From 0adb47bdc7d15e53b8c4c443ad19ebdfcc4177a0 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 11 Apr 2017 00:36:07 -0400
Subject: gnu: dovecot: Update to 2.2.29 [fixes CVE-2017-2669].

* gnu/packages/mail.scm (dovecot): Update to 2.2.29.
[source]: Use 'dovecot-fix-failing-test.patch'.
* gnu/packages/patches/dovecot-fix-failing-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                       |   1 +
 gnu/packages/mail.scm                              |   8 +-
 .../patches/dovecot-fix-failing-test.patch         | 118 +++++++++++++++++++++
 3 files changed, 124 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/dovecot-fix-failing-test.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f3a4e54afa..212228d5c2 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -539,6 +539,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/diffutils-gets-undeclared.patch		\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
+  %D%/packages/patches/dovecot-fix-failing-test.patch		\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 49fdb32e8d..1a6c505efd 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1086,15 +1086,17 @@ facilities for checking incoming mail.")
 (define-public dovecot
   (package
     (name "dovecot")
-    (version "2.2.28")
+    (version "2.2.29")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://www.dovecot.org/releases/"
                            (version-major+minor version) "/"
                            name "-" version ".tar.gz"))
-       (sha256 (base32
-                "098zpkmkk93372qnv6drgbfg8hp5mynspzc1735qgar6wdcqya70"))))
+       (patches (search-patches "dovecot-fix-failing-test.patch"))
+       (sha256
+        (base32
+         "19irf7b5mjqq68mrpdd38gxc0zp2nqib942kjp3aif3f2acylffr"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/patches/dovecot-fix-failing-test.patch b/gnu/packages/patches/dovecot-fix-failing-test.patch
new file mode 100644
index 0000000000..343bab03f9
--- /dev/null
+++ b/gnu/packages/patches/dovecot-fix-failing-test.patch
@@ -0,0 +1,118 @@
+This patch fixes a test failure in dovecot 2.2.29, like this [0]:
+
+------
+Making check in lib-imap-client
+make[2]: Entering directory
+`/builddir/build/BUILD/dovecot-2.2.29/src/lib-imap-client'
+for bin in test-imapc-client; do \
+	  if !  ./$bin; then exit 1; fi; \
+	done
+Warning: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
+refused - reconnecting (delay 10 ms)
+Error: imapc(127.0.0.1:0): connect(127.0.0.1, 0) failed: Connection
+refused - disconnecting
+test: random seed #1 was 1492054294
+imapc connect failed ................................................. : ok
+Warning: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out
+after 0 seconds - reconnecting (delay 0 ms)
+Error: imapc(127.0.0.1:42704): connect(127.0.0.1, 42704) timed out after
+0 seconds - disconnecting
+imapc banner hangs ................................................... : ok
+Warning: imapc(127.0.0.1:36762): Authentication timed out after 0
+seconds - reconnecting (delay 0 ms)
+Error: imapc(127.0.0.1:36762): Authentication failed: Disconnected from
+server
+imapc login hangs .................................................... : ok
+test-imapc-client.c:358: Assert failed: test_imapc_cmd_last_reply_pop()
+== IMAPC_COMMAND_STATE_OK
+imapc reconnect ...................................................... :
+FAILED
+imapc reconnect resend commands ...................................... : ok
+imapc reconnect resend commands failed ............................... : ok
+imapc reconnect mailbox .............................................. : ok
+1 / 7 tests failed
+------
+
+Patch copied from upstream source repository:
+
+https://github.com/dovecot/core/commit/3a1c64363a64cdfe9153eb6292d8923f38955d82
+
+[0]
+https://dovecot.org/pipermail/dovecot/2017-April/107751.html
+
+From 3a1c64363a64cdfe9153eb6292d8923f38955d82 Mon Sep 17 00:00:00 2001
+From: Timo Sirainen <timo.sirainen@dovecot.fi>
+Date: Mon, 10 Apr 2017 17:07:28 +0300
+Subject: [PATCH] lib-imap-client: Fix reconnection
+
+There was already code for reconnection. We just shouldn't have gone very
+far in imapc_connection_connect() if we were still waiting for reconnection
+delay to pass.
+---
+ src/lib-imap-client/imapc-connection.c | 25 +++++++++----------------
+ 1 file changed, 9 insertions(+), 16 deletions(-)
+
+diff --git a/src/lib-imap-client/imapc-connection.c b/src/lib-imap-client/imapc-connection.c
+index 95067e6..6eaf1ab 100644
+--- a/src/lib-imap-client/imapc-connection.c
++++ b/src/lib-imap-client/imapc-connection.c
+@@ -130,6 +130,7 @@ struct imapc_connection {
+ 	struct timeout *to_throttle, *to_throttle_shrink;
+ 
+ 	unsigned int reconnecting:1;
++	unsigned int reconnect_waiting:1;
+ 	unsigned int reconnect_ok:1;
+ 	unsigned int idling:1;
+ 	unsigned int idle_stopping:1;
+@@ -504,6 +505,7 @@ static bool imapc_connection_can_reconnect(struct imapc_connection *conn)
+ static void imapc_connection_reconnect(struct imapc_connection *conn)
+ {
+ 	conn->reconnect_ok = FALSE;
++	conn->reconnect_waiting = FALSE;
+ 
+ 	if (conn->selected_box != NULL)
+ 		imapc_client_mailbox_reconnect(conn->selected_box);
+@@ -536,6 +538,7 @@ imapc_connection_try_reconnect(struct imapc_connection *conn,
+ 			imapc_connection_disconnect_full(conn, TRUE);
+ 			conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
+ 			conn->reconnect_count++;
++			conn->reconnect_waiting = TRUE;
+ 		}
+ 	}
+ }
+@@ -1785,6 +1788,12 @@ void imapc_connection_connect(struct imapc_connection *conn)
+ 
+ 	if (conn->fd != -1 || conn->dns_lookup != NULL)
+ 		return;
++	if (conn->reconnect_waiting) {
++		/* wait for the reconnection delay to finish before
++		   doing anything. */
++		return;
++	}
++
+ 	conn->reconnecting = FALSE;
+ 	/* if we get disconnected before we've finished all the pending
+ 	   commands, don't reconnect */
+@@ -1792,22 +1801,6 @@ void imapc_connection_connect(struct imapc_connection *conn)
+ 		array_count(&conn->cmd_send_queue);
+ 
+ 	imapc_connection_input_reset(conn);
+-
+-	int msecs_since_last_connect =
+-		timeval_diff_msecs(&ioloop_timeval, &conn->last_connect);
+-	if (!conn->reconnect_ok &&
+-	    msecs_since_last_connect < (int)conn->client->set.connect_retry_interval_msecs) {
+-		if (conn->to != NULL)
+-			timeout_remove(&conn->to);
+-		conn->reconnecting = TRUE;
+-		imapc_connection_set_disconnected(conn);
+-		/* don't wait longer than necessary */
+-		unsigned int delay_msecs =
+-			conn->client->set.connect_retry_interval_msecs -
+-			msecs_since_last_connect;
+-		conn->to = timeout_add(delay_msecs, imapc_connection_reconnect, conn);
+-		return;
+-	}
+ 	conn->last_connect = ioloop_timeval;
+ 
+ 	if (conn->client->set.debug) {
-- 
cgit v1.2.3