Hello community,
here is the log from the commit of package cyrus-imapd for openSUSE:Factory checked in at 2014-03-09 18:21:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cyrus-imapd (Old)
and /work/SRC/openSUSE:Factory/.cyrus-imapd.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cyrus-imapd"
Changes:
--------
--- /work/SRC/openSUSE:Factory/cyrus-imapd/cyrus-imapd.changes 2013-06-17 10:03:31.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.cyrus-imapd.new/cyrus-imapd.changes 2014-03-09 18:21:58.000000000 +0100
@@ -1,0 +2,104 @@
+Wed Jan 29 11:14:13 UTC 2014 - aj@ajaissle.de
+
+- Added -snmp and -snmp-mibs sub-packages
+- Added README.SNMP to cyrus-imapd-rc-2.tar.gz
+- Added sysconfig option to use SNMP
+ * TODO: convert to a yesno option
+
+-------------------------------------------------------------------
+Fri Jan 24 13:45:42 UTC 2014 - aj@ajaissle.de
+
+- Updated to upstream release 2.4.17 (fate#311137)
+ Changes to the Cyrus IMAP Server since 2.3.x:
+ * All databases are now default skiplist, and ctl_cyrusdb will automatically convert database type on startup.
+ * make_sha1 and make_md5 are removed (replaced by GUID and reconstruct changes)
+ * Charset subsystem rewritten - Unicode 5.2 rather than Unicode 2, and UTF-8 support in sieve.
+ * Core mailbox handling code largely rewritten with new APIs, CRC checksums, new locking mechanisms, merging of cyrus.index and cyrus.expunge, inclusion of user \Seen flag, and much more.
+ * Replication code largely rewritten to provide better performance, consistency checking, and recovery from "split-brain" scenarios.
+ * Added support for LIST-EXTENDED IMAP extension. Removed support for deprecated (compile-time) LISTEXT IMAP extension. Based on work by Martin Konold
+ * Added support for ESEARCH IMAP extension.
+ * Added support for WITHIN extension to IMAP SEARCH.
+ * Added support for ENABLE IMAP extension.
+ * Added support for QRESYNC IMAP extension.
+ * Added support for URLAUTH=BINARY IMAP extension.
+ * Removed legacy IMAP[2|3|4] cruft. We now only support IMAPrev1 + extensions.
+ * Added support for marking QoS on traffic. (courtesy of Philip Prindeville )
+ * Modified user_deny.db code to open database once at service startup time.
+ * ... and hundreds of tiny things too numerous to mention in a short change log ...
+
+- Added the following patches:
+ - cyrus-imapd-2.4.17_drac_auth.patch -- this is a rebased version of contrib/drac_auth.patch
+ - cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch -- Allow a result attribute to be specified with ptclient/ldap.c
+ * Supersedes KOLAB_cyrus-imapd-2.3.18_UID.patch
+
+- Renamed the following patches:
+ - syslog-facility-doc.patch to cyrus-imapd-2.3.16_syslog-facility-doc.patch
+
+- Rebased the following patches for cyrus-imapd-2.4.17:
+ - cyrus-imapd-db6.diff as cyrus-imapd-2.4.17_db6.patch
+ - cyrus-imapd-openslp.patch as cyrus-imapd-2.4.17_openslp.patch
+ - luser_relay.patch as cyrus-imapd-2.4.17_lmtp_catchall_mailbox.patch
+ * Option 'lmtp_luser_relay' was renamed to 'lmtp_catchall_mailbox'
+ * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2360
+ - cyrus-imapd_tls-session-leak.dif as cyrus-imapd-2.4.17_tls-session-leak.patch
+ * https://bugzilla.cyrusimap.org/show_bug.cgi?id=3252
+ - cyrus-imapd-2.3.16-autocreate-0.10-0.drac.diff as cyrus-imapd-2.4.17_autocreate-0.10-0.patch
+ - pie.patch as cyrus-imapd-2.4.17_pie.patch
+
+- Removed the following patches (unknown upstream status):
+ - KOLAB_cyrus-imapd-2.3.18_Folder-names.patch
+ * There is no need for us to extend the mailbox name restrictions
+ * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2633
+ - KOLAB_cyrus-imapd-2.3.18_Groups2.patch
+ * optional/not needed
+ * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2632
+ * https://bugzilla.cyrusimap.org/show_bug.cgi?id=3282
+ - KOLAB_cyrus-imapd-2.3.18_timsieved_starttls-sendcaps.patch
+ * Workaround for an issue with kontact/kio ~ KDE 3.5.9
+ - KOLAB_cyrus-imapd-2.3.18_UID.patch
+ * Superseded by cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch
+
+- Removed the following patches (upstream inclusion):
+ - charset.patch
+ - cyrus-imapd-perl-5.14.patch
+ - cyrus-imapd-perl-path.patch
+ - cyrus-imapd_references_header-dos.dif
+ - KOLAB_cyrus-imapd-2.3.18_Cyradm_Annotations.patch
+ * http://git.cyrusimap.org/cyrus-imapd/commit/?h=cyrus-imapd-2.4&id=98dd7a9130653ac848c0782a7688d26a090b494b
+ - KOLAB_cyrus-imapd-2.3.18_Logging.patch
+ * Use 'auditlog: 1' in imapd.conf
+ * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2964
+ - user_deny_db-once.patch
+
+- Changed cyrus-imapd-rc.tar.gz contents, now having cyrus-imapd-rc-2.tar.gz:
+ - dir name now is SUSE (was: SuSE)
+ - renamed README.SuSE -> README.SUSE
+ - added annotation definitions for groupware folders
+ - imapd.conf: added annotaion definitions and lmtp_fuzzy_mailbox_match
+ - imapd.conf: changed path to TLS certs form /usr/ssl/ to /etc/SSL_accept
+ - imapd.conf: set default 'delete_mode' and 'expunge_mode' to 'delayed'
+ - cyrus.conf: added more services, added deleteprune and expungeprune
+ - moved DB_CONFIG into cyrus-imapd-rc.tar.gz
+
+- Spec file cleanup
+
+- Prepared systemd support
+ * with systemd, we use cyrus-imapd as service name
+ * we have a symlink 'rccyrus-imapd' to '/usr/sbin/service'
+ * for compatibility, we have an alias 'rccyrus' = 'rccyrus-imapd'
+
+- New package: cyrus-imapd-utils, which now contains tools to test mail servers
+- New package: cyrus-imapd-cyradm, which now contains the cyradm tool
+
+- TODO:
+ - Check KOLAB_cyrus-imapd-2.3.18_cross-domain-acls.patch
+ * Patch is optional
+ * https://roundup.kolab.org/issue1141
+ - systemd service not yet working as expected, so we disabled it atm
+
+-------------------------------------------------------------------
+Thu Jun 20 09:29:07 UTC 2013 - aj@ajaissle.de
+
+- Move kolab tag from package name to version field
+
+-------------------------------------------------------------------
Old:
----
DB_CONFIG
KOLAB_cyrus-imapd-2.3.18_Cyradm_Annotations.patch
KOLAB_cyrus-imapd-2.3.18_Folder-names.patch
KOLAB_cyrus-imapd-2.3.18_Groups2.patch
KOLAB_cyrus-imapd-2.3.18_Logging.patch
KOLAB_cyrus-imapd-2.3.18_UID.patch
KOLAB_cyrus-imapd-2.3.18_timsieved_starttls-sendcaps.patch
charset.patch
cyrus-imapd-2.3.16-autocreate-0.10-0.drac.diff
cyrus-imapd-2.3.18.tar.gz
cyrus-imapd-db6.diff
cyrus-imapd-openslp.patch
cyrus-imapd-perl-5.14.patch
cyrus-imapd-perl-path.patch
cyrus-imapd-rc.tar.gz
cyrus-imapd_references_header-dos.dif
cyrus-imapd_tls-session-leak.dif
luser_relay.patch
pie.patch
syslog-facility-doc.patch
user_deny_db-once.patch
New:
----
cmu.mib
cyrus-imapd-2.3.16_syslog-facility-doc.patch
cyrus-imapd-2.4.17.tar.gz
cyrus-imapd-2.4.17_autocreate-0.10-0.patch
cyrus-imapd-2.4.17_db6.patch
cyrus-imapd-2.4.17_drac_auth.patch
cyrus-imapd-2.4.17_lmtp_catchall_mailbox.patch
cyrus-imapd-2.4.17_openslp.patch
cyrus-imapd-2.4.17_pie.patch
cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch
cyrus-imapd-2.4.17_tls-session-leak.patch
cyrus-imapd-rc-2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cyrus-imapd.spec ++++++
++++ 785 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/cyrus-imapd/cyrus-imapd.spec
++++ and /work/SRC/openSUSE:Factory/.cyrus-imapd.new/cyrus-imapd.spec
++++++ cmu.mib ++++++
CMU-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, enterprises
FROM SNMPv2-SMI;
cmuMIB MODULE-IDENTITY
LAST-UPDATED "9701220000Z"
ORGANIZATION "Carnegie Mellon"
CONTACT-INFO
" Email: dc0m@andrew.cmu.edu
Network Development
Computing Services
Carnegie Mellon University
Pittsburgh PA. 15213
"
DESCRIPTION
"The MIB module for CMU SNMP entities."
REVISION "9701220000Z"
DESCRIPTION
"The initial revision of this MIB"
REVISION "9706031200Z"
DESCRIPTION "Expanded MIB, incorporated old CMU information.
Updated contact information.
"
REVISION "0312112000Z"
DESCRIPTION "Added cmuLDAP"
::= { enterprises 3 }
-- CMU Systems
cmuSystems OBJECT IDENTIFIER ::= { cmuMIB 1 }
-- Other MIBs
cmuMIBs OBJECT IDENTIFIER ::= { cmuMIB 2 }
-- Not Used
-- cmuSimpleSecurity ::= { cmuMIB 3 }
-- Monitored: Names of monitored entities
cmuMonitored OBJECT IDENTIFIER ::= { cmuMIB 4 }
cmuLDAPResources OBJECT IDENTIFIER ::= { cmuMIB 5 }
-- software that's distributed under Project Cyrus
cmuCyrus OBJECT IDENTIFIER ::= { cmuMIB 6 }
-- application statistics
cmuAppStats OBJECT IDENTIFIER ::= { cmuMIB 7 }
-- CMU LDAP OIDs
ldapResources OBJECT IDENTIFIER ::= { cmuMIB 8 }
-- ********** System Monitoring **********
-- These aren't used anymore.
-- cmuOldSNMPD OBJECT IDENTIFIER ::= { cmuSystems 1 }
-- cmuKip OBJECT IDENTIFIER ::= { cmuSystems 2 }
-- cmuRouter OBJECT IDENTIFIER ::= { cmuSystems 3 }
-- cmuBridge OBJECT IDENTIFIER ::= { cmuSystems 4 }
-- cmuDelni OBJECT IDENTIFIER ::= { cmuSystems 5 }
-- Bind patch, http://www.net.cmu.edu/projects/snmp/dns
cmuDNS OBJECT IDENTIFIER ::= { cmuSystems 6 } -- CMU-DNS-MIB
-- Not used anymore
-- cmuUNIX OBJECT IDENTIFIER ::= { cmuSystems 7 }
-- CMU SNMPD
cmuSNMPD OBJECT IDENTIFIER ::= { cmuSystems 8 } -- CMU-SNMPD-MIB
-- libevent specific information
cmuNADINE OBJECT IDENTIFIER ::= { cmuSystems 9 } -- CMU-NADINE-MIB
-- CMU DHCP
-- cmuDHCP OBJECT IDENTIFIER ::= { cmuSystems 10 }
-- CMU-DHCP-MIB
-- ********** Other MIBs **********
-- cmuRouterMIB OBJECT IDENTIFIER ::= { cmuMIBs 1 } Defined in ROUTER-MIB
-- cmuUnixMIB OBJECT IDENTIFIER ::= { cmuMIBs 2 } Defined in CMU-UNIX-MIB
-- cmuFaultMIB OBJECT IDENTIFIER ::= { cmuMIBs 3 } Defined in CMU-FAULT-MIB
-- Not used anymore (if ever)
-- cmuProcwatch OBJECT IDENTIFIER ::= { cmuMIBs 4 }
-- cmuPing OBJECT IDENTIFIER ::= { cmuMIBs 5 }
-- *********** application statistics (leg@andrew.cmu.edu) **********
cmuSendmailStats OBJECT IDENTIFIER ::= { cmuAppStats 1 }
cmuApacheModStatus OBJECT IDENTIFIER ::= { cmuAppStats 2 }
END
++++++ cyrus-imapd-2.3.16_syslog-facility-doc.patch ++++++
From 52753d22537cc8af9dbed6a6acc5c32c78e272b0 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp
Date: Fri, 9 Apr 2010 11:49:37 +0200
Subject: [PATCH] syslog facility doc
We build with "--with-syslogfacility=DAEMON" since quite some
time
---
doc/install-configure.html | 4 ++--
doc/overview.html | 2 +-
doc/text/install-configure | 4 ++--
doc/text/overview | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/install-configure.html b/doc/install-configure.html
index 2b4b567..9b0a408 100644
--- a/doc/install-configure.html
+++ b/doc/install-configure.html
@@ -44,10 +44,10 @@ it does not, replace the system "<tt>syslogd</tt>" and
If you do not copy the "<tt>syslog/syslog.conf</tt>" file to the
"<tt>/etc</tt>" directory, be sure to add support for
-"<tt>local6.debug</tt>". The file should include a line like:
+"<tt>daemon.debug</tt>". The file should include a line like:
<pre>
- local6.debug /var/log/imapd.log
+ daemon.debug /var/log/imapd.log
</pre>
You probably also want to log SASL messages with a line like:
diff --git a/doc/overview.html b/doc/overview.html
index 15c351c..a63b3fd 100644
--- a/doc/overview.html
+++ b/doc/overview.html
@@ -622,7 +622,7 @@ server exports MIT's KPOP protocol instead of generic POP3.
<h3><a name="syslog">The <TT>syslog</TT> facility</a></h3>
-The Cyrus IMAP server software sends log messages to the "<TT>local6</TT>"
+The Cyrus IMAP server software sends log messages to the "<TT>daemon</TT>"
syslog facility. The severity levels used are:
<UL>
diff --git a/doc/text/install-configure b/doc/text/install-configure
index f0b88b2..0fcb597 100644
--- a/doc/text/install-configure
+++ b/doc/text/install-configure
@@ -28,10 +28,10 @@ Installing and configuring the IMAP Server
mv syslog.conf /etc/syslog.conf
If you do not copy the "syslog/syslog.conf" file to the "/etc"
- directory, be sure to add support for "local6.debug". The file
+ directory, be sure to add support for "daemon.debug". The file
should include a line like:
- local6.debug /var/log/imapd.log
+ daemon.debug /var/log/imapd.log
You probably also want to log SASL messages with a line like:
diff --git a/doc/text/overview b/doc/text/overview
index 91aa4b5..5a8c552 100644
--- a/doc/text/overview
+++ b/doc/text/overview
@@ -545,7 +545,7 @@ POP3 Server
The syslog facility
- The Cyrus IMAP server software sends log messages to the "local6"
+ The Cyrus IMAP server software sends log messages to the "daemon"
syslog facility. The severity levels used are:
* CRIT - Critical errors which probably require prompt administrator
--
1.7.0.2
++++++ cyrus-imapd-2.3.18.tar.gz -> cyrus-imapd-2.4.17.tar.gz ++++++
++++ 129720 lines of diff (skipped)
++++++ cyrus-imapd-2.4.17_autocreate-0.10-0.patch ++++++
++++ 2164 lines (skipped)
++++++ cyrus-imapd-2.4.17_db6.patch ++++++
From: Jan Engelhardt
Date: 2013-06-14 02:52:48.129456384 +0200
src: make compilation with libdb-6.0 succeed
db-6.0 has hit the scene.
The changes for ->set_bt_compare (mbox_compar) are not yet present
in cyrus-imapd-2.4.17.
---
lib/cyrusdb_berkeley.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
Index: cyrus-imapd-2.3.18/lib/cyrusdb_berkeley.c
===================================================================
--- cyrus-imapd-2.3.18.orig/lib/cyrusdb_berkeley.c
+++ cyrus-imapd-2.3.18/lib/cyrusdb_berkeley.c
@@ -386,8 +386,13 @@
return 0;
}
+#if DB_VERSION_MAJOR >= 6
+static int mbox_compar(DB *db __attribute__((unused)),
+ const DBT *a, const DBT *b, size_t *locp)
+#else
static int mbox_compar(DB *db __attribute__((unused)),
const DBT *a, const DBT *b)
+#endif
{
return bsearch_ncompare((const char *) a->data, a->size,
(const char *) b->data, b->size);
++++++ cyrus-imapd-2.4.17_drac_auth.patch ++++++
diff -Ppru cyrus-imapd-2.4.17.orig/configure.in cyrus-imapd-2.4.17/configure.in
--- cyrus-imapd-2.4.17.orig/configure.in 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/configure.in 2014-01-27 14:26:18.500280589 +0100
@@ -1229,6 +1229,19 @@ dnl (agentx was depricated, but SNMP_SUB
SNMP_SUBDIRS=""
AC_SUBST(SNMP_SUBDIRS)
+dnl
+dnl Test for DRAC
+dnl
+DRACLIBS=
+AC_ARG_WITH(drac, [ --with-drac=DIR use DRAC library in <DIR> [no] ],
+ if test -d "$withval"; then
+ LDFLAGS="$LDFLAGS -L${withval}"
+ AC_CHECK_LIB(drac, dracauth,
+ AC_DEFINE(DRAC_AUTH,[],[Build DRAC support?])
+ DRACLIBS="-ldrac")
+ fi)
+AC_SUBST(DRACLIBS)
+
CMU_LIBWRAP
CMU_UCDSNMP
Only in cyrus-imapd-2.4.17.orig/contrib: .drac_auth.patch.kate-swp
diff -Ppru cyrus-imapd-2.4.17.orig/imap/imapd.c cyrus-imapd-2.4.17/imap/imapd.c
--- cyrus-imapd-2.4.17.orig/imap/imapd.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/imapd.c 2014-01-27 14:39:35.999446812 +0100
@@ -193,6 +193,18 @@ static struct proxy_context imapd_proxyc
1, 1, &imapd_authstate, &imapd_userisadmin, &imapd_userisproxyadmin
};
+#ifdef DRAC_AUTH
+static struct {
+ int interval; /* dracd "ping" interval; 0 = disabled */
+ unsigned long clientaddr;
+ struct prot_waitevent *event;
+} drac;
+
+extern int dracconn(char *server, char **errmsg);
+extern int dracsend(unsigned long userip, char **errmsg);
+extern int dracdisc(char **errmsg);
+#endif /* DRAC_AUTH */
+
/* current sub-user state */
struct index_state *imapd_index;
@@ -795,6 +807,23 @@ int service_init(int argc, char **argv,
/* setup for sending IMAP IDLE notifications */
idle_enabled();
+#ifdef DRAC_AUTH
+ /* setup for sending DRAC "pings" */
+ drac.event = NULL;
+ drac.interval = config_getint(IMAPOPT_DRACINTERVAL);
+ if (drac.interval < 0) drac.interval = 0;
+ if (drac.interval) {
+ char *err;
+
+ if (dracconn((char*) config_getstring(IMAPOPT_DRACHOST), &err) != 0) {
+ /* disable DRAC */
+ drac.interval = 0;
+ syslog(LOG_ERR, "dracconn: %s", err);
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ }
+ }
+#endif /* DRAC_AUTH */
+
/* create connection to the SNMP listener, if available. */
snmp_connect(); /* ignore return code */
snmp_set_str(SERVER_NAME_VERSION,cyrus_version());
@@ -905,6 +934,14 @@ int service_main(int argc __attribute__(
imapd_haveaddr = 1;
}
}
+#ifdef DRAC_AUTH
+ if (((struct sockaddr *)&imapd_remoteaddr)->sa_family == AF_INET)
+ drac.clientaddr = ((struct sockaddr_in *)&imapd_remoteaddr)->sin_addr.s_addr;
+ else
+ drac.clientaddr = 0;
+ } else {
+ drac.clientaddr = 0;
+#endif /* DRAC_AUTH */
}
/* create the SASL connection */
@@ -949,6 +986,11 @@ int service_main(int argc __attribute__(
prot_flush(imapd_out);
snmp_increment(ACTIVE_CONNECTIONS, -1);
+#ifdef DRAC_AUTH
+ if (drac.event) prot_removewaitevent(imapd_in, drac.event);
+ drac.event = NULL;
+#endif /* DRAC_AUTH */
+
/* cleanup */
imapd_reset();
@@ -1061,6 +1103,10 @@ void shut_down(int code)
cyrus_done();
+#ifdef DRAC_AUTH
+ if (drac.interval) (void) dracdisc((char **)NULL);
+#endif /* DRAC_AUTH */
+
exit(code);
}
@@ -1121,6 +1167,36 @@ static void imapd_check(struct backend *
}
}
+#ifdef DRAC_AUTH
+/*
+ * Ping dracd every 'drac.interval' minutes
+ * to let it know that we are still connected
+ */
+struct prot_waitevent *drac_ping(struct protstream *s,
+ struct prot_waitevent *ev,
+ void *rock __attribute__((unused)))
+{
+ char *err;
+ static int nfailure = 0;
+
+ if (dracsend(drac.clientaddr, &err) != 0) {
+ syslog(LOG_ERR, "dracsend: %s", err);
+ if (++nfailure >= 3) {
+ /* can't contact dracd for 3 consecutive tries - disable DRAC */
+ prot_removewaitevent(s, ev);
+ drac.event = NULL;
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ return NULL;
+ }
+ }
+ else
+ nfailure = 0;
+
+ ev->mark = time(NULL) + (drac.interval * 60);
+ return ev;
+}
+#endif /* DRAC_AUTH */
+
/*
* Top-level command loop parsing
*/
@@ -2335,6 +2411,11 @@ void cmd_login(char *tag, char *user)
capa_response(CAPA_PREAUTH|CAPA_POSTAUTH);
prot_printf(imapd_out, "] %s\r\n", reply);
+#ifdef DRAC_AUTH
+ if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr)
+ drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
authentication_success();
}
@@ -2483,6 +2564,11 @@ void cmd_authenticate(char *tag, char *a
prot_setsasl(imapd_in, imapd_saslconn);
prot_setsasl(imapd_out, imapd_saslconn);
+#ifdef DRAC_AUTH
+ if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr)
+ drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
authentication_success();
}
diff -Ppru cyrus-imapd-2.4.17.orig/imap/Makefile.in cyrus-imapd-2.4.17/imap/Makefile.in
--- cyrus-imapd-2.4.17.orig/imap/Makefile.in 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/Makefile.in 2014-01-27 14:28:18.393629551 +0100
@@ -65,6 +65,7 @@ SIEVE_OBJS = @SIEVE_OBJS@
SIEVE_LIBS = @SIEVE_LIBS@
IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@
LIB_WRAP = @LIB_WRAP@
+DRAC_LIBS = @DRACLIBS@
LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS)
DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
@@ -199,17 +200,17 @@ lmtpd.pure: lmtpd.o proxy.o $(LMTPOBJS)
imapd: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(CC) $(LDFLAGS) -o imapd \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o \
- libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
imapd.pure: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(PURIFY) $(PUREOPT) $(CC) $(LDFLAGS) -o imapd.pure \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
- $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
imapd.quant: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(QUANTIFY) $(QUANTOPT) $(CC) $(LDFLAGS) -o imapd.quant \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
- $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
mupdate: mupdate.o mupdate-slave.o mupdate-client.o mutex_pthread.o tls.o \
libimap.a $(DEPLIBS)
@@ -227,7 +228,7 @@ mupdate.pure: mupdate.o mupdate-slave.o
pop3d: pop3d.o proxy.o backend.o tls.o mutex_fake.o libimap.a \
$(DEPLIBS) $(SERVICE)
$(CC) $(LDFLAGS) -o pop3d pop3d.o proxy.o backend.o tls.o $(SERVICE) \
- mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
nntpd: nntpd.o proxy.o backend.o index.o smtpclient.o spool.o tls.o \
mutex_fake.o nntp_err.o libimap.a $(DEPLIBS) $(SERVICE)
diff -Ppru cyrus-imapd-2.4.17.orig/imap/pop3d.c cyrus-imapd-2.4.17/imap/pop3d.c
--- cyrus-imapd-2.4.17.orig/imap/pop3d.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/pop3d.c 2014-01-27 14:42:59.437592923 +0100
@@ -109,7 +109,10 @@ extern int optind;
extern char *optarg;
extern int opterr;
-
+#ifdef DRAC_AUTH
+static int drac_enabled;
+extern int dracauth(char *server, unsigned long userip, char **errmsg);
+#endif /* DRAC_AUTH */
#ifdef HAVE_SSL
static SSL *tls_conn;
@@ -121,6 +124,7 @@ int popd_timeout;
char *popd_userid = 0, *popd_subfolder = 0;
struct mailbox *popd_mailbox = NULL;
struct auth_state *popd_authstate = 0;
+static int popd_userisproxyadmin = 0;
int config_popuseacl, config_popuseimapflags;
struct sockaddr_storage popd_localaddr, popd_remoteaddr;
int popd_haveaddr = 0;
@@ -149,7 +153,7 @@ static int popd_myrights;
/* the sasl proxy policy context */
static struct proxy_context popd_proxyctx = {
- 0, 1, &popd_authstate, NULL, NULL
+ 0, 1, &popd_authstate, NULL, &popd_userisproxyadmin
};
/* signal to config.c */
@@ -573,6 +577,10 @@ int service_main(int argc __attribute__(
prot_settimeout(popd_in, popd_timeout);
prot_setflushonread(popd_in, popd_out);
+#ifdef DRAC_AUTH
+ drac_enabled = (config_getint(IMAPOPT_DRACINTERVAL) > 0);
+#endif /* DRAC_AUTH */
+
if (kflag) kpop();
/* we were connected on pop3s port so we should do
@@ -1780,6 +1788,21 @@ int openinbox(void)
goto fail;
}
+#ifdef DRAC_AUTH
+ if (!popd_userisproxyadmin && drac_enabled &&
+ ((struct sockaddr *)&popd_remoteaddr)->sa_family == AF_INET) {
+ char *err;
+
+ if (dracauth((char*) config_getstring(IMAPOPT_DRACHOST),
+ ((struct sockaddr_in *)&popd_remoteaddr)->sin_addr.s_addr, &err) != 0) {
+ /* disable DRAC */
+ drac_enabled = 0;
+ syslog(LOG_ERR, "dracauth: %s", err);
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ }
+ }
+#endif /* DRAC_AUTH */
+
if (mbentry.mbtype & MBTYPE_REMOTE) {
/* remote mailbox */
char *server = mbentry.partition;
diff -Ppru cyrus-imapd-2.4.17.orig/imap/version.c cyrus-imapd-2.4.17/imap/version.c
--- cyrus-imapd-2.4.17.orig/imap/version.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/version.c 2014-01-27 14:43:43.310898321 +0100
@@ -175,6 +175,10 @@ void id_response(struct protstream *pout
snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
"; %s", SIEVE_VERSION);
#endif
+#ifdef DRAC_AUTH
+ snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
+ "; DRAC");
+#endif
#ifdef HAVE_LIBWRAP
snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
"; TCP Wrappers");
diff -Ppru cyrus-imapd-2.4.17.orig/lib/imapoptions cyrus-imapd-2.4.17/lib/imapoptions
--- cyrus-imapd-2.4.17.orig/lib/imapoptions 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/lib/imapoptions 2014-01-27 14:44:48.881365112 +0100
@@ -315,6 +315,14 @@ Blank lines and lines beginning with ``#
server if the currently selected mailbox is (re)moved by another
session. Otherwise, the missing mailbox is treated as empty while
in use by the client.*/
+
+{ "dracinterval", 5, INT }
+/* If nonzero, enables the use of DRAC (Dynamic Relay Authorization
+ Control) by the pop3d and imapd daemons. Also sets the interval
+ (in minutes) between re-authorization requests made by imapd. */
+
+{ "drachost", "localhost", STRING }
+/* Hostname of the RPC dracd server. */
{ "duplicate_db", "skiplist", STRINGLIST("berkeley", "berkeley-nosync", "berkeley-hash", "berkeley-hash-nosync", "skiplist", "sql")}
/* The cyrusdb backend to use for the duplicate delivery suppression
++++++ cyrus-imapd-2.4.17_lmtp_catchall_mailbox.patch ++++++
From b805f266514035b6e8d63eda4ec4bf44065485cd Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp
Date: Wed, 12 Jan 2011 10:28:51 +0100
Subject: [PATCH] New option "lmtp_catchall_mailbox"
This patch introduces the new option "lmtp_catchall_mailbox". Lmtpd will
drop mail to non-existing mailboxes into this mailbox. NOTE: This must be
an existing local mailbox name. NOT an email address!
(Bug#2360)
diff -Ppru cyrus-imapd-2.4.17.orig/imap/lmtpengine.c cyrus-imapd-2.4.17/imap/lmtpengine.c
--- cyrus-imapd-2.4.17.orig/imap/lmtpengine.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/lmtpengine.c 2014-01-27 14:05:38.800788668 +0100
@@ -912,11 +912,27 @@ static int process_recipient(char *addr,
r = verify_user(ret->user, ret->domain, ret->mailbox,
(quota_t) (ignorequota ? -1 : msg->size), msg->authstate);
if (r) {
- /* we lost */
- free(ret->all);
- free(ret->rcpt);
- free(ret);
- return r;
+ char *catchall = NULL;
+ if (r == IMAP_MAILBOX_NONEXISTENT) {
+ catchall = config_getstring(IMAPOPT_LMTP_CATCHALL_MAILBOX);
+ if (catchall) {
+ if (!verify_user(catchall, NULL, NULL,
+ ignorequota ? -1 : msg->size,
+ msg->authstate)) {
+ ret->user = xstrdup(catchall);
+ } else {
+ catchall = NULL;
+ }
+ }
+ }
+
+ if (catchall == NULL ) {
+ /* we lost */
+ free(ret->all);
+ free(ret->rcpt);
+ free(ret);
+ return r;
+ }
}
ret->ignorequota = ignorequota;
diff -Ppru cyrus-imapd-2.4.17.orig/lib/imapoptions cyrus-imapd-2.4.17/lib/imapoptions
--- cyrus-imapd-2.4.17.orig/lib/imapoptions 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/lib/imapoptions 2014-01-27 14:04:11.256217363 +0100
@@ -604,6 +604,10 @@ Blank lines and lines beginning with ``#
ldap_use_sasl are enabled, ldap_version will be automatically
set to 3. */
+{ "lmtp_catchall_mailbox", NULL, STRING }
+/* Send mail to mailboxes, which do not exists, to this user. NOTE: This must
+ be an existing local mailbox name. NOT an email address! */
+
{ "lmtp_downcase_rcpt", 0, SWITCH }
/* If enabled, lmtpd will convert the recipient addresses to lowercase
(up to a '+' character, if present). */
++++++ cyrus-imapd-2.4.17_openslp.patch ++++++
diff -Ppru cyrus-imapd-2.4.17.orig/configure.in cyrus-imapd-2.4.17/configure.in
--- cyrus-imapd-2.4.17.orig/configure.in 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/configure.in 2014-01-25 13:35:37.326786213 +0100
@@ -1242,6 +1242,19 @@ DRACLIBS="-ldrac")
fi)
AC_SUBST(DRACLIBS)
+dnl
+dnl Test for OpenSLP
+dnl
+SLPLIBS=
+AC_ARG_WITH(openslp, [ --with-openslp=DIR use OpenSLP library in <DIR> [no] ],
+ if test -d "$withval"; then
+ LDFLAGS="$LDFLAGS -L${withval}"
+ AC_CHECK_LIB(slp, SLPOpen,
+ AC_DEFINE(USE_SLP,[],[Compile with OpenSLP?])
+ SLPLIBS="-lslp")
+ fi)
+AC_SUBST(SLPLIBS)
+
CMU_LIBWRAP
CMU_UCDSNMP
diff -Ppru cyrus-imapd-2.4.17.orig/master/Makefile.in cyrus-imapd-2.4.17/master/Makefile.in
--- cyrus-imapd-2.4.17.orig/master/Makefile.in 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/master/Makefile.in 2014-01-25 13:36:16.326368670 +0100
@@ -58,7 +58,7 @@ DEPLIBS = @DEPLIBS@
CFLAGS = @CFLAGS@
LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@
-LIBS = ../lib/libcyrus_min.a @LIB_UCDSNMP@ @LIBS@ @COM_ERR_LIBS@
+LIBS = ../lib/libcyrus_min.a @LIB_UCDSNMP@ @LIBS@ @COM_ERR_LIBS@ @SLPLIBS@
SHELL = /bin/sh
MAKEDEPEND = @MAKEDEPEND@
diff -Ppru cyrus-imapd-2.4.17.orig/master/master.c cyrus-imapd-2.4.17/master/master.c
--- cyrus-imapd-2.4.17.orig/master/master.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/master/master.c 2014-01-25 14:35:29.896103172 +0100
@@ -110,6 +110,10 @@
int deny_severity = LOG_ERR;
#endif
+#ifdef USE_SLP
+#include
+#endif
+
#include "masterconf.h"
#include "master.h"
@@ -119,6 +123,16 @@
#include "util.h"
#include "xmalloc.h"
+#ifdef USE_SLP
+#define URL_MAX 1024
+SLPHandle phslp;
+struct slpurl {
+ char srvurl[URL_MAX];
+ struct slpurl *next;
+};
+struct slpurl *start = NULL;
+#endif
+
enum {
become_cyrus_early = 1,
child_table_size = 10000,
@@ -183,10 +197,41 @@ static struct timeval janitor_mark; /* L
void limit_fds(rlim_t);
void schedule_event(struct event *a);
+#ifdef USE_SLP
+void SLPRegReportCB(SLPHandle hslp, SLPError errcode, void* cookie)
+{
+ /* return the error code in the cookie */
+ *(SLPError*)cookie = errcode;
+
+ /* You could do something else here like print out */
+ /* the errcode, etc. Remember, as a general rule, */
+ /* do not try to do too much in a callback because */
+ /* it is being executed by the same thread that is */
+ /* reading slp packets from the wire. */
+}
+
+void SLPshutdown(void)
+{
+ struct slpurl *ttmp,*tmp = start;
+ SLPError callbackerr;
+ while( tmp ) {
+ syslog(LOG_INFO,"SLPderegister [%s]",tmp->srvurl);
+ SLPDereg(phslp, tmp->srvurl, SLPRegReportCB, &callbackerr);
+ ttmp = tmp;
+ tmp = tmp->next;
+ free(ttmp);
+ }
+ SLPClose(&phslp);
+}
+#endif
+
void fatal(const char *msg, int code)
{
syslog(LOG_CRIT, "%s", msg);
syslog(LOG_NOTICE, "exiting");
+#ifdef USE_SLP
+ SLPshutdown();
+#endif
exit(code);
}
@@ -477,7 +522,89 @@ void service_create(struct service *s)
s->socket = 0;
continue;
}
-
+
+#ifdef USE_SLP
+ if ((!strcmp(s->proto, "tcp")) && s->listen[0] != '/' ) {
+ SLPError err;
+ SLPError callbackerr;
+ char *listen, *service;
+ char *listen_addr;
+ int port;
+ char hname[URL_MAX];
+ char dname[URL_MAX];
+ char turl[URL_MAX];
+ struct slpurl *u;
+ char registered = 0;
+
+ /* parse_listen() and resolve_host() are destructive,
+ * so make a work copy of s->listen
+ */
+ listen = xstrdup(s->listen);
+
+ if ((service = parse_listen(listen)) == NULL) {
+ /* listen IS the port */
+ service = listen;
+ listen_addr = NULL;
+ } else {
+ /* s->listen is now just the address */
+ listen_addr = parse_host(listen);
+ if (*listen_addr == '\0')
+ listen_addr = NULL;
+ }
+ port = ntohs(((struct sockaddr_in *)(res)->ai_addr)->sin_port);
+ gethostname(hname,URL_MAX);
+ getdomainname(dname,URL_MAX);
+
+ snprintf(turl,URL_MAX,"service:%s://%s.%s:%d",
+ service,
+ hname, dname,
+ port);
+
+ /* check, whether we already registered the service */
+ u = start;
+ while( u ) {
+ if( ! strcmp(u->srvurl,turl) ) registered = 1;
+ u = u->next;
+ }
+
+ if( ! registered ) {
+ u = (struct slpurl *)calloc(1,sizeof(struct slpurl));
+ if( ! u )
+ fatal("out of memory", EX_UNAVAILABLE);
+
+ strncpy(u->srvurl,turl,URL_MAX);
+
+ if( start == NULL ) {
+ start = u;
+ } else {
+ struct slpurl *tmp = start;
+ while( tmp->next ) tmp = tmp->next;
+ tmp->next = u;
+ }
+ syslog(LOG_INFO,"SLPRegister [%s]",u->srvurl);
+
+ err = SLPReg(phslp,
+ u->srvurl,
+ SLP_LIFETIME_MAXIMUM,
+ 0,
+ "",
+ SLP_TRUE,
+ SLPRegReportCB,
+ &callbackerr );
+
+ if(( err != SLP_OK) || (callbackerr != SLP_OK))
+ {
+ syslog(LOG_ERR,"Error registering service with slp %i",err);
+ }
+
+ if( callbackerr != SLP_OK)
+ {
+ syslog(LOG_ERR,"Error registering service with slp %i",callbackerr);
+ }
+ }
+ }
+#endif
+
s->ready_workers = 0;
s->associate = nsocket;
s->family = res->ai_family;
@@ -1051,7 +1178,9 @@ void sigterm_handler(int sig __attribute
/* tell master agent we're exiting */
snmp_shutdown("cyrusMaster");
#endif
-
+#ifdef USE_SLP
+ SLPshutdown();
+#endif
syslog(LOG_INFO, "exiting on SIGTERM/SIGINT");
exit(0);
}
@@ -1986,6 +2115,15 @@ int main(int argc, char **argv)
syslog(LOG_NOTICE, "process started");
+#ifdef USE_SLP
+ {
+ int slperr;
+ if ( (slperr = SLPOpen(NULL, SLP_FALSE, &phslp)) != SLP_OK ) {
+ syslog(LOG_ERR, "SLPOpen() failed, return code: %d", slperr);
+ }
+ }
+#endif
+
#if defined(HAVE_UCDSNMP) || defined(HAVE_NETSNMP)
/* initialize SNMP agent */
++++++ cyrus-imapd-2.4.17_pie.patch ++++++
Index: cyrus-imapd-2.3.17/configure.in
===================================================================
--- cyrus-imapd-2.3.17.orig/configure.in
+++ cyrus-imapd-2.3.17/configure.in
@@ -1257,6 +1257,27 @@ AC_SUBST(PERL_SUBDIRS)
AC_SUBST(PERL_DEPSUBDIRS)
AC_SUBST(PERL)
+AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl
+ cat > conftest.c <&AS_MESSAGE_LOG_FD])
+ then
+ libc_cv_fpie=yes
+ PIE_CFLAGS="-fPIE"
+ PIE_LDFLAGS="-pie"
+ else
+ libc_cv_fpie=no
+ PIE_CFLAGS=""
+ PIE_LDFLAGS=""
+ fi
+ rm -f conftest*])
+AC_SUBST(libc_cv_fpie)
+AC_SUBST(PIE_CFLAGS)
+AC_SUBST(PIE_LDFLAGS)
+
AH_TOP([
/*
* Copyright (c) 1994-2008 Carnegie Mellon University. All rights reserved.
Index: cyrus-imapd-2.3.17/imap/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/imap/Makefile.in
+++ cyrus-imapd-2.3.17/imap/Makefile.in
@@ -70,8 +70,8 @@ DRAC_LIBS = @DRACLIBS@
LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS)
DEPLIBS = $(SIEVE_LIBS) ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@
+CFLAGS = @CFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@ @PIE_LDFLAGS@
SHELL = /bin/sh
MAKEDEPEND = @MAKEDEPEND@
Index: cyrus-imapd-2.3.17/lib/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/lib/Makefile.in
+++ cyrus-imapd-2.3.17/lib/Makefile.in
@@ -63,8 +63,8 @@ CPPFLAGS = -I.. @CPPFLAGS@ @COM_ERR_CPPF
LIBS = @LIBS@
MAKEDEPEND_CFLAGS = @CFLAGS@
-CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@
-LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ -fPIC
+LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@
SHELL = /bin/sh
MAKEDEPEND = @MAKEDEPEND@
Index: cyrus-imapd-2.3.17/master/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/master/Makefile.in
+++ cyrus-imapd-2.3.17/master/Makefile.in
@@ -56,8 +56,8 @@ DEFS = @DEFS@ @LOCALDEFS@
CPPFLAGS = -I.. -I$(srcdir)/../lib -I$(srcdir)/../imap @CPPFLAGS@ @COM_ERR_CPPFLAGS@
DEPLIBS = @DEPLIBS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@
+CFLAGS = @CFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@ @PIE_LDFLAGS@
LIBS = ../lib/libcyrus_min.a @LIB_UCDSNMP@ @LIBS@ @COM_ERR_LIBS@ @SLPLIBS@
SHELL = /bin/sh
Index: cyrus-imapd-2.3.17/netnews/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/netnews/Makefile.in
+++ cyrus-imapd-2.3.17/netnews/Makefile.in
@@ -55,8 +55,8 @@ CPPFLAGS = -I.. -I$(srcdir) -I$(srcdir)/
LIBS = @IMAP_LIBS@ @LIB_RT@
DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@
SHELL = /bin/sh
MAKEDEPEND = @MAKEDEPEND@
Index: cyrus-imapd-2.3.17/notifyd/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/notifyd/Makefile.in
+++ cyrus-imapd-2.3.17/notifyd/Makefile.in
@@ -56,8 +56,8 @@ CYRUS_GROUP=@cyrus_group@
DEFS = @DEFS@ @LOCALDEFS@
CPPFLAGS = -I.. -I$(srcdir)/../sieve -I$(srcdir)/../imap -I$(srcdir)/../lib @COM_ERR_CPPFLAGS@ @CPPFLAGS@ @SASLFLAGS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@
prefix = @prefix@
exec_prefix = @exec_prefix@
Index: cyrus-imapd-2.3.17/perl/sieve/lib/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/perl/sieve/lib/Makefile.in
+++ cyrus-imapd-2.3.17/perl/sieve/lib/Makefile.in
@@ -58,7 +58,7 @@ IMAP_LIBS = @IMAP_LIBS@
DEPLIBS = ../../../lib/libcyrus.a ../../../lib/libcyrus_min.a @DEPLIBS@
MAKEDEPEND_CFLAGS = @CFLAGS@
-CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@
+CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ -fPIC
LDFLAGS = @LDFLAGS@
SHELL = /bin/sh
Index: cyrus-imapd-2.3.17/sieve/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/sieve/Makefile.in
+++ cyrus-imapd-2.3.17/sieve/Makefile.in
@@ -60,8 +60,8 @@ COMPILE_ET = @COMPILE_ET@
DEFS = @DEFS@ @LOCALDEFS@
CPPFLAGS = -I.. -I$(srcdir)/../lib @COM_ERR_CPPFLAGS@ @CPPFLAGS@ @SASLFLAGS@
MAKEDEPEND_CFLAGS = @CFLAGS@
-CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@
-LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@
MAKEDEPEND = @MAKEDEPEND@
Index: cyrus-imapd-2.3.17/syslog/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/syslog/Makefile.in
+++ cyrus-imapd-2.3.17/syslog/Makefile.in
@@ -55,8 +55,8 @@ DEFS = @DEFS@
CPPFLAGS = @CPPFLAGS@
LIBS = @LIBS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@
SHELL = /bin/sh
MAKEDEPEND = @MAKEDEPEND@
Index: cyrus-imapd-2.3.17/timsieved/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/timsieved/Makefile.in
+++ cyrus-imapd-2.3.17/timsieved/Makefile.in
@@ -56,8 +56,8 @@ CYRUS_GROUP=@cyrus_group@
DEFS = @DEFS@ @LOCALDEFS@
CPPFLAGS = -I.. -I$(srcdir)/../sieve -I$(srcdir)/../imap -I$(srcdir)/../lib @COM_ERR_CPPFLAGS@ @CPPFLAGS@ @SASLFLAGS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@
prefix = @prefix@
exec_prefix = @exec_prefix@
Index: cyrus-imapd-2.3.17/com_err/et/Makefile.in
===================================================================
--- cyrus-imapd-2.3.17.orig/com_err/et/Makefile.in
+++ cyrus-imapd-2.3.17/com_err/et/Makefile.in
@@ -58,8 +58,8 @@ DEFS = @DEFS@
CPPFLAGS = @CPPFLAGS@
LIBS = @LIBS@
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@ @PIE_CFLAGS@
+LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@
SHELL = /bin/sh
++++++ cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch ++++++
diff --git a/lib/imapoptions b/lib/imapoptions
index 464de37..98e0341 100644
--- a/lib/imapoptions
+++ b/lib/imapoptions
@@ -483,6 +483,9 @@ Blank lines and lines beginning with ``#'' are ignored.
{ "ldap_mech", NULL, STRING }
/* SASL mechanism for LDAP authentication */
+{ "ldap_user_attribute", NULL, STRING }
+/* Specify LDAP attribute to use as canonical user id */
+
{ "ldap_member_attribute", NULL, STRING }
/* See ldap_member_method. */
diff --git a/ptclient/ldap.c b/ptclient/ldap.c
index 7bd8664..b3507d1 100644
--- a/ptclient/ldap.c
+++ b/ptclient/ldap.c
@@ -158,6 +158,7 @@ typedef struct _ptsm {
const char *tls_cert;
const char *tls_key;
int member_method;
+ const char *user_attribute;
const char *member_attribute;
const char *member_filter;
const char *member_base;
@@ -508,6 +509,8 @@ static void myinit(void)
ptsm->member_base = config_getstring(IMAPOPT_LDAP_MEMBER_BASE);
ptsm->member_attribute = (config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) ?
config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE));
+ ptsm->user_attribute = (config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) ?
+ config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE));
p = config_getstring(IMAPOPT_LDAP_GROUP_SCOPE);
if (!strcasecmp(p, "one")) {
ptsm->group_scope = LDAP_SCOPE_ONELEVEL;
@@ -790,7 +793,7 @@ static int ptsmodule_get_dn(
char *authzid;
#endif
char *base = NULL, *filter = NULL;
- char *attrs[] = {NULL};
+ char *attrs[] = {LDAP_NO_ATTRS,NULL}; //do not return all attrs!
LDAPMessage *res;
LDAPMessage *entry;
char *attr, **vals;
@@ -887,8 +890,9 @@ static int ptsmodule_make_authstate_attribute(
LDAPMessage *res = NULL;
LDAPMessage *entry = NULL;
char **vals = NULL;
+ char **rdn = NULL;
int rc;
- char *attrs[] = {(char *)ptsm->member_attribute,NULL};
+ char *attrs[] = {(char *)ptsm->member_attribute,(char *)ptsm->user_attribute,NULL};
rc = ptsmodule_connect();
if (rc != PTSM_OK) {
@@ -915,37 +919,69 @@ static int ptsmodule_make_authstate_attribute(
}
if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
- int i, numvals;
-
- vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
- if (vals != NULL) {
- numvals = ldap_count_values( vals );
-
- *dsize = sizeof(struct auth_state) +
- (numvals * sizeof(struct auth_ident));
- *newstate = xmalloc(*dsize);
- if (*newstate == NULL) {
- *reply = "no memory";
- rc = PTSM_FAIL;
- goto done;
- }
- (*newstate)->ngroups = numvals;
-
- for (i = 0; i < numvals; i++) {
- int j;
- strcpy((*newstate)->groups[i].id, "group:");
- for(j =0; j < strlen(vals[i]); j++) {
- if(Uisupper(vals[i][j]))
- vals[i][j]=tolower(vals[i][j]);
- }
- strlcat((*newstate)->groups[i].id, vals[i],
- sizeof((*newstate)->groups[i].id));
- (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
- }
-
- ldap_value_free(vals);
- vals = NULL;
- }
+ int i, numvals;
+
+ vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute);
+ if (vals != NULL) {
+ numvals = ldap_count_values( vals );
+
+ *dsize = sizeof(struct auth_state) +
+ (numvals * sizeof(struct auth_ident));
+ *newstate = xmalloc(*dsize);
+ if (*newstate == NULL) {
+ *reply = "no memory";
+ rc = PTSM_FAIL;
+ goto done;
+ }
+
+ (*newstate)->ngroups = numvals;
+ (*newstate)->userid.id[0] = '\0';
+ for (i = 0; i < numvals; i++) {
+ int j;
+ strcpy((*newstate)->groups[i].id, "group:");
+ rdn = ldap_explode_rdn(vals[i],1);
+ for (j = 0; j < strlen(rdn[0]); j++) {
+ if (Uisupper(rdn[0][j]))
+ rdn[0][j]=tolower(rdn[0][j]);
+ }
+ strlcat((*newstate)->groups[i].id, rdn[0],
+ sizeof((*newstate)->groups[i].id));
+ (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id);
+ }
+
+ ldap_value_free(rdn);
+ ldap_value_free(vals);
+ vals = NULL;
+ }
+
+ if ((char *)ptsm->user_attribute) {
+ vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->user_attribute);
+ if (vals != NULL) {
+ numvals = ldap_count_values( vals );
+
+ if (numvals==1) {
+ if(!*newstate) {
+ *dsize = sizeof(struct auth_state);
+ *newstate = xmalloc(*dsize);
+
+ if (*newstate == NULL) {
+ *reply = "no memory";
+ rc = PTSM_FAIL;
+ goto done;
+ }
+
+ (*newstate)->ngroups = 0;
+ }
+
+ size=strlen(vals[0]);
+ strcpy((*newstate)->userid.id, ptsmodule_canonifyid(vals[0],size));
+ (*newstate)->userid.hash = strhash((*newstate)->userid.id);
+ }
+
+ ldap_value_free(vals);
+ vals = NULL;
+ }
+ }
}
if(!*newstate) {
@@ -957,11 +993,14 @@ static int ptsmodule_make_authstate_attribute(
goto done;
}
(*newstate)->ngroups = 0;
+ (*newstate)->userid.id[0] = '\0';
}
-
+
/* fill in the rest of our new state structure */
- strcpy((*newstate)->userid.id, canon_id);
- (*newstate)->userid.hash = strhash(canon_id);
+ if ((*newstate)->userid.id[0]=='\0') {
+ strcpy((*newstate)->userid.id, canon_id);
+ (*newstate)->userid.hash = strhash(canon_id);
+ }
(*newstate)->mark = time(0);
rc = PTSM_OK;
++++++ cyrus-imapd-2.4.17_tls-session-leak.patch ++++++
From 2e106f14d21d19241830a881f888732d7d417ca9 Mon Sep 17 00:00:00 2001
From: Ken Murchison
Date: Mon, 27 Jan 2014 23:24:34 +0000
Subject: tls.c: don't setup external session cache until all other config/init is done on server context
---
diff --git a/imap/tls.c b/imap/tls.c
index 15ee656..6db4a2f 100644
--- a/imap/tls.c
+++ b/imap/tls.c
@@ -669,53 +669,6 @@ int tls_init_serverengine(const char *ident,
SSL_CTX_set_options(s_ctx, off);
SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback);
- /* Don't use an internal session cache */
- SSL_CTX_sess_set_cache_size(s_ctx, 1); /* 0 is unlimited, so use 1 */
- SSL_CTX_set_session_cache_mode(s_ctx, SSL_SESS_CACHE_SERVER |
- SSL_SESS_CACHE_NO_AUTO_CLEAR |
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP);
-
- /* Get the session timeout from the config file (in minutes) */
- timeout = config_getint(IMAPOPT_TLS_SESSION_TIMEOUT);
- if (timeout < 0) timeout = 0;
- if (timeout > 1440) timeout = 1440; /* 24 hours max */
-
- /* A timeout of zero disables session caching */
- if (timeout) {
- const char *fname = NULL;
- char *tofree = NULL;
- int r;
-
- /* Set the context for session reuse -- use the service ident */
- SSL_CTX_set_session_id_context(s_ctx, (void*) ident, strlen(ident));
-
- /* Set the timeout for the internal/external cache (in seconds) */
- SSL_CTX_set_timeout(s_ctx, timeout*60);
-
- /* Set the callback functions for the external session cache */
- SSL_CTX_sess_set_new_cb(s_ctx, new_session_cb);
- SSL_CTX_sess_set_remove_cb(s_ctx, remove_session_cb);
- SSL_CTX_sess_set_get_cb(s_ctx, get_session_cb);
-
- fname = config_getstring(IMAPOPT_TLSCACHE_DB_PATH);
-
- /* create the name of the db file */
- if (!fname) {
- tofree = strconcat(config_dir, FNAME_TLSSESSIONS, (char *)NULL);
- fname = tofree;
- }
-
- r = (DB->open)(fname, CYRUSDB_CREATE, &sessdb);
- if (r != 0) {
- syslog(LOG_ERR, "DBERROR: opening %s: %s",
- fname, cyrusdb_strerror(ret));
- }
- else
- sess_dbopen = 1;
-
- free(tofree);
- }
-
cipher_list = config_getstring(IMAPOPT_TLS_CIPHER_LIST);
if (!SSL_CTX_set_cipher_list(s_ctx, cipher_list)) {
syslog(LOG_ERR,"TLS server engine: cannot load cipher list '%s'",
@@ -767,6 +720,53 @@ int tls_init_serverengine(const char *ident,
}
}
+ /* Don't use an internal session cache */
+ SSL_CTX_sess_set_cache_size(s_ctx, 1); /* 0 is unlimited, so use 1 */
+ SSL_CTX_set_session_cache_mode(s_ctx, SSL_SESS_CACHE_SERVER |
+ SSL_SESS_CACHE_NO_AUTO_CLEAR |
+ SSL_SESS_CACHE_NO_INTERNAL_LOOKUP);
+
+ /* Get the session timeout from the config file (in minutes) */
+ timeout = config_getint(IMAPOPT_TLS_SESSION_TIMEOUT);
+ if (timeout < 0) timeout = 0;
+ if (timeout > 1440) timeout = 1440; /* 24 hours max */
+
+ /* A timeout of zero disables session caching */
+ if (timeout) {
+ const char *fname = NULL;
+ char *tofree = NULL;
+ int r;
+
+ /* Set the context for session reuse -- use the service ident */
+ SSL_CTX_set_session_id_context(s_ctx, (void*) ident, strlen(ident));
+
+ /* Set the timeout for the internal/external cache (in seconds) */
+ SSL_CTX_set_timeout(s_ctx, timeout*60);
+
+ /* Set the callback functions for the external session cache */
+ SSL_CTX_sess_set_new_cb(s_ctx, new_session_cb);
+ SSL_CTX_sess_set_remove_cb(s_ctx, remove_session_cb);
+ SSL_CTX_sess_set_get_cb(s_ctx, get_session_cb);
+
+ fname = config_getstring(IMAPOPT_TLSCACHE_DB_PATH);
+
+ /* create the name of the db file */
+ if (!fname) {
+ tofree = strconcat(config_dir, FNAME_TLSSESSIONS, (char *)NULL);
+ fname = tofree;
+ }
+
+ r = (DB->open)(fname, CYRUSDB_CREATE, &sessdb);
+ if (r != 0) {
+ syslog(LOG_ERR, "DBERROR: opening %s: %s",
+ fname, cyrusdb_strerror(ret));
+ }
+ else
+ sess_dbopen = 1;
+
+ free(tofree);
+ }
+
tls_serverengine = 1;
return (0);
}
--
cgit v0.9.2
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org