
||||
Group: System Environment/Daemons
|
||||
License: MIT and LGPLv2
|
||||
|
||||
%description pigeonhole
|
||||
This package provides sieve and managesieve plug-in for dovecot LDA.
|
||||
@ -135,68 +143,60 @@ This package provides sieve and managesieve plug-in for dovecot LDA.
|
||||
%package pgsql
|
||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||
Summary: Postgres SQL back end for dovecot
|
||||
Group: System Environment/Daemons
|
||||
%description pgsql
|
||||
This package provides the Postgres SQL back end for dovecot-auth etc.
|
||||
|
||||
%package mysql
|
||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||
Summary: MySQL back end for dovecot
|
||||
Group: System Environment/Daemons
|
||||
%description mysql
|
||||
This package provides the MySQL back end for dovecot-auth etc.
|
||||
|
||||
%package devel
|
||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||
Summary: Development files for dovecot
|
||||
Group: Development/Libraries
|
||||
%description devel
|
||||
This package provides the development files for dovecot.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}%{?prever} -a 8
|
||||
|
||||
# standardize name, so we don't have to update patches and scripts
|
||||
mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole
|
||||
|
||||
%patch -P 1 -p1 -b .default-settings
|
||||
%patch -P 2 -p1 -b .mkcert-permissions
|
||||
%patch -P 3 -p1 -b .mkcert-paths
|
||||
%patch -P 6 -p1 -b .waitonline
|
||||
%patch -P 8 -p1 -b .initbysystemd
|
||||
%patch -P 9 -p1 -b .systemd_w_protectsystem
|
||||
%patch -P 15 -p1 -b .bigkey
|
||||
%patch -P 16 -p1 -b .opensslhmac
|
||||
%patch -P 17 -p1 -b .fixvalcond
|
||||
%patch -P 18 -p1 -b .valbasherr
|
||||
%patch -P 20 -p1 -b .opensslv3
|
||||
%patch -P 21 -p1 -b .7bad6a24
|
||||
%patch -P 22 -p1 -b .c99
|
||||
%patch -P 23 -p1 -b .nolibotp
|
||||
%patch -P 24 -p1 -b .noengine
|
||||
%patch -P 25 -p1 -b .ph_optglob
|
||||
%patch -P 26 -p1 -b .ph_scriptcmp
|
||||
%patch -P 27 -p1 -b .test-socket-path
|
||||
%patch -P 28 -p1 -b .CVE-2024-23184
|
||||
%patch -P 29 -p1 -b .CVE-2024-23185
|
||||
cp run-test-valgrind.supp dovecot-pigeonhole/
|
||||
# valgrind would fail with shell wrapper
|
||||
echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude
|
||||
%patch -P 11 -p1 -b .aclfix
|
||||
%patch -P 13 -p1 -b .bigkey
|
||||
%patch -P 14 -p1 -b .opensslhmac
|
||||
%patch -P 15 -p1 -b .ftbfsbigend
|
||||
%patch -P 16 -p1 -b .keeplzma
|
||||
%patch -P 17 -p1 -b .7bad6a24
|
||||
%patch -P 19 -p1 -b .bdf447e4
|
||||
%patch -P 20 -p1 -b .d7705bc6
|
||||
%patch -P 21 -p1 -b .CVE-2024-23184
|
||||
%patch -P 22 -p1 -b .CVE-2024-23185
|
||||
%patch -P 23 -p1 -b .test-socket-path
|
||||
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
||||
%patch -P 18 -p1 -b .9f300239..4596d399
|
||||
|
||||
popd
|
||||
|
||||
#pushd dovecot-pigeonhole
|
||||
#popd
|
||||
%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38
|
||||
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
|
||||
%endif
|
||||
|
||||
|
||||
# drop OTP which uses SHA1 so we dont use SHA1 for crypto purposes
|
||||
rm -rf src/lib-otp
|
||||
|
||||
%build
|
||||
#required for fdpass.c line 125,190: dereferencing type-punned pointer will break strict-aliasing rules
|
||||
%global _hardened_build 1
|
||||
export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"
|
||||
export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
|
||||
# el6 autoconf too old to regen; use packaged files (#1082384)
|
||||
%if %{?fedora}00%{?rhel} > 6
|
||||
mkdir -p m4
|
||||
autoreconf -I . -fiv #required for aarch64 support
|
||||
%endif
|
||||
%configure \
|
||||
INSTALL_DATA="install -c -p -m644" \
|
||||
--with-rundir=%{_rundir}/%{name} \
|
||||
@ -214,32 +214,20 @@ autoreconf -I . -fiv #required for aarch64 support
|
||||
--with-mysql \
|
||||
--with-sqlite \
|
||||
--with-zlib \
|
||||
--with-zstd \
|
||||
--with-libcap \
|
||||
--with-icu \
|
||||
%if %{?rhel}0 == 0
|
||||
--with-lua=plugin \
|
||||
%endif
|
||||
%if 0%{?rhel} == 0 && 0%{?fedora}0 < 38
|
||||
--with-lucene \
|
||||
--with-exttextcat \
|
||||
%else
|
||||
--without-lucene \
|
||||
--without-exttextcat \
|
||||
%endif
|
||||
--without-libstemmer \
|
||||
--with-ssl=openssl \
|
||||
--with-ssldir=%{ssldir} \
|
||||
--with-solr \
|
||||
--with-docs \
|
||||
systemdsystemunitdir=%{_unitdir}
|
||||
--with-systemdsystemunitdir=%{_unitdir} \
|
||||
--with-docs
|
||||
|
||||
sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf
|
||||
|
||||
%make_build
|
||||
make %{?_smp_mflags}
|
||||
|
||||
#pigeonhole
|
||||
pushd dovecot-pigeonhole
|
||||
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
||||
|
||||
# required for snapshot
|
||||
[ -f configure ] || autoreconf -fiv
|
||||
@ -251,13 +239,13 @@ pushd dovecot-pigeonhole
|
||||
--with-dovecot=../ \
|
||||
--without-unfinished-features
|
||||
|
||||
%make_build
|
||||
make %{?_smp_mflags}
|
||||
popd
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%make_install
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
# move doc dir back to build dir so doc macro in files section can use it
|
||||
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall
|
||||
@ -265,14 +253,18 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/
|
||||
# fix multilib issues
|
||||
%multilib_fix_c_header --file %{_includedir}/dovecot/config.h
|
||||
|
||||
pushd dovecot-pigeonhole
|
||||
%make_install
|
||||
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
||||
|
||||
install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
||||
popd
|
||||
|
||||
%if %{?fedora}00%{?rhel} < 6
|
||||
sed -i 's|password-auth|system-auth|' %{SOURCE2}
|
||||
%endif
|
||||
|
||||
install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot
|
||||
|
||||
#install man pages
|
||||
@ -281,8 +273,6 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5
|
||||
#install waitonline script
|
||||
install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript
|
||||
|
||||
install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers
|
||||
|
||||
# generate ghost .pem files
|
||||
mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs
|
||||
mkdir -p $RPM_BUILD_ROOT%{ssldir}/private
|
||||
@ -291,9 +281,14 @@ chmod 600 $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem
|
||||
touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
||||
chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
||||
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf
|
||||
%else
|
||||
install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot
|
||||
install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot
|
||||
%endif
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login}
|
||||
mkdir -p $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login}
|
||||
|
||||
# Install dovecot configuration and dovecot-openssl.cnf
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
|
||||
@ -320,72 +315,84 @@ popd
|
||||
|
||||
%pre
|
||||
#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid
|
||||
%sysusers_create_compat %{SOURCE16}
|
||||
getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot
|
||||
getent passwd dovecot >/dev/null || \
|
||||
useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot
|
||||
|
||||
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
||||
then
|
||||
# during LEAPP upgrade, services are not running anyway
|
||||
getent group dovenull >/dev/null || groupadd -r dovenull
|
||||
getent passwd dovenull >/dev/null || \
|
||||
useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull
|
||||
|
||||
# do not let dovecot run during upgrade rhbz#134325
|
||||
if [ "$1" = "2" ]; then
|
||||
rm -f %restart_flag
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
/bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:
|
||||
/bin/systemctl stop %{name}.service >/dev/null 2>&1
|
||||
fi
|
||||
%else
|
||||
/sbin/service %{name} status >/dev/null 2>&1 && touch %restart_flag ||:
|
||||
/sbin/service %{name} stop >/dev/null 2>&1
|
||||
%endif
|
||||
fi
|
||||
|
||||
%post
|
||||
if [ $1 -eq 1 ]
|
||||
then
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
%systemd_post dovecot.service
|
||||
%else
|
||||
/sbin/chkconfig --add %{name}
|
||||
%endif
|
||||
fi
|
||||
|
||||
install -d -m 0755 -g dovecot -d /run/dovecot
|
||||
install -d -m 0755 -d /run/dovecot/empty
|
||||
install -d -m 0750 -g dovenull -d /run/dovecot/login
|
||||
install -d -m 0750 -g dovenull -d /run/dovecot/token-login
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot ||:
|
||||
install -d -m 0755 -g dovecot -d /var/run/dovecot
|
||||
install -d -m 0755 -d /var/run/dovecot/empty
|
||||
install -d -m 0750 -g dovenull -d /var/run/dovecot/login
|
||||
install -d -m 0750 -g dovenull -d /var/run/dovecot/token-login
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot ||:
|
||||
|
||||
%preun
|
||||
if [ $1 = 0 ]; then
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
/bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
||||
/bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
||||
rm -rf /run/dovecot
|
||||
%else
|
||||
/sbin/service %{name} stop > /dev/null 2>&1
|
||||
/sbin/chkconfig --del %{name}
|
||||
%endif
|
||||
rm -rf /var/run/dovecot
|
||||
fi
|
||||
|
||||
%postun
|
||||
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
||||
then
|
||||
# during LEAPP upgrade, services are not running anyway
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
%endif
|
||||
|
||||
if [ "$1" -ge "1" -a -e %restart_flag ]; then
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
||||
%else
|
||||
/sbin/service %{name} start >/dev/null 2>&1 || :
|
||||
%endif
|
||||
rm -f %restart_flag
|
||||
fi
|
||||
fi
|
||||
|
||||
%posttrans
|
||||
|
||||
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
||||
then
|
||||
# during LEAPP upgrade, services are not running anyway
|
||||
|
||||
# dovecot should be started again in %%postun, but it's not executed on reinstall
|
||||
# if it was already started, restart_flag won't be here, so it's ok to test it again
|
||||
if [ -e %restart_flag ]; then
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
||||
%else
|
||||
/sbin/service %{name} start >/dev/null 2>&1 || :
|
||||
%endif
|
||||
rm -f %restart_flag
|
||||
fi
|
||||
fi
|
||||
|
||||
%check
|
||||
%ifnarch aarch64
|
||||
# some aarch64 tests timeout, skip for now
|
||||
make check
|
||||
cd dovecot-pigeonhole
|
||||
cd dovecot-2*3-pigeonhole-%{pigeonholever}
|
||||
make check
|
||||
%endif
|
||||
|
||||
%files
|
||||
%doc docinstall/* AUTHORS ChangeLog COPYING COPYING.LGPL COPYING.MIT NEWS README
|
||||
@ -397,11 +404,15 @@ make check
|
||||
%{_bindir}/dovecot-sysreport
|
||||
|
||||
|
||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
||||
%_tmpfilesdir/dovecot.conf
|
||||
%{_sysusersdir}/dovecot.sysusers
|
||||
%{_unitdir}/dovecot.service
|
||||
%{_unitdir}/dovecot-init.service
|
||||
%{_unitdir}/dovecot.socket
|
||||
%else
|
||||
%{_initddir}/dovecot
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot
|
||||
%endif
|
||||
|
||||
%dir %{_sysconfdir}/dovecot
|
||||
%dir %{_sysconfdir}/dovecot/conf.d
|
||||
@ -453,9 +464,6 @@ make check
|
||||
%{_libdir}/dovecot/auth/lib20_auth_var_expand_crypt.so
|
||||
%{_libdir}/dovecot/auth/libauthdb_imap.so
|
||||
%{_libdir}/dovecot/auth/libauthdb_ldap.so
|
||||
%if %{?rhel}0 == 0
|
||||
%{_libdir}/dovecot/auth/libauthdb_lua.so
|
||||
%endif
|
||||
%{_libdir}/dovecot/auth/libmech_gssapi.so
|
||||
%{_libdir}/dovecot/auth/libdriver_sqlite.so
|
||||
%{_libdir}/dovecot/dict/libdriver_sqlite.so
|
||||
@ -475,10 +483,10 @@ make check
|
||||
%{_libexecdir}/%{name}
|
||||
%exclude %{_libexecdir}/%{name}/managesieve*
|
||||
|
||||
%dir %attr(0755,root,dovecot) %ghost /run/dovecot
|
||||
%attr(0750,root,dovenull) %ghost /run/dovecot/login
|
||||
%attr(0750,root,dovenull) %ghost /run/dovecot/token-login
|
||||
%attr(0755,root,root) %ghost /run/dovecot/empty
|
||||
%dir %attr(0755,root,dovecot) %ghost /var/run/dovecot
|
||||
%attr(0750,root,dovenull) %ghost /var/run/dovecot/login
|
||||
%attr(0750,root,dovenull) %ghost /var/run/dovecot/token-login
|
||||
%attr(0755,root,root) %ghost /var/run/dovecot/empty
|
||||
|
||||
%attr(0750,dovecot,dovecot) /var/lib/dovecot
|
||||
|
||||
@ -536,338 +544,117 @@ make check
|
||||
%{_libdir}/%{name}/dict/libdriver_pgsql.so
|
||||
|
||||
%changelog
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1:2.3.21-15
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
* Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-6
|
||||
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219)
|
||||
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55206)
|
||||
|
||||
* Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-14
|
||||
- fix CVE-2024-23185: very large headers can cause resource exhaustion
|
||||
when parsing message (RHEL-55218)
|
||||
- fix CVE-2024-23184: using a large number of address headers may trigger
|
||||
a denial of service (RHEL-55205)
|
||||
* Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-5
|
||||
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-22854)
|
||||
|
||||
* Mon Aug 05 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-13
|
||||
- fix crash when user has sieve script that includes two missing scripts (RHEL-52541)
|
||||
* Fri Aug 04 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
|
||||
- fix leaking mailboxes if virtual mailbox can't be opened (#2128857)
|
||||
|
||||
* Tue Jul 23 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-12
|
||||
- fix building with noengine openssl
|
||||
* Tue Jul 19 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
|
||||
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106231)
|
||||
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:2.3.21-11
|
||||
- Bump release for June 2024 mass rebuild
|
||||
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2
|
||||
- do not disable xz/lzma for now despite being deprecated
|
||||
|
||||
* Tue Jun 18 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-10
|
||||
- set min uid to 1000
|
||||
|
||||
* Thu Jun 13 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-9
|
||||
- do not run during systemd commands during leap upgrade
|
||||
|
||||
* Tue Jun 11 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-8
|
||||
- drop dependency on libstemmer (#RHEL-40657)
|
||||
|
||||
* Mon May 13 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-7
|
||||
- do not use deprecated openssl v3 engine api (#RHEL-33733)
|
||||
|
||||
* Wed Jan 31 2024 Pete Walter <pwalter@fedoraproject.org> - 1:2.3.21-6
|
||||
- Rebuild for ICU 74
|
||||
|
||||
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.21-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.21-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Tue Oct 24 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-3
|
||||
- drop lucene to reduce dependency, use solr for fts instead
|
||||
|
||||
* Thu Oct 05 2023 Remi Collet <remi@remirepo.net> - 1:2.3.21-2
|
||||
- rebuild for new libsodium
|
||||
|
||||
* Mon Sep 18 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.21-1
|
||||
- updated to 2.3.21(2239134)
|
||||
|
||||
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.20-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Tue Jul 11 2023 František Zatloukal <fzatlouk@redhat.com> - 1:2.3.20-5
|
||||
- Rebuilt for ICU 73.2
|
||||
|
||||
* Wed Apr 26 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.20-4
|
||||
- update license tag format (SPDX migration) for https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
|
||||
|
||||
* Tue Feb 14 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.20-3
|
||||
- drop SHA1 OTP
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.20-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Mon Jan 02 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.20-1
|
||||
- updated to 2.3.20, pigeonhole to 0.5.20
|
||||
|
||||
* Mon Jan 02 2023 Florian Weimer <fweimer@redhat.com> - 1:2.3.19.1-8
|
||||
- Port configure script to C99
|
||||
|
||||
* Sat Dec 31 2022 Pete Walter <pwalter@fedoraproject.org> - 1:2.3.19.1-7
|
||||
- Rebuild for ICU 72
|
||||
|
||||
* Tue Nov 08 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19.1-6
|
||||
- use Wants=network-online.target instead of preexec nm-online (#2095949)
|
||||
|
||||
* Tue Oct 11 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19.1-5
|
||||
- build with lua support (#2132420)
|
||||
|
||||
* Mon Aug 01 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 1:2.3.19.1-4
|
||||
- Rebuilt for ICU 71.1
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.19.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Tue Jul 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19.1-2
|
||||
- fix possible privilege escalation when similar master and non-master passdbs are used
|
||||
|
||||
* Mon Jun 20 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19.1-1
|
||||
- updated to 2.3.19.1
|
||||
|
||||
* Mon May 30 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.19-1
|
||||
- updated to 2.3.19, pigeonhole to 0.5.19
|
||||
|
||||
* Wed Feb 09 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.18-1
|
||||
- updated to 2.3.18, pigeonhole to 0.5.18
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.17.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Tue Dec 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.17.1-1
|
||||
- dovecot updated to 2.3.17.1, pigeonhole to 0.5.17.1
|
||||
- dsync: Add back accidentically removed parameters.
|
||||
- lib-ssl-iostream: Fix assert-crash when OpenSSL returned syscall error
|
||||
without errno.
|
||||
- dovecot, managesieve and sieve-tool failed to run if ssl_ca was too large.
|
||||
|
||||
* Tue Nov 02 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.17-1
|
||||
- dovecot updated to 2.3.17, pigeonhole to 0.5.17
|
||||
|
||||
* Tue Sep 28 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
|
||||
- reenable LTO
|
||||
|
||||
* Mon Sep 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
|
||||
- fix OpenSSLv3 issues 2005884
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1:2.3.16-2
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
* Fri Aug 20 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
|
||||
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
|
||||
- dovecot updated to 2.3.16, pigeonhole to 0.5.16
|
||||
- fixes several regressions
|
||||
- fix CVE-2021-33515 plaintext commands injection (#1980014)
|
||||
|
||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.15-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
* Wed Feb 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-9
|
||||
- fix CVE-2020-24386 IMAP hibernation function allows mail access (#1913534)
|
||||
|
||||
* Mon Jun 21 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.15-1
|
||||
- dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
|
||||
- CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
|
||||
JWT tokens. This may be used to supply attacker controlled keys to
|
||||
validate tokens, if attacker has local access.
|
||||
- CVE-2021-33515: On-path attacker could have injected plaintext commands
|
||||
before STARTTLS negotiation that would be executed after STARTTLS
|
||||
finished with the client.
|
||||
- Add TSLv1.3 support to min_protocols.
|
||||
- Allow configuring ssl_cipher_suites. (for TLSv1.3+)
|
||||
* Tue Jan 12 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-8
|
||||
- fix CVE-2020-25275 denial of service via mail MIME parsing (#1914019)
|
||||
|
||||
* Wed May 19 2021 Pete Walter <pwalter@fedoraproject.org> - 1:2.3.14-4
|
||||
- Rebuild for ICU 69
|
||||
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-7
|
||||
- change run directory from /var/run to /run (#1805947)
|
||||
|
||||
* Wed May 19 2021 Pete Walter <pwalter@fedoraproject.org> - 1:2.3.14-3
|
||||
- Rebuild for ICU 69
|
||||
* Wed Dec 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-6
|
||||
- fix mail storage block count parsing (#1894418)
|
||||
- MIME parser crashed when boundaries were wrong (#1888111)
|
||||
|
||||
* Mon May 10 2021 Jeff Law <jlaw@tachyum.com> - 1:2.3.14-2
|
||||
- Re-enable LTO
|
||||
* Mon Nov 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-5
|
||||
- multilib compatibility (#1853137)
|
||||
|
||||
* Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
|
||||
- dovecot updated to 2.3.14, pigeonhole to 0.5.14
|
||||
- use OpenSSL's implementation of HMAC
|
||||
- Remove autocreate, expire, snarf and mail-filter plugins.
|
||||
- Remove cydir storage driver.
|
||||
- Remove XZ/LZMA write support. Read support will be removed in future release.
|
||||
* Fri Aug 07 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-4
|
||||
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
|
||||
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
|
||||
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
|
||||
|
||||
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
|
||||
- rebuild for libpq ABI fix rhbz#1908268
|
||||
* Mon Jun 01 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-3
|
||||
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
|
||||
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines
|
||||
leads to use-after-free (#1840357)
|
||||
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart
|
||||
leads to DoS (#1840356)
|
||||
|
||||
* Mon Feb 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-6
|
||||
- use make macros
|
||||
* Thu Jan 09 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-2
|
||||
- fix default attributes for ghost files
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.13-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
* Tue Nov 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
|
||||
- dovecot updated to 2.3.8 with pigeonhole updated to 0.5.8 (#1653117)
|
||||
|
||||
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-4
|
||||
- fix multilib issues
|
||||
|
||||
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-3
|
||||
- bump release and rebuild
|
||||
|
||||
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-2
|
||||
- fix rundir location
|
||||
|
||||
* Wed Jan 06 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-1
|
||||
- fix release number
|
||||
|
||||
* Mon Jan 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-0
|
||||
- dovecot updated to 2.3.13, pigeonhole to 0.5.13
|
||||
- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
|
||||
allow logged in user to access other people's emails and filesystem
|
||||
information.
|
||||
- Metric filter and global event filter variable syntax changed to a
|
||||
SQL-like format.
|
||||
- auth: Added new aliases for %{variables}. Usage of the old ones is
|
||||
possible, but discouraged.
|
||||
- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
|
||||
mechanism and related password schemes.
|
||||
- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
|
||||
- auth: Removed postfix postmap socket
|
||||
|
||||
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7
|
||||
- change run directory from /var/run to /run (#1777922)
|
||||
|
||||
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-6
|
||||
- use bigger default key size (#1882939)
|
||||
|
||||
* Wed Sep 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-5
|
||||
- fix gssapi issue
|
||||
|
||||
* Wed Aug 26 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-4
|
||||
- fix FTBFS on 32bit systems
|
||||
|
||||
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 1:2.3.11.3-2
|
||||
- Disable LTO
|
||||
|
||||
* Sat Aug 15 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-1
|
||||
- CVE-2020-12100: Parsing mails with a large number of MIME parts could
|
||||
have resulted in excessive CPU usage or a crash due to running out of
|
||||
stack memory.
|
||||
- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
|
||||
message buffer size, which leads to reading past allocation which can
|
||||
lead to crash.
|
||||
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
|
||||
address that has the empty quoted string as local-part causes the lmtp
|
||||
service to crash.
|
||||
- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
|
||||
zero-length message, which leads to assert-crash later on.
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-3
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon May 18 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10.1-1
|
||||
- dovecot updated to 2.3.10.1
|
||||
- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957
|
||||
|
||||
* Tue Apr 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10-1
|
||||
- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10
|
||||
|
||||
* Wed Feb 12 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.3-1
|
||||
- dovecot updated to 2.3.9.3
|
||||
- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS
|
||||
submission-login and lmtp processes.
|
||||
- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
|
||||
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.9.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Dec 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.2-1
|
||||
- CVE-2019-19722: Mails with group addresses in From or To fields
|
||||
caused crash in push notification drivers.
|
||||
|
||||
* Wed Dec 04 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9-1
|
||||
- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9
|
||||
|
||||
* Thu Oct 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
|
||||
- dovecot updated to 2.3.8, pigeonhole 0.5.8
|
||||
|
||||
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.7.2-1
|
||||
- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
|
||||
- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
|
||||
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-10
|
||||
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
|
||||
when scanning data in quoted strings, leading to out of bounds heap
|
||||
memory writes
|
||||
memory writes (#1741788)
|
||||
|
||||
* Mon Aug 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:1-2.3.7.1
|
||||
- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1
|
||||
* Fri Aug 23 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-9
|
||||
- reset errno before iterating through users (#1630410)
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.6-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
* Mon Jun 17 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-8
|
||||
- fix CVE-2019-3814: improper certificate validation (#1674370)
|
||||
|
||||
* Fri May 31 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-3
|
||||
- disable gcc 9 stack reuse temporarily
|
||||
* Fri Jun 14 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-7
|
||||
- do not print error message when restorecon is not present
|
||||
during install (#1626395)
|
||||
- change default config to use minimal UID = 1000 (#1630410)
|
||||
|
||||
* Mon May 13 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-2
|
||||
- use /run instead of /var/run (#1706372)
|
||||
* Mon Jun 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-6
|
||||
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749)
|
||||
|
||||
* Thu May 02 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-1
|
||||
- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6
|
||||
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-5
|
||||
- make key not that bigger (#1618714)
|
||||
|
||||
* Thu Apr 18 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.2-1
|
||||
- dovecot updated to 2.3.5.2
|
||||
- fixes CVE-2019-10691: Trying to login with 8bit username containing
|
||||
invalid UTF8 input causes auth process to crash if auth policy is enabled.
|
||||
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-4
|
||||
- generated key was too small (#1618714)
|
||||
|
||||
* Thu Mar 28 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.1-1
|
||||
- dovecot updated to 2.3.5.1
|
||||
- CVE-2019-7524: Missing input buffer size validation leads into
|
||||
arbitrary buffer overflow when reading fts or pop3 uidl header
|
||||
from Dovecot index.
|
||||
* Wed Sep 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-3
|
||||
- fix global ACL directory configuration search path (#1630383)
|
||||
- update first/last_valid_gid range patch (#1630410)
|
||||
|
||||
* Wed Mar 06 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5-1
|
||||
- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5
|
||||
* Mon Jul 30 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-2
|
||||
- fix defaut permissions of gost run files
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
* Thu Jun 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-1
|
||||
- dovecot updated to 2.2.36, pigeonhole to 0.4.24
|
||||
|
||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:2.3.4-2
|
||||
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||
* Thu May 24 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-3
|
||||
- disable tcp_wrappers as it's not available in rhel8
|
||||
|
||||
* Wed Jan 09 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.4-1
|
||||
- dovecot updated to 2.3.4, pigeonhole updated to 0.5.4
|
||||
* Thu Apr 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-2
|
||||
- include crypt.h explicitely
|
||||
|
||||
* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.3-1
|
||||
- dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3
|
||||
- doveconf hides more secrets now in the default output
|
||||
- NUL bytes in mail headers can cause truncated replies when fetched.
|
||||
- virtual plugin: Some searches used 100% CPU for many seconds
|
||||
- dsync assert-crashed with acl plugin in some situations.
|
||||
- imapc: Fixed various assert-crashes when reconnecting to server.
|
||||
* Wed Mar 21 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-1
|
||||
- dovecot updated to 2.2.35, pigeonhole updated to 0.4.23
|
||||
|
||||
|
||||
* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-4
|
||||
- fix dovecot-init service syntax error (#1635017)
|
||||
|
||||
* Mon Aug 13 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-3
|
||||
- do not try to generate ssl-params as its obsolete (#1614640)
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue Jul 10 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-1
|
||||
- SSL/TLS servers may have crashed during client disconnection
|
||||
|
||||
* Mon Jul 09 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2-1
|
||||
- dovecot updated to 2.3.2, pigeonhole to 0.5.2
|
||||
|
||||
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-2
|
||||
- fix ftbfs - murmurhash3 check fail
|
||||
|
||||
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-1
|
||||
- dovecot updated to 2.3.1, pigeonhole updated to 0.5.1
|
||||
|
||||
* Tue Mar 27 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-3
|
||||
- use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520)
|
||||
|
||||
* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-2
|
||||
- add gcc buildrequire
|
||||
|
||||
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-1
|
||||
- dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1
|
||||
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.34-1
|
||||
- dovecot updated to 2.2.34, pigeonhole updated to 0.4.22
|
||||
- fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive
|
||||
memory usage, causing imap-login/pop3-login VSZ limit to be reached
|
||||
and the process restarted. This happens only if Dovecot config has
|
||||
local_name { } or local { } configuration blocks and attacker uses
|
||||
randomly generated SNI servernames.
|
||||
- fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or
|
||||
leak memory contents to attacker. For example, these memory contents
|
||||
might contain parts of an email from another user if the same imap
|
||||
process is reused for multiple users.
|
||||
- fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login
|
||||
process.
|
||||
|
||||
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.2.33.2-5
|
||||
- Escape macros in %%changelog
|
@ -1,11 +0,0 @@
|
||||
diff -up dovecot-2.2.19/dovecot.service.in.privatetmp dovecot-2.2.19/dovecot.service.in
|
||||
--- dovecot-2.2.19/dovecot.service.in.privatetmp 2015-10-05 12:50:24.273780394 +0200
|
||||
+++ dovecot-2.2.19/dovecot.service.in 2015-10-05 12:50:56.281621589 +0200
|
||||
@@ -26,6 +26,7 @@ After=local-fs.target network.target
|
||||
Type=simple
|
||||
ExecStart=@sbindir@/dovecot -F $OPTIONS
|
||||
ExecReload=@sbindir@/dovecot reload
|
||||
+PrivateTmp=true
|
||||
NonBlocking=yes
|
||||
|
||||
[Install]
|
@ -1,11 +0,0 @@
|
||||
diff -up dovecot-2.3.19.1/dovecot.service.in.waitonline dovecot-2.3.19.1/dovecot.service.in
|
||||
--- dovecot-2.3.19.1/dovecot.service.in.waitonline 2022-06-14 08:55:03.000000000 +0200
|
||||
+++ dovecot-2.3.19.1/dovecot.service.in 2022-11-08 20:28:37.550081709 +0100
|
||||
@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv
|
||||
Documentation=man:dovecot(1)
|
||||
Documentation=https://doc.dovecot.org/
|
||||
After=local-fs.target network-online.target
|
||||
+Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=@systemdservicetype@
|
@ -1,27 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User Timo Sirainen <tss@iki.fi>
|
||||
# Date 1334041779 -10800
|
||||
# Node ID 20e1aa322b1e3b7d47c7cb1b6ff68a8d07fe6c9d
|
||||
# Parent 0b59dbb1a288153d2eb26d47cd9f7a953335c66f
|
||||
lib-storage: mail_user_try_home_expand() now looks up home only when needed.
|
||||
Before a recent code cleanup the lookup was always done, but if the home
|
||||
didn't exist it still just happened to return success. The cleanup changed
|
||||
it to return failure, which broke the original behavior.
|
||||
|
||||
diff -r 0b59dbb1a288 -r 20e1aa322b1e src/lib-storage/mail-user.c
|
||||
--- a/src/lib-storage/mail-user.c Tue Apr 10 09:52:35 2012 +0300
|
||||
+++ b/src/lib-storage/mail-user.c Tue Apr 10 10:09:39 2012 +0300
|
||||
@@ -343,6 +343,11 @@
|
||||
{
|
||||
const char *home, *path = *pathp;
|
||||
|
||||
+ if (strncmp(path, "~/", 2) != 0) {
|
||||
+ /* no need to expand home */
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (mail_user_get_home(user, &home) <= 0)
|
||||
return -1;
|
||||
|
||||
|
||||
|
@ -1,450 +0,0 @@
|
||||
|
||||
# HG changeset patch
|
||||
# User Timo Sirainen <tss@iki.fi>
|
||||
# Date 1416386277 -32400
|
||||
# Node ID 80ed82a93c1af5f6885e75a34007eb52d0692a8d
|
||||
# Parent 31262a892ba7302bfea6e70e17d3acd468736d70
|
||||
mbox: Added more (and earlier) detection for errors in mbox istreams.
|
||||
|
||||
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/istream-raw-mbox.c
|
||||
--- a/src/lib-storage/index/mbox/istream-raw-mbox.c Wed Nov 19 17:37:18 2014 +0900
|
||||
+++ b/src/lib-storage/index/mbox/istream-raw-mbox.c Wed Nov 19 17:37:57 2014 +0900
|
||||
@@ -506,7 +506,8 @@
|
||||
return rstream->from_offset;
|
||||
}
|
||||
|
||||
-uoff_t istream_raw_mbox_get_header_offset(struct istream *stream)
|
||||
+int istream_raw_mbox_get_header_offset(struct istream *stream,
|
||||
+ uoff_t *hdr_offset_r)
|
||||
{
|
||||
struct raw_mbox_istream *rstream =
|
||||
(struct raw_mbox_istream *)stream->real_stream;
|
||||
@@ -520,13 +521,17 @@
|
||||
i_error("Unexpectedly lost From-line from mbox file %s at "
|
||||
"%"PRIuUOFF_T, i_stream_get_name(stream),
|
||||
rstream->from_offset);
|
||||
- return (uoff_t)-1;
|
||||
+ return -1;
|
||||
}
|
||||
+ if (stream->stream_errno != 0)
|
||||
+ return -1;
|
||||
|
||||
- return rstream->hdr_offset;
|
||||
+ *hdr_offset_r = rstream->hdr_offset;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
-uoff_t istream_raw_mbox_get_body_offset(struct istream *stream)
|
||||
+int istream_raw_mbox_get_body_offset(struct istream *stream,
|
||||
+ uoff_t *body_offset_r)
|
||||
{
|
||||
struct raw_mbox_istream *rstream =
|
||||
(struct raw_mbox_istream *)stream->real_stream;
|
||||
@@ -534,8 +539,10 @@
|
||||
|
||||
i_assert(rstream->seeked);
|
||||
|
||||
- if (rstream->body_offset != (uoff_t)-1)
|
||||
- return rstream->body_offset;
|
||||
+ if (rstream->body_offset != (uoff_t)-1) {
|
||||
+ *body_offset_r = rstream->body_offset;
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
offset = stream->v_offset;
|
||||
i_stream_seek(stream, rstream->hdr_offset);
|
||||
@@ -551,27 +558,30 @@
|
||||
} else {
|
||||
i_assert(rstream->body_offset != (uoff_t)-1);
|
||||
}
|
||||
- break;
|
||||
+ return -1;
|
||||
}
|
||||
}
|
||||
|
||||
i_stream_seek(stream, offset);
|
||||
- return rstream->body_offset;
|
||||
+ *body_offset_r = rstream->body_offset;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
-uoff_t istream_raw_mbox_get_body_size(struct istream *stream,
|
||||
- uoff_t expected_body_size)
|
||||
+int istream_raw_mbox_get_body_size(struct istream *stream,
|
||||
+ uoff_t expected_body_size,
|
||||
+ uoff_t *body_size_r)
|
||||
{
|
||||
struct raw_mbox_istream *rstream =
|
||||
(struct raw_mbox_istream *)stream->real_stream;
|
||||
const unsigned char *data;
|
||||
size_t size;
|
||||
- uoff_t old_offset, body_size, next_body_offset;
|
||||
+ uoff_t old_offset, body_offset, body_size, next_body_offset;
|
||||
|
||||
i_assert(rstream->seeked);
|
||||
i_assert(rstream->hdr_offset != (uoff_t)-1);
|
||||
|
||||
- (void)istream_raw_mbox_get_body_offset(stream);
|
||||
+ if (istream_raw_mbox_get_body_offset(stream, &body_offset) < 0)
|
||||
+ return -1;
|
||||
body_size = rstream->mail_size == (uoff_t)-1 ? (uoff_t)-1 :
|
||||
rstream->mail_size - (rstream->body_offset -
|
||||
rstream->hdr_offset);
|
||||
@@ -580,8 +590,10 @@
|
||||
/* if we already have the existing body size, use it as long as
|
||||
it's >= expected body_size. otherwise the previous parsing
|
||||
may have stopped at a From_-line that belongs to the body. */
|
||||
- if (body_size != (uoff_t)-1 && body_size >= expected_body_size)
|
||||
- return body_size;
|
||||
+ if (body_size != (uoff_t)-1 && body_size >= expected_body_size) {
|
||||
+ *body_size_r = body_size;
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
next_body_offset = rstream->body_offset + expected_body_size;
|
||||
/* If header_missing_eoh is set, the message body begins with
|
||||
@@ -600,21 +612,27 @@
|
||||
rstream->mail_size =
|
||||
next_body_offset - rstream->hdr_offset;
|
||||
i_stream_seek(stream, old_offset);
|
||||
- return expected_body_size;
|
||||
+ *body_size_r = expected_body_size;
|
||||
+ return 0;
|
||||
}
|
||||
/* invalid expected_body_size */
|
||||
}
|
||||
- if (body_size != (uoff_t)-1)
|
||||
- return body_size;
|
||||
+ if (body_size != (uoff_t)-1) {
|
||||
+ *body_size_r = body_size;
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
/* have to read through the message body */
|
||||
while (i_stream_read_data(stream, &data, &size, 0) > 0)
|
||||
i_stream_skip(stream, size);
|
||||
i_stream_seek(stream, old_offset);
|
||||
+ if (stream->stream_errno != 0)
|
||||
+ return -1;
|
||||
|
||||
i_assert(rstream->mail_size != (uoff_t)-1);
|
||||
- return rstream->mail_size -
|
||||
+ *body_size_r = rstream->mail_size -
|
||||
(rstream->body_offset - rstream->hdr_offset);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
time_t istream_raw_mbox_get_received_time(struct istream *stream)
|
||||
@@ -651,13 +669,15 @@
|
||||
return rstream->crlf_ending;
|
||||
}
|
||||
|
||||
-void istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size)
|
||||
+int istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size)
|
||||
{
|
||||
struct raw_mbox_istream *rstream =
|
||||
(struct raw_mbox_istream *)stream->real_stream;
|
||||
uoff_t body_size;
|
||||
|
||||
- body_size = istream_raw_mbox_get_body_size(stream, expected_body_size);
|
||||
+ if (istream_raw_mbox_get_body_size(stream, expected_body_size,
|
||||
+ &body_size) < 0)
|
||||
+ return -1;
|
||||
rstream->mail_size = (uoff_t)-1;
|
||||
|
||||
rstream->received_time = rstream->next_received_time;
|
||||
@@ -678,6 +698,7 @@
|
||||
|
||||
rstream->eof = FALSE;
|
||||
rstream->istream.istream.eof = FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
int istream_raw_mbox_seek(struct istream *stream, uoff_t offset)
|
||||
@@ -698,10 +719,8 @@
|
||||
/* if seeked is FALSE, we unlocked in the middle. don't try to use
|
||||
any cached state then. */
|
||||
if (rstream->mail_size != (uoff_t)-1 && rstream->seeked &&
|
||||
- rstream->hdr_offset + rstream->mail_size == offset) {
|
||||
- istream_raw_mbox_next(stream, (uoff_t)-1);
|
||||
- return 0;
|
||||
- }
|
||||
+ rstream->hdr_offset + rstream->mail_size == offset)
|
||||
+ return istream_raw_mbox_next(stream, (uoff_t)-1);
|
||||
|
||||
if (offset == rstream->from_offset && rstream->seeked) {
|
||||
/* back to beginning of current message */
|
||||
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/istream-raw-mbox.h
|
||||
--- a/src/lib-storage/index/mbox/istream-raw-mbox.h Wed Nov 19 17:37:18 2014 +0900
|
||||
+++ b/src/lib-storage/index/mbox/istream-raw-mbox.h Wed Nov 19 17:37:57 2014 +0900
|
||||
@@ -9,15 +9,18 @@
|
||||
/* Return offset to beginning of the "\nFrom"-line. */
|
||||
uoff_t istream_raw_mbox_get_start_offset(struct istream *stream);
|
||||
/* Return offset to beginning of the headers. */
|
||||
-uoff_t istream_raw_mbox_get_header_offset(struct istream *stream);
|
||||
+int istream_raw_mbox_get_header_offset(struct istream *stream,
|
||||
+ uoff_t *hdr_offset_r);
|
||||
/* Return offset to beginning of the body. */
|
||||
-uoff_t istream_raw_mbox_get_body_offset(struct istream *stream);
|
||||
+int istream_raw_mbox_get_body_offset(struct istream *stream,
|
||||
+ uoff_t *body_offset_r);
|
||||
|
||||
/* Return the number of bytes in the body of this message. If
|
||||
expected_body_size isn't (uoff_t)-1, we'll use it as potentially valid body
|
||||
size to avoid actually reading through the whole message. */
|
||||
-uoff_t istream_raw_mbox_get_body_size(struct istream *stream,
|
||||
- uoff_t expected_body_size);
|
||||
+int istream_raw_mbox_get_body_size(struct istream *stream,
|
||||
+ uoff_t expected_body_size,
|
||||
+ uoff_t *body_size_r);
|
||||
|
||||
/* Return received time of current message, or (time_t)-1 if the timestamp is
|
||||
broken. */
|
||||
@@ -30,7 +33,7 @@
|
||||
|
||||
/* Jump to next message. If expected_body_size isn't (uoff_t)-1, we'll use it
|
||||
as potentially valid body size. */
|
||||
-void istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size);
|
||||
+int istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size);
|
||||
|
||||
/* Seek to message at given offset. offset must point to beginning of
|
||||
"\nFrom ", or 0 for beginning of file. Returns -1 if it offset doesn't
|
||||
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-mail.c
|
||||
--- a/src/lib-storage/index/mbox/mbox-mail.c Wed Nov 19 17:37:18 2014 +0900
|
||||
+++ b/src/lib-storage/index/mbox/mbox-mail.c Wed Nov 19 17:37:57 2014 +0900
|
||||
@@ -304,10 +304,10 @@
|
||||
return -1;
|
||||
|
||||
/* our header size varies, so don't do any caching */
|
||||
- body_offset = istream_raw_mbox_get_body_offset(mbox->mbox_stream);
|
||||
- if (body_offset == (uoff_t)-1) {
|
||||
+ if (istream_raw_mbox_get_body_offset(mbox->mbox_stream, &body_offset) < 0) {
|
||||
mail_storage_set_critical(_mail->box->storage,
|
||||
- "Couldn't get mbox size");
|
||||
+ "mbox %s: Couldn't get body offset for uid=%u",
|
||||
+ mailbox_get_path(&mbox->box), mail->mail.mail.uid);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -319,8 +319,13 @@
|
||||
body_size = (uoff_t)-1;
|
||||
|
||||
/* verify that the calculated body size is correct */
|
||||
- body_size = istream_raw_mbox_get_body_size(mbox->mbox_stream,
|
||||
- body_size);
|
||||
+ if (istream_raw_mbox_get_body_size(mbox->mbox_stream,
|
||||
+ body_size, &body_size) < 0) {
|
||||
+ mail_storage_set_critical(_mail->box->storage,
|
||||
+ "mbox %s: Couldn't get body size for uid=%u",
|
||||
+ mailbox_get_path(&mbox->box), mail->mail.mail.uid);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
data->physical_size = hdr_size.physical_size + body_size;
|
||||
*size_r = data->physical_size;
|
||||
@@ -352,7 +357,12 @@
|
||||
}
|
||||
|
||||
raw_stream = mbox->mbox_stream;
|
||||
- hdr_offset = istream_raw_mbox_get_header_offset(raw_stream);
|
||||
+ if (istream_raw_mbox_get_header_offset(raw_stream, &hdr_offset) < 0) {
|
||||
+ mail_storage_set_critical(mbox->box.storage,
|
||||
+ "mbox %s: Couldn't get header offset for uid=%u",
|
||||
+ mailbox_get_path(&mbox->box), mail->mail.mail.uid);
|
||||
+ return -1;
|
||||
+ }
|
||||
i_stream_seek(raw_stream, hdr_offset);
|
||||
|
||||
if (next_offset != (uoff_t)-1)
|
||||
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-parse.c
|
||||
--- a/src/lib-storage/index/mbox/mbox-sync-parse.c Wed Nov 19 17:37:18 2014 +0900
|
||||
+++ b/src/lib-storage/index/mbox/mbox-sync-parse.c Wed Nov 19 17:37:57 2014 +0900
|
||||
@@ -453,8 +453,8 @@
|
||||
return strcasecmp(key, func->header);
|
||||
}
|
||||
|
||||
-void mbox_sync_parse_next_mail(struct istream *input,
|
||||
- struct mbox_sync_mail_context *ctx)
|
||||
+int mbox_sync_parse_next_mail(struct istream *input,
|
||||
+ struct mbox_sync_mail_context *ctx)
|
||||
{
|
||||
struct mbox_sync_context *sync_ctx = ctx->sync_ctx;
|
||||
struct message_header_parser_ctx *hdr_ctx;
|
||||
@@ -545,6 +545,12 @@
|
||||
}
|
||||
|
||||
ctx->body_offset = input->v_offset;
|
||||
+ if (input->stream_errno != 0) {
|
||||
+ mbox_sync_set_critical(ctx->sync_ctx, "read(%s) failed: %s",
|
||||
+ i_stream_get_name(input), i_stream_get_error(input));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
bool mbox_sync_parse_match_mail(struct mbox_mailbox *mbox,
|
||||
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-private.h
|
||||
--- a/src/lib-storage/index/mbox/mbox-sync-private.h Wed Nov 19 17:37:18 2014 +0900
|
||||
+++ b/src/lib-storage/index/mbox/mbox-sync-private.h Wed Nov 19 17:37:57 2014 +0900
|
||||
@@ -158,8 +158,8 @@
|
||||
void mbox_sync_set_critical(struct mbox_sync_context *sync_ctx,
|
||||
const char *fmt, ...) ATTR_FORMAT(2, 3);
|
||||
|
||||
-void mbox_sync_parse_next_mail(struct istream *input,
|
||||
- struct mbox_sync_mail_context *ctx);
|
||||
+int mbox_sync_parse_next_mail(struct istream *input,
|
||||
+ struct mbox_sync_mail_context *ctx);
|
||||
bool mbox_sync_parse_match_mail(struct mbox_mailbox *mbox,
|
||||
struct mail_index_view *view, uint32_t seq);
|
||||
|
||||
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-rewrite.c
|
||||
--- a/src/lib-storage/index/mbox/mbox-sync-rewrite.c Wed Nov 19 17:37:18 2014 +0900
|
||||
+++ b/src/lib-storage/index/mbox/mbox-sync-rewrite.c Wed Nov 19 17:37:57 2014 +0900
|
||||
@@ -318,11 +318,11 @@
|
||||
return 1;
|
||||
}
|
||||
|
||||
-static void mbox_sync_read_next(struct mbox_sync_context *sync_ctx,
|
||||
- struct mbox_sync_mail_context *mail_ctx,
|
||||
- struct mbox_sync_mail *mails,
|
||||
- uint32_t seq, uint32_t idx,
|
||||
- uoff_t expunged_space)
|
||||
+static int mbox_sync_read_next(struct mbox_sync_context *sync_ctx,
|
||||
+ struct mbox_sync_mail_context *mail_ctx,
|
||||
+ struct mbox_sync_mail *mails,
|
||||
+ uint32_t seq, uint32_t idx,
|
||||
+ uoff_t expunged_space)
|
||||
{
|
||||
unsigned int first_mail_expunge_extra;
|
||||
uint32_t orig_next_uid;
|
||||
@@ -332,8 +332,12 @@
|
||||
mail_ctx->seq = seq;
|
||||
mail_ctx->header = sync_ctx->header;
|
||||
|
||||
- mail_ctx->mail.offset =
|
||||
- istream_raw_mbox_get_header_offset(sync_ctx->input);
|
||||
+ if (istream_raw_mbox_get_header_offset(sync_ctx->input,
|
||||
+ &mail_ctx->mail.offset) < 0) {
|
||||
+ mbox_sync_set_critical(sync_ctx,
|
||||
+ "Couldn't get header offset for seq=%u", seq);
|
||||
+ return -1;
|
||||
+ }
|
||||
mail_ctx->mail.body_size = mails[idx].body_size;
|
||||
|
||||
orig_next_uid = sync_ctx->next_uid;
|
||||
@@ -361,7 +365,8 @@
|
||||
mails[idx].from_offset += first_mail_expunge_extra;
|
||||
}
|
||||
|
||||
- mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx);
|
||||
+ if (mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx) < 0)
|
||||
+ return -1;
|
||||
i_assert(mail_ctx->mail.pseudo == mails[idx].pseudo);
|
||||
|
||||
/* set next_uid back before updating the headers. this is important
|
||||
@@ -381,6 +386,7 @@
|
||||
if (mail_ctx->have_eoh)
|
||||
str_append_c(mail_ctx->header, '\n');
|
||||
}
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static int mbox_sync_read_and_move(struct mbox_sync_context *sync_ctx,
|
||||
@@ -398,8 +404,9 @@
|
||||
if (mbox_sync_seek(sync_ctx, mails[idx].from_offset) < 0)
|
||||
return -1;
|
||||
|
||||
- mbox_sync_read_next(sync_ctx, &new_mail_ctx, mails, seq, idx,
|
||||
- expunged_space);
|
||||
+ if (mbox_sync_read_next(sync_ctx, &new_mail_ctx, mails, seq, idx,
|
||||
+ expunged_space) < 0)
|
||||
+ return -1;
|
||||
mail_ctx = &new_mail_ctx;
|
||||
} else {
|
||||
i_assert(seq == mail_ctx->seq);
|
||||
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync.c
|
||||
--- a/src/lib-storage/index/mbox/mbox-sync.c Wed Nov 19 17:37:18 2014 +0900
|
||||
+++ b/src/lib-storage/index/mbox/mbox-sync.c Wed Nov 19 17:37:57 2014 +0900
|
||||
@@ -131,8 +131,10 @@
|
||||
mbox_sync_read_next_mail(struct mbox_sync_context *sync_ctx,
|
||||
struct mbox_sync_mail_context *mail_ctx)
|
||||
{
|
||||
+ uoff_t offset;
|
||||
+
|
||||
/* get EOF */
|
||||
- (void)istream_raw_mbox_get_header_offset(sync_ctx->input);
|
||||
+ (void)istream_raw_mbox_get_header_offset(sync_ctx->input, &offset);
|
||||
if (istream_raw_mbox_is_eof(sync_ctx->input))
|
||||
return 0;
|
||||
|
||||
@@ -144,19 +146,27 @@
|
||||
|
||||
mail_ctx->mail.from_offset =
|
||||
istream_raw_mbox_get_start_offset(sync_ctx->input);
|
||||
- mail_ctx->mail.offset =
|
||||
- istream_raw_mbox_get_header_offset(sync_ctx->input);
|
||||
+ if (istream_raw_mbox_get_header_offset(sync_ctx->input, &mail_ctx->mail.offset) < 0) {
|
||||
+ mbox_sync_set_critical(sync_ctx,
|
||||
+ "Couldn't get header offset for seq=%u", mail_ctx->seq);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx);
|
||||
+ if (mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx) < 0)
|
||||
+ return -1;
|
||||
+ if (istream_raw_mbox_is_corrupted(sync_ctx->input))
|
||||
+ return -1;
|
||||
+
|
||||
i_assert(sync_ctx->input->v_offset != mail_ctx->mail.from_offset ||
|
||||
sync_ctx->input->eof);
|
||||
|
||||
- if (istream_raw_mbox_is_corrupted(sync_ctx->input))
|
||||
+ if (istream_raw_mbox_get_body_size(sync_ctx->input,
|
||||
+ mail_ctx->content_length,
|
||||
+ &mail_ctx->mail.body_size) < 0) {
|
||||
+ mbox_sync_set_critical(sync_ctx,
|
||||
+ "Couldn't get body size for seq=%u", mail_ctx->seq);
|
||||
return -1;
|
||||
-
|
||||
- mail_ctx->mail.body_size =
|
||||
- istream_raw_mbox_get_body_size(sync_ctx->input,
|
||||
- mail_ctx->content_length);
|
||||
+ }
|
||||
i_assert(mail_ctx->mail.body_size < OFF_T_MAX);
|
||||
|
||||
if ((mail_ctx->mail.flags & MAIL_RECENT) != 0 &&
|
||||
@@ -810,7 +820,7 @@
|
||||
mbox_sync_seek_to_seq(struct mbox_sync_context *sync_ctx, uint32_t seq)
|
||||
{
|
||||
struct mbox_mailbox *mbox = sync_ctx->mbox;
|
||||
- uoff_t old_offset;
|
||||
+ uoff_t old_offset, offset;
|
||||
uint32_t uid;
|
||||
int ret;
|
||||
bool deleted;
|
||||
@@ -864,7 +874,11 @@
|
||||
|
||||
sync_ctx->idx_seq = seq;
|
||||
sync_ctx->dest_first_mail = sync_ctx->seq == 0;
|
||||
- (void)istream_raw_mbox_get_body_offset(sync_ctx->input);
|
||||
+ if (istream_raw_mbox_get_body_offset(sync_ctx->input, &offset) < 0) {
|
||||
+ mbox_sync_set_critical(sync_ctx,
|
||||
+ "Message body offset lookup failed");
|
||||
+ return -1;
|
||||
+ }
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -1149,8 +1163,9 @@
|
||||
sync_ctx->idx_seq++;
|
||||
}
|
||||
|
||||
- istream_raw_mbox_next(sync_ctx->input,
|
||||
- mail_ctx->mail.body_size);
|
||||
+ if (istream_raw_mbox_next(sync_ctx->input,
|
||||
+ mail_ctx->mail.body_size) < 0)
|
||||
+ return -1;
|
||||
offset = istream_raw_mbox_get_start_offset(sync_ctx->input);
|
||||
|
||||
if (sync_ctx->need_space_seq != 0) {
|
||||
|
@ -1,48 +0,0 @@
|
||||
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c
|
||||
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2024-06-04 09:11:28.514189662 +0200
|
||||
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2024-06-04 09:18:23.219809778 +0200
|
||||
@@ -368,11 +368,13 @@ static bool opc_include_dump
|
||||
return FALSE;
|
||||
|
||||
sieve_code_descend(denv);
|
||||
- sieve_code_dumpf(denv, "script: `%s' from %s %s%s[ID: %d, BLOCK: %d]",
|
||||
+ sieve_code_dumpf(denv, "script: `%s' from %s %s%s%s[ID: %d, BLOCK: %d]",
|
||||
sieve_script_name(included->script), sieve_script_location(included->script),
|
||||
((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""),
|
||||
((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""),
|
||||
- include_id, sieve_binary_block_get_id(included->block));
|
||||
+ (included->block == NULL ? "(missing) " : ""),
|
||||
+ include_id,
|
||||
+ (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block)));
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c
|
||||
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2023-09-14 15:18:26.000000000 +0200
|
||||
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2024-06-04 09:10:45.187823805 +0200
|
||||
@@ -693,6 +693,25 @@ int ext_include_execute_include(const st
|
||||
}
|
||||
|
||||
ctx = ext_include_get_interpreter_context(this_ext, renv->interp);
|
||||
+ if (included->block == NULL) {
|
||||
+ if ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0) {
|
||||
+ sieve_runtime_trace(
|
||||
+ renv, SIEVE_TRLVL_NONE,
|
||||
+ "include: skipped include for script '%s' "
|
||||
+ "[inc id: %d, block: NULL]; optional and unavailable",
|
||||
+ sieve_script_name(included->script),
|
||||
+ include_id);
|
||||
+ return result;
|
||||
+ } else {
|
||||
+ sieve_runtime_trace(
|
||||
+ renv, SIEVE_TRLVL_NONE,
|
||||
+ "include: unavailable script '%s' "
|
||||
+ "[inc id: %d, block: NULL]",
|
||||
+ sieve_script_name(included->script),
|
||||
+ include_id);
|
||||
+ return SIEVE_EXEC_BIN_CORRUPT;
|
||||
+ }
|
||||
+ }
|
||||
block_id = sieve_binary_block_get_id(included->block);
|
||||
|
||||
/* If :once modifier is specified, check for duplicate include */
|
@ -1,12 +0,0 @@
|
||||
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c
|
||||
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 2024-06-03 13:35:24.408858593 +0200
|
||||
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c 2024-06-03 13:35:24.434858849 +0200
|
||||
@@ -800,7 +800,7 @@ static bool sieve_file_script_equals
|
||||
(struct sieve_file_script *)other;
|
||||
|
||||
return ( CMP_DEV_T(fscript->st.st_dev, fother->st.st_dev) &&
|
||||
- fscript->st.st_ino == fother->st.st_ino );
|
||||
+ fscript->st.st_ino == fother->st.st_ino && (fscript->st.st_ino != 0 || script->location != NULL && other->location != NULL && strcmp(script->location, other->location) == 0));
|
||||
}
|
||||
|
||||
/*
|
@ -1,11 +0,0 @@
|
||||
diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
|
||||
--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
|
||||
@@ -14,6 +14,7 @@
|
||||
# define _XPG6 /* Some Solaris versions require this, some break with this */
|
||||
#endif
|
||||
#include <unistd.h>
|
||||
+#include <crypt.h>
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
@ -1,34 +0,0 @@
|
||||
diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c
|
||||
--- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 18:56:52.573174433 +0200
|
||||
+++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 18:56:52.585174274 +0200
|
||||
@@ -73,10 +73,30 @@
|
||||
2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id
|
||||
**/
|
||||
|
||||
+#if OPENSSL_VERSION_MAJOR == 3
|
||||
+static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
|
||||
+{
|
||||
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||
+ EC_KEY_free(eck);
|
||||
+ return eck;
|
||||
+}
|
||||
+
|
||||
+static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
|
||||
+{
|
||||
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||
+ return eck;
|
||||
+}
|
||||
+
|
||||
+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3
|
||||
+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
|
||||
+#else
|
||||
#ifndef HAVE_EVP_PKEY_get0
|
||||
#define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
|
||||
#define EVP_PKEY_get0_RSA(x) x->pkey.rsa
|
||||
#endif
|
||||
+#endif
|
||||
|
||||
#ifndef HAVE_OBJ_LENGTH
|
||||
#define OBJ_length(o) ((o)->length)
|
@ -1,24 +0,0 @@
|
||||
diff -up dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
|
||||
--- dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100
|
||||
+++ dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100
|
||||
@@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream
|
||||
(struct sieve_dict_script *)script;
|
||||
struct sieve_dict_storage *dstorage =
|
||||
(struct sieve_dict_storage *)script->storage;
|
||||
- const char *path, *name = script->name, *data, *error;
|
||||
+ const char *path, *name = script->name, *data, *error = NULL;
|
||||
int ret;
|
||||
|
||||
dscript->data_pool =
|
||||
diff -up dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.17/src/lib-storage/index/index-attribute.c
|
||||
--- dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond 2021-10-27 13:09:04.000000000 +0200
|
||||
+++ dovecot-2.3.17/src/lib-storage/index/index-attribute.c 2021-11-02 21:51:36.109032050 +0100
|
||||
@@ -248,7 +248,7 @@ int index_storage_attribute_get(struct m
|
||||
struct mail_attribute_value *value_r)
|
||||
{
|
||||
struct dict *dict;
|
||||
- const char *mailbox_prefix, *error;
|
||||
+ const char *mailbox_prefix, *error = NULL;
|
||||
int ret;
|
||||
|
||||
i_zero(value_r);
|
@ -1,20 +0,0 @@
|
||||
diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp
|
||||
--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr 2021-06-21 22:52:53.272707239 +0200
|
||||
+++ dovecot-2.3.15/run-test-valgrind.supp 2021-06-21 22:54:19.786668430 +0200
|
||||
@@ -1,4 +1,16 @@
|
||||
{
|
||||
+ <bashagin>
|
||||
+ Memcheck:Leak
|
||||
+ match-leak-kinds: definite
|
||||
+ fun:malloc
|
||||
+ fun:make_if_command
|
||||
+ fun:yyparse
|
||||
+ fun:parse_command
|
||||
+ fun:read_command
|
||||
+ fun:reader_loop
|
||||
+ fun:main
|
||||
+}
|
||||
+{
|
||||
<bash>
|
||||
Memcheck:Leak
|
||||
fun:malloc
|
@ -1,295 +0,0 @@
|
||||
diff -up dovecot-2.3.20/configure.ac.nolibotp dovecot-2.3.20/configure.ac
|
||||
--- dovecot-2.3.20/configure.ac.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/configure.ac 2023-02-14 16:54:02.118531016 +0100
|
||||
@@ -854,7 +854,6 @@ src/lib-lua/Makefile
|
||||
src/lib-mail/Makefile
|
||||
src/lib-master/Makefile
|
||||
src/lib-program-client/Makefile
|
||||
-src/lib-otp/Makefile
|
||||
src/lib-dovecot/Makefile
|
||||
src/lib-sasl/Makefile
|
||||
src/lib-settings/Makefile
|
||||
diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c
|
||||
--- dovecot-2.3.20/src/auth/main.c.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/auth/main.c 2023-02-14 16:54:02.118531016 +0100
|
||||
@@ -19,8 +19,6 @@
|
||||
#include "password-scheme.h"
|
||||
#include "passdb-cache.h"
|
||||
#include "mech.h"
|
||||
-#include "otp.h"
|
||||
-#include "mech-otp-common.h"
|
||||
#include "auth.h"
|
||||
#include "auth-penalty.h"
|
||||
#include "auth-token.h"
|
||||
@@ -283,7 +281,6 @@ static void main_deinit(void)
|
||||
|
||||
auth_policy_deinit();
|
||||
mech_register_deinit(&mech_reg);
|
||||
- mech_otp_deinit();
|
||||
mech_deinit(global_auth_settings);
|
||||
|
||||
/* allow modules to unregister their dbs/drivers/etc. before freeing
|
||||
diff -up dovecot-2.3.20/src/auth/Makefile.am.nolibotp dovecot-2.3.20/src/auth/Makefile.am
|
||||
--- dovecot-2.3.20/src/auth/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/auth/Makefile.am 2023-02-14 16:54:02.118531016 +0100
|
||||
@@ -45,7 +45,6 @@ AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/lib-sql \
|
||||
-I$(top_srcdir)/src/lib-settings \
|
||||
-I$(top_srcdir)/src/lib-old-stats \
|
||||
- -I$(top_srcdir)/src/lib-otp \
|
||||
-I$(top_srcdir)/src/lib-master \
|
||||
-I$(top_srcdir)/src/lib-oauth2 \
|
||||
-I$(top_srcdir)/src/lib-ssl-iostream \
|
||||
@@ -67,7 +66,6 @@ libpassword_la_SOURCES = \
|
||||
password-scheme-crypt.c \
|
||||
password-scheme-md5crypt.c \
|
||||
password-scheme-scram.c \
|
||||
- password-scheme-otp.c \
|
||||
password-scheme-pbkdf2.c \
|
||||
password-scheme-sodium.c
|
||||
libpassword_la_CFLAGS = $(AM_CPPFLAGS) $(LIBSODIUM_CFLAGS)
|
||||
@@ -76,7 +74,6 @@ auth_libs = \
|
||||
libauth.la \
|
||||
libstats_auth.la \
|
||||
libpassword.la \
|
||||
- ../lib-otp/libotp.la \
|
||||
$(AUTH_LUA_LIBS) \
|
||||
$(LIBDOVECOT_SQL)
|
||||
|
||||
@@ -95,7 +92,6 @@ libauth_la_SOURCES = \
|
||||
auth-client-connection.c \
|
||||
auth-master-connection.c \
|
||||
auth-policy.c \
|
||||
- mech-otp-common.c \
|
||||
mech-plain-common.c \
|
||||
auth-penalty.c \
|
||||
auth-request.c \
|
||||
@@ -122,7 +118,6 @@ libauth_la_SOURCES = \
|
||||
mech-digest-md5.c \
|
||||
mech-external.c \
|
||||
mech-gssapi.c \
|
||||
- mech-otp.c \
|
||||
mech-scram.c \
|
||||
mech-apop.c \
|
||||
mech-winbind.c \
|
||||
@@ -161,7 +156,6 @@ headers = \
|
||||
auth-client-connection.h \
|
||||
auth-common.h \
|
||||
auth-master-connection.h \
|
||||
- mech-otp-common.h \
|
||||
mech-plain-common.h \
|
||||
mech-digest-md5-private.h \
|
||||
mech-scram.h \
|
||||
@@ -260,7 +254,6 @@ test_libs = \
|
||||
test_libpassword_SOURCES = test-libpassword.c
|
||||
test_libpassword_LDADD = \
|
||||
libpassword.la \
|
||||
- ../lib-otp/libotp.la \
|
||||
$(CRYPT_LIBS) \
|
||||
$(LIBDOVECOT_SQL) \
|
||||
$(LIBSODIUM_LIBS) \
|
||||
diff -up dovecot-2.3.20/src/auth/mech.c.nolibotp dovecot-2.3.20/src/auth/mech.c
|
||||
--- dovecot-2.3.20/src/auth/mech.c.nolibotp 2023-02-14 16:55:38.421231797 +0100
|
||||
+++ dovecot-2.3.20/src/auth/mech.c 2023-02-14 16:55:38.434231892 +0100
|
||||
@@ -71,7 +71,6 @@ extern const struct mech_module mech_apo
|
||||
extern const struct mech_module mech_cram_md5;
|
||||
extern const struct mech_module mech_digest_md5;
|
||||
extern const struct mech_module mech_external;
|
||||
-extern const struct mech_module mech_otp;
|
||||
extern const struct mech_module mech_scram_sha1;
|
||||
extern const struct mech_module mech_scram_sha256;
|
||||
extern const struct mech_module mech_anonymous;
|
||||
@@ -206,7 +205,6 @@ void mech_init(const struct auth_setting
|
||||
mech_register_module(&mech_gssapi_spnego);
|
||||
#endif
|
||||
}
|
||||
- mech_register_module(&mech_otp);
|
||||
mech_register_module(&mech_scram_sha1);
|
||||
mech_register_module(&mech_scram_sha256);
|
||||
mech_register_module(&mech_anonymous);
|
||||
@@ -233,7 +231,6 @@ void mech_deinit(const struct auth_setti
|
||||
mech_unregister_module(&mech_gssapi_spnego);
|
||||
#endif
|
||||
}
|
||||
- mech_unregister_module(&mech_otp);
|
||||
mech_unregister_module(&mech_scram_sha1);
|
||||
mech_unregister_module(&mech_scram_sha256);
|
||||
mech_unregister_module(&mech_anonymous);
|
||||
diff -up dovecot-2.3.20/src/auth/password-scheme.c.nolibotp dovecot-2.3.20/src/auth/password-scheme.c
|
||||
--- dovecot-2.3.20/src/auth/password-scheme.c.nolibotp 2023-02-14 16:54:02.109530950 +0100
|
||||
+++ dovecot-2.3.20/src/auth/password-scheme.c 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -13,7 +13,6 @@
|
||||
#include "randgen.h"
|
||||
#include "sha1.h"
|
||||
#include "sha2.h"
|
||||
-#include "otp.h"
|
||||
#include "str.h"
|
||||
#include "password-scheme.h"
|
||||
|
||||
@@ -709,32 +708,6 @@ plain_md5_generate(const char *plaintext
|
||||
*size_r = MD5_RESULTLEN;
|
||||
}
|
||||
|
||||
-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char *raw_password, size_t size,
|
||||
- const char **error_r)
|
||||
-{
|
||||
- const char *password, *generated;
|
||||
-
|
||||
- password = t_strndup(raw_password, size);
|
||||
- if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
|
||||
- *error_r = "Invalid OTP data in passdb";
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- return strcasecmp(password, generated) == 0 ? 1 : 0;
|
||||
-}
|
||||
-
|
||||
-static void
|
||||
-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char **raw_password_r, size_t *size_r)
|
||||
-{
|
||||
- const char *password;
|
||||
-
|
||||
- if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
|
||||
- i_unreached();
|
||||
- *raw_password_r = (const unsigned char *)password;
|
||||
- *size_r = strlen(password);
|
||||
-}
|
||||
|
||||
static const struct password_scheme builtin_schemes[] = {
|
||||
{ "MD5", PW_ENCODING_NONE, 0, md5_verify, md5_crypt_generate },
|
||||
@@ -770,7 +743,6 @@ static const struct password_scheme buil
|
||||
NULL, plain_md5_generate },
|
||||
{ "LDAP-MD5", PW_ENCODING_BASE64, MD5_RESULTLEN,
|
||||
NULL, plain_md5_generate },
|
||||
- { "OTP", PW_ENCODING_NONE, 0, otp_verify, otp_generate },
|
||||
{ "PBKDF2", PW_ENCODING_NONE, 0, pbkdf2_verify, pbkdf2_generate },
|
||||
};
|
||||
|
||||
diff -up dovecot-2.3.20/src/auth/password-scheme.h.nolibotp dovecot-2.3.20/src/auth/password-scheme.h
|
||||
--- dovecot-2.3.20/src/auth/password-scheme.h.nolibotp 2023-02-14 16:56:50.929759540 +0100
|
||||
+++ dovecot-2.3.20/src/auth/password-scheme.h 2023-02-14 16:56:50.947759671 +0100
|
||||
@@ -92,9 +92,6 @@ void password_set_encryption_rounds(unsi
|
||||
/* INTERNAL: */
|
||||
const char *password_generate_salt(size_t len);
|
||||
const char *password_generate_md5_crypt(const char *pw, const char *salt);
|
||||
-int password_generate_otp(const char *pw, const char *state_data,
|
||||
- unsigned int algo, const char **result_r)
|
||||
- ATTR_NULL(2);
|
||||
|
||||
int crypt_verify(const char *plaintext,
|
||||
const struct password_generate_params *params,
|
||||
diff -up dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp dovecot-2.3.20/src/auth/test-libpassword.c
|
||||
--- dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp 2023-02-14 16:54:55.880922175 +0100
|
||||
+++ dovecot-2.3.20/src/auth/test-libpassword.c 2023-02-14 16:54:55.896922291 +0100
|
||||
@@ -106,7 +106,6 @@ static void test_password_schemes(void)
|
||||
test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
|
||||
test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
|
||||
test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
|
||||
- test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
|
||||
test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
|
||||
test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
|
||||
test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
|
||||
diff -up dovecot-2.3.20/src/auth/test-mech.c.nolibotp dovecot-2.3.20/src/auth/test-mech.c
|
||||
--- dovecot-2.3.20/src/auth/test-mech.c.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/auth/test-mech.c 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -8,8 +8,6 @@
|
||||
#include "auth-request-handler-private.h"
|
||||
#include "auth-settings.h"
|
||||
#include "mech-digest-md5-private.h"
|
||||
-#include "otp.h"
|
||||
-#include "mech-otp-common.h"
|
||||
#include "settings-parser.h"
|
||||
#include "password-scheme.h"
|
||||
#include "auth-token.h"
|
||||
@@ -27,7 +25,6 @@ extern const struct mech_module mech_dov
|
||||
extern const struct mech_module mech_external;
|
||||
extern const struct mech_module mech_login;
|
||||
extern const struct mech_module mech_oauthbearer;
|
||||
-extern const struct mech_module mech_otp;
|
||||
extern const struct mech_module mech_plain;
|
||||
extern const struct mech_module mech_scram_sha1;
|
||||
extern const struct mech_module mech_scram_sha256;
|
||||
@@ -65,10 +62,7 @@ request_handler_reply_mock_callback(stru
|
||||
|
||||
if (request->passdb_result == PASSDB_RESULT_OK)
|
||||
request->failed = FALSE;
|
||||
- else if (request->mech == &mech_otp) {
|
||||
- if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
|
||||
- request->failed = FALSE;
|
||||
- } else if (request->mech == &mech_oauthbearer) {
|
||||
+ else if (request->mech == &mech_oauthbearer) {
|
||||
}
|
||||
};
|
||||
|
||||
@@ -224,10 +218,6 @@ static void test_mechs(void)
|
||||
{&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE},
|
||||
{&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE},
|
||||
{&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE},
|
||||
@@ -242,8 +232,6 @@ static void test_mechs(void)
|
||||
{&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE},
|
||||
{&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
@@ -255,7 +243,6 @@ static void test_mechs(void)
|
||||
{&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE},
|
||||
{&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE},
|
||||
|
||||
@@ -297,9 +284,7 @@ static void test_mechs(void)
|
||||
{&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE},
|
||||
/* phase 2 */
|
||||
- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
@@ -387,7 +372,6 @@ static void test_mechs(void)
|
||||
|
||||
test_end();
|
||||
} T_END;
|
||||
- mech_otp_deinit();
|
||||
auths_deinit();
|
||||
auth_token_deinit();
|
||||
password_schemes_deinit();
|
||||
diff -up dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp dovecot-2.3.20/src/doveadm/Makefile.am
|
||||
--- dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/doveadm/Makefile.am 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -36,8 +36,7 @@ AM_CPPFLAGS = \
|
||||
$(BINARY_CFLAGS)
|
||||
|
||||
cmd_pw_libs = \
|
||||
- ../auth/libpassword.la \
|
||||
- ../lib-otp/libotp.la
|
||||
+ ../auth/libpassword.la
|
||||
|
||||
libs = \
|
||||
dsync/libdsync.la \
|
||||
diff -up dovecot-2.3.20/src/Makefile.am.nolibotp dovecot-2.3.20/src/Makefile.am
|
||||
--- dovecot-2.3.20/src/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/Makefile.am 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -40,7 +40,6 @@ SUBDIRS = \
|
||||
lib-index \
|
||||
lib-storage \
|
||||
lib-sql \
|
||||
- lib-otp \
|
||||
lib-lda \
|
||||
lib-dict-backend \
|
||||
anvil \
|
@ -1,200 +0,0 @@
|
||||
diff -up dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c.noengine dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c
|
||||
--- dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c.noengine 2024-07-23 13:18:35.040720598 -0400
|
||||
+++ dovecot-2.3.21/src/lib-dcrypt/dcrypt-openssl.c 2024-07-23 13:20:16.250720598 -0400
|
||||
@@ -20,7 +20,6 @@
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/x509.h>
|
||||
-#include <openssl/engine.h>
|
||||
#include <openssl/hmac.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/bn.h>
|
||||
diff -up dovecot-2.3.21/m4/ssl.m4.noengine dovecot-2.3.21/m4/ssl.m4
|
||||
--- dovecot-2.3.21/m4/ssl.m4.noengine 2024-05-06 17:39:59.362886891 +0200
|
||||
+++ dovecot-2.3.21/m4/ssl.m4 2024-05-06 17:42:17.945312656 +0200
|
||||
@@ -233,6 +233,27 @@ AC_DEFUN([DOVECOT_SSL], [
|
||||
AC_CHECK_LIB(ssl, ECDSA_SIG_set0, [
|
||||
AC_DEFINE(HAVE_ECDSA_SIG_SET0,, [Build with ECDSA_SIG_set0 support])
|
||||
],, $SSL_LIBS)
|
||||
+ AC_CHECK_LIB(ssl, OSSL_PROVIDER_try_load, [
|
||||
+ AC_DEFINE(HAVE_OSSL_PROVIDER_try_load,, [Build with OSSL_PROVIDER_try_load support])
|
||||
+ ],, $SSL_LIBS)
|
||||
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [
|
||||
+ AC_DEFINE(HAVE_OPENSSL_init_ssl,, [Build with OPENSSL_init_ssl support])
|
||||
+ ],, $SSL_LIBS)
|
||||
+ AC_CHECK_LIB(ssl, OPENSSL_cleanup, [
|
||||
+ AC_DEFINE(HAVE_OPENSSL_cleanup,, [OpenSSL supports OPENSSL_cleanup()])
|
||||
+ ],, $SSL_LIBS)
|
||||
+ AC_CHECK_LIB(ssl, OPENSSL_thread_stop, [
|
||||
+ AC_DEFINE(HAVE_OPENSSL_thread_stop,, [OpenSSL supports OPENSSL_thread_stop()])
|
||||
+ ],, $SSL_LIBS)
|
||||
+ AC_CHECK_LIB(ssl, ERR_remove_thread_state, [
|
||||
+ AC_DEFINE(HAVE_ERR_remove_thread_state,, [OpenSSL supports ERR_remove_thread_state()])
|
||||
+ ],, $SSL_LIBS)
|
||||
+ AC_CHECK_LIB(ssl, ERR_remove_state, [
|
||||
+ AC_DEFINE(HAVE_ERR_remove_state,, [OpenSSL supports ERR_remove_state()])
|
||||
+ ],, $SSL_LIBS)
|
||||
+ AC_CHECK_LIB(ssl, ENGINE_by_id_DISABLED, [
|
||||
+ AC_DEFINE(HAVE_ENGINE_by_id,, [OpenSSL supports ENGINE_by_id() - !!!EXPLICITELY DISABLED!!! ])
|
||||
+ ],, $SSL_LIBS)
|
||||
AC_CHECK_LIB(ssl, EC_GROUP_order_bits, [
|
||||
AC_DEFINE(HAVE_EC_GROUP_order_bits,, [Build with EC_GROUP_order_bits support])
|
||||
],, $SSL_LIBS)
|
||||
diff -up dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c.noengine dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c
|
||||
--- dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c.noengine 2023-09-14 15:17:46.000000000 +0200
|
||||
+++ dovecot-2.3.21/src/lib-ssl-iostream/dovecot-openssl-common.c 2024-05-06 17:39:59.363886901 +0200
|
||||
@@ -3,13 +3,23 @@
|
||||
#include "lib.h"
|
||||
#include "randgen.h"
|
||||
#include "dovecot-openssl-common.h"
|
||||
+#include "iostream-openssl.h"
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
-#include <openssl/engine.h>
|
||||
+#include <openssl/err.h>
|
||||
+#ifdef HAVE_OSSL_PROVIDER_try_load
|
||||
+# include <openssl/provider.h>
|
||||
+#else
|
||||
+# include <openssl/engine.h>
|
||||
+#endif
|
||||
#include <openssl/rand.h>
|
||||
|
||||
static int openssl_init_refcount = 0;
|
||||
-static ENGINE *dovecot_openssl_engine;
|
||||
+#ifdef HAVE_OSSL_PROVIDER_try_load
|
||||
+static OSSL_PROVIDER *dovecot_openssl_engine = NULL;
|
||||
+#else
|
||||
+static ENGINE *dovecot_openssl_engine = NULL;
|
||||
+#endif
|
||||
|
||||
#ifdef HAVE_SSL_NEW_MEM_FUNCS
|
||||
static void *dovecot_openssl_malloc(size_t size, const char *u0 ATTR_UNUSED, int u1 ATTR_UNUSED)
|
||||
@@ -17,12 +27,14 @@ static void *dovecot_openssl_malloc(size
|
||||
static void *dovecot_openssl_malloc(size_t size)
|
||||
#endif
|
||||
{
|
||||
+ if (size == 0)
|
||||
+ return NULL;
|
||||
/* this may be performance critical, so don't use
|
||||
i_malloc() or calloc() */
|
||||
void *mem = malloc(size);
|
||||
- if (mem == NULL) {
|
||||
+ if (unlikely(mem == NULL)) {
|
||||
i_fatal_status(FATAL_OUTOFMEM,
|
||||
- "OpenSSL: malloc(%zu): Out of memory", size);
|
||||
+ "OpenSSL: malloc(%zu): Out of memory", size);
|
||||
}
|
||||
return mem;
|
||||
}
|
||||
@@ -33,10 +45,14 @@ static void *dovecot_openssl_realloc(voi
|
||||
static void *dovecot_openssl_realloc(void *ptr, size_t size)
|
||||
#endif
|
||||
{
|
||||
+ if (size == 0) {
|
||||
+ free(ptr);
|
||||
+ return NULL;
|
||||
+ }
|
||||
void *mem = realloc(ptr, size);
|
||||
- if (mem == NULL) {
|
||||
+ if (unlikely(mem == NULL)) {
|
||||
i_fatal_status(FATAL_OUTOFMEM,
|
||||
- "OpenSSL: realloc(%zu): Out of memory", size);
|
||||
+ "OpenSSL: realloc(%zu): Out of memory", size);
|
||||
}
|
||||
return mem;
|
||||
}
|
||||
@@ -63,9 +79,13 @@ void dovecot_openssl_common_global_ref(v
|
||||
/*i_warning("CRYPTO_set_mem_functions() was called too late");*/
|
||||
}
|
||||
|
||||
+#ifdef HAVE_OPENSSL_init_ssl
|
||||
+ OPENSSL_init_ssl(0, NULL);
|
||||
+#else
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
+#endif
|
||||
}
|
||||
|
||||
bool dovecot_openssl_common_global_unref(void)
|
||||
@@ -76,30 +96,35 @@ bool dovecot_openssl_common_global_unref
|
||||
return TRUE;
|
||||
|
||||
if (dovecot_openssl_engine != NULL) {
|
||||
+#ifdef HAVE_OSSL_PROVIDER_try_load
|
||||
+ OSSL_PROVIDER_unload(dovecot_openssl_engine);
|
||||
+#else
|
||||
ENGINE_finish(dovecot_openssl_engine);
|
||||
+#endif
|
||||
dovecot_openssl_engine = NULL;
|
||||
}
|
||||
+#ifdef HAVE_OPENSSL_cleanup
|
||||
+ OPENSSL_cleanup();
|
||||
+#else
|
||||
/* OBJ_cleanup() is called automatically by EVP_cleanup() in
|
||||
newer versions. Doesn't hurt to call it anyway. */
|
||||
OBJ_cleanup();
|
||||
-#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
|
||||
+# if !defined(OPENSSL_NO_COMP)
|
||||
SSL_COMP_free_compression_methods();
|
||||
-#endif
|
||||
+# endif
|
||||
ENGINE_cleanup();
|
||||
EVP_cleanup();
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
-#ifdef HAVE_OPENSSL_AUTO_THREAD_DEINIT
|
||||
+# ifdef HAVE_OPENSSL_thread_stop
|
||||
/* no cleanup needed */
|
||||
-#elif defined(HAVE_OPENSSL_ERR_REMOVE_THREAD_STATE)
|
||||
+# elif defined(HAVE_ERR_remove_thread_state)
|
||||
/* This was marked as deprecated in v1.1. */
|
||||
ERR_remove_thread_state(NULL);
|
||||
-#else
|
||||
+# elif defined(HAVE_ERR_remove_state)
|
||||
/* This was deprecated by ERR_remove_thread_state(NULL) in v1.0.0. */
|
||||
ERR_remove_state(0);
|
||||
-#endif
|
||||
+# endif
|
||||
ERR_free_strings();
|
||||
-#ifdef HAVE_OPENSSL_CLEANUP
|
||||
- OPENSSL_cleanup();
|
||||
#endif
|
||||
return FALSE;
|
||||
}
|
||||
@@ -110,6 +135,7 @@ int dovecot_openssl_common_global_set_en
|
||||
if (dovecot_openssl_engine != NULL)
|
||||
return 1;
|
||||
|
||||
+#ifdef HAVE_ENGINE_by_id
|
||||
ENGINE_load_builtin_engines();
|
||||
dovecot_openssl_engine = ENGINE_by_id(engine);
|
||||
if (dovecot_openssl_engine == NULL) {
|
||||
@@ -128,5 +154,15 @@ int dovecot_openssl_common_global_set_en
|
||||
dovecot_openssl_engine = NULL;
|
||||
return -1;
|
||||
}
|
||||
+#elif defined(HAVE_OSSL_PROVIDER_try_load)
|
||||
+ if ((dovecot_openssl_engine = OSSL_PROVIDER_try_load(NULL, engine, 1)) == NULL) {
|
||||
+ *error_r = t_strdup_printf("Cannot load '%s': %s", engine,
|
||||
+ openssl_iostream_error());
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return 1;
|
||||
+#else
|
||||
+ *error_r = t_strdup_printf("Cannot load '%s': No engine/provider support available", engine);
|
||||
+#endif
|
||||
return 1;
|
||||
}
|
||||
diff -up dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am.noengine dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am
|
||||
--- dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am.noengine 2023-09-14 15:17:46.000000000 +0200
|
||||
+++ dovecot-2.3.21/src/lib-ssl-iostream/Makefile.am 2024-05-06 17:39:59.363886901 +0200
|
||||
@@ -5,7 +5,8 @@ NOPLUGIN_LDFLAGS =
|
||||
AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/lib \
|
||||
-I$(top_srcdir)/src/lib-test \
|
||||
- -DMODULE_DIR=\""$(moduledir)"\"
|
||||
+ -DMODULE_DIR=\""$(moduledir)"\" \
|
||||
+ $(SSL_CFLAGS)
|
||||
|
||||
if BUILD_OPENSSL
|
||||
module_LTLIBRARIES = libssl_iostream_openssl.la
|
@ -1,25 +0,0 @@
|
||||
m4: crypt_xxpg6.m4: Define _DEFAULT_SOURCE for current glibc
|
||||
|
||||
Current glibc no longer implements the CRYPT extension, so it does not
|
||||
declare crypt in <unistd.h> in strict standard modes. The check
|
||||
defines _XOPEN_SOURCE, which enables one of these modes. Defining
|
||||
_DEFAULT_SOURCE as well again makes available the crypt function
|
||||
prototype.
|
||||
|
||||
This avoids a configure check result change with compilers which do
|
||||
not support implicit function declarations.
|
||||
|
||||
Submitted upstream: <https://github.com/dovecot/core/pull/193>
|
||||
|
||||
diff --git a/m4/crypt_xpg6.m4 b/m4/crypt_xpg6.m4
|
||||
index 0085b2ac76..3a288a3713 100644
|
||||
--- a/m4/crypt_xpg6.m4
|
||||
+++ b/m4/crypt_xpg6.m4
|
||||
@@ -6,6 +6,7 @@ AC_DEFUN([DOVECOT_CRYPT_XPG6], [
|
||||
#define _XOPEN_SOURCE 4
|
||||
#define _XOPEN_SOURCE_EXTENDED 1
|
||||
#define _XOPEN_VERSION 4
|
||||
+ #define _DEFAULT_SOURCE
|
||||
#define _XPG4_2
|
||||
#define _XPG6
|
||||
#include <unistd.h>
|
@ -1,9 +0,0 @@
|
||||
#Type Name ID GECOS Home directory Shell
|
||||
g dovecot 97
|
||||
u dovecot 97 "Dovecot IMAP server" /usr/libexec/dovecot /sbin/nologin
|
||||
m dovecot dovecot
|
||||
|
||||
g dovenull -
|
||||
u dovenull - "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
|
||||
m dovenull dovenull
|
||||
|
@ -1,6 +0,0 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-10
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
@ -1,34 +0,0 @@
|
||||
---
|
||||
|
||||
summary: Tier1 plan for dovecot
|
||||
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://pkgs.devel.redhat.com/git/tests/dovecot
|
||||
ref: master
|
||||
filter: tier:1
|
||||
|
||||
prepare:
|
||||
- how: shell
|
||||
script: |
|
||||
set -euxo pipefail
|
||||
|
||||
ENABLE_REPO_CMD="yum-config-manager --enable"
|
||||
if command -v dnf >/dev/null 2>&1; then
|
||||
ENABLE_REPO_CMD="dnf config-manager --set-enabled"
|
||||
fi
|
||||
|
||||
${ENABLE_REPO_CMD} beaker-tasks || :
|
||||
- how: shell
|
||||
script: |
|
||||
set -exuo pipefail
|
||||
|
||||
if [[ -f /etc/os-release ]]; then
|
||||
. /etc/os-release
|
||||
if [[ "${ID:-}" == "rhel" && "${VERSION_ID%%.*}" -ge 8 ]]; then
|
||||
dnf config-manager --enable rhel-CRB
|
||||
fi
|
||||
fi
|
||||
|
||||
execute:
|
||||
how: tmt
|
2
sources
2
sources
@ -1,2 +0,0 @@
|
||||
SHA512 (dovecot-2.3.21.tar.gz) = 2d463c38639c3fd3d617ee5b1a4e4d0c11362339c4d4d62a5a90164a8b10bc58919545679bbf379139bdb743fdb013033abfddc1fc6401eb8099463cdc2401ca
|
||||
SHA512 (dovecot-2.3-pigeonhole-0.5.21.tar.gz) = 5537444025a474ee1b79919a424e24530695aec639361c531257f25fac286673719d476906d99d47e348deb57baa75419bff7dd284c82d2b751334dedec96314
|
Loading…
Reference in New Issue
Block a user