Date: Wednesday, March 7, 2018 @ 08:41:07 Author: foxxx0 Revision: 303538
upgpkg: dovecot 2.3.0.1-2 add libsodium support, backport two segfault patches Added: dovecot/trunk/dovecot-fix-segfault-imap-zlib.patch dovecot/trunk/dovecot-fix-segfault-quota-exceeded.patch Modified: dovecot/trunk/PKGBUILD -------------------------------------------+ PKGBUILD | 58 ++++++---- dovecot-fix-segfault-imap-zlib.patch | 28 ++++ dovecot-fix-segfault-quota-exceeded.patch | 162 ++++++++++++++++++++++++++++ 3 files changed, 228 insertions(+), 20 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-03-07 08:29:54 UTC (rev 303537) +++ PKGBUILD 2018-03-07 08:41:07 UTC (rev 303538) @@ -1,5 +1,6 @@ # $Id$ # Maintainer: Johannes Löthberg <johan...@kyriasis.com> +# Maintainer: Thore Bödecker <fox...@archlinux.org> # Contributor: Bartłomiej Piotrowski <bpiotrow...@archlinux.org> # Contributor: Andreas Radke <andy...@archlinux.org> # Contributor: Paul Mattal <p...@mattal.com> @@ -10,7 +11,7 @@ pkgname=dovecot pkgver=2.3.0.1 -pkgrel=1 +pkgrel=2 pkgdesc="An IMAP and POP3 server written with security primarily in mind" url="http://dovecot.org/" @@ -17,9 +18,9 @@ arch=('x86_64') license=("LGPL") -depends=('krb5' 'openssl' 'sqlite' 'libmariadbclient' +depends=('krb5' 'openssl' 'sqlite' 'libmariadbclient' 'libsodium' 'postgresql-libs' 'bzip2' 'lz4' 'expat' 'curl' 'pam') -makedepends=('libcap' 'libldap' 'clucene') +makedepends=('libcap' 'libldap' 'clucene' 'libsodium') optdepends=('libldap: ldap plugin' 'xz: imap zlib plugin' 'clucene: alternative FTS indexer') @@ -26,25 +27,41 @@ provides=('imap-server' 'pop3-server') -source=("https://dovecot.org/releases/2.3/dovecot-$pkgver.tar.gz"{,.sig} - dovecot.sysusersd - dovecot.tmpfilesd) +source=("https://dovecot.org/releases/2.3/${pkgname}-${pkgver}.tar.gz"{,.sig} + 'dovecot.sysusersd' + 'dovecot.tmpfilesd' + # to be checked if upcoming 2.3.1 release has merged them: + 'dovecot-fix-segfault-quota-exceeded.patch' + 'dovecot-fix-segfault-imap-zlib.patch') sha256sums=('ab772b3e214683aba347203c9391295552255c4d69afb324c7b8c8fc5ad6f153' 'SKIP' 'c5e3a8ffe23e5deb4f7893d9877d972347c2ee45c4ebf713de85c537e47cfcaf' - 'bb7620be7fc0217d77fcac940441c2abbd9efc6ef660153288d09ba412e27e06') -validpgpkeys=('E643F0BDFDCD04D9FFCB6279C948525140558AC9' # Timo Sirainen <t...@iki.fi> - '2BE74AAB3EE754DFB9C80D3318A348AEED409DA1') # Dovecot Community Edition + 'bb7620be7fc0217d77fcac940441c2abbd9efc6ef660153288d09ba412e27e06' + 'e6ef27938a384a54b28c0ce57626dcd738f659465293f2cbb71712cbd5592136' + 'b8a7b6e324b8b03c02d1e43b700fdb21ca791699bbb046dcc0042f8e6489b2ed') +validpgpkeys=( + 'E643F0BDFDCD04D9FFCB6279C948525140558AC9' # Timo Sirainen <t...@iki.fi> + '2BE74AAB3EE754DFB9C80D3318A348AEED409DA1' # Dovecot Community Edition +) prepare() { - cd dovecot-$pkgver + cd "${srcdir}/${pkgname}-${pkgver}" + + local filename + for filename in "${source[@]}"; do + if [[ "$filename" =~ \.patch$ ]]; then + msg2 "Applying patch ${filename##*/}" + patch -p1 -N -i "$srcdir/${filename##*/}" + fi + done + # fix path in helper script sed -i 's:OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}:OPENSSLCONFIG=${OPENSSLCONFIG- /etc/ssl/dovecot-openssl.cnf}:' doc/mkcert.sh } build() { - cd dovecot-$pkgver + cd "${srcdir}/${pkgname}-${pkgver}" ./configure --prefix=/usr --sysconfdir=/etc \ --sbindir=/usr/bin \ @@ -69,6 +86,7 @@ --with-libcap \ --with-solr \ --with-lucene \ + --with-sodium \ --with-docs make @@ -75,7 +93,7 @@ } check() { - cd dovecot-$pkgver + cd "${srcdir}/${pkgname}-${pkgver}" make check } @@ -83,15 +101,15 @@ # system user/group dovenull - 74 # system user/group dovecot - 76 - cd dovecot-$pkgver + cd "${srcdir}/${pkgname}-${pkgver}" make DESTDIR="$pkgdir" install - install -Dm644 "$srcdir/dovecot.sysusersd" \ - "$pkgdir/usr/lib/sysusers.d/dovecot.conf" - install -Dm644 "$srcdir/dovecot.tmpfilesd" \ - "$pkgdir/usr/lib/tmpfiles.d/dovecot.conf" - install -d -m755 "$pkgdir/etc/dovecot/conf.d" - rm -f $pkgdir/etc/dovecot/README + install -Dm644 "${srcdir}/dovecot.sysusersd" \ + "${pkgdir}/usr/lib/sysusers.d/dovecot.conf" + install -Dm644 "${srcdir}/dovecot.tmpfilesd" \ + "${pkgdir}/usr/lib/tmpfiles.d/dovecot.conf" + install -d -m755 "${pkgdir}/etc/dovecot/conf.d" + rm -f "${pkgdir}/etc/dovecot/README" # install mkcert helper script - install -m 755 doc/mkcert.sh "$pkgdir/usr/lib/dovecot/mkcert.sh" + install -m 755 doc/mkcert.sh "${pkgdir}/usr/lib/dovecot/mkcert.sh" } Added: dovecot-fix-segfault-imap-zlib.patch =================================================================== --- dovecot-fix-segfault-imap-zlib.patch (rev 0) +++ dovecot-fix-segfault-imap-zlib.patch 2018-03-07 08:41:07 UTC (rev 303538) @@ -0,0 +1,28 @@ +From 23da0fa1b30cc11bcc1d467674a0950c527e9ff1 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen <timo.sirai...@dovecot.fi> +Date: Sat, 6 Jan 2018 21:22:11 +0200 +Subject: [PATCH] ostream-zlib: Ignore missing finish if parent stream is + ignoring errors + +This fixes panic with imap_zlib plugin when client enables the IMAP COMPRESS +extension and disconnects: + +Panic: file ostream-zlib.c: line 36 (o_stream_zlib_close): assertion failed: (zstream->ostream.finished || zstream->ostream.ostream.stream_errno != 0) +--- + src/lib-compression/ostream-zlib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/lib-compression/ostream-zlib.c b/src/lib-compression/ostream-zlib.c +index 848ecb7b89..e0b9a91416 100644 +--- a/src/lib-compression/ostream-zlib.c ++++ b/src/lib-compression/ostream-zlib.c +@@ -33,7 +33,8 @@ static void o_stream_zlib_close(struct iostream_private *stream, + struct zlib_ostream *zstream = (struct zlib_ostream *)stream; + + i_assert(zstream->ostream.finished || +- zstream->ostream.ostream.stream_errno != 0); ++ zstream->ostream.ostream.stream_errno != 0 || ++ zstream->ostream.error_handling_disabled); + (void)deflateEnd(&zstream->zs); + if (close_parent) + o_stream_close(zstream->ostream.parent); Added: dovecot-fix-segfault-quota-exceeded.patch =================================================================== --- dovecot-fix-segfault-quota-exceeded.patch (rev 0) +++ dovecot-fix-segfault-quota-exceeded.patch 2018-03-07 08:41:07 UTC (rev 303538) @@ -0,0 +1,162 @@ +From 2bf919786518d138cc07d9cc21e14ad5e07e5e56 Mon Sep 17 00:00:00 2001 +From: Stephan Bosch <stephan.bo...@dovecot.fi> +Date: Wed, 17 Jan 2018 21:26:44 +0100 +Subject: [PATCH] lmtp: local: Fix segfault occurring when quota is exceeded. + +--- + src/lmtp/lmtp-local.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c +index fa1ce5d869..5b5fe51a95 100644 +--- a/src/lmtp/lmtp-local.c ++++ b/src/lmtp/lmtp-local.c +@@ -133,7 +133,7 @@ static void + lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt, + const char *error) + { +- struct smtp_address *address = rcpt->rcpt.rcpt->path; ++ struct smtp_address *address = rcpt->rcpt.path; + struct lda_settings *lda_set = + mail_storage_service_user_get_set(rcpt->service_user)[2]; + +From cdbcc8db8e0a04b2cbf6ca9f20b3ee7f7173552d Mon Sep 17 00:00:00 2001 +From: Stephan Bosch <stephan.bo...@dovecot.fi> +Date: Wed, 31 Jan 2018 10:30:23 +0100 +Subject: [PATCH 1/3] lmtp: local: Make local variable for rcpt->rcpt.rcpt_cmd + in lmtp_local_rcpt_check_quota(). + +--- + src/lmtp/lmtp-local.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c +index c770e35e5b..d0ee4b312e 100644 +--- a/src/lmtp/lmtp-local.c ++++ b/src/lmtp/lmtp-local.c +@@ -195,6 +195,7 @@ static int + lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt) + { + struct client *client = rcpt->rcpt.client; ++ struct smtp_server_cmd_ctx *cmd = rcpt->rcpt.rcpt_cmd; + struct smtp_address *address = rcpt->rcpt.path; + struct mail_user *user; + struct mail_namespace *ns; +@@ -245,10 +246,10 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt) + } + + if (ret < 0 && +- !smtp_server_command_is_replied(rcpt->rcpt.rcpt_cmd->cmd)) { +- smtp_server_reply(rcpt->rcpt.rcpt_cmd, +- 451, "4.3.0", "<%s> Temporary internal error", +- smtp_address_encode(address)); ++ !smtp_server_command_is_replied(cmd->cmd)) { ++ smtp_server_reply(cmd, 451, "4.3.0", ++ "<%s> Temporary internal error", ++ smtp_address_encode(address)); + } + return ret; + } + +From c23717da4af9d3275cb45cbc67faaa8daa353ec1 Mon Sep 17 00:00:00 2001 +From: Stephan Bosch <stephan.bo...@dovecot.fi> +Date: Wed, 31 Jan 2018 10:34:11 +0100 +Subject: [PATCH 2/3] lmtp: local: Add explicit cmd parameter to + lmtp_local_rcpt_reply_overquota(). + +Using the RCPT cmd is only valid for the RCPT command and not when quota excess +is detected during DATA. That would cause a segmentation fault, since +rcpt->rcpt.rcpt_cmd == NULL. +--- + src/lmtp/lmtp-local.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c +index d0ee4b312e..c19c449e61 100644 +--- a/src/lmtp/lmtp-local.c ++++ b/src/lmtp/lmtp-local.c +@@ -134,6 +134,7 @@ lmtp_local_rcpt_deinit(struct lmtp_local_recipient *rcpt) + + static void + lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt, ++ struct smtp_server_cmd_ctx *cmd, + const char *error) + { + struct smtp_address *address = rcpt->rcpt.path; +@@ -141,13 +142,11 @@ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt, + mail_storage_service_user_get_set(rcpt->service_user)[2]; + + if (lda_set->quota_full_tempfail) { +- smtp_server_reply(rcpt->rcpt.rcpt_cmd, +- 452, "4.2.2", "<%s> %s", +- smtp_address_encode(address), error); ++ smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s", ++ smtp_address_encode(address), error); + } else { +- smtp_server_reply(rcpt->rcpt.rcpt_cmd, +- 552, "5.2.2", "<%s> %s", +- smtp_address_encode(address), error); ++ smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s", ++ smtp_address_encode(address), error); + } + } + +@@ -232,7 +231,7 @@ lmtp_local_rcpt_check_quota(struct lmtp_local_recipient *rcpt) + if (ret < 0) { + error = mailbox_get_last_error(box, &mail_error); + if (mail_error == MAIL_ERROR_NOQUOTA) { +- lmtp_local_rcpt_reply_overquota(rcpt, error); ++ lmtp_local_rcpt_reply_overquota(rcpt, cmd, error); + } else { + i_error("mailbox_get_status(%s, STATUS_CHECK_OVER_QUOTA) " + "failed: %s", +@@ -623,7 +622,7 @@ lmtp_local_deliver(struct lmtp_local *local, + } else if (storage != NULL) { + error = mail_storage_get_last_error(storage, &mail_error); + if (mail_error == MAIL_ERROR_NOQUOTA) { +- lmtp_local_rcpt_reply_overquota(rcpt, error); ++ lmtp_local_rcpt_reply_overquota(rcpt, cmd, error); + } else { + smtp_server_reply_index(cmd, rcpt_idx, + 451, "4.2.0", "<%s> %s", + +From f8d9e6c977847a411af9986c9be62f74e4b06143 Mon Sep 17 00:00:00 2001 +From: Stephan Bosch <stephan.bo...@dovecot.fi> +Date: Wed, 31 Jan 2018 10:27:54 +0100 +Subject: [PATCH 3/3] lmtp: local: Use recipient index in + lmtp_local_rcpt_reply_overquota(). + +When used during the DATA command, it should send a reply for the correct +recipient. During the RCPT command there is only one reply due. Added assert +that checks this. +--- + src/lmtp/lmtp-local.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c +index c19c449e61..0b5e7e06ec 100644 +--- a/src/lmtp/lmtp-local.c ++++ b/src/lmtp/lmtp-local.c +@@ -138,15 +138,18 @@ lmtp_local_rcpt_reply_overquota(struct lmtp_local_recipient *rcpt, + const char *error) + { + struct smtp_address *address = rcpt->rcpt.path; ++ unsigned int rcpt_idx = rcpt->rcpt.index; + struct lda_settings *lda_set = + mail_storage_service_user_get_set(rcpt->service_user)[2]; + ++ i_assert(rcpt_idx == 0 || rcpt->rcpt.rcpt_cmd == NULL); ++ + if (lda_set->quota_full_tempfail) { +- smtp_server_reply(cmd, 452, "4.2.2", "<%s> %s", +- smtp_address_encode(address), error); ++ smtp_server_reply_index(cmd, rcpt_idx, 452, "4.2.2", "<%s> %s", ++ smtp_address_encode(address), error); + } else { +- smtp_server_reply(cmd, 552, "5.2.2", "<%s> %s", +- smtp_address_encode(address), error); ++ smtp_server_reply_index(cmd, rcpt_idx, 552, "5.2.2", "<%s> %s", ++ smtp_address_encode(address), error); + } + } +