Compare commits

...

No commits in common. 'c9-beta' and 'c9' have entirely different histories.
c9-beta ... c9

@ -1,48 +0,0 @@
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c.ph_optglob 2024-06-04 09:11:28.514189662 +0200
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/cmd-include.c 2024-06-04 09:18:23.219809778 +0200
@@ -368,11 +368,13 @@ static bool opc_include_dump
return FALSE;
sieve_code_descend(denv);
- sieve_code_dumpf(denv, "script: `%s' from %s %s%s[ID: %d, BLOCK: %d]",
+ sieve_code_dumpf(denv, "script: `%s' from %s %s%s%s[ID: %d, BLOCK: %d]",
sieve_script_name(included->script), sieve_script_location(included->script),
((flags & EXT_INCLUDE_FLAG_ONCE) != 0 ? "(once) " : ""),
((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0 ? "(optional) " : ""),
- include_id, sieve_binary_block_get_id(included->block));
+ (included->block == NULL ? "(missing) " : ""),
+ include_id,
+ (included->block == NULL ? -1 : sieve_binary_block_get_id(included->block)));
return TRUE;
}
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c.ph_optglob 2023-09-14 15:18:26.000000000 +0200
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/plugins/include/ext-include-common.c 2024-06-04 09:10:45.187823805 +0200
@@ -693,6 +693,25 @@ int ext_include_execute_include(const st
}
ctx = ext_include_get_interpreter_context(this_ext, renv->interp);
+ if (included->block == NULL) {
+ if ((flags & EXT_INCLUDE_FLAG_OPTIONAL) != 0) {
+ sieve_runtime_trace(
+ renv, SIEVE_TRLVL_NONE,
+ "include: skipped include for script '%s' "
+ "[inc id: %d, block: NULL]; optional and unavailable",
+ sieve_script_name(included->script),
+ include_id);
+ return result;
+ } else {
+ sieve_runtime_trace(
+ renv, SIEVE_TRLVL_NONE,
+ "include: unavailable script '%s' "
+ "[inc id: %d, block: NULL]",
+ sieve_script_name(included->script),
+ include_id);
+ return SIEVE_EXEC_BIN_CORRUPT;
+ }
+ }
block_id = sieve_binary_block_get_id(included->block);
/* If :once modifier is specified, check for duplicate include */

@ -1,12 +0,0 @@
diff -up dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c
--- dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c.testfix4 2024-06-03 13:35:24.408858593 +0200
+++ dovecot-2.3.21/dovecot-pigeonhole/src/lib-sieve/storage/file/sieve-file-script.c 2024-06-03 13:35:24.434858849 +0200
@@ -800,7 +800,7 @@ static bool sieve_file_script_equals
(struct sieve_file_script *)other;
return ( CMP_DEV_T(fscript->st.st_dev, fother->st.st_dev) &&
- fscript->st.st_ino == fother->st.st_ino );
+ fscript->st.st_ino == fother->st.st_ino && (fscript->st.st_ino != 0 || script->location != NULL && other->location != NULL && strcmp(script->location, other->location) == 0));
}
/*

@ -1,6 +1,6 @@
diff -up dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
--- dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200
+++ dovecot-2.3.15/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200
diff -up dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.15/src/lib-sieve/storage/dict/sieve-dict-script.c
--- dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-06-21 23:07:55.269814896 +0200
+++ dovecot-2.3.15/dovecot-2.3-pigeonhole-0.5.16/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-06-21 23:07:55.298814544 +0200
@@ -109,7 +109,7 @@ static int sieve_dict_script_get_stream
{
struct sieve_dict_script *dscript =

@ -6,7 +6,7 @@ Name: dovecot
Epoch: 1
Version: 2.3.16
%global prever %{nil}
Release: 14%{?dist}
Release: 11%{?dist}.1
#dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2
License: MIT and LGPLv2
@ -58,18 +58,14 @@ Patch23: dovecot-2.3.18-9f300239..4596d399.patch
# from upstream, for < 2.3.21, RHEL-25434
Patch24: dovecot-2.3.16-d7705bc6.patch
# sent upstream, issue #RHEL-52541
Patch25: dovecot-2.3-ph_optglob.patch
Patch26: dovecot-2.3-ph_scriptcmp.patch
# fix test failing due to too long path with all the mock path prefixes
Patch27: dovecot-2.3.21-test-socket-path.patch
# from upstream for < 2.3.21.1, RHEL-55212
# from upstream for < 2.3.21.1, RHEL-55211
# https://github.com/dovecot/core/compare/8e4c42d%5E...1481c04.patch
Patch28: dovecot-2.3.21.1-CVE-2024-23184.patch
# from upstream for < 2.3.21.1, RHEL-55224
# from upstream for < 2.3.21.1, RHEL-55225
# https://github.com/dovecot/core/compare/f020e13%5E...ce88c33.patch
Patch29: dovecot-2.3.21.1-CVE-2024-23185.patch
@ -156,10 +152,6 @@ This package provides the development files for dovecot.
%prep
%setup -q -n %{name}-%{version}%{?prever} -a 8
# standardize name, so we don't have to update patches and scripts
mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole
%patch -P 1 -p1 -b .default-settings
%patch -P 2 -p1 -b .mkcert-permissions
%patch -P 3 -p1 -b .mkcert-paths
@ -175,16 +167,15 @@ mv dovecot-2.3-pigeonhole-%{pigeonholever} dovecot-pigeonhole
%patch -P 21 -p1 -b .7bad6a24
%patch -P 22 -p1 -b .bdf447e4
%patch -P 24 -p1 -b .d7705bc6
%patch -P 25 -p1 -b .ph_optglob
%patch -P 26 -p1 -b .ph_scriptcmp
%patch -P 27 -p1 -b .test-socket-path
%patch -P 28 -p1 -b .CVE-2024-23184
%patch -P 29 -p1 -b .CVE-2024-23185
cp run-test-valgrind.supp dovecot-pigeonhole/
cp run-test-valgrind.supp dovecot-2.3-pigeonhole-%{pigeonholever}/
# valgrind would fail with shell wrapper
echo "testsuite" >dovecot-pigeonhole/run-test-valgrind.exclude
echo "testsuite" >dovecot-2.3-pigeonhole-%{pigeonholever}/run-test-valgrind.exclude
pushd dovecot-pigeonhole
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
%patch -P 23 -p1 -b .9f300239..4596d399
popd
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
@ -227,7 +218,7 @@ sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10
%make_build
#pigeonhole
pushd dovecot-pigeonhole
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
# required for snapshot
[ -f configure ] || autoreconf -fiv
@ -253,7 +244,7 @@ mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/
# fix multilib issues
%multilib_fix_c_header --file %{_includedir}/dovecot/config.h
pushd dovecot-pigeonhole
pushd dovecot-2*3-pigeonhole-%{pigeonholever}
%make_install
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
@ -368,14 +359,8 @@ then
fi
%check
# some time sensitive tests fail on aarch64, just log the result
%ifarch aarch64
make check ||:
%else
make check
%endif
cd dovecot-pigeonhole
cd dovecot-2*3-pigeonhole-%{pigeonholever}
make check
%files
@ -524,15 +509,9 @@ make check
%{_libdir}/%{name}/dict/libdriver_pgsql.so
%changelog
* Tue Aug 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-14
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55212)
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55224)
* Mon Aug 05 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-13
- rebuild with updated tests
* Mon Aug 05 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-12
- fix crash when user has sieve script that includes two missing scripts (RHEL-37160)
* Mon Sep 02 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-11.1
- fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55211)
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55225)
* Fri Feb 16 2024 Michal Hlavinka <mhlavink@redhat.com> - 1:2.3.16-11
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-25434)

Loading…
Cancel
Save