From 8549852f4700d6d7e2a7b766f4d7c8ff43a30c82 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 03:26:43 +0000 Subject: import dovecot-2.2.10-8.el7 --- diff --git a/SOURCES/dovecot-2.2-gidcheck.patch b/SOURCES/dovecot-2.2-gidcheck.patch new file mode 100644 index 0000000..eacbb26 --- /dev/null +++ b/SOURCES/dovecot-2.2-gidcheck.patch @@ -0,0 +1,63 @@ +From ca5b3ec5331545b46ec1f1c4ecfa1302ddb10653 Mon Sep 17 00:00:00 2001 +From: Timo Sirainen +Date: Wed, 29 Jun 2016 00:56:56 +0300 +Subject: [PATCH] auth: userdb passwd iteration now skips users not in + first/last_valid_gid range + +Patch by Michal Hlavinka / Red Hat +--- + src/auth/auth-settings.c | 4 ++++ + src/auth/auth-settings.h | 2 ++ + src/auth/userdb-passwd.c | 4 ++++ + 3 files changed, 10 insertions(+) + +diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c +index c942819..ea987cb 100644 +--- a/src/auth/auth-settings.c ++++ b/src/auth/auth-settings.c +@@ -264,6 +264,8 @@ static const struct setting_define auth_setting_defines[] = { + DEF_NOPREFIX(SET_BOOL, verbose_proctitle), + DEF_NOPREFIX(SET_UINT, first_valid_uid), + DEF_NOPREFIX(SET_UINT, last_valid_uid), ++ DEF_NOPREFIX(SET_UINT, first_valid_gid), ++ DEF_NOPREFIX(SET_UINT, last_valid_gid), + + SETTING_DEFINE_LIST_END + }; +@@ -313,6 +315,8 @@ static const struct auth_settings auth_default_settings = { + .verbose_proctitle = FALSE, + .first_valid_uid = 500, + .last_valid_uid = 0, ++ .first_valid_gid = 1, ++ .last_valid_gid = 0, + }; + + const struct setting_parser_info auth_setting_parser_info = { +diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h +index 1313576..409653f 100644 +--- a/src/auth/auth-settings.h ++++ b/src/auth/auth-settings.h +@@ -79,6 +79,8 @@ struct auth_settings { + bool verbose_proctitle; + unsigned int first_valid_uid; + unsigned int last_valid_uid; ++ unsigned int first_valid_gid; ++ unsigned int last_valid_gid; + + /* generated: */ + char username_chars_map[256]; +diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c +index f50bcba..a1f1871 100644 +--- a/src/auth/userdb-passwd.c ++++ b/src/auth/userdb-passwd.c +@@ -145,6 +145,10 @@ passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set) + return FALSE; + if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0) + return FALSE; ++ if (pw->pw_gid < (gid_t)set->first_valid_gid) ++ return FALSE; ++ if (pw->pw_gid > (gid_t)set->last_valid_gid && set->last_valid_gid != 0) ++ return FALSE; + return TRUE; + } + diff --git a/SPECS/dovecot.spec b/SPECS/dovecot.spec index f1cfdee..7bc55b3 100644 --- a/SPECS/dovecot.spec +++ b/SPECS/dovecot.spec @@ -5,7 +5,7 @@ Name: dovecot Epoch: 1 Version: 2.2.10 %global prever %{nil} -Release: 7%{?dist} +Release: 8%{?dist} #dovecot itself is MIT, a few sources are PD, pigeonhole is LGPLv2 License: MIT and LGPLv2 Group: System Environment/Daemons @@ -56,6 +56,9 @@ Patch13: dovecot-2.2.10-b8864211b88ed7521e9af514590639344af38910.patch # dovecot < 2.2.14, rhbz#1224496 Patch14: dovecot-2.2.10-0e1a3c909a13.patch +# dovecot < 2.2.25, rhbz#1280436 +Patch15: dovecot-2.2-gidcheck.patch + Source15: prestartscript Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -159,6 +162,7 @@ This package provides the development files for dovecot. %patch12 -p1 -b .ed6e472cab0e %patch13 -p1 -b .b8864211b88ed7521e9af514590639344af38910 %patch14 -p1 -b .0e1a3c909a13 +%patch15 -p1 -b .gidcheck sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in #pigeonhole pushd dovecot-2*2-pigeonhole-%{pigeonholever} @@ -518,6 +522,9 @@ make check %changelog +* Tue Mar 21 2017 Michal Hlavinka - 1:2.2.10-8 +- do not iterate over users outside of first/last_valid_gid range (#1280436) + * Thu Jun 09 2016 Michal Hlavinka - 1:2.2.10-7 - prevent warning messages from %%post section if selinux-policy is not installed (yet) (#1057522)