GNU bug report logs - #26446
[PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 26446 in the body.
You can then email your comments to 26446 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].
Date: Tue, 11 Apr 2017 13:01:16 -0400

* gnu/packages/mail.scm (dovecot): Update to 2.2.29.
[source]: Use 'dovecot-fix-failing-test.patch'.
* gnu/packages/patches/dovecot-fix-failing-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                       |   1 +
 gnu/packages/mail.scm                              |   8 +-
 .../patches/dovecot-fix-failing-test.patch         | 118 +++++++++++++++++++++
 3 files changed, 124 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/dovecot-fix-failing-test.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f3a4e54af..212228d5c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -539,6 +539,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/diffutils-gets-undeclared.patch		\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
+  %D%/packages/patches/dovecot-fix-failing-test.patch		\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 49fdb32e8..1a6c505ef 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1086,15 +1086,17 @@ facilities for checking incoming mail.")
 (define-public dovecot
   (package
     (name "dovecot")
-    (version "2.2.28")
+    (version "2.2.29")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://www.dovecot.org/releases/"
                            (version-major+minor version) "/"
                            name "-" version ".tar.gz"))
-       (sha256 (base32
-                "098zpkmkk93372qnv6drgbfg8hp5mynspzc1735qgar6wdcqya70"))))
+       (patches (search-patches "dovecot-fix-failing-test.patch"))
+       (sha256
+        (base32
+         "19irf7b5mjqq68mrpdd38gxc0zp2nqib942kjp3aif3f2acylffr"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/patches/dovecot-fix-failing-test.patch b/gnu/packages/patches/dovecot-fix-failing-test.patch
new file mode 100644
index 000000000..343bab03f
--- /dev/null
+++ b/gnu/packages/patches/dovecot-fix-failing-test.patch
@@ -0,0 +1,118 @@
+This patch fixes a test failure in dovecot 2.2.29, like this [0]:
+
+------
+Making check in lib-imap-client
+make[2]: Entering directory
+`/builddir/build/BUILD/dovecot-2.2.29/src/lib-imap-client'
+for bin in test-imapc-client; do \
+	  if !  ./$bin; then exit 1; fi; \
+	done
+Warning: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
+refused - reconnecting (delay 10 ms)
+Error: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
+refused - disconnecting
+test: random seed #1 was 1492054294
+imapc connect failed ................................................. : ok
+Warning: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out
+after 0 seconds - reconnecting (delay 0 ms)
+Error: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out after
+0 seconds - disconnecting
+imapc banner hangs ................................................... : ok
+Warning: imapc(127.0.0.1:36762): Authentication timed out after 0
+seconds - reconnecting (delay 0 ms)
+Error: imapc(127.0.0.1:36762): Authentication failed: Disconnected from
+server
+imapc login hangs .................................................... : ok
+test-imapc-client.c:358: Assert failed: test_imapc_cmd_last_reply_pop()
+== IMAPC_COMMAND_STATE_OK
+imapc reconnect ...................................................... :
+FAILED
+imapc reconnect resend commands ...................................... : ok
+imapc reconnect resend commands failed ............................... : ok
+imapc reconnect mailbox .............................................. : ok
+1 / 7 tests failed
+------
+
+Patch copied from upstream source repository:
+
+https://github.com/dovecot/core/commit/3a1c64363a64cdfe9153eb6292d8923f38955d82
+
+[0]
+https://dovecot.org/pipermail/dovecot/2017-April/107751.html
+
+From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001
+From: Timo Sirainen <timo.sirainen <at> dovecot.fi>
+Date: Mon, 10 Apr 2017 17:07:28 +0300
+Subject: [PATCH] lib-imap-client: Fix reconnection
+
+There was already code for reconnection. We just shouldn't have gone very
+far in imapc_connection_connect() if we were still waiting for reconnection
+delay to pass.
+---
+ src/lib-imap-client/imapc-connection.c | 25 +++++++++----------------
+ 1 file changed, 9 insertions(+), 16 deletions(-)
+
+diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c
+index 95067e6..6eaf1ab 100644
+--- a/src/lib-imap-client/imapc-connection.c
++++ b/src/lib-imap-client/imapc-connection.c
+@@ -130,6 +130,7 @@ struct imapc_connection {
+ 	struct timeout *to_throttle, *to_throttle_shrink;
+ 
+ 	unsigned int reconnecting:1;
++	unsigned int reconnect_waiting:1;
+ 	unsigned int reconnect_ok:1;
+ 	unsigned int idling:1;
+ 	unsigned int idle_stopping:1;
+@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct imapc_connection *conn)
+ static void imapc_connection_reconnect(struct imapc_connection *conn)
+ {
+ 	conn->reconnect_ok = FALSE;
++	conn->reconnect_waiting = FALSE;
+ 
+ 	if (conn->selected_box != NULL)
+ 		imapc_client_mailbox_reconnect(conn->selected_box);
+@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection *conn,
+ 			imapc_connection_disconnect_full(conn, TRUE);
+ 			conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
+ 			conn->reconnect_count++;
++			conn->reconnect_waiting = TRUE;
+ 		}
+ 	}
+ }
+@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection *conn)
+ 
+ 	if (conn->fd != -1 || conn->dns_lookup != NULL)
+ 		return;
++	if (conn->reconnect_waiting) {
++		/* wait for the reconnection delay to finish before
++		   doing anything. */
++		return;
++	}
++
+ 	conn->reconnecting = FALSE;
+ 	/* if we get disconnected before we've finished all the pending
+ 	   commands, don't reconnect */
+@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection *conn)
+ 		array_count(&conn->cmd_send_queue);
+ 
+ 	imapc_connection_input_reset(conn);
+-
+-	int msecs_since_last_connect =
+-		timeval_diff_msecs(&ioloop_timeval, &conn->last_connect);
+-	if (!conn->reconnect_ok &&
+-	    msecs_since_last_connect < (int)conn->client->set.connect_retry_interval_msecs) {
+-		if (conn->to != NULL)
+-			timeout_remove(&conn->to);
+-		conn->reconnecting = TRUE;
+-		imapc_connection_set_disconnected(conn);
+-		/* don't wait longer than necessary */
+-		unsigned int delay_msecs =
+-			conn->client->set.connect_retry_interval_msecs -
+-			msecs_since_last_connect;
+-		conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
+-		return;
+-	}
+ 	conn->last_connect = ioloop_timeval;
+ 
+ 	if (conn->client->set.debug) {
-- 
2.12.2

Message #8 received at 26446 <at> debbugs.gnu.org (full text, mbox):

From: Kei Kebreau <kei <at> openmailbox.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 26446 <at> debbugs.gnu.org
Subject: Re: bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes
 CVE-2017-2669].
Date: Tue, 11 Apr 2017 13:58:32 -0400

[Message part 1 (text/plain, inline)]

Leo Famulari <leo <at> famulari.name> writes:

> * gnu/packages/mail.scm (dovecot): Update to 2.2.29.
> [source]: Use 'dovecot-fix-failing-test.patch'.
> * gnu/packages/patches/dovecot-fix-failing-test.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> ---
>  gnu/local.mk                                       |   1 +
>  gnu/packages/mail.scm                              |   8 +-
>  .../patches/dovecot-fix-failing-test.patch         | 118 +++++++++++++++++++++
>  3 files changed, 124 insertions(+), 3 deletions(-)
>  create mode 100644 gnu/packages/patches/dovecot-fix-failing-test.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index f3a4e54af..212228d5c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -539,6 +539,7 @@ dist_patch_DATA =						\
>    %D%/packages/patches/diffutils-gets-undeclared.patch		\
>    %D%/packages/patches/doc++-include-directives.patch		\
>    %D%/packages/patches/doc++-segfault-fix.patch			\
> +  %D%/packages/patches/dovecot-fix-failing-test.patch		\
>    %D%/packages/patches/doxygen-test.patch			\
>    %D%/packages/patches/elfutils-tests-ptrace.patch		\
>    %D%/packages/patches/elixir-disable-failing-tests.patch	\
> diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
> index 49fdb32e8..1a6c505ef 100644
> --- a/gnu/packages/mail.scm
> +++ b/gnu/packages/mail.scm
> @@ -1086,15 +1086,17 @@ facilities for checking incoming mail.")
>  (define-public dovecot
>    (package
>      (name "dovecot")
> -    (version "2.2.28")
> +    (version "2.2.29")
>      (source
>       (origin
>         (method url-fetch)
>         (uri (string-append "https://www.dovecot.org/releases/"
>                             (version-major+minor version) "/"
>                             name "-" version ".tar.gz"))
> -       (sha256 (base32
> -                "098zpkmkk93372qnv6drgbfg8hp5mynspzc1735qgar6wdcqya70"))))
> +       (patches (search-patches "dovecot-fix-failing-test.patch"))
> +       (sha256
> +        (base32
> +         "19irf7b5mjqq68mrpdd38gxc0zp2nqib942kjp3aif3f2acylffr"))))
>      (build-system gnu-build-system)
>      (native-inputs
>       `(("pkg-config" ,pkg-config)))
> diff --git a/gnu/packages/patches/dovecot-fix-failing-test.patch b/gnu/packages/patches/dovecot-fix-failing-test.patch
> new file mode 100644
> index 000000000..343bab03f
> --- /dev/null
> +++ b/gnu/packages/patches/dovecot-fix-failing-test.patch
> @@ -0,0 +1,118 @@
> +This patch fixes a test failure in dovecot 2.2.29, like this [0]:
> +
> +------
> +Making check in lib-imap-client
> +make[2]: Entering directory
> +`/builddir/build/BUILD/dovecot-2.2.29/src/lib-imap-client'
> +for bin in test-imapc-client; do \
> +	  if !  ./$bin; then exit 1; fi; \
> +	done
> +Warning: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
> +refused - reconnecting (delay 10 ms)
> +Error: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
> +refused - disconnecting
> +test: random seed #1 was 1492054294
> +imapc connect failed ................................................. : ok
> +Warning: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out
> +after 0 seconds - reconnecting (delay 0 ms)
> +Error: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out after
> +0 seconds - disconnecting
> +imapc banner hangs ................................................... : ok
> +Warning: imapc(127.0.0.1:36762): Authentication timed out after 0
> +seconds - reconnecting (delay 0 ms)
> +Error: imapc(127.0.0.1:36762): Authentication failed: Disconnected from
> +server
> +imapc login hangs .................................................... : ok
> +test-imapc-client.c:358: Assert failed: test_imapc_cmd_last_reply_pop()
> +== IMAPC_COMMAND_STATE_OK
> +imapc reconnect ...................................................... :
> +FAILED
> +imapc reconnect resend commands ...................................... : ok
> +imapc reconnect resend commands failed ............................... : ok
> +imapc reconnect mailbox .............................................. : ok
> +1 / 7 tests failed
> +------
> +
> +Patch copied from upstream source repository:
> +
> +https://github.com/dovecot/core/commit/3a1c64363a64cdfe9153eb6292d8923f38955d82
> +
> +[0]
> +https://dovecot.org/pipermail/dovecot/2017-April/107751.html
> +
> +From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001
> +From: Timo Sirainen <timo.sirainen <at> dovecot.fi>
> +Date: Mon, 10 Apr 2017 17:07:28 +0300
> +Subject: [PATCH] lib-imap-client: Fix reconnection
> +
> +There was already code for reconnection. We just shouldn't have gone very
> +far in imapc_connection_connect() if we were still waiting for reconnection
> +delay to pass.
> +---
> + src/lib-imap-client/imapc-connection.c | 25 +++++++++----------------
> + 1 file changed, 9 insertions(+), 16 deletions(-)
> +
> +diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c
> +index 95067e6..6eaf1ab 100644
> +--- a/src/lib-imap-client/imapc-connection.c
> ++++ b/src/lib-imap-client/imapc-connection.c
> +@@ -130,6 +130,7 @@ struct imapc_connection {
> + 	struct timeout *to_throttle, *to_throttle_shrink;
> + 
> + 	unsigned int reconnecting:1;
> ++	unsigned int reconnect_waiting:1;
> + 	unsigned int reconnect_ok:1;
> + 	unsigned int idling:1;
> + 	unsigned int idle_stopping:1;
> +@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct imapc_connection *conn)
> + static void imapc_connection_reconnect(struct imapc_connection *conn)
> + {
> + 	conn->reconnect_ok = FALSE;
> ++	conn->reconnect_waiting = FALSE;
> + 
> + 	if (conn->selected_box != NULL)
> + 		imapc_client_mailbox_reconnect(conn->selected_box);
> +@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection *conn,
> + 			imapc_connection_disconnect_full(conn, TRUE);
> + 			conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
> + 			conn->reconnect_count++;
> ++			conn->reconnect_waiting = TRUE;
> + 		}
> + 	}
> + }
> +@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection *conn)
> + 
> + 	if (conn->fd != -1 || conn->dns_lookup != NULL)
> + 		return;
> ++	if (conn->reconnect_waiting) {
> ++		/* wait for the reconnection delay to finish before
> ++		   doing anything. */
> ++		return;
> ++	}
> ++
> + 	conn->reconnecting = FALSE;
> + 	/* if we get disconnected before we've finished all the pending
> + 	   commands, don't reconnect */
> +@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection *conn)
> + 		array_count(&conn->cmd_send_queue);
> + 
> + 	imapc_connection_input_reset(conn);
> +-
> +-	int msecs_since_last_connect =
> +-		timeval_diff_msecs(&ioloop_timeval, &conn->last_connect);
> +-	if (!conn->reconnect_ok &&
> +-	    msecs_since_last_connect < (int)conn->client->set.connect_retry_interval_msecs) {
> +-		if (conn->to != NULL)
> +-			timeout_remove(&conn->to);
> +-		conn->reconnecting = TRUE;
> +-		imapc_connection_set_disconnected(conn);
> +-		/* don't wait longer than necessary */
> +-		unsigned int delay_msecs =
> +-			conn->client->set.connect_retry_interval_msecs -
> +-			msecs_since_last_connect;
> +-		conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
> +-		return;
> +-	}
> + 	conn->last_connect = ioloop_timeval;
> + 
> + 	if (conn->client->set.debug) {

What a coincidence! I was just looking at upgrading this package. LGTM.

[signature.asc (application/pgp-signature, inline)]

Message #11 received at 26446 <at> debbugs.gnu.org (full text, mbox):

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: kei <at> openmailbox.org, leo <at> famulari.name
Cc: 26446 <at> debbugs.gnu.org
Subject: Re: bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes
 CVE-2017-2669].
Date: Tue, 11 Apr 2017 20:13:15 +0200

[Message part 1 (text/plain, inline)]

On 11/04/17 19:58, Kei Kebreau wrote:
> What a coincidence! I was just looking at upgrading this package.

That makes three of us :-)

> LGTM.

Indeed! Thanks for keeping on top of these, Leo.

Kind regards,

T G-R

[signature.asc (application/pgp-signature, attachment)]

Message #16 received at 26446-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Cc: 26446-done <at> debbugs.gnu.org, kei <at> openmailbox.org
Subject: Re: bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes
 CVE-2017-2669].
Date: Tue, 11 Apr 2017 21:22:01 -0400

[Message part 1 (text/plain, inline)]

On Tue, Apr 11, 2017 at 08:13:15PM +0200, Tobias Geerinckx-Rice wrote:
> On 11/04/17 19:58, Kei Kebreau wrote:
> > What a coincidence! I was just looking at upgrading this package.
> 
> That makes three of us :-)
> 
> > LGTM.
> 
> Indeed! Thanks for keeping on top of these, Leo.

Thanks for the review! Pushed as
0adb47bdc7d15e53b8c4c443ad19ebdfcc4177a0.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.