Compare commits
No commits in common. "c8" and "c9s" have entirely different histories.
@ -1,2 +0,0 @@
|
|||||||
4673c244c6ea73ee3da0bb61d0206a1fe3d0be0e SOURCES/dovecot-2.3-pigeonhole-0.5.16.tar.gz
|
|
||||||
b5c598ae8b9901bfabdf2c93271f57cde0bde73e SOURCES/dovecot-2.3.16.tar.gz
|
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/dovecot-2.3-pigeonhole-0.5.16.tar.gz
|
/dovecot-*.tar.gz
|
||||||
SOURCES/dovecot-2.3.16.tar.gz
|
/pigeonhole-*.tar.bz2
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
diff -up dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c
|
|
||||||
--- dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix 2018-09-18 15:00:08.778823903 +0200
|
|
||||||
+++ dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c 2018-09-18 15:00:08.814823737 +0200
|
|
||||||
@@ -161,8 +161,7 @@ acl_backend_vfile_object_init(struct acl
|
|
||||||
T_BEGIN {
|
|
||||||
if (*name == '\0' ||
|
|
||||||
mailbox_list_is_valid_name(_backend->list, name, &error)) {
|
|
||||||
- vname = *name == '\0' ? "" :
|
|
||||||
- mailbox_list_get_vname(_backend->list, name);
|
|
||||||
+ vname = mailbox_list_get_vname(_backend->list, name);
|
|
||||||
|
|
||||||
dir = acl_backend_vfile_get_local_dir(_backend, name, vname);
|
|
||||||
aclobj->local_path = dir == NULL ? NULL :
|
|
@ -1,353 +0,0 @@
|
|||||||
diff -up dovecot-2.3.16/configure.ac.keeplzma dovecot-2.3.16/configure.ac
|
|
||||||
--- dovecot-2.3.16/configure.ac.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
|
||||||
+++ dovecot-2.3.16/configure.ac 2022-02-28 13:58:02.337149927 +0100
|
|
||||||
@@ -173,7 +173,7 @@ AS_HELP_STRING([--with-bzlib], [Build wi
|
|
||||||
want_bzlib=auto)
|
|
||||||
|
|
||||||
AC_ARG_WITH(lzma,
|
|
||||||
-AS_HELP_STRING([--with-lzma], [Build with LZMA decompression support (auto)]),
|
|
||||||
+AS_HELP_STRING([--with-lzma], [Build with LZMA compression support (auto)]),
|
|
||||||
TEST_WITH(lzma, $withval),
|
|
||||||
want_lzma=auto)
|
|
||||||
|
|
||||||
diff -up dovecot-2.3.16/run-test-valgrind.supp.keeplzma dovecot-2.3.16/run-test-valgrind.supp
|
|
||||||
--- dovecot-2.3.16/run-test-valgrind.supp.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
|
||||||
+++ dovecot-2.3.16/run-test-valgrind.supp 2022-02-28 13:58:02.337149927 +0100
|
|
||||||
@@ -5,6 +5,17 @@
|
|
||||||
obj:*/bash
|
|
||||||
}
|
|
||||||
{
|
|
||||||
+ <liblzma>
|
|
||||||
+ Memcheck:Cond
|
|
||||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
|
||||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
|
||||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
|
||||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
|
||||||
+ obj:/lib/x86_64-linux-gnu/liblzma.so.5.*
|
|
||||||
+ fun:lzma_stream_encoder
|
|
||||||
+ fun:lzma_easy_encoder
|
|
||||||
+}
|
|
||||||
+{
|
|
||||||
<openssl_centos6_i386_v1_0_1_compression_methods>
|
|
||||||
Memcheck:Leak
|
|
||||||
fun:malloc
|
|
||||||
diff -up dovecot-2.3.16/src/lib-compression/compression.c.keeplzma dovecot-2.3.16/src/lib-compression/compression.c
|
|
||||||
--- dovecot-2.3.16/src/lib-compression/compression.c.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
|
||||||
+++ dovecot-2.3.16/src/lib-compression/compression.c 2022-02-28 14:22:32.467944396 +0100
|
|
||||||
@@ -25,6 +25,7 @@
|
|
||||||
#endif
|
|
||||||
#ifndef HAVE_LZMA
|
|
||||||
# define i_stream_create_lzma NULL
|
|
||||||
+# define o_stream_create_lzma NULL
|
|
||||||
#endif
|
|
||||||
#ifndef HAVE_LZ4
|
|
||||||
# define i_stream_create_lz4 NULL
|
|
||||||
@@ -216,7 +217,7 @@ const struct compression_handler compres
|
|
||||||
.ext = ".xz",
|
|
||||||
.is_compressed = is_compressed_xz,
|
|
||||||
.create_istream = i_stream_create_lzma,
|
|
||||||
- .create_ostream = NULL,
|
|
||||||
+ .create_ostream = o_stream_create_lzma,
|
|
||||||
.get_min_level = compression_get_min_level_unsupported,
|
|
||||||
.get_default_level = compression_get_default_level_unsupported,
|
|
||||||
.get_max_level = compression_get_max_level_unsupported,
|
|
||||||
diff -up dovecot-2.3.16/src/lib-compression/Makefile.am.keeplzma dovecot-2.3.16/src/lib-compression/Makefile.am
|
|
||||||
--- dovecot-2.3.16/src/lib-compression/Makefile.am.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
|
||||||
+++ dovecot-2.3.16/src/lib-compression/Makefile.am 2022-02-28 13:58:02.337149927 +0100
|
|
||||||
@@ -13,6 +13,7 @@ libcompression_la_SOURCES = \
|
|
||||||
istream-zlib.c \
|
|
||||||
istream-bzlib.c \
|
|
||||||
istream-zstd.c \
|
|
||||||
+ ostream-lzma.c \
|
|
||||||
ostream-lz4.c \
|
|
||||||
ostream-zlib.c \
|
|
||||||
ostream-bzlib.c \
|
|
||||||
diff -up dovecot-2.3.16/src/lib-compression/ostream-lzma.c.keeplzma dovecot-2.3.16/src/lib-compression/ostream-lzma.c
|
|
||||||
--- dovecot-2.3.16/src/lib-compression/ostream-lzma.c.keeplzma 2022-02-28 13:58:02.338149934 +0100
|
|
||||||
+++ dovecot-2.3.16/src/lib-compression/ostream-lzma.c 2022-02-28 13:58:02.338149934 +0100
|
|
||||||
@@ -0,0 +1,263 @@
|
|
||||||
+/* Copyright (c) 2010-2018 Dovecot authors, see the included COPYING file */
|
|
||||||
+
|
|
||||||
+#include "lib.h"
|
|
||||||
+
|
|
||||||
+#ifdef HAVE_LZMA
|
|
||||||
+
|
|
||||||
+#include "ostream-private.h"
|
|
||||||
+#include "ostream-zlib.h"
|
|
||||||
+#include <lzma.h>
|
|
||||||
+
|
|
||||||
+#define CHUNK_SIZE (1024*64)
|
|
||||||
+
|
|
||||||
+struct lzma_ostream {
|
|
||||||
+ struct ostream_private ostream;
|
|
||||||
+ lzma_stream strm;
|
|
||||||
+
|
|
||||||
+ unsigned char outbuf[CHUNK_SIZE];
|
|
||||||
+ unsigned int outbuf_offset, outbuf_used;
|
|
||||||
+
|
|
||||||
+ bool flushed:1;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static void o_stream_lzma_close(struct iostream_private *stream,
|
|
||||||
+ bool close_parent)
|
|
||||||
+{
|
|
||||||
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
|
|
||||||
+ i_assert(zstream->ostream.finished ||
|
|
||||||
+ zstream->ostream.ostream.stream_errno != 0 ||
|
|
||||||
+ zstream->ostream.error_handling_disabled);
|
|
||||||
+ lzma_end(&zstream->strm);
|
|
||||||
+ if (close_parent)
|
|
||||||
+ o_stream_close(zstream->ostream.parent);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int o_stream_zlib_send_outbuf(struct lzma_ostream *zstream)
|
|
||||||
+{
|
|
||||||
+ ssize_t ret;
|
|
||||||
+ size_t size;
|
|
||||||
+
|
|
||||||
+ if (zstream->outbuf_used == 0)
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
+ size = zstream->outbuf_used - zstream->outbuf_offset;
|
|
||||||
+ i_assert(size > 0);
|
|
||||||
+ ret = o_stream_send(zstream->ostream.parent,
|
|
||||||
+ zstream->outbuf + zstream->outbuf_offset, size);
|
|
||||||
+ if (ret < 0) {
|
|
||||||
+ o_stream_copy_error_from_parent(&zstream->ostream);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ if ((size_t)ret != size) {
|
|
||||||
+ zstream->outbuf_offset += ret;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ zstream->outbuf_offset = 0;
|
|
||||||
+ zstream->outbuf_used = 0;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static ssize_t
|
|
||||||
+o_stream_lzma_send_chunk(struct lzma_ostream *zstream,
|
|
||||||
+ const void *data, size_t size)
|
|
||||||
+{
|
|
||||||
+ lzma_stream *zs = &zstream->strm;
|
|
||||||
+ int ret;
|
|
||||||
+
|
|
||||||
+ i_assert(zstream->outbuf_used == 0);
|
|
||||||
+
|
|
||||||
+ zs->next_in = (void *)data;
|
|
||||||
+ zs->avail_in = size;
|
|
||||||
+ while (zs->avail_in > 0) {
|
|
||||||
+ if (zs->avail_out == 0) {
|
|
||||||
+ /* previous block was compressed. send it and start
|
|
||||||
+ compression for a new block. */
|
|
||||||
+ zs->next_out = zstream->outbuf;
|
|
||||||
+ zs->avail_out = sizeof(zstream->outbuf);
|
|
||||||
+
|
|
||||||
+ zstream->outbuf_used = sizeof(zstream->outbuf);
|
|
||||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) < 0)
|
|
||||||
+ return -1;
|
|
||||||
+ if (ret == 0) {
|
|
||||||
+ /* parent stream's buffer full */
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ret = lzma_code(zs, LZMA_RUN);
|
|
||||||
+ switch (ret) {
|
|
||||||
+ case LZMA_OK:
|
|
||||||
+ break;
|
|
||||||
+ case LZMA_MEM_ERROR:
|
|
||||||
+ i_fatal_status(FATAL_OUTOFMEM,
|
|
||||||
+ "lzma.write(%s): Out of memory",
|
|
||||||
+ o_stream_get_name(&zstream->ostream.ostream));
|
|
||||||
+ default:
|
|
||||||
+ i_panic("lzma.write(%s) failed with unexpected code %d",
|
|
||||||
+ o_stream_get_name(&zstream->ostream.ostream), ret);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ size -= zs->avail_in;
|
|
||||||
+
|
|
||||||
+ return size;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int o_stream_lzma_send_flush(struct lzma_ostream *zstream, bool final)
|
|
||||||
+{
|
|
||||||
+ lzma_stream *zs = &zstream->strm;
|
|
||||||
+ size_t len;
|
|
||||||
+ bool done = FALSE;
|
|
||||||
+ int ret;
|
|
||||||
+
|
|
||||||
+ i_assert(zs->avail_in == 0);
|
|
||||||
+
|
|
||||||
+ if (zstream->flushed) {
|
|
||||||
+ i_assert(zstream->outbuf_used == 0);
|
|
||||||
+ return 1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ((ret = o_stream_flush_parent_if_needed(&zstream->ostream)) <= 0)
|
|
||||||
+ return ret;
|
|
||||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0)
|
|
||||||
+ return ret;
|
|
||||||
+
|
|
||||||
+ if (!final)
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
+ i_assert(zstream->outbuf_used == 0);
|
|
||||||
+ do {
|
|
||||||
+ len = sizeof(zstream->outbuf) - zs->avail_out;
|
|
||||||
+ if (len != 0) {
|
|
||||||
+ zs->next_out = zstream->outbuf;
|
|
||||||
+ zs->avail_out = sizeof(zstream->outbuf);
|
|
||||||
+
|
|
||||||
+ zstream->outbuf_used = len;
|
|
||||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0)
|
|
||||||
+ return ret;
|
|
||||||
+ if (done)
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ ret = lzma_code(zs, LZMA_FINISH);
|
|
||||||
+ switch (ret) {
|
|
||||||
+ case LZMA_OK:
|
|
||||||
+ /* still unfinished - need to call lzma_code() again */
|
|
||||||
+ break;
|
|
||||||
+ case LZMA_STREAM_END:
|
|
||||||
+ /* output is fully finished */
|
|
||||||
+ done = TRUE;
|
|
||||||
+ break;
|
|
||||||
+ case LZMA_MEM_ERROR:
|
|
||||||
+ i_fatal_status(FATAL_OUTOFMEM,
|
|
||||||
+ "lzma.write(%s): Out of memory",
|
|
||||||
+ o_stream_get_name(&zstream->ostream.ostream));
|
|
||||||
+ default:
|
|
||||||
+ i_panic("lzma.write(%s) flush failed with unexpected code %d",
|
|
||||||
+ o_stream_get_name(&zstream->ostream.ostream), ret);
|
|
||||||
+ }
|
|
||||||
+ } while (zs->avail_out != sizeof(zstream->outbuf));
|
|
||||||
+
|
|
||||||
+ if (final)
|
|
||||||
+ zstream->flushed = TRUE;
|
|
||||||
+ i_assert(zstream->outbuf_used == 0);
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int o_stream_lzma_flush(struct ostream_private *stream)
|
|
||||||
+{
|
|
||||||
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
|
|
||||||
+ int ret;
|
|
||||||
+
|
|
||||||
+ if ((ret = o_stream_lzma_send_flush(zstream, stream->finished)) < 0)
|
|
||||||
+ return -1;
|
|
||||||
+ else if (ret > 0)
|
|
||||||
+ return o_stream_flush_parent(stream);
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static size_t
|
|
||||||
+o_stream_lzma_get_buffer_used_size(const struct ostream_private *stream)
|
|
||||||
+{
|
|
||||||
+ const struct lzma_ostream *zstream =
|
|
||||||
+ (const struct lzma_ostream *)stream;
|
|
||||||
+
|
|
||||||
+ /* outbuf has already compressed data that we're trying to send to the
|
|
||||||
+ parent stream. We're not including lzma's internal compression
|
|
||||||
+ buffer size. */
|
|
||||||
+ return (zstream->outbuf_used - zstream->outbuf_offset) +
|
|
||||||
+ o_stream_get_buffer_used_size(stream->parent);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static size_t
|
|
||||||
+o_stream_lzma_get_buffer_avail_size(const struct ostream_private *stream)
|
|
||||||
+{
|
|
||||||
+ /* FIXME: not correct - this is counting compressed size, which may be
|
|
||||||
+ too larger than uncompressed size in some situations. Fixing would
|
|
||||||
+ require some kind of additional buffering. */
|
|
||||||
+ return o_stream_get_buffer_avail_size(stream->parent);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static ssize_t
|
|
||||||
+o_stream_lzma_sendv(struct ostream_private *stream,
|
|
||||||
+ const struct const_iovec *iov, unsigned int iov_count)
|
|
||||||
+{
|
|
||||||
+ struct lzma_ostream *zstream = (struct lzma_ostream *)stream;
|
|
||||||
+ ssize_t ret, bytes = 0;
|
|
||||||
+ unsigned int i;
|
|
||||||
+
|
|
||||||
+ if ((ret = o_stream_zlib_send_outbuf(zstream)) <= 0) {
|
|
||||||
+ /* error / we still couldn't flush existing data to
|
|
||||||
+ parent stream. */
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < iov_count; i++) {
|
|
||||||
+ ret = o_stream_lzma_send_chunk(zstream, iov[i].iov_base,
|
|
||||||
+ iov[i].iov_len);
|
|
||||||
+ if (ret < 0)
|
|
||||||
+ return -1;
|
|
||||||
+ bytes += ret;
|
|
||||||
+ if ((size_t)ret != iov[i].iov_len)
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ stream->ostream.offset += bytes;
|
|
||||||
+
|
|
||||||
+ /* avail_in!=0 check is used to detect errors. if it's non-zero here
|
|
||||||
+ it simply means we didn't send all the data */
|
|
||||||
+ zstream->strm.avail_in = 0;
|
|
||||||
+ return bytes;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+struct ostream *o_stream_create_lzma(struct ostream *output, int level)
|
|
||||||
+{
|
|
||||||
+ struct lzma_ostream *zstream;
|
|
||||||
+ lzma_ret ret;
|
|
||||||
+
|
|
||||||
+ i_assert(level >= 1 && level <= 9);
|
|
||||||
+
|
|
||||||
+ zstream = i_new(struct lzma_ostream, 1);
|
|
||||||
+ zstream->ostream.sendv = o_stream_lzma_sendv;
|
|
||||||
+ zstream->ostream.flush = o_stream_lzma_flush;
|
|
||||||
+ zstream->ostream.get_buffer_used_size =
|
|
||||||
+ o_stream_lzma_get_buffer_used_size;
|
|
||||||
+ zstream->ostream.get_buffer_avail_size =
|
|
||||||
+ o_stream_lzma_get_buffer_avail_size;
|
|
||||||
+ zstream->ostream.iostream.close = o_stream_lzma_close;
|
|
||||||
+
|
|
||||||
+ ret = lzma_easy_encoder(&zstream->strm, level, LZMA_CHECK_CRC64);
|
|
||||||
+ switch (ret) {
|
|
||||||
+ case LZMA_OK:
|
|
||||||
+ break;
|
|
||||||
+ case LZMA_MEM_ERROR:
|
|
||||||
+ i_fatal_status(FATAL_OUTOFMEM, "lzma: Out of memory");
|
|
||||||
+ case LZMA_OPTIONS_ERROR:
|
|
||||||
+ i_fatal("lzma: Invalid level");
|
|
||||||
+ default:
|
|
||||||
+ i_fatal("lzma_easy_encoder() failed with %d", ret);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ zstream->strm.next_out = zstream->outbuf;
|
|
||||||
+ zstream->strm.avail_out = sizeof(zstream->outbuf);
|
|
||||||
+ return o_stream_create(&zstream->ostream, output,
|
|
||||||
+ o_stream_get_fd(output));
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
diff -up dovecot-2.3.16/src/lib-compression/ostream-zlib.h.keeplzma dovecot-2.3.16/src/lib-compression/ostream-zlib.h
|
|
||||||
--- dovecot-2.3.16/src/lib-compression/ostream-zlib.h.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
|
||||||
+++ dovecot-2.3.16/src/lib-compression/ostream-zlib.h 2022-02-28 13:58:02.338149934 +0100
|
|
||||||
@@ -4,6 +4,7 @@
|
|
||||||
struct ostream *o_stream_create_gz(struct ostream *output, int level);
|
|
||||||
struct ostream *o_stream_create_deflate(struct ostream *output, int level);
|
|
||||||
struct ostream *o_stream_create_bz2(struct ostream *output, int level);
|
|
||||||
+struct ostream *o_stream_create_lzma(struct ostream *output, int level);
|
|
||||||
struct ostream *o_stream_create_lz4(struct ostream *output, int level);
|
|
||||||
struct ostream *o_stream_create_zstd(struct ostream *output, int level);
|
|
||||||
|
|
||||||
diff -up dovecot-2.3.16/src/lib-compression/test-compression.c.keeplzma dovecot-2.3.16/src/lib-compression/test-compression.c
|
|
||||||
--- dovecot-2.3.16/src/lib-compression/test-compression.c.keeplzma 2021-08-06 11:25:51.000000000 +0200
|
|
||||||
+++ dovecot-2.3.16/src/lib-compression/test-compression.c 2022-02-28 13:58:02.338149934 +0100
|
|
||||||
@@ -730,7 +730,6 @@ static void test_compression_int(bool au
|
|
||||||
|
|
||||||
for (i = 0; compression_handlers[i].name != NULL; i++) {
|
|
||||||
if (compression_handlers[i].create_istream != NULL &&
|
|
||||||
- compression_handlers[i].create_ostream != NULL &&
|
|
||||||
(!autodetect ||
|
|
||||||
compression_handlers[i].is_compressed != NULL)) T_BEGIN {
|
|
||||||
if (compression_handlers[i].is_compressed != NULL &&
|
|
@ -1,7 +1,7 @@
|
|||||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
|
diff -up dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf
|
||||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
--- dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
|
||||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100
|
+++ dovecot-2.3.16/doc/example-config/conf.d/10-mail.conf 2021-10-27 11:13:45.666956339 +0200
|
||||||
@@ -165,7 +165,7 @@ namespace inbox {
|
@@ -175,7 +175,7 @@ namespace inbox {
|
||||||
# to make sure that users can't log in as daemons or other system users.
|
# to make sure that users can't log in as daemons or other system users.
|
||||||
# Note that denying root logins is hardcoded to dovecot binary and can't
|
# Note that denying root logins is hardcoded to dovecot binary and can't
|
||||||
# be done even if first_valid_uid is set to 0.
|
# be done even if first_valid_uid is set to 0.
|
||||||
@ -18,9 +18,9 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings
|
|||||||
|
|
||||||
# Maximum time to wait for lock (all of them) before aborting.
|
# Maximum time to wait for lock (all of them) before aborting.
|
||||||
#mbox_lock_timeout = 5 mins
|
#mbox_lock_timeout = 5 mins
|
||||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
|
diff -up dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf
|
||||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
--- dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf.default-settings 2021-08-06 11:25:51.000000000 +0200
|
||||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100
|
+++ dovecot-2.3.16/doc/example-config/conf.d/10-ssl.conf 2021-10-27 11:13:02.834533975 +0200
|
||||||
@@ -3,7 +3,9 @@
|
@@ -3,7 +3,9 @@
|
||||||
##
|
##
|
||||||
|
|
||||||
@ -32,7 +32,7 @@ diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings
|
|||||||
|
|
||||||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
||||||
# dropping root privileges, so keep the key file unreadable by anyone but
|
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||||
@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
|
@@ -64,6 +66,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
|
||||||
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||||
# To disable non-EC DH, use:
|
# To disable non-EC DH, use:
|
||||||
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
11
dovecot-2.1-privatetmp.patch
Normal file
11
dovecot-2.1-privatetmp.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up dovecot-2.2.19/dovecot.service.in.privatetmp dovecot-2.2.19/dovecot.service.in
|
||||||
|
--- dovecot-2.2.19/dovecot.service.in.privatetmp 2015-10-05 12:50:24.273780394 +0200
|
||||||
|
+++ dovecot-2.2.19/dovecot.service.in 2015-10-05 12:50:56.281621589 +0200
|
||||||
|
@@ -26,6 +26,7 @@ After=local-fs.target network.target
|
||||||
|
Type=simple
|
||||||
|
ExecStart=@sbindir@/dovecot -F $OPTIONS
|
||||||
|
ExecReload=@sbindir@/dovecot reload
|
||||||
|
+PrivateTmp=true
|
||||||
|
NonBlocking=yes
|
||||||
|
|
||||||
|
[Install]
|
27
dovecot-2.1.4-postreleasefix.patch
Normal file
27
dovecot-2.1.4-postreleasefix.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Timo Sirainen <tss@iki.fi>
|
||||||
|
# Date 1334041779 -10800
|
||||||
|
# Node ID 20e1aa322b1e3b7d47c7cb1b6ff68a8d07fe6c9d
|
||||||
|
# Parent 0b59dbb1a288153d2eb26d47cd9f7a953335c66f
|
||||||
|
lib-storage: mail_user_try_home_expand() now looks up home only when needed.
|
||||||
|
Before a recent code cleanup the lookup was always done, but if the home
|
||||||
|
didn't exist it still just happened to return success. The cleanup changed
|
||||||
|
it to return failure, which broke the original behavior.
|
||||||
|
|
||||||
|
diff -r 0b59dbb1a288 -r 20e1aa322b1e src/lib-storage/mail-user.c
|
||||||
|
--- a/src/lib-storage/mail-user.c Tue Apr 10 09:52:35 2012 +0300
|
||||||
|
+++ b/src/lib-storage/mail-user.c Tue Apr 10 10:09:39 2012 +0300
|
||||||
|
@@ -343,6 +343,11 @@
|
||||||
|
{
|
||||||
|
const char *home, *path = *pathp;
|
||||||
|
|
||||||
|
+ if (strncmp(path, "~/", 2) != 0) {
|
||||||
|
+ /* no need to expand home */
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (mail_user_get_home(user, &home) <= 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
|
||||||
|
|
450
dovecot-2.2-80ed82a93c1a.patch
Normal file
450
dovecot-2.2-80ed82a93c1a.patch
Normal file
@ -0,0 +1,450 @@
|
|||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Timo Sirainen <tss@iki.fi>
|
||||||
|
# Date 1416386277 -32400
|
||||||
|
# Node ID 80ed82a93c1af5f6885e75a34007eb52d0692a8d
|
||||||
|
# Parent 31262a892ba7302bfea6e70e17d3acd468736d70
|
||||||
|
mbox: Added more (and earlier) detection for errors in mbox istreams.
|
||||||
|
|
||||||
|
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/istream-raw-mbox.c
|
||||||
|
--- a/src/lib-storage/index/mbox/istream-raw-mbox.c Wed Nov 19 17:37:18 2014 +0900
|
||||||
|
+++ b/src/lib-storage/index/mbox/istream-raw-mbox.c Wed Nov 19 17:37:57 2014 +0900
|
||||||
|
@@ -506,7 +506,8 @@
|
||||||
|
return rstream->from_offset;
|
||||||
|
}
|
||||||
|
|
||||||
|
-uoff_t istream_raw_mbox_get_header_offset(struct istream *stream)
|
||||||
|
+int istream_raw_mbox_get_header_offset(struct istream *stream,
|
||||||
|
+ uoff_t *hdr_offset_r)
|
||||||
|
{
|
||||||
|
struct raw_mbox_istream *rstream =
|
||||||
|
(struct raw_mbox_istream *)stream->real_stream;
|
||||||
|
@@ -520,13 +521,17 @@
|
||||||
|
i_error("Unexpectedly lost From-line from mbox file %s at "
|
||||||
|
"%"PRIuUOFF_T, i_stream_get_name(stream),
|
||||||
|
rstream->from_offset);
|
||||||
|
- return (uoff_t)-1;
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
+ if (stream->stream_errno != 0)
|
||||||
|
+ return -1;
|
||||||
|
|
||||||
|
- return rstream->hdr_offset;
|
||||||
|
+ *hdr_offset_r = rstream->hdr_offset;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
-uoff_t istream_raw_mbox_get_body_offset(struct istream *stream)
|
||||||
|
+int istream_raw_mbox_get_body_offset(struct istream *stream,
|
||||||
|
+ uoff_t *body_offset_r)
|
||||||
|
{
|
||||||
|
struct raw_mbox_istream *rstream =
|
||||||
|
(struct raw_mbox_istream *)stream->real_stream;
|
||||||
|
@@ -534,8 +539,10 @@
|
||||||
|
|
||||||
|
i_assert(rstream->seeked);
|
||||||
|
|
||||||
|
- if (rstream->body_offset != (uoff_t)-1)
|
||||||
|
- return rstream->body_offset;
|
||||||
|
+ if (rstream->body_offset != (uoff_t)-1) {
|
||||||
|
+ *body_offset_r = rstream->body_offset;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
offset = stream->v_offset;
|
||||||
|
i_stream_seek(stream, rstream->hdr_offset);
|
||||||
|
@@ -551,27 +558,30 @@
|
||||||
|
} else {
|
||||||
|
i_assert(rstream->body_offset != (uoff_t)-1);
|
||||||
|
}
|
||||||
|
- break;
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
i_stream_seek(stream, offset);
|
||||||
|
- return rstream->body_offset;
|
||||||
|
+ *body_offset_r = rstream->body_offset;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
-uoff_t istream_raw_mbox_get_body_size(struct istream *stream,
|
||||||
|
- uoff_t expected_body_size)
|
||||||
|
+int istream_raw_mbox_get_body_size(struct istream *stream,
|
||||||
|
+ uoff_t expected_body_size,
|
||||||
|
+ uoff_t *body_size_r)
|
||||||
|
{
|
||||||
|
struct raw_mbox_istream *rstream =
|
||||||
|
(struct raw_mbox_istream *)stream->real_stream;
|
||||||
|
const unsigned char *data;
|
||||||
|
size_t size;
|
||||||
|
- uoff_t old_offset, body_size, next_body_offset;
|
||||||
|
+ uoff_t old_offset, body_offset, body_size, next_body_offset;
|
||||||
|
|
||||||
|
i_assert(rstream->seeked);
|
||||||
|
i_assert(rstream->hdr_offset != (uoff_t)-1);
|
||||||
|
|
||||||
|
- (void)istream_raw_mbox_get_body_offset(stream);
|
||||||
|
+ if (istream_raw_mbox_get_body_offset(stream, &body_offset) < 0)
|
||||||
|
+ return -1;
|
||||||
|
body_size = rstream->mail_size == (uoff_t)-1 ? (uoff_t)-1 :
|
||||||
|
rstream->mail_size - (rstream->body_offset -
|
||||||
|
rstream->hdr_offset);
|
||||||
|
@@ -580,8 +590,10 @@
|
||||||
|
/* if we already have the existing body size, use it as long as
|
||||||
|
it's >= expected body_size. otherwise the previous parsing
|
||||||
|
may have stopped at a From_-line that belongs to the body. */
|
||||||
|
- if (body_size != (uoff_t)-1 && body_size >= expected_body_size)
|
||||||
|
- return body_size;
|
||||||
|
+ if (body_size != (uoff_t)-1 && body_size >= expected_body_size) {
|
||||||
|
+ *body_size_r = body_size;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
next_body_offset = rstream->body_offset + expected_body_size;
|
||||||
|
/* If header_missing_eoh is set, the message body begins with
|
||||||
|
@@ -600,21 +612,27 @@
|
||||||
|
rstream->mail_size =
|
||||||
|
next_body_offset - rstream->hdr_offset;
|
||||||
|
i_stream_seek(stream, old_offset);
|
||||||
|
- return expected_body_size;
|
||||||
|
+ *body_size_r = expected_body_size;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
/* invalid expected_body_size */
|
||||||
|
}
|
||||||
|
- if (body_size != (uoff_t)-1)
|
||||||
|
- return body_size;
|
||||||
|
+ if (body_size != (uoff_t)-1) {
|
||||||
|
+ *body_size_r = body_size;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* have to read through the message body */
|
||||||
|
while (i_stream_read_data(stream, &data, &size, 0) > 0)
|
||||||
|
i_stream_skip(stream, size);
|
||||||
|
i_stream_seek(stream, old_offset);
|
||||||
|
+ if (stream->stream_errno != 0)
|
||||||
|
+ return -1;
|
||||||
|
|
||||||
|
i_assert(rstream->mail_size != (uoff_t)-1);
|
||||||
|
- return rstream->mail_size -
|
||||||
|
+ *body_size_r = rstream->mail_size -
|
||||||
|
(rstream->body_offset - rstream->hdr_offset);
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
time_t istream_raw_mbox_get_received_time(struct istream *stream)
|
||||||
|
@@ -651,13 +669,15 @@
|
||||||
|
return rstream->crlf_ending;
|
||||||
|
}
|
||||||
|
|
||||||
|
-void istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size)
|
||||||
|
+int istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size)
|
||||||
|
{
|
||||||
|
struct raw_mbox_istream *rstream =
|
||||||
|
(struct raw_mbox_istream *)stream->real_stream;
|
||||||
|
uoff_t body_size;
|
||||||
|
|
||||||
|
- body_size = istream_raw_mbox_get_body_size(stream, expected_body_size);
|
||||||
|
+ if (istream_raw_mbox_get_body_size(stream, expected_body_size,
|
||||||
|
+ &body_size) < 0)
|
||||||
|
+ return -1;
|
||||||
|
rstream->mail_size = (uoff_t)-1;
|
||||||
|
|
||||||
|
rstream->received_time = rstream->next_received_time;
|
||||||
|
@@ -678,6 +698,7 @@
|
||||||
|
|
||||||
|
rstream->eof = FALSE;
|
||||||
|
rstream->istream.istream.eof = FALSE;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int istream_raw_mbox_seek(struct istream *stream, uoff_t offset)
|
||||||
|
@@ -698,10 +719,8 @@
|
||||||
|
/* if seeked is FALSE, we unlocked in the middle. don't try to use
|
||||||
|
any cached state then. */
|
||||||
|
if (rstream->mail_size != (uoff_t)-1 && rstream->seeked &&
|
||||||
|
- rstream->hdr_offset + rstream->mail_size == offset) {
|
||||||
|
- istream_raw_mbox_next(stream, (uoff_t)-1);
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ rstream->hdr_offset + rstream->mail_size == offset)
|
||||||
|
+ return istream_raw_mbox_next(stream, (uoff_t)-1);
|
||||||
|
|
||||||
|
if (offset == rstream->from_offset && rstream->seeked) {
|
||||||
|
/* back to beginning of current message */
|
||||||
|
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/istream-raw-mbox.h
|
||||||
|
--- a/src/lib-storage/index/mbox/istream-raw-mbox.h Wed Nov 19 17:37:18 2014 +0900
|
||||||
|
+++ b/src/lib-storage/index/mbox/istream-raw-mbox.h Wed Nov 19 17:37:57 2014 +0900
|
||||||
|
@@ -9,15 +9,18 @@
|
||||||
|
/* Return offset to beginning of the "\nFrom"-line. */
|
||||||
|
uoff_t istream_raw_mbox_get_start_offset(struct istream *stream);
|
||||||
|
/* Return offset to beginning of the headers. */
|
||||||
|
-uoff_t istream_raw_mbox_get_header_offset(struct istream *stream);
|
||||||
|
+int istream_raw_mbox_get_header_offset(struct istream *stream,
|
||||||
|
+ uoff_t *hdr_offset_r);
|
||||||
|
/* Return offset to beginning of the body. */
|
||||||
|
-uoff_t istream_raw_mbox_get_body_offset(struct istream *stream);
|
||||||
|
+int istream_raw_mbox_get_body_offset(struct istream *stream,
|
||||||
|
+ uoff_t *body_offset_r);
|
||||||
|
|
||||||
|
/* Return the number of bytes in the body of this message. If
|
||||||
|
expected_body_size isn't (uoff_t)-1, we'll use it as potentially valid body
|
||||||
|
size to avoid actually reading through the whole message. */
|
||||||
|
-uoff_t istream_raw_mbox_get_body_size(struct istream *stream,
|
||||||
|
- uoff_t expected_body_size);
|
||||||
|
+int istream_raw_mbox_get_body_size(struct istream *stream,
|
||||||
|
+ uoff_t expected_body_size,
|
||||||
|
+ uoff_t *body_size_r);
|
||||||
|
|
||||||
|
/* Return received time of current message, or (time_t)-1 if the timestamp is
|
||||||
|
broken. */
|
||||||
|
@@ -30,7 +33,7 @@
|
||||||
|
|
||||||
|
/* Jump to next message. If expected_body_size isn't (uoff_t)-1, we'll use it
|
||||||
|
as potentially valid body size. */
|
||||||
|
-void istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size);
|
||||||
|
+int istream_raw_mbox_next(struct istream *stream, uoff_t expected_body_size);
|
||||||
|
|
||||||
|
/* Seek to message at given offset. offset must point to beginning of
|
||||||
|
"\nFrom ", or 0 for beginning of file. Returns -1 if it offset doesn't
|
||||||
|
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-mail.c
|
||||||
|
--- a/src/lib-storage/index/mbox/mbox-mail.c Wed Nov 19 17:37:18 2014 +0900
|
||||||
|
+++ b/src/lib-storage/index/mbox/mbox-mail.c Wed Nov 19 17:37:57 2014 +0900
|
||||||
|
@@ -304,10 +304,10 @@
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
/* our header size varies, so don't do any caching */
|
||||||
|
- body_offset = istream_raw_mbox_get_body_offset(mbox->mbox_stream);
|
||||||
|
- if (body_offset == (uoff_t)-1) {
|
||||||
|
+ if (istream_raw_mbox_get_body_offset(mbox->mbox_stream, &body_offset) < 0) {
|
||||||
|
mail_storage_set_critical(_mail->box->storage,
|
||||||
|
- "Couldn't get mbox size");
|
||||||
|
+ "mbox %s: Couldn't get body offset for uid=%u",
|
||||||
|
+ mailbox_get_path(&mbox->box), mail->mail.mail.uid);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -319,8 +319,13 @@
|
||||||
|
body_size = (uoff_t)-1;
|
||||||
|
|
||||||
|
/* verify that the calculated body size is correct */
|
||||||
|
- body_size = istream_raw_mbox_get_body_size(mbox->mbox_stream,
|
||||||
|
- body_size);
|
||||||
|
+ if (istream_raw_mbox_get_body_size(mbox->mbox_stream,
|
||||||
|
+ body_size, &body_size) < 0) {
|
||||||
|
+ mail_storage_set_critical(_mail->box->storage,
|
||||||
|
+ "mbox %s: Couldn't get body size for uid=%u",
|
||||||
|
+ mailbox_get_path(&mbox->box), mail->mail.mail.uid);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
data->physical_size = hdr_size.physical_size + body_size;
|
||||||
|
*size_r = data->physical_size;
|
||||||
|
@@ -352,7 +357,12 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
raw_stream = mbox->mbox_stream;
|
||||||
|
- hdr_offset = istream_raw_mbox_get_header_offset(raw_stream);
|
||||||
|
+ if (istream_raw_mbox_get_header_offset(raw_stream, &hdr_offset) < 0) {
|
||||||
|
+ mail_storage_set_critical(mbox->box.storage,
|
||||||
|
+ "mbox %s: Couldn't get header offset for uid=%u",
|
||||||
|
+ mailbox_get_path(&mbox->box), mail->mail.mail.uid);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
i_stream_seek(raw_stream, hdr_offset);
|
||||||
|
|
||||||
|
if (next_offset != (uoff_t)-1)
|
||||||
|
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-parse.c
|
||||||
|
--- a/src/lib-storage/index/mbox/mbox-sync-parse.c Wed Nov 19 17:37:18 2014 +0900
|
||||||
|
+++ b/src/lib-storage/index/mbox/mbox-sync-parse.c Wed Nov 19 17:37:57 2014 +0900
|
||||||
|
@@ -453,8 +453,8 @@
|
||||||
|
return strcasecmp(key, func->header);
|
||||||
|
}
|
||||||
|
|
||||||
|
-void mbox_sync_parse_next_mail(struct istream *input,
|
||||||
|
- struct mbox_sync_mail_context *ctx)
|
||||||
|
+int mbox_sync_parse_next_mail(struct istream *input,
|
||||||
|
+ struct mbox_sync_mail_context *ctx)
|
||||||
|
{
|
||||||
|
struct mbox_sync_context *sync_ctx = ctx->sync_ctx;
|
||||||
|
struct message_header_parser_ctx *hdr_ctx;
|
||||||
|
@@ -545,6 +545,12 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx->body_offset = input->v_offset;
|
||||||
|
+ if (input->stream_errno != 0) {
|
||||||
|
+ mbox_sync_set_critical(ctx->sync_ctx, "read(%s) failed: %s",
|
||||||
|
+ i_stream_get_name(input), i_stream_get_error(input));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool mbox_sync_parse_match_mail(struct mbox_mailbox *mbox,
|
||||||
|
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-private.h
|
||||||
|
--- a/src/lib-storage/index/mbox/mbox-sync-private.h Wed Nov 19 17:37:18 2014 +0900
|
||||||
|
+++ b/src/lib-storage/index/mbox/mbox-sync-private.h Wed Nov 19 17:37:57 2014 +0900
|
||||||
|
@@ -158,8 +158,8 @@
|
||||||
|
void mbox_sync_set_critical(struct mbox_sync_context *sync_ctx,
|
||||||
|
const char *fmt, ...) ATTR_FORMAT(2, 3);
|
||||||
|
|
||||||
|
-void mbox_sync_parse_next_mail(struct istream *input,
|
||||||
|
- struct mbox_sync_mail_context *ctx);
|
||||||
|
+int mbox_sync_parse_next_mail(struct istream *input,
|
||||||
|
+ struct mbox_sync_mail_context *ctx);
|
||||||
|
bool mbox_sync_parse_match_mail(struct mbox_mailbox *mbox,
|
||||||
|
struct mail_index_view *view, uint32_t seq);
|
||||||
|
|
||||||
|
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync-rewrite.c
|
||||||
|
--- a/src/lib-storage/index/mbox/mbox-sync-rewrite.c Wed Nov 19 17:37:18 2014 +0900
|
||||||
|
+++ b/src/lib-storage/index/mbox/mbox-sync-rewrite.c Wed Nov 19 17:37:57 2014 +0900
|
||||||
|
@@ -318,11 +318,11 @@
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static void mbox_sync_read_next(struct mbox_sync_context *sync_ctx,
|
||||||
|
- struct mbox_sync_mail_context *mail_ctx,
|
||||||
|
- struct mbox_sync_mail *mails,
|
||||||
|
- uint32_t seq, uint32_t idx,
|
||||||
|
- uoff_t expunged_space)
|
||||||
|
+static int mbox_sync_read_next(struct mbox_sync_context *sync_ctx,
|
||||||
|
+ struct mbox_sync_mail_context *mail_ctx,
|
||||||
|
+ struct mbox_sync_mail *mails,
|
||||||
|
+ uint32_t seq, uint32_t idx,
|
||||||
|
+ uoff_t expunged_space)
|
||||||
|
{
|
||||||
|
unsigned int first_mail_expunge_extra;
|
||||||
|
uint32_t orig_next_uid;
|
||||||
|
@@ -332,8 +332,12 @@
|
||||||
|
mail_ctx->seq = seq;
|
||||||
|
mail_ctx->header = sync_ctx->header;
|
||||||
|
|
||||||
|
- mail_ctx->mail.offset =
|
||||||
|
- istream_raw_mbox_get_header_offset(sync_ctx->input);
|
||||||
|
+ if (istream_raw_mbox_get_header_offset(sync_ctx->input,
|
||||||
|
+ &mail_ctx->mail.offset) < 0) {
|
||||||
|
+ mbox_sync_set_critical(sync_ctx,
|
||||||
|
+ "Couldn't get header offset for seq=%u", seq);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
mail_ctx->mail.body_size = mails[idx].body_size;
|
||||||
|
|
||||||
|
orig_next_uid = sync_ctx->next_uid;
|
||||||
|
@@ -361,7 +365,8 @@
|
||||||
|
mails[idx].from_offset += first_mail_expunge_extra;
|
||||||
|
}
|
||||||
|
|
||||||
|
- mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx);
|
||||||
|
+ if (mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx) < 0)
|
||||||
|
+ return -1;
|
||||||
|
i_assert(mail_ctx->mail.pseudo == mails[idx].pseudo);
|
||||||
|
|
||||||
|
/* set next_uid back before updating the headers. this is important
|
||||||
|
@@ -381,6 +386,7 @@
|
||||||
|
if (mail_ctx->have_eoh)
|
||||||
|
str_append_c(mail_ctx->header, '\n');
|
||||||
|
}
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int mbox_sync_read_and_move(struct mbox_sync_context *sync_ctx,
|
||||||
|
@@ -398,8 +404,9 @@
|
||||||
|
if (mbox_sync_seek(sync_ctx, mails[idx].from_offset) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
- mbox_sync_read_next(sync_ctx, &new_mail_ctx, mails, seq, idx,
|
||||||
|
- expunged_space);
|
||||||
|
+ if (mbox_sync_read_next(sync_ctx, &new_mail_ctx, mails, seq, idx,
|
||||||
|
+ expunged_space) < 0)
|
||||||
|
+ return -1;
|
||||||
|
mail_ctx = &new_mail_ctx;
|
||||||
|
} else {
|
||||||
|
i_assert(seq == mail_ctx->seq);
|
||||||
|
diff -r 31262a892ba7 -r 80ed82a93c1a src/lib-storage/index/mbox/mbox-sync.c
|
||||||
|
--- a/src/lib-storage/index/mbox/mbox-sync.c Wed Nov 19 17:37:18 2014 +0900
|
||||||
|
+++ b/src/lib-storage/index/mbox/mbox-sync.c Wed Nov 19 17:37:57 2014 +0900
|
||||||
|
@@ -131,8 +131,10 @@
|
||||||
|
mbox_sync_read_next_mail(struct mbox_sync_context *sync_ctx,
|
||||||
|
struct mbox_sync_mail_context *mail_ctx)
|
||||||
|
{
|
||||||
|
+ uoff_t offset;
|
||||||
|
+
|
||||||
|
/* get EOF */
|
||||||
|
- (void)istream_raw_mbox_get_header_offset(sync_ctx->input);
|
||||||
|
+ (void)istream_raw_mbox_get_header_offset(sync_ctx->input, &offset);
|
||||||
|
if (istream_raw_mbox_is_eof(sync_ctx->input))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
@@ -144,19 +146,27 @@
|
||||||
|
|
||||||
|
mail_ctx->mail.from_offset =
|
||||||
|
istream_raw_mbox_get_start_offset(sync_ctx->input);
|
||||||
|
- mail_ctx->mail.offset =
|
||||||
|
- istream_raw_mbox_get_header_offset(sync_ctx->input);
|
||||||
|
+ if (istream_raw_mbox_get_header_offset(sync_ctx->input, &mail_ctx->mail.offset) < 0) {
|
||||||
|
+ mbox_sync_set_critical(sync_ctx,
|
||||||
|
+ "Couldn't get header offset for seq=%u", mail_ctx->seq);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx);
|
||||||
|
+ if (mbox_sync_parse_next_mail(sync_ctx->input, mail_ctx) < 0)
|
||||||
|
+ return -1;
|
||||||
|
+ if (istream_raw_mbox_is_corrupted(sync_ctx->input))
|
||||||
|
+ return -1;
|
||||||
|
+
|
||||||
|
i_assert(sync_ctx->input->v_offset != mail_ctx->mail.from_offset ||
|
||||||
|
sync_ctx->input->eof);
|
||||||
|
|
||||||
|
- if (istream_raw_mbox_is_corrupted(sync_ctx->input))
|
||||||
|
+ if (istream_raw_mbox_get_body_size(sync_ctx->input,
|
||||||
|
+ mail_ctx->content_length,
|
||||||
|
+ &mail_ctx->mail.body_size) < 0) {
|
||||||
|
+ mbox_sync_set_critical(sync_ctx,
|
||||||
|
+ "Couldn't get body size for seq=%u", mail_ctx->seq);
|
||||||
|
return -1;
|
||||||
|
-
|
||||||
|
- mail_ctx->mail.body_size =
|
||||||
|
- istream_raw_mbox_get_body_size(sync_ctx->input,
|
||||||
|
- mail_ctx->content_length);
|
||||||
|
+ }
|
||||||
|
i_assert(mail_ctx->mail.body_size < OFF_T_MAX);
|
||||||
|
|
||||||
|
if ((mail_ctx->mail.flags & MAIL_RECENT) != 0 &&
|
||||||
|
@@ -810,7 +820,7 @@
|
||||||
|
mbox_sync_seek_to_seq(struct mbox_sync_context *sync_ctx, uint32_t seq)
|
||||||
|
{
|
||||||
|
struct mbox_mailbox *mbox = sync_ctx->mbox;
|
||||||
|
- uoff_t old_offset;
|
||||||
|
+ uoff_t old_offset, offset;
|
||||||
|
uint32_t uid;
|
||||||
|
int ret;
|
||||||
|
bool deleted;
|
||||||
|
@@ -864,7 +874,11 @@
|
||||||
|
|
||||||
|
sync_ctx->idx_seq = seq;
|
||||||
|
sync_ctx->dest_first_mail = sync_ctx->seq == 0;
|
||||||
|
- (void)istream_raw_mbox_get_body_offset(sync_ctx->input);
|
||||||
|
+ if (istream_raw_mbox_get_body_offset(sync_ctx->input, &offset) < 0) {
|
||||||
|
+ mbox_sync_set_critical(sync_ctx,
|
||||||
|
+ "Message body offset lookup failed");
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -1149,8 +1163,9 @@
|
||||||
|
sync_ctx->idx_seq++;
|
||||||
|
}
|
||||||
|
|
||||||
|
- istream_raw_mbox_next(sync_ctx->input,
|
||||||
|
- mail_ctx->mail.body_size);
|
||||||
|
+ if (istream_raw_mbox_next(sync_ctx->input,
|
||||||
|
+ mail_ctx->mail.body_size) < 0)
|
||||||
|
+ return -1;
|
||||||
|
offset = istream_raw_mbox_get_start_offset(sync_ctx->input);
|
||||||
|
|
||||||
|
if (sync_ctx->need_space_seq != 0) {
|
||||||
|
|
48
dovecot-2.3-ph_optglob.patch
Normal file
48
dovecot-2.3-ph_optglob.patch
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c
|
||||||
|
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2024-06-04 09:11:28.514189662 +0200
|
||||||
|
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2024-06-04 09:18:23.219809778 +0200
|
||||||
|
@@ -368,11 +368,13 @@ static bool opc_include_dump
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
sieve_code_descend(denv);
|
||||||
|
- sieve_code_dumpf(denv, "script: `%s' from %s %s%s[ID: %d, BLOCK: %d]",
|
||||||
|
+ sieve_code_dumpf(denv, "script: `%s' from %s %s%s%s[ID: %d, BLOCK: %d]",
|
||||||
|
sieve_script_name(included->script), sieve_script_location(included->script),
|
||||||
|
((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""),
|
||||||
|
((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""),
|
||||||
|
- include_id, sieve_binary_block_get_id(included->block));
|
||||||
|
+ (included->block == NULL ? "(missing) " : ""),
|
||||||
|
+ include_id,
|
||||||
|
+ (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block)));
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c
|
||||||
|
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2023-09-14 15:18:26.000000000 +0200
|
||||||
|
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2024-06-04 09:10:45.187823805 +0200
|
||||||
|
@@ -693,6 +693,25 @@ int ext_include_execute_include(const st
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx = ext_include_get_interpreter_context(this_ext, renv->interp);
|
||||||
|
+ if (included->block == NULL) {
|
||||||
|
+ if ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0) {
|
||||||
|
+ sieve_runtime_trace(
|
||||||
|
+ renv, SIEVE_TRLVL_NONE,
|
||||||
|
+ "include: skipped include for script '%s' "
|
||||||
|
+ "[inc id: %d, block: NULL]; optional and unavailable",
|
||||||
|
+ sieve_script_name(included->script),
|
||||||
|
+ include_id);
|
||||||
|
+ return result;
|
||||||
|
+ } else {
|
||||||
|
+ sieve_runtime_trace(
|
||||||
|
+ renv, SIEVE_TRLVL_NONE,
|
||||||
|
+ "include: unavailable script '%s' "
|
||||||
|
+ "[inc id: %d, block: NULL]",
|
||||||
|
+ sieve_script_name(included->script),
|
||||||
|
+ include_id);
|
||||||
|
+ return SIEVE_EXEC_BIN_CORRUPT;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
block_id = sieve_binary_block_get_id(included->block);
|
||||||
|
|
||||||
|
/* If :once modifier is specified, check for duplicate include */
|
12
dovecot-2.3-ph_scriptcmp.patch
Normal file
12
dovecot-2.3-ph_scriptcmp.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c
|
||||||
|
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 2024-06-03 13:35:24.408858593 +0200
|
||||||
|
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c 2024-06-03 13:35:24.434858849 +0200
|
||||||
|
@@ -800,7 +800,7 @@ static bool sieve_file_script_equals
|
||||||
|
(struct sieve_file_script *)other;
|
||||||
|
|
||||||
|
return ( CMP_DEV_T(fscript->st.st_dev, fother->st.st_dev) &&
|
||||||
|
- fscript->st.st_ino == fother->st.st_ino );
|
||||||
|
+ fscript->st.st_ino == fother->st.st_ino && (fscript->st.st_ino != 0 || script->location != NULL && other->location != NULL && strcmp(script->location, other->location) == 0));
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
34
dovecot-2.3.14-opensslv3.patch
Normal file
34
dovecot-2.3.14-opensslv3.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c
|
||||||
|
--- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 18:56:52.573174433 +0200
|
||||||
|
+++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 18:56:52.585174274 +0200
|
||||||
|
@@ -73,10 +73,30 @@
|
||||||
|
2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id
|
||||||
|
**/
|
||||||
|
|
||||||
|
+#if OPENSSL_VERSION_MAJOR == 3
|
||||||
|
+static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
|
||||||
|
+{
|
||||||
|
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||||
|
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||||
|
+ EC_KEY_free(eck);
|
||||||
|
+ return eck;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
|
||||||
|
+{
|
||||||
|
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||||
|
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||||
|
+ return eck;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3
|
||||||
|
+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
|
||||||
|
+#else
|
||||||
|
#ifndef HAVE_EVP_PKEY_get0
|
||||||
|
#define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
|
||||||
|
#define EVP_PKEY_get0_RSA(x) x->pkey.rsa
|
||||||
|
#endif
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#ifndef HAVE_OBJ_LENGTH
|
||||||
|
#define OBJ_length(o) ((o)->length)
|
24
dovecot-2.3.15-fixvalcond.patch
Normal file
24
dovecot-2.3.15-fixvalcond.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -up dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
|
||||||
|
--- dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200
|
||||||
|
+++ dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200
|
||||||
|
@@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream
|
||||||
|
{
|
||||||
|
struct sieve_dict_script *dscript =
|
||||||
|
(struct sieve_dict_script *)script;
|
||||||
|
- const char *path, *name = script->name, *data, *error;
|
||||||
|
+ const char *path, *name = script->name, *data, *error = NULL;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
dscript->data_pool =
|
||||||
|
diff -up dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.15/src/lib-storage/index/index-attribute.c
|
||||||
|
--- dovecot-2.3.15/src/lib-storage/index/index-attribute.c.fixvalcond 2021-06-14 15:40:37.000000000 +0200
|
||||||
|
+++ dovecot-2.3.15/src/lib-storage/index/index-attribute.c 2021-06-21 21:52:22.963171229 +0200
|
||||||
|
@@ -249,7 +249,7 @@ int index_storage_attribute_get(struct m
|
||||||
|
struct mail_attribute_value *value_r)
|
||||||
|
{
|
||||||
|
struct dict *dict;
|
||||||
|
- const char *mailbox_prefix, *error;
|
||||||
|
+ const char *mailbox_prefix, *error = NULL;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
i_zero(value_r);
|
20
dovecot-2.3.15-valbasherr.patch
Normal file
20
dovecot-2.3.15-valbasherr.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff -up dovecot-2.3.15/run-test-valgrind.supp.valbasherr dovecot-2.3.15/run-test-valgrind.supp
|
||||||
|
--- dovecot-2.3.15/run-test-valgrind.supp.valbasherr 2021-06-21 22:52:53.272707239 +0200
|
||||||
|
+++ dovecot-2.3.15/run-test-valgrind.supp 2021-06-21 22:54:19.786668430 +0200
|
||||||
|
@@ -1,4 +1,16 @@
|
||||||
|
{
|
||||||
|
+ <bashagin>
|
||||||
|
+ Memcheck:Leak
|
||||||
|
+ match-leak-kinds: definite
|
||||||
|
+ fun:malloc
|
||||||
|
+ fun:make_if_command
|
||||||
|
+ fun:yyparse
|
||||||
|
+ fun:parse_command
|
||||||
|
+ fun:read_command
|
||||||
|
+ fun:reader_loop
|
||||||
|
+ fun:main
|
||||||
|
+}
|
||||||
|
+{
|
||||||
|
<bash>
|
||||||
|
Memcheck:Leak
|
||||||
|
fun:malloc
|
20
dovecot-2.3.8-blockcount.patch
Normal file
20
dovecot-2.3.8-blockcount.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff -up dovecot-2.3.8/src/lib-storage/index/index-mail-binary.c.blockcount dovecot-2.3.8/src/lib-storage/index/index-mail-binary.c
|
||||||
|
--- dovecot-2.3.8/src/lib-storage/index/index-mail-binary.c.blockcount 2020-12-02 11:34:10.229027593 +0100
|
||||||
|
+++ dovecot-2.3.8/src/lib-storage/index/index-mail-binary.c 2020-12-02 11:36:47.328933276 +0100
|
||||||
|
@@ -339,13 +339,14 @@ blocks_count_lines(struct binary_ctx *ct
|
||||||
|
i_stream_skip(full_input, skip);
|
||||||
|
cur_block_offset += skip;
|
||||||
|
|
||||||
|
- if (cur_block->input->eof) {
|
||||||
|
+ if (i_stream_read_eof(cur_block->input)) {
|
||||||
|
/* go to the next block */
|
||||||
|
- if (++block_idx == block_count) {
|
||||||
|
+ if (block_idx+1 == block_count) {
|
||||||
|
i_assert(i_stream_read_eof(full_input));
|
||||||
|
ret = -1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
+ block_idx++;
|
||||||
|
cur_block++;
|
||||||
|
cur_block_offset = 0;
|
||||||
|
}
|
@ -1,26 +1,28 @@
|
|||||||
%global __provides_exclude_from %{_docdir}
|
%global __provides_exclude_from %{_docdir}
|
||||||
%global __requires_exclude_from %{_docdir}
|
%global __requires_exclude_from %{_docdir}
|
||||||
|
|
||||||
Summary: Secure imap and pop3 server
|
Summary: Secure imap and pop3 server
|
||||||
Name: dovecot
|
Name: dovecot
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.3.16
|
Version: 2.3.16
|
||||||
%global prever %{nil}
|
%global prever %{nil}
|
||||||
Release: 6%{?dist}
|
Release: 14%{?dist}
|
||||||
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
|
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
|
||||||
License: MIT and LGPLv2
|
License: MIT and LGPLv2
|
||||||
Group: System Environment/Daemons
|
|
||||||
|
|
||||||
URL: http://www.dovecot.org/
|
URL: https://www.dovecot.org/
|
||||||
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
Source: https://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
|
||||||
Source1: dovecot.init
|
Source1: dovecot.init
|
||||||
Source2: dovecot.pam
|
Source2: dovecot.pam
|
||||||
%global pigeonholever 0.5.16
|
%global pigeonholever 0.5.16
|
||||||
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
Source8: https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-%{pigeonholever}.tar.gz
|
||||||
Source9: dovecot.sysconfig
|
Source9: dovecot.sysconfig
|
||||||
Source10: dovecot.tmpfilesd
|
Source10: dovecot.tmpfilesd
|
||||||
|
|
||||||
#our own
|
#our own
|
||||||
Source14: dovecot.conf.5
|
Source14: dovecot.conf.5
|
||||||
|
Source15: prestartscript
|
||||||
|
Source16: dovecot.sysusers
|
||||||
|
|
||||||
# 3x Fedora/RHEL specific
|
# 3x Fedora/RHEL specific
|
||||||
Patch1: dovecot-2.0-defaultconfig.patch
|
Patch1: dovecot-2.0-defaultconfig.patch
|
||||||
@ -32,60 +34,69 @@ Patch6: dovecot-2.1.10-waitonline.patch
|
|||||||
|
|
||||||
Patch8: dovecot-2.2.20-initbysystemd.patch
|
Patch8: dovecot-2.2.20-initbysystemd.patch
|
||||||
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
|
Patch9: dovecot-2.2.22-systemd_w_protectsystem.patch
|
||||||
|
Patch15: dovecot-2.3.11-bigkey.patch
|
||||||
# sent upstream, rhbz#1630380
|
|
||||||
Patch11: dovecot-2.2.36-aclfix.patch
|
|
||||||
|
|
||||||
Patch13: dovecot-2.2.36-bigkey.patch
|
|
||||||
|
|
||||||
# do not use own implementation of HMAC, use OpenSSL for certification purposes
|
# do not use own implementation of HMAC, use OpenSSL for certification purposes
|
||||||
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
|
# not sent upstream as proper fix would use dovecot's lib-dcrypt but it introduces
|
||||||
# hard to break circular dependency between lib and lib-dcrypt
|
# hard to break circular dependency between lib and lib-dcrypt
|
||||||
Patch14: dovecot-2.3.6-opensslhmac.patch
|
Patch16: dovecot-2.3.6-opensslhmac.patch
|
||||||
|
|
||||||
# from upstream, for dovecot < 2.3.17, s390x FTBFS fix
|
Patch17: dovecot-2.3.14-opensslv3.patch
|
||||||
Patch15: dovecot-2.3.16-ftbfsbigend.patch
|
|
||||||
Patch16: dovecot-2.3.16-keeplzma.patch
|
# FTBFS
|
||||||
|
Patch18: dovecot-2.3.15-fixvalcond.patch
|
||||||
|
Patch19: dovecot-2.3.15-valbasherr.patch
|
||||||
|
Patch20: dovecot-2.3.16-ftbfsbigend.patch
|
||||||
|
|
||||||
# from upstream, for <= 2.3.19.1, rhbz#2106232
|
# from upstream, for <= 2.3.19.1, rhbz#2106232
|
||||||
Patch17: dovecot-2.3.19.1-7bad6a24.patch
|
Patch21: dovecot-2.3.19.1-7bad6a24.patch
|
||||||
|
|
||||||
# from upstream, for < 2.3.19.1, rhbz#2128857
|
# from upstream, for < 2.3.19.1, rhbz#2128857
|
||||||
Patch18: dovecot-2.3.18-9f300239..4596d399.patch
|
Patch22: dovecot-2.3.18-bdf447e4.patch
|
||||||
Patch19: dovecot-2.3.18-bdf447e4.patch
|
Patch23: dovecot-2.3.18-9f300239..4596d399.patch
|
||||||
|
|
||||||
# from upstream, for < 2.3.21, RHEL-22854
|
# from upstream, for < 2.3.21, RHEL-25434
|
||||||
Patch20: dovecot-2.3.16-d7705bc6.patch
|
Patch24: dovecot-2.3.16-d7705bc6.patch
|
||||||
|
|
||||||
# from upstream for < 2.3.21.1, RHEL-55206
|
# sent upstream, issue #RHEL-52541
|
||||||
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch
|
Patch25: dovecot-2.3-ph_optglob.patch
|
||||||
Patch21: dovecot-2.3.21.1-CVE-2024-23184.patch
|
Patch26: dovecot-2.3-ph_scriptcmp.patch
|
||||||
|
|
||||||
# from upstream for < 2.3.21.1, RHEL-55219
|
|
||||||
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
|
|
||||||
Patch22: dovecot-2.3.21.1-CVE-2024-23185.patch
|
|
||||||
|
|
||||||
# fix test failing due to too long path with all the mock path prefixes
|
# fix test failing due to too long path with all the mock path prefixes
|
||||||
Patch23: dovecot-2.3.21-test-socket-path.patch
|
Patch27: dovecot-2.3.21-test-socket-path.patch
|
||||||
|
|
||||||
Source15: prestartscript
|
# from upstream for < 2.3.21.1, RHEL-55212
|
||||||
|
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch
|
||||||
|
Patch28: dovecot-2.3.21.1-CVE-2024-23184.patch
|
||||||
|
|
||||||
BuildRequires: openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
|
# from upstream for < 2.3.21.1, RHEL-55224
|
||||||
|
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
|
||||||
|
Patch29: dovecot-2.3.21.1-CVE-2024-23185.patch
|
||||||
|
|
||||||
|
BuildRequires: gcc, gcc-c++, openssl-devel, pam-devel, zlib-devel, bzip2-devel, libcap-devel
|
||||||
BuildRequires: libtool, autoconf, automake, pkgconfig
|
BuildRequires: libtool, autoconf, automake, pkgconfig
|
||||||
BuildRequires: sqlite-devel
|
BuildRequires: sqlite-devel
|
||||||
BuildRequires: postgresql-devel
|
BuildRequires: libpq-devel
|
||||||
#BuildRequires: libpq-devel
|
|
||||||
BuildRequires: mariadb-connector-c-devel
|
BuildRequires: mariadb-connector-c-devel
|
||||||
#BuildRequires: libxcrypt-devel
|
BuildRequires: libxcrypt-devel
|
||||||
BuildRequires: openldap-devel
|
BuildRequires: openldap-devel
|
||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
BuildRequires: quota-devel
|
BuildRequires: quota-devel
|
||||||
|
BuildRequires: rpcgen
|
||||||
BuildRequires: xz-devel
|
BuildRequires: xz-devel
|
||||||
BuildRequires: lz4-devel
|
BuildRequires: lz4-devel
|
||||||
|
BuildRequires: libzstd-devel
|
||||||
|
%if %{?rhel}0 == 0
|
||||||
|
BuildRequires: libsodium-devel
|
||||||
|
%endif
|
||||||
|
BuildRequires: libicu-devel
|
||||||
|
BuildRequires: libexttextcat-devel
|
||||||
|
BuildRequires: libstemmer-devel
|
||||||
BuildRequires: multilib-rpm-config
|
BuildRequires: multilib-rpm-config
|
||||||
#BuildRequires: libsodium-devel
|
BuildRequires: flex, bison
|
||||||
#BuildRequires: libexttextcat-devel
|
BuildRequires: systemd-devel
|
||||||
#BuildRequires: libstemmer-devel
|
# for dovecot.sysusers
|
||||||
|
BuildRequires: systemd-rpm-macros
|
||||||
|
|
||||||
# gettext-devel is needed for running autoconf because of the
|
# gettext-devel is needed for running autoconf because of the
|
||||||
# presence of AM_ICONV
|
# presence of AM_ICONV
|
||||||
@ -96,33 +107,19 @@ Requires: openssl >= 0.9.7f-4
|
|||||||
|
|
||||||
# Package includes an initscript service file, needs to require initscripts package
|
# Package includes an initscript service file, needs to require initscripts package
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
||||||
Requires: systemd
|
Requires: systemd
|
||||||
Requires(post): systemd-units
|
Requires(post): systemd-units
|
||||||
Requires(preun): systemd-units
|
Requires(preun): systemd-units
|
||||||
Requires(postun): systemd-units
|
Requires(postun): systemd-units
|
||||||
%else
|
|
||||||
Requires: initscripts
|
|
||||||
Requires(post): chkconfig
|
|
||||||
Requires(preun): chkconfig initscripts
|
|
||||||
Requires(postun): initscripts
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{?fedora}0 > 150 || %{?rhel}0 >60
|
|
||||||
#clucene in fedora <=15 and rhel<=6 is too old
|
|
||||||
BuildRequires: clucene-core-devel
|
BuildRequires: clucene-core-devel
|
||||||
%endif
|
|
||||||
|
|
||||||
%global ssldir %{_sysconfdir}/pki/%{name}
|
%global ssldir %{_sysconfdir}/pki/%{name}
|
||||||
|
|
||||||
%if %{?fedora}00%{?rhel} < 6
|
|
||||||
%global _initddir %{_initrddir}
|
|
||||||
BuildRequires: curl-devel expat-devel
|
|
||||||
%else
|
|
||||||
BuildRequires: libcurl-devel expat-devel
|
BuildRequires: libcurl-devel expat-devel
|
||||||
%endif
|
BuildRequires: make
|
||||||
|
|
||||||
%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install
|
%global restart_flag /run/%{name}/%{name}-restart-after-rpm-install
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
|
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security
|
||||||
@ -134,7 +131,6 @@ The SQL drivers and authentication plug-ins are in their subpackages.
|
|||||||
%package pigeonhole
|
%package pigeonhole
|
||||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||||
Summary: Sieve and managesieve plug-in for dovecot
|
Summary: Sieve and managesieve plug-in for dovecot
|
||||||
Group: System Environment/Daemons
|
|
||||||
License: MIT and LGPLv2
|
License: MIT and LGPLv2
|
||||||
|
|
||||||
%description pigeonhole
|
%description pigeonhole
|
||||||
@ -143,48 +139,54 @@ This package provides sieve and managesieve plug-in for dovecot LDA.
|
|||||||
%package pgsql
|
%package pgsql
|
||||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||||
Summary: Postgres SQL back end for dovecot
|
Summary: Postgres SQL back end for dovecot
|
||||||
Group: System Environment/Daemons
|
|
||||||
%description pgsql
|
%description pgsql
|
||||||
This package provides the Postgres SQL back end for dovecot-auth etc.
|
This package provides the Postgres SQL back end for dovecot-auth etc.
|
||||||
|
|
||||||
%package mysql
|
%package mysql
|
||||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||||
Summary: MySQL back end for dovecot
|
Summary: MySQL back end for dovecot
|
||||||
Group: System Environment/Daemons
|
|
||||||
%description mysql
|
%description mysql
|
||||||
This package provides the MySQL back end for dovecot-auth etc.
|
This package provides the MySQL back end for dovecot-auth etc.
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||||
Summary: Development files for dovecot
|
Summary: Development files for dovecot
|
||||||
Group: Development/Libraries
|
|
||||||
%description devel
|
%description devel
|
||||||
This package provides the development files for dovecot.
|
This package provides the development files for dovecot.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{version}%{?prever} -a 8
|
%setup -q -n %{name}-%{version}%{?prever} -a 8
|
||||||
|
|
||||||
|
# standardize name, so we don't have to update patches and scripts
|
||||||
|
mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole
|
||||||
|
|
||||||
%patch -P 1 -p1 -b .default-settings
|
%patch -P 1 -p1 -b .default-settings
|
||||||
%patch -P 2 -p1 -b .mkcert-permissions
|
%patch -P 2 -p1 -b .mkcert-permissions
|
||||||
%patch -P 3 -p1 -b .mkcert-paths
|
%patch -P 3 -p1 -b .mkcert-paths
|
||||||
%patch -P 6 -p1 -b .waitonline
|
%patch -P 6 -p1 -b .waitonline
|
||||||
%patch -P 8 -p1 -b .initbysystemd
|
%patch -P 8 -p1 -b .initbysystemd
|
||||||
%patch -P 9 -p1 -b .systemd_w_protectsystem
|
%patch -P 9 -p1 -b .systemd_w_protectsystem
|
||||||
%patch -P 11 -p1 -b .aclfix
|
%patch -P 15 -p1 -b .bigkey
|
||||||
%patch -P 13 -p1 -b .bigkey
|
%patch -P 16 -p1 -b .opensslhmac
|
||||||
%patch -P 14 -p1 -b .opensslhmac
|
%patch -P 17 -p1 -b .opensslv3
|
||||||
%patch -P 15 -p1 -b .ftbfsbigend
|
%patch -P 18 -p1 -b .fixvalcond
|
||||||
%patch -P 16 -p1 -b .keeplzma
|
%patch -P 19 -p1 -b .valbasherr
|
||||||
%patch -P 17 -p1 -b .7bad6a24
|
%patch -P 20 -p1 -b .ftbfsbigend
|
||||||
%patch -P 19 -p1 -b .bdf447e4
|
%patch -P 21 -p1 -b .7bad6a24
|
||||||
%patch -P 20 -p1 -b .d7705bc6
|
%patch -P 22 -p1 -b .bdf447e4
|
||||||
%patch -P 21 -p1 -b .CVE-2024-23184
|
%patch -P 24 -p1 -b .d7705bc6
|
||||||
%patch -P 22 -p1 -b .CVE-2024-23185
|
%patch -P 25 -p1 -b .ph_optglob
|
||||||
%patch -P 23 -p1 -b .test-socket-path
|
%patch -P 26 -p1 -b .ph_scriptcmp
|
||||||
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
%patch -P 27 -p1 -b .test-socket-path
|
||||||
%patch -P 18 -p1 -b .9f300239..4596d399
|
%patch -P 28 -p1 -b .CVE-2024-23184
|
||||||
|
%patch -P 29 -p1 -b .CVE-2024-23185
|
||||||
|
cp run-test-valgrind.supp dovecot-pigeonhole/
|
||||||
|
# valgrind would fail with shell wrapper
|
||||||
|
echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude
|
||||||
|
|
||||||
|
pushd dovecot-pigeonhole
|
||||||
|
%patch -P 23 -p1 -b .9f300239..4596d399
|
||||||
popd
|
popd
|
||||||
|
|
||||||
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
|
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -192,11 +194,8 @@ sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src
|
|||||||
%global _hardened_build 1
|
%global _hardened_build 1
|
||||||
export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"
|
export CFLAGS="%{__global_cflags} -fno-strict-aliasing -fstack-reuse=none"
|
||||||
export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
|
export LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
|
||||||
# el6 autoconf too old to regen; use packaged files (#1082384)
|
|
||||||
%if %{?fedora}00%{?rhel} > 6
|
|
||||||
mkdir -p m4
|
mkdir -p m4
|
||||||
autoreconf -I . -fiv #required for aarch64 support
|
autoreconf -I . -fiv #required for aarch64 support
|
||||||
%endif
|
|
||||||
%configure \
|
%configure \
|
||||||
INSTALL_DATA="install -c -p -m644" \
|
INSTALL_DATA="install -c -p -m644" \
|
||||||
--with-rundir=%{_rundir}/%{name} \
|
--with-rundir=%{_rundir}/%{name} \
|
||||||
@ -214,20 +213,21 @@ autoreconf -I . -fiv #required for aarch64 support
|
|||||||
--with-mysql \
|
--with-mysql \
|
||||||
--with-sqlite \
|
--with-sqlite \
|
||||||
--with-zlib \
|
--with-zlib \
|
||||||
|
--with-zstd \
|
||||||
--with-libcap \
|
--with-libcap \
|
||||||
|
--with-icu \
|
||||||
--with-lucene \
|
--with-lucene \
|
||||||
--with-ssl=openssl \
|
--with-ssl=openssl \
|
||||||
--with-ssldir=%{ssldir} \
|
--with-ssldir=%{ssldir} \
|
||||||
--with-solr \
|
--with-solr \
|
||||||
--with-systemdsystemunitdir=%{_unitdir} \
|
--with-systemdsystemunitdir=%{_unitdir} \
|
||||||
--with-docs
|
--with-docs
|
||||||
|
|
||||||
sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf
|
sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf
|
||||||
|
|
||||||
make %{?_smp_mflags}
|
%make_build
|
||||||
|
|
||||||
#pigeonhole
|
#pigeonhole
|
||||||
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
pushd dovecot-pigeonhole
|
||||||
|
|
||||||
# required for snapshot
|
# required for snapshot
|
||||||
[ -f configure ] || autoreconf -fiv
|
[ -f configure ] || autoreconf -fiv
|
||||||
@ -239,13 +239,13 @@ pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
|||||||
--with-dovecot=../ \
|
--with-dovecot=../ \
|
||||||
--without-unfinished-features
|
--without-unfinished-features
|
||||||
|
|
||||||
make %{?_smp_mflags}
|
%make_build
|
||||||
popd
|
popd
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
%make_install
|
||||||
|
|
||||||
# move doc dir back to build dir so doc macro in files section can use it
|
# move doc dir back to build dir so doc macro in files section can use it
|
||||||
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall
|
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall
|
||||||
@ -253,18 +253,14 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/
|
|||||||
# fix multilib issues
|
# fix multilib issues
|
||||||
%multilib_fix_c_header --file %{_includedir}/dovecot/config.h
|
%multilib_fix_c_header --file %{_includedir}/dovecot/config.h
|
||||||
|
|
||||||
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
|
pushd dovecot-pigeonhole
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
%make_install
|
||||||
|
|
||||||
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
||||||
|
|
||||||
install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
|
||||||
popd
|
popd
|
||||||
|
|
||||||
%if %{?fedora}00%{?rhel} < 6
|
|
||||||
sed -i 's|password-auth|system-auth|' %{SOURCE2}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot
|
install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot
|
||||||
|
|
||||||
#install man pages
|
#install man pages
|
||||||
@ -273,6 +269,8 @@ install -p -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_mandir}/man5/dovecot.conf.5
|
|||||||
#install waitonline script
|
#install waitonline script
|
||||||
install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript
|
install -p -D -m 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/dovecot/prestartscript
|
||||||
|
|
||||||
|
install -p -D -m 0644 %{SOURCE16} $RPM_BUILD_ROOT%{_sysusersdir}/dovecot.sysusers
|
||||||
|
|
||||||
# generate ghost .pem files
|
# generate ghost .pem files
|
||||||
mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs
|
mkdir -p $RPM_BUILD_ROOT%{ssldir}/certs
|
||||||
mkdir -p $RPM_BUILD_ROOT%{ssldir}/private
|
mkdir -p $RPM_BUILD_ROOT%{ssldir}/private
|
||||||
@ -281,14 +279,9 @@ chmod 600 $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem
|
|||||||
touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
||||||
chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
|
||||||
|
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
||||||
install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf
|
install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf
|
||||||
%else
|
|
||||||
install -p -D -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initddir}/dovecot
|
|
||||||
install -p -D -m 600 %{SOURCE9} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/dovecot
|
|
||||||
%endif
|
|
||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login}
|
mkdir -p $RPM_BUILD_ROOT/run/dovecot/{login,empty,token-login}
|
||||||
|
|
||||||
# Install dovecot configuration and dovecot-openssl.cnf
|
# Install dovecot configuration and dovecot-openssl.cnf
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
|
||||||
@ -315,83 +308,74 @@ popd
|
|||||||
|
|
||||||
%pre
|
%pre
|
||||||
#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid
|
#dovecot uid and gid are reserved, see /usr/share/doc/setup-*/uidgid
|
||||||
getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot
|
%sysusers_create_compat %{SOURCE16}
|
||||||
getent passwd dovecot >/dev/null || \
|
|
||||||
useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot
|
|
||||||
|
|
||||||
getent group dovenull >/dev/null || groupadd -r dovenull
|
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
||||||
getent passwd dovenull >/dev/null || \
|
then
|
||||||
useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull
|
# during LEAPP upgrade, services are not running anyway
|
||||||
|
|
||||||
# do not let dovecot run during upgrade rhbz#134325
|
# do not let dovecot run during upgrade rhbz#134325
|
||||||
if [ "$1" = "2" ]; then
|
if [ "$1" = "2" ]; then
|
||||||
rm -f %restart_flag
|
rm -f %restart_flag
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
||||||
/bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:
|
/bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:
|
||||||
/bin/systemctl stop %{name}.service >/dev/null 2>&1
|
/bin/systemctl stop %{name}.service >/dev/null 2>&1
|
||||||
%else
|
fi
|
||||||
/sbin/service %{name} status >/dev/null 2>&1 && touch %restart_flag ||:
|
|
||||||
/sbin/service %{name} stop >/dev/null 2>&1
|
|
||||||
%endif
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%post
|
%post
|
||||||
if [ $1 -eq 1 ]
|
if [ $1 -eq 1 ]
|
||||||
then
|
then
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
||||||
%systemd_post dovecot.service
|
%systemd_post dovecot.service
|
||||||
%else
|
|
||||||
/sbin/chkconfig --add %{name}
|
|
||||||
%endif
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
install -d -m 0755 -g dovecot -d /var/run/dovecot
|
install -d -m 0755 -g dovecot -d /run/dovecot
|
||||||
install -d -m 0755 -d /var/run/dovecot/empty
|
install -d -m 0755 -d /run/dovecot/empty
|
||||||
install -d -m 0750 -g dovenull -d /var/run/dovecot/login
|
install -d -m 0750 -g dovenull -d /run/dovecot/login
|
||||||
install -d -m 0750 -g dovenull -d /var/run/dovecot/token-login
|
install -d -m 0750 -g dovenull -d /run/dovecot/token-login
|
||||||
[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot ||:
|
[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/dovecot ||:
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 = 0 ]; then
|
if [ $1 = 0 ]; then
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
||||||
/bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
/bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
||||||
/bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
/bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || :
|
||||||
%else
|
rm -rf /run/dovecot
|
||||||
/sbin/service %{name} stop > /dev/null 2>&1
|
|
||||||
/sbin/chkconfig --del %{name}
|
|
||||||
%endif
|
|
||||||
rm -rf /var/run/dovecot
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
||||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
then
|
||||||
%endif
|
# during LEAPP upgrade, services are not running anyway
|
||||||
|
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||||
|
|
||||||
if [ "$1" -ge "1" -a -e %restart_flag ]; then
|
if [ "$1" -ge "1" -a -e %restart_flag ]; then
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
||||||
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
||||||
%else
|
rm -f %restart_flag
|
||||||
/sbin/service %{name} start >/dev/null 2>&1 || :
|
fi
|
||||||
%endif
|
|
||||||
rm -f %restart_flag
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%posttrans
|
%posttrans
|
||||||
# dovecot should be started again in %%postun, but it's not executed on reinstall
|
|
||||||
# if it was already started, restart_flag won't be here, so it's ok to test it again
|
if [ -z "$LEAPP_IPU_IN_PROGRESS" ]
|
||||||
if [ -e %restart_flag ]; then
|
then
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
# during LEAPP upgrade, services are not running anyway
|
||||||
|
|
||||||
|
# dovecot should be started again in %%postun, but it's not executed on reinstall
|
||||||
|
# if it was already started, restart_flag won't be here, so it's ok to test it again
|
||||||
|
if [ -e %restart_flag ]; then
|
||||||
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
|
||||||
%else
|
rm -f %restart_flag
|
||||||
/sbin/service %{name} start >/dev/null 2>&1 || :
|
fi
|
||||||
%endif
|
|
||||||
rm -f %restart_flag
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%check
|
%check
|
||||||
|
# some time sensitive tests fail on aarch64, just log the result
|
||||||
|
%ifarch aarch64
|
||||||
|
make check ||:
|
||||||
|
%else
|
||||||
make check
|
make check
|
||||||
cd dovecot-2*3-pigeonhole-%{pigeonholever}
|
%endif
|
||||||
|
|
||||||
|
cd dovecot-pigeonhole
|
||||||
make check
|
make check
|
||||||
|
|
||||||
%files
|
%files
|
||||||
@ -404,15 +388,11 @@ make check
|
|||||||
%{_bindir}/dovecot-sysreport
|
%{_bindir}/dovecot-sysreport
|
||||||
|
|
||||||
|
|
||||||
%if %{?fedora}0 > 140 || %{?rhel}0 > 60
|
|
||||||
%_tmpfilesdir/dovecot.conf
|
%_tmpfilesdir/dovecot.conf
|
||||||
|
%{_sysusersdir}/dovecot.sysusers
|
||||||
%{_unitdir}/dovecot.service
|
%{_unitdir}/dovecot.service
|
||||||
%{_unitdir}/dovecot-init.service
|
%{_unitdir}/dovecot-init.service
|
||||||
%{_unitdir}/dovecot.socket
|
%{_unitdir}/dovecot.socket
|
||||||
%else
|
|
||||||
%{_initddir}/dovecot
|
|
||||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%dir %{_sysconfdir}/dovecot
|
%dir %{_sysconfdir}/dovecot
|
||||||
%dir %{_sysconfdir}/dovecot/conf.d
|
%dir %{_sysconfdir}/dovecot/conf.d
|
||||||
@ -483,10 +463,10 @@ make check
|
|||||||
%{_libexecdir}/%{name}
|
%{_libexecdir}/%{name}
|
||||||
%exclude %{_libexecdir}/%{name}/managesieve*
|
%exclude %{_libexecdir}/%{name}/managesieve*
|
||||||
|
|
||||||
%dir %attr(0755,root,dovecot) %ghost /var/run/dovecot
|
%dir %attr(0755,root,dovecot) %ghost /run/dovecot
|
||||||
%attr(0750,root,dovenull) %ghost /var/run/dovecot/login
|
%attr(0750,root,dovenull) %ghost /run/dovecot/login
|
||||||
%attr(0750,root,dovenull) %ghost /var/run/dovecot/token-login
|
%attr(0750,root,dovenull) %ghost /run/dovecot/token-login
|
||||||
%attr(0755,root,root) %ghost /var/run/dovecot/empty
|
%attr(0755,root,root) %ghost /run/dovecot/empty
|
||||||
|
|
||||||
%attr(0750,dovecot,dovecot) /var/lib/dovecot
|
%attr(0750,dovecot,dovecot) /var/lib/dovecot
|
||||||
|
|
||||||
@ -544,117 +524,263 @@ make check
|
|||||||
%{_libdir}/%{name}/dict/libdriver_pgsql.so
|
%{_libdir}/%{name}/dict/libdriver_pgsql.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-6
|
* Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-14
|
||||||
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219)
|
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55212)
|
||||||
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55206)
|
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55224)
|
||||||
|
|
||||||
* Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-5
|
* Mon Aug 05 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-13
|
||||||
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-22854)
|
- rebuild with updated tests
|
||||||
|
|
||||||
* Fri Aug 04 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
|
* Mon Aug 05 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-12
|
||||||
- fix leaking mailboxes if virtual mailbox can't be opened (#2128857)
|
- fix crash when user has sieve script that includes two missing scripts (RHEL-37160)
|
||||||
|
|
||||||
* Tue Jul 19 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
|
* Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-11
|
||||||
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106231)
|
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-25434)
|
||||||
|
|
||||||
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2
|
* Tue Aug 15 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-10
|
||||||
- do not disable xz/lzma for now despite being deprecated
|
- fix leaking mailboxes if virtual mailbox can't be opened (#2231408)
|
||||||
|
|
||||||
* Wed Dec 08 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
|
* Sat May 27 2023 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-9
|
||||||
|
- add buildrequire of rpcgen to enable rquota support(#2157045)
|
||||||
|
|
||||||
|
* Tue Sep 13 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-8
|
||||||
|
- do not run systemd commands during leapp upgrade (#2119385)
|
||||||
|
|
||||||
|
* Tue Jul 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-7
|
||||||
|
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106232)
|
||||||
|
|
||||||
|
* Wed Jul 06 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-6
|
||||||
|
- fix possible nonzero return value of postinst script(#2053368)
|
||||||
|
|
||||||
|
* Tue Jul 05 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-5
|
||||||
|
- workaround sysuers macro defficiency (#2095399)
|
||||||
|
|
||||||
|
* Tue Jul 05 2022 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-4
|
||||||
|
- use systemd-sysusers for user creation (#2095399)
|
||||||
|
|
||||||
|
* Wed Nov 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-3
|
||||||
|
- re-enable LTO build (#1990080)
|
||||||
|
|
||||||
|
* Wed Oct 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-2
|
||||||
|
- set first_valid_uid to 1000 to match system default (#2009716)
|
||||||
|
|
||||||
|
* Fri Aug 20 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-1
|
||||||
- dovecot updated to 2.3.16, pigeonhole to 0.5.16
|
- dovecot updated to 2.3.16, pigeonhole to 0.5.16
|
||||||
- fix CVE-2021-33515 plaintext commands injection (#1980014)
|
- fixes several regressions (#1997583)
|
||||||
|
|
||||||
* Wed Feb 03 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-9
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.15-2
|
||||||
- fix CVE-2020-24386 IMAP hibernation function allows mail access (#1913534)
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Tue Jan 12 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-8
|
* Wed Jul 21 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.15-1
|
||||||
- fix CVE-2020-25275 denial of service via mail MIME parsing (#1914019)
|
- dovecot updated to 2.3.15, pigeonhole updated to 0.5.15
|
||||||
|
- CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in
|
||||||
|
JWT tokens. This may be used to supply attacker controlled keys to
|
||||||
|
validate tokens, if attacker has local access (#1979833)
|
||||||
|
- CVE-2021-33515: On-path attacker could have injected plaintext commands
|
||||||
|
before STARTTLS negotiation that would be executed after STARTTLS
|
||||||
|
finished with the client
|
||||||
|
- Add TSLv1.3 support to min_protocols.
|
||||||
|
|
||||||
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-7
|
* Wed Jul 14 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-5
|
||||||
- change run directory from /var/run to /run (#1805947)
|
- fix mail storage block count parsing (#1974281)
|
||||||
|
|
||||||
* Wed Dec 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-6
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-4
|
||||||
- fix mail storage block count parsing (#1894418)
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
- MIME parser crashed when boundaries were wrong (#1888111)
|
Related: rhbz#1971065
|
||||||
|
|
||||||
* Mon Nov 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-5
|
* Fri Jun 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-3
|
||||||
- multilib compatibility (#1853137)
|
- compatibility with openssl 3.0 (#1962035)
|
||||||
|
|
||||||
* Fri Aug 07 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-4
|
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:2.3.14-2
|
||||||
- fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756)
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
- fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761)
|
|
||||||
- fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768)
|
|
||||||
|
|
||||||
* Mon Jun 01 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-3
|
* Mon Mar 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.14-1
|
||||||
- fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354)
|
- dovecot updated to 2.3.14, pigeonhole to 0.5.14
|
||||||
- fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines
|
- use OpenSSL's implementation of HMAC
|
||||||
leads to use-after-free (#1840357)
|
- Remove autocreate, expire, snarf and mail-filter plugins.
|
||||||
- fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart
|
- Remove cydir storage driver.
|
||||||
leads to DoS (#1840356)
|
- Remove XZ/LZMA write support. Read support will be removed in future release.
|
||||||
|
|
||||||
* Thu Jan 09 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-2
|
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 1:2.3.13-7
|
||||||
- fix default attributes for ghost files
|
- rebuild for libpq ABI fix rhbz#1908268
|
||||||
|
|
||||||
* Tue Nov 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
|
* Mon Feb 01 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-6
|
||||||
- dovecot updated to 2.3.8 with pigeonhole updated to 0.5.8 (#1653117)
|
- use make macros
|
||||||
|
|
||||||
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-10
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.13-5
|
||||||
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-4
|
||||||
|
- fix multilib issues
|
||||||
|
|
||||||
|
* Mon Jan 18 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-3
|
||||||
|
- bump release and rebuild
|
||||||
|
|
||||||
|
* Thu Jan 07 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-2
|
||||||
|
- fix rundir location
|
||||||
|
|
||||||
|
* Wed Jan 06 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-1
|
||||||
|
- fix release number
|
||||||
|
|
||||||
|
* Mon Jan 04 2021 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.13-0
|
||||||
|
- dovecot updated to 2.3.13, pigeonhole to 0.5.13
|
||||||
|
- CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
|
||||||
|
allow logged in user to access other people's emails and filesystem
|
||||||
|
information.
|
||||||
|
- Metric filter and global event filter variable syntax changed to a
|
||||||
|
SQL-like format.
|
||||||
|
- auth: Added new aliases for %{variables}. Usage of the old ones is
|
||||||
|
possible, but discouraged.
|
||||||
|
- auth: Removed RPA auth mechanism, SKEY auth mechanism, NTLM auth
|
||||||
|
mechanism and related password schemes.
|
||||||
|
- auth: Removed passdb-sia, passdb-vpopmail and userdb-vpopmail.
|
||||||
|
- auth: Removed postfix postmap socket
|
||||||
|
|
||||||
|
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-7
|
||||||
|
- change run directory from /var/run to /run (#1777922)
|
||||||
|
|
||||||
|
* Wed Oct 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-6
|
||||||
|
- use bigger default key size (#1882939)
|
||||||
|
|
||||||
|
* Wed Sep 02 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-5
|
||||||
|
- fix gssapi issue
|
||||||
|
|
||||||
|
* Wed Aug 26 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-4
|
||||||
|
- fix FTBFS on 32bit systems
|
||||||
|
|
||||||
|
* Mon Aug 17 2020 Jeff Law <law@redhat.com> - 1:2.3.11.3-2
|
||||||
|
- Disable LTO
|
||||||
|
|
||||||
|
* Sat Aug 15 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.11.3-1
|
||||||
|
- CVE-2020-12100: Parsing mails with a large number of MIME parts could
|
||||||
|
have resulted in excessive CPU usage or a crash due to running out of
|
||||||
|
stack memory.
|
||||||
|
- CVE-2020-12673: Dovecot's NTLM implementation does not correctly check
|
||||||
|
message buffer size, which leads to reading past allocation which can
|
||||||
|
lead to crash.
|
||||||
|
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
|
||||||
|
address that has the empty quoted string as local-part causes the lmtp
|
||||||
|
service to crash.
|
||||||
|
- CVE-2020-12674: Dovecot's RPA mechanism implementation accepts
|
||||||
|
zero-length message, which leads to assert-crash later on.
|
||||||
|
|
||||||
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-3
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.10.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon May 18 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10.1-1
|
||||||
|
- dovecot updated to 2.3.10.1
|
||||||
|
- fixes CVE-2020-10967, CVE-2020-10958, CVE-2020-10957
|
||||||
|
|
||||||
|
* Tue Apr 21 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.10-1
|
||||||
|
- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10
|
||||||
|
|
||||||
|
* Wed Feb 12 2020 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.3-1
|
||||||
|
- dovecot updated to 2.3.9.3
|
||||||
|
- fixes CVE-2020-7046: Truncated UTF-8 can be used to DoS
|
||||||
|
submission-login and lmtp processes.
|
||||||
|
- fixes CVE-2020-7957: Specially crafted mail can crash snippet generation.
|
||||||
|
|
||||||
|
|
||||||
|
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.9.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Dec 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9.2-1
|
||||||
|
- CVE-2019-19722: Mails with group addresses in From or To fields
|
||||||
|
caused crash in push notification drivers.
|
||||||
|
|
||||||
|
* Wed Dec 04 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.9-1
|
||||||
|
- dovecot updated to 2.3.9, pigeonhole updated to 0.5.9
|
||||||
|
|
||||||
|
* Thu Oct 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.8-1
|
||||||
|
- dovecot updated to 2.3.8, pigeonhole 0.5.8
|
||||||
|
|
||||||
|
* Thu Aug 29 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.7.2-1
|
||||||
|
- dovecot updated to 2.3.7.2, pigeonhole 0.5.7.2
|
||||||
|
- fixes CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
|
||||||
when scanning data in quoted strings, leading to out of bounds heap
|
when scanning data in quoted strings, leading to out of bounds heap
|
||||||
memory writes (#1741788)
|
memory writes
|
||||||
|
|
||||||
* Fri Aug 23 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-9
|
* Mon Aug 19 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:1-2.3.7.1
|
||||||
- reset errno before iterating through users (#1630410)
|
- dovecot updated to 2.3.7.1, pigeonhole updated to 0.5.7.1
|
||||||
|
|
||||||
* Mon Jun 17 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-8
|
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.6-4
|
||||||
- fix CVE-2019-3814: improper certificate validation (#1674370)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
* Fri Jun 14 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-7
|
* Fri May 31 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-3
|
||||||
- do not print error message when restorecon is not present
|
- disable gcc 9 stack reuse temporarily
|
||||||
during install (#1626395)
|
|
||||||
- change default config to use minimal UID = 1000 (#1630410)
|
|
||||||
|
|
||||||
* Mon Jun 10 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-6
|
* Mon May 13 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-2
|
||||||
- use OpenSSl implementation of HMAC, disable CRAM-MD5 when FIPS is enabled (#1618749)
|
- use /run instead of /var/run (#1706372)
|
||||||
|
|
||||||
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-5
|
* Thu May 02 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.6-1
|
||||||
- make key not that bigger (#1618714)
|
- dovecot updated to 2.3.6, pigeonhole updated to 0.5.6
|
||||||
|
|
||||||
* Tue Oct 16 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-4
|
* Thu Apr 18 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.2-1
|
||||||
- generated key was too small (#1618714)
|
- dovecot updated to 2.3.5.2
|
||||||
|
- fixes CVE-2019-10691: Trying to login with 8bit username containing
|
||||||
|
invalid UTF8 input causes auth process to crash if auth policy is enabled.
|
||||||
|
|
||||||
* Wed Sep 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-3
|
* Thu Mar 28 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5.1-1
|
||||||
- fix global ACL directory configuration search path (#1630383)
|
- dovecot updated to 2.3.5.1
|
||||||
- update first/last_valid_gid range patch (#1630410)
|
- CVE-2019-7524: Missing input buffer size validation leads into
|
||||||
|
arbitrary buffer overflow when reading fts or pop3 uidl header
|
||||||
|
from Dovecot index.
|
||||||
|
|
||||||
* Mon Jul 30 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-2
|
* Wed Mar 06 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.5-1
|
||||||
- fix defaut permissions of gost run files
|
- dovecot updated to 2.3.5, pigeonhole updated to 0.5.5
|
||||||
|
|
||||||
* Thu Jun 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.36-1
|
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.4-3
|
||||||
- dovecot updated to 2.2.36, pigeonhole to 0.4.24
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
* Thu May 24 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-3
|
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:2.3.4-2
|
||||||
- disable tcp_wrappers as it's not available in rhel8
|
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||||
|
|
||||||
* Thu Apr 19 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-2
|
* Wed Jan 09 2019 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.4-1
|
||||||
- include crypt.h explicitely
|
- dovecot updated to 2.3.4, pigeonhole updated to 0.5.4
|
||||||
|
|
||||||
* Wed Mar 21 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.35-1
|
* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.3-1
|
||||||
- dovecot updated to 2.2.35, pigeonhole updated to 0.4.23
|
- dovecot updated to 2.3.3, pigeonhole pdated to 0.5.3
|
||||||
|
- doveconf hides more secrets now in the default output
|
||||||
|
- NUL bytes in mail headers can cause truncated replies when fetched.
|
||||||
|
- virtual plugin: Some searches used 100% CPU for many seconds
|
||||||
|
- dsync assert-crashed with acl plugin in some situations.
|
||||||
|
- imapc: Fixed various assert-crashes when reconnecting to server.
|
||||||
|
|
||||||
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.2.34-1
|
|
||||||
- dovecot updated to 2.2.34, pigeonhole updated to 0.4.22
|
* Tue Oct 02 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-4
|
||||||
- fixes CVE-2017-15130: TLS SNI config lookups may lead to excessive
|
- fix dovecot-init service syntax error (#1635017)
|
||||||
memory usage, causing imap-login/pop3-login VSZ limit to be reached
|
|
||||||
and the process restarted. This happens only if Dovecot config has
|
* Mon Aug 13 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-3
|
||||||
local_name { } or local { } configuration blocks and attacker uses
|
- do not try to generate ssl-params as its obsolete (#1614640)
|
||||||
randomly generated SNI servernames.
|
|
||||||
- fixes CVE-2017-14461: Parsing invalid email addresses may cause a crash or
|
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.3.2.1-2
|
||||||
leak memory contents to attacker. For example, these memory contents
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
might contain parts of an email from another user if the same imap
|
|
||||||
process is reused for multiple users.
|
* Tue Jul 10 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2.1-1
|
||||||
- fixes CVE-2017-15132: Aborted SASL authentication leaks memory in login
|
- SSL/TLS servers may have crashed during client disconnection
|
||||||
process.
|
|
||||||
|
* Mon Jul 09 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.2-1
|
||||||
|
- dovecot updated to 2.3.2, pigeonhole to 0.5.2
|
||||||
|
|
||||||
|
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-2
|
||||||
|
- fix ftbfs - murmurhash3 check fail
|
||||||
|
|
||||||
|
* Wed Mar 28 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.1-1
|
||||||
|
- dovecot updated to 2.3.1, pigeonhole updated to 0.5.1
|
||||||
|
|
||||||
|
* Tue Mar 27 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-3
|
||||||
|
- use libxcrypt for Fedora >= 28, part of ftbfs fix (#1548520)
|
||||||
|
|
||||||
|
* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-2
|
||||||
|
- add gcc buildrequire
|
||||||
|
|
||||||
|
* Thu Mar 01 2018 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.0.1-1
|
||||||
|
- dovecot updated to 2.3.0.1, pigeonhole updated to 0.5.0.1
|
||||||
|
|
||||||
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.2.33.2-5
|
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1:2.2.33.2-5
|
||||||
- Escape macros in %%changelog
|
- Escape macros in %%changelog
|
9
dovecot.sysusers
Normal file
9
dovecot.sysusers
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
#Type Name ID GECOS Home directory Shell
|
||||||
|
g dovecot 97
|
||||||
|
u dovecot 97 "Dovecot IMAP server" /usr/libexec/dovecot /sbin/nologin
|
||||||
|
m dovecot dovecot
|
||||||
|
|
||||||
|
g dovenull -
|
||||||
|
u dovenull - "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
|
||||||
|
m dovenull dovenull
|
||||||
|
|
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-9
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||||
|
|
14
rpminspect.yaml
Normal file
14
rpminspect.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
runpath:
|
||||||
|
allowed_paths:
|
||||||
|
# dovecot only plugins
|
||||||
|
- /usr/lib/dovecot/old-stats
|
||||||
|
- /usr/lib64/dovecot/old-stats
|
||||||
|
badfuncs:
|
||||||
|
ignore:
|
||||||
|
# used: inet_aton in explicitely ipv4 code path
|
||||||
|
# gethostbyname as a debug mesage with fallback
|
||||||
|
# removed from next major version already
|
||||||
|
- /usr/lib/dovecot/libdovecot.so.0.0.0
|
||||||
|
- /usr/lib64/dovecot/libdovecot.so.0.0.0
|
||||||
|
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SHA512 (dovecot-2.3.16.tar.gz) = 31a9d352c7ead466d65ee0535b1fbd9138e35235f1ebfeedc4eef54cba450663c59708d162eaf0712af1c40f23526ac86aab2eece8cefde3edf690127472fd1e
|
||||||
|
SHA512 (dovecot-2.3-pigeonhole-0.5.16.tar.gz) = 880e00654eab85cc41b27ac470cce6011991e3cdb005642f495c2297fd9492bfb2b6b4ef63c88c2ac10bec870ad69b8bee6b11dd1bc5099e16c3cc2857312543
|
Loading…
Reference in New Issue
Block a user