diff options
Diffstat (limited to 'debian/patches')
23 files changed, 1249 insertions, 0 deletions
diff --git a/debian/patches/Avoid-usage-of-PATH_MAX-not-available-on-hurd.patch b/debian/patches/Avoid-usage-of-PATH_MAX-not-available-on-hurd.patch new file mode 100644 index 0000000..fdab706 --- /dev/null +++ b/debian/patches/Avoid-usage-of-PATH_MAX-not-available-on-hurd.patch @@ -0,0 +1,21 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Mon, 6 Jun 2022 15:29:38 +0200 +Subject: Avoid usage of PATH_MAX not available on hurd + +--- + src/lib/test-net.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/test-net.c b/src/lib/test-net.c +index fb19d5b..28398fe 100644 +--- a/src/lib/test-net.c ++++ b/src/lib/test-net.c +@@ -145,7 +145,7 @@ static void test_net_unix_long_paths(void) + + test_begin("net_*_unix() - long paths"); + +- char path[PATH_MAX]; ++ char path[4096]; + memset(path, 'x', sizeof(path)-1); + path[sizeof(path)-1] = '\0'; + diff --git a/debian/patches/Correct-misspellings.patch b/debian/patches/Correct-misspellings.patch new file mode 100644 index 0000000..5a01652 --- /dev/null +++ b/debian/patches/Correct-misspellings.patch @@ -0,0 +1,138 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Sun, 31 May 2020 00:55:07 +0200 +Subject: Correct misspellings + +Found by Lintian +--- + ChangeLog | 6 +++--- + NEWS | 2 +- + pigeonhole/src/lib-sieve/sieve-address.c | 2 +- + src/director/director-connection.c | 2 +- + src/lib-index/mail-index-transaction-finish.c | 2 +- + src/lib-index/mail-index.h | 2 +- + src/lib-index/mail-transaction-log-file.c | 2 +- + src/lib-storage/index/index-sync-pvt.c | 2 +- + 8 files changed, 10 insertions(+), 10 deletions(-) + +Index: dovecot/ChangeLog +=================================================================== +--- dovecot.orig/ChangeLog ++++ dovecot/ChangeLog +@@ -70625,7 +70625,7 @@ M src/lib-storage/index/index-mail.c + lib-index: Add mail_cache_close_mail() to smartly drop cached data with + INDEX=MEMORY + +- Instead of reseting the entire transaction buffer when 256 kB is reached, ++ Instead of resetting the entire transaction buffer when 256 kB is reached, + just drop mails have have been marked closed with mail_cache_close_mail(). + If that's not enough, continue deleting forcibly until the buffer is below + 256 kB. +@@ -90525,7 +90525,7 @@ M src/lib-storage/index/dbox-single/sdbo + + 2016-09-21 20:50:24 +0300 Timo Sirainen <timo.sirainen@dovecot.fi> (2e5e2047af) + +- login-proxy: Fixed "Host is down" never reseting itself. ++ login-proxy: Fixed "Host is down" never resetting itself. + + Broken by c8eb8314a, which moved adding num_waiting_connections earlier. + After that it was never 0 at the check time. +@@ -107467,7 +107467,7 @@ M src/login-common/ssl-proxy-openssl.c + + 2015-12-07 11:29:29 +0200 Timo Sirainen <tss@iki.fi> (975c2cdc1b) + +- doveadm: Fixed reseting getopt() with glibc when processing multiple ++ doveadm: Fixed resetting getopt() with glibc when processing multiple + commands in a single process. This means commands run with doveadm batch or + multiple commands in a single doveadm-server connection. + +Index: dovecot/NEWS +=================================================================== +--- dovecot.orig/NEWS ++++ dovecot/NEWS +@@ -2010,7 +2010,7 @@ v2.2.26 2016-10-27 Timo Sirainen <tss@i + - zlib, IMAP BINARY: Fixed internal caching when accessing multiple + newly created mails. They all had UID=0 and the next mail could have + wrongly used the previously cached mail. +- - doveadm stats reset wasn't reseting all the stats. ++ - doveadm stats reset wasn't resetting all the stats. + - auth_stats=yes: Don't update num_logins, since it doubles them when + using with mail stats. + - quota count: Fixed deadlocks when updating vsize header. +Index: dovecot/pigeonhole/src/lib-sieve/sieve-address.c +=================================================================== +--- dovecot.orig/pigeonhole/src/lib-sieve/sieve-address.c ++++ dovecot/pigeonhole/src/lib-sieve/sieve-address.c +@@ -449,7 +449,7 @@ parse_mailbox_address(struct sieve_messa + if (ctx->parser.data != ctx->parser.end) { + if (*ctx->parser.data == ',') { + sieve_address_error( +- ctx, "not a single addres (found ',')"); ++ ctx, "not a single address (found ',')"); + } else { + sieve_address_error( + ctx, "address ends in invalid characters"); +Index: dovecot/src/director/director-connection.c +=================================================================== +--- dovecot.orig/src/director/director-connection.c ++++ dovecot/src/director/director-connection.c +@@ -896,7 +896,7 @@ static bool director_cmd_director(struct + + /* already have this. just reset its last_network_failure + timestamp, since it might be up now, but only if this +- isn't part of the handshake. (if it was, reseting the ++ isn't part of the handshake. (if it was, resetting the + timestamp could cause us to rapidly keep trying to connect + to it) */ + if (conn->handshake_received) +Index: dovecot/src/lib-index/mail-index-transaction-finish.c +=================================================================== +--- dovecot.orig/src/lib-index/mail-index-transaction-finish.c ++++ dovecot/src/lib-index/mail-index-transaction-finish.c +@@ -53,7 +53,7 @@ ext_reset_update_atomic(struct mail_inde + + array_idx_set(&t->ext_reset_ids, ext_id, &reset_id); + +- /* reseting existing data is optional */ ++ /* resetting existing data is optional */ + if (array_is_created(&t->ext_resets)) { + reset = array_idx_modifiable(&t->ext_resets, ext_id); + if (reset->new_reset_id == (uint32_t)-1) +Index: dovecot/src/lib-index/mail-index.h +=================================================================== +--- dovecot.orig/src/lib-index/mail-index.h ++++ dovecot/src/lib-index/mail-index.h +@@ -384,7 +384,7 @@ void mail_index_set_lock_method(struct m + use the default. */ + void mail_index_set_optimization_settings(struct mail_index *index, + const struct mail_index_optimization_settings *set); +-/* When creating a new index file or reseting an existing one, add the given ++/* When creating a new index file or resetting an existing one, add the given + extension header data immediately to it. */ + void mail_index_set_ext_init_data(struct mail_index *index, uint32_t ext_id, + const void *data, size_t size); +Index: dovecot/src/lib-index/mail-transaction-log-file.c +=================================================================== +--- dovecot.orig/src/lib-index/mail-transaction-log-file.c ++++ dovecot/src/lib-index/mail-transaction-log-file.c +@@ -760,7 +760,7 @@ mail_transaction_log_file_create2(struct + return -1; + + if (reset) { +- /* don't reset modseqs. if we're reseting due to rebuilding ++ /* don't reset modseqs. if we're resetting due to rebuilding + indexes we'll probably want to keep uidvalidity and in such + cases we really don't want to shrink modseqs. */ + file->hdr.prev_file_seq = 0; +Index: dovecot/src/lib-storage/index/index-sync-pvt.c +=================================================================== +--- dovecot.orig/src/lib-storage/index/index-sync-pvt.c ++++ dovecot/src/lib-storage/index/index-sync-pvt.c +@@ -185,7 +185,7 @@ index_mailbox_sync_pvt_index(struct inde + } else { + /* mailbox created/recreated */ + reset = TRUE; +- i_info("Mailbox %s UIDVALIDITY changed (%u -> %u), reseting private index", ++ i_info("Mailbox %s UIDVALIDITY changed (%u -> %u), resetting private index", + ctx->box->vname, hdr_pvt->uid_validity, + hdr_shared->uid_validity); + } diff --git a/debian/patches/Debug-flaky-unit-test.patch b/debian/patches/Debug-flaky-unit-test.patch new file mode 100644 index 0000000..a30e596 --- /dev/null +++ b/debian/patches/Debug-flaky-unit-test.patch @@ -0,0 +1,65 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Mon, 6 Jun 2022 17:24:19 +0200 +Subject: Debug flaky unit test + +See #1007744 +--- + src/lib-smtp/test-smtp-server-errors.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/lib-smtp/test-smtp-server-errors.c b/src/lib-smtp/test-smtp-server-errors.c +index d3e528c..5240d30 100644 +--- a/src/lib-smtp/test-smtp-server-errors.c ++++ b/src/lib-smtp/test-smtp-server-errors.c +@@ -3712,13 +3712,14 @@ static void server_connection_accept(void *context ATTR_UNUSED) + + static void test_server_timeout(void *context ATTR_UNUSED) + { +- i_fatal("Server timed out"); ++ i_fatal("Server timed out [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + } + + static void test_server_run(const struct smtp_server_settings *smtp_set) + { + struct timeout *to; + ++ i_debug("Adding timeout to server [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + to = timeout_add(SERVER_MAX_TIMEOUT_MSECS, + test_server_timeout, NULL); + +@@ -3729,8 +3730,7 @@ static void test_server_run(const struct smtp_server_settings *smtp_set) + + io_loop_run(ioloop); + +- if (debug) +- i_debug("Server finished"); ++ i_debug("Server finished [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + + /* close server socket */ + io_remove(&io_listen); +@@ -3770,9 +3770,12 @@ static int test_run_client(struct test_client_data *data) + /* wait a little for server setup */ + i_sleep_msecs(100); + ++ i_debug("test_run_client: pre create [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + ioloop = io_loop_create(); ++ i_debug("test_run_client: post create [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + data->client_test(data->index); + io_loop_destroy(&ioloop); ++ i_debug("test_run_client: post destroy [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + + if (debug) + i_debug("Terminated"); +@@ -3794,9 +3797,12 @@ test_run_server(const struct smtp_server_settings *server_set, + i_zero(&server_callbacks); + + server_pending = client_tests_count; ++ i_debug("test_run_server: pre create [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + ioloop = io_loop_create(); ++ i_debug("test_run_server: post create [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + server_test(server_set); + io_loop_destroy(&ioloop); ++ i_debug("test_run_server: post destroy create [current_ioloop=%p ioloop=%p]", current_ioloop, ioloop); + + if (debug) + i_debug("Terminated"); diff --git a/debian/patches/Fix-32bit-sign-comparisons.patch b/debian/patches/Fix-32bit-sign-comparisons.patch new file mode 100644 index 0000000..4cf271e --- /dev/null +++ b/debian/patches/Fix-32bit-sign-comparisons.patch @@ -0,0 +1,25 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Mon, 4 Jan 2021 16:06:43 +0100 +Subject: Fix 32bit sign comparisons + +sieve-binary.c: In function 'sieve_binary_get_resource_usage': +sieve-binary.c:199:54: warning: comparison of integer expressions of different signedness: 'time_t' {aka 'long int'} and 'unsigned int' [-Wsign-compare] + 199 | if (update_time != 0 && (ioloop_time - update_time) > timeout) + | ^ +--- + pigeonhole/src/lib-sieve/sieve-binary.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pigeonhole/src/lib-sieve/sieve-binary.c b/pigeonhole/src/lib-sieve/sieve-binary.c +index 06cf598..c971921 100644 +--- a/pigeonhole/src/lib-sieve/sieve-binary.c ++++ b/pigeonhole/src/lib-sieve/sieve-binary.c +@@ -196,7 +196,7 @@ void sieve_binary_get_resource_usage(struct sieve_binary *sbin, + time_t update_time = header->resource_usage.update_time; + unsigned int timeout = sbin->svinst->resource_usage_timeout_secs; + +- if (update_time != 0 && (ioloop_time - update_time) > timeout) ++ if (update_time != 0 && (ioloop_time - update_time) > (time_t)timeout) + i_zero(&header->resource_usage); + + sieve_resource_usage_init(rusage_r); diff --git a/debian/patches/Fix-uninitialized-read-in-doveadm-oldstats.patch b/debian/patches/Fix-uninitialized-read-in-doveadm-oldstats.patch new file mode 100644 index 0000000..ff85b51 --- /dev/null +++ b/debian/patches/Fix-uninitialized-read-in-doveadm-oldstats.patch @@ -0,0 +1,33 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Sat, 23 Jul 2022 16:38:23 +0200 +Subject: Fix uninitialized read in doveadm-oldstats + +The third argument to doveadm_cmd_param_bool() is only set on a return +value of TRUE. +Since disk_input_field and disk_output_field should be set if the value +of show-disk-io is specified and specified to true, fix the condition. + + doveadm-oldstats.c: In function 'cmd_stats_top': + doveadm-oldstats.c:551:63: warning: 'b' may be used uninitialized [-Wmaybe-uninitialized] + 551 | if (!doveadm_cmd_param_bool(cctx, "show-disk-io", &b) && b) { + | ^ + doveadm-oldstats.c:545:14: note: 'b' was declared here + 545 | bool b; + | ^ +--- + src/doveadm/doveadm-oldstats.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/doveadm/doveadm-oldstats.c b/src/doveadm/doveadm-oldstats.c +index 4be575e..ff6dcf5 100644 +--- a/src/doveadm/doveadm-oldstats.c ++++ b/src/doveadm/doveadm-oldstats.c +@@ -548,7 +548,7 @@ static void cmd_stats_top(struct doveadm_cmd_context *cctx) + path = t_strconcat(doveadm_settings->base_dir, + "/old-stats", NULL); + } +- if (!doveadm_cmd_param_bool(cctx, "show-disk-io", &b) && b) { ++ if (doveadm_cmd_param_bool(cctx, "show-disk-io", &b) && b) { + disk_input_field = "read_bytes"; + disk_output_field = "write_bytes"; + } diff --git a/debian/patches/Improve-cross-compile-support.patch b/debian/patches/Improve-cross-compile-support.patch new file mode 100644 index 0000000..708336f --- /dev/null +++ b/debian/patches/Improve-cross-compile-support.patch @@ -0,0 +1,116 @@ +From: Helmut Grohne <helmut@subdivi.de> +Date: Tue, 5 Jan 2021 22:25:00 +0100 +Subject: Improve cross-compile support + +The check for the signedness of size_t really doesn't have to be run as +that is a compile time property. + +Beyond that, dovecot uses mysql_config. I've looked into that and +mysql_config is unfixably broken during cross builds. It will not be +fixed. Instead, please use pkg-config. My patch implements that with a +fallback to mysql_config to avoid breaking other users. + +Last but not least, src/lib-lua/Makefile.am adds $(LUA_LIBS) to +libdovecot_lua_la_DEPENDENCIES. As it happens, LUA_LIBS contains a -L +flag and when that flag shows up in a dependency, make gives up. I have +no clue why one would add LUA_LIBS to DEPENDENCIES as it already is +being correctly added to LIBADD. My patch suggests to quite simply drop +that. +--- + m4/want_mysql.m4 | 54 ++++++++++++++++++++++++------------------------- + src/lib-lua/Makefile.am | 4 +--- + 2 files changed, 27 insertions(+), 31 deletions(-) + +diff --git a/m4/want_mysql.m4 b/m4/want_mysql.m4 +index 98e6f93..425bcdd 100644 +--- a/m4/want_mysql.m4 ++++ b/m4/want_mysql.m4 +@@ -1,26 +1,28 @@ + AC_DEFUN([DOVECOT_WANT_MYSQL], [ + have_mysql=no +- if test $want_mysql != no; then +- AC_CHECK_PROG(MYSQL_CONFIG, mysql_config, mysql_config, NO) +- if test $MYSQL_CONFIG = NO; then +- # based on code from PHP +- MYSQL_LIBS="-lmysqlclient -lz -lm" +- for i in /usr /usr/local /usr/local/mysql; do +- for j in include include/mysql ""; do +- if test -r "$i/$j/mysql.h"; then +- MYSQL_INCLUDE="-I$i/$j" +- fi +- done +- for j in lib lib/mysql lib64 lib64/mysql ""; do +- if test -f "$i/$j/libmysqlclient.so" || test -f "$i/$j/libmysqlclient.a"; then +- MYSQL_LIBS="-L$i/$j -lmysqlclient -lz -lm" +- fi +- done +- done +- else +- MYSQL_INCLUDE="`$MYSQL_CONFIG --include`" +- MYSQL_LIBS="`$MYSQL_CONFIG --libs`" +- fi ++ AS_IF([test $want_mysql != no],[ ++ PKG_CHECK_MODULES([MYSQL],[mysqlclient],,[ ++ AC_CHECK_PROG(MYSQL_CONFIG, mysql_config, mysql_config, NO) ++ if test $MYSQL_CONFIG = NO; then ++ # based on code from PHP ++ MYSQL_LIBS="-lmysqlclient -lz -lm" ++ for i in /usr /usr/local /usr/local/mysql; do ++ for j in include include/mysql ""; do ++ if test -r "$i/$j/mysql.h"; then ++ MYSQL_CFLAGS="-I$i/$j" ++ fi ++ done ++ for j in lib lib/mysql lib64 lib64/mysql ""; do ++ if test -f "$i/$j/libmysqlclient.so" || test -f "$i/$j/libmysqlclient.a"; then ++ MYSQL_LIBS="-L$i/$j -lmysqlclient -lz -lm" ++ fi ++ done ++ done ++ else ++ MYSQL_CFLAGS="`$MYSQL_CONFIG --include`" ++ MYSQL_LIBS="`$MYSQL_CONFIG --libs`" ++ fi ++ ]) + + old_LIBS=$LIBS + if test "$MYSQL_LIBS" != ""; then +@@ -31,14 +33,10 @@ AC_DEFUN([DOVECOT_WANT_MYSQL], [ + LIBS="$LIBS -lz -lm" + AC_CHECK_LIB(mysqlclient, mysql_init, [ + old_CPPFLAGS=$CPPFLAGS +- if test "$MYSQL_INCLUDE" != ""; then +- CPPFLAGS="$CPPFLAGS $MYSQL_INCLUDE" ++ if test "$MYSQL_CFLAGS" != ""; then ++ CPPFLAGS="$CPPFLAGS $MYSQL_CFLAGS" + fi + AC_CHECK_HEADER(mysql.h, [ +- if test "$MYSQL_INCLUDE" != ""; then +- MYSQL_CFLAGS="$MYSQL_CFLAGS $MYSQL_INCLUDE" +- fi +- + AC_CHECK_LIB(mysqlclient, mysql_ssl_set, [ + AC_DEFINE(HAVE_MYSQL_SSL,, [Define if your MySQL library has SSL functions]) + if test "x$have_openssl" = "yes"; then +@@ -85,5 +83,5 @@ AC_DEFUN([DOVECOT_WANT_MYSQL], [ + MYSQL_CFLAGS= + fi + LIBS=$old_LIBS +- fi ++ ]) + ]) +diff --git a/src/lib-lua/Makefile.am b/src/lib-lua/Makefile.am +index 20ce311..7d44e89 100644 +--- a/src/lib-lua/Makefile.am ++++ b/src/lib-lua/Makefile.am +@@ -24,9 +24,7 @@ test_programs += test-dict-lua + endif + + # Note: the only things this lib should depend on are libdovecot and lua. +-libdovecot_lua_la_DEPENDENCIES = \ +- ../lib-dovecot/libdovecot.la \ +- $(LIBDICT_LUA) ++libdovecot_lua_la_DEPENDENCIES = ../lib-dovecot/libdovecot.la + libdovecot_lua_la_LIBADD = \ + ../lib-dovecot/libdovecot.la \ + $(LIBDICT_LUA) \ diff --git a/debian/patches/Silence-LTO-related-compiler-warning.patch b/debian/patches/Silence-LTO-related-compiler-warning.patch new file mode 100644 index 0000000..c674492 --- /dev/null +++ b/debian/patches/Silence-LTO-related-compiler-warning.patch @@ -0,0 +1,28 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Mon, 21 Jun 2021 15:59:02 +0200 +Subject: Silence LTO related compiler warning + +master-service-settings-cache.c: In function 'master_service_settings_cache_init_filter': +master-service-settings-cache.c:94:3: warning: 'error' may be used uninitialized in this function [-Wmaybe-uninitialized] + 94 | i_error("master-service: cannot get filters: %s", error); + | ^ +master-service-settings-cache.c:89:14: note: 'error' was declared here + 89 | const char *error; + | ^ +--- + src/lib-master/master-service-settings-cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib-master/master-service-settings-cache.c b/src/lib-master/master-service-settings-cache.c +index 11dd66b..d60f392 100644 +--- a/src/lib-master/master-service-settings-cache.c ++++ b/src/lib-master/master-service-settings-cache.c +@@ -86,7 +86,7 @@ master_service_settings_cache_init(struct master_service *service, + int master_service_settings_cache_init_filter(struct master_service_settings_cache *cache) + { + const char *const *filters; +- const char *error; ++ const char *error = NULL; + + if (cache->filters != NULL) + return 0; diff --git a/debian/patches/Support-openssl-3.0.patch b/debian/patches/Support-openssl-3.0.patch new file mode 100644 index 0000000..8f39a7d --- /dev/null +++ b/debian/patches/Support-openssl-3.0.patch @@ -0,0 +1,45 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Wed, 11 May 2022 20:27:53 +0200 +Author: Michal Hlavinka +Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1962035 +Subject: Support openssl 3.0 + +--- + src/lib-dcrypt/dcrypt-openssl.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c +index 1cbe352..5570d62 100644 +--- a/src/lib-dcrypt/dcrypt-openssl.c ++++ b/src/lib-dcrypt/dcrypt-openssl.c +@@ -73,10 +73,30 @@ + 2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id + **/ + ++#if OPENSSL_VERSION_MAJOR == 3 ++static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key) ++{ ++ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); ++ EVP_PKEY_set1_EC_KEY(key, eck); ++ EC_KEY_free(eck); ++ return eck; ++} ++ ++static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key) ++{ ++ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key); ++ EVP_PKEY_set1_EC_KEY(key, eck); ++ return eck; ++} ++ ++#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3 ++#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3 ++#else + #ifndef HAVE_EVP_PKEY_get0 + #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec + #define EVP_PKEY_get0_RSA(x) x->pkey.rsa + #endif ++#endif + + #ifndef HAVE_OBJ_LENGTH + #define OBJ_length(o) ((o)->length) diff --git a/debian/patches/auth-Add-a-comment-about-updating-userdb_find.patch b/debian/patches/auth-Add-a-comment-about-updating-userdb_find.patch new file mode 100644 index 0000000..70a405f --- /dev/null +++ b/debian/patches/auth-Add-a-comment-about-updating-userdb_find.patch @@ -0,0 +1,22 @@ +From: Timo Sirainen <timo.sirainen@open-xchange.com> +Date: Mon, 16 May 2022 14:58:45 +0200 +Subject: auth: Add a comment about updating userdb_find() + +--- + src/auth/userdb.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/auth/userdb.c b/src/auth/userdb.c +index 21751f9..c71a479 100644 +--- a/src/auth/userdb.c ++++ b/src/auth/userdb.c +@@ -158,7 +158,8 @@ userdb_preinit(pool_t pool, const struct auth_userdb_settings *set) + userdb->id = ++auth_userdb_id; + userdb->iface = iface; + userdb->args = p_strdup(pool, set->args); +- ++ /* NOTE: if anything else than driver & args are added here, ++ userdb_find() also needs to be updated. */ + array_push_back(&userdb_modules, &userdb); + return userdb; + } diff --git a/debian/patches/auth-Fix-handling-passdbs-with-identical-driver-args-but-.patch b/debian/patches/auth-Fix-handling-passdbs-with-identical-driver-args-but-.patch new file mode 100644 index 0000000..7f0dd36 --- /dev/null +++ b/debian/patches/auth-Fix-handling-passdbs-with-identical-driver-args-but-.patch @@ -0,0 +1,130 @@ +From: Timo Sirainen <timo.sirainen@open-xchange.com> +Date: Mon, 9 May 2022 15:23:33 +0300 +Subject: auth: Fix handling passdbs with identical driver/args but different + mechanisms/username_filter + +The passdb was wrongly deduplicated in this situation, causing wrong +mechanisms or username_filter setting to be used. This would be a rather +unlikely configuration though. + +Fixed by moving mechanisms and username_filter from struct passdb_module +to struct auth_passdb, which is where they should have been in the first +place. +--- + src/auth/auth-request.c | 6 +++--- + src/auth/auth.c | 18 ++++++++++++++++++ + src/auth/auth.h | 5 +++++ + src/auth/passdb.c | 15 ++------------- + src/auth/passdb.h | 4 ---- + 5 files changed, 28 insertions(+), 20 deletions(-) + +diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c +index ee89e75..cd44cd4 100644 +--- a/src/auth/auth-request.c ++++ b/src/auth/auth-request.c +@@ -553,8 +553,8 @@ auth_request_want_skip_passdb(struct auth_request *request, + struct auth_passdb *passdb) + { + /* if mechanism is not supported, skip */ +- const char *const *mechs = passdb->passdb->mechanisms; +- const char *const *username_filter = passdb->passdb->username_filter; ++ const char *const *mechs = passdb->mechanisms; ++ const char *const *username_filter = passdb->username_filter; + const char *username; + + username = request->fields.user; +@@ -567,7 +567,7 @@ auth_request_want_skip_passdb(struct auth_request *request, + return TRUE; + } + +- if (passdb->passdb->username_filter != NULL && ++ if (passdb->username_filter != NULL && + !auth_request_username_accepted(username_filter, username)) { + auth_request_log_debug(request, + request->mech != NULL ? AUTH_SUBSYS_MECH +diff --git a/src/auth/auth.c b/src/auth/auth.c +index 845c43c..a5a4c81 100644 +--- a/src/auth/auth.c ++++ b/src/auth/auth.c +@@ -93,6 +93,24 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *set, + auth_passdb->override_fields_tmpl = + passdb_template_build(auth->pool, set->override_fields); + ++ if (*set->mechanisms == '\0') { ++ auth_passdb->mechanisms = NULL; ++ } else if (strcasecmp(set->mechanisms, "none") == 0) { ++ auth_passdb->mechanisms = (const char *const[]){ NULL }; ++ } else { ++ auth_passdb->mechanisms = ++ (const char *const *)p_strsplit_spaces(auth->pool, ++ set->mechanisms, " ,"); ++ } ++ ++ if (*set->username_filter == '\0') { ++ auth_passdb->username_filter = NULL; ++ } else { ++ auth_passdb->username_filter = ++ (const char *const *)p_strsplit_spaces(auth->pool, ++ set->username_filter, " ,"); ++ } ++ + /* for backwards compatibility: */ + if (set->pass) + auth_passdb->result_success = AUTH_DB_RULE_CONTINUE; +diff --git a/src/auth/auth.h b/src/auth/auth.h +index 3ca5a9b..6208e4d 100644 +--- a/src/auth/auth.h ++++ b/src/auth/auth.h +@@ -41,6 +41,11 @@ struct auth_passdb { + struct passdb_template *default_fields_tmpl; + struct passdb_template *override_fields_tmpl; + ++ /* Supported authentication mechanisms, NULL is all, {NULL} is none */ ++ const char *const *mechanisms; ++ /* Username filter, NULL is no filter */ ++ const char *const *username_filter; ++ + enum auth_passdb_skip skip; + enum auth_db_rule result_success; + enum auth_db_rule result_failure; +diff --git a/src/auth/passdb.c b/src/auth/passdb.c +index 9bc2b87..d3c61cc 100644 +--- a/src/auth/passdb.c ++++ b/src/auth/passdb.c +@@ -224,19 +224,8 @@ passdb_preinit(pool_t pool, const struct auth_passdb_settings *set) + passdb->id = ++auth_passdb_id; + passdb->iface = *iface; + passdb->args = p_strdup(pool, set->args); +- if (*set->mechanisms == '\0') { +- passdb->mechanisms = NULL; +- } else if (strcasecmp(set->mechanisms, "none") == 0) { +- passdb->mechanisms = (const char *const[]){NULL}; +- } else { +- passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,"); +- } +- +- if (*set->username_filter == '\0') { +- passdb->username_filter = NULL; +- } else { +- passdb->username_filter = (const char* const*)p_strsplit_spaces(pool, set->username_filter, " ,"); +- } ++ /* NOTE: if anything else than driver & args are added here, ++ passdb_find() also needs to be updated. */ + array_push_back(&passdb_modules, &passdb); + return passdb; + } +diff --git a/src/auth/passdb.h b/src/auth/passdb.h +index b405aa7..8f50050 100644 +--- a/src/auth/passdb.h ++++ b/src/auth/passdb.h +@@ -63,10 +63,6 @@ struct passdb_module { + /* Default password scheme for this module. + If default_cache_key is set, must not be NULL. */ + const char *default_pass_scheme; +- /* Supported authentication mechanisms, NULL is all, [NULL] is none*/ +- const char *const *mechanisms; +- /* Username filter, NULL is no filter */ +- const char *const *username_filter; + + /* If blocking is set to TRUE, use child processes to access + this passdb. */ diff --git a/debian/patches/default-mail_location.patch b/debian/patches/default-mail_location.patch new file mode 100644 index 0000000..eb10c53 --- /dev/null +++ b/debian/patches/default-mail_location.patch @@ -0,0 +1,35 @@ +From: "Jaldhar H. Vyas" <jaldhar@debian.org> +Date: Fri, 16 Sep 2011 00:55:02 +0200 +Subject: default location for user mailboxes + +Bug: #623440 +Last-Update: 2017-09-20 + +Set a default for the case where a user has no mail so auto- +detection of mailboxes doesn't work. +--- + doc/example-config/conf.d/10-mail.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/example-config/conf.d/10-mail.conf b/doc/example-config/conf.d/10-mail.conf +index 24daa04..a69224f 100644 +--- a/doc/example-config/conf.d/10-mail.conf ++++ b/doc/example-config/conf.d/10-mail.conf +@@ -27,7 +27,7 @@ + # + # <doc/wiki/MailLocation.txt> + # +-#mail_location = ++mail_location = mbox:~/mail:INBOX=/var/mail/%u + + # If you need to set multiple mailbox locations or want to change default + # namespace settings, you can do it by defining namespace sections. +@@ -111,7 +111,7 @@ namespace inbox { + # Group to enable temporarily for privileged operations. Currently this is + # used only with INBOX when either its initial creation or dotlocking fails. + # Typically this is set to "mail" to give access to /var/mail. +-#mail_privileged_group = ++mail_privileged_group = mail + + # Grant access to these supplementary groups for mail processes. Typically + # these are used to set up access to shared mailboxes. Note that it may be diff --git a/debian/patches/doveadm-director.1-drop-acute-accent.patch b/debian/patches/doveadm-director.1-drop-acute-accent.patch new file mode 100644 index 0000000..36ff84f --- /dev/null +++ b/debian/patches/doveadm-director.1-drop-acute-accent.patch @@ -0,0 +1,46 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Fri, 14 Aug 2020 12:50:51 +0200 +Subject: doveadm-director.1: drop acute accent + +Found by Lintian: + + This manual page uses the \' groff sequence. Usually, the intent to + generate an apostrophe, but that sequence actually renders as a an acute + accent. + + For an apostrophe or a single closing quote, use plain '. For single + opening quote, i.e. a straight downward line ' like the one used in + shell commands, use \(aq. +--- + doc/man/doveadm-director.1.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/doc/man/doveadm-director.1.in b/doc/man/doveadm-director.1.in +index 2a2c688..4b1855f 100644 +--- a/doc/man/doveadm-director.1.in ++++ b/doc/man/doveadm-director.1.in +@@ -108,7 +108,7 @@ hosts. All the existing connections will be kicked. If + is specified, a flush script is also automatically executed. + .PP + Because the kicking and moving of users to new backends creates a temporary +-load spike, all the users aren\'t moved at once. The ++load spike, all the users aren't moved at once. The + .B \-\-max\-parallel + parameter specifies how many users can be moved concurrently. + The default is 100. +@@ -116,7 +116,7 @@ The default is 100. + If the + .B \-F + parameter is used, the user associations are simply dropped. Existing +-connections won\'t be kicked and flush scripts aren\'t run. ++connections won't be kicked and flush scripts aren't run. + .\"------------------------------------- + .SS director kick + .B doveadm director kick +@@ -280,4 +280,4 @@ user would be redirected to 192.168.10.3. + @INCLUDE:reporting-bugs@ + .\"------------------------------------------------------------------------ + .SH SEE ALSO +-.BR doveadm (1) +\ No newline at end of file ++.BR doveadm (1) diff --git a/debian/patches/dovecot_name.patch b/debian/patches/dovecot_name.patch new file mode 100644 index 0000000..d9d6ebf --- /dev/null +++ b/debian/patches/dovecot_name.patch @@ -0,0 +1,121 @@ +From: "Jaldhar H. Vyas" <jaldhar@debian.org> +Date: Sat, 7 Sep 2013 01:16:14 -0400 +Subject: Update Dovecot name to include Distribution in login greeting + message + +This patch was found at: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-server-app-banner-updates +and originally provided by Ubuntu for their 2.1.7 package. The original +author is Yolanda Robla <yolanda.robla@canonical.com>. I updated it +for Debian's 2.2.5 package. + +Last-Update: 2020-05-23 +--- + configure.ac | 7 ++++++- + src/config/all-settings.c | 6 +++--- + src/lib-smtp/smtp-server.c | 2 +- + src/lmtp/lmtp-settings.c | 2 +- + src/login-common/login-settings.c | 2 +- + src/submission/submission-settings.c | 2 +- + 6 files changed, 13 insertions(+), 8 deletions(-) + +Index: dovecot/configure.ac +=================================================================== +--- dovecot.orig/configure.ac ++++ dovecot/configure.ac +@@ -287,7 +287,12 @@ AM_ICONV + # SIZE_MAX is missing without this + CXXFLAGS="$CXXFLAGS -D__STDC_LIMIT_MACROS" + +-AC_DEFINE_UNQUOTED(DOVECOT_NAME, "$PACKAGE_NAME", [Dovecot name]) ++if test -x /usr/bin/lsb_release && lsb_release -si; then ++ DOVECOT_DISTRIBUTION=" ($(lsb_release -si))" ++else ++ DOVECOT_DISTRIBUTION="" ++fi ++AC_DEFINE_UNQUOTED(DOVECOT_NAME, "$PACKAGE_NAME$DOVECOT_DISTRIBUTION", [Dovecot name]) + AC_DEFINE_UNQUOTED(DOVECOT_STRING, "$PACKAGE_STRING", [Dovecot string]) + AC_DEFINE_UNQUOTED(DOVECOT_VERSION, "$PACKAGE_VERSION", [Dovecot version]) + +Index: dovecot/src/config/all-settings.c +=================================================================== +--- dovecot.orig/src/config/all-settings.c ++++ dovecot/src/config/all-settings.c +@@ -2320,7 +2320,7 @@ static const struct submission_settings + + .hostname = "", + +- .login_greeting = PACKAGE_NAME" ready.", ++ .login_greeting = DOVECOT_NAME" ready.", + .login_trusted_networks = "", + + .recipient_delimiter = "+", +@@ -4182,7 +4182,7 @@ static const struct setting_define login + static const struct login_settings login_default_settings = { + .login_trusted_networks = "", + .login_source_ips = "", +- .login_greeting = PACKAGE_NAME" ready.", ++ .login_greeting = DOVECOT_NAME" ready.", + .login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>", + .login_log_format = "%$: %s", + .login_access_sockets = "", +@@ -4396,7 +4396,7 @@ static const struct lmtp_settings lmtp_d + + .lmtp_client_workarounds = "", + +- .login_greeting = PACKAGE_NAME" ready.", ++ .login_greeting = DOVECOT_NAME" ready.", + .login_trusted_networks = "", + + .mail_plugins = "", +Index: dovecot/src/lib-smtp/smtp-server.c +=================================================================== +--- dovecot.orig/src/lib-smtp/smtp-server.c ++++ dovecot/src/lib-smtp/smtp-server.c +@@ -49,7 +49,7 @@ struct smtp_server *smtp_server_init(con + if (set->login_greeting != NULL && *set->login_greeting != '\0') + server->set.login_greeting = p_strdup(pool, set->login_greeting); + else +- server->set.login_greeting = PACKAGE_NAME" ready."; ++ server->set.login_greeting = DOVECOT_NAME" ready."; + if (set->capabilities == 0) { + server->set.capabilities = SMTP_SERVER_DEFAULT_CAPABILITIES; + } else { +Index: dovecot/src/lmtp/lmtp-settings.c +=================================================================== +--- dovecot.orig/src/lmtp/lmtp-settings.c ++++ dovecot/src/lmtp/lmtp-settings.c +@@ -93,7 +93,7 @@ static const struct lmtp_settings lmtp_d + + .lmtp_client_workarounds = "", + +- .login_greeting = PACKAGE_NAME" ready.", ++ .login_greeting = DOVECOT_NAME" ready.", + .login_trusted_networks = "", + + .mail_plugins = "", +Index: dovecot/src/login-common/login-settings.c +=================================================================== +--- dovecot.orig/src/login-common/login-settings.c ++++ dovecot/src/login-common/login-settings.c +@@ -51,7 +51,7 @@ static const struct setting_define login + static const struct login_settings login_default_settings = { + .login_trusted_networks = "", + .login_source_ips = "", +- .login_greeting = PACKAGE_NAME" ready.", ++ .login_greeting = DOVECOT_NAME" ready.", + .login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>", + .login_log_format = "%$: %s", + .login_access_sockets = "", +Index: dovecot/src/submission/submission-settings.c +=================================================================== +--- dovecot.orig/src/submission/submission-settings.c ++++ dovecot/src/submission/submission-settings.c +@@ -103,7 +103,7 @@ static const struct submission_settings + + .hostname = "", + +- .login_greeting = PACKAGE_NAME" ready.", ++ .login_greeting = DOVECOT_NAME" ready.", + .login_trusted_networks = "", + + .recipient_delimiter = "+", diff --git a/debian/patches/fix-mail_plugin_dir-default.patch b/debian/patches/fix-mail_plugin_dir-default.patch new file mode 100644 index 0000000..19c3d8d --- /dev/null +++ b/debian/patches/fix-mail_plugin_dir-default.patch @@ -0,0 +1,24 @@ +From: Marco Nenciarini <mnencia@debian.org> +Date: Fri, 16 Sep 2011 00:55:02 +0200 +Subject: fix mail_plugin_dir default + +Bug: #624294 + +Fix mail_plugin_dir default value in conf.d/10-mail.conf +--- + doc/example-config/conf.d/10-mail.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/example-config/conf.d/10-mail.conf b/doc/example-config/conf.d/10-mail.conf +index de48f92..24daa04 100644 +--- a/doc/example-config/conf.d/10-mail.conf ++++ b/doc/example-config/conf.d/10-mail.conf +@@ -211,7 +211,7 @@ namespace inbox { + #auth_socket_path = /var/run/dovecot/auth-userdb + + # Directory where to look up mail plugins. +-#mail_plugin_dir = /usr/lib/dovecot ++#mail_plugin_dir = /usr/lib/dovecot/modules + + # Space separated list of plugins to load for all services. Plugins specific to + # IMAP, LDA, etc. are added to this list in their own .conf files. diff --git a/debian/patches/mboxlocking.patch b/debian/patches/mboxlocking.patch new file mode 100644 index 0000000..8920a3a --- /dev/null +++ b/debian/patches/mboxlocking.patch @@ -0,0 +1,60 @@ +From: "Jaldhar H. Vyas" <jaldhar@debian.org> +Date: Thu, 22 Aug 2013 22:44:48 -0400 +Subject: policy 22.6 compliant mbox write locking + +For NFS safety, prefer fcntl to dotlocks. +Dovecots default is the other way around. + +Bug: #720502 +--- + doc/example-config/conf.d/10-mail.conf | 8 +++++++- + src/config/all-settings.c | 2 +- + src/lib-storage/index/mbox/mbox-settings.c | 2 +- + 3 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/doc/example-config/conf.d/10-mail.conf b/doc/example-config/conf.d/10-mail.conf +index a69224f..b47235f 100644 +--- a/doc/example-config/conf.d/10-mail.conf ++++ b/doc/example-config/conf.d/10-mail.conf +@@ -320,8 +320,14 @@ protocol !indexer-worker { + # in is important to avoid deadlocks if other MTAs/MUAs are using multiple + # locking methods as well. Some operating systems don't allow using some of + # them simultaneously. ++# ++# The Debian value for mbox_write_locks differs from upstream Dovecot. It is ++# changed to be compliant with Debian Policy (section 11.6) for NFS safety. ++# Dovecot: mbox_write_locks = dotlock fcntl ++# Debian: mbox_write_locks = fcntl dotlock ++# + #mbox_read_locks = fcntl +-#mbox_write_locks = dotlock fcntl ++#mbox_write_locks = fcntl dotlock + + # Maximum time to wait for lock (all of them) before aborting. + #mbox_lock_timeout = 5 mins +diff --git a/src/config/all-settings.c b/src/config/all-settings.c +index 391da6d..231100f 100644 +--- a/src/config/all-settings.c ++++ b/src/config/all-settings.c +@@ -1239,7 +1239,7 @@ static const struct setting_define mbox_setting_defines[] = { + }; + static const struct mbox_settings mbox_default_settings = { + .mbox_read_locks = "fcntl", +- .mbox_write_locks = "dotlock fcntl", ++ .mbox_write_locks = "fcntl dotlock", + .mbox_lock_timeout = 5*60, + .mbox_dotlock_change_timeout = 2*60, + .mbox_min_index_size = 0, +diff --git a/src/lib-storage/index/mbox/mbox-settings.c b/src/lib-storage/index/mbox/mbox-settings.c +index 1df2452..b4eb520 100644 +--- a/src/lib-storage/index/mbox/mbox-settings.c ++++ b/src/lib-storage/index/mbox/mbox-settings.c +@@ -27,7 +27,7 @@ static const struct setting_define mbox_setting_defines[] = { + + static const struct mbox_settings mbox_default_settings = { + .mbox_read_locks = "fcntl", +- .mbox_write_locks = "dotlock fcntl", ++ .mbox_write_locks = "fcntl dotlock", + .mbox_lock_timeout = 5*60, + .mbox_dotlock_change_timeout = 2*60, + .mbox_min_index_size = 0, diff --git a/debian/patches/md4-md5-disable-optimization-causing-unaligned-access.patch b/debian/patches/md4-md5-disable-optimization-causing-unaligned-access.patch new file mode 100644 index 0000000..1582b9e --- /dev/null +++ b/debian/patches/md4-md5-disable-optimization-causing-unaligned-access.patch @@ -0,0 +1,51 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Tue, 7 Dec 2021 13:01:10 +0100 +Subject: md4/md5: disable optimization causing unaligned access + +This restores unit tests with GCC 11 and LTO. + + md5.c:92:23: warning: cast from 'const unsigned char *' to 'const uint32_t *' (aka 'const unsigned int *') increases required alignment from 1 to 4 [-Wcast-align] + STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7) + ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~ + md5.c:51:4: note: expanded from macro 'SET' + (*(const uint32_t *)&ptr[(n) * 4]) + ^ + md5.c:37:29: note: expanded from macro 'STEP' + (a) += f((b), (c), (d)) + (x) + (t); \ + ^ + + md5.c:92:3: runtime error: load of misaligned address 0x61900000008b for type 'const uint32_t' (aka 'const unsigned int'), which requires 4 byte alignment + 0x61900000008b: note: pointer points here + 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 + ^ +--- + src/lib/md4.c | 2 +- + src/lib/md5.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lib/md4.c b/src/lib/md4.c +index 06e3231..798292a 100644 +--- a/src/lib/md4.c ++++ b/src/lib/md4.c +@@ -42,7 +42,7 @@ + * memory accesses is just an optimization. Nothing will break if it + * doesn't work. + */ +-#if defined(__i386__) || defined(__x86_64__) || defined(__vax__) ++#if 0 //defined(__i386__) || defined(__x86_64__) || defined(__vax__) + /* uint_fast32_t might be 64 bit, and thus may read 4 more bytes + * beyond the end of the buffer. So only read precisely 32 bits + */ +diff --git a/src/lib/md5.c b/src/lib/md5.c +index 6b5da6c..c605639 100644 +--- a/src/lib/md5.c ++++ b/src/lib/md5.c +@@ -46,7 +46,7 @@ + * memory accesses is just an optimization. Nothing will break if it + * doesn't work. + */ +-#if defined(__i386__) || defined(__x86_64__) || defined(__vax__) ++#if 0 //defined(__i386__) || defined(__x86_64__) || defined(__vax__) + #define SET(n) \ + (*(const uint32_t *)&ptr[(n) * 4]) + #define GET(n) \ diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..eb764ae --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,22 @@ +split-protocols.patch +fix-mail_plugin_dir-default.patch +ssl-cert-location.patch +tcpwrapper.patch +default-mail_location.patch +mboxlocking.patch +dovecot_name.patch +ssl-dh-params-location.patch +skip-rfc-subdir.patch +Correct-misspellings.patch +test-backtrace.patch +doveadm-director.1-drop-acute-accent.patch +Fix-32bit-sign-comparisons.patch +Improve-cross-compile-support.patch +Silence-LTO-related-compiler-warning.patch +md4-md5-disable-optimization-causing-unaligned-access.patch +Support-openssl-3.0.patch +Debug-flaky-unit-test.patch +Avoid-usage-of-PATH_MAX-not-available-on-hurd.patch +auth-Fix-handling-passdbs-with-identical-driver-args-but-.patch +auth-Add-a-comment-about-updating-userdb_find.patch +Fix-uninitialized-read-in-doveadm-oldstats.patch diff --git a/debian/patches/skip-rfc-subdir.patch b/debian/patches/skip-rfc-subdir.patch new file mode 100644 index 0000000..34dfc68 --- /dev/null +++ b/debian/patches/skip-rfc-subdir.patch @@ -0,0 +1,47 @@ +From: Noah Meyerhans <noahm@debian.org> +Date: Thu, 21 May 2020 21:48:59 -0700 +Subject: Don't try to build doc/rfc subdir components + +Forwarded: no (Debian-specific) +--- + pigeonhole/configure.ac | 1 - + pigeonhole/doc/Makefile.am | 1 - + pigeonhole/doc/Makefile.in | 1 - + 3 files changed, 3 deletions(-) + +diff --git a/pigeonhole/configure.ac b/pigeonhole/configure.ac +index 227746a..38671ed 100644 +--- a/pigeonhole/configure.ac ++++ b/pigeonhole/configure.ac +@@ -176,7 +176,6 @@ doc/Makefile + doc/man/Makefile + doc/example-config/Makefile + doc/example-config/conf.d/Makefile +-doc/rfc/Makefile + doc/extensions/Makefile + doc/locations/Makefile + doc/plugins/Makefile +diff --git a/pigeonhole/doc/Makefile.am b/pigeonhole/doc/Makefile.am +index 5131ece..258c135 100644 +--- a/pigeonhole/doc/Makefile.am ++++ b/pigeonhole/doc/Makefile.am +@@ -1,7 +1,6 @@ + SUBDIRS = \ + man \ + example-config \ +- rfc \ + extensions \ + locations \ + plugins +diff --git a/pigeonhole/doc/Makefile.in b/pigeonhole/doc/Makefile.in +index bf2b89c..a849848 100644 +--- a/pigeonhole/doc/Makefile.in ++++ b/pigeonhole/doc/Makefile.in +@@ -404,7 +404,6 @@ top_srcdir = @top_srcdir@ + SUBDIRS = \ + man \ + example-config \ +- rfc \ + extensions \ + locations \ + plugins diff --git a/debian/patches/split-protocols.patch b/debian/patches/split-protocols.patch new file mode 100644 index 0000000..86dcb36 --- /dev/null +++ b/debian/patches/split-protocols.patch @@ -0,0 +1,42 @@ +From: Marco Nenciarini <mnencia@debian.org> +Date: Sat, 5 Mar 2011 11:19:07 +0100 +Subject: split-protocols + +Updated: Mon, 25 Nov 2013 20:11:59 -0500 +Forwarded: no (Debian-specific) + +Set default protocols value as empty and enable each +protocol in its own configuration file +--- + doc/example-config/dovecot.conf | 4 ++-- + src/master/master-settings.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/doc/example-config/dovecot.conf b/doc/example-config/dovecot.conf +index b67e9eb..7e9953f 100644 +--- a/doc/example-config/dovecot.conf ++++ b/doc/example-config/dovecot.conf +@@ -20,8 +20,8 @@ + # options. The paths listed here are for configure --prefix=/usr + # --sysconfdir=/etc --localstatedir=/var + +-# Protocols we want to be serving. +-#protocols = imap pop3 lmtp submission ++# Enable installed protocols ++!include_try /usr/share/dovecot/protocols.d/*.protocol + + # A comma separated list of IPs or hosts where to listen in for connections. + # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. +diff --git a/src/master/master-settings.c b/src/master/master-settings.c +index 7cfaa35..48a9121 100644 +--- a/src/master/master-settings.c ++++ b/src/master/master-settings.c +@@ -207,7 +207,7 @@ static const struct master_settings master_default_settings = { + .state_dir = PKG_STATEDIR, + .libexec_dir = PKG_LIBEXECDIR, + .instance_name = PACKAGE, +- .protocols = "imap pop3 lmtp", ++ .protocols = "", + .listen = "*, ::", + .ssl = "yes:no:required", + .default_internal_user = "dovecot", diff --git a/debian/patches/ssl-cert-location.patch b/debian/patches/ssl-cert-location.patch new file mode 100644 index 0000000..446dd87 --- /dev/null +++ b/debian/patches/ssl-cert-location.patch @@ -0,0 +1,73 @@ +From: "Jaldhar H. Vyas" <jaldhar@debian.org> +Date: Tue, 25 Sep 2012 01:12:07 -0400 +Subject: SSL cert location + +Last-Update: Sun, 30 Nov 2014 23:59:07 -0500 +Bug: #608719 + +Move dovecots generated X.509 certificate out of /etc/ssl where +it doesn't belong. +--- + doc/example-config/conf.d/10-ssl.conf | 7 ++++--- + doc/mkcert.sh | 10 +++++----- + 2 files changed, 9 insertions(+), 8 deletions(-) + +diff --git a/doc/example-config/conf.d/10-ssl.conf b/doc/example-config/conf.d/10-ssl.conf +index ad84766..4867a07 100644 +--- a/doc/example-config/conf.d/10-ssl.conf ++++ b/doc/example-config/conf.d/10-ssl.conf +@@ -3,14 +3,14 @@ + ## + + # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> +-#ssl = yes ++ssl = yes + + # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before + # dropping root privileges, so keep the key file unreadable by anyone but + # root. Included doc/mkcert.sh can be used to easily generate self-signed + # certificate, just make sure to update the domains in dovecot-openssl.cnf +-ssl_cert = </etc/ssl/certs/dovecot.pem +-ssl_key = </etc/ssl/private/dovecot.pem ++ssl_cert = </etc/dovecot/private/dovecot.pem ++ssl_key = </etc/dovecot/private/dovecot.key + + # If key file is password protected, give the password here. Alternatively + # give it when starting dovecot with -p parameter. Since this file is often +@@ -33,6 +33,7 @@ ssl_key = </etc/ssl/private/dovecot.pem + # RedHat-based systems. Note that ssl_client_ca_file isn't recommended with + # large CA bundles, because it leads to excessive memory usage. + #ssl_client_ca_dir = ++ssl_client_ca_dir = /etc/ssl/certs + #ssl_client_ca_file = + + # Require valid cert when connecting to a remote server +diff --git a/doc/mkcert.sh b/doc/mkcert.sh +index f7e484c..efcf85e 100644 +--- a/doc/mkcert.sh ++++ b/doc/mkcert.sh +@@ -8,19 +8,19 @@ OPENSSL=${OPENSSL-openssl} + SSLDIR=${SSLDIR-/etc/ssl} + OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} + +-CERTDIR=$SSLDIR/certs +-KEYDIR=$SSLDIR/private ++CERTDIR=/etc/dovecot/ssl ++KEYDIR=/etc/dovecot/ssl + + CERTFILE=$CERTDIR/dovecot.pem +-KEYFILE=$KEYDIR/dovecot.pem ++KEYFILE=$KEYDIR/dovecot.key + + if [ ! -d $CERTDIR ]; then +- echo "$SSLDIR/certs directory doesn't exist" ++ echo "$CERTDIR directory doesn't exist" + exit 1 + fi + + if [ ! -d $KEYDIR ]; then +- echo "$SSLDIR/private directory doesn't exist" ++ echo "$KEYDIR directory doesn't exist" + exit 1 + fi + diff --git a/debian/patches/ssl-dh-params-location.patch b/debian/patches/ssl-dh-params-location.patch new file mode 100644 index 0000000..10589ea --- /dev/null +++ b/debian/patches/ssl-dh-params-location.patch @@ -0,0 +1,24 @@ +From: Apollon Oikonomopoulos <apoikos@debian.org> +Date: Sat, 24 Mar 2018 00:24:55 +0200 +Subject: Set DH params location + +Forwarded: not-needed + +This is mandatory for SSL support in 2.3 +--- + doc/example-config/conf.d/10-ssl.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/example-config/conf.d/10-ssl.conf b/doc/example-config/conf.d/10-ssl.conf +index 4867a07..c4502fc 100644 +--- a/doc/example-config/conf.d/10-ssl.conf ++++ b/doc/example-config/conf.d/10-ssl.conf +@@ -52,7 +52,7 @@ ssl_client_ca_dir = /etc/ssl/certs + # Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096` + # Or migrate from old ssl-parameters.dat file with the command dovecot + # gives on startup when ssl_dh is unset. +-#ssl_dh = </etc/dovecot/dh.pem ++ssl_dh = </usr/share/dovecot/dh.pem + + # Minimum SSL protocol version to use. Potentially recognized values are SSLv3, + # TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3, depending on the OpenSSL version used. diff --git a/debian/patches/tcpwrapper.patch b/debian/patches/tcpwrapper.patch new file mode 100644 index 0000000..f58a282 --- /dev/null +++ b/debian/patches/tcpwrapper.patch @@ -0,0 +1,45 @@ +From: Joerg Dorchain <joerg@dorchain.net> +Date: Sun, 26 Aug 2012 10:10:28 +0200 +Subject: Add TCP wrapper support + +Bug: #685850 + +Configuration file for TCP wrapper support. +--- + doc/example-config/conf.d/10-tcpwrapper.conf | 14 ++++++++++++++ + doc/example-config/conf.d/Makefile.am | 1 + + 2 files changed, 15 insertions(+) + create mode 100644 doc/example-config/conf.d/10-tcpwrapper.conf + +diff --git a/doc/example-config/conf.d/10-tcpwrapper.conf b/doc/example-config/conf.d/10-tcpwrapper.conf +new file mode 100644 +index 0000000..b237d96 +--- /dev/null ++++ b/doc/example-config/conf.d/10-tcpwrapper.conf +@@ -0,0 +1,14 @@ ++# 10-tcpwrapper.conf ++# ++# service name for hosts.{allow|deny} are those defined as ++# inet_listener in master.conf ++# ++#login_access_sockets = tcpwrap ++# ++#service tcpwrap { ++# unix_listener login/tcpwrap { ++# group = $default_login_user ++# mode = 0600 ++# user = $default_login_user ++# } ++#} +diff --git a/doc/example-config/conf.d/Makefile.am b/doc/example-config/conf.d/Makefile.am +index 1950fd5..b78c21a 100644 +--- a/doc/example-config/conf.d/Makefile.am ++++ b/doc/example-config/conf.d/Makefile.am +@@ -18,6 +18,7 @@ example_DATA = \ + 10-master.conf \ + 10-metrics.conf \ + 10-ssl.conf \ ++ 10-tcpwrapper.conf \ + 15-lda.conf \ + 15-mailboxes.conf \ + 20-imap.conf \ diff --git a/debian/patches/test-backtrace.patch b/debian/patches/test-backtrace.patch new file mode 100644 index 0000000..29a03c4 --- /dev/null +++ b/debian/patches/test-backtrace.patch @@ -0,0 +1,36 @@ +From: Noah Meyerhans <noahm@debian.org> +Date: Fri, 12 Jun 2020 16:51:06 -0700 +Subject: Updates the symbol to check for in the backtrace unit tests + +Updates the symbol to check for in the backtrace unit tests to +something that appears in all the traces on the platforms we support. +--- + src/lib/test-backtrace.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/lib/test-backtrace.c b/src/lib/test-backtrace.c +index fdebe0f..640dc5b 100644 +--- a/src/lib/test-backtrace.c ++++ b/src/lib/test-backtrace.c +@@ -17,8 +17,8 @@ static void test_backtrace_append(void) + #elif (defined(HAVE_BACKTRACE_SYMBOLS) && defined(HAVE_EXECINFO_H)) || \ + (defined(HAVE_WALKCONTEXT) && defined(HAVE_UCONTEXT_H)) + test_assert(backtrace_append(bt) == 0); +- /* it should have some kind of main in it */ +- test_assert(strstr(str_c(bt), "main") != NULL); ++ i_debug("backtrace: '%s'", str_c(bt)); ++ test_assert(strstr(str_c(bt), "test_backtrace_append") != NULL || strstr(str_c(bt), "main") != NULL); + #else + /* should not work in this context */ + test_assert(backtrace_append(bt) == -1); +@@ -41,8 +41,8 @@ static void test_backtrace_get(void) + #elif (defined(HAVE_BACKTRACE_SYMBOLS) && defined(HAVE_EXECINFO_H)) || \ + (defined(HAVE_WALKCONTEXT) && defined(HAVE_UCONTEXT_H)) + test_assert(backtrace_get(&bt) == 0); +- /* it should have some kind of main in it */ +- test_assert(strstr(bt, "main") != NULL); ++ i_debug("backtrace: '%s'", bt); ++ test_assert(strstr(bt, "test_backtrace_get") != NULL || strstr(bt, "main") != NULL); + #else + /* should not work in this context */ + test_assert(backtrace_get(&bt) == -1); |