bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

[Kei Kebreau]

Leo Famulari <address@hidden> writes:

> * gnu/packages/mail.scm (dovecot): Update to 2.2.29.
> [source]: Use 'dovecot-fix-failing-test.patch'.
> * gnu/packages/patches/dovecot-fix-failing-test.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> ---
>  gnu/local.mk                                       |   1 +
>  gnu/packages/mail.scm                              |   8 +-
>  .../patches/dovecot-fix-failing-test.patch         | 118 
> +++++++++++++++++++++
>  3 files changed, 124 insertions(+), 3 deletions(-)
>  create mode 100644 gnu/packages/patches/dovecot-fix-failing-test.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index f3a4e54af..212228d5c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -539,6 +539,7 @@ dist_patch_DATA =                                         
> \
>    %D%/packages/patches/diffutils-gets-undeclared.patch               \
>    %D%/packages/patches/doc++-include-directives.patch                \
>    %D%/packages/patches/doc++-segfault-fix.patch                      \
> +  %D%/packages/patches/dovecot-fix-failing-test.patch                \
>    %D%/packages/patches/doxygen-test.patch                    \
>    %D%/packages/patches/elfutils-tests-ptrace.patch           \
>    %D%/packages/patches/elixir-disable-failing-tests.patch    \
> diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
> index 49fdb32e8..1a6c505ef 100644
> --- a/gnu/packages/mail.scm
> +++ b/gnu/packages/mail.scm
> @@ -1086,15 +1086,17 @@ facilities for checking incoming mail.")
>  (define-public dovecot
>    (package
>      (name "dovecot")
> -    (version "2.2.28")
> +    (version "2.2.29")
>      (source
>       (origin
>         (method url-fetch)
>         (uri (string-append "https://www.dovecot.org/releases/";
>                             (version-major+minor version) "/"
>                             name "-" version ".tar.gz"))
> -       (sha256 (base32
> -                "098zpkmkk93372qnv6drgbfg8hp5mynspzc1735qgar6wdcqya70"))))
> +       (patches (search-patches "dovecot-fix-failing-test.patch"))
> +       (sha256
> +        (base32
> +         "19irf7b5mjqq68mrpdd38gxc0zp2nqib942kjp3aif3f2acylffr"))))
>      (build-system gnu-build-system)
>      (native-inputs
>       `(("pkg-config" ,pkg-config)))
> diff --git a/gnu/packages/patches/dovecot-fix-failing-test.patch 
> b/gnu/packages/patches/dovecot-fix-failing-test.patch
> new file mode 100644
> index 000000000..343bab03f
> --- /dev/null
> +++ b/gnu/packages/patches/dovecot-fix-failing-test.patch
> @@ -0,0 +1,118 @@
> +This patch fixes a test failure in dovecot 2.2.29, like this [0]:
> +
> +------
> +Making check in lib-imap-client
> +make[2]: Entering directory
> +`/builddir/build/BUILD/dovecot-2.2.29/src/lib-imap-client'
> +for bin in test-imapc-client; do \
> +       if !  ./$bin; then exit 1; fi; \
> +     done
> +Warning: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
> +refused - reconnecting (delay 10 ms)
> +Error: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
> +refused - disconnecting
> +test: random seed #1 was 1492054294
> +imapc connect failed ................................................. : ok
> +Warning: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out
> +after 0 seconds - reconnecting (delay 0 ms)
> +Error: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out after
> +0 seconds - disconnecting
> +imapc banner hangs ................................................... : ok
> +Warning: imapc(127.0.0.1:36762): Authentication timed out after 0
> +seconds - reconnecting (delay 0 ms)
> +Error: imapc(127.0.0.1:36762): Authentication failed: Disconnected from
> +server
> +imapc login hangs .................................................... : ok
> +test-imapc-client.c:358: Assert failed: test_imapc_cmd_last_reply_pop()
> +== IMAPC_COMMAND_STATE_OK
> +imapc reconnect ...................................................... :
> +FAILED
> +imapc reconnect resend commands ...................................... : ok
> +imapc reconnect resend commands failed ............................... : ok
> +imapc reconnect mailbox .............................................. : ok
> +1 / 7 tests failed
> +------
> +
> +Patch copied from upstream source repository:
> +
> +https://github.com/dovecot/core/commit/3a1c64363a64cdfe9153eb6292d8923f38955d82
> +
> +[0]
> +https://dovecot.org/pipermail/dovecot/2017-April/107751.html
> +
> +From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001
> +From: Timo Sirainen <address@hidden>
> +Date: Mon, 10 Apr 2017 17:07:28 +0300
> +Subject: [PATCH] lib-imap-client: Fix reconnection
> +
> +There was already code for reconnection. We just shouldn't have gone very
> +far in imapc_connection_connect() if we were still waiting for reconnection
> +delay to pass.
> +---
> + src/lib-imap-client/imapc-connection.c | 25 +++++++++----------------
> + 1 file changed, 9 insertions(+), 16 deletions(-)
> +
> +diff --git a/src/lib-imap-client/imapc-connection.c 
> b/src/lib-imap-client/imapc-connection.c
> +index 95067e6..6eaf1ab 100644
> +--- a/src/lib-imap-client/imapc-connection.c
> ++++ b/src/lib-imap-client/imapc-connection.c
> +@@ -130,6 +130,7 @@ struct imapc_connection {
> +     struct timeout *to_throttle, *to_throttle_shrink;
> + 
> +     unsigned int reconnecting:1;
> ++    unsigned int reconnect_waiting:1;
> +     unsigned int reconnect_ok:1;
> +     unsigned int idling:1;
> +     unsigned int idle_stopping:1;
> +@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct 
> imapc_connection *conn)
> + static void imapc_connection_reconnect(struct imapc_connection *conn)
> + {
> +     conn->reconnect_ok = FALSE;
> ++    conn->reconnect_waiting = FALSE;
> + 
> +     if (conn->selected_box != NULL)
> +             imapc_client_mailbox_reconnect(conn->selected_box);
> +@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection 
> *conn,
> +                     imapc_connection_disconnect_full(conn, TRUE);
> +                     conn->to = timeout_add(delay_msecs, 
> imapc_connection_reconnect, conn);
> +                     conn->reconnect_count++;
> ++                    conn->reconnect_waiting = TRUE;
> +             }
> +     }
> + }
> +@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection 
> *conn)
> + 
> +     if (conn->fd != -1 || conn->dns_lookup != NULL)
> +             return;
> ++    if (conn->reconnect_waiting) {
> ++            /* wait for the reconnection delay to finish before
> ++               doing anything. */
> ++            return;
> ++    }
> ++
> +     conn->reconnecting = FALSE;
> +     /* if we get disconnected before we've finished all the pending
> +        commands, don't reconnect */
> +@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection 
> *conn)
> +             array_count(&conn->cmd_send_queue);
> + 
> +     imapc_connection_input_reset(conn);
> +-
> +-    int msecs_since_last_connect =
> +-            timeval_diff_msecs(&ioloop_timeval, &conn->last_connect);
> +-    if (!conn->reconnect_ok &&
> +-        msecs_since_last_connect < 
> (int)conn->client->set.connect_retry_interval_msecs) {
> +-            if (conn->to != NULL)
> +-                    timeout_remove(&conn->to);
> +-            conn->reconnecting = TRUE;
> +-            imapc_connection_set_disconnected(conn);
> +-            /* don't wait longer than necessary */
> +-            unsigned int delay_msecs =
> +-                    conn->client->set.connect_retry_interval_msecs -
> +-                    msecs_since_last_connect;
> +-            conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, 
> conn);
> +-            return;
> +-    }
> +     conn->last_connect = ioloop_timeval;
> + 
> +     if (conn->client->set.debug) {

What a coincidence! I was just looking at upgrading this package. LGTM.

signature.asc
Description: PGP signature