Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: dovecot

dovecot (1:2.2.9-1ubuntu2) trusty; urgency=medium * d/dovecot-core.config: Drop db_input for ssl-cert-exists; this message not actually an error, is documented in the README.Debian, and blocks automated upgrades (LP: #1278897). -- James Page <james.page@ubuntu.com> Fri, 07 Mar 2014 12:42:58 +0000 dovecot (1:2.2.9-1ubuntu1) trusty; urgency=medium * Merge from Debian unstable, remaining changes: + Add mail-stack-delivery package: - Update d/rules - d/control: convert existing dovecot-postfix package to a dummy package and add new mail-stack-delivery package. - Update maintainer scripts. - Rename d/dovecot-postfix.* to debian/mail-stack-delivery.* - d/mail-stack-delivery.preinst: Move previously installed backups and config files to a new package namespace. - d/mail-stack-delivery.prerm: Added to handle downgrades. + Use Snakeoil SSL certificates by default: - d/control: Depend on ssl-cert. - d/dovecot-core.postinst: Relax grep for SSL_* a bit. + Add autopkgtest to debian/tests/*. + Add ufw integration: - d/dovecot-core.ufw.profile: new ufw profile. - d/rules: install profile in dovecot-core. - d/control: dovecot-core - suggest ufw. + d/dovecot-core.dirs: Added usr/share/doc/dovecot-core + Add apport hook: - d/rules, d/source_dovecot.py + Add upstart job: - d/rules, d/dovecot-core.dovecot.upstart, d/control, d/dovecot-core.dirs, dovecot-imapd.{postrm, postinst, prerm}, d/dovecot-pop3d.{postinst, postrm, prerm}. d/mail-stack-deliver.postinst: Convert init script to upstart. + Use the autotools-dev dh addon to update config.guess/config.sub for arm64. * Dropped changes, included in Debian: - Update Dovecot name to reflect distribution in login greeting. - Update Drac plugin for >= 2.0.0 support. * d/control: Drop dovecot-postfix package as its no longer required. -- James Page <james.page@ubuntu.com> Wed, 08 Jan 2014 09:35:49 +0000

Modifications :
  1. Download patch debian/mail-stack-delivery.postinst

    --- 1:2.2.9-1/debian/mail-stack-delivery.postinst 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/mail-stack-delivery.postinst 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,95 @@ +#!/bin/sh + +set -e + +POSTFIX_BCKFILE="/var/backups/mail-stack-delivery/main.cf-backup" + +set_postfix_option() { + opt="$1" + # Backup the existion value of the option + postconf $(echo ${opt} | cut -d= -f1) >> ${POSTFIX_BCKFILE} || true + # Set the new value of the option + postconf -e "${opt}" + echo -n '.' +} + +if [ "$1" = "configure" ]; then + # Create initial symlinks for certificates + SSL_CERT=$( (grep -m 1 "ssl_cert_file" /etc/dovecot/conf.d/10-ssl.conf || echo '/etc/dovecot/dovecot.pem') | cut -d'=' -f2) + SSL_KEY=$( (grep -m 1 "ssl_key_file" /etc/dovecot/conf.d/10-ssl.conf || echo '/etc/dovecot/private/dovecot.pem') | cut -d'=' -f2) + + if [ ! -e "${SSL_KEY}" ]; then + ln -s /etc/ssl/private/ssl-cert-snakeoil.key ${SSL_KEY} + fi + if [ ! -e "${SSL_CERT}" ]; then + ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem ${SSL_CERT} + fi + # Configure postfix either on new install + # or if the postfix backup file is no longer there + # (only deleted when the pkg is removed) + if [ -f "/etc/postfix/main.cf" ]; then + if [ -e "$POSTFIX_BCKFILE" ]; then + cp $POSTFIX_BCKFILE ${POSTFIX_BCKFILE}-$(date +%Y%m%d%H%M) + fi + if [ -z "$2" -o ! -e "$POSTFIX_BCKFILE" ]; then + if which postconf >/dev/null; then + # Setup postfix + echo 'Mail stack delivery changes some postfix settings.' + echo 'Old values are stored in '$POSTFIX_BCKFILE'.' + echo 'Feel free to revert any of them when the process is done.' + echo -n 'Configuring postfix for mail-stack-delivery integration: ' + set_postfix_option "home_mailbox = Maildir/" + set_postfix_option "smtpd_sasl_auth_enable = yes" + set_postfix_option "smtpd_sasl_type = dovecot" + set_postfix_option "smtpd_sasl_path = private/dovecot-auth" + set_postfix_option "smtpd_sasl_authenticated_header = yes" + set_postfix_option "smtpd_sasl_security_options = noanonymous" + set_postfix_option "smtpd_sasl_local_domain = \$myhostname" + set_postfix_option "broken_sasl_auth_clients = yes" + set_postfix_option "smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination" + set_postfix_option "smtpd_sender_restrictions = reject_unknown_sender_domain" + set_postfix_option "mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m \"\${EXTENSION}\"" + set_postfix_option "smtpd_tls_cert_file = ${SSL_CERT}" + set_postfix_option "smtpd_tls_key_file = ${SSL_KEY}" + set_postfix_option "smtpd_use_tls = yes" + set_postfix_option "smtp_use_tls = yes" + set_postfix_option "smtpd_tls_received_header = yes" + set_postfix_option "smtpd_tls_mandatory_protocols = SSLv3, TLSv1" + set_postfix_option "smtpd_tls_mandatory_ciphers = medium" + set_postfix_option "smtpd_tls_auth_only = yes" + set_postfix_option "tls_random_source = dev:/dev/urandom" + echo ' done.' + fi + fi + # Parameters that need to be changed on upgrades + if [ ! -z "$2" ] && dpkg --compare-versions $2 lt 1:2.1.7-7ubuntu1; then + set_postfix_option "mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m \"\${EXTENSION}\"" + fi + else + echo "" + echo "Postfix not configured. Run" + echo "sudo dpkg-reconfigure postfix and choose" + echo "the type of mail server. Then run" + echo "sudo dpkg-reconfigure mail-stack-delivery to" + echo "finish mail-stack-delivery installation." + echo "" + fi + + if [ -x "/etc/init.d/dovecot" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d dovecot restart + else + service dovecot restart + fi + fi + if [ -x "/etc/init.d/postfix" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d postfix restart + else + service postfix restart + fi + fi + +fi + +#DEBHELPER#
  2. Download patch debian/mail-stack-delivery.README.Debian

    --- 1:2.2.9-1/debian/mail-stack-delivery.README.Debian 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/mail-stack-delivery.README.Debian 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,25 @@ +Introduction +------------------- + +Mail-stack-delivery will not install any binary or library files. This package +contains only configuration file /etc/dovecot/mail-stack-delivery.conf with +configuration prerpared by Ubuntu Server Team. + +dovecot's init script checks existance of +/etc/dovecot/mail-stack-delivery.conf and if that file exists, it reads it +instead of /etc/dovecot/dovecot.conf. + +During installation of package, it modifies postfix's configuration and +stores original version of /etc/postfix/main.cf in /var/backup/mail-stack-delivery. + +Features of mail-stack-delivery: +---------------------------- + +- IMAP4rev1 and POP3, including support for TLS and SSL +- SMTP, including support for TLS and SSL +- support for sieve scripting +- managesieve for managing sieve scripts directly on server +- dovecot MDA, including extensions separated with '+' +- Maildir storage engine +- SASL authentication (plain and login) +- support only for medium and high TLS/SSL ciphers
  3. Download patch debian/tests/testlib_dovecot.py

    --- 1:2.2.9-1/debian/tests/testlib_dovecot.py 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/tests/testlib_dovecot.py 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,127 @@ +#!/usr/bin/python +''' + Packages required: dovecot-imapd dovecot-pop3d +''' + +import subprocess, shutil, grp, os, os.path, sys, time + +class Dovecot: + def get_mailbox(self): + return self.mailbox + + def __init__(self,user,config=None): + '''Create test scenario. + + dovecot is configured for all protocols (imap[s] and pop3[s]), a test + user is set up, and /var/mail/$user contains an unread and a read mail. + ''' + + self.old_version = False + if config == None: + if file("/etc/dovecot/dovecot.conf","r").read().find('auth_mechanisms = plain')>0: + # Old dovecot + config=''' +protocols = imap imaps pop3 pop3s +login = imap +login = pop3 +mail_extra_groups = mail + +auth = auth-cram +auth_mechanisms = cram-md5 +auth_passdb = passwd-file /etc/dovecot/test.passwd +auth_user = root + +auth = auth-plain +auth_mechanisms = plain +auth_passdb = pam +auth_user = root + +''' + self.old_version = True + else: + # Modern dovecot + config=''' +protocols = imap imaps pop3 pop3s +log_timestamp = "%Y-%m-%d %H:%M:%S " +mail_extra_groups = mail +protocol imap { +} +protocol pop3 { + pop3_uidl_format = %08Xu%08Xv +} +auth default { + mechanisms = plain cram-md5 + passdb passwd-file { + args = /etc/dovecot/test.passwd + } + passdb pam { + } + userdb passwd { + } + user = root +} +''' + + # make sure that /etc/inetd.conf exists to avoid init script errors + self.created_inetdconf = False + if not os.path.exists('/etc/inetd.conf'): + open('/etc/inetd.conf', 'a') + self.created_inetdconf = True + + # configure and restart dovecot + if not os.path.exists('/etc/dovecot/dovecot.conf.autotest'): + shutil.copyfile('/etc/dovecot/dovecot.conf', '/etc/dovecot/dovecot.conf.autotest') + cfgfile = open('/etc/dovecot/dovecot.conf', 'w') + cfgfile.write(config) + cfgfile.close() + + file('/etc/dovecot/test.passwd','w').write('%s:{plain}%s\n' % (user.login, user.password) ) + + # restart will fail if dovecot is not already running + subprocess.call(['/etc/init.d/dovecot', 'stop'], stdout=subprocess.PIPE) + assert subprocess.call(['/etc/init.d/dovecot', 'start'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) == 0 + + # create test mailbox with one new and one old mail + self.mailbox = '/var/mail/' + user.login + self.orig_mbox = \ +'''From test1@test1.com Fri Nov 17 02:21:08 2006 +Date: Thu, 16 Nov 2006 17:12:23 -0800 +From: Test User 1 <test1@test1.com> +To: Dovecot tester <dovecot@test.com> +Subject: Test 1 +Status: N + +Some really important news. + +From test2@test1.com Tue Nov 28 11:29:34 2006 +Date: Tue, 28 Nov 2006 11:29:34 +0100 +From: Test User 2 <test2@test2.com> +To: Dovecot tester <dovecot@test.com> +Subject: Test 2 +Status: R + +More news. + +Get cracking! +''' + open(self.mailbox, 'w').write(self.orig_mbox) + os.chown(self.mailbox, user.uid, grp.getgrnam('mail')[2]) + os.chmod(self.mailbox, 0660) + + def __del__(self): + # restore original configuration and restart dovecot + os.rename('/etc/dovecot/dovecot.conf.autotest', '/etc/dovecot/dovecot.conf') + # quiesce, default configuration has no protocols + subprocess.call(['/etc/init.d/dovecot', 'restart'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + + if self.created_inetdconf: + os.unlink('/etc/inetd.conf') + + def get_ssl_fingerprint(self): + pem = '/etc/ssl/certs/dovecot.pem' + if not os.path.exists(pem): + pem = '/etc/ssl/certs/ssl-cert-snakeoil.pem' + + sp = subprocess.Popen(['openssl','x509','-in',pem,'-noout','-md5','-fingerprint'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True) + return sp.communicate(None)[0].split('=',1)[1].strip() +
  4. Download patch debian/tests/general
  5. Download patch debian/tests/control

    --- 1:2.2.9-1/debian/tests/control 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/tests/control 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,4 @@ +Tests: general +Restrictions: needs-root +Features: no-build-needed +Depends: python, dovecot-imapd, dovecot-pop3d
  6. Download patch debian/dovecot-core.config

    --- 1:2.2.9-1/debian/dovecot-core.config 2013-11-28 05:46:44.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/dovecot-core.config 2014-03-07 12:41:33.000000000 +0000 @@ -16,8 +16,6 @@ else fi if [ -e "$OLD_SSL_CERT" ] || [ -e "$OLD_SSL_KEY" ]; then - db_input low dovecot-core/ssl-cert-exists || true - db_go || true db_set dovecot-core/create-ssl-cert false # Generate new certs if needed else
  7. Download patch debian/rules

    --- 1:2.2.9-1/debian/rules 2013-11-28 05:46:44.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/rules 2014-03-07 12:26:37.000000000 +0000 @@ -2,6 +2,7 @@ # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. +export DEB_BUILD_HARDENING=1 # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 @@ -25,6 +26,8 @@ endif config-stamp: configure dh_testdir + dh_autotools-dev_updateconfig + autoconf # Dovecot $(shell $(dpkg_buildflags) --export=configure) sh configure \ --with-ldap=plugin \ @@ -83,6 +86,7 @@ clean: [ ! -f $(PIGEONHOLE_DIR)/Makefile ] || $(MAKE) -C $(PIGEONHOLE_DIR) distclean # Cleanup DRAC rm -f src/plugins/drac/drac_plugin.so + dh_autotools-dev_restoreconfig debconf-updatepo dh_clean @@ -107,6 +111,7 @@ install: build $(CURDIR)/debian/dovecot-core/usr/share/dovecot/conf.d/ install -o root -g root -m 0644 $(CURDIR)/$(PIGEONHOLE_DIR)/doc/example-config/conf.d/*.conf \ $(CURDIR)/debian/dovecot-core/usr/share/dovecot/conf.d/ + install -m644 debian/dovecot-core.ufw.profile debian/dovecot-core/etc/ufw/applications.d/dovecot-core install -D -m 0755 -o root -g root $(CURDIR)/debian/maildirmake.dovecot $(CURDIR)/debian/dovecot-core/usr/bin/maildirmake.dovecot mv $(CURDIR)/debian/dovecot-core/usr/share/doc/dovecot $(CURDIR)/debian/dovecot-core/usr/share/doc/dovecot-core cp $(PIGEONHOLE_DIR)/ChangeLog $(CURDIR)/debian/dovecot-core/usr/share/doc/dovecot-core/pigeonhole.ChangeLog @@ -172,8 +177,13 @@ install: build mv $(CURDIR)/debian/dovecot-core/usr/lib/dovecot/dovecot-config $(CURDIR)/debian/dovecot-dev/usr/lib/dovecot rmdir $(CURDIR)/debian/dovecot-core/usr/include + # Install apport hook + install -D -m 644 debian/source_dovecot.py $(CURDIR)/debian/dovecot-core/usr/share/apport/package-hooks/dovecot-core.py + # Build architecture-independent files here. binary-indep: build install + mkdir -p $(CURDIR)/debian/mail-stack-delivery/etc/dovecot/conf.d/ + cp $(CURDIR)/debian/99-mail-stack-delivery.conf $(CURDIR)/debian/mail-stack-delivery/etc/dovecot/conf.d/ dh_testdir -i dh_testroot -i dh_installchangelogs -i @@ -201,7 +211,7 @@ binary-arch: build install dh_installpam -a mv $(CURDIR)/debian/dovecot-core/etc/pam.d/dovecot-core $(CURDIR)/debian/dovecot-core/etc/pam.d/dovecot dh_systemd_enable - dh_installinit -pdovecot-core --init-script=dovecot -u"defaults 20" + dh_installinit -pdovecot-core --name=dovecot dh_systemd_start dh_installman -a dh_installman -p dovecot-core debian/maildirmake.dovecot.1
  8. Download patch debian/control

    --- 1:2.2.9-1/debian/control 2013-11-28 05:46:44.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/control 2014-03-07 12:26:37.000000000 +0000 @@ -1,9 +1,10 @@ Source: dovecot Section: mail Priority: optional -Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org> Uploaders: Jaldhar H. Vyas <jaldhar@debian.org>, Fabio Tranchitella <kobold@debian.org>, Joel Johnson <mrjoel@lixil.net>, Marco Nenciarini <mnencia@debian.org> -Build-Depends: debhelper (>= 7.2.3~), dpkg-dev (>= 1.16.1), pkg-config, libssl-dev, libpam0g-dev, libldap2-dev, libpq-dev, libmysqlclient-dev, libsqlite3-dev, libsasl2-dev, zlib1g-dev, libkrb5-dev, drac-dev (>= 1.12-5), libbz2-dev, libdb-dev, libcurl4-gnutls-dev, libexpat-dev, libwrap0-dev, dh-systemd, po-debconf, lsb-release +Build-Depends: debhelper (>= 7.2.3~), dpkg-dev (>= 1.16.1), pkg-config, libssl-dev, libpam0g-dev, libldap2-dev, libpq-dev, libmysqlclient-dev, libsqlite3-dev, libsasl2-dev, zlib1g-dev, libkrb5-dev, drac-dev (>= 1.12-5), libbz2-dev, libdb-dev, libcurl4-gnutls-dev, libexpat-dev, libwrap0-dev, dh-systemd, po-debconf, lsb-release, hardening-wrapper, dh-autoreconf, autotools-dev Standards-Version: 3.9.4 Homepage: http://dovecot.org/ Vcs-Git: git://git.debian.org/git/collab-maint/dovecot.git @@ -11,8 +12,9 @@ Vcs-Browser: http://git.debian.org/?p=co Package: dovecot-core Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, ucf (>= 2.0020) -Suggests: ntp, dovecot-gssapi, dovecot-sieve, dovecot-pgsql, dovecot-mysql, dovecot-sqlite, dovecot-ldap, dovecot-imapd, dovecot-pop3d, dovecot-lmtpd, dovecot-managesieved, dovecot-solr +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, ucf (>= 2.0020), ssl-cert (>= 1.0-11ubuntu1), lsb-base (>= 3.2-12ubuntu3) +Suggests: ntp, dovecot-gssapi, dovecot-sieve, dovecot-pgsql, dovecot-mysql, dovecot-sqlite, dovecot-ldap, dovecot-imapd, dovecot-pop3d, dovecot-lmtpd, dovecot-managesieved, dovecot-solr, ufw +Recommends: ntpdate Provides: dovecot-common Replaces: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4) Breaks: dovecot-common (<< 1:2.0.14-2~), mailavenger (<< 0.8.1-4) @@ -191,3 +193,18 @@ Description: secure POP3/IMAP server - d fast, extensible, and portable. . This package contains debug symbols for Dovecot. + +Package: mail-stack-delivery +Architecture: all +Depends: dovecot-core, dovecot-imapd, dovecot-pop3d, dovecot-managesieved, + postfix, ${misc:Depends} +Replaces: dovecot-postfix (<< 1:1.2.12-0ubuntu1~) +Description: mail server delivery agent stack provided by Ubuntu server team + Ubuntu's mail stack provides fully operational delivery with + safe defaults and additional options. Out of the box it supports IMAP, + POP3 and SMTP services with SASL authentication and Maildir as default + storage engine. + . + This package contains configuration files for dovecot. + . + This package modifies postfix's configuration to integrate with dovecot
  9. Download patch debian/mail-stack-delivery.dirs

    --- 1:2.2.9-1/debian/mail-stack-delivery.dirs 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/mail-stack-delivery.dirs 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,2 @@ +var/backups +var/backups/mail-stack-delivery
  10. Download patch debian/dovecot-core.dovecot.upstart

    --- 1:2.2.9-1/debian/dovecot-core.dovecot.upstart 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/dovecot-core.dovecot.upstart 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,39 @@ +# dovecot - pop3/imap mail server +# +# Dovecot is a mail server whose major goals are security and extreme reliability. + +description "dovecot - pop3/imap mail server" + +start on runlevel [2345] +stop on runlevel [!2345] + +respawn + +pre-start script + test -x /usr/sbin/dovecot || { stop ; exit 0; } + test -r /etc/dovecot/dovecot.conf || { stop ; exit 0; } + + # dont check for inetd.conf if its not installed + if [ -f /etc/inetd.conf ]; then + # The init script should do nothing if dovecot or another imap/pop3 server + # is being run from inetd, and dovecot is configured to run as an imap or + # pop3 service + for p in `sed -r "s/^ *(([^:]+|\[[^]]+]|\*):)?(pop3s?|imaps?)[ \t].*/\3/;t;d" \ + /etc/inetd.conf` + do + for q in `sed -r "s/^[ \t]*protocols[ \t]*=[ \t]*(([^\"]*)|\"(.*)\")/\2\3/;t;d" \ + /etc/dovecot/dovecot.conf` + do + if [ $p = $q ]; then + exit 0 + fi + done + done + fi + +end script + +script + test -x /usr/sbin/ntp-wait && ntp-wait -n 2 || true + exec /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf +end script
  11. Download patch debian/99-mail-stack-delivery.conf

    --- 1:2.2.9-1/debian/99-mail-stack-delivery.conf 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/99-mail-stack-delivery.conf 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,48 @@ +# Some general options +protocols = imap pop3 sieve +disable_plaintext_auth = yes +ssl = yes +ssl_cert = </etc/dovecot/dovecot.pem +ssl_key = </etc/dovecot/private/dovecot.pem +ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM +mail_location = maildir:~/Maildir +auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ + +# IMAP configuration +protocol imap { + mail_max_userip_connections = 10 + imap_client_workarounds = delay-newmail +} + +# POP3 configuration +protocol pop3 { + mail_max_userip_connections = 10 + pop3_client_workarounds = outlook-no-nuls oe-ns-eoh +} + +# LDA configuration +protocol lda { + postmaster_address = postmaster + mail_plugins = sieve + quota_full_tempfail = yes + deliver_log_format = msgid=%m: %$ + rejection_reason = Your message to <%t> was automatically rejected:%n%r +} + +# Plugins configuration +plugin { + sieve=~/.dovecot.sieve + sieve_dir=~/sieve +} + +# Authentication configuration +auth_mechanisms = plain login + +service auth { + # Postfix smtp-auth + unix_listener /var/spool/postfix/private/dovecot-auth { + mode = 0660 + user = postfix + group = postfix + } +}
  12. Download patch debian/dovecot-core.ufw.profile

    --- 1:2.2.9-1/debian/dovecot-core.ufw.profile 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/dovecot-core.ufw.profile 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,23 @@ +[Dovecot POP3] +title=Secure mail server (POP3) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=110/tcp + +[Dovecot Secure POP3] +title=Secure mail server (POP3S) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=995/tcp + +[Dovecot IMAP] +title=Secure mail server (IMAP) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=143/tcp + +[Dovecot Secure IMAP] +title=Secure mail server (IMAPS) +description=Dovecot is a mail server whose major goals are security and extreme + reliability. +ports=993/tcp
  13. Download patch debian/dovecot-core.lintian-overrides

    --- 1:2.2.9-1/debian/dovecot-core.lintian-overrides 2013-11-28 05:46:44.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/dovecot-core.lintian-overrides 2014-03-07 12:26:37.000000000 +0000 @@ -7,7 +7,6 @@ dovecot-core: hardening-no-fortify-funct dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/libdovecot-login.so.0.0.0 dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/libdovecot-sql.so.0.0.0 dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/modules/auth/libauthdb_imap.so -dovecot-core: hardening-no-relro usr/lib/dovecot/modules/drac.so dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/modules/lib05_pop3_migration_plugin.so dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/modules/lib10_quota_plugin.so dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/modules/lib11_trash_plugin.so
  14. Download patch debian/dovecot-core.dirs

    --- 1:2.2.9-1/debian/dovecot-core.dirs 2013-11-28 05:46:44.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/dovecot-core.dirs 2014-03-07 12:26:37.000000000 +0000 @@ -1,3 +1,9 @@ etc/dovecot/private usr/sbin usr/share/dovecot/protocols.d +usr/share/doc/dovecot-core +etc/dovecot/conf.d +etc/ssl/certs +etc/ssl/private +etc/ufw/applications.d +
  15. Download patch debian/mail-stack-delivery.preinst

    --- 1:2.2.9-1/debian/mail-stack-delivery.preinst 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/mail-stack-delivery.preinst 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,76 @@ +#!/bin/sh + +set -e + +# Prepare to move a conffile without triggering a dpkg question +prep_mv_conffile() { + PKGNAME="$1" + CONFFILE="$2" + if [ -e "$CONFFILE" ]; then + md5sum="`md5sum \"$CONFFILE\" | sed -e \"s/ .*//\"`" + old_md5sum="`dpkg-query -W -f='${Conffiles}' $PKGNAME | sed -n -e \"\\\\' $CONFFILE'{s/ obsolete$//;s/.* //p}\"`" + if [ "$md5sum" = "$old_md5sum" ]; then + rm -f "$CONFFILE" + else + if [ -e "$CONFFILE" ]; then + if [ "$CONFFILE" = "/etc/dovecot/conf.d/01-dovecot-postfix.conf" ]; then + mv -f "$CONFFILE" "/etc/dovecot/conf.d/01-mail-stack-delivery.conf" + fi + if [ "$CONFFILE" = "/etc/dovecot/auth.d/01-dovecot-postfix.auth" ]; then + mv -f "$CONFFILE" "/etc/dovecot/auth.d/01-mail-stack-delivery.auth" + fi + fi + fi + fi +} +case "$1" in +install|upgrade) + if dpkg --compare-versions "$2" lt "1:1.2.9-1ubuntu8"; then + prep_mv_conffile mail-stack-delivery "/etc/dovecot/conf.d/01-dovecot-postfix.conf" + prep_mv_conffile mail-stack-delivery "/etc/dovecot/auth.d/01-dovecot-postfix.auth" + if [ -f "/usr/share/dovecot/dovecot-postfix.conf" ]; then + mv -f "/usr/share/dovecot/dovecot-postfix.conf" "/usr/share/dovecot/mail-stack-delivery.conf" + fi + if [ -f "/etc/dovecot/dovecot-postfix.conf" ]; then + mv -f "/etc/dovecot/dovecot-postfix.conf" "/etc/dovecot/mail-stack-delivery.conf" + fi + if [ -e "/var/backups/dovecot-postfix/main.cf-backup" ]; then + if [ -n "//var/backups/mail-stack-delivery/" ]; then + mkdir "/var/backups/mail-stack-delivery/" + fi + mv -f "/var/backups/dovecot-postfix/main.cf-backup" "/var/backups/mail-stack-delivery/main.cf-backup" + test -d /var/backups/dovecot-postfix/ && rmdir --ignore-fail-on-non-empty /var/backups/dovecot-postfix/ + fi + fi + + + # Check if mail-stack-delivery.conf had any customizations + if [ -f "/usr/share/dovecot/mail-stack-delivery.conf" ]; then + if [ -f "/etc/dovecot/mail-stack-delivery.conf" ]; then + mv /etc/dovecot/mail-stack-delivery.conf /etc/dovecot/mail-stack-delivery.conf.bak + DIR=`mktemp -d` + egrep -v ^protocol /etc/dovecot/mail-stack-delivery.conf.bak > $DIR/mail-stack-delivery-custom.conf + egrep -v ^protocol /usr/share/dovecot/mail-stack-delivery.conf > $DIR/mail-stack-delivery.conf + if diff -qur $DIR/mail-stack-delivery-dist.conf $DIR/mail-stack-delivery-custom.conf 1>/dev/null 2>&1; then + rm -f /etc/dovecot/mail-stack-delivery.conf.bak + else + awk ' /^auth default/ {flag=1;next} /^}/{flag=0} flag { print }' /etc/dovecot/mail-stack-delivery.conf.bak > /etc/dovecot/auth.d/01-mail-stack-delivery.auth + awk ' /^## Dovecot conf/{flag=1} /^auth default/{flag=0} flag { print }' /etc/dovecot/mail-stack-delivery.conf.bak > /etc/dovecot/conf.d/01-mail-stack-delivery.conf + awk ' /^# If you wish to use another authentication server than dovecot-auth/{flag=1} flag { print }' /etc/dovecot/mail-stack-delivery.conf.bak >> /etc/dovecot/conf.d/01-mail-stack-delivery.conf + fi + rm -rf $DIR + fi + + fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER#
  16. Download patch debian/tests/testlib.py

    --- 1:2.2.9-1/debian/tests/testlib.py 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/tests/testlib.py 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,101 @@ +'''Common classes and functions for package tests.''' + +import string, random, crypt, subprocess, pwd, signal, time + +class TimedOutException(Exception): + def __init__(self, value = "Timed Out"): + self.value = value + def __str__(self): + return repr(self.value) + +def timeout(secs, f, *args): + def handler(signum, frame): + raise TimedOutException() + + old = signal.signal(signal.SIGALRM, handler) + result = None + signal.alarm(secs) + try: + result = f(*args) + finally: + signal.alarm(0) + signal.signal(signal.SIGALRM, old) + + return result + +def random_string(length): + '''Return a random string, consisting of ASCII letters, with given + length.''' + + s = '' + maxind = len(string.letters)-1 + for l in range(length): + s += string.letters[random.randint(0, maxind)] + return s + +def login_exists(login): + '''Checks whether the given login exists on the system.''' + + try: + pwd.getpwnam(login) + return True + except KeyError: + return False + +def cmd(command, input = None, stderr = subprocess.STDOUT): + '''Try to execute given command (array) and return its stdout, or return + a textual error if it failed.''' + + try: + sp = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=stderr, close_fds=True) + except OSError, e: + return [127, str(e)] + + out = sp.communicate(input)[0] + return [sp.returncode,out] + +class TestUser: + '''Create a temporary test user and remove it again in the dtor.''' + + def __init__(self, login=None, home=True): + '''Create a new user account with a random password. + + By default, the login name is random, too, but can be explicitly + specified with 'login'. By default, a home directory is created, this + can be suppressed with 'home=False'.''' + + self.login = None + + if login: + if login_exists(login): + raise ValueError, 'login name already exists' + else: + while(True): + login = random_string(8) + if not login_exists(login): + break + + self.salt = random_string(2) + self.password = random_string(8) + self.crypted = crypt.crypt(self.password, self.salt) + + if home: + assert subprocess.call(['useradd', '-p', self.crypted, '-m', login]) == 0 + else: + assert subprocess.call(['useradd', '-p', self.crypted, login]) == 0 + + self.login = login + p = pwd.getpwnam(self.login) + self.uid = p[2] + self.gid = p[3] + + def __del__(self): + '''Remove the created user account.''' + + if self.login: + # seems to already have gone here + try: + import subprocess + except: + pass + assert subprocess.call(['userdel', '-r', self.login]) == 0
  17. Download patch debian/dovecot-core.postinst

    --- 1:2.2.9-1/debian/dovecot-core.postinst 2013-11-28 05:46:44.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/dovecot-core.postinst 2014-03-07 12:26:37.000000000 +0000 @@ -118,12 +118,40 @@ if [ "$1" = "configure" ]; then delgroup imapd || true fi + ## SSL Certs + # Certs and key file + OLD_SSL_CERT="/etc/ssl/certs/dovecot.pem" + OLD_SSL_KEY="/etc/ssl/private/dovecot.pem" + SSL_CERT=$( (grep -m 1 "ssl_cert_file" /etc/dovecot/conf.d/10-ssl.conf || echo '/etc/dovecot/dovecot.pem') | cut -d'=' -f2) + SSL_KEY=$( (grep -m 1 "ssl_key_file" /etc/dovecot/conf.d/10-ssl.conf || echo '/etc/dovecot/private/dovecot.pem') | cut -d'=' -f2) + if [ ! -e /etc/dovecot/private ]; then install -d -o root -g root -m0700 /etc/dovecot/private fi - SSL_CERT=`doveconf -S ssl_cert | sed -e 's/^ssl_cert=<//'` - SSL_KEY=`doveconf -S ssl_key | sed -e 's/^ssl_key=<//'` + if [ -e $OLD_SSL_CERT ] || [ -e $OLD_SSL_KEY ]; then + echo "You already have ssl certs for dovecot." + echo "However you should move them out of /etc/ssl" + echo "and into /etc/dovecot and update the configuration" + echo "in /etc/dovecot/conf.d/10-ssl.conf accordingly." + echo "See /usr/share/doc/dovecot-core/README.Debian.gz for details." + # Create backward compatible symlinks to keep dovecot functioning + if [ ! -e $SSL_CERT ]; then + echo "Creating compat symlink for $OLD_SSL_CERT" + ln -s $OLD_SSL_CERT $SSL_CERT + fi + if [ ! -e $SSL_KEY ]; then + echo "Creating compat symlink for $OLD_SSL_KEY" + ln -s $OLD_SSL_KEY $SSL_KEY + fi + fi + # Generate new certs if needed + if [ -e $SSL_CERT ] || [ -e $SSL_KEY ]; then + echo "You already have ssl certs for dovecot." + else + echo "Creating generic self-signed certificate: $SSL_CERT" + echo "This certificate will expire in 10 years." + echo "(replace with hand-crafted or authorized one if needed)." db_get dovecot-core/create-ssl-cert if [ "$RET" = "true" ]; then @@ -135,7 +163,7 @@ if [ "$1" = "configure" ]; then COMMONNAME="$RET" MAILNAME="$(cat /etc/mailname 2> /dev/null || echo "$COMMONNAME")" (openssl req -newkey rsa:2048 -x509 -days 3652.5 -nodes \ - -rand /dev/urandom -out $SSL_CERT -keyout $SSL_KEY > /dev/null 2>&1 <<+ + -rand /dev/urandom -out $SSL_CERT -keyout $SSL_KEY > /dev/null 2>&1 <<+ . . . @@ -156,6 +184,7 @@ root@$MAILNAME fi db_stop || true + fi fi if [ "$1" = "triggered" ]; then
  18. Download patch debian/docs

    --- 1:2.2.9-1/debian/docs 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/docs 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,3 @@ +NEWS +README +TODO
  19. Download patch debian/mail-stack-delivery.prerm

    --- 1:2.2.9-1/debian/mail-stack-delivery.prerm 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/mail-stack-delivery.prerm 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,32 @@ +#! /bin/sh + +set -e + +# conffile renamed in 1:1.2.9-1ubuntu8 +if dpkg --compare-versions "$2" lt-nl "1:1.2.9-1ubuntu8"; then + # "$1" is equal to "upgrade" (which means downgrading in this case) or "abort-upgrade" + # downgrading to <1:1.2.9-1ubuntu8 -- restore old conffile name + if [ -f "/etc/dovecot/conf.d/01-mail-stack-delivery.conf" ]; then + mv -f "/etc/dovecot/conf.d/01-mail-stack-delivery.conf" "/etc/dovecot/conf.d/01-dovecot-postfix.conf" + fi + if [ -f "/etc/dovecot/conf.d/01-mail-stack-delivery.auth" ]; then + mv -f "/etc/dovecot/conf.d/01-mail-stack-delivery.auth" "/etc/dovecot/conf.d/01-dovecot-postfix.auth" + fi + if [ -f "/usr/share/dovecot/mail-stack-delivery.conf" ]; then + mv -f "/usr/share/dovecot/mail-stack-delivery.conf" "/usr/share/dovecot/dovecot-postfix.conf" + fi + if [ -f "/etc/dovecot/mail-stack-delivery.conf" ]; then + mv -f "/etc/dovecot/mail-stack-delivery.conf" "/etc/dovecot/dovecot-postfix.conf" + fi + if [ -e "/var/backups/mail-stack-delivery/main.cf-backup" ]; then + if [ -n "//var/backups/dovecot-postfix/" ]; then + mkdir "/var/backups/dovecot-postfix/" + fi + mv -f "/var/backups/mail-stack-delivery/main.cf-backup" "/var/backups/dovecot-postfix/main.cf-backup" + test -d /var/backups/mail-stack-delivery/ && rmdir /var/backups/mail-stack-delivery/ + fi +fi + +#DEBHELPER# + +exit 0
  20. Download patch debian/source_dovecot.py

    --- 1:2.2.9-1/debian/source_dovecot.py 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/source_dovecot.py 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,39 @@ +#!/usr/bin/python + +'''Dovecot Apport interface + +Copyright (C) 2010 Canonical Ltd/ +Author: Chuck Short <chuck.short@canonical.com> + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +from apport.hookutils import * + +def add_info(report, ui): + response = ui.yesno("The output of dovecot -n may help developers diagnose your bug more quickly, however, it may contain sensitive information. Do you want to include it in your bug report?") + + if response == None: #user canceled + raise StopIteration + + elif response == True: + report['DovecotConf'] = root_command_output(['/usr/sbin/dovecot', '-n']) + + + elif response == False: + ui.information("The contents of dovecot -n will NOT be includeded in the bug report") + + packages=['dovecot-common', 'dovecot-core', 'dovecot-dev', 'dovecot-pop3d', 'dovecot-imapd', 'mail-stack-delivery', 'dovecot-postfix'] + versions = '' + for package in packages: + try: + version = package.get_version(package) + except: + version = 'N/A' + versions += '%s %s\n' %(package, version) + report['DovecotInstalledVersions'] = versions +
  21. Download patch debian/mail-stack-delivery.postrm

    --- 1:2.2.9-1/debian/mail-stack-delivery.postrm 1970-01-01 00:00:00.000000000 +0000 +++ 1:2.2.9-1ubuntu2/debian/mail-stack-delivery.postrm 2014-03-07 12:26:37.000000000 +0000 @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +POSTFIX_BCKFILE="/var/backups/mail-stack-delivery/main.cf-backup" + +PATH=/usr/sbin:$PATH +export PATH + +if [ "$1" = "remove" -o "$1" = "purge" ]; then + # Restore postfix configuration + if [ "$1" = "remove" ]; then + if which postconf >/dev/null && [ -f "${POSTFIX_BCKFILE}" ]; then + while read line; do + postconf -e "$line" + done < "${POSTFIX_BCKFILE}" + rm -f "${POSTFIX_BCKFILE}" + fi + fi + if [ -x "/etc/init.d/dovecot" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d dovecot restart + else + service dovecot restart + fi + fi + if [ -x "/etc/init.d/postfix" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d postfix restart + else + service postfix restart + fi + fi +fi + +#DEBHELPER#
  1. dovecot