diff -Nru dovecot-2.3.11.3+dfsg1/debian/changelog dovecot-2.3.11.3+dfsg1/debian/changelog --- dovecot-2.3.11.3+dfsg1/debian/changelog 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/changelog 2020-08-19 19:06:07.000000000 +0000 @@ -1,3 +1,18 @@ +dovecot (1:2.3.11.3+dfsg1-2) unstable; urgency=medium + + [ Christian Göttsche ] + * [44770f6] Add patch for 32bit compiler warnings + * [053865a] Lintian: remove unused override + * [4ece2e1] Lintian: add forwarded header to Debian specific patches + * [67872b7] Lintian: ignore Debian only man page + * [d30bd7e] Lintian: tag manpage-without-executable got renamed to + spare-manual-page + * [3bdf952] Limit libcap-dev build-dependency to linux-any + * [28f6425] Drop acute accent in man page + * [8c15850] Add patch allowing GSSAPI containing NULL + + -- Noah Meyerhans Wed, 19 Aug 2020 12:06:07 -0700 + dovecot (1:2.3.11.3+dfsg1-1) unstable; urgency=high * New upstream release fixes security issues (Closes: #968302) diff -Nru dovecot-2.3.11.3+dfsg1/debian/control dovecot-2.3.11.3+dfsg1/debian/control --- dovecot-2.3.11.3+dfsg1/debian/control 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/control 2020-08-19 19:06:07.000000000 +0000 @@ -11,7 +11,7 @@ krb5-multidev, libapparmor-dev, libbz2-dev, - libcap-dev, + libcap-dev [linux-any], libclucene-dev, libdb-dev, libexpat-dev, diff -Nru dovecot-2.3.11.3+dfsg1/debian/dovecot-core.lintian-overrides dovecot-2.3.11.3+dfsg1/debian/dovecot-core.lintian-overrides --- dovecot-2.3.11.3+dfsg1/debian/dovecot-core.lintian-overrides 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/dovecot-core.lintian-overrides 2020-08-19 19:06:07.000000000 +0000 @@ -25,50 +25,50 @@ dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/modules/lib99_welcome_plugin.so dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/xml2text # ignore extra man pages -dovecot-core: manpage-without-executable usr/share/man/man1/deliver.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-acl.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-altmove.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-auth.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-backup.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-batch.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-config.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-copy.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-deduplicate.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-director.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-dump.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-exec.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-expunge.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-fetch.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-flags.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-force-resync.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-fs.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-fts.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-help.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-import.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-index.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-instance.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-kick.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-log.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-mailbox-cryptokey.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-mailbox.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-move.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-penalty.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-proxy.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-purge.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-pw.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-quota.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-rebuild.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-reload.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-replicator.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-save.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-search.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-sieve.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-stats.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-stop.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-sync.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-user.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/doveadm-who.1.gz -dovecot-core: manpage-without-executable usr/share/man/man1/dovecot-lda.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/deliver.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-acl.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-altmove.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-auth.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-backup.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-batch.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-config.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-copy.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-deduplicate.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-director.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-dump.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-exec.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-expunge.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-fetch.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-flags.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-force-resync.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-fs.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-fts.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-help.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-import.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-index.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-instance.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-kick.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-log.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-mailbox-cryptokey.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-mailbox.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-move.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-penalty.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-proxy.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-purge.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-pw.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-quota.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-rebuild.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-reload.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-replicator.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-save.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-search.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-sieve.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-stats.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-stop.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-sync.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-user.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/doveadm-who.1.gz +dovecot-core: spare-manual-page usr/share/man/man1/dovecot-lda.1.gz # ignore executable-in-usr-lib, maybe move to libexec at some point dovecot-core: executable-in-usr-lib usr/lib/dovecot/aggregator dovecot-core: executable-in-usr-lib usr/lib/dovecot/anvil diff -Nru dovecot-2.3.11.3+dfsg1/debian/dovecot-sieve.lintian-overrides dovecot-2.3.11.3+dfsg1/debian/dovecot-sieve.lintian-overrides --- dovecot-2.3.11.3+dfsg1/debian/dovecot-sieve.lintian-overrides 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/dovecot-sieve.lintian-overrides 2020-08-19 19:06:07.000000000 +0000 @@ -1,5 +1,5 @@ # ignore internal library without dependency information dovecot-sieve: shared-library-lacks-prerequisites usr/lib/dovecot/modules/sieve/lib90_sieve_imapsieve_plugin.so # ignore extra man page -dovecot-sieve: manpage-without-executable usr/share/man/man1/sieved.1.gz +dovecot-sieve: spare-manual-page usr/share/man/man1/sieved.1.gz dovecot-sieve [armel]: library-not-linked-against-libc usr/lib/dovecot/modules/sieve/lib90_sieve_imapsieve_plugin.so diff -Nru dovecot-2.3.11.3+dfsg1/debian/patches/doveadm-director.1-drop-acute-accent.patch dovecot-2.3.11.3+dfsg1/debian/patches/doveadm-director.1-drop-acute-accent.patch --- dovecot-2.3.11.3+dfsg1/debian/patches/doveadm-director.1-drop-acute-accent.patch 1970-01-01 00:00:00.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/patches/doveadm-director.1-drop-acute-accent.patch 2020-08-19 19:06:07.000000000 +0000 @@ -0,0 +1,46 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= +Date: Fri, 14 Aug 2020 12:50:51 +0200 +Subject: doveadm-director.1: drop acute accent + +Found by Lintian: + + This manual page uses the \' groff sequence. Usually, the intent to + generate an apostrophe, but that sequence actually renders as a an acute + accent. + + For an apostrophe or a single closing quote, use plain '. For single + opening quote, i.e. a straight downward line ' like the one used in + shell commands, use \(aq. +--- + doc/man/doveadm-director.1.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/doc/man/doveadm-director.1.in b/doc/man/doveadm-director.1.in +index c430a3d..069241e 100644 +--- a/doc/man/doveadm-director.1.in ++++ b/doc/man/doveadm-director.1.in +@@ -108,7 +108,7 @@ hosts. All the existing connections will be kicked. If + is specified, a flush script is also automatically executed. + .PP + Because the kicking and moving of users to new backends creates a temporary +-load spike, all the users aren\'t moved at once. The ++load spike, all the users aren't moved at once. The + .B \-\-max\-parallel + parameter specifies how many users can be moved concurrently. + The default is 100. +@@ -116,7 +116,7 @@ The default is 100. + If + .B \-f + parameter is used, the user associations are simply dropped. Existing +-connections won\'t be kicked and flush scripts aren\'t run. ++connections won't be kicked and flush scripts aren't run. + .\"------------------------------------- + .SS director kick + .B doveadm director kick +@@ -280,4 +280,4 @@ user would be redirected to 192.168.10.3. + @INCLUDE:reporting-bugs@ + .\"------------------------------------------------------------------------ + .SH SEE ALSO +-.BR doveadm (1) +\ No newline at end of file ++.BR doveadm (1) diff -Nru dovecot-2.3.11.3+dfsg1/debian/patches/Fix-GSSAPI-can-contain-NUL.patch dovecot-2.3.11.3+dfsg1/debian/patches/Fix-GSSAPI-can-contain-NUL.patch --- dovecot-2.3.11.3+dfsg1/debian/patches/Fix-GSSAPI-can-contain-NUL.patch 1970-01-01 00:00:00.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/patches/Fix-GSSAPI-can-contain-NUL.patch 2020-08-19 19:06:07.000000000 +0000 @@ -0,0 +1,23 @@ +From: Paul G. Banks +Date: Tue, 18 Aug 2020 20:59:32 +0200 +Subject: Fix: GSSAPI can contain NUL. +Origin: https://github.com/dovecot/core/pull/133 +Forwarded: https://github.com/dovecot/core/pull/133 + +--- + src/auth/mech-gssapi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/auth/mech-gssapi.c b/src/auth/mech-gssapi.c +index f29e48d..966273d 100644 +--- a/src/auth/mech-gssapi.c ++++ b/src/auth/mech-gssapi.c +@@ -735,7 +735,7 @@ mech_gssapi_auth_free(struct auth_request *request) + const struct mech_module mech_gssapi = { + "GSSAPI", + +- .flags = 0, ++ .flags = MECH_SEC_ALLOW_NULS, + .passdb_need = MECH_PASSDB_NEED_NOTHING, + + mech_gssapi_auth_new, diff -Nru dovecot-2.3.11.3+dfsg1/debian/patches/series dovecot-2.3.11.3+dfsg1/debian/patches/series --- dovecot-2.3.11.3+dfsg1/debian/patches/series 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/patches/series 2020-08-19 19:06:07.000000000 +0000 @@ -12,3 +12,6 @@ fix-compiler-warnings.patch systemd-sd-notify-support.patch test-backtrace.patch +test-mech.c-fix-32-bit-issues.patch +doveadm-director.1-drop-acute-accent.patch +Fix-GSSAPI-can-contain-NUL.patch diff -Nru dovecot-2.3.11.3+dfsg1/debian/patches/skip-rfc-subdir.patch dovecot-2.3.11.3+dfsg1/debian/patches/skip-rfc-subdir.patch --- dovecot-2.3.11.3+dfsg1/debian/patches/skip-rfc-subdir.patch 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/patches/skip-rfc-subdir.patch 2020-08-19 19:06:07.000000000 +0000 @@ -1,6 +1,7 @@ From: Noah Meyerhans Date: Thu, 21 May 2020 21:48:59 -0700 Subject: Don't try to build doc/rfc subdir components +Forwarded: no (Debian-specific) --- Index: dovecot/pigeonhole/configure.ac diff -Nru dovecot-2.3.11.3+dfsg1/debian/patches/split-protocols.patch dovecot-2.3.11.3+dfsg1/debian/patches/split-protocols.patch --- dovecot-2.3.11.3+dfsg1/debian/patches/split-protocols.patch 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/patches/split-protocols.patch 2020-08-19 19:06:07.000000000 +0000 @@ -4,6 +4,7 @@ Subject: split-protocols Description: Set default protocols value as empty and enable each protocol in its own configuration file +Forwarded: no (Debian-specific) --- doc/example-config/dovecot.conf | 4 ++-- src/config/all-settings.c | 2 +- diff -Nru dovecot-2.3.11.3+dfsg1/debian/patches/test-mech.c-fix-32-bit-issues.patch dovecot-2.3.11.3+dfsg1/debian/patches/test-mech.c-fix-32-bit-issues.patch --- dovecot-2.3.11.3+dfsg1/debian/patches/test-mech.c-fix-32-bit-issues.patch 1970-01-01 00:00:00.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/patches/test-mech.c-fix-32-bit-issues.patch 2020-08-19 19:06:07.000000000 +0000 @@ -0,0 +1,56 @@ +From: =?utf-8?q?Christian_G=C3=B6ttsche?= +Date: Fri, 14 Aug 2020 11:41:00 +0200 +Subject: test-mech.c: fix 32-bit issues +Forwarded: https://github.com/dovecot/core/pull/134 +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Use size_t and %zu for sizes as on 32bit architectures sizes are not of type unsigned long. + +test-mech.c: In function ‘test_mechs’: +test-mech.c:326:61: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘unsigned int’ [-Wformat=] + 326 | const char *testname = t_strdup_printf("auth mech %s %d/%lu", + | ~~^ + | | + | long unsigned int + | %u +test-mech.c:338:12: warning: passing argument 2 of ‘test_mech_construct_apop_challenge’ from incompatible pointer type [-Wincompatible-pointer-types] + 338 | &test_case->len); + | ^~~~~~~~~~~~~~~ + | | + | size_t * {aka unsigned int *} +test-mech.c:195:77: note: expected ‘long unsigned int *’ but argument is of type ‘size_t *’ {aka ‘unsigned int *’} + 195 | test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) + | ~~~~~~~~~~~~~~~^~~~~ +--- + src/auth/test-mech.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c +index cf05370..db9f85c 100644 +--- a/src/auth/test-mech.c ++++ b/src/auth/test-mech.c +@@ -192,11 +192,11 @@ static void test_mech_handle_challenge(struct auth_request *request, + } + + static inline const unsigned char * +-test_mech_construct_apop_challenge(unsigned int connect_uid, unsigned long *len_r) ++test_mech_construct_apop_challenge(unsigned int connect_uid, size_t *len_r) + { + string_t *apop_challenge = t_str_new(128); + +- str_printfa(apop_challenge,"<%lx.%u.%"PRIdTIME_T"", (unsigned long) getpid(), ++ str_printfa(apop_challenge,"<%lx.%u.%"PRIxTIME_T"", (unsigned long) getpid(), + connect_uid, process_start_time+10); + str_append_data(apop_challenge, "\0testuser\0responseoflen16-", 26); + *len_r = apop_challenge->used; +@@ -323,7 +323,7 @@ static void test_mechs(void) + struct test_case *test_case = &tests[running_test]; + const struct mech_module *mech = test_case->mech; + struct auth_request *request; +- const char *testname = t_strdup_printf("auth mech %s %d/%lu", ++ const char *testname = t_strdup_printf("auth mech %s %d/%zu", + mech->mech_name, + running_test+1, + N_ELEMENTS(tests)); diff -Nru dovecot-2.3.11.3+dfsg1/debian/source/lintian-overrides dovecot-2.3.11.3+dfsg1/debian/source/lintian-overrides --- dovecot-2.3.11.3+dfsg1/debian/source/lintian-overrides 2020-08-13 23:21:24.000000000 +0000 +++ dovecot-2.3.11.3+dfsg1/debian/source/lintian-overrides 2020-08-19 19:06:07.000000000 +0000 @@ -1,3 +1,2 @@ -# ignore deprecated and nowadays default feature -# patch originated from Ubuntu so leave it for now -dovecot source: unknown-runtime-tests-feature no-build-needed paragraph starting at line 12 +# The corresponding binary is Debian only +dovecot source: maintainer-manual-page debian/maildirmake.dovecot.1