--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package cyrus-imapd-2.4/2.4.17+nocaldav-1
- From: Ondřej Surý <ondrej@debian.org>
- Date: Mon, 19 Oct 2015 17:12:52 +0200
- Message-id: <20151019151252.55968.18447.reportbug@lettie.labs.nic.cz>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi release team,
there's a RC bug in 2.4.17+caldav~beta10 upstream package that
prevents the replication from working (#799724). Unfortunately the
bug is caused by caldav module and the code is quite complex and
upstream author doesn't have a time to debug the issue, so we might be
forced to drop the *experimental* caldav support (and drop the
cyrus-caldav package along the way).
I would also recommend disabling SSLv3 and TLS compression in the same
update as it's really unsafe to use them nowadays.
Rough proposed patch generated from git is attached.
Also there seems to be a security issue fixed in 2.4.18, so I might be
updating the cyrus-imapd-2.4 package via security, so I might bundle
this update together, but it will need the release team ack.
Cheers,
Ondrej
- -- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.19.0-18-generic (SMP w/24 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJWJQh0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHlKUQALm+MWMEe9KC+D3HvBRcupSJ
xp8JL0brZNrB5C/1PK/IA1F9DEXP2zsdd9NbawdoggTcXeojhcZA9w6HG0LbwB5S
14H8m5qJfPdTdnvN8olYBu9plLyKSwPsD/8KgDL+tVkVJUE9RKBHtlMWeQuphWOG
83EQHLtRh9WbgwCRCoYSyoZygm/hbfl1tVH3u77s3LrtnBYtXqoWHlxTEpaP3zNZ
cmKIrDIJRiTxVzr3CB6/6Y84zMFc7RWy1GsAvQlmnKa/png+OhNfEJLohOqUedBS
FdV0yyvgvgsOLLu2vMQFabMtTpEba+yhWIgskxb/Mkp1Sld/RNlwzvIbS0h6HnBm
a/pzkxMmqX+nFCvIZ4r3P16wKzvrhuWrWDd9e3wiBuB1LUp/WjRFb5YOa56LDAB9
Bwek+KQEOndt1i4BiYNUYxzQYBA6XwhdM+RFSApGA+Z3igL7YuHqZHGKRLOfxz6j
7mMuEfRv6snT2MzendRkeYN58JNIXiKRaDTn5Arzuh5nm/b+jBaw+ochOgWBhfbZ
Q3BmzWhv3fpdzWyOjtRfoZ1LuQ9El2ZrWX4RBipuFAz5F5g2qbpCf6pyE6oZYS4P
tQt6sw0gN/76Z+4ZXWzS/Mu5QiidWXbxUfvjrHmYITgYpuNGLG5PZO3aJnGe6isv
r+YXMBaqBVkIkzZb9ohS
=ub5P
-----END PGP SIGNATURE-----
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..665ee47
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,9 @@
+cyrus-imapd-2.4 (2.4.17+nocaldav-1) unstable; urgency=medium
+
+ * The experimental CalDAV support has been disabled due to the
+ regressions it caused in replication code.
+ * The SSLv2, SSLv3 and TLS Compression has been disabled as their
+ usage is unsecure and makes the cyrus-imapd vulnerable to known
+ attacks.
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 19 Oct 2015 17:08:00 +0200
diff --git a/debian/changelog b/debian/changelog
index 0b01412..5519f9e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+cyrus-imapd-2.4 (2.4.17+nocaldav-1) unstable; urgency=medium
+
+ * Update the gbp.conf
+ * Imported Upstream version 2.4.17+nocaldav
+ * Remove the experimental caldav support (Closes: #799724)
+ * Always disable SSLv3 and TLS compression
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 19 Oct 2015 15:49:48 +0200
+
cyrus-imapd-2.4 (2.4.17+caldav~beta10-18) unstable; urgency=medium
* Fix PIDFile location in sysvinit script (Closes: #778781)
diff --git a/debian/control b/debian/control
index 64816a5..57019bc 100644
--- a/debian/control
+++ b/debian/control
@@ -55,10 +55,9 @@ Depends: adduser,
${misc:Depends},
${perl:Depends},
${shlibs:Depends}
-Recommends: cyrus-imapd | cyrus-pop3d | cyrus-murder | cyrus-nntpd | cyrus-admin | cyrus-caldav
+Recommends: cyrus-imapd | cyrus-pop3d | cyrus-murder | cyrus-nntpd | cyrus-admin
Suggests: apt-listchanges (>= 2.35),
cyrus-admin,
- cyrus-caldav,
cyrus-clients,
cyrus-doc,
cyrus-imapd,
@@ -77,7 +76,6 @@ Description: Cyrus mail system - common files
including support for:
- running the daemon without root privileges;
- POP3 and NNTP in addition to plain IMAP;
- - CalDAV and CardDAV;
- secure IMAP using SSL;
- server-side filtering with Sieve;
- mail users without login accounts;
@@ -111,7 +109,6 @@ Description: Cyrus mail system - documentation files
including support for:
- running the daemon without root privileges;
- POP3 and NNTP in addition to plain IMAP;
- - CalDAV and CardDAV;
- secure IMAP using SSL;
- server-side filtering with Sieve;
- mail users without login accounts;
@@ -143,7 +140,6 @@ Description: Cyrus mail system - IMAP support
including support for:
- running the daemon without root privileges;
- POP3 and NNTP in addition to plain IMAP;
- - CalDAV and CardDAV;
- secure IMAP using SSL;
- server-side filtering with Sieve;
- mail users without login accounts;
@@ -176,7 +172,6 @@ Description: Cyrus mail system - POP3 support
including support for:
- running the daemon without root privileges;
- POP3 and NNTP in addition to plain IMAP;
- - CalDAV and CardDAV;
- secure IMAP using SSL;
- server-side filtering with Sieve;
- mail users without login accounts;
@@ -270,22 +265,6 @@ Description: Cyrus mail system - NNTP support
.
For more information, please see the cyrus-common package.
-Package: cyrus-caldav
-Architecture: any
-Section: mail
-Pre-Depends: dpkg (>= 1.17.14~),
- ${misc:Pre-Depends}
-Depends: cyrus-common (= ${binary:Version}),
- ${misc:Depends},
- ${shlibs:Depends}
-Conflicts: cyrus-caldav-2.4 (<< 2.4.17+caldav~beta10-2~)
-Replaces: cyrus-caldav-2.4 (<< 2.4.17+caldav~beta10-2~)
-Description: Cyrus mail system - CalDAV and CardDAV support
- This package contains the CalDAV and CardDAV portion of the Cyrus
- IMAPd suite.
- .
- For more information, please see the cyrus-common package.
-
Package: cyrus-clients
Architecture: any
Section: mail
@@ -436,17 +415,6 @@ Depends: cyrus-nntpd (>= ${source:Version}~),
Description: Cyrus mail system - NNTP support [dummy package]
This package is empty transitional package and can be safely removed.
-Package: cyrus-caldav-2.4
-Architecture: all
-Section: oldlibs
-Priority: extra
-Pre-Depends: dpkg (>= 1.17.14~),
- ${misc:Pre-Depends}
-Depends: cyrus-caldav (>= ${source:Version}~),
- ${misc:Depends}
-Description: Cyrus mail system - CalDAV and CardDAV support [dummy package]
- This package is empty transitional package and can be safely removed.
-
Package: cyrus-clients-2.4
Architecture: all
Section: oldlibs
diff --git a/debian/cyrus-caldav-2.4.maintscript b/debian/cyrus-caldav-2.4.maintscript
deleted file mode 100644
index 1259d81..0000000
--- a/debian/cyrus-caldav-2.4.maintscript
+++ /dev/null
@@ -1,2 +0,0 @@
-symlink_to_dir /usr/share/doc/cyrus-caldav-2.4 cyrus-common 2.4.17+caldav~beta10-11~
-symlink_to_dir /usr/share/doc/cyrus-caldav-2.4 cyrus-common-2.4 2.4.17+caldav~beta10-11~
diff --git a/debian/cyrus-caldav.dirs b/debian/cyrus-caldav.dirs
deleted file mode 100644
index b69782c..0000000
--- a/debian/cyrus-caldav.dirs
+++ /dev/null
@@ -1 +0,0 @@
-usr/lib/cyrus
diff --git a/debian/cyrus-caldav.install b/debian/cyrus-caldav.install
deleted file mode 100644
index adaa6f1..0000000
--- a/debian/cyrus-caldav.install
+++ /dev/null
@@ -1,3 +0,0 @@
-usr/lib/cyrus/bin/dav_reconstruct
-usr/lib/cyrus/bin/httpd
-usr/share/man/man8/httpd.8
diff --git a/debian/cyrus-caldav.maintscript b/debian/cyrus-caldav.maintscript
deleted file mode 100644
index d600870..0000000
--- a/debian/cyrus-caldav.maintscript
+++ /dev/null
@@ -1,2 +0,0 @@
-symlink_to_dir /usr/share/doc/cyrus-caldav cyrus-common 2.4.17+caldav~beta10-11~
-symlink_to_dir /usr/share/doc/cyrus-caldav cyrus-common-2.4 2.4.17+caldav~beta10-11~
diff --git a/debian/gbp.conf b/debian/gbp.conf
index d563a75..ab295d0 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,7 +1,7 @@
[DEFAULT]
-debian-branch = master
+debian-branch = master-without-caldav
debian-tag = debian/%(version)s
-upstream-branch = upstream
+upstream-branch = upstream-without-caldav
upstream-tag = upstream/%(version)s
pristine-tar = True
diff --git a/debian/imapd.conf b/debian/imapd.conf
index 34817bb..a5d2981 100644
--- a/debian/imapd.conf
+++ b/debian/imapd.conf
@@ -106,13 +106,6 @@ sieveusehomedir: false
# If sieveusehomedir is false, this directory is searched for Sieve scripts.
sievedir: /var/spool/sieve
-# Space-separated list of HTTP modules that will be enabled in
-# httpd(8). This option has no effect on modules that are disabled at
-# compile time due to missing dependencies (e.g. libical).
-#
-# Allowed values: caldav, carddav, domainkey, ischedule, rss
-httpmodules: caldav carddav
-
# notifyd(8) method to use for "MAIL" notifications. If not set, "MAIL"
# notifications are disabled. Valid methods are: null, log, zephyr
#mailnotifier: zephyr
diff --git a/debian/patches/01-fix_Makefile.in.dpatch b/debian/patches/01-fix_Makefile.in.dpatch
index dc6ccf7..340e63b 100644
--- a/debian/patches/01-fix_Makefile.in.dpatch
+++ b/debian/patches/01-fix_Makefile.in.dpatch
@@ -18,7 +18,7 @@
srcdir = @srcdir@
--- cyrus-imapd-2.4.orig/imap/Makefile.in
+++ cyrus-imapd-2.4/imap/Makefile.in
-@@ -78,8 +78,8 @@ LIB_WRAP = @LIB_WRAP@
+@@ -68,8 +68,8 @@ LIB_WRAP = @LIB_WRAP@
LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS)
DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
diff --git a/debian/patches/03-fix_docs.dpatch b/debian/patches/03-fix_docs.dpatch
index 3b24069..b8a1fdb 100644
--- a/debian/patches/03-fix_docs.dpatch
+++ b/debian/patches/03-fix_docs.dpatch
@@ -31,7 +31,7 @@ _# 03-fix_docs.dpatch by Sven Mueller <debian@incase.de>
--- cyrus-imapd-2.4.orig/lib/imapoptions
+++ cyrus-imapd-2.4/lib/imapoptions
-@@ -307,7 +307,11 @@ Blank lines and lines beginning with ``#
+@@ -270,7 +270,11 @@ Blank lines and lines beginning with ``#
mailbox that does not have a parent mailbox. */
{ "defaultdomain", NULL, STRING }
@@ -44,7 +44,7 @@ _# 03-fix_docs.dpatch by Sven Mueller <debian@incase.de>
{ "defaultpartition", NULL, STRING }
/* The partition name used by default for new mailboxes. If not
-@@ -751,7 +755,10 @@ Blank lines and lines beginning with ``#
+@@ -638,7 +642,10 @@ Blank lines and lines beginning with ``#
/* The list of remote realms whose users may authenticate using cross-realm
authentication identifiers. Separate each realm name by a space. (A
cross-realm identity is considered any identity returned by SASL
diff --git a/debian/patches/05-fix_programnames.dpatch b/debian/patches/05-fix_programnames.dpatch
index 19cf695..edae3ee 100644
--- a/debian/patches/05-fix_programnames.dpatch
+++ b/debian/patches/05-fix_programnames.dpatch
@@ -30,7 +30,7 @@
--- cyrus-imapd-2.4.orig/imap/reconstruct.c
+++ cyrus-imapd-2.4/imap/reconstruct.c
-@@ -409,8 +409,8 @@ int main(int argc, char **argv)
+@@ -401,8 +401,8 @@ int main(int argc, char **argv)
void usage(void)
{
fprintf(stderr,
diff --git a/debian/patches/08-clean_socket_closes.dpatch b/debian/patches/08-clean_socket_closes.dpatch
index bbb0949..8302564 100644
--- a/debian/patches/08-clean_socket_closes.dpatch
+++ b/debian/patches/08-clean_socket_closes.dpatch
@@ -36,7 +36,7 @@ need similar patches.
--- cyrus-imapd-2.4.orig/imap/imapd.c
+++ cyrus-imapd-2.4/imap/imapd.c
-@@ -1078,6 +1078,10 @@ void shut_down(int code)
+@@ -1058,6 +1058,10 @@ void shut_down(int code)
#ifdef HAVE_SSL
tls_shutdown_serverengine();
#endif
@@ -49,7 +49,7 @@ need similar patches.
--- cyrus-imapd-2.4.orig/imap/lmtpd.c
+++ cyrus-imapd-2.4/imap/lmtpd.c
-@@ -990,6 +990,9 @@ void shut_down(int code)
+@@ -981,6 +981,9 @@ void shut_down(int code)
cyrus_done();
diff --git a/debian/patches/10-fix_potential_overflows.dpatch b/debian/patches/10-fix_potential_overflows.dpatch
index 701b8fd..eaede44 100644
--- a/debian/patches/10-fix_potential_overflows.dpatch
+++ b/debian/patches/10-fix_potential_overflows.dpatch
@@ -10,7 +10,7 @@
@DPATCH@
--- cyrus-imapd-2.4.orig/imtest/imtest.c
+++ cyrus-imapd-2.4/imtest/imtest.c
-@@ -1256,7 +1256,7 @@ static void interactive(struct protocol_
+@@ -1242,7 +1242,7 @@ static void interactive(struct protocol_
/* can't have this and a file for input */
sunsock.sun_family = AF_UNIX;
diff --git a/debian/patches/11-fix_syslog_prefix.dpatch b/debian/patches/11-fix_syslog_prefix.dpatch
index 37a10e1..e1d1de3 100644
--- a/debian/patches/11-fix_syslog_prefix.dpatch
+++ b/debian/patches/11-fix_syslog_prefix.dpatch
@@ -8,7 +8,7 @@
@DPATCH@
--- cyrus-imapd-2.4.orig/imap/global.c
+++ cyrus-imapd-2.4/imap/global.c
-@@ -111,6 +111,9 @@ int session_id_count = 0;
+@@ -110,6 +110,9 @@ int session_id_count = 0;
strarray_t *suppressed_capabilities = NULL;
@@ -18,7 +18,7 @@
/* Called before a cyrus application starts (but after command line parameters
* are read) */
int cyrus_init(const char *alt_config, const char *ident, unsigned flags)
-@@ -138,7 +141,9 @@ int cyrus_init(const char *alt_config, c
+@@ -137,7 +140,9 @@ int cyrus_init(const char *alt_config, c
/* xxx we lose here since we can't have the prefix until we load the
* config file */
diff --git a/debian/patches/12-fix_timeout_handling.dpatch b/debian/patches/12-fix_timeout_handling.dpatch
index b20599a..998a019 100644
--- a/debian/patches/12-fix_timeout_handling.dpatch
+++ b/debian/patches/12-fix_timeout_handling.dpatch
@@ -14,7 +14,7 @@ in Cyrus code?
--- cyrus-imapd-2.4.orig/configure.in
+++ cyrus-imapd-2.4/configure.in
-@@ -1592,7 +1592,11 @@ enum {
+@@ -1492,7 +1492,11 @@ enum {
SQUAT_ENGINE = 1,
/* should we have long LMTP error messages? */
diff --git a/debian/patches/13a-uid_t-cleanups b/debian/patches/13a-uid_t-cleanups
index 3d3c05c..18df53a 100644
--- a/debian/patches/13a-uid_t-cleanups
+++ b/debian/patches/13a-uid_t-cleanups
@@ -7,7 +7,7 @@ Use the proper types for UIDs and GIDs.
--- cyrus-imapd-2.4.orig/lib/util.c
+++ cyrus-imapd-2.4/lib/util.c
-@@ -387,9 +387,10 @@ int cyrus_mkdir(const char *path, mode_t
+@@ -383,9 +383,10 @@ int cyrus_mkdir(const char *path, mode_t
int become_cyrus(void)
{
struct passwd *p;
diff --git a/debian/patches/19-fix_tls_ssl.dpatch b/debian/patches/19-fix_tls_ssl.dpatch
index d306fe1..1dd8d81 100644
--- a/debian/patches/19-fix_tls_ssl.dpatch
+++ b/debian/patches/19-fix_tls_ssl.dpatch
@@ -16,7 +16,7 @@
{
char *str;
int w;
-@@ -705,7 +705,7 @@ int tls_init_serverengine(const char
+@@ -736,7 +736,7 @@ int tls_init_serverengine(const char
s_key_file = config_getstring(IMAPOPT_TLS_KEY_FILE);
if (!set_cert_stuff(s_ctx, s_cert_file, s_key_file)) {
@@ -25,7 +25,7 @@
return (-1);
}
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
-@@ -1259,7 +1259,7 @@ int tls_init_clientengine(int verifydept
+@@ -1238,7 +1238,7 @@ int tls_init_clientengine(int verifydept
if (c_cert_file || c_key_file) {
if (!set_cert_stuff(c_ctx, c_cert_file, c_key_file)) {
diff --git a/debian/patches/75-update-imapd.conf-documentation.dpatch b/debian/patches/75-update-imapd.conf-documentation.dpatch
index 3901e40..a7c0b20 100644
--- a/debian/patches/75-update-imapd.conf-documentation.dpatch
+++ b/debian/patches/75-update-imapd.conf-documentation.dpatch
@@ -23,7 +23,7 @@
*/
# OPTIONS
-@@ -149,7 +152,17 @@ are listed with ``<none>''.
+@@ -143,7 +146,17 @@ are listed with ``<none>''.
enabled when absolutely necessary. */
{ "allowplaintext", 0, SWITCH }
diff --git a/debian/patches/82-fix_manpage_errors.patch b/debian/patches/82-fix_manpage_errors.patch
index c74b4b5..2494134 100644
--- a/debian/patches/82-fix_manpage_errors.patch
+++ b/debian/patches/82-fix_manpage_errors.patch
@@ -1,6 +1,6 @@
--- cyrus-imapd-2.4.orig/lib/imapoptions
+++ cyrus-imapd-2.4/lib/imapoptions
-@@ -1058,12 +1058,13 @@ And the notification message will be ava
+@@ -945,12 +945,13 @@ And the notification message will be ava
in minutes. The minimum value is 10, the default. */
{ "popuseacl", 0, SWITCH }
diff --git a/debian/patches/TLS-configuration.patch b/debian/patches/TLS-configuration.patch
index 9ffe0a0..c1560b8 100644
--- a/debian/patches/TLS-configuration.patch
+++ b/debian/patches/TLS-configuration.patch
@@ -5,10 +5,6 @@ Subject: Enhance SSL/TLS configuration options
New settings:
- tls_compression: 0
-
- Enable TLS compression. Disabled by default.
-
tls_eccurve: prime256v1
Select the elliptic curve used for ECDHE.
@@ -17,7 +13,7 @@ New settings:
Prefer the cipher order configured on the server-side.
- tls_versions: ssl2 ssl3 tls1_0 tls1_1 tls1_2
+ tls_versions: tls1_0 tls1_1 tls1_2
Disable SSL/TLS protocols not in this list.
@@ -25,7 +21,7 @@ Bugzilla #3822, #3830, #3843, #3861.
---
--- cyrus-imapd-2.4.orig/imap/tls.c
+++ cyrus-imapd-2.4/imap/tls.c
-@@ -647,6 +647,7 @@ int tls_init_serverengine(const char
+@@ -631,6 +631,7 @@ int tls_init_serverengine(const char
const char *s_cert_file;
const char *s_key_file;
int requirecert;
@@ -33,34 +29,12 @@ Bugzilla #3822, #3830, #3843, #3861.
int timeout;
if (tls_serverengine)
-@@ -662,13 +663,6 @@ int tls_init_serverengine(const char
- return -1;
- }
-
--#if 0
-- if (tlsonly) {
-- s_ctx = SSL_CTX_new(TLSv1_server_method());
-- } else {
-- s_ctx = SSL_CTX_new(SSLv23_server_method());
-- }
--#endif
- /* even if we want TLS only, we use SSLv23 server method so we can
- deal with a client sending an SSLv2 greeting message */
-
-@@ -678,10 +672,39 @@ int tls_init_serverengine(const char
- };
-
- off |= SSL_OP_ALL; /* Work around all known bugs */
-- off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
-- if (tlsonly) {
-+ const char *tls_versions = config_getstring(IMAPOPT_TLS_VERSIONS);
+@@ -658,6 +659,32 @@ int tls_init_serverengine(const char
+ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
+ off |= SSL_OP_NO_SSLv3; /* Disable insecure SSLv3 */
+ off |= SSL_OP_NO_COMPRESSION; /* Disable TLS compression */
+
-+ if (strstr(tls_versions, "ssl2") == NULL || tlsonly) {
-+ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
-+ }
-+ if (strstr(tls_versions, "ssl3") == NULL || tlsonly) {
- off |= SSL_OP_NO_SSLv3;
- }
++ const char *tls_versions = config_getstring(IMAPOPT_TLS_VERSIONS);
+
+ if (strstr(tls_versions, "tls1_2") == NULL) {
+#if (OPENSSL_VERSION_NUMBER >= 0x1000105fL)
@@ -69,7 +43,6 @@ Bugzilla #3822, #3830, #3843, #3861.
+ syslog(LOG_ERR, "ERROR: TLSv1.2 configured, OpenSSL < 1.0.1e insufficient");
+#endif
+ }
-+
+ if (strstr(tls_versions, "tls1_1") == NULL) {
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
+ off |= SSL_OP_NO_TLSv1_1;
@@ -89,7 +62,7 @@ Bugzilla #3822, #3830, #3843, #3861.
SSL_CTX_set_options(s_ctx, off);
SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback);
-@@ -695,10 +718,15 @@ int tls_init_serverengine(const char
+@@ -718,10 +745,15 @@ int tls_init_serverengine(const char
CAfile = config_getstring(IMAPOPT_TLS_CA_FILE);
CApath = config_getstring(IMAPOPT_TLS_CA_PATH);
@@ -109,7 +82,7 @@ Bugzilla #3822, #3830, #3843, #3861.
}
s_cert_file = config_getstring(IMAPOPT_TLS_CERT_FILE);
-@@ -713,11 +741,27 @@ int tls_init_serverengine(const char
+@@ -736,11 +768,27 @@ int tls_init_serverengine(const char
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
/* Load DH params for DHE-* key exchanges */
SSL_CTX_set_tmp_dh(s_ctx, load_dh_param(s_key_file, s_cert_file));
@@ -139,7 +112,7 @@ Bugzilla #3822, #3830, #3843, #3861.
verify_flags |= SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
requirecert = config_getswitch(IMAPOPT_TLS_REQUIRE_CERT);
-@@ -734,7 +778,7 @@ int tls_init_serverengine(const char
+@@ -753,7 +801,7 @@ int tls_init_serverengine(const char
if (CAfile == NULL) {
syslog(LOG_ERR,
"TLS server engine: No CA file specified. "
@@ -148,7 +121,7 @@ Bugzilla #3822, #3830, #3843, #3861.
} else {
SSL_CTX_set_client_CA_list(s_ctx, SSL_load_client_CA_file(CAfile));
}
-@@ -1246,7 +1290,7 @@ int tls_init_clientengine(int verifydept
+@@ -1219,7 +1267,7 @@ int tls_init_clientengine(int verifydept
if ((!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
/* just a warning since this is only necessary for client auth */
@@ -159,13 +132,10 @@ Bugzilla #3822, #3830, #3843, #3861.
if (strlen(var_tls_cert_file) == 0)
--- cyrus-imapd-2.4.orig/lib/imapoptions
+++ cyrus-imapd-2.4/lib/imapoptions
-@@ -1515,10 +1515,20 @@ product version in the capabilities */
+@@ -1359,10 +1359,17 @@ product version in the capabilities */
/* The list of SSL/TLS ciphers to allow. The format of the string is
described in ciphers(1). */
-+{ "tls_compression", 0, SWITCH }
-+/* deactivate TLS compression by default */
-+
+{ "tls_eccurve", "prime256v1", STRING }
+/* The elliptic curve used for ECDHE. Default is NIST Suite B prime256.
+ See 'openssl ecparam -list_curves' for possible values. */
@@ -180,11 +150,11 @@ Bugzilla #3822, #3830, #3843, #3861.
{ "tls_require_cert", 0, SWITCH }
/* Require a client certificate for ALL services (imap, pop3, lmtp, sieve). */
-@@ -1527,6 +1537,12 @@ product version in the capabilities */
+@@ -1371,6 +1378,12 @@ product version in the capabilities */
for later reuse. The maximum value is 1440 (24 hours), the
default. A value of 0 will disable session caching. */
-+{ "tls_versions", "ssl2 ssl3 tls1_0 tls1_1 tls1_2", STRING }
++{ "tls_versions", "tls1_0 tls1_1 tls1_2", STRING }
+/* A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS starts
+ with all protocols, and substracts protocols not in this list. Newer
+ versions of SSL/TLS will need to be added here to allow them to get
diff --git a/debian/patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch b/debian/patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch
index e5cf6c9..115207d 100644
--- a/debian/patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch
+++ b/debian/patches/cyrus-imapd-2.4.2-903-normalize-authorization-id.patch
@@ -17,7 +17,7 @@ By normalize, it is intended that;
--- cyrus-imapd-2.4.orig/imap/global.c
+++ cyrus-imapd-2.4/imap/global.c
-@@ -227,6 +227,8 @@ int cyrus_init(const char *alt_config, c
+@@ -224,6 +224,8 @@ int cyrus_init(const char *alt_config, c
config_getswitch(IMAPOPT_UNIX_GROUP_ENABLE));
libcyrus_config_setswitch(CYRUSOPT_USERNAME_TOLOWER,
config_getswitch(IMAPOPT_USERNAME_TOLOWER));
@@ -66,9 +66,9 @@ By normalize, it is intended that;
--- cyrus-imapd-2.4.orig/lib/imapoptions
+++ cyrus-imapd-2.4/lib/imapoptions
-@@ -1592,6 +1592,11 @@ product version in the capabilities */
- /* The absolute path to the zoneinfo db file. If not specified,
- will be confdir/zoneinfo.db */
+@@ -1429,6 +1429,11 @@ product version in the capabilities */
+ the special use flag "\Drafts" added. Later versions of Cyrus
+ have a much more flexible RFC 6154 compatible system. */
+{ "normalizeuid", 0, SWITCH }
+/* Lowercase uid and strip leading and trailing blanks. It is recommended
diff --git a/debian/patches/cyrus-tls-1.2.patch b/debian/patches/cyrus-tls-1.2.patch
index 42ea631..a3ace4e 100644
--- a/debian/patches/cyrus-tls-1.2.patch
+++ b/debian/patches/cyrus-tls-1.2.patch
@@ -1,6 +1,6 @@
--- cyrus-imapd-2.4.orig/imtest/imtest.c
+++ cyrus-imapd-2.4/imtest/imtest.c
-@@ -507,15 +507,16 @@ static int tls_init_clientengine(int ver
+@@ -507,15 +507,18 @@ static int tls_init_clientengine(int ver
return IMTEST_FAIL;
}
@@ -11,7 +11,9 @@
};
off |= SSL_OP_ALL; /* Work around all known bugs */
-+ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_SSLv3; /* Disable insecure SSLv3 */
++ off |= SSL_OP_NO_COMPRESSION; /* Disable TLS compression */
SSL_CTX_set_options(tls_ctx, off);
SSL_CTX_set_info_callback(tls_ctx, (void (*)()) apps_ssl_info_callback);
-
@@ -21,20 +23,38 @@
else
--- cyrus-imapd-2.4.orig/imap/tls.c
+++ cyrus-imapd-2.4/imap/tls.c
-@@ -678,8 +678,8 @@ int tls_init_serverengine(const char
+@@ -646,13 +646,6 @@ int tls_init_serverengine(const char
+ return -1;
+ }
+
+-#if 0
+- if (tlsonly) {
+- s_ctx = SSL_CTX_new(TLSv1_server_method());
+- } else {
+- s_ctx = SSL_CTX_new(SSLv23_server_method());
+- }
+-#endif
+ /* even if we want TLS only, we use SSLv23 server method so we can
+ deal with a client sending an SSLv2 greeting message */
+
+@@ -662,10 +655,9 @@ int tls_init_serverengine(const char
};
off |= SSL_OP_ALL; /* Work around all known bugs */
-+ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
- if (tlsonly) {
+- if (tlsonly) {
- off |= SSL_OP_NO_SSLv2;
- off |= SSL_OP_NO_SSLv3;
- }
+- off |= SSL_OP_NO_SSLv3;
+- }
++ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_SSLv3; /* Disable insecure SSLv3 */
++ off |= SSL_OP_NO_COMPRESSION; /* Disable TLS compression */
SSL_CTX_set_options(s_ctx, off);
-@@ -1230,12 +1230,13 @@ int tls_init_clientengine(int verifydept
- }
+ SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback);
- /* XXX May need to use only SSLv3 for iSchedule */
+@@ -1209,12 +1201,15 @@ int tls_init_clientengine(int verifydept
+ return -1;
+ }
+
- c_ctx = SSL_CTX_new(TLSv1_client_method());
+ c_ctx = SSL_CTX_new(SSLv23_client_method());
if (c_ctx == NULL) {
@@ -42,13 +62,15 @@
};
off |= SSL_OP_ALL; /* Work around all known bugs */
-+ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_SSLv3; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_COMPRESSION; /* Disable TLS compression */
SSL_CTX_set_options(c_ctx, off);
SSL_CTX_set_info_callback(c_ctx, (void (*)()) apps_ssl_info_callback);
--- cyrus-imapd-2.4.orig/lib/imclient.c
+++ cyrus-imapd-2.4/lib/imclient.c
-@@ -1695,14 +1695,15 @@ static int tls_init_clientengine(struct
+@@ -1695,14 +1695,17 @@ static int tls_init_clientengine(struct
return -1;
}
@@ -59,7 +81,9 @@
};
off |= SSL_OP_ALL; /* Work around all known bugs */
-+ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_SSLv2; /* Disable insecure SSLv2 */
++ off |= SSL_OP_NO_SSLv3; /* Disable insecure SSLv3 */
++ off |= SSL_OP_NO_COMPRESSION; /* Disable TLS compression */
SSL_CTX_set_options(imclient->tls_ctx, off);
-
+
diff --git a/debian/patches/fix-caldav-virtdomain-users.patch b/debian/patches/fix-caldav-virtdomain-users.patch
deleted file mode 100644
index 1f7a3cc..0000000
--- a/debian/patches/fix-caldav-virtdomain-users.patch
+++ /dev/null
@@ -1,276 +0,0 @@
-Description: Fix CalDAV/CardDAV with Virtual Domains
- Fix CalDAV/CardDAV when user is in a virtual domain so that the virtual
- domain gets used in the mailbox name. This fixes CalDAV failing
- to create/open mailbox for calendars when user is not in default
- or only domain.
- There were three issues. The first was that if you specify a domain
- in the calendar URI it is converted as if it it were a mailbox name
- instead of cyrus domain part (e.g. with '.' separator '.' in domain
- is converted to '^') of mailbox name.
- This second was that in calendar lookups for scheduling the userid
- part of the mailbox name got the domain part truncated due to
- '@' being replaced by NUL (string terminator) in calendar lookup
- function (caladdress_lookup).
- The third was that in some cases mailboxname creation functions
- didn't use the standard functions and failed correctly created
- mailbox name when mailbox had a domain.
- .
-Author: Daniel Dickinson <debian@daniel.thecshore.com>
-
----
-The information above should follow the Patch Tagging Guidelines, please
-checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
-are templates for supplementary fields that you might want to add:
-
-Origin: <vendor|upstream|other>, <url of original patch>
-Bug: <url in upstream bugtracker>
-Bug-Debian: https://bugs.debian.org/<bugnumber>
-Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
-Forwarded: <no|not-needed|url proving that it has been forwarded>
-Reviewed-By: <name and email of someone who approved the patch>
-Last-Update: <YYYY-MM-DD>
-
-Index: cyrus-imapd-2.4-2.4.17+caldav~beta10.test/imap/http_caldav.c
-===================================================================
---- cyrus-imapd-2.4-2.4.17+caldav~beta10.test.orig/imap/http_caldav.c
-+++ cyrus-imapd-2.4-2.4.17+caldav~beta10.test/imap/http_caldav.c
-@@ -631,8 +631,9 @@ static void my_caldav_auth(const char *u
-
- /* Auto-provision calendars for 'userid' */
-
-- strlcpy(ident, userid, sizeof(ident));
-+ strlcpy(ident, userid, strcspn(userid, "@"));
- mboxname_hiersep_toexternal(&httpd_namespace, ident, 0);
-+ strlcpy(ident + strlen(ident), userid + strlen(ident), sizeof(ident) - strlen(ident));
-
- /* calendar-home-set */
- r = mboxlist_lookup(mailboxname, &mbentry, NULL);
-@@ -761,6 +762,10 @@ static int caldav_parse_path(const char
- char *p;
- size_t len, siz;
- static const char *prefix = NULL;
-+ char userid[MAX_MAILBOX_BUFFER];
-+ char userdomain[MAX_MAILBOX_BUFFER];
-+ char *domain_start;
-+ int userlen, domainlen;
-
- /* Make a working copy of target path */
- strlcpy(tgt->path, path, sizeof(tgt->path));
-@@ -857,13 +862,20 @@ static int caldav_parse_path(const char
- p = tgt->mboxname;
- siz = MAX_MAILBOX_BUFFER;
- if (tgt->user) {
-- len = snprintf(p, siz, "user");
-- p += len;
-- siz -= len;
--
- if (tgt->userlen) {
-- len = snprintf(p, siz, ".%.*s", (int) tgt->userlen, tgt->user);
-- mboxname_hiersep_tointernal(&httpd_namespace, p+1, tgt->userlen);
-+ domain_start = strchr(tgt->user, '@');
-+ if (domain_start != NULL) {
-+ userlen = domain_start - tgt->user + 1;
-+ domain_start++;
-+ domainlen = tgt->userlen - userlen + 1;
-+ strlcpy(userid, tgt->user, userlen);
-+ mboxname_hiersep_tointernal(&httpd_namespace, userid, userlen);
-+ strlcpy(userdomain, domain_start, domainlen);
-+ len = snprintf(p, siz, "%.*s!user.%.*s", (int) domainlen, userdomain, (int) userlen, userid);
-+ } else {
-+ len = snprintf(p, siz, "user.%.*s", (int) tgt->userlen, tgt->user);
-+ mboxname_hiersep_tointernal(&httpd_namespace, p+5, tgt->userlen);
-+ }
- p += len;
- siz -= len;
- }
-@@ -1917,8 +1929,9 @@ static int caldav_post(struct transactio
- if (organizer) {
- if (!caladdress_lookup(organizer, &sparam) &&
- !(sparam.flags & SCHEDTYPE_REMOTE)) {
-- strlcpy(orgid, sparam.userid, sizeof(orgid));
-+ strlcpy(orgid, sparam.userid, strcspn(sparam.userid, "@"));
- mboxname_hiersep_toexternal(&httpd_namespace, orgid, 0);
-+ strlcpy(orgid + strlen(orgid), sparam.userid + strlen(orgid), sizeof(orgid) - strlen(orgid));
- }
- }
-
-@@ -2133,8 +2146,9 @@ static int caldav_put(struct transaction
- /* CALDAV:unique-scheduling-object-resource */
- char ext_userid[MAX_MAILBOX_NAME+1];
-
-- strlcpy(ext_userid, userid, sizeof(ext_userid));
-+ strlcpy(ext_userid, userid, strcspn(userid, "@"));
- mboxname_hiersep_toexternal(&httpd_namespace, ext_userid, 0);
-+ strlcpy(ext_userid + strlen(ext_userid), userid + strlen(ext_userid), sizeof(ext_userid) - strlen(ext_userid));
-
- txn->error.precond = CALDAV_UNIQUE_OBJECT;
- assert(!buf_len(&txn->buf));
-@@ -4096,9 +4110,12 @@ static int store_resource(struct transac
-
- int caladdress_lookup(const char *addr, struct sched_param *param)
- {
-- char *p;
-+ char *p, *domain_start;
- int islocal = 1, found = 1;
- static char userid[MAX_MAILBOX_BUFFER];
-+ static char tmpuserid[MAX_MAILBOX_BUFFER];
-+ static char tmpuserdomain[MAX_MAILBOX_BUFFER];
-+ int userlen, domainlen, useridlen;
-
- memset(param, 0, sizeof(struct sched_param));
-
-@@ -4110,7 +4127,8 @@ int caladdress_lookup(const char *addr,
- /* XXX Do LDAP/DB/socket lookup to see if user is local */
- /* XXX Hack until real lookup stuff is written */
- strlcpy(userid, p, sizeof(userid));
-- if ((p = strchr(userid, '@')) && !(*p = '\0') && *++p) {
-+ strlcpy(tmpuserid, p, sizeof(tmpuserid));
-+ if ((p = strchr(tmpuserid, '@')) && !(*p = '\0') && *++p) {
- struct strlist *domains = cua_domains;
-
- for (; domains && strcmp(p, domains->s); domains = domains->next);
-@@ -4132,9 +4150,20 @@ int caladdress_lookup(const char *addr,
- calendarprefix = config_getstring(IMAPOPT_CALENDARPREFIX);
- }
-
-- mboxname_hiersep_tointernal(&httpd_namespace, userid, 0);
-- snprintf(mailboxname, sizeof(mailboxname),
-- "user.%s.%s", param->userid, calendarprefix);
-+ domain_start = strchr(userid, '@');
-+ if (domain_start != NULL) {
-+ userlen = domain_start - userid + 1;
-+ domain_start++;
-+ useridlen = strcspn(userid, "/");
-+ domainlen = useridlen - userlen + 1;
-+ strlcpy(tmpuserid, userid, userlen);
-+ mboxname_hiersep_tointernal(&httpd_namespace, tmpuserid, 0);
-+ strlcpy(tmpuserdomain, domain_start, domainlen);
-+ snprintf(mailboxname, sizeof(mailboxname), "%.*s!user.%.*s.%s", (int) domainlen, tmpuserdomain, (int) userlen, tmpuserid, calendarprefix);
-+ } else {
-+ snprintf(mailboxname, sizeof(mailboxname), "user.%s.%s", userid, calendarprefix);
-+ mboxname_hiersep_tointernal(&httpd_namespace, userid, 0);
-+ }
-
- r = http_mlookup(mailboxname, ¶m->server, NULL, NULL);
- if (!r) {
-@@ -4441,6 +4470,10 @@ int sched_busytime_query(struct transact
- static const char *calendarprefix = NULL;
- icalcomponent *comp;
- char mailboxname[MAX_MAILBOX_BUFFER];
-+ char tmpuserid[MAX_MAILBOX_BUFFER];
-+ char tmpuserdomain[MAX_MAILBOX_BUFFER];
-+ char *domain_start;
-+ int userlen, domainlen, useridlen;
- icalproperty *prop = NULL, *next;
- const char *uid = NULL, *organizer = NULL;
- struct sched_param sparam;
-@@ -4583,9 +4616,19 @@ int sched_busytime_query(struct transact
-
-
- /* Check ACL of ORGANIZER on attendee's Scheduling Inbox */
-- snprintf(mailboxname, sizeof(mailboxname),
-- "user.%s.%s.Inbox", userid, calendarprefix);
--
-+ domain_start = strchr(userid, '@');
-+ if (domain_start != NULL) {
-+ userlen = domain_start - userid + 1;
-+ domain_start++;
-+ useridlen = strcspn(userid, "/");
-+ domainlen = useridlen - userlen + 1;
-+ strlcpy(tmpuserid, userid, userlen);
-+ strlcpy(tmpuserdomain, domain_start, domainlen);
-+ snprintf(mailboxname, sizeof(mailboxname), "%.*s!user.%.*s.%s.Inbox", (int) domainlen, tmpuserdomain, (int) userlen, tmpuserid, calendarprefix);
-+ } else {
-+ snprintf(mailboxname, sizeof(mailboxname), "user.%s.%s.Inbox", userid, calendarprefix);
-+ }
-+
- if ((r = mboxlist_lookup(mailboxname, &mbentry, NULL))) {
- syslog(LOG_INFO, "mboxlist_lookup(%s) failed: %s",
- mailboxname, error_message(r));
-@@ -4602,8 +4645,18 @@ int sched_busytime_query(struct transact
-
- else {
- /* Start query at attendee's calendar-home-set */
-- snprintf(mailboxname, sizeof(mailboxname),
-- "user.%s.%s", userid, calendarprefix);
-+ domain_start = strchr(userid, '@');
-+ if (domain_start != NULL) {
-+ userlen = domain_start - userid + 1;
-+ domain_start++;
-+ useridlen = strcspn(userid, "/");
-+ domainlen = useridlen - userlen + 1;
-+ strlcpy(tmpuserid, userid, userlen);
-+ strlcpy(tmpuserdomain, domain_start, domainlen);
-+ snprintf(mailboxname, sizeof(mailboxname), "%.*s!user.%.*s.%s.Inbox", (int) domainlen, tmpuserdomain, (int) userlen, tmpuserid, calendarprefix);
-+ } else {
-+ snprintf(mailboxname, sizeof(mailboxname), "user.%s.%s.Inbox", userid, calendarprefix);
-+ }
-
- fctx.davdb = NULL;
- fctx.req_tgt->collection = NULL;
-Index: cyrus-imapd-2.4-2.4.17+caldav~beta10.test/imap/http_carddav.c
-===================================================================
---- cyrus-imapd-2.4-2.4.17+caldav~beta10.test.orig/imap/http_carddav.c
-+++ cyrus-imapd-2.4-2.4.17+caldav~beta10.test/imap/http_carddav.c
-@@ -368,8 +368,9 @@ static void my_carddav_auth(const char *
- }
-
- /* Auto-provision an addressbook for 'userid' */
-- strlcpy(ident, userid, sizeof(ident));
-+ strlcpy(ident, userid, strcspn(userid, "@"));
- mboxname_hiersep_toexternal(&httpd_namespace, ident, 0);
-+ strlcpy(ident + strlen(ident), userid + strlen(ident), sizeof(ident) - strlen(ident));
-
- /* addressbook-home-set */
- len += snprintf(mailboxname+len, MAX_MAILBOX_BUFFER - len, ".%s",
-@@ -461,6 +462,10 @@ static int carddav_parse_path(const char
- char *p;
- size_t len, siz;
- static const char *prefix = NULL;
-+ char userid[MAX_MAILBOX_BUFFER];
-+ char userdomain[MAX_MAILBOX_BUFFER];
-+ char *domain_start;
-+ int userlen, domainlen;
-
- /* Make a working copy of target path */
- strlcpy(tgt->path, path, sizeof(tgt->path));
-@@ -546,13 +551,20 @@ static int carddav_parse_path(const char
- p = tgt->mboxname;
- siz = MAX_MAILBOX_BUFFER;
- if (tgt->user) {
-- len = snprintf(p, siz, "user");
-- p += len;
-- siz -= len;
--
- if (tgt->userlen) {
-- len = snprintf(p, siz, ".%.*s", (int) tgt->userlen, tgt->user);
-- mboxname_hiersep_tointernal(&httpd_namespace, p+1, tgt->userlen);
-+ domain_start = strchr(tgt->user, '@');
-+ if (domain_start != NULL) {
-+ userlen = domain_start - tgt->user + 1;
-+ domain_start++;
-+ domainlen = tgt->userlen - userlen + 1;
-+ strlcpy(userid, tgt->user, userlen);
-+ mboxname_hiersep_tointernal(&httpd_namespace, userid, userlen);
-+ strlcpy(userdomain, domain_start, domainlen);
-+ len = snprintf(p, siz, "%.*s!user.%.*s", (int) domainlen, userdomain, (int) userlen, userid);
-+ } else {
-+ len = snprintf(p, siz, "user.%.*s", (int) tgt->userlen, tgt->user);
-+ mboxname_hiersep_tointernal(&httpd_namespace, p+5, tgt->userlen);
-+ }
- p += len;
- siz -= len;
- }
-Index: cyrus-imapd-2.4-2.4.17+caldav~beta10.test/imap/http_dav.c
-===================================================================
---- cyrus-imapd-2.4-2.4.17+caldav~beta10.test.orig/imap/http_dav.c
-+++ cyrus-imapd-2.4-2.4.17+caldav~beta10.test/imap/http_dav.c
-@@ -4716,7 +4716,7 @@ static int principal_search(char *mboxna
- if (!(p = mboxname_isusermailbox(mboxname, 1))) return 0;
-
- strlcpy(userid, p, MAX_MAILBOX_NAME+1);
-- mboxname_hiersep_toexternal(&httpd_namespace, userid, 0);
-+ //mboxname_hiersep_toexternal(&httpd_namespace, userid, 0);
-
- for (search_crit = (struct search_crit *) fctx->filter_crit;
- search_crit; search_crit = search_crit->next) {
diff --git a/debian/patches/series b/debian/patches/series
index bb67a38..069896b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -34,5 +34,4 @@ cyrus-tls-1.2.patch
parse-GUID-for-binary-appends-as-well.patch
use-system-unicodedata.patch
TLS-configuration.patch
-fix-caldav-virtdomain-users.patch
bug778779.patch
diff --git a/debian/rules b/debian/rules
index 99172af..fc75c02 100755
--- a/debian/rules
+++ b/debian/rules
@@ -165,11 +165,11 @@ override_dh_auto_install:
# Move all manpages under cyrus- namespace
install -m 644 debian/cyrus-makedirs.8 debian/cyrus-arbitronsort.8 debian/cyrus-dump.8 \
$(TMPPKG)/usr/share/man/man8/
- for i in master reconstruct quota deliver \
+ for i in reconstruct quota \
mbpath ctl_mboxlist ctl_deliver ctl_cyrusdb squatter \
- tls_prune ipurge cyrdump cvt_cyrusdb chk_cyrus arbitron \
+ tls_prune ipurge cvt_cyrusdb chk_cyrus arbitron \
cyr_expire unexpunge sync_client sync_reset cyr_synclog \
- cyr_dbtool cyr_df ctl_zoneinfo; do \
+ cyr_dbtool cyr_df; do \
mv $(TMPPKG)/usr/share/man/man8/$$i.8 $(TMPPKG)/usr/share/man/man8/cyrus-$${i}.8 ; \
done
@@ -233,7 +233,7 @@ override_dh_installchangelogs:
-p cyrus-common -p cyrus-doc -p cyrus-clients \
-p cyrus-admin -p libcyrus-imap-perl -p cyrus-imapd \
-p cyrus-pop3d -p cyrus-murder -p cyrus-replication \
- -p cyrus-nntpd -p cyrus-caldav -p cyrus-dev \
+ -p cyrus-nntpd -p cyrus-dev \
doc/changes.html
dh_installchangelogs --remaining-packages
--- End Message ---