bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

[Leo Famulari]

* gnu/packages/mail.scm (dovecot): Update to 2.2.29.
[source]: Use 'dovecot-fix-failing-test.patch'.
* gnu/packages/patches/dovecot-fix-failing-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                       |   1 +
 gnu/packages/mail.scm                              |   8 +-
 .../patches/dovecot-fix-failing-test.patch         | 118 +++++++++++++++++++++
 3 files changed, 124 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/dovecot-fix-failing-test.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f3a4e54af..212228d5c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -539,6 +539,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/diffutils-gets-undeclared.patch		\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
+  %D%/packages/patches/dovecot-fix-failing-test.patch		\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 49fdb32e8..1a6c505ef 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1086,15 +1086,17 @@ facilities for checking incoming mail.")
 (define-public dovecot
   (package
     (name "dovecot")
-    (version "2.2.28")
+    (version "2.2.29")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://www.dovecot.org/releases/"
                            (version-major+minor version) "/"
                            name "-" version ".tar.gz"))
-       (sha256 (base32
-                "098zpkmkk93372qnv6drgbfg8hp5mynspzc1735qgar6wdcqya70"))))
+       (patches (search-patches "dovecot-fix-failing-test.patch"))
+       (sha256
+        (base32
+         "19irf7b5mjqq68mrpdd38gxc0zp2nqib942kjp3aif3f2acylffr"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/patches/dovecot-fix-failing-test.patch b/gnu/packages/patches/dovecot-fix-failing-test.patch
new file mode 100644
index 000000000..343bab03f
--- /dev/null
+++ b/gnu/packages/patches/dovecot-fix-failing-test.patch
@@ -0,0 +1,118 @@
+This patch fixes a test failure in dovecot 2.2.29, like this [0]:
+
+------
+Making check in lib-imap-client
+make[2]: Entering directory
+`/builddir/build/BUILD/dovecot-2.2.29/src/lib-imap-client'
+for bin in test-imapc-client; do \
+	  if !  ./$bin; then exit 1; fi; \
+	done
+Warning: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
+refused - reconnecting (delay 10 ms)
+Error: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
+refused - disconnecting
+test: random seed #1 was 1492054294
+imapc connect failed ................................................. : ok
+Warning: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out
+after 0 seconds - reconnecting (delay 0 ms)
+Error: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out after
+0 seconds - disconnecting
+imapc banner hangs ................................................... : ok
+Warning: imapc(127.0.0.1:36762): Authentication timed out after 0
+seconds - reconnecting (delay 0 ms)
+Error: imapc(127.0.0.1:36762): Authentication failed: Disconnected from
+server
+imapc login hangs .................................................... : ok
+test-imapc-client.c:358: Assert failed: test_imapc_cmd_last_reply_pop()
+== IMAPC_COMMAND_STATE_OK
+imapc reconnect ...................................................... :
+FAILED
+imapc reconnect resend commands ...................................... : ok
+imapc reconnect resend commands failed ............................... : ok
+imapc reconnect mailbox .............................................. : ok
+1 / 7 tests failed
+------
+
+Patch copied from upstream source repository:
+
+https://github.com/dovecot/core/commit/3a1c64363a64cdfe9153eb6292d8923f38955d82
+
+[0]
+https://dovecot.org/pipermail/dovecot/2017-April/107751.html
+
+From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001
+From: Timo Sirainen <timo.sirainen@dovecot.fi>
+Date: Mon, 10 Apr 2017 17:07:28 +0300
+Subject: [PATCH] lib-imap-client: Fix reconnection
+
+There was already code for reconnection. We just shouldn't have gone very
+far in imapc_connection_connect() if we were still waiting for reconnection
+delay to pass.
+---
+ src/lib-imap-client/imapc-connection.c | 25 +++++++++----------------
+ 1 file changed, 9 insertions(+), 16 deletions(-)
+
+diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c
+index 95067e6..6eaf1ab 100644
+--- a/src/lib-imap-client/imapc-connection.c
++++ b/src/lib-imap-client/imapc-connection.c
+@@ -130,6 +130,7 @@ struct imapc_connection {
+ 	struct timeout *to_throttle, *to_throttle_shrink;
+ 
+ 	unsigned int reconnecting:1;
++	unsigned int reconnect_waiting:1;
+ 	unsigned int reconnect_ok:1;
+ 	unsigned int idling:1;
+ 	unsigned int idle_stopping:1;
+@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct imapc_connection *conn)
+ static void imapc_connection_reconnect(struct imapc_connection *conn)
+ {
+ 	conn->reconnect_ok = FALSE;
++	conn->reconnect_waiting = FALSE;
+ 
+ 	if (conn->selected_box != NULL)
+ 		imapc_client_mailbox_reconnect(conn->selected_box);
+@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection *conn,
+ 			imapc_connection_disconnect_full(conn, TRUE);
+ 			conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
+ 			conn->reconnect_count++;
++			conn->reconnect_waiting = TRUE;
+ 		}
+ 	}
+ }
+@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection *conn)
+ 
+ 	if (conn->fd != -1 || conn->dns_lookup != NULL)
+ 		return;
++	if (conn->reconnect_waiting) {
++		/* wait for the reconnection delay to finish before
++		   doing anything. */
++		return;
++	}
++
+ 	conn->reconnecting = FALSE;
+ 	/* if we get disconnected before we've finished all the pending
+ 	   commands, don't reconnect */
+@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection *conn)
+ 		array_count(&conn->cmd_send_queue);
+ 
+ 	imapc_connection_input_reset(conn);
+-
+-	int msecs_since_last_connect =
+-		timeval_diff_msecs(&ioloop_timeval, &conn->last_connect);
+-	if (!conn->reconnect_ok &&
+-	    msecs_since_last_connect < (int)conn->client->set.connect_retry_interval_msecs) {
+-		if (conn->to != NULL)
+-			timeout_remove(&conn->to);
+-		conn->reconnecting = TRUE;
+-		imapc_connection_set_disconnected(conn);
+-		/* don't wait longer than necessary */
+-		unsigned int delay_msecs =
+-			conn->client->set.connect_retry_interval_msecs -
+-			msecs_since_last_connect;
+-		conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
+-		return;
+-	}
+ 	conn->last_connect = ioloop_timeval;
+ 
+ 	if (conn->client->set.debug) {
-- 
2.12.2

bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

[Kei Kebreau]

[-- Attachment #1: Type: text/plain, Size: 7576 bytes --]

Leo Famulari <leo@famulari.name> writes:

> * gnu/packages/mail.scm (dovecot): Update to 2.2.29.
> [source]: Use 'dovecot-fix-failing-test.patch'.
> * gnu/packages/patches/dovecot-fix-failing-test.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> ---
>  gnu/local.mk                                       |   1 +
>  gnu/packages/mail.scm                              |   8 +-
>  .../patches/dovecot-fix-failing-test.patch         | 118 +++++++++++++++++++++
>  3 files changed, 124 insertions(+), 3 deletions(-)
>  create mode 100644 gnu/packages/patches/dovecot-fix-failing-test.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index f3a4e54af..212228d5c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -539,6 +539,7 @@ dist_patch_DATA =						\
>    %D%/packages/patches/diffutils-gets-undeclared.patch		\
>    %D%/packages/patches/doc++-include-directives.patch		\
>    %D%/packages/patches/doc++-segfault-fix.patch			\
> +  %D%/packages/patches/dovecot-fix-failing-test.patch		\
>    %D%/packages/patches/doxygen-test.patch			\
>    %D%/packages/patches/elfutils-tests-ptrace.patch		\
>    %D%/packages/patches/elixir-disable-failing-tests.patch	\
> diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
> index 49fdb32e8..1a6c505ef 100644
> --- a/gnu/packages/mail.scm
> +++ b/gnu/packages/mail.scm
> @@ -1086,15 +1086,17 @@ facilities for checking incoming mail.")
>  (define-public dovecot
>    (package
>      (name "dovecot")
> -    (version "2.2.28")
> +    (version "2.2.29")
>      (source
>       (origin
>         (method url-fetch)
>         (uri (string-append "https://www.dovecot.org/releases/"
>                             (version-major+minor version) "/"
>                             name "-" version ".tar.gz"))
> -       (sha256 (base32
> -                "098zpkmkk93372qnv6drgbfg8hp5mynspzc1735qgar6wdcqya70"))))
> +       (patches (search-patches "dovecot-fix-failing-test.patch"))
> +       (sha256
> +        (base32
> +         "19irf7b5mjqq68mrpdd38gxc0zp2nqib942kjp3aif3f2acylffr"))))
>      (build-system gnu-build-system)
>      (native-inputs
>       `(("pkg-config" ,pkg-config)))
> diff --git a/gnu/packages/patches/dovecot-fix-failing-test.patch b/gnu/packages/patches/dovecot-fix-failing-test.patch
> new file mode 100644
> index 000000000..343bab03f
> --- /dev/null
> +++ b/gnu/packages/patches/dovecot-fix-failing-test.patch
> @@ -0,0 +1,118 @@
> +This patch fixes a test failure in dovecot 2.2.29, like this [0]:
> +
> +------
> +Making check in lib-imap-client
> +make[2]: Entering directory
> +`/builddir/build/BUILD/dovecot-2.2.29/src/lib-imap-client'
> +for bin in test-imapc-client; do \
> +	  if !  ./$bin; then exit 1; fi; \
> +	done
> +Warning: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
> +refused - reconnecting (delay 10 ms)
> +Error: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
> +refused - disconnecting
> +test: random seed #1 was 1492054294
> +imapc connect failed ................................................. : ok
> +Warning: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out
> +after 0 seconds - reconnecting (delay 0 ms)
> +Error: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out after
> +0 seconds - disconnecting
> +imapc banner hangs ................................................... : ok
> +Warning: imapc(127.0.0.1:36762): Authentication timed out after 0
> +seconds - reconnecting (delay 0 ms)
> +Error: imapc(127.0.0.1:36762): Authentication failed: Disconnected from
> +server
> +imapc login hangs .................................................... : ok
> +test-imapc-client.c:358: Assert failed: test_imapc_cmd_last_reply_pop()
> +== IMAPC_COMMAND_STATE_OK
> +imapc reconnect ...................................................... :
> +FAILED
> +imapc reconnect resend commands ...................................... : ok
> +imapc reconnect resend commands failed ............................... : ok
> +imapc reconnect mailbox .............................................. : ok
> +1 / 7 tests failed
> +------
> +
> +Patch copied from upstream source repository:
> +
> +https://github.com/dovecot/core/commit/3a1c64363a64cdfe9153eb6292d8923f38955d82
> +
> +[0]
> +https://dovecot.org/pipermail/dovecot/2017-April/107751.html
> +
> +From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001
> +From: Timo Sirainen <timo.sirainen@dovecot.fi>
> +Date: Mon, 10 Apr 2017 17:07:28 +0300
> +Subject: [PATCH] lib-imap-client: Fix reconnection
> +
> +There was already code for reconnection. We just shouldn't have gone very
> +far in imapc_connection_connect() if we were still waiting for reconnection
> +delay to pass.
> +---
> + src/lib-imap-client/imapc-connection.c | 25 +++++++++----------------
> + 1 file changed, 9 insertions(+), 16 deletions(-)
> +
> +diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c
> +index 95067e6..6eaf1ab 100644
> +--- a/src/lib-imap-client/imapc-connection.c
> ++++ b/src/lib-imap-client/imapc-connection.c
> +@@ -130,6 +130,7 @@ struct imapc_connection {
> + 	struct timeout *to_throttle, *to_throttle_shrink;
> + 
> + 	unsigned int reconnecting:1;
> ++	unsigned int reconnect_waiting:1;
> + 	unsigned int reconnect_ok:1;
> + 	unsigned int idling:1;
> + 	unsigned int idle_stopping:1;
> +@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct imapc_connection *conn)
> + static void imapc_connection_reconnect(struct imapc_connection *conn)
> + {
> + 	conn->reconnect_ok = FALSE;
> ++	conn->reconnect_waiting = FALSE;
> + 
> + 	if (conn->selected_box != NULL)
> + 		imapc_client_mailbox_reconnect(conn->selected_box);
> +@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection *conn,
> + 			imapc_connection_disconnect_full(conn, TRUE);
> + 			conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
> + 			conn->reconnect_count++;
> ++			conn->reconnect_waiting = TRUE;
> + 		}
> + 	}
> + }
> +@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection *conn)
> + 
> + 	if (conn->fd != -1 || conn->dns_lookup != NULL)
> + 		return;
> ++	if (conn->reconnect_waiting) {
> ++		/* wait for the reconnection delay to finish before
> ++		   doing anything. */
> ++		return;
> ++	}
> ++
> + 	conn->reconnecting = FALSE;
> + 	/* if we get disconnected before we've finished all the pending
> + 	   commands, don't reconnect */
> +@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection *conn)
> + 		array_count(&conn->cmd_send_queue);
> + 
> + 	imapc_connection_input_reset(conn);
> +-
> +-	int msecs_since_last_connect =
> +-		timeval_diff_msecs(&ioloop_timeval, &conn->last_connect);
> +-	if (!conn->reconnect_ok &&
> +-	    msecs_since_last_connect < (int)conn->client->set.connect_retry_interval_msecs) {
> +-		if (conn->to != NULL)
> +-			timeout_remove(&conn->to);
> +-		conn->reconnecting = TRUE;
> +-		imapc_connection_set_disconnected(conn);
> +-		/* don't wait longer than necessary */
> +-		unsigned int delay_msecs =
> +-			conn->client->set.connect_retry_interval_msecs -
> +-			msecs_since_last_connect;
> +-		conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
> +-		return;
> +-	}
> + 	conn->last_connect = ioloop_timeval;
> + 
> + 	if (conn->client->set.debug) {

What a coincidence! I was just looking at upgrading this package. LGTM.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

[Tobias Geerinckx-Rice]

[-- Attachment #1.1: Type: text/plain, Size: 229 bytes --]

On 11/04/17 19:58, Kei Kebreau wrote:
> What a coincidence! I was just looking at upgrading this package.

That makes three of us :-)

> LGTM.

Indeed! Thanks for keeping on top of these, Leo.

Kind regards,

T G-R


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 504 bytes --]

bug#26446: [PATCH 1/1] gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 368 bytes --]

On Tue, Apr 11, 2017 at 08:13:15PM +0200, Tobias Geerinckx-Rice wrote:
> On 11/04/17 19:58, Kei Kebreau wrote:
> > What a coincidence! I was just looking at upgrading this package.
> 
> That makes three of us :-)
> 
> > LGTM.
> 
> Indeed! Thanks for keeping on top of these, Leo.

Thanks for the review! Pushed as
0adb47bdc7d15e53b8c4c443ad19ebdfcc4177a0.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]