Bug#929068: unblock: cyrus-imapd/3.0.8-5
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package cyrus-imapd
Hi all,
cyrus-imapd has a RC bug (segfault, #927142). It has been fixed by
upstream in version 3.0.9 with some additional memory leak issues. I
backported these patchs and updated cyrus-common.postins. Full changes:
* Bump Standards-Version to 4.3.0
* Add upstream/metadata
* Fix sieve segfault (Closes: #927142)
* Add upgradesieve() function to cyrus-common.postinst (related to #927142).
Thanks to Anthony Prades
* Add patch to support spaces in mailboxes
* Add patches to fix some memory leaks found by code analyser (upstream)
I also added myself to uploaders (package is RFA), since I need it here.
I think I can take maintainance of it, at least during Buster life.
cyrus-imapd has no reverse dependencies.
Cheers,
Xavier
unblock cyrus-imapd/3.0.8-5
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (600, 'testing'), (50, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index e40d3aae2..689b61b69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,25 @@
+cyrus-imapd (3.0.8-5) unstable; urgency=medium
+
+ [ Xavier Guimard ]
+ * Add upstream/metadata
+
+ [ Anthony Prades ]
+ * sieve segfault (Closes: #927142)
+
+ [ Xavier Guimard ]
+ * Fix Standards-Version to 4.3.0
+ * Add patch headers
+ * Trailing whitespaces
+ * Add myself to uploaders
+ * Add upgradesieve() function to cyrus-common.postinst (related to #927142).
+ Thanks to Anthony Prades
+ * Fix postinst error
+ * Replace tabs
+ * Add patch to support spaces in mailboxes
+ * Add patches to fix some memory leaks found by code analyser (upstream)
+
+ -- Xavier Guimard <yadd@debian.org> Thu, 16 May 2019 11:42:29 +0200
+
cyrus-imapd (3.0.8-4) unstable; urgency=medium
[ Anthony Prades ]
@@ -238,7 +260,7 @@ cyrus-imapd-2.4 (2.4.17+caldav~beta10-13) unstable; urgency=medium
cyrus-imapd-2.4 (2.4.17+caldav~beta10-12) unstable; urgency=medium
- * Add Breaks/Replaces for old cyrus-imapd-2.2 dummy packages
+ * Add Breaks/Replaces for old cyrus-imapd-2.2 dummy packages
to cleanup old installations.
* Install upstream changelogs to all real packages and Debian changelogs
to all packages
@@ -494,7 +516,7 @@ cyrus-imapd-2.4 (2.4.16-3) unstable; urgency=low
cyrus-imapd-2.4 (2.4.16-2) unstable; urgency=low
[ Gregor Herrman ]
- * Add postinst scripts for all transitional packages to handle the
+ * Add postinst scripts for all transitional packages to handle the
directory to symlink transition of their docdirs.
(Closes: #690147)
@@ -738,7 +760,7 @@ cyrus-imapd-2.4 (2.4.7-6) unstable; urgency=low
cyrus-imapd-2.4 (2.4.7-5) unstable; urgency=low
* Add support for starting cyrus-imapd-2.2 (Closes: #620839)
-
+
-- Ondřej Surý <ondrej@debian.org> Mon, 04 Apr 2011 23:57:45 +0200
cyrus-imapd-2.4 (2.4.7-4) unstable; urgency=low
@@ -1021,7 +1043,7 @@ cyrus-imapd-2.2 (2.2.13-14) unstable; urgency=low
* Auto-detect BDB version from whichever -dev package is installed
at build time, rather than hardcoding in debian/control.
* Tweak the init script to support epoch in PACKAGE_VERSION.
-
+
-- Duncan Gibb <Duncan.Gibb@siriusit.co.uk> Fri, 06 Feb 2009 15:41:07 +0000
cyrus-imapd-2.3 (2.3.8-2) UNRELEASED; urgency=low
@@ -1135,7 +1157,7 @@ cyrus-imapd-2.2 (2.2.13-11) unstable; urgency=low
cyrus-imapd-2.2 (2.2.13-10) unstable; urgency=high
* High urgency due to #400747
-
+
[ Sven Mueller ]
* Update README.Debian.simpleinstall (Closes: #395250)
* Upstream change: applied RFC4314 READ-ONLY logic
@@ -1143,7 +1165,7 @@ cyrus-imapd-2.2 (2.2.13-10) unstable; urgency=high
[ Benjamin Seidenberg ]
* Add notice about lmtp overquota configuration option rename to
UPGRADE.Debian (Closes: #400645)
- * Disable upstream patch 0019 due to bad sasl interactions (Closes: #400747)
+ * Disable upstream patch 0019 due to bad sasl interactions (Closes: #400747)
-- Benjamin Seidenberg <benjamin@debian.org> Sat, 9 Dec 2006 10:03:38 -0500
@@ -1185,7 +1207,7 @@ cyrus-imapd-2.2 (2.2.13-8) unstable; urgency=medium
* Update date span in debian/copyright
* Fix mistake in init script, ! check_status instead of !check_status.
Thanks to Farzad FARID
- * Fix DOS encoding on several files in debian/ (Closes: #391092)
+ * Fix DOS encoding on several files in debian/ (Closes: #391092)
Thanks to Farzad FARID
-- Sven Mueller <sven@debian.org> Mon, 9 Oct 2006 23:21:23 +0200
@@ -1226,7 +1248,7 @@ cyrus-imapd-2.2 (2.2.13-7) unstable; urgency=low
cyrus-imapd-2.2 (2.2.13-6) unstable; urgency=low
- * Fix a problem in cyrus-common-2.2 preinst
+ * Fix a problem in cyrus-common-2.2 preinst
-- Sven Mueller <sven@debian.org> Thu, 10 Aug 2006 03:58:58 +0200
@@ -1328,7 +1350,7 @@ cyrus-imapd-2.2 (2.2.13-3) unstable; urgency=high
cyrus-imapd-2.2 (2.2.13-2) unstable; urgency=low
[ Sven Mueller ]
- * Apply fix from upstream CVS to imap/backend.c (Closes: #365629)
+ * Apply fix from upstream CVS to imap/backend.c (Closes: #365629)
-- Sven Mueller <debian@incase.de> Tue, 2 May 2006 22:14:03 +0200
@@ -1491,7 +1513,7 @@ cyrus22-imapd (2.2.12-0.6) unstable; urgency=low
[ Ondřej Surý ]
* Add 64bit quota dpatch.
- * Rerun autoconf and add result as dpatch.
+ * Rerun autoconf and add result as dpatch.
-- Sven Mueller <debian@incase.de> Fri, 23 Sep 2005 18:55:57 +0200
@@ -1526,7 +1548,7 @@ cyrus22-imapd (2.2.12-0.3) unstable; urgency=low
* Add a README which contains the configure options used to
compile the package. The README is auto-generated by debian/rules
* cyrus22-clients needs to conflict with cyrus21-clients
- * cyrus22-common needs to conflict with cyrus21-common
+ * cyrus22-common needs to conflict with cyrus21-common
* Add a guess of what the problem might be to the set_cert_stuff failure
message
* Update a few Replaces:, Provides: and Conflicts: lines in debian/control
@@ -1554,4 +1576,3 @@ cyrus22-imapd (2.2.12-0.1) unstable; urgency=low
* Add syncldap2cyrus.pl script from #260833 (a cyrus21 bug)
-- Sven Mueller <debian@incase.de> Fri, 18 Mar 2005 13:34:09 +0100
-
diff --git a/debian/control b/debian/control
index 6b9a1a034..4e06904aa 100644
--- a/debian/control
+++ b/debian/control
@@ -4,8 +4,9 @@ Priority: optional
Maintainer: Debian Cyrus Team <team+cyrus@tracker.debian.org>
Uploaders: Henrique de Moraes Holschuh <hmh@debian.org>,
Ondřej Surý <ondrej@debian.org>,
- Anthony Prades <toony.debian@chezouam.net>
-Standards-Version: 4.3.0.1
+ Anthony Prades <toony.debian@chezouam.net>,
+ Xavier Guimard <yadd@debian.org>
+Standards-Version: 4.3.0
Build-Depends: bison,
comerr-dev,
debhelper-compat (= 12),
@@ -53,11 +54,11 @@ Pre-Depends: dpkg (>= 1.17.14~),
Depends: adduser,
db-upgrade-util,
db-util,
- e2fsprogs,
+ e2fsprogs,
default-mta | mail-transport-agent,
gawk,
libsasl2-modules,
- lsb-base,
+ lsb-base,
netbase (>= 4.07),
${misc:Depends},
${perl:Depends},
diff --git a/debian/cyrus-common.postinst b/debian/cyrus-common.postinst
index ae63f920f..c2bcc1b33 100755
--- a/debian/cyrus-common.postinst
+++ b/debian/cyrus-common.postinst
@@ -45,6 +45,18 @@ getconf () {
fi
}
+upgradesieve () {
+ if [ -z "$1" ] || $(dpkg --compare-versions $1 gt 3~); then
+ return
+ fi
+
+ CYRUS_SIEVE_DIR="/var/spool/sieve"
+ getconf sievedir ${CYRUS_SIEVE_DIR}
+ CYRUS_SIEVE_DIR=$result
+ find ${CYRUS_SIEVE_DIR} -type d -regextype sed -regex '.*/[^/]\+^[^/]\+' -print | awk '{system("mv " $0 " " gensub("\\^", ".", "g", $1))}'
+ su cyrus -c '/usr/lib/cyrus/upgrade/masssievec /usr/lib/cyrus/bin/sievec'
+}
+
case "$1" in
configure)
# Add the cyrus user (requires adduser >= 3.34)
@@ -122,6 +134,8 @@ case "$1" in
# Hopefully this will be handled by upstream next time
cp -p /usr/lib/cyrus/cyrus-hardwired-config.txt \
/usr/lib/cyrus/cyrus-hardwired-config.active
+
+ upgradesieve $2
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/patches/0020-lmtp-sieve-segfault.patch b/debian/patches/0020-lmtp-sieve-segfault.patch
new file mode 100644
index 000000000..40f9f4571
--- /dev/null
+++ b/debian/patches/0020-lmtp-sieve-segfault.patch
@@ -0,0 +1,38 @@
+Description: Fix segfault on mailshare sive redirect
+Author: Anthony Prades <https://github.com/toony>
+Origin: upstream, https://github.com/cyrusimap/cyrus-imapd/commit/7a11575cadca55630a37f8c07298aae4b4cf2a4a
+Bug: https://github.com/cyrusimap/cyrus-imapd/pull/2597
+Bug-Debian: https://bugs.debian.org/927142
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2019-05-09
+
+--- a/imap/lmtp_sieve.c
++++ b/imap/lmtp_sieve.c
+@@ -414,7 +414,7 @@
+ /* if we have a msgid, we can track our redirects */
+ if (m->id) {
+ snprintf(buf, sizeof(buf), "%s-%s", m->id, rc->addr);
+- sievedb = make_sieve_db(mbname_userid(sd->mbname));
++ sievedb = make_sieve_db(mbname_recipient(sd->mbname, ((deliver_data_t *) mc)->ns));
+
+ dkey.id = buf;
+ dkey.to = sievedb;
+@@ -496,7 +496,7 @@
+ body = msg_getheader(md, "original-recipient");
+ origreceip = body ? body[0] : NULL;
+ if ((res = send_rejection(md->id, md->return_path,
+- origreceip, mbname_userid(sd->mbname),
++ origreceip, mbname_recipient(sd->mbname, ((deliver_data_t *) mc)->ns),
+ rc->msg, md->data)) == 0) {
+ snmp_increment(SIEVE_REJECT, 1);
+ syslog(LOG_INFO, "sieve rejected: %s to: %s",
+@@ -735,7 +735,7 @@
+ while (waitpid(sm_pid, &sm_stat, 0) < 0);
+
+ if (sm_stat == 0) { /* sendmail exit value */
+- sievedb = make_sieve_db(mbname_userid(sdata->mbname));
++ sievedb = make_sieve_db(mbname_recipient(sdata->mbname, ((deliver_data_t *) mc)->ns));
+
+ dkey.id = outmsgid;
+ dkey.to = sievedb;
diff --git a/debian/patches/0021-support-mailboxes-with-spaces.patch b/debian/patches/0021-support-mailboxes-with-spaces.patch
new file mode 100644
index 000000000..3ec0ef1ab
--- /dev/null
+++ b/debian/patches/0021-support-mailboxes-with-spaces.patch
@@ -0,0 +1,31 @@
+Description: cyradm: support mailboxes with spaces in getquotaroot
+Author: Ellie Timoney <ellie@fastmail.com>
+Bug: https://github.com/cyrusimap/cyrus-imapd/issues/2521
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2019-05-16
+
+--- a/perl/imap/IMAP/Admin.pm
++++ b/perl/imap/IMAP/Admin.pm
+@@ -575,7 +575,11 @@
+ $self->addcallback({-trigger => 'QUOTAROOT',
+ -callback => sub {
+ my %d = @_;
+- return unless $d{-text} =~ /^\S+ (\S+)/;
++ return unless ( $d{-text} =~ /^\"[^\"]+\" \"([^\"]+)\"/ or
++ $d{-text} =~ /^\"[^\"]+\" (\S+)/ or
++ $d{-text} =~ /[^\"]\S+ \"([^\"]+)\"/ or
++ $d{-text} =~ /^[^\"]\S+ (\S+)/
++ );
+ ${$d{-rock}} = $1;
+ },
+ -rock => \$qr},
+@@ -583,7 +586,7 @@
+ -callback => sub {
+ my %d = @_;
+ return unless
+- $d{-text} =~ s/^\S+ \((\S+) (\S+) (\S+)\)//;
++ $d{-text} =~ s/\((\S+) (\S+) (\S+)\)$//;
+ push @{$d{-rock}}, $1, [$2, $3];
+ },
+ -rock => \@info});
diff --git a/debian/patches/0022-close-backups-on-failure.patch b/debian/patches/0022-close-backups-on-failure.patch
new file mode 100644
index 000000000..782b7ebed
--- /dev/null
+++ b/debian/patches/0022-close-backups-on-failure.patch
@@ -0,0 +1,33 @@
+Description: close backups on failure
+ Static analizers report this as memory leak issue.
+Author: Pavel Zhukov <https://github.com/landgraf>
+Forwarded: https://github.com/cyrusimap/cyrus-imapd/commit/3c9060f9
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2019-05-16
+
+--- a/backup/ctl_backups.c
++++ b/backup/ctl_backups.c
+@@ -898,6 +898,7 @@
+
+ if (r) {
+ printf("NO failed (%s)\n", error_message(r));
++ r = backup_close(&backup);
+ return EC_SOFTWARE; // FIXME would something else be more appropriate?
+ }
+
+@@ -934,6 +935,7 @@
+ fprintf(stderr, "unable to lock %s: %s\n",
+ userid ? userid : fname,
+ error_message(r));
++ r = backup_close(&backup);
+ return EC_SOFTWARE;
+ }
+
+@@ -994,6 +996,7 @@
+ fprintf(stderr, "unable to lock %s: %s\n",
+ userid ? userid : fname,
+ error_message(r));
++ r = backup_close(&backup);
+ return EC_SOFTWARE;
+ }
+
diff --git a/debian/patches/0023-fix-memory-leak-on-ldap-failure.patch b/debian/patches/0023-fix-memory-leak-on-ldap-failure.patch
new file mode 100644
index 000000000..4d0370b51
--- /dev/null
+++ b/debian/patches/0023-fix-memory-leak-on-ldap-failure.patch
@@ -0,0 +1,135 @@
+Description: fix little memory leak when LDAP fails
+Author: Ellie Timoney <ellie@fastmail.com>
+Origin: upstream, https://github.com/cyrusimap/cyrus-imapd/commit/88ee843d
+Forwarded: https://github.com/cyrusimap/cyrus-imapd/commit/88ee843d
+Reviewed-By: Xavier Guimard <yadd@debian.org>
+Last-Update: 2019-05-16
+
+--- a/ptclient/ldap.c
++++ b/ptclient/ldap.c
+@@ -932,7 +932,7 @@
+ {
+ rc = ptsmodule_expand_tokens(ptsm->filter, canon_id, NULL, &filter);
+ if (rc != PTSM_OK)
+- return rc;
++ goto done;
+
+ if (ptsm->domain_base_dn && ptsm->domain_base_dn[0] != '\0' && (strrchr(canon_id, '@') == NULL)) {
+ syslog(LOG_DEBUG, "collecting all domains from %s", ptsm->domain_base_dn);
+@@ -948,15 +948,18 @@
+ syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc));
+ ldap_unbind(ptsm->ld);
+ ptsm->ld = NULL;
+- return PTSM_RETRY;
++ rc = PTSM_RETRY;
++ goto done;
+ }
+
+ syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc));
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ }
+ if (ldap_count_entries(ptsm->ld, res) < 1) {
+ syslog(LOG_ERR, "No domain found");
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ } else if (ldap_count_entries(ptsm->ld, res) >= 1) {
+ int count_matches = 0;
+ char *temp_base = NULL;
+@@ -976,10 +979,12 @@
+
+ if (count_matches > 1) {
+ syslog(LOG_ERR, "LDAP search for %s failed because it matches multiple accounts.", canon_id);
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ } else if (count_matches == 0) {
+ syslog(LOG_ERR, "LDAP search for %s failed because it does not match any account in all domains.", canon_id);
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ }
+
+ syslog(LOG_DEBUG, "we have found %s in %s", canon_id, base);
+@@ -1006,19 +1011,23 @@
+ ldap_unbind(ptsm->ld);
+ ptsm->ld = NULL;
+ syslog(LOG_ERR, "LDAP not available: %s", ldap_err2string(rc));
+- return PTSM_RETRY;
++ rc = PTSM_RETRY;
++ goto done;
+ }
+
+ syslog(LOG_ERR, "LDAP search for domain failed: %s", ldap_err2string(rc));
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ }
+
+ if (ldap_count_entries(ptsm->ld, res) < 1) {
+ syslog(LOG_ERR, "No domain %s found", domain);
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ } else if (ldap_count_entries(ptsm->ld, res) > 1) {
+ syslog(LOG_ERR, "Multiple domains %s found", domain);
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ } else {
+ if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) {
+ if ((vals = ldap_get_values(ptsm->ld, entry, ptsm->domain_result_attribute)) != NULL) {
+@@ -1033,7 +1042,7 @@
+ }
+
+ if (rc != PTSM_OK) {
+- return rc;
++ goto done;
+ } else {
+ base = xstrdup(ptsm->base);
+ syslog(LOG_DEBUG, "Continuing with ptsm->base: %s", ptsm->base);
+@@ -1044,23 +1053,23 @@
+ } else {
+ rc = ptsmodule_expand_tokens(ptsm->base, canon_id, NULL, &base);
+ if (rc != PTSM_OK)
+- return rc;
++ goto done;
+ }
+
+ rc = ldap_search_st(ptsm->ld, base, ptsm->scope, filter, attrs, 0, &(ptsm->timeout), &res);
+
+ if (rc != LDAP_SUCCESS) {
+ syslog(LOG_DEBUG, "Searching %s with %s failed", base, base);
+- free(filter);
+- free(base);
+
+ if (rc == LDAP_SERVER_DOWN) {
+ ldap_unbind(ptsm->ld);
+ ptsm->ld = NULL;
+- return PTSM_RETRY;
++ rc = PTSM_RETRY;
++ goto done;
+ }
+
+- return PTSM_FAIL;
++ rc = PTSM_FAIL;
++ goto done;
+ }
+
+ free(filter);
+@@ -1086,6 +1095,13 @@
+ }
+
+ return (*ret ? PTSM_OK : PTSM_FAIL);
++
++ done:
++ if (filter)
++ free(filter);
++ if (base)
++ free(base);
++ return rc;
+ }
+
+
diff --git a/debian/patches/series b/debian/patches/series
index 2015ece78..bbe08983c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -17,3 +17,7 @@
0017-cert-update.patch
0018-backend.testc-reset-server-authenticated-state-between-connections.patch
0019-support-clamav-0.101.0.patch
+0020-lmtp-sieve-segfault.patch
+0021-support-mailboxes-with-spaces.patch
+0022-close-backups-on-failure.patch
+0023-fix-memory-leak-on-ldap-failure.patch
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 000000000..24e91a33b
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,7 @@
+---
+Archive: GitHub
+Bug-Database: https://github.com/cyrusimap/cyrus-imapd/issues
+Contact: https://github.com/cyrusimap/cyrus-imapd/issues
+Name: cyrus-imapd
+Repository: https://github.com/cyrusimap/cyrus-imapd.git
+Repository-Browse: https://github.com/cyrusimap/cyrus-imapd
Reply to: