Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Dear Release Team, only after the freeze, I realized that courier-mta is unmaintained and got orphaned a couple moons ago. As I still use and like that MTA, but it broke after an upgrade to stretch, I opted to adopt courier and continue maintenance (#823807). I realize it's pretty late in the process, but I'd appreciate keeping courier in stretch. In any case, I plan to continue maintaining the package for later releases. I tried to keep the changes minimal, but mainly focused on getting things to work. Quite a few changes for different important issues accumulated. Note that I already have this version of courier in use on stretch (it actually processed this very email). Please indicate if any of the parts are not appropriate to be fixed for stretch. I'm happy to prepare a corrected candidate. However, if too many bugs remain unfixed, I'd rather vote for a removal from stretch, than shipping something that breaks after an upgrade. I commented the portions of the diff in the attached debdiff, in relation to the changelog item added (patch can still apply the diff). To simplify discussion via email, here's a copy of the proposed changes: item 1: Fix Debian patch 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch: do not invoke 'install -b' twice from mkesmtpdcert, eliminating unnecessary backup files not cleaned up by purge. Closes: #847348. item 2: Add patch 0026-Fix-TLS-verification-for-CNAMEs.patch: correct TLS verification when DNS answers with CNAMEs. Closes: #860762. item 3: Systemd service files: Correct delimiter of dependencies. Closes: #860765. (comma replaced by space) item 4: Fix init scripts: Add proper PIDFILE declarations to init scripts. Replace status_of_proc with a more direct call to pidofproc and simplify the courier and courierfilter init scripts. Closes: #860777. (Note that "simplify" is a bit of an understatement, here. Those init scripts didn't actually work, before. Same applies to the replacement of status_of_proc change.) item 5: Take over the package. Closes #848978. I know this is quite a bunch. And a late one. Please indicate if an unblock of courier-0.76.3-5 is still feasible, if you like me to adjust it or if you prefer to removed courier from stretch, instead. Thank you. Kind Regards Markus Wanner
#
# All of the changed documented in the changelog.
#
diff -Nru courier-0.76.3/debian/changelog courier-0.76.3/debian/changelog
--- courier-0.76.3/debian/changelog 2016-12-21 15:03:32.000000000 +0100
+++ courier-0.76.3/debian/changelog 2017-03-27 21:01:13.000000000 +0200
@@ -1,3 +1,19 @@
+courier (0.76.3-5) UNRELEASED; urgency=medium
+
+ * Fix Debian patch 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch:
+ do not invoke 'install -b' twice from mkesmtpdcert, eliminating
+ backup files not cleaned up by purge. Closes: #847348.
+ * Add patch 0026-Fix-TLS-verification-for-CNAMEs.patch: correct TLS
+ verification when DNS answers with CNAMEs. Closes: #860762.
+ * Systemd service files: Correct delimiter of dependencies.
+ Closes: #860765.
+ * Fix init scripts: Add proper PIDFILE declarations to init scripts.
+ Replace status_of_proc with a more direct call to pidofproc and
+ simplify the courier and courierfilter init scripts. Closes: #860777.
+ * Take over the package. Closes: #848978.
+
+ -- Markus Wanner <mar...@bluegap.ch> Wed, 19 Apr 2017 21:27:14 +0200
+
courier (0.76.3-4) unstable; urgency=medium
* Orphan the package.
#
# item 1: Fix Debian patch 0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch:
# do not invoke 'install -b' twice from mkesmtpdcert, eliminating
# unnecessary backup files not cleaned up by purge. Closes: #847348.
#
diff -Nru
courier-0.76.3/debian/patches/0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch
courier-0.76.3/debian/patches/0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch
---
courier-0.76.3/debian/patches/0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch
2016-12-21 15:03:32.000000000 +0100
+++
courier-0.76.3/debian/patches/0012-Define-and-use-PEMFILE-in-mkesmtpdcert.patch
2017-03-27 21:01:13.000000000 +0200
@@ -75,7 +75,7 @@
exit 1
}
-@@ -34,33 +45,30 @@ umask 077
+@@ -34,33 +45,28 @@ umask 077
BITS="$BITS"
set -e
@@ -119,9 +119,7 @@
- chown @mailuser@ @mydatadir@/esmtpd.pem
- cat esmtpd.key esmtpd.cert >esmtpd.pem
- rm -f esmtpd.key esmtpd.cert
-+ install -b -m 600 -o "@mailuser@" /dev/null "$PEMFILE"
+ cat "$KEYFILE" "$CERTFILE" > "$PEMFILE"
-+
+ rm -f "$KEYFILE" "$CERTFILE"
fi
diff --git a/libs/imap/mkdhparams.in b/libs/imap/mkdhparams.in
#
# item 2: Add patch 0026-Fix-TLS-verification-for-CNAMEs.patch:
# correct TLS verification when DNS answers with CNAMEs.
# Closes: #860762.
#
diff -Nru
courier-0.76.3/debian/patches/0026-Fix-TLS-verification-for-CNAMEs.patch
courier-0.76.3/debian/patches/0026-Fix-TLS-verification-for-CNAMEs.patch
--- courier-0.76.3/debian/patches/0026-Fix-TLS-verification-for-CNAMEs.patch
1970-01-01 01:00:00.000000000 +0100
+++ courier-0.76.3/debian/patches/0026-Fix-TLS-verification-for-CNAMEs.patch
2017-03-27 21:01:13.000000000 +0200
@@ -0,0 +1,74 @@
+Subject: [PATCH] Fix TLS verification when DNS lookup comes back with CNAMEs.
+From: Sam Varshavchik <mr...@courier-mta.com>
+Date: Wed, 15 Mar 2017 22:34:31 -0400
+Origin: backport,
https://github.com/svarshavchik/courier-libs/commit/5e522ab14f45c6f4f43c43e32a2f72fbf6354f1c
+Reviewed-by: Markus Wanner <mar...@bluegap.ch>
+
+--- a/libs/rfc1035/rfc1035mxlist.c
++++ b/libs/rfc1035/rfc1035mxlist.c
+@@ -179,18 +179,35 @@
+ int q_type, int *found,
+ int flags, int port)
+ {
+-struct rfc1035_reply *areply=0;
+-int index;
++ char lookup_name[RFC1035_MAXNAMESIZE+1];
++
++ struct rfc1035_reply *areply=0;
++ int index;
+ #if RFC1035_IPV6
+-struct in6_addr in;
++ struct in6_addr in;
+ #else
+-struct in_addr in;
++ struct in_addr in;
+ #endif
+
++ /*
++ ** Make a copy of mxname, because resolve_cname modifies it.
++ ** That is rather rude, since harvest_records gets called multiple
++ ** times.
++ **
++ ** We still need to know what resolve_cname() did, since
++ ** after resolve_cname() we call replysearch_all(), which needs to
++ ** have the same hostname.
++ **
++ ** mxname always points to a char[RFC1035_MAXNAMESIZE_1], so what's
++ ** good for the goose is good for the gander.
++ */
++
++ strcpy(lookup_name, mxname);
++
+ index= -1;
+
+ if (!mxreply || (
+- ((index=rfc1035_replysearch_all( res, mxreply, mxname,
++ ((index=rfc1035_replysearch_all( res, mxreply, lookup_name,
+ q_type,
+ RFC1035_CLASS_IN,
+ 0)) < 0 ||
+@@ -198,7 +215,7 @@
+ && (flags & HARVEST_AUTOQUERY))
+ )
+ {
+- index=rfc1035_resolve_cname(res, mxname,
++ index=rfc1035_resolve_cname(res, lookup_name,
+ q_type,
+ RFC1035_CLASS_IN, &areply, RFC1035_X_RANDOMIZE);
+ if (index < 0)
+@@ -223,10 +240,11 @@
+ }
+
+ for ( ; index >= 0 ;
+- index=rfc1035_replysearch_all( res, mxreply, mxname,
+- q_type,
+- RFC1035_CLASS_IN,
+- index+1))
++ index=rfc1035_replysearch_all( res, mxreply,
++ lookup_name,
++ q_type,
++ RFC1035_CLASS_IN,
++ index+1))
+ {
+ if (mxreply->allrrs[index]->rrtype != q_type)
+ continue;
diff -Nru courier-0.76.3/debian/patches/series
courier-0.76.3/debian/patches/series
--- courier-0.76.3/debian/patches/series 2016-12-21 15:03:32.000000000
+0100
+++ courier-0.76.3/debian/patches/series 2017-03-27 21:01:13.000000000
+0200
@@ -23,3 +23,4 @@
0023-Fix-missing-AC_PROG_SYSCONFTOOL-macro-on-autoreconf.patch
0024-Dynamically-resolver-mailuid-and-mailgid-on-runtime-.patch
0025-Use-SOURCE_DATE_EPOCH-for-imapd-version-Use-the-envi.patch
+0026-Fix-TLS-verification-for-CNAMEs.patch
#
# item 3: Systemd service files: Correct delimiter of dependencies.
# Closes: #860765. (comma replaced by space)
#
diff -Nru courier-0.76.3/debian/courier-mta.courier-msa.service
courier-0.76.3/debian/courier-mta.courier-msa.service
--- courier-0.76.3/debian/courier-mta.courier-msa.service 2016-12-21
15:03:32.000000000 +0100
+++ courier-0.76.3/debian/courier-mta.courier-msa.service 2017-03-27
21:01:13.000000000 +0200
@@ -1,7 +1,7 @@
[Unit]
Description=Courier ESMTP Daemon
-Requires=courier-authdaemon.service,courier.service,courierfilter.service
-After=courier-authdaemon.service,courier.service,courierfilter.service
+Requires=courier-authdaemon.service courier.service courierfilter.service
+After=courier-authdaemon.service courier.service courierfilter.service
PartOf=courier-mta.service
[Service]
diff -Nru courier-0.76.3/debian/courier-mta.courier-mta-ssl.service
courier-0.76.3/debian/courier-mta.courier-mta-ssl.service
--- courier-0.76.3/debian/courier-mta.courier-mta-ssl.service 2016-12-21
15:03:32.000000000 +0100
+++ courier-0.76.3/debian/courier-mta.courier-mta-ssl.service 2017-03-27
21:01:13.000000000 +0200
@@ -1,7 +1,7 @@
[Unit]
Description=Courier ESMTP Daemon
-Requires=courier-authdaemon.service,courier.service,courierfilter.service
-After=courier-authdaemon.service,courier.service,courierfilter.service
+Requires=courier-authdaemon.service courier.service courierfilter.service
+After=courier-authdaemon.service courier.service courierfilter.service
PartOf=courier-mta.service
[Service]
diff -Nru courier-0.76.3/debian/courier-mta.service
courier-0.76.3/debian/courier-mta.service
--- courier-0.76.3/debian/courier-mta.service 2016-12-21 15:03:32.000000000
+0100
+++ courier-0.76.3/debian/courier-mta.service 2017-03-27 21:01:13.000000000
+0200
@@ -1,7 +1,7 @@
[Unit]
Description=Courier ESMTP Daemon
-Requires=courier-authdaemon.service,courier.service,courierfilter.service
-After=courier-authdaemon.service,courier.service,courierfilter.service
+Requires=courier-authdaemon.service courier.service courierfilter.service
+After=courier-authdaemon.service courier.service courierfilter.service
[Service]
Type=forking
#
# item 4: Fix init scripts: Add proper PIDFILE declarations to init scripts.
# Replace status_of_proc with a more direct call to pidofproc and
# simplify the courier and courierfilter init scripts. Closes: #860777.
#
diff -Nru courier-0.76.3/debian/courier-imap.courier-imap-ssl.init
courier-0.76.3/debian/courier-imap.courier-imap-ssl.init
--- courier-0.76.3/debian/courier-imap.courier-imap-ssl.init 2016-12-21
15:03:32.000000000 +0100
+++ courier-0.76.3/debian/courier-imap.courier-imap-ssl.init 2017-03-27
21:01:13.000000000 +0200
@@ -18,5 +18,6 @@
DESC="Courier IMAP server (TLS)"
DO_START=$(sed -ne 's/^IMAPDSSLSTART=\([^[:space:]]*\)/\1/p'
/etc/courier/imapd-ssl | tr "A-Z" "a-z")
+PIDFILE=$(sed -ne 's/^SSLPIDFILE=\([^[:space:]]*\)/\1/p'
/etc/courier/imapd-ssl)
. /usr/lib/courier/init-d-script-courier
diff -Nru courier-0.76.3/debian/courier-imap.init
courier-0.76.3/debian/courier-imap.init
--- courier-0.76.3/debian/courier-imap.init 2016-12-21 15:03:32.000000000
+0100
+++ courier-0.76.3/debian/courier-imap.init 2017-03-27 21:01:13.000000000
+0200
@@ -18,5 +18,6 @@
DESC="Courier IMAP server"
DO_START=$(sed -ne 's/^IMAPDSTART=\([^[:space:]]*\)/\1/p' /etc/courier/imapd |
tr "A-Z" "a-z")
+PIDFILE=$(sed -ne 's/^PIDFILE=\([^[:space:]]*\)/\1/p' /etc/courier/imapd)
. /usr/lib/courier/init-d-script-courier
diff -Nru courier-0.76.3/debian/courier-mta.courier-mta-ssl.init
courier-0.76.3/debian/courier-mta.courier-mta-ssl.init
--- courier-0.76.3/debian/courier-mta.courier-mta-ssl.init 2016-12-21
15:03:32.000000000 +0100
+++ courier-0.76.3/debian/courier-mta.courier-mta-ssl.init 2017-03-27
21:01:13.000000000 +0200
@@ -18,5 +18,6 @@
DESC="Courier MTA TLS server"
DO_START=$(sed -ne 's/^ESMTPDSSLSTART=\([^[:space:]]*\)/\1/p'
/etc/courier/esmtpd-ssl | tr "A-Z" "a-z")
+PIDFILE=$(sed -ne 's/^SSLPIDFILE=\([^[:space:]]*\)/\1/p'
/etc/courier/esmtpd-ssl)
. /usr/lib/courier/init-d-script-courier
diff -Nru courier-0.76.3/debian/courier-mta.init
courier-0.76.3/debian/courier-mta.init
--- courier-0.76.3/debian/courier-mta.init 2016-12-21 15:03:32.000000000
+0100
+++ courier-0.76.3/debian/courier-mta.init 2017-03-27 21:01:13.000000000
+0200
@@ -18,5 +18,6 @@
DESC="Courier MTA server"
DO_START=$(sed -ne 's/^ESMTPDSTART=\([^[:space:]]*\)/\1/p' /etc/courier/esmtpd
| tr "A-Z" "a-z")
+PIDFILE=$(sed -ne 's/^PIDFILE=\([^[:space:]]*\)/\1/p' /etc/courier/esmtpd)
. /usr/lib/courier/init-d-script-courier
diff -Nru courier-0.76.3/debian/courier-pop.courier-pop-ssl.init
courier-0.76.3/debian/courier-pop.courier-pop-ssl.init
--- courier-0.76.3/debian/courier-pop.courier-pop-ssl.init 2016-12-21
15:03:32.000000000 +0100
+++ courier-0.76.3/debian/courier-pop.courier-pop-ssl.init 2017-03-27
21:01:13.000000000 +0200
@@ -18,5 +18,6 @@
DESC="Courier POP3 server (TLS)"
DO_START=$(sed -ne 's/^POP3DSSLSTART=\([^[:space:]]*\)/\1/p'
/etc/courier/pop3d-ssl | tr "A-Z" "a-z")
+PIDFILE=$(sed -ne 's/^SSLPIDFILE=\([^[:space:]]*\)/\1/p'
/etc/courier/pop3d-ssl)
. /usr/lib/courier/init-d-script-courier
diff -Nru courier-0.76.3/debian/courier-pop.init
courier-0.76.3/debian/courier-pop.init
--- courier-0.76.3/debian/courier-pop.init 2016-12-21 15:03:32.000000000
+0100
+++ courier-0.76.3/debian/courier-pop.init 2017-03-27 21:01:13.000000000
+0200
@@ -18,5 +18,6 @@
DESC="Courier POP3 server"
DO_START=$(sed -ne 's/^POP3DSTART=\([^[:space:]]*\)/\1/p' /etc/courier/pop3d |
tr "A-Z" "a-z")
+PIDFILE=$(sed -ne 's/^PIDFILE=\([^[:space:]]*\)/\1/p' /etc/courier/pop3d)
. /usr/lib/courier/init-d-script-courier
diff -Nru courier-0.76.3/debian/init-d-script-courier
courier-0.76.3/debian/init-d-script-courier
--- courier-0.76.3/debian/init-d-script-courier 2016-12-21 15:03:32.000000000
+0100
+++ courier-0.76.3/debian/init-d-script-courier 2017-03-27 21:01:13.000000000
+0200
@@ -25,7 +25,7 @@
return 2
fi
- if call do_status >/dev/null 2>&1; then
+ if pidofproc ${PIDFILE:+-p ${PIDFILE}} "$DAEMON" >/dev/null; then
return 1
fi
@@ -37,7 +37,7 @@
}
do_stop_cmd_override() {
- if ! call do_status >/dev/null 2>&1; then
+ if ! pidofproc ${PIDFILE:+-p ${PIDFILE}} "$DAEMON" >/dev/null; then
return 1
fi
diff -Nru courier-0.76.3/debian/courier-mta.courierfilter.init
courier-0.76.3/debian/courier-mta.courierfilter.init
--- courier-0.76.3/debian/courier-mta.courierfilter.init 2016-12-21
15:03:32.000000000 +0100
+++ courier-0.76.3/debian/courier-mta.courierfilter.init 2017-03-27
21:01:13.000000000 +0200
@@ -19,4 +19,12 @@
DO_START=yes
-. /usr/lib/courier/init-d-script-courier
+do_start_cmd_override() {
+ DAEMON_ARGS="start $DAEMON_ARGS"
+ do_start_cmd
+}
+
+do_stop_cmd_override() {
+ DAEMON_ARGS="stop $DAEMON_ARGS"
+ do_start_cmd
+}
diff -Nru courier-0.76.3/debian/courier-mta.courier.init
courier-0.76.3/debian/courier-mta.courier.init
--- courier-0.76.3/debian/courier-mta.courier.init 2016-12-21
15:03:32.000000000 +0100
+++ courier-0.76.3/debian/courier-mta.courier.init 2017-03-27
21:01:13.000000000 +0200
@@ -20,8 +20,12 @@
DO_START=yes
-. /usr/lib/courier/init-d-script-courier
+do_start_cmd_override() {
+ DAEMON_ARGS="start $DAEMON_ARGS"
+ do_start_cmd
+}
-do_status_override() {
- status_of_proc ${PIDFILE:+-p ${PIDFILE}} "$DAEMON"d "$NAME"
+do_stop_cmd_override() {
+ DAEMON_ARGS="stop $DAEMON_ARGS"
+ do_start_cmd
}
#
# item 5: Take over the package. Closes #848978.
#
diff -Nru courier-0.76.3/debian/control courier-0.76.3/debian/control
--- courier-0.76.3/debian/control 2016-12-21 15:03:32.000000000 +0100
+++ courier-0.76.3/debian/control 2017-03-27 21:01:13.000000000 +0200
@@ -1,7 +1,7 @@
Source: courier
Section: mail
Priority: optional
-Maintainer: Debian QA Group <packa...@qa.debian.org>
+Maintainer: Markus Wanner <mar...@bluegap.ch>
Standards-Version: 3.9.6
Build-Depends: automake,
autotools-dev,
signature.asc
Description: OpenPGP digital signature
