| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Disable-runpath-checking.patch | Disable runpath checking @DPATCH@ |
Debian Cyrus Team <pkg-cyrus-imapd-debian-devel@lists.alioth.debian.org> | no | 2020-02-10 | ||
| 0002-Shutdown-and-close-sockets-cleanly.patch | Shutdown and close sockets cleanly Cleanly shutdown and close sockets, this is supposed to allow for better TCP teardown on the remote end, and reduces CLOSE_WAIT time. . This patch was written 8 years ago, it is possible that nowadays nothing will benefit from a shutdown() right before close(). The commit log from eight years ago mentions that SHUT_RD should be upgraded to SHUT_RDWR where possible, but only after verification that this is not going to cause problems (e.g. by discarding data still on flight to the remote). . Also, it is possible that new daemons and utils in Cyrus 2.2 and 2.3 may need similar patches. |
Henrique de Moraes Holschuh <hmh@debian.org> | yes | 2020-02-10 | ||
| 0003-Fix-syslog-prefix.patch | Fix syslog prefix Make sure all programs log (to syslog) with "cyrus/<program>" as the log prefix. |
Sven Mueller <debian@incase.de> | yes | 2020-02-10 | ||
| 0005-Updates-calling-of-the-perl-interpreter-to-what-we-e.patch | Updates calling of the perl interpreter to what we expect in Debian More precisely: Call /usr/bin/perl directly instead of using some shell magic to locate perl and run it. . NOTE: only some script use the "-w" or even the "-T" flag for perl. This should be the default actually. |
Sven Mueller <debian@incase.de> | not-needed | 2020-02-10 | ||
| 0006-Fix-paths-on-Debian-in-tools-rehash.patch | Fix paths on Debian in tools/rehash | Sven Mueller <debian@incase.de> | not-needed | 2020-02-10 | ||
| 0009-Normalize-the-authentication-ID.patch | Normalize the authentication ID By normalize, it is intended that; 1) Authentication IDs all can be lowercased for more accurate comparison without being volatile to, say, user error, and 2) Any leading or trailing blank space can be stripped |
"Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen@kolabsys.com> | yes | 2022-02-23 | ||
| 0012-Use-UnicodeData.txt-from-system.patch | Use UnicodeData.txt from system | Ondrej Sury <ondrej@debian.org> | not-needed | 2020-02-10 | ||
| 0018-increase-test-timeout.patch | increase test timeout | Xavier Guimard <yadd@debian.org> | not-needed | debian upstream | 2020-05-20 | |
| 0020_fix-cyr_cd-shebang.patch | fix shebang cyr_cd.sh isn't a valid sh script but a bash one | Yadd <yadd@debian.org> | yes | 2022-10-12 | ||
| CVE-2024-34055.patch | Cumulative patch for CVE-2024-34055 Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. . The IMAP protocol allows for command arguments to be LITERALs of negotiated length, and for these the server allocates memory to receive the content before instructing the client to proceed. The allocated memory is released when the whole command has been received and processed. . The IMAP protocol has a number commands that specify an unlimited number of arguments, for example SEARCH. Each of these arguments can be a LITERAL, for which memory will be allocated and not released until the entire command has been received and processed. This can run a server out of memory, with varying consequences depending on the server's OOM policy. . Discovered by Damian Poddebniak. commit:93161e7cd commit:daa4cb210 commit:dcc88bb66 commit:333de29fd commit:800100d1c commit:d06d8d072 commit:7638ac52a commit:efa3a69a8 commit:4e65061e1 commit:8414e71a9 commit:dc9846028 commit:fb0eee5f3 commit:0ed046663 commit:f37421f26 commit:cce755f3a commit:d95b0b211 |
Ken Murchison <murch@fastmail.com> | not-needed | upstream | upstream, | 2024-06-05 |