[pkg-kolab] Bug#629350: Bug#629350: STARTTLS vulnerability in kolab-cyrus-imapd

Mathieu Parent math.parent at gmail.com
Wed Jun 8 22:10:59 UTC 2011


2011/6/8 Moritz Muehlenhoff <jmm at inutil.org>:
...
> Why is kolab-cyrus-imapd a separate source package? Can we fix it for Wheezy
> to be built from a unified source package, i.e. a separate build target which
> applies the seven Kolab patches?

Yes, this is the way to go.

Those 7 patches are not synced with upstream Kolab.

Upstream Kolab use 7 patches (see
http://git.kolab.org/server/tree/imapd/patches and
https://wiki.kolab.org/Kolab-major-app-patches), sorted by priority:

KOLAB_cyrus-imapd-2.3.16_Cyradm_Annotations.patch: This is merged in 2.4.
KOLAB_cyrus-imapd-2.3.16_Groups2.patch: Blocker, but this can be
reworked on the Kolab side to use pts/ldap.
KOLAB_cyrus-imapd-2.3.16_cross-domain-acls.patch: Blocker when using
multidomain. Work needed.
KOLAB_cyrus-imapd-2.3.16_UID.patch : Allow to log in via uid instead
of mail. Probably not a blocker.
KOLAB_cyrus-imapd-2.3.16_Folder-names.patch: Modifies the set of
accepted characters in folder names for the cyrus imapd server
[Version: 2.3.9] => Some work is needed to integrate upstream,
probably easy for people knowing the cyrus imapd code. Not a blocker.
KOLAB_cyrus-imapd-2.3.16_Logging.patch : Not a blocker.
KOLAB_cyrus-imapd-2.3.16_timsieved_starttls-sendcaps.patch: don't know
the status. Not a blocker IMO

Work should first go to replace Groups2.patch with a pts/ldap config
(notify on https://issues.kolab.org/merge6 if you plan to work on
this) and integrate crossdomain acls (maybe the patch can be
integrated as-is in the Debian package?). After those two, kolabd can
depend on cyrus-imapd-2.4 and kolab-cyrus-imapd can be dropped. A
README.kolab may be included in the cyrus-imapd pacjage to list the
not-applied patches.

Regards

-- 
Mathieu





More information about the pkg-kolab-devel mailing list