Debian Patches

Status for cyrus-imapd/3.2.6-2+deb11u2

Patch Description Author Forwarded Bugs Origin Last update
0001-Disable-runpath-checking.patch Disable runpath checking
@DPATCH@
Debian Cyrus Team <pkg-cyrus-imapd-debian-devel@lists.alioth.debian.org> no 2020-02-10
0002-Shutdown-and-close-sockets-cleanly.patch Shutdown and close sockets cleanly Cleanly shutdown and close sockets, this is supposed to allow for better
TCP teardown on the remote end, and reduces CLOSE_WAIT time.
.
This patch was written 8 years ago, it is possible that nowadays nothing
will benefit from a shutdown() right before close(). The commit log
from eight years ago mentions that SHUT_RD should be upgraded to
SHUT_RDWR where possible, but only after verification that this is not
going to cause problems (e.g. by discarding data still on flight to the
remote).
.
Also, it is possible that new daemons and utils in Cyrus 2.2 and 2.3 may
need similar patches.
Henrique de Moraes Holschuh <hmh@debian.org> yes 2020-02-10
0003-Fix-syslog-prefix.patch Fix syslog prefix Make sure all programs log (to syslog) with "cyrus/<program>" as the
log prefix.
Sven Mueller <debian@incase.de> yes 2020-02-10
0005-Updates-calling-of-the-perl-interpreter-to-what-we-e.patch Updates calling of the perl interpreter to what we expect in Debian More precisely: Call /usr/bin/perl directly instead of using some
shell magic to locate perl and run it.
.
NOTE: only some script use the "-w" or even the "-T" flag for perl.
This should be the default actually.
Sven Mueller <debian@incase.de> not-needed 2020-02-10
0006-Fix-paths-on-Debian-in-tools-rehash.patch Fix paths on Debian in tools/rehash Sven Mueller <debian@incase.de> not-needed 2020-02-10
0009-Normalize-the-authentication-ID.patch Normalize the authentication ID By normalize, it is intended that;
1) Authentication IDs all can be lowercased for more accurate
comparison without being volatile to, say, user error, and
2) Any leading or trailing blank space can be stripped
"Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com> yes 2020-02-10
0011-Fix-extra-libpci-in-SNMP_LIBS.patch Fix extra libpci in SNMP_LIBS not-needed 2020-02-10
0012-Use-UnicodeData.txt-from-system.patch Use UnicodeData.txt from system Ondrej Sury <ondrej@debian.org> not-needed 2020-02-10
0018-increase-test-timeout.patch increase test timeout Xavier Guimard <yadd@debian.org> not-needed debian upstream 2020-05-20
CVE-2021-32056.patch annotate: don't allow everyone to write shared server entries Bron Gondwana <brong@fastmail.fm> not-needed upstream upstream, https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41 2021-05-10
CVE-2021-33582.patch Fixed CVE-2021-33582 Certain user inputs are used as hash table keys during processing. A
poorly chosen string hashing algorithm meant that the user could control
which bucket their data was stored in, allowing a malicious user to direct
many inputs to a single bucket. Each subsequent insertion to the same bucket
requires a strcmp of every other entry in it. At tens of thousands of
entries, each new insertion could keep the CPU busy in a strcmp loop for
minutes.
.
The string hashing algorithm has been replaced with a better one, and now
also uses a random seed per hash table, so malicious inputs cannot be
precomputed.
.
Discovered by Matthew Horsfall, Fastmail
ellie timoney <ellie@fastmail.com> not-needed upstream upstream, https://github.com/cyrusimap/cyrus-imapd/compare/cyrus-imapd-3.2.7...cyrus-imapd-3.2.8 2021-09-01
prepare-3.6-upgrade.patch reconstruct mailboxes to prepare ctl_cyrusdb -r and reconstruct now ensure the "uniqueid" field is present
in and synchronised between mailboxes.db and cyrus.header.
https://github.com/cyrusimap/cyrus-imapd/commit/93b01dd83
https://github.com/cyrusimap/cyrus-imapd/commit/0f59f9f36
https://github.com/cyrusimap/cyrus-imapd/commit/0ee7d128a
https://github.com/cyrusimap/cyrus-imapd/commit/2918ce8f0
https://github.com/cyrusimap/cyrus-imapd/commit/a330b471f
https://github.com/cyrusimap/cyrus-imapd/commit/df58b26cb
ellie timoney <ellie@fastmail.com> not-needed upstream upstream, https://github.com/cyrusimap/cyrus-imapd/commit/360e5d153 2022-06-27

All known versions for source package 'cyrus-imapd'

Links