From 682f57c28dec8ba8c59be5b2905485914bde91d4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 02 2019 23:02:37 +0000 Subject: import cyrus-imapd-2.4.17-15.el7 --- diff --git a/.cyrus-imapd.metadata b/.cyrus-imapd.metadata new file mode 100644 index 0000000..30abfac --- /dev/null +++ b/.cyrus-imapd.metadata @@ -0,0 +1,2 @@ +e39754f688d98ac0040df85e8850a2e330c6235d SOURCES/README.rpm +cc869dea08ad663fc32d9ab628992a1711cfbb1b SOURCES/cyrus-imapd-2.4.17.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4f7c3e8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/README.rpm +SOURCES/cyrus-imapd-2.4.17.tar.gz diff --git a/SOURCES/cyr_systemd_helper b/SOURCES/cyr_systemd_helper new file mode 100755 index 0000000..2d9ad56 --- /dev/null +++ b/SOURCES/cyr_systemd_helper @@ -0,0 +1,38 @@ +#!/bin/sh +# get_config [config default] +# extracts config option from config file +get_config() { + if conf=$(grep "^$1" /etc/imapd.conf); then + echo $conf | cut -d: -f2 + else + echo $2 + fi +} + +CONFIGDIRECTORY=$(get_config configdirectory /var/lib/imap) +RETVAL=0 + +start() { + cd $CONFIGDIRECTORY + runuser - cyrus -s /bin/sh -c "umask 166 ; /usr/lib/cyrus-imapd/cvt_cyrusdb_all > ${CONFIGDIRECTORY}/rpm/db_import.log 2>&1" < /dev/null + RETVAL=$? +} + +stop() { + cd $CONFIGDIRECTORY + runuser - cyrus -s /bin/sh -c "umask 166 ; /usr/lib/cyrus-imapd/cvt_cyrusdb_all export > ${CONFIGDIRECTORY}/rpm/db_export.log 2>&1" < /dev/null + RETVAL=$? +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + *) + ;; +esac + +exit $RETVAL diff --git a/SOURCES/cyrus-imapd-2.1.3-flock.patch b/SOURCES/cyrus-imapd-2.1.3-flock.patch new file mode 100644 index 0000000..3b8a27e --- /dev/null +++ b/SOURCES/cyrus-imapd-2.1.3-flock.patch @@ -0,0 +1,78 @@ +diff -up cyrus-imapd-2.4.6/lib/lock_flock.c.flock cyrus-imapd-2.4.6/lib/lock_flock.c +--- cyrus-imapd-2.4.6/lib/lock_flock.c.flock 2010-12-20 14:15:49.000000000 +0100 ++++ cyrus-imapd-2.4.6/lib/lock_flock.c 2011-02-10 12:56:45.262786102 +0100 +@@ -52,6 +52,10 @@ + #endif + + #include "cyr_lock.h" ++#include ++ ++/* Locking timeout parameter */ ++#define MAXTIME 99 + + const char *lock_method_desc = "flock"; + +@@ -68,6 +72,18 @@ const char *lock_method_desc = "flock"; + * 'failaction' is provided, it is filled in with a pointer to a fixed + * string naming the action that failed. + * ++ * Modified by jwade 4/16/2002 to work around seen file locking problem ++ * Added locking timeout parameter to allow processes that are ++ * waiting for a lock to eventually time out ++ * ++ * Calls flock() in non-blocking fashion and then retries until a ++ * maximum delay is reached or the lock succeeds. ++ * ++ * As written, uses a quadratic backoff on retries with MAXTIME being ++ * the longest interval delay. Total delay time is the sum of the squares ++ * of all integers whose square is less than MAXTIME. In the case of ++ * MAXTIME = 99 this is 0+1+4+9+16+25+36+49+64+81= 285 Seconds ++ * This time is arbitrary and can be adjusted + */ + int lock_reopen(fd, filename, sbuf, failaction) + int fd; +@@ -78,17 +94,29 @@ const char **failaction; + int r; + struct stat sbuffile, sbufspare; + int newfd; ++ int delay=0, i=0; + + if (!sbuf) sbuf = &sbufspare; + +- for (;;) { +- r = flock(fd, LOCK_EX); ++ for(i=0,delay=0;;) { ++ r = flock(fd, LOCK_EX|LOCK_NB); + if (r == -1) { +- if (errno == EINTR) continue; +- if (failaction) *failaction = "locking"; ++ if (errno == EINTR) { ++ continue; ++ } ++ else if ((errno == EWOULDBLOCK) && (delay < MAXTIME)) { ++ syslog(LOG_DEBUG, "lock: reopen-blocked sleeping for %d on interval %d (%d, %s)" , delay, i, fd, filename); ++ sleep(delay); ++ i++; ++ delay = i*i; ++ continue; ++ } ++ if (failaction) { ++ if (delay >= MAXTIME) *failaction = "locking_timeout"; ++ else *failaction = "locking"; ++ } + return -1; + } +- + fstat(fd, sbuf); + r = stat(filename, &sbuffile); + if (r == -1) { +@@ -96,9 +124,7 @@ const char **failaction; + flock(fd, LOCK_UN); + return -1; + } +- + if (sbuf->st_ino == sbuffile.st_ino) return 0; +- + newfd = open(filename, O_RDWR); + if (newfd == -1) { + if (failaction) *failaction = "opening"; diff --git a/SOURCES/cyrus-imapd-2.3.1-authid_normalize.patch b/SOURCES/cyrus-imapd-2.3.1-authid_normalize.patch new file mode 100644 index 0000000..de62ae9 --- /dev/null +++ b/SOURCES/cyrus-imapd-2.3.1-authid_normalize.patch @@ -0,0 +1,80 @@ +diff -up cyrus-imapd-2.4.14/lib/auth_unix.c.authid_normalize cyrus-imapd-2.4.14/lib/auth_unix.c +--- cyrus-imapd-2.4.14/lib/auth_unix.c.authid_normalize 2012-03-12 12:47:51.000000000 +0100 ++++ cyrus-imapd-2.4.14/lib/auth_unix.c 2012-03-14 10:49:50.679822894 +0100 +@@ -156,10 +156,12 @@ const char *identifier; + size_t len; + { + static char retbuf[81]; ++ char backup[81]; + struct group *grp; + char sawalpha; + char *p; + int username_tolower = 0; ++ int ic,rbc; + + if(!len) len = strlen(identifier); + if(len >= sizeof(retbuf)) return NULL; +@@ -211,6 +213,22 @@ size_t len; + /* now we don't */ + /* if (!sawalpha) return NULL; */ + ++ if( (libcyrus_config_getswitch(CYRUSOPT_NORMALIZEUID) == 1) ) { ++ strcpy(backup,retbuf); ++ /* remove leading blanks */ ++ for(ic=0; isblank(backup[ic]); ic++); ++ for(rbc=0; backup[ic]; ic++) { ++ retbuf[rbc] = ( isalpha(backup[ic]) ? ++ tolower(backup[ic]) : backup[ic] ); ++ rbc++; ++ } ++ retbuf[rbc] = '\0'; ++ /* remove trailing blanks */ ++ for(--rbc; isblank(retbuf[rbc]); rbc--) { ++ retbuf[rbc] = '\0'; ++ } ++ } ++ + return retbuf; + } + +diff -up cyrus-imapd-2.4.14/lib/imapoptions.authid_normalize cyrus-imapd-2.4.14/lib/imapoptions +--- cyrus-imapd-2.4.14/lib/imapoptions.authid_normalize 2012-03-12 12:47:51.000000000 +0100 ++++ cyrus-imapd-2.4.14/lib/imapoptions 2012-03-14 11:01:11.020256349 +0100 +@@ -844,6 +844,11 @@ Blank lines and lines beginning with ``# + /* Set the length of the NNTP server's inactivity autologout timer, + in minutes. The minimum value is 3, the default. */ + ++{ "normalizeuid", 0, SWITCH } ++/* Lowercase uid and strip leading and trailing blanks. It is recommended ++ to set this to yes, especially if OpenLDAP is used as authentication ++ source. */ ++ + { "notifysocket", "{configdirectory}/socket/notify", STRING } + /* Unix domain socket that the mail notification daemon listens on. */ + +diff -up cyrus-imapd-2.4.14/lib/libcyr_cfg.c.authid_normalize cyrus-imapd-2.4.14/lib/libcyr_cfg.c +--- cyrus-imapd-2.4.14/lib/libcyr_cfg.c.authid_normalize 2012-03-12 12:47:51.000000000 +0100 ++++ cyrus-imapd-2.4.14/lib/libcyr_cfg.c 2012-03-14 10:49:50.681822910 +0100 +@@ -158,6 +158,10 @@ struct cyrusopt_s cyrus_options[] = { + CFGVAL(long, 1), + CYRUS_OPT_SWITCH }, + ++ { CYRUSOPT_NORMALIZEUID, ++ CFGVAL(long, 1), ++ CYRUS_OPT_SWITCH }, ++ + { CYRUSOPT_LAST, { NULL }, CYRUS_OPT_NOTOPT } + }; + +diff -up cyrus-imapd-2.4.14/lib/libcyr_cfg.h.authid_normalize cyrus-imapd-2.4.14/lib/libcyr_cfg.h +--- cyrus-imapd-2.4.14/lib/libcyr_cfg.h.authid_normalize 2012-03-12 12:47:51.000000000 +0100 ++++ cyrus-imapd-2.4.14/lib/libcyr_cfg.h 2012-03-14 10:49:50.681822910 +0100 +@@ -116,6 +116,8 @@ enum cyrus_opt { + CYRUSOPT_SQL_USESSL, + /* Checkpoint after every recovery (OFF) */ + CYRUSOPT_SKIPLIST_ALWAYS_CHECKPOINT, ++ /* Lowercase uid and strip leading and trailing blanks (OFF) */ ++ CYRUSOPT_NORMALIZEUID, + + CYRUSOPT_LAST + diff --git a/SOURCES/cyrus-imapd-2.3.12p2-current-db.patch b/SOURCES/cyrus-imapd-2.3.12p2-current-db.patch new file mode 100644 index 0000000..85d242a --- /dev/null +++ b/SOURCES/cyrus-imapd-2.3.12p2-current-db.patch @@ -0,0 +1,21 @@ +diff -up cyrus-imapd-2.4.6/cmulocal/berkdb.m4.db4.7 cyrus-imapd-2.4.6/cmulocal/berkdb.m4 +--- cyrus-imapd-2.4.6/cmulocal/berkdb.m4.db4.7 2010-12-20 14:15:49.000000000 +0100 ++++ cyrus-imapd-2.4.6/cmulocal/berkdb.m4 2011-02-10 13:43:26.397438481 +0100 +@@ -214,6 +214,7 @@ AC_DEFUN([CYRUS_BERKELEY_DB_CHK_LIB], + + saved_LIBS=$LIBS + for dbname in ${with_bdb} \ ++ db \ + db-4.8 db4.8 db48 \ + db-4.7 db4.7 db47 \ + db-4.6 db4.6 db46 \ +@@ -226,8 +227,7 @@ AC_DEFUN([CYRUS_BERKELEY_DB_CHK_LIB], + db-3.3 db3.3 db33 \ + db-3.2 db3.2 db32 \ + db-3.1 db3.1 db31 \ +- db-3.0 db3.0 db30 db-3 db3 \ +- db ++ db-3.0 db3.0 db30 db-3 db3 + do + LIBS="$saved_LIBS -l$dbname" + AC_TRY_LINK([#include diff --git a/SOURCES/cyrus-imapd-2.3.16-tlsconfig.patch b/SOURCES/cyrus-imapd-2.3.16-tlsconfig.patch new file mode 100644 index 0000000..28d5e09 --- /dev/null +++ b/SOURCES/cyrus-imapd-2.3.16-tlsconfig.patch @@ -0,0 +1,108 @@ +New settings: + + tls_prefer_server_ciphers: 0 + + Prefer the cipher order configured on the server-side. + + tls_versions: ssl2 ssl3 tls1_0 tls1_1 tls1_2 + + Disable SSL/TLS protocols not in this list. + +diff --git a/imap/tls.c b/imap/tls.c +index b2cf666..5a626e2 100644 +--- a/imap/tls.c ++++ b/imap/tls.c +@@ -632,6 +632,7 @@ int tls_init_serverengine(const char *ident, + const char *s_cert_file; + const char *s_key_file; + int requirecert; ++ int server_cipher_order; + int timeout; + + if (tls_serverengine) +@@ -663,10 +657,40 @@ int tls_init_serverengine(const char *ident, + }; + + off |= SSL_OP_ALL; /* Work around all known bugs */ +- if (tlsonly) { +- off |= SSL_OP_NO_SSLv2; +- off |= SSL_OP_NO_SSLv3; ++ ++ const char *tls_versions = config_getstring(IMAPOPT_TLS_VERSIONS); ++ ++ if (strstr(tls_versions, "ssl2") == NULL || tlsonly) { ++ off |= SSL_OP_NO_SSLv2; ++ } ++ ++ if (strstr(tls_versions, "ssl3") == NULL || tlsonly) { ++ off |= SSL_OP_NO_SSLv3; ++ } ++ ++ if (strstr(tls_versions, "tls1_2") == NULL) { ++#if (OPENSSL_VERSION_NUMBER >= 0x1000105fL) ++ off |= SSL_OP_NO_TLSv1_2; ++#else ++ syslog(LOG_ERR, "ERROR: TLSv1.2 configured, OpenSSL < 1.0.1e insufficient"); ++#endif + } ++ ++ if (strstr(tls_versions, "tls1_1") == NULL) { ++#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) ++ off |= SSL_OP_NO_TLSv1_1; ++#else ++ syslog(LOG_ERR, "ERROR: TLSv1.1 configured, OpenSSL < 1.0.0 insufficient"); ++#endif ++ } ++ if (strstr(tls_versions, "tls1_0") == NULL) { ++ off |= SSL_OP_NO_TLSv1; ++ } ++ ++ server_cipher_order = config_getswitch(IMAPOPT_TLS_PREFER_SERVER_CIPHERS); ++ if (server_cipher_order) ++ off |= SSL_OP_CIPHER_SERVER_PREFERENCE; ++ + SSL_CTX_set_options(s_ctx, off); + SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback); + +@@ -1196,7 +1220,7 @@ int tls_init_clientengine(int verifydepth, + return -1; + } + +- c_ctx = SSL_CTX_new(TLSv1_client_method()); ++ c_ctx = SSL_CTX_new(SSLv23_client_method()); + if (c_ctx == NULL) { + return (-1); + }; +diff --git a/imtest/imtest.c b/imtest/imtest.c +index 01ac72c..50d115d 100644 +--- a/imtest/imtest.c ++++ b/imtest/imtest.c +@@ -510,7 +510,7 @@ static int tls_init_clientengine(int verifydepth, char *var_tls_cert_file, char + return IMTEST_FAIL; + } + +- tls_ctx = SSL_CTX_new(TLSv1_client_method()); ++ tls_ctx = SSL_CTX_new(SSLv23_client_method()); + if (tls_ctx == NULL) { + return IMTEST_FAIL; + }; +Index: cyrus-imapd-2.3.16/lib/imapoptions +=================================================================== +--- cyrus-imapd-2.3.16.orig/lib/imapoptions ++++ cyrus-imapd-2.3.16/lib/imapoptions +@@ -1288,6 +1288,15 @@ product version in the capabilities */ + the special use flag "\Drafts" added. Later versions of Cyrus + have a much more flexible RFC 6154 compatible system. */ + ++{ "tls_prefer_server_ciphers", 0, SWITCH } ++/* Prefer the ciphers on the server side instead of client side */ ++ ++{ "tls_versions", "ssl2 ssl3 tls1_0 tls1_1 tls1_2", STRING } ++/* A list of SSL/TLS versions to not disable. Cyrus IMAP SSL/TLS starts ++ with all protocols, and substracts protocols not in this list. Newer ++ versions of SSL/TLS will need to be added here to allow them to get ++ disabled. */ ++ + /* + .SH SEE ALSO + .PP diff --git a/SOURCES/cyrus-imapd-2.4.12-debugopt.patch b/SOURCES/cyrus-imapd-2.4.12-debugopt.patch new file mode 100644 index 0000000..170a994 --- /dev/null +++ b/SOURCES/cyrus-imapd-2.4.12-debugopt.patch @@ -0,0 +1,109 @@ +diff -up cyrus-imapd-2.4.12/imap/global.c.debugopt cyrus-imapd-2.4.12/imap/global.c +--- cyrus-imapd-2.4.12/imap/global.c.debugopt 2011-10-04 21:53:03.000000000 +0200 ++++ cyrus-imapd-2.4.12/imap/global.c 2011-11-22 14:24:28.272416643 +0100 +@@ -157,6 +157,10 @@ int cyrus_init(const char *alt_config, c + /* don't free the openlog() string! */ + } + ++ /* allow debug logging */ ++ if (!config_debug) ++ setlogmask(~LOG_MASK(LOG_DEBUG)); ++ + /* Look up default partition */ + config_defpartition = config_getstring(IMAPOPT_DEFAULTPARTITION); + for (p = (char *)config_defpartition; p && *p; p++) { +diff -up cyrus-imapd-2.4.12/imap/tls.c.debugopt cyrus-imapd-2.4.12/imap/tls.c +--- cyrus-imapd-2.4.12/imap/tls.c.debugopt 2011-10-04 21:53:03.000000000 +0200 ++++ cyrus-imapd-2.4.12/imap/tls.c 2011-11-22 14:24:28.272416643 +0100 +@@ -255,9 +255,9 @@ static DH *load_dh_param(const char *key + + if (ret == NULL) { + ret = get_dh1024(); +- syslog(LOG_NOTICE, "imapd:Loading hard-coded DH parameters"); ++ syslog(LOG_DEBUG, "imapd:Loading hard-coded DH parameters"); + } else { +- syslog(LOG_NOTICE, "imapd:Loading DH parameters from file"); ++ syslog(LOG_DEBUG, "imapd:Loading DH parameters from file"); + } + + if (bio != NULL) BIO_free(bio); +diff -up cyrus-imapd-2.4.12/lib/imapoptions.debugopt cyrus-imapd-2.4.12/lib/imapoptions +--- cyrus-imapd-2.4.12/lib/imapoptions.debugopt 2011-11-22 14:24:28.265416615 +0100 ++++ cyrus-imapd-2.4.12/lib/imapoptions 2011-11-22 14:24:28.273416647 +0100 +@@ -388,6 +388,9 @@ Blank lines and lines beginning with ``# + hashing done on configuration directories. This is recommended if + one partition has a very bushy mailbox tree. */ + ++{ "debug", 0, SWITCH } ++/* If enabled, allow syslog() to pass LOG_DEBUG messages. */ ++ + # Commented out - there's no such thing as "hostname_mechs", but we need + # this for the man page + # { "hostname_mechs", NULL, STRING } +diff -up cyrus-imapd-2.4.12/lib/libconfig.c.debugopt cyrus-imapd-2.4.12/lib/libconfig.c +--- cyrus-imapd-2.4.12/lib/libconfig.c.debugopt 2011-10-04 21:53:03.000000000 +0200 ++++ cyrus-imapd-2.4.12/lib/libconfig.c 2011-11-22 14:24:28.274416650 +0100 +@@ -84,6 +84,7 @@ int config_auditlog; + unsigned config_maxword; + unsigned config_maxquoted; + int config_qosmarking; ++int config_debug; + + /* declared in each binary that uses libconfig */ + extern const int config_need_data; +@@ -350,6 +351,9 @@ void config_read(const char *alt_config) + + ival = config_getenum(IMAPOPT_QOSMARKING); + config_qosmarking = qos[ival]; ++ ++ /* allow debug logging */ ++ config_debug = config_getswitch(IMAPOPT_DEBUG); + } + + #define GROWSIZE 4096 +diff -up cyrus-imapd-2.4.12/lib/libconfig.h.debugopt cyrus-imapd-2.4.12/lib/libconfig.h +--- cyrus-imapd-2.4.12/lib/libconfig.h.debugopt 2011-10-04 21:53:03.000000000 +0200 ++++ cyrus-imapd-2.4.12/lib/libconfig.h 2011-11-22 14:24:28.274416650 +0100 +@@ -82,6 +82,7 @@ extern int config_auditlog; + extern unsigned config_maxquoted; + extern unsigned config_maxword; + extern int config_qosmarking; ++extern int config_debug; + + /* config requirement flags */ + #define CONFIG_NEED_PARTITION_DATA (1<<0) +diff -up cyrus-imapd-2.4.12/master/master.c.debugopt cyrus-imapd-2.4.12/master/master.c +--- cyrus-imapd-2.4.12/master/master.c.debugopt 2011-10-04 21:53:03.000000000 +0200 ++++ cyrus-imapd-2.4.12/master/master.c 2011-11-22 14:30:47.243975974 +0100 +@@ -1984,7 +1984,7 @@ int main(int argc, char **argv) + if(pidlock_fd != -1) close(pidlock_fd); + } + +- syslog(LOG_NOTICE, "process started"); ++ syslog(LOG_DEBUG, "process started"); + + #if defined(HAVE_UCDSNMP) || defined(HAVE_NETSNMP) + /* initialize SNMP agent */ +@@ -2041,7 +2041,7 @@ int main(int argc, char **argv) + init_janitor(); + + /* ok, we're going to start spawning like mad now */ +- syslog(LOG_NOTICE, "ready for work"); ++ syslog(LOG_DEBUG, "ready for work"); + + now = time(NULL); + for (;;) { +diff -up cyrus-imapd-2.4.12/master/masterconf.c.debugopt cyrus-imapd-2.4.12/master/masterconf.c +--- cyrus-imapd-2.4.12/master/masterconf.c.debugopt 2011-10-04 21:53:03.000000000 +0200 ++++ cyrus-imapd-2.4.12/master/masterconf.c 2011-11-22 14:24:28.276416658 +0100 +@@ -99,6 +99,10 @@ int masterconf_init(const char *ident, c + /* don't free the openlog() string! */ + } + ++ /* drop debug messages locally */ ++ if (!config_debug) ++ setlogmask(~LOG_MASK(LOG_DEBUG)); ++ + return 0; + } + diff --git a/SOURCES/cyrus-imapd-2.4.17-free_body_leak.patch b/SOURCES/cyrus-imapd-2.4.17-free_body_leak.patch new file mode 100644 index 0000000..56d1652 --- /dev/null +++ b/SOURCES/cyrus-imapd-2.4.17-free_body_leak.patch @@ -0,0 +1,23 @@ +diff -up cyrus-imapd-2.4.17/imap/imapd.c.renaud cyrus-imapd-2.4.17/imap/imapd.c +--- cyrus-imapd-2.4.17/imap/imapd.c.renaud 2017-05-02 16:17:54.000000000 +0200 ++++ cyrus-imapd-2.4.17/imap/imapd.c 2017-05-05 09:00:31.000000000 +0200 +@@ -3446,7 +3446,10 @@ void cmd_append(char *tag, char *name, c + (const char **) stage[i]->flag, + stage[i]->nflags, 0); + } +- if (body) message_free_body(body); ++ if (body) { ++ message_free_body(body); ++ free(body); ++ } + } + + if (!r) { +@@ -9745,6 +9748,7 @@ struct searchargs *s; + freestrlist(s->cc); + freestrlist(s->bcc); + freestrlist(s->subject); ++ freestrlist(s->messageid); + freestrlist(s->body); + freestrlist(s->text); + freestrlist(s->header_name); diff --git a/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch b/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch new file mode 100644 index 0000000..afe7433 --- /dev/null +++ b/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch @@ -0,0 +1,25 @@ +--- ./doc/man/imapd.conf.5.html.orig 2017-03-02 12:35:16.049738613 +0100 ++++ ./doc/man/imapd.conf.5.html 2017-03-02 12:36:22.329737530 +0100 +@@ -1165,11 +1165,6 @@ +

The SASL password (if needed) + to use when authenticating to the mupdate server.

+ +-

mupdate_port: 3905

+- +-

The port of the mupdate server +-for the Cyrus Murder

+- +

mupdate_realm: + <none>

+ +--- ./man/imapd.conf.5.orig 2017-03-02 12:35:16.049738613 +0100 ++++ ./man/imapd.conf.5 2017-03-02 12:36:22.329737530 +0100 +@@ -628,8 +628,6 @@ + .IP "\fBmupdate_password:\fR " 5 + The SASL password (if needed) to use when authenticating to the + mupdate server. +-.IP "\fBmupdate_port:\fR 3905" 5 +-The port of the mupdate server for the Cyrus Murder + .IP "\fBmupdate_realm:\fR " 5 + The SASL realm (if needed) to use when authenticating to the mupdate + server. diff --git a/SOURCES/cyrus-imapd-keygen.service b/SOURCES/cyrus-imapd-keygen.service new file mode 100644 index 0000000..ef2c490 --- /dev/null +++ b/SOURCES/cyrus-imapd-keygen.service @@ -0,0 +1,8 @@ +[Unit] +Description=cyrus-imapd Certificate Generator +ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd.pem + +[Service] +Type=oneshot +ExecStart=/usr/libexec/cyrus-imapd-keygen.sh +RemainAfterExit=yes diff --git a/SOURCES/cyrus-imapd-keygen.sh b/SOURCES/cyrus-imapd-keygen.sh new file mode 100755 index 0000000..5067300 --- /dev/null +++ b/SOURCES/cyrus-imapd-keygen.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +CERT_FILE="/etc/pki/cyrus-imapd/cyrus-imapd.pem" +CERT_DIR="/etc/pki/tls/certs" + +umask 077 +cd "$CERT_DIR" + +cat << EOF | make cyrus-imapd.pem +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +localhost.localdomain +root@localhost.localdomain +EOF + +chown root.mail cyrus-imapd.pem +chmod 640 cyrus-imapd.pem +mv cyrus-imapd.pem "$CERT_FILE" diff --git a/SOURCES/cyrus-imapd-load_ecdh_ciphers.patch b/SOURCES/cyrus-imapd-load_ecdh_ciphers.patch new file mode 100644 index 0000000..b1ecfe4 --- /dev/null +++ b/SOURCES/cyrus-imapd-load_ecdh_ciphers.patch @@ -0,0 +1,14 @@ +diff --git a/imap/tls.c b/imap/tls.c +index fcc8ab6..4c83c83 100644 +--- a/imap/tls.c ++++ b/imap/tls.c +@@ -775,7 +775,8 @@ int tls_init_serverengine(const char *ident, + #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) + /* Load DH params for DHE-* key exchanges */ + SSL_CTX_set_tmp_dh(s_ctx, load_dh_param(s_key_file, s_cert_file)); +- /* FIXME: Load ECDH params for ECDHE suites when 0.9.9 is released */ ++ /* Enable ECDH ciphers */ ++ SSL_CTX_set_ecdh_auto(s_ctx,1); + #endif + + verify_depth = verifydepth; diff --git a/SOURCES/cyrus-imapd-password_option.patch b/SOURCES/cyrus-imapd-password_option.patch new file mode 100644 index 0000000..3605e0f --- /dev/null +++ b/SOURCES/cyrus-imapd-password_option.patch @@ -0,0 +1,175 @@ +diff --git a/man/imtest.1 b/man/imtest.1 +index 5323186..6a9bb12 100644 +--- a/man/imtest.1 ++++ b/man/imtest.1 +@@ -67,6 +67,10 @@ imtest \- interactive IMAP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -161,6 +165,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI \-w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/lmtptest.1 b/man/lmtptest.1 +index 4381628..25b646b 100644 +--- a/man/lmtptest.1 ++++ b/man/lmtptest.1 +@@ -67,6 +67,10 @@ lmtptest \- interactive LMTP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -139,6 +143,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt). ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/mupdatetest.1 b/man/mupdatetest.1 +index aa9b44c..6332725 100644 +--- a/man/mupdatetest.1 ++++ b/man/mupdatetest.1 +@@ -63,6 +63,10 @@ mupdatetest \- interactive MUPDATE test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -127,6 +131,9 @@ Userid to use for authentication; defaults to the current user. + This is the userid whose password or credentials will be presented to + the server for verification. + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -u " userid" + Userid to use for authorization; defaults to the current user. + This is the userid whose identity will be assumed after authentication. +diff --git a/man/nntptest.1 b/man/nntptest.1 +index 8a75487..55c4162 100644 +--- a/man/nntptest.1 ++++ b/man/nntptest.1 +@@ -67,6 +67,10 @@ nntptest \- interactive NNTP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -143,6 +147,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/pop3test.1 b/man/pop3test.1 +index 24b2efd..2d57c44 100644 +--- a/man/pop3test.1 ++++ b/man/pop3test.1 +@@ -67,6 +67,10 @@ pop3test \- interactive POP3 test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -143,6 +147,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/sivtest.1 b/man/sivtest.1 +index 993b337..51d191d 100644 +--- a/man/sivtest.1 ++++ b/man/sivtest.1 +@@ -67,6 +67,10 @@ sivtest \- interactive MANAGESIEVE test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -139,6 +143,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/smtptest.1 b/man/smtptest.1 +index 2726d08..8f6902b 100644 +--- a/man/smtptest.1 ++++ b/man/smtptest.1 +@@ -67,6 +67,10 @@ smtptest \- interactive SMTP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -142,6 +146,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP diff --git a/SOURCES/cyrus-imapd.cron-daily b/SOURCES/cyrus-imapd.cron-daily new file mode 100644 index 0000000..e973692 --- /dev/null +++ b/SOURCES/cyrus-imapd.cron-daily @@ -0,0 +1,36 @@ +#!/bin/sh +# +# This file is run on a daily basis to perform a backup of your +# mailbox list which can be used to recreate mailboxes.db from backup. +# Restore is done using ctl_mboxlist after uncompressing the file. + +BACKDIR="/var/lib/imap/backup" +MBOXLIST="${BACKDIR}/mboxlist" +ROTATE=6 + +# fallback to su if runuser not available +if [ -x /sbin/runuser ]; then + RUNUSER=runuser +else + RUNUSER=su +fi + +# source custom configuration +if [ -f /etc/sysconfig/cyrus-imapd ]; then + . /etc/sysconfig/cyrus-imapd +fi + +[ -x /usr/lib/cyrus-imapd/ctl_mboxlist ] || exit 0 +[ -f /var/lib/imap/db/skipstamp ] || exit 0 + +# rotate mailbox lists +seq $[ $ROTATE - 1 ] -1 1 | while read i; do + [ -f ${MBOXLIST}.${i}.gz ] && mv -f ${MBOXLIST}.${i}.gz ${MBOXLIST}.$[ $i + 1 ].gz +done +[ -f ${MBOXLIST}.gz ] && mv -f ${MBOXLIST}.gz ${MBOXLIST}.1.gz + +# export mailboxes.db +$RUNUSER - cyrus -s /bin/sh -c "umask 077 < /dev/null ; /usr/lib/cyrus-imapd/ctl_mboxlist -d | gzip > ${MBOXLIST}.gz" + +exit 0 +# EOF diff --git a/SOURCES/cyrus-imapd.cvt_cyrusdb_all b/SOURCES/cyrus-imapd.cvt_cyrusdb_all new file mode 100644 index 0000000..5a5227d --- /dev/null +++ b/SOURCES/cyrus-imapd.cvt_cyrusdb_all @@ -0,0 +1,409 @@ +#!/bin/bash + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# This script converts all db files of a cyrus installation from their +# existing format to the format required by the current installation. +# The format of current db files is determined using the 'file' command +# with a magic file added for skiplist db, the new format is read from +# a config file usually in /usr/share/cyrus-imapd/rpm/db.cfg, which is +# created while compiling. After converting, the db.cfg file is +# copied to a cache file usually at /var/lib/imap/rpm/db.cfg.cache to +# allow bypassing this converting script if both files are identical. +# While this is a bit less secure, it may be useful on big server where +# db converting is done automatically. +# +# This script can safely be run as root, it will reexec itself as user +# cyrus if needed. +# +# author: Simon Matter, Invoca Systems + +# changelog +# v1.0.1, Oct 22 2002 Simon Matter +# - added two-step conversion method +# +# v1.0.2, Jan 10 2003 Simon Matter +# - fixed a bug where cvt_cyrusdb was called to convert empty or +# nonexistent files +# +# v1.0.3, Mar 14 2003 Simon Matter +# - fixed a problem with new versions of the file command +# +# v1.0.4 +# - added GPL license +# +# v1.0.5, May 02 2003 Simon Matter +# - modified exec path +# +# v1.0.6, Jul 18 2003 Simon Matter +# - changed db3 to berkeley +# - added new db backends for 2.2 +# +# v1.0.7, Jan 23 2004 Simon Matter +# - included some modifications from Luca Olivetti +# - added masssievec functionality +# +# v1.0.8, Jan 28 2004 Simon Matter +# - convert sieve scripts to UTF-8 before calling masssievec +# +# v1.0.9, Jan 29 2004 Simon Matter +# - convert sieve scripts to UTF-8 only if sievec failed before +# +# v1.0.10, Feb 24 2004 Simon Matter +# - change su within init script to get input from +# /dev/null, this prevents hang when running in SELinux +# +# v1.0.11, Mar 02 2004 Simon Matter +# - fixed SELinux fix +# +# v1.0.12, Dec 16 2004 Simon Matter +# - use runuser instead of su if available +# +# v1.0.13, Jul 15 2005 Simon Matter +# - don't use flat in the two step conversion, use skiplist instead +# +# v1.0.14, Jul 18 2005 Simon Matter +# - replace the order of the magic files in the file call to make +# sure skiplist is detected correctly. +# +# v1.0.15, Aug 17 2005 Simon Matter +# - add functionality to export all berkeley db files to skiplist +# +# v1.1.0, Aug 18 2005 Simon Matter +# - fix export functionality, try to recover Berkeley databases +# as much as possible before any conversion. +# +# v1.1.1, Dec 05 2005 Simon Matter +# - run db_checkpoint in background with a timeout to prevent +# that cyrus-imapd doesn't start at all if it hangs. +# +# v1.1.2, Dec 06 2005 Simon Matter +# - make handling of db_checkpoint more robust +# +# v1.2.0, Jan 12 2006 Simon Matter +# - adopt for cyrus-imapd-2.3 +# +# v1.2.1, Jan 13 2006 Simon Matter +# - code cleanup +# +# v1.2.2, Nov 29 2007 Simon Matter +# - add ability to handle "@include" options in imapd.conf, patch +# provided by Tim Bannister +# +# v1.2.3, Feb 07 2008 Simon Matter +# - add ability to handle tabs in imapd.conf, patch provided +# by Franz Knipp +# - disable default values for some config options like sievedir +# +# v1.2.4, Apr 23 2008 Simon Matter +# - add support for statuscache.db +# +# v1.3.0, Sep 29 2008 Simon Matter +# - add multi-instance support +# +# v1.3.1, Oct 09 2008 Simon Matter +# - improve variable handling +# +# v1.3.2, May 26 2009 Simon Matter +# - add some sanity checks to multi-instance support +# +# v1.3.3, May 27 2009 Simon Matter +# - make some cosmetic changes +# +# v1.3.4, Dec 22 2009 Simon Matter +# - add support for user_deny.db + +VERSION=1.3.4 + +PIDFILE=/var/run/cyrus-master${INSTANCE}.pid + +# instance config +CYRUSCONF=/etc/cyrus${INSTANCE}.conf +IMAPDCONF=/etc/imapd${INSTANCE}.conf + +# make sure what we have is a valid instance +# and that config files are present +if [ -n "$INSTANCE" ]; then + [ -L /etc/rc.d/init.d/${BASENAME} ] || exit 0 +fi +[ -f $CYRUSCONF ] || exit 0 +[ -f $IMAPDCONF ] || exit 0 + +if [ -f $PIDFILE ]; then + read CYRUS_PID < $PIDFILE + if [ -n "$CYRUS_PID" ]; then + if ps -p $CYRUS_PID > /dev/null 2>&1; then + echo "ERROR: cyrus-master is running, unable to convert mailboxes!" + exit 1 + fi + fi +fi + +if [ ! -f $IMAPDCONF ]; then + echo "ERROR: configuration file '${IMAPDCONF}' not found, exiting!" + exit 1 +fi + +# fallback to su if runuser not available +if [ -x /sbin/runuser ]; then + RUNUSER=runuser +else + RUNUSER=su +fi + +# force cyrus user for security reasons +if [ ! $(whoami) = "cyrus" ]; then + exec $RUNUSER - cyrus -c "cd $PWD < /dev/null ; INSTANCE=$INSTANCE $0 $*" +fi + +# special function for migration +EXPORT=$1 + +# files get mode 0600 +umask 166 + +# show version info in log files +echo "cvt_cyrusdb_all version: $VERSION" + +# expand_config +# handle "@include" sections from imapd style config file +expand_config() { + while read line; do + if printf "%s\n" "${line}" | grep -q '^@include:'; then + expand_config "$( printf "%s\n" "${line}" | cut -d : -f 2- | sed -e 's/^[\t ]*//' )" + else + printf "%s\n" "${line}" + fi + done < $1 +} + +# get_config [] +# extracts config option from config file +get_config() { + searchstr=$1 + if config="$(expand_config $IMAPDCONF | egrep "^${searchstr}:")"; then + CFGVAL="$(printf "%s\n" "$config" | cut -d : -f 2- | sed -e 's/^[\t ]*//')" + else + if [ -z "$2" ]; then + echo "ERROR: config option '$1' not found in ${IMAPDCONF}, exiting!" 1>&2 + return 1 + fi + CFGVAL="$2" + fi + echo "get_config ${1}: $CFGVAL" 1>&2 + echo "$CFGVAL" +} + +# where to find files and directories +data_dir=/usr/share/cyrus-imapd/rpm +lib_dir=/usr/lib/cyrus-imapd +system_magic=$(file --version | awk '/magic file/ {print $4}') +cyrus_magic=${data_dir}/magic +cvt_cyrusdb=${lib_dir}/cvt_cyrusdb +sievec=${lib_dir}/sievec +masssievec=${lib_dir}/masssievec +imap_prefix=$(get_config configdirectory) || exit 1 +sieve_dir=$(get_config sievedir) || exit 1 +db_cfg=${data_dir}/db.cfg +db_current=${imap_prefix}/rpm/db.cfg.current +db_cache=${imap_prefix}/rpm/db.cfg.cache + +# source default db backend config +. $db_cfg + +# get configured db backend config +duplicate_db=$(get_config duplicate_db $duplicate_db) || exit 1 +mboxlist_db=$(get_config mboxlist_db $mboxlist_db) || exit 1 +seenstate_db=$(get_config seenstate_db $seenstate_db) || exit 1 +subscription_db=$(get_config subscription_db $subscription_db) || exit 1 +tlscache_db=$(get_config tlscache_db $tlscache_db) || exit 1 +annotation_db=$(get_config annotation_db $annotation_db) || exit 1 +mboxkey_db=$(get_config mboxkey_db $mboxkey_db) || exit 1 +ptscache_db=$(get_config ptscache_db $ptscache_db) || exit 1 +quota_db=$(get_config quota_db $quota_db) || exit 1 +statuscache_db=$(get_config statuscache_db $statuscache_db) || exit 1 +userdeny_db=$(get_config userdeny_db $userdeny_db) || exit 1 + +# remember current db backend config +{ +echo "duplicate_db=${duplicate_db}" +echo "mboxlist_db=${mboxlist_db}" +echo "seenstate_db=${seenstate_db}" +echo "subscription_db=${subscription_db}" +echo "tlscache_db=${tlscache_db}" +echo "annotation_db=${annotation_db}" +echo "mboxkey_db=${mboxkey_db}" +echo "ptscache_db=${ptscache_db}" +echo "quota_db=${quota_db}" +echo "statuscache_db=${statuscache_db}" +echo "userdeny_db=${userdeny_db}" +echo "sieve_version=${sieve_version}" +} | sort > $db_current + +# file_type +file_type() { + this_type=$(file -b -m "${cyrus_magic}:${system_magic}" "$1" 2> /dev/null) + if echo "$this_type" | grep -qi skip > /dev/null 2>&1; then + echo skiplist + elif echo "$this_type" | grep -qi text > /dev/null 2>&1; then + echo flat + else + echo berkeley + fi +} + +# cvt_file +cvt_file() { + target="$1" + new_db="$2" + if [ -s "$target" ]; then + old_db=$(file_type "$target") + if [ ! "$old_db" = "$new_db" ]; then + # The two-step conversion is paranoia against the filenames being encoded + # inside the database or logfiles (berkeley does this, for example). + rm -f "${target}.skiplist" + if [ "$old_db" = "skiplist" ]; then + cp -a "$target" "${target}.skiplist" + else + $cvt_cyrusdb -C $IMAPDCONF "$target" "$old_db" "${target}.skiplist" skiplist + fi + RETVAL=$? + ERRVAL=$(( $ERRVAL + $RETVAL )) + if [ $RETVAL -eq 0 ]; then + rm -f "$target" + if [ -s "${target}.skiplist" ]; then + if [ "$new_db" = "skiplist" ]; then + cp -a "${target}.skiplist" "$target" + else + $cvt_cyrusdb -C $IMAPDCONF "${target}.skiplist" skiplist "$target" "$new_db" + fi + fi + RETVAL=$? + ERRVAL=$(( $ERRVAL + $RETVAL )) + if [ $RETVAL -eq 0 ]; then + rm -f "${target}.skiplist" + else + echo "ERROR: unable to convert ${target}.skiplist from skiplist to $new_db" + fi + else + echo "ERROR: unable to convert $target from $old_db to skiplist" + fi + fi + fi +} + +# cvt_to_utf8 +cvt_to_utf8() { + target="$1" + if [ -s "$target" ]; then + if ! $sievec -C $IMAPDCONF "$target" "${target}.sievec"; then + iconv --from-code=ISO-8859-1 --to-code=UTF-8 --output="${target}.UTF-8" "$target" + if [ -s "${target}.UTF-8" ]; then + # preserve timestamp + touch --reference="${target}" "${target}.UTF-8" + mv -f "${target}.UTF-8" "$target" + else + ERRVAL=$(( $ERRVAL + 1 )) + fi + fi + rm -f "${target}.sievec" + fi +} + +ERRVAL=0 + +# make sure our Berkeley databases are in a sane state +# wait for db_checkpoint to end successfully or kill it after a timeout +db_checkpoint -v -1 -h ${imap_prefix}/db & +DB_CHECK_PID=$! +CNT=0 +while [ $CNT -lt 60 ]; do + if ! kill -0 $DB_CHECK_PID > /dev/null 2>&1; then + break + fi + sleep 1 + let CNT+=1 +done +if kill -0 $DB_CHECK_PID > /dev/null 2>&1; then + kill -USR1 $DB_CHECK_PID > /dev/null 2>&1 + sleep 1 + kill -KILL $DB_CHECK_PID > /dev/null 2>&1 + wait $DB_CHECK_PID > /dev/null 2>&1 +fi + +# do a normal recovery +db_recover -v -h ${imap_prefix}/db +RETVAL=$? +if [ $RETVAL -ne 0 ]; then + # try a catastrophic recovery instead of normal recovery + db_recover -v -c -h ${imap_prefix}/db + RETVAL=$? + ERRVAL=$(( $ERRVAL + $RETVAL )) + if [ $RETVAL -ne 0 ]; then + echo "ERROR: catastrophic recovery of Berkeley databases failed" + fi +fi + +if [ "$EXPORT" = "export" ]; then + # convert all db files to portable format for migration + # TODO: quota_db, we don't touch it for now + cvt_file ${imap_prefix}/deliver.db "skiplist" + cvt_file ${imap_prefix}/mailboxes.db "skiplist" + cvt_file ${imap_prefix}/tls_sessions.db "skiplist" + cvt_file ${imap_prefix}/annotations.db "skiplist" + cvt_file ${imap_prefix}/ptclient/ptscache.db "skiplist" + cvt_file ${imap_prefix}/statuscache.db "skiplist" + cvt_file ${imap_prefix}/user_deny.db "flat" + rm -vf ${imap_prefix}/db/log.* + rm -vf ${imap_prefix}/db/__db.* +else + # always convert db files which have been converted to skiplist + # TODO: quota_db, we don't touch it for now + cvt_file ${imap_prefix}/deliver.db "$duplicate_db" + cvt_file ${imap_prefix}/mailboxes.db "$mboxlist_db" + cvt_file ${imap_prefix}/tls_sessions.db "$tlscache_db" + cvt_file ${imap_prefix}/annotations.db "$annotation_db" + cvt_file ${imap_prefix}/ptclient/ptscache.db "$ptscache_db" + cvt_file ${imap_prefix}/statuscache.db "$statuscache_db" + cvt_file ${imap_prefix}/user_deny.db "$userdeny_db" + # do we have to convert all databases? + if ! cmp -s $db_current $db_cache; then + # we treat sieve scripts the same way like db files + find ${sieve_dir}/ -name "*.script" -type f | while read db_file trash; do + cvt_to_utf8 "$db_file" + done + $masssievec $sievec $IMAPDCONF + # convert all db files left + find ${imap_prefix}/user/ -name "*.seen" -type f | while read db_file trash; do + cvt_file "$db_file" "$seenstate_db" + done + find ${imap_prefix}/user/ -name "*.sub" -type f | while read db_file trash; do + cvt_file "$db_file" "$subscription_db" + done + find ${imap_prefix}/user/ -name "*.mboxkey" -type f | while read db_file trash; do + cvt_file "$db_file" "$mboxkey_db" + done + fi +fi + +# update the config cache file so we can check whether something has changed +if [ $ERRVAL -eq 0 ]; then + mv -f $db_current $db_cache +else + rm -f $db_cache + rm -f $db_current +fi + +exit $ERRVAL diff --git a/SOURCES/cyrus-imapd.imap-2.3.x-conf b/SOURCES/cyrus-imapd.imap-2.3.x-conf new file mode 100644 index 0000000..9a6b5b5 --- /dev/null +++ b/SOURCES/cyrus-imapd.imap-2.3.x-conf @@ -0,0 +1,15 @@ +configdirectory: /var/lib/imap +partition-default: /var/spool/imap +admins: cyrus +sievedir: /var/lib/imap/sieve +sendmail: /usr/sbin/sendmail +hashimapspool: true +sasl_pwcheck_method: saslauthd +sasl_mech_list: PLAIN LOGIN +allowplaintext: no +defaultdomain: mail +tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem +tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem +tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt +# uncomment this if you're operating in a DSCP environment (RFC-4594) +# qosmarking: af13 diff --git a/SOURCES/cyrus-imapd.logrotate b/SOURCES/cyrus-imapd.logrotate new file mode 100644 index 0000000..2f55827 --- /dev/null +++ b/SOURCES/cyrus-imapd.logrotate @@ -0,0 +1,7 @@ +/var/log/imapd.log /var/log/auth.log { + missingok + sharedscripts + postrotate + /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true + endscript +} diff --git a/SOURCES/cyrus-imapd.magic b/SOURCES/cyrus-imapd.magic new file mode 100644 index 0000000..85831fb --- /dev/null +++ b/SOURCES/cyrus-imapd.magic @@ -0,0 +1,9 @@ +# Magic +# Magic data for file(1) command. +# Format is described in magic(files), where: +# files is 5 on V7 and BSD, 4 on SV, and ?? in the SVID. + +#------------------------------------------------------------------------------ +# skiplist: file(1) magic Cyrus skiplist DB +# +0 string \241\002\213\015skiplist\ file\0\0\0 Cyrus skiplist DB diff --git a/SOURCES/cyrus-imapd.pam-config b/SOURCES/cyrus-imapd.pam-config new file mode 100644 index 0000000..5b9f05f --- /dev/null +++ b/SOURCES/cyrus-imapd.pam-config @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_nologin.so +auth include password-auth +account include password-auth +session include password-auth diff --git a/SOURCES/cyrus-imapd.service b/SOURCES/cyrus-imapd.service new file mode 100644 index 0000000..f06eb20 --- /dev/null +++ b/SOURCES/cyrus-imapd.service @@ -0,0 +1,16 @@ +[Unit] +Description=Cyrus-imapd IMAP/POP3 email server +After=local-fs.target network.target +After=cyrus-imapd-keygen.service +Wants=cyrus-imapd-keygen.service + +[Service] +Type=simple +EnvironmentFile=/etc/sysconfig/cyrus-imapd +ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start +ExecStart=/usr/lib/cyrus-imapd/cyrus-master $CYRUSOPTIONS +ExecStopPost=/usr/lib/cyrus-imapd/cyr_systemd_helper stop +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/cyrus-imapd.sysconfig b/SOURCES/cyrus-imapd.sysconfig new file mode 100644 index 0000000..ad8bec5 --- /dev/null +++ b/SOURCES/cyrus-imapd.sysconfig @@ -0,0 +1,5 @@ +# Options to cyrus-master +CYRUSOPTIONS="" + +# Mailbox list dumps are rotated n times via cron.daily +#ROTATE=6 diff --git a/SPECS/cyrus-imapd.spec b/SPECS/cyrus-imapd.spec new file mode 100644 index 0000000..6ee3725 --- /dev/null +++ b/SPECS/cyrus-imapd.spec @@ -0,0 +1,1580 @@ +Name: cyrus-imapd +Version: 2.4.17 +Release: 15%{?dist} + +%define ssl_pem_file %{_sysconfdir}/pki/%{name}/%{name}.pem + +# uid/gid reserved, see setup:/usr/share/doc/setup*/uidgid +%define uid 76 +%define gid 76 + +%define _cyrususer cyrus +%define _cyrusgroup mail +%define _cyrexecdir %{_exec_prefix}/lib/%{name} + +Summary: A high-performance mail server with IMAP, POP3, NNTP and SIEVE support +License: BSD +Group: System Environment/Daemons +URL: http://www.cyrusimap.org/ +Source0: ftp://ftp.cyrusimap.org/cyrus-imapd/%{name}-%{version}.tar.gz +Source1: cyrus-imapd.logrotate +Source2: cyrus-imapd.imap-2.3.x-conf +Source3: cyrus-imapd.pam-config +Source7: cyrus-imapd.sysconfig +Source8: cyrus-imapd.cvt_cyrusdb_all +Source9: cyrus-imapd.magic +Source10: cyrus-imapd.cron-daily +Source11: README.rpm + +#systemd support +Source12: cyrus-imapd.service +Source13: cyr_systemd_helper +Source14: cyrus-imapd-keygen.service +Source15: cyrus-imapd-keygen.sh + +Patch3: http://www.oakton.edu/~jwade/cyrus/cyrus-imapd-2.1.3/cyrus-imapd-2.1.3-flock.patch + +Patch4: cyrus-imapd-2.3.1-authid_normalize.patch + +# fedora/rhel specific, find current db lib, rhbz#461875 +Patch6: cyrus-imapd-2.3.12p2-current-db.patch + +# for c-i <= 2.4.12 +Patch8: cyrus-imapd-2.4.12-debugopt.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1196210 +# https://access.redhat.com/security/cve/CVE-2014-3566 +Patch9: cyrus-imapd-2.3.16-tlsconfig.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=504813 +Patch10: cyrus-imapd-2.4.17-no-mupdate-port.patch +## https://bugzilla.redhat.com/show_bug.cgi?id=1449501 +Patch11: cyrus-imapd-2.4.17-free_body_leak.patch + +## https://bugzilla.redhat.com/show_bug.cgi?id=1569941 +Patch12: cyrus-imapd-load_ecdh_ciphers.patch + +## https://bugzilla.redhat.com/1508363 +Patch13: cyrus-imapd-password_option.patch + +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +BuildRequires: autoconf +BuildRequires: cyrus-sasl-devel, perl-devel, tcp_wrappers +BuildRequires: libdb-devel, openssl-devel, pkgconfig +BuildRequires: flex, bison, groff, automake +BuildRequires: openldap-devel +BuildRequires: krb5-devel +BuildRequires: net-snmp-devel +BuildRequires: transfig + +Requires(post): e2fsprogs, perl, grep, coreutils, findutils, systemd-units +Requires(preun): systemd-units, coreutils +Requires(postun): systemd-units + +Requires: %{name}-utils = %{version}-%{release} +Requires: file, libdb-utils +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%{?perl_default_filter} + +%description +The %{name} package contains the core of the Cyrus IMAP server. +It is a scaleable enterprise mail system designed for use from +small to large enterprise environments using standards-based +internet mail technologies. + +A full Cyrus IMAP implementation allows a seamless mail and bulletin +board environment to be set up across multiple servers. It differs from +other IMAP server implementations in that it is run on "sealed" +servers, where users are not normally permitted to log in and have no +system account on the server. The mailbox database is stored in parts +of the file system that are private to the Cyrus IMAP server. All user +access to mail is through software using the IMAP, POP3 or KPOP +protocols. It also includes support for virtual domains, NNTP, +mailbox annotations, and much more. The private mailbox database design +gives the server large advantages in efficiency, scalability and +administratability. Multiple concurrent read/write connections to the +same mailbox are permitted. The server supports access control lists on +mailboxes and storage quotas on mailbox hierarchies. + +The Cyrus IMAP server supports the IMAP4rev1 protocol described +in RFC 3501. IMAP4rev1 has been approved as a proposed standard. +It supports any authentication mechanism available from the SASL +library, imaps/pop3s/nntps (IMAP/POP3/NNTP encrypted using SSL and +TLSv1) can be used for security. The server supports single instance +store where possible when an email message is addressed to multiple +recipients, SIEVE provides server side email filtering. + +%package devel +Group: Development/Libraries +Summary: Cyrus IMAP server development files +Provides: %{name}-static = %{version}-%{release} + +%description devel +The %{name}-devel package contains header files and libraries +necessary for developing applications which use the imclient library. + +%package utils +Group: Applications/System +Summary: Cyrus IMAP server administration utilities +Requires(pre): shadow-utils +Requires(post): grep, coreutils, make, openssl +Requires(postun): shadow-utils +Obsoletes: %{name}-perl < 2.3.16-5 + +%description utils +The %{name}-utils package contains administrative tools for the +Cyrus IMAP server. It can be installed on systems other than the +one running the server. + +%prep +%setup -q +%patch3 -p1 -b .flock +%patch4 -p1 -b .authid_normalize +%patch6 -p1 -b .libdb +%patch8 -p1 -b .debugopt +%patch9 -p1 +# We are skipping Patch10 so that we can apply it later in the process. +# %patch10 -p1 + +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 -b .pwd-option + +install -m 644 %{SOURCE11} doc/ + +# only to update config.* files +automake -a -f -c || : +aclocal -I cmulocal +autoheader +autoconf -f + +# Modify docs master --> cyrus-master +%{__perl} -pi -e "s@master\(8\)@cyrus-master(8)@" man/*5 man/*8 lib/imapoptions +sed -i -e 's|\([^-]\)master|\1cyrus-master|g;s|^master|cyrus-master|g;s|Master|Cyrus-master|g;s|MASTER|CYRUS-MASTER|g' \ + man/master.8 doc/man.html + +# Modify path in perl scripts +find . -type f -name "*.pl" | xargs %{__perl} -pi -e "s@/usr/local/bin/perl@%{__perl}@" + +# modify lmtp socket path in .conf files +%{__perl} -pi -e "s@/var/imap/@%{_var}/lib/imap/@" master/conf/*.conf doc/cyrusv2.mc + +# enable idled in .conf files to prevent error messages +%{__perl} -pi -e "s/# idled/ idled/" master/conf/*.conf + +# Fix permissions on perl programs +find . -type f -name "*.pl" -exec chmod 755 {} \; + +%build +%global _hardened_build 1 + +CPPFLAGS="${__global_cflags} -I%{_includedir}/et -I%{_includedir}/kerberosIV -fno-strict-aliasing"; export CPPFLAGS +CFLAGS="%{__global_cflags} -fno-strict-aliasing"; export CFLAGS +CCDLFLAGS="-rdynamic"; export CCDLFLAGS +LDFLAGS="-Wl,-z,now -Wl,-z,relro" +%ifnarch ppc ppc64 +LDFLAGS="$LDFLAGS -pie"; export LDFLAGS +%endif + +%{configure} \ + --enable-netscapehack \ + --enable-listext \ + --enable-idled \ + --with-ldap=/usr \ + --with-snmp \ + --enable-murder \ + --enable-replication \ + --enable-nntp \ + --with-perl=%{__perl} \ + --with-cyrus-prefix=%{_cyrexecdir} \ + --with-service-path=%{_cyrexecdir} \ + --with-bdb-incdir=%{_includedir}/libdb \ + --with-extraident="Fedora-RPM-%{version}-%{release}" \ + --with-syslogfacility=MAIL \ + --with-krbimpl=mit + +make -C man -f Makefile.dist +make -C doc -f Makefile.dist +make LDFLAGS="$LDFLAGS -pie %{__global_ldflags}" +make -C notifyd notifytest + +# Now that the docs have been fully generated, patch it +patch -p1 < %PATCH10 + +%install +rm -rf %{buildroot} + +# This is needed to install the perl files correctly +pushd perl/imap + %{__perl} Makefile.PL PREFIX=%{buildroot}%{_prefix} INSTALLDIRS=vendor +popd +pushd perl/sieve/managesieve + %{__perl} Makefile.PL PREFIX=%{buildroot}%{_prefix} INSTALLDIRS=vendor +popd + +# Do what the regular make install does +make install DESTDIR=%{buildroot} PREFIX=%{_prefix} mandir=%{_mandir} +make -C man install DESTDIR=%{buildroot} PREFIX=%{_prefix} mandir=%{_mandir} + +install -m 755 imtest/imtest %{buildroot}%{_bindir}/ +install -m 755 notifyd/notifytest %{buildroot}%{_bindir}/ +install -m 755 perl/imap/cyradm %{buildroot}%{_bindir}/ + +# Install tools +for tool in tools/* ; do + test -f ${tool} && install -m 755 ${tool} %{buildroot}%{_cyrexecdir}/ +done + +# Create directories +install -d \ + %{buildroot}%{_sysconfdir}/{rc.d/init.d,logrotate.d,pam.d,sysconfig,cron.daily} \ + %{buildroot}%{_libdir}/sasl \ + %{buildroot}%{_var}/spool/imap \ + %{buildroot}%{_var}/lib/imap/{user,quota,proc,log,msg,socket,db,sieve,sync,md5,rpm,backup,meta} \ + %{buildroot}%{_var}/lib/imap/ptclient \ + %{buildroot}%{_datadir}/%{name}/rpm \ + %{buildroot}%{_sysconfdir}/pki/%{name} \ + doc/contrib + +# Install additional files +install -m 755 %{SOURCE8} %{buildroot}%{_cyrexecdir}/cvt_cyrusdb_all +install -m 644 %{SOURCE9} %{buildroot}%{_datadir}/%{name}/rpm/magic +install -p -m 644 master/conf/prefork.conf %{buildroot}%{_sysconfdir}/cyrus.conf +install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/imapd.conf +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/pop +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/imap +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sieve +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/mupdate +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/lmtp +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/nntp +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/csync +install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} +install -p -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/%{name} +install -p -m 755 %{SOURCE10} %{buildroot}%{_sysconfdir}/cron.daily/%{name} + +install -p -D -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/cyrus-imapd.service +install -p -D -m 755 %{SOURCE13} %{buildroot}%{_cyrexecdir}/cyr_systemd_helper +install -p -D -m 644 %{SOURCE14} %{buildroot}%{_unitdir}/cyrus-imapd-keygen.service +install -p -D -m 755 %{SOURCE15} %{buildroot}%{_libexecdir}/cyrus-imapd-keygen.sh + +# Cleanup of doc dir +find doc perl -name CVS -type d -prune -exec rm -rf {} \; +find doc perl -name .cvsignore -type f -exec rm -f {} \; +rm -f doc/Makefile.dist* +rm -f doc/text/htmlstrip.c +rm -f doc/text/Makefile +rm -rf doc/man + +# fix permissions on perl .so files +find %{buildroot}%{_libdir}/perl5/ -type f -name "*.so" -exec chmod 755 {} \; + +# fix conflicts with uw-imap +mv %{buildroot}%{_mandir}/man8/imapd.8 %{buildroot}%{_mandir}/man8/imapd.8cyrus +mv %{buildroot}%{_mandir}/man8/pop3d.8 %{buildroot}%{_mandir}/man8/pop3d.8cyrus + +# Install templates +install -m 755 -d doc/conf +install -m 644 master/conf/*.conf doc/conf/ + +# Generate db config file +( grep '^{' lib/imapoptions | grep _db | cut -d'"' -f 2,4 | \ + sed -e 's/^ *//' -e 's/-nosync//' -e 's/ *$//' -e 's/"/=/' + echo sieve_version=2.2.3 ) | sort > %{buildroot}%{_datadir}/%{name}/rpm/db.cfg + +# create the ghost pem file +touch %{buildroot}%{ssl_pem_file} + +# Rename 'master' binary and manpage to avoid clash with postfix +mv -f %{buildroot}%{_cyrexecdir}/master %{buildroot}%{_cyrexecdir}/cyrus-master +mv -f %{buildroot}%{_mandir}/man8/master.8 %{buildroot}%{_mandir}/man8/cyrus-master.8 + +# Rename 'fetchnews' binary and manpage to avoid clash with leafnode +mv -f %{buildroot}%{_cyrexecdir}/fetchnews %{buildroot}%{_cyrexecdir}/cyrfetchnews +mv -f %{buildroot}%{_mandir}/man8/fetchnews.8 %{buildroot}%{_mandir}/man8/cyrfetchnews.8 +%{__perl} -pi -e 's|fetchnews|cyrfetchnews|g;s|Fetchnews|Cyrfetchnews|g;s/FETCHNEWS/CYRFETCHNEWS/g' \ + %{buildroot}%{_mandir}/man8/cyrfetchnews.8 + +#remove executable bit from docs +for ddir in doc perl/imap/examples +do + find $ddir -type f -exec chmod -x {} \; +done + +# Remove installed but not packaged files +rm -f %{buildroot}%{_cyrexecdir}/not-mkdep +rm -f %{buildroot}%{_cyrexecdir}/config2header* +rm -f %{buildroot}%{_cyrexecdir}/config2man +rm -f %{buildroot}%{_cyrexecdir}/pop3proxyd +find %{buildroot} -name "perllocal.pod" -exec rm -f {} \; +find %{buildroot} -name ".packlist" -exec rm -f {} \; +rm -f %{buildroot}%{_mandir}/man8/syncnews.8* +find %{buildroot}%{perl_vendorarch} -name "*.bs" -exec rm -f {} \; + +%clean +rm -rf %{buildroot} + +%pre +# Create 'cyrus' user on target host +getent group saslauth >/dev/null || /usr/sbin/groupadd -g %{gid} -r saslauth +getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d %{_var}/lib/imap -g %{_cyrusgroup} \ + -G saslauth -s /sbin/nologin -u %{uid} -r %{_cyrususer} + +%post + +# Force synchronous updates, usually only on ext2 filesystems +for i in %{_var}/lib/imap/{user,quota} %{_var}/spool/imap +do + if [ "$(find $i -maxdepth 0 -printf %%F)" = "ext2" ]; then + chattr -R +S $i 2>/dev/null ||: + fi +done + +%systemd_post cyrus-imapd.service +%systemd_post cyrus-imapd-keygen.service + +%preun +%systemd_preun cyrus-imapd.service +%systemd_preun cyrus-imapd-keygen.service + +%postun +%systemd_postun_with_restart cyrus-imapd.service +%systemd_postun_with_restart cyrus-imapd-keygen.service + +%files +%defattr(-,root,root,-) +%doc COPYRIGHT README +%doc doc/* +%config(noreplace) %{_sysconfdir}/cyrus.conf +%config(noreplace) %{_sysconfdir}/imapd.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%config(noreplace) %{_sysconfdir}/pam.d/pop +%config(noreplace) %{_sysconfdir}/pam.d/imap +%config(noreplace) %{_sysconfdir}/pam.d/sieve +%config(noreplace) %{_sysconfdir}/pam.d/lmtp +%config(noreplace) %{_sysconfdir}/pam.d/mupdate +%config(noreplace) %{_sysconfdir}/pam.d/csync +%config(noreplace) %{_sysconfdir}/pam.d/nntp +%{_sysconfdir}/cron.daily/%{name} +%{_unitdir}/cyrus-imapd.service +%{_unitdir}/cyrus-imapd-keygen.service +%{_libexecdir}/cyrus-imapd-keygen.sh +%dir %{_cyrexecdir} +%{_cyrexecdir}/cyr_systemd_helper +%{_cyrexecdir}/arbitron +%{_cyrexecdir}/arbitronsort.pl +%{_cyrexecdir}/chk_cyrus +%{_cyrexecdir}/convert-sieve.pl +%{_cyrexecdir}/cyr_df +%{_cyrexecdir}/ctl_cyrusdb +%{_cyrexecdir}/ctl_deliver +%{_cyrexecdir}/ctl_mboxlist +%{_cyrexecdir}/cvt_cyrusdb +%{_cyrexecdir}/cyr_dbtool +%{_cyrexecdir}/cyr_expire +%{_cyrexecdir}/cyr_sequence +%{_cyrexecdir}/cyr_synclog +%{_cyrexecdir}/cyr_userseen +%{_cyrexecdir}/cyrdump +%{_cyrexecdir}/cyrus-master +%{_cyrexecdir}/deliver +%{_cyrexecdir}/dohash +%{_cyrexecdir}/fud +%{_cyrexecdir}/imapd +%{_cyrexecdir}/ipurge +%{_cyrexecdir}/lmtpd +%{_cyrexecdir}/lmtpproxyd +%{_cyrexecdir}/masssievec +%{_cyrexecdir}/mbexamine +%{_cyrexecdir}/mbpath +%{_cyrexecdir}/migrate-metadata +%{_cyrexecdir}/mkimap +%{_cyrexecdir}/mknewsgroups +%{_cyrexecdir}/notifyd +%{_cyrexecdir}/pop3d +%{_cyrexecdir}/quota +%{_cyrexecdir}/reconstruct +%{_cyrexecdir}/rehash +%{_cyrexecdir}/sievec +%{_cyrexecdir}/sieved +%{_cyrexecdir}/smmapd +%{_cyrexecdir}/squatter +%{_cyrexecdir}/timsieved +%{_cyrexecdir}/tls_prune +%{_cyrexecdir}/translatesieve +%{_cyrexecdir}/undohash +%{_cyrexecdir}/unexpunge +%{_cyrexecdir}/upgradesieve +%{_cyrexecdir}/cvt_cyrusdb_all +%{_cyrexecdir}/idled +%{_cyrexecdir}/mupdate +%{_cyrexecdir}/mupdate-loadgen.pl +%{_cyrexecdir}/proxyd +%{_cyrexecdir}/sync_client +%{_cyrexecdir}/sync_reset +%{_cyrexecdir}/sync_server +%{_cyrexecdir}/cyrfetchnews +%{_cyrexecdir}/nntpd +%{_cyrexecdir}/ptdump +%{_cyrexecdir}/ptexpire +%{_cyrexecdir}/ptloader +%attr(0750,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/backup +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/db +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/log +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/meta +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/md5 +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/msg +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %{_var}/lib/imap/proc +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %{_var}/lib/imap/ptclient +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/quota +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/rpm +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/sieve +%attr(0750,%{_cyrususer},%{_cyrusgroup}) %{_var}/lib/imap/socket +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/sync +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/lib/imap/user +%attr(0700,%{_cyrususer},%{_cyrusgroup}) %dir %{_var}/spool/imap +%dir %{_datadir}/%{name} +%dir %{_datadir}/%{name}/rpm +%{_datadir}/%{name}/rpm/* +%{_mandir}/man5/* +%{_mandir}/man8/* +%dir %{_sysconfdir}/pki/%{name} +%attr(0640,root,%{_cyrusgroup}) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssl_pem_file} + +%files devel +%defattr(0644,root,root,0755) +%doc COPYRIGHT +%{_includedir}/cyrus +%{_libdir}/lib*.a +%{_mandir}/man3/imclient.3* + +%files utils +%defattr(-,root,root) +%doc perl/imap/README +%doc perl/imap/Changes +%doc perl/imap/examples +%doc COPYRIGHT +%{_bindir}/* +%dir %{perl_vendorarch}/Cyrus +%dir %{perl_vendorarch}/Cyrus/IMAP +%{perl_vendorarch}/Cyrus/IMAP/Admin.pm +%{perl_vendorarch}/Cyrus/IMAP/Shell.pm +%{perl_vendorarch}/Cyrus/IMAP/IMSP.pm +%{perl_vendorarch}/Cyrus/IMAP.pm +%dir %{perl_vendorarch}/Cyrus/SIEVE +%{perl_vendorarch}/Cyrus/SIEVE/managesieve.pm +%dir %{perl_vendorarch}/auto +%dir %{perl_vendorarch}/auto/Cyrus +%dir %{perl_vendorarch}/auto/Cyrus/IMAP +%{perl_vendorarch}/auto/Cyrus/IMAP/IMAP.so +%dir %{perl_vendorarch}/auto/Cyrus/SIEVE +%dir %{perl_vendorarch}/auto/Cyrus/SIEVE/managesieve +%{perl_vendorarch}/auto/Cyrus/SIEVE/managesieve/managesieve.so +%{_mandir}/man3/Cyrus::IMAP::Admin.3pm.gz +%{_mandir}/man3/Cyrus::IMAP::Shell.3pm.gz +%{_mandir}/man3/Cyrus::IMAP.3pm.gz +%{_mandir}/man3/Cyrus::IMAP::IMSP.3pm.gz +%{_mandir}/man3/Cyrus::SIEVE::managesieve.3pm.gz +%{_mandir}/man1/* + +%changelog +* Thu Jan 10 2019 Pavel Zhukov - 2.4.17-15 +- Resolves: #1508363 - Add -w (password) option to manpages + +* Thu Dec 13 2018 Pavel Zhukov - 2.4.17-14 +- Resolves: #1569941 - Load echd ciphers + +* Wed May 10 2017 Pavel Zhukov - 2.4.17-13 +- Resolves: #1449501 - Fix memory leak in cmd_append + +* Thu Mar 02 2017 Pavel Šimerda - 2.4.17-12 +- Resolves: #504813 - postpone the patch until the manpage is fully built + +* Thu Mar 02 2017 Pavel Šimerda - 2.4.17-11 +- Resolves: #504813 - manpage change: remove unimplemented mupdate_port from + cyrus-imapd + +* Thu Feb 09 2017 Pavel Šimerda - 2.4.17-10 +- Related: #1346059 - handle the new service file in scriptlets + +* Thu Feb 09 2017 Pavel Šimerda - 2.4.17-9 +- Resolves: #1346059 - build certificate at run time, not at install time + +* Thu Mar 19 2015 Pavel Šimerda - 2.4.17-8 +- Resolves: #1196210 - backport method to disable SSLv3 + +* Fri Jan 24 2014 Daniel Mach - 2.4.17-7 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 2.4.17-6 +- Mass rebuild 2013-12-27 + +* Fri Jul 12 2013 Jan Safranek - 2.4.17-5 +- Rebuilt for new net-snmp + +* Fri Jul 12 2013 Michal Hlavinka - 2.4.17-4 +- spec clean up + +* Thu Apr 18 2013 Michal Hlavinka - 2.4.17-3 +- make sure binaries are hardened + +* Wed Feb 13 2013 Fedora Release Engineering - 2.4.17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Dec 1 2012 Jeroen van Meeuwen - 2.4.17-1 +- New upstream version, fixes upstream bugs: +- reconstruct doesn't retain internaldate correctly (#3733) +- Race condition in maibox rename (#3696) +- DBERROR db4: Transaction not specified for a transactional database (#3715) +- performance degradation on huge indexes in 2.4 branch (#3717) +- typo fix in imapd.conf man page (#3729) +- quota does not find all quotaroots if quotalegacy, fulldirhash and prefix are used and virtdomains is off (#3735) +- Mail delivered during XFER was lost (#3737) +- replication does not work on RENAME (#3742) +- Failed asserting during APPEND (#3754) + +* Fri Nov 30 2012 Michal Hlavinka - 2.4.16-5 +- do not use strict aliasing + +* Tue Aug 21 2012 Michal Hlavinka - 2.4.16-4 +- use new systemd rpm macros (#850079) + +* Wed Jul 18 2012 Fedora Release Engineering - 2.4.16-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Petr Pisar - 2.4.16-2 +- Perl 5.16 rebuild + +* Thu Apr 19 2012 Jeroen van Meeuwen - 2.4.16-1 +- New upstream release + +* Wed Apr 18 2012 Jeroen van Meeuwen - 2.4.15-1 +- New upstream release + +* Wed Apr 11 2012 Michal Hlavinka - 2.4.14-2 +- rebuilt because of new libdb + +* Wed Mar 14 2012 Michal Hlavinka - 2.4.14-1 +- updated to 2.4.14 + +* Tue Feb 07 2012 Michal Hlavinka - 2.4.13-3 +- use PraveTmp in systemd unit file + +* Fri Jan 13 2012 Fedora Release Engineering - 2.4.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Jan 02 2012 Jeroen van Meeuwen - 2.4.13-1 +- New upstream release + +* Wed Dec 07 2011 Michal Hlavinka - 2.4.12-5 +- do not use digest-md5 as part of default auth mechanisms, + it does not coop with pam + +* Tue Nov 22 2011 Michal Hlavinka - 2.4.12-4 +- reduce noisy logging, add option to turn on LOG_DEBUG syslog + messages again (thanks Philip Prindeville) (#754940) + +* Mon Oct 24 2011 Michal Hlavinka - 2.4.12-3 +- add login and digest-md5 as part of default auth mechanisms (#748278) + +* Tue Oct 11 2011 Michal Hlavinka - 2.4.12-2 +- do not hide errors if cyrus user can't be added + +* Wed Oct 05 2011 Michal Hlavinka - 2.4.12-1 +- cyrus-imapd updated to 2.4.12 +- fixes incomplete authentication checks in nntpd (Secunia SA46093) + +* Fri Sep 9 2011 Jeroen van Meeuwen - 2.4.11-1 +- update to 2.4.11 +- Fix CVE-2011-3208 (#734926, #736838) + +* Tue Aug 16 2011 Michal Hlavinka - 2.4.10-4 +- rebuild with db5 + +* Thu Jul 21 2011 Petr Sabata - 2.4.10-3 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 2.4.10-2 +- Perl mass rebuild + +* Wed Jul 6 2011 Jeroen van Meeuwen - 2.4.10-1 +- New upstream release + +* Wed Jun 22 2011 Iain Arnell 2.4.8-5 +- Patch to work with Perl 5.14 + +* Mon Jun 20 2011 Marcela Mašláňová - 2.4.8-4 +- Perl mass rebuild + +* Fri Jun 10 2011 Marcela Mašláňová - 2.4.8-3 +- Perl 5.14 mass rebuild + +* Mon May 09 2011 Michal Hlavinka - 2.4.8-2 +- fixed: systemd commands in %%post (thanks Bill Nottingham) + +* Thu Apr 14 2011 Michal Hlavinka - 2.4.8-1 +- cyrus-imapd updated to 2.4.8 +- fixed: cannot set unlimited quota through proxy +- fixed: reconstruct tries to set timestamps again and again +- fixed: response for LIST "" user is wrong +- fixed: THREAD command doesn't support quoted charset +- fixed crashes in mupdatetest and cyr_expire when using -x + +* Mon Apr 04 2011 Michal Hlaivnka - 2.4.7-2 +- now using systemd + +* Thu Mar 31 2011 Michal Hlavinka - 2.4.7-1 +- updated to 2.4.7 + +* Fri Feb 11 2011 Michal Hlavinka - 2.4.6-1 +- updated to 2.4.6 +- "autocreate" and "autosieve" features were removed + +* Tue Feb 08 2011 Fedora Release Engineering - 2.3.16-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jan 21 2011 Michal Hlavinka - 2.3.16-7 +- don't force sync io for all filesystems + +* Fri Jul 09 2010 Michal Hlavinka - 2.3.16-6 +- follow licensing guideline update +- devel sub-package has to have virtual static provides (#609604) + +* Mon Jun 07 2010 Michal Hlavinka - 2.3.16-5 +- spec cleanup +- simplified packaging (merge -perl in -utils) +- remove obsoleted and/or unmaintained additional sources/patches +- remove long time not used files from the cvs/srpm +- update additional sources/patches from their upstream + +* Tue Jun 01 2010 Marcela Maslanova - 2.3.16-4 +- Mass rebuild with perl-5.12.0 + +* Tue Apr 20 2010 Michal Hlavinka - 2.3.16-3 +- add support for QoS marked traffic (#576652) + +* Thu Jan 14 2010 Michal Hlavinka - 2.3.16-2 +- ignore user_denny.db if missing (#553011) +- fix location of certificates in default imapd.conf + +* Tue Dec 22 2009 Michal Hlavinka - 2.3.16-1 +- updated to 2.3.16 + +* Fri Dec 04 2009 Michal Hlavinka - 2.3.15-10 +- fix shell for daily cron job (#544182) + +* Fri Dec 04 2009 Stepan Kasal - 2.3.15-9 +- rebuild against perl 5.10.1 + +* Thu Nov 26 2009 Michal Hlavinka - 2.3.15-8 +- spec cleanup + +* Tue Nov 24 2009 Michal Hlavinka - 2.3.15-7 +- rebuild with new db4 (#540093) +- spec cleanup + +* Fri Nov 06 2009 Michal Hlavinka - 2.3.15-6 +- fix sourcing of /etc/sysconfig/cyrus-imapd (#533320) + +* Thu Nov 05 2009 Michal Hlavinka - 2.3.15-5 +- do not fill logs with mail (de)compression messages (#528093) + +* Thu Oct 29 2009 Michal Hlavinka - 2.3.15-4 +- spec cleanup + +* Fri Oct 09 2009 Michal Hlavinka - 2.3.15-3 +- fix cyrus user shell for db import (#528126) + +* Fri Sep 18 2009 Michal Hlavinka - 2.3.15-2 +- make init script LSB-compliant (#523227) + +* Fri Sep 18 2009 Michal Hlavinka - 2.3.15-1 +- fix buffer overflow in cyrus sieve (CVE-2009-3235) + +* Wed Sep 16 2009 Tomas Mraz - 2.3.14-6 +- use password-auth common PAM configuration instead of system-auth + +* Mon Sep 07 2009 Michal Hlavinka - 2.3.14-5 +- fix buffer overflow in cyrus sieve (#521010) + +* Fri Aug 21 2009 Tomas Mraz - 2.3.14-4 +- rebuilt with new openssl + +* Fri Jul 24 2009 Fedora Release Engineering - 2.3.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon May 25 2009 Michal Hlavinka - 2.3.14-2 +- rebuild because of changed dependencies + +* Thu Apr 02 2009 Michal Hlavinka - 2.3.14-1 +- updated to 2.3.14 + +* Wed Apr 01 2009 Michael Schwendt - 2.3.13-5 +- fix unowned directory (#483336). + +* Tue Feb 24 2009 Fedora Release Engineering - 2.3.13-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 02 2009 Michal Hlavinka - 2.3.13-3 +- fix directory ownership + +* Wed Jan 21 2009 Michal Hlavinka - 2.3.13-2 +- fix: #480138 - assertion failed: libcyr_cfg.c: cyrus_options[opt].opt == opt + +* Tue Jan 13 2009 Michal Hlavinka - 2.3.13-1 +- updated to 2.3.13 + +* Fri Sep 26 2008 Dan Horák - 2.3.11-1 +- update to latest upstream +- (temporarily) dropped the rmquota+deletemailbox patch (doesn't apply) + +* Wed Mar 19 2008 Rex Dieter - 2.3.9-12 +- cyrus-imapd conflicts with uw-imap (#222506) + +* Tue Mar 18 2008 Tom "spot" Callaway - 2.3.9-11 +- add Requires for versioned perl (libperl.so) + +* Wed Feb 20 2008 Fedora Release Engineering - 2.3.9-10 +- Autorebuild for GCC 4.3 + +* Fri Feb 08 2008 Tomas Janousek - 2.3.9-9 +- don't run cronjob if cyrus-imapd has never been started (#418191) + +* Tue Dec 04 2007 Tomas Janousek - 2.3.9-8 +- move certificate creation from -utils postinst to main package +- rebuild with newer openssl and openldap + +* Sun Sep 23 2007 Tomas Janousek - 2.3.9-7 +- updated the getgrouplist patch +- fixed a few undeclared functions (and int to pointer conversions) + +* Wed Aug 22 2007 Tomas Janousek - 2.3.9-6 +- update to latest upstream +- updated all patches from uoa and reenabled rmquota+deletemailbox + +* Thu Aug 16 2007 Tomas Janousek - 2.3.9-5.rc2 +- update to latest upstream beta + +* Tue Aug 14 2007 Tomas Janousek - 2.3.9-4.rc1 +- update to latest upstream beta +- temporarily dropped the rmquota+deletemailbox patch (doesn't apply) +- fixed to compile with newer glibc +- added the getgrouplist patch from RHEL-4, dropped groupcache patch +- dropped the allow_auth_plain patch +- buildrequire perl-devel + +* Mon Jul 23 2007 Tomas Janousek - 2.3.8-3.2 +- removed the lm_sensors-devel dependency, since it's properly required in + net-snmp-devel +- #248984 - cyrus-imapd.logrotate updated for rsyslog + +* Mon Apr 23 2007 Tomas Janousek - 2.3.8-3.1 +- the -devel subpackage no longer requires the main one + +* Wed Apr 11 2007 Tomas Janousek - 2.3.8-3 +- updated the no-bare-nl patch (#235569), thanks to Matthias Hensler + +* Wed Apr 04 2007 Tomas Janousek - 2.3.8-2 +- fixed mboxlist backup rotation (#197054) + +* Mon Mar 12 2007 Tomas Janousek - 2.3.8-1 +- update to latest upstream + +* Wed Jan 24 2007 Tomas Janousek - 2.3.7-8 +- compile with kerberos support + +* Wed Jan 24 2007 Tomas Janousek - 2.3.7-7 +- fixed Makefile typo (caused multiarch conflict) + +* Mon Jan 08 2007 Tomas Janousek - 2.3.7-6 +- #218046: applied patches to compile with db4-4.5 + +* Tue Dec 5 2006 John Dennis - 2.3.7-5 +- Resolves: bug# 218046: Cyrus-imapd in rawhide needs to be rebuilt + against new snmp package + +* Thu Oct 05 2006 Christian Iseli 2.3.7-4 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Mon Sep 18 2006 John Dennis - 2.3.7-3 +- bump rev for rebuild + +* Fri Aug 04 2006 Petr Rockai - 2.3.7-2 +- only buildrequire lm_sensors on i386 and x86_64, since it is not + available elsewhere + +* Sun Jul 23 2006 Petr Rockai - 2.3.7-1 +- update to latest upstream version, fixes a fair amount of issues +- forward-port the autocreate and rmquota patches (used latest + upstream patches, those are for 2.3.3) + +* Tue Jul 18 2006 Petr Rockai - 2.3.1-3 +- install perl modules into vendor_perl instead of site_perl +- change mode of perl .so files to 755 instead of 555 +- update pam configuration to use include directive instead + of deprecated pam_stack +- change prereq on cyrus-imapd-utils to requires + +* Tue Jul 11 2006 Petr Rockai - 2.3.1-2.99.test1 +- address bunch of rpmlint errors and warnings +- rename perl-Cyrus to cyrus-imapd-perl to be consistent with rest + of package (the cyrus modules are not part of cpan) +- added provides on cyrus-nntp and cyrus-murder (the functionality + is part of main package now) +- removed generation of README.buildoptions +- the two above made it possible to get rid of most build-time parameter + guessing from environment +- get rid of internal autoconf (iew) +- don't strip binaries, renders -debuginfo useless... +- remove prereq's in favour of newly added requires(...) + +* Tue Feb 28 2006 John Dennis - 2.3.1-2 +- bring up to Simon Matter's 2.3.1-2 release +- fix bug #173319, require cyrus-sasl-lib instead of cyrus-sasl +- fix bug #176470, hardcoded disttag +- add backend_sigsegv patch +- add replication_policycheck patch + +* Mon Jan 23 2006 Simon Matter 2.3.1-1 +- update to official autocreate and autosievefolder patches + +* Thu Jan 19 2006 Simon Matter 2.3.1-0.18 +- update rpm_set_permissions script +- add snmp support as build time option, disabled by default + because it doesn't build on older distributions + +* Wed Jan 18 2006 Simon Matter 2.3.1-0.15 +- add make_md5 patch + +* Mon Jan 16 2006 Simon Matter 2.3.1-0.13 +- add autosievefolder patch +- add rmquota+deletemailbox patch +- change default path for make_md5, add md5 directory + +* Fri Jan 13 2006 Simon Matter 2.3.1-0.10 +- spec file cleanup +- add more cvt_cyrusdb_all fixes +- fix pre/post scripts +- fix requirements +- add patch to set Invoca RPM config defaults +- add sync directory used for replication +- add autocreate patch + +* Thu Jan 12 2006 Simon Matter 2.3.1-0.8 +- update cvt_cyrusdb_all script +- build db.cfg on the fly + +* Thu Jan 05 2006 Simon Matter 2.3.1-0.5 +- create ptclient directory if ldap enabled + +* Wed Jan 04 2006 Simon Matter 2.3.1-0.4 +- build without ldap support if openldap is linked against SASLv1 + +* Tue Jan 03 2006 Simon Matter 2.3.1-0.3 +- fix ldap support + +* Mon Jan 02 2006 Simon Matter 2.3.1-0.2 +- add openldap-devel to buildprereq, build with ldap support + +* Wed Dec 21 2005 Simon Matter 2.3.1-0.1 +- update to 2.3.1, officially called BETA-quality release + +* Fri Dec 16 2005 Simon Matter 2.3.0-0.4 +- add skiplist.py to contrib/ +- port authid_normalize patch + +* Thu Dec 15 2005 Simon Matter 2.3.0-0.3 +- reintroduce subpackage utils, fix requirements +- move some utils to %%{_bindir}/ + +* Wed Dec 14 2005 Simon Matter 2.3.0-0.2 +- integrate subpackages murder, nntp, replication, utils + +* Tue Dec 13 2005 Simon Matter 2.3.0-0.1 +- update to 2.3.0, officially called BETA-quality release +- add replication subpackage + +* Fri Dec 09 2005 Simon Matter 2.2.12-15.1 +- add missing automake to buildprereq +- change package description + +* Tue Dec 06 2005 Simon Matter 2.2.12-15 +- update cvt_cyrusdb_all script +- update autocreate patches + +* Mon Dec 05 2005 Simon Matter 2.2.12-14 +- update cvt_cyrusdb_all script + +* Mon Nov 14 2005 Simon Matter 2.2.12-13 +- add 64bit quota support backported from 2.3 + +* Fri Nov 11 2005 Simon Matter 2.2.12-12 +- add quickstart/stop option to init script to bypass db import/export +- add authid_normalize patch +- add allow_auth_plain_proxying patch +- update gcc4 patch +- remove useless fdatasync patch +- add private autoconf used for build, remove autoconf dependency +- generate correct docs including man pages +- remove unneeded files from doc directory + +* Fri Nov 04 2005 Simon Matter 2.2.12-11 +- add mupdate thread-safe patch + +* Mon Oct 24 2005 Simon Matter 2.2.12-9.4 +- add spool patch, which is already fixed in CVS + +* Tue Aug 30 2005 Simon Matter 2.2.12-9.2 +- pull in CPPFLAGS and LDFLAGS from openssl's pkg-config data, if it exists + +* Wed Aug 24 2005 Simon Matter 2.2.12-9.1 +- add timsieved_reset_sasl_conn patch + +* Mon Aug 22 2005 Simon Matter 2.2.12-9 +- cosmetic changes in pre and post scripts + +* Fri Aug 19 2005 Simon Matter 2.2.12-8 +- add more pki dir fixes for inplace upgrades + +* Thu Aug 18 2005 Simon Matter 2.2.12-7 +- include requirement for Berkeley DB utils + +* Thu Aug 18 2005 Simon Matter 2.2.12-6 +- fix recovery problems with db4, which do not exist with db3 +- fix logic for handling ssl certs +- remove initlog from init script + +* Wed Aug 17 2005 Simon Matter 2.2.12-5 +- add notifytest to the distribution +- add functionality to convert all berkeley databases to skiplist + on shutdown and convert them back as needed on startup. This should + solve the upgrade problems with Berkeley databases. + +* Tue Aug 16 2005 Simon Matter 2.2.12-4.14 +- add gcc4 patch +- determine and handle pki directory for openssl correctly +- add skiplist recovery docs +- add notify_sms patch + +* Mon Jul 18 2005 Simon Matter 2.2.12-4.10 +- update cvt_cyrusdb_all script +- update autocreate patches + +* Fri Jul 15 2005 Simon Matter 2.2.12-4.9 +- add patch to remove ACLs with invalid identifier +- update cvt_cyrusdb_all script + +* Sat Jun 18 2005 Simon Matter 2.2.12-4.1 +- update munge8bit patch + +* Wed Jun 08 2005 Simon Matter 2.2.12-4 +- updated seenstate patch + +* Thu Jun 02 2005 Simon Matter +- removed nolinkimapspool patch, added singleinstancestore patch instead + +* Thu Jun 02 2005 Simon Matter +- added nolinkimapspool patch +- fix debug_package macro, it was still being expanded, + comments don't hide macro expansion +- change license field to BSD, its not exact BSD, but BSD is the closest + +* Fri Apr 22 2005 John Dennis - 2.2.12-6.fc4 +- the openssl package moved all its certs, CA, Makefile, etc. to /etc/pki + now we are consistent with the openssl directory changes. + +* Thu Apr 21 2005 John Dennis - 2.2.12-5.fc4 +- we finally have a common directory, /etc/pki for certs, so create + /etc/pki/cyrus-imapd and put the ssl pem file there. The /etc/cyrus-imapd + location will not be used, this change supercedes that. + +* Mon Apr 18 2005 John Dennis - 2.2.12-4.fc4 +- fix bug #141479, move ssl pem file from /usr/share/ssl/certs to /etc/cyrus-imapd/cyrus-imapd.pem +- change license field to BSD, its not exact BSD, but BSD is the closest. + +* Fri Apr 15 2005 John Dennis - 2.2.12-3.fc4 +- fix release field to be single digit + +* Fri Apr 15 2005 John Dennis - 2.2.12-1.2.fc4 +- fix debug_package macro, it was still being expanded, + comments don't hide macro expansion +- fix changelog chronological order +- fix bug 118832, cyrus-imapd is modifying /etc/services + +* Mon Apr 4 2005 John Dennis - 2.2.12-1.1.fc4 +- bring up to 2.2.12, includes security fix for CAN-2005-0546 + +* Mon Mar 07 2005 Simon Matter +- updated rmquota+deletemailbox patches + +* Fri Mar 4 2005 John Dennis - 2.2.10-11.4.fc4 +- fix gcc4 build problems + +* Thu Mar 3 2005 John Dennis 2.2.10-11.3.fc4 +- bump rev for build + +* Mon Feb 14 2005 Simon Matter +- updated to 2.2.12 +- updated autocreate and autosievefolder patches + +* Fri Feb 11 2005 John Dennis - 2.2.10-11.2.fc4 +- make _contribdir identical to Simon's, + I had been getting burned by rpm's bizarre handling of macros in comments + +* Thu Feb 10 2005 John Dennis - 2.2.10-11.1.fc4 +- bring up to date with Simon Matter's 2.2.10-11 rpm + +* Sat Feb 05 2005 Simon Matter +- updated autosievefolder patch + +* Tue Feb 01 2005 Simon Matter +- remove special ownership and permissions from deliver +- enable deliver-wrapper per default +- enable OutlookExpress seenstate patch per default + +* Wed Jan 19 2005 Simon Matter +- updated autocreate patch + +* Fri Jan 14 2005 Simon Matter +- spec file cleanup + +* Tue Jan 11 2005 Simon Matter +- updated autocreate patch + +* Fri Jan 07 2005 Simon Matter +- moved contrib dir into doc, made scripts not executable + +* Thu Jan 06 2005 Simon Matter +- added more fixes to the autocreate patch +- don't use %%_libdir for %%_cyrexecdir, it's a mess on x86_64 +- don't use %%_libdir for symlinks +- remove %%_libdir pachtes +- change pam configs to work on x86_64 +- changed default build option for IDLED to on +- changed rpm_set_permissions to honor partitions in /etc/imapd.conf + +* Tue Jan 04 2005 Simon Matter +- updated autocreate patch + +* Mon Dec 20 2004 Simon Matter +- remove idled docs when disabled, fixes RedHat's bug #142345 + +* Fri Dec 17 2004 Simon Matter +- removed allnumeric patch, not needed anymore +- made groupcache a compile time option +- rename nntp's pam service, fixes RedHat's bug #142672 + +* Thu Dec 16 2004 Simon Matter +- updated groupcache patch +- updated cvt_cyrusdb_all to use runuser instead of su if available +- added upd_groupcache tool + +* Wed Dec 15 2004 Simon Matter +- added groupfile patch to help those using nss_ldap + +* Thu Dec 02 2004 Simon Matter +- modified config directives and removed verify options + +* Thu Dec 2 2004 John Dennis 2.2.10-3.devel +- fix bug #141673, dup of bug #141470 + Also make cyrus.conf noreplace in addition to imapd.conf + Remove the verify overrides on the noreplace config files, + we do want config file changes visible when verifying + +* Wed Dec 1 2004 John Dennis 2.2.10-2.devel +- fix bug #141470, make imapd.conf a noreplace config file + +* Wed Dec 1 2004 John Dennis 2.2.10-1.devel +- update to Simon Matter's 2.2.10 RPM, + fixes bug #139382, + security advisories: CAN-2004-1011 CAN-2004-1012 CAN-2004-1013 CAN-2004-1015 + +* Wed Nov 24 2004 Simon Matter +- updated to 2.2.10 + +* Tue Nov 23 2004 Simon Matter +- updated to 2.2.9 + +* Fri Nov 19 2004 Simon Matter +- changed scripts to use runuser instead of su if available + +* Thu Nov 18 2004 Simon Matter +- changed requirement for file >= 3.35-1 from BuildPrereq to + Requires, fixes RedHat's bug #124991 +- added acceptinvalidfrom patch to fix RedHat's bug #137705 + +* Mon Oct 4 2004 Dan Walsh 2.2.6-2.FC3.6 +- Change cyrus init scripts and cron job to use runuser instead of su + +* Fri Aug 6 2004 John Dennis 2.2.6-2.FC3.5 +- remove obsoletes tag, fixes bugs #127448, #129274 + +* Wed Aug 4 2004 John Dennis +- replace commas in release field with dots, bump build number + +* Tue Aug 03 2004 Simon Matter +- fixed symlinks for x86_64, now uses the _libdir macro + reported by John Dennis, fixes RedHat's bug #128964 +- removed obsoletes tag, fixes RedHat's bugs #127448, #129274 + +* Mon Aug 2 2004 John Dennis 2.2.6-2,FC3,3 +- fix bug #128964, lib symlinks wrong on x86_64 + +* Thu Jul 29 2004 Simon Matter +- updated to 2.2.8 + +* Thu Jul 29 2004 Simon Matter +- updated autocreate and autosieve patches +- made authorization a compile time option +- added sieve-bc_eval patch + +* Tue Jul 27 2004 Simon Matter +- updated to 2.2.7 +- modified autocreate patch or 2.2.7 +- removed snmpargs patch which was needed for RedHat 6.2 + +* Tue Jul 13 2004 Simon Matter +- added mboxlist / mboxname patches from CVS + +* Tue Jul 06 2004 Simon Matter +- updated rmquota+deletemailbox patch + +* Sat Jul 3 2004 John Dennis - 2.2.6-2,FC3,1 +- bring up to date with Simon Matter's latest upstream rpm 2.2.6-2 +- comment out illegal tags Packager, Vendor, Distribution + build for FC3 + +* Wed Jun 30 2004 Simon Matter +- added quota patches from CVS + +* Fri Jun 25 2004 Simon Matter +- updated autocreate patch + +* Fri Jun 18 2004 Simon Matter +- updated to 2.2.6 + +* Fri Jun 11 2004 Simon Matter +- updated autocreate and autosieve patches + +* Tue Jun 01 2004 Simon Matter +- updated autocreate, autosieve and rmquota patches +- fixed rmquota patch to build on gcc v3.3.x +- added lmtp_sieve patch + +* Sat May 29 2004 Simon Matter +- updated to 2.2.5 + +* Fri May 28 2004 Simon Matter +- updated to 2.2.5 pre-release + +* Mon May 24 2004 Simon Matter +- added hash patch to fix a sig11 problem +- added noncritical typo patch + +* Fri May 21 2004 Simon Matter +- include OutlookExpress seenstate patch +- fixed allnumeric patch + +* Thu May 20 2004 Simon Matter +- don't enable cyrus-imapd per default +- rename fetchnews to cyrfetchnews to avoid namespace conflicts with leafnode +- replace fetchnews with cyrfetchnews in man pages +- replace master with cyrus-master in man pages + +* Tue May 18 2004 Simon Matter +- updated to 2.2.4 + +* Fri Apr 30 2004 Simon Matter +- Don't provides: imap + +* Wed Mar 17 2004 Simon Matter +- fix init script + +* Thu Mar 04 2004 Simon Matter +- strip binaries + +* Tue Mar 02 2004 Simon Matter +- add more SELinux fixes + +* Wed Feb 25 2004 Simon Matter +- add makedepend to path, thank you Andreas Piesk for reporting it + +* Mon Feb 23 2004 Dan Walsh +- change su within init script to get input from /dev/null + this prevents hang when running in SELinux +- don't use -fpie as default, it breaks different distributions + +* Thu Feb 19 2004 Simon Matter +- merged in most changes from Karsten Hopp's RedHat package +- fixed permissions of files in contrib, thank you + Edward Rudd for reporting it. +- modified snmp patch to make it build on RedHat 6.2 again + +* Tue Feb 03 2004 Karsten Hopp +- switch to Simon Matter's cyrus-imapd package, which has + some major improvements over the old Red Hat package. + - configdirectory moved from /var/imap to /var/lib/imap + - sasl_pwcheck_method changed to saslauthd +- needed to delete package/vendor tags for buildsystem. +- added USEPIE variable for linking with -fpie flag +- removed rpath from linker arguments +- removed email header from README.HOWTO-recover-mailboxes +- added lib64 patch +- use CFLAGS from specfile in imtest subdir +- disable -pie on ppc for now + +* Tue Feb 03 2004 Simon Matter +- added tls_ca_file: to imapd.conf +- updated autocreate patch which fixes a small sig11 problem + +* Thu Jan 29 2004 Simon Matter +- convert sieve scripts to UTF-8 only if sievec failed before +- add note to the readme about limiting loggin on busy servers +- added build time option to chose the syslog facility + +* Wed Jan 28 2004 Simon Matter +- sieve scripts are now converted to UTF-8 with cvt_cyrusdb_all + +* Tue Jan 27 2004 Simon Matter +- fixed problems with masssievec +- lots of small fixes in the init scripts + +* Fri Jan 23 2004 Simon Matter +- updated auto db converting functionality +- added auto masssievec functionality + +* Thu Jan 22 2004 Simon Matter +- updated autocreate/autosievefolder patches + +* Fri Jan 16 2004 Simon Matter +- updated to 2.2.3 + +* Wed Jan 14 2004 Simon Matter +- number of mailbox list dumps can now be configured + +* Fri Jan 02 2004 Simon Matter +- updated autosievefolder patch + +* Thu Dec 18 2003 Simon Matter +- updated autocreate/autosievefolder/rmquota patches + +* Tue Oct 28 2003 Simon Matter +- updated to 2.2.2-BETA + +* Tue Aug 05 2003 Simon Matter +- add sendmail m4 macro, some people were looking for it +- just one source for pam default configuration (they were all the same) +- added /etc/pam.d/lmtp +- added build support for RedHat Beta severn + +* Wed Jul 30 2003 Simon Matter +- updated autocreate patch to 0.8.1 +- removed creation of spool/config dirs, not needed anymore +- added cyrus_sharedbackup to contrib + +* Fri Jul 18 2003 Simon Matter +- modified for 2.2.1-BETA + +* Wed Jul 09 2003 Simon Matter +- modified rpm_set_permissions script + +* Mon Jul 07 2003 Simon Matter +- changed permissions on config and spool dirs +- modified init script + +* Thu Jul 03 2003 Simon Matter +- upgraded to 2.1.14 +- removed now obsolete forcedowncase patch +- use --with-extraident to add extra version information +- updated munge8bit patch + +* Wed Jun 04 2003 Simon Matter +- added RedHat 2.1ES support to the perlhack detection + +* Tue May 20 2003 Simon Matter +- upgraded autocreate patch + +* Fri May 09 2003 Simon Matter +- upgraded autocreate patch +- modified init script + +* Mon May 05 2003 Simon Matter +- upgraded to 2.1.13 +- replaced commands with macros, cleaned up spec file + +* Fri May 02 2003 Simon Matter +- added murder subpackage +- changed exec path to /usr/lib/cyrus-imapd + +* Thu May 01 2003 Simon Matter +- included modified munge8bit patch again + +* Tue Apr 29 2003 Simon Matter +- added new 8bit header patch +- upgraded IPv6 patch +- upgraded autocreate patch to 0.7 + +* Mon Apr 28 2003 Simon Matter +- added new autocreate patch + +* Mon Mar 31 2003 H-E Sandstrom +- added munge8bit patch + +* Mon Mar 24 2003 Simon Matter +- added createonpost fix patch + +* Thu Mar 20 2003 Simon Matter +- added functionality to patch the IPv6 patch on the fly if + autoconf > 2.13, we can now use newer autoconf again. + +* Tue Mar 18 2003 Paul Bender +- fixed spec file so that autoconf 2.13 will always be used, + since the IPv6 patch requires autoconf <= 2.13 + +* Fri Mar 14 2003 Simon Matter +- fixed problems with new file package + +* Thu Mar 13 2003 Simon Matter +- added kerberos include for RedHat Beta phoebe 2 +- added Henrique's forcedowncase patch + +* Mon Mar 03 2003 Simon Matter +- corrected imapd.conf + +* Sat Mar 01 2003 Simon Matter +- added note about lmtp socket in sendmail +- added flock patches + +* Fri Feb 07 2003 Simon Matter +- added build time option for fulldirhash + +* Wed Feb 05 2003 Simon Matter +- added IPV6 patch to source rpm +- fixed build on RedHat 6.2 + +* Tue Feb 04 2003 Simon Matter +- update to 2.1.12 +- added logrotate entry for /var/log/auth.log +- modified init script to use builtin daemon mode + +* Fri Jan 10 2003 Simon Matter +- small change in mboxlist backup script + +* Fri Jan 10 2003 Simon Matter +- fixed a cosmetic bug in cvt_cyrusdb_all +- added cron.daily job to backup mailboxes.db + +* Mon Jan 06 2003 Simon Matter +- add more entries to /etc/services + +* Wed Jan 01 2003 Simon Matter +- include snmpargs patch for build on RedHat 6.2 +- added build support for RedHat 6.2 + +* Mon Dec 30 2002 Simon Matter +- removed autoconf hack, not needed anymore +- enabled build on RedHat Beta Phoebe +- added services entry for lmtp +- cleanup spec file + +* Thu Dec 26 2002 Simon Matter +- removed BuildPrereq for e2fsprogs-devel + +* Thu Dec 12 2002 Simon Matter +- modified RedHat release detection +- added BuildPrereq for file + +* Thu Dec 05 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.11 +- upgrade IPV6 patch to 20021205 + +* Thu Nov 28 2002 Simon Matter +- Fixed some default attributes + +* Thu Nov 28 2002 Troels Arvin +- Explicitly changed files-section to + - use defattr for simple (root-owned 0644) files + - explictly set root as user/group owner where + the user/group ownership was previously indicated + as "-"; this allows building valid packages without + having to being root when building + +* Mon Nov 25 2002 Simon Matter +- changed default build option for IDLED to off +- included some useful info in README.* + +* Thu Nov 21 2002 Simon Matter +- added build time option for IDLED, thank you Roland Pope + +* Tue Nov 19 2002 Simon Matter +- fixed spec to really use fdatasync patch +- added createonpost patch + +* Thu Nov 14 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.10 +- build without IPv6 support by default + +* Tue Nov 12 2002 Simon Matter +- fixed db detection in .spec + +* Mon Oct 21 2002 Simon Matter +- updated cvt_cyrusdb_all script + +* Fri Oct 18 2002 Simon Matter +- added fdatasync patch + +* Thu Oct 03 2002 Simon Matter +- add RPM version 4.1 compatibility, which means remove installed + but not packaged files + +* Wed Sep 18 2002 Simon Matter +- added auto db converting functionality +- changed default for MBOXLIST_DB and SEEN_DB to skiplist + +* Mon Sep 16 2002 Simon Matter +- remove creation of cyrus user at build time +- added scripts from ftp://kalamazoolinux.org/pub/projects/awilliam/cyrus/ + +* Mon Sep 02 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.9 + +* Fri Aug 30 2002 Simon Matter +- included extra ident string + +* Thu Aug 29 2002 Simon Matter +- modified path in deliver-wrapper, thank you Richard L. Phipps +- added RedHat 2.1AS support to the perlhack detection +- added build time option to force syncronous updates on ext3 + +* Wed Aug 28 2002 Simon Matter +- added updated IPv6 patch from Hajimu UMEMOTO + +* Wed Aug 28 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.8 + +* Thu Aug 22 2002 Simon Matter +- included IPv6 patch from Hajimu UMEMOTO + +* Wed Aug 21 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.7 because of wrong version info + +* Wed Aug 21 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.6 + +* Mon Aug 19 2002 Simon Matter +- change db version detection, thank you Chris for reporting + +* Tue Aug 13 2002 Simon Matter +- fixed autoconf detection + +* Mon Aug 12 2002 Simon Matter +- included support for different autoconf versions +- modified the perl build and install process +- made some .spec changes to build on RedHat 7.x and limbo + +* Fri Aug 09 2002 Simon Matter +- included sieve matching patch + +* Thu Jun 27 2002 Simon Matter +- fixed %%post script where %%F was expanded to file.file + +* Wed Jun 26 2002 Simon Matter +- fixed missing man page + +* Tue Jun 25 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.5 + +* Mon Jun 24 2002 Simon Matter +- added compile time parameters to configure the package based on + the idea from Luca Olivetti +- make deliver-wrapper a compile time option + +* Fri May 03 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.4 + +* Mon Apr 22 2002 Simon Matter +- small initscript fix + +* Fri Mar 08 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.3 +- removed some stuff that was cleaned up in the sources +- added compile time options for db backends + +* Wed Mar 06 2002 Simon Matter +- removed requires perl-File-Temp for utils package, it's in the RedHat + perl RPM now + +* Fri Feb 22 2002 Simon Matter +- removed deliverdb/db + +* Wed Feb 20 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.2 + +* Mon Feb 11 2002 Simon Matter +- changed sasl_mech_list: PLAIN in /etc/imapd.conf +- added sieve to /etc/pam.d + +* Fri Feb 08 2002 Simon Matter +- added requires perl-File-Temp for utils package + +* Wed Feb 06 2002 Simon Matter +- added some %%dir flags +- removed /usr/lib/sasl/Cyrus.conf +- added conf templates +- build time option for usage of saslauth group + +* Tue Feb 05 2002 Simon Matter +- upgraded to cyrus-imapd 2.1.1 +- dependency of cyrus-sasl >= 2.1.0-1 + +* Sun Feb 03 2002 Simon Matter +- saslauth group is only deleted on uninstall if there is no other + member in this group + +* Sat Feb 02 2002 Simon Matter +- changed start/stop level in init file + +* Tue Jan 29 2002 Simon Matter +- dependency of cyrus-sasl >= 1.5.24-22 +- dotstuffing patch for sendmail calls made by sieve for outgoing + mails +- patch for ability to force ipurge to traverse personal folders + +* Mon Jan 28 2002 Simon Matter +- minor spec file changes + +* Sat Jan 19 2002 Simon Matter +- changed default auth to pam +- remove several %%dir from %%files sections +- change from /usr/lib/cyrus -> /usr/libexec/cyrus +- rename source files to something like cyrus... +- added rehash tool +- changed to hashed spool + +* Fri Jan 18 2002 Simon Matter +- fixed init script +- fixed %%post section in spec + +* Thu Jan 17 2002 Simon Matter +- ready for first build + +* Wed Jan 09 2002 Simon Matter +- initial package, with help from other packages out there