From: Karl Fleischmann Date: Thu, 14 Apr 2022 12:21:01 +0000 (+0200) Subject: global: Remove wiki from packaging X-Git-Tag: 2.4.0~4064 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e4816f1c032a2e3652e9941ffcd5e9e3195c487;p=thirdparty%2Fdovecot%2Fcore.git global: Remove wiki from packaging --- diff --git a/autogen.sh b/autogen.sh index 26993f94e9..59e8f6d541 100755 --- a/autogen.sh +++ b/autogen.sh @@ -12,24 +12,6 @@ if ! test -f build-aux/config.rpath; then done fi -if test ! -f doc/wiki/Authentication.txt; then - cd doc - wget https://www.dovecot.org/tmp/wiki2-export.tar.gz - tar xzf wiki2-export.tar.gz - if [ $? != 0 ]; then - echo "Failed to uncompress wiki docs" - exit - fi - mv wiki2-export/*.txt wiki/ - rm -rf wiki2-export wiki2-export.tar.gz - cd .. -fi - -cd doc/wiki -cp -f Makefile.am.in Makefile.am -echo *.txt | sed 's, , \\/ ,g' | tr '/' '\n' >> Makefile.am -cd ../.. - autoreconf -i rm -f ChangeLog diff --git a/configure.ac b/configure.ac index ffb4a50df4..f18e91ea7c 100644 --- a/configure.ac +++ b/configure.ac @@ -817,7 +817,6 @@ AC_CONFIG_FILES([ Makefile doc/Makefile doc/man/Makefile -doc/wiki/Makefile doc/example-config/Makefile doc/example-config/conf.d/Makefile src/Makefile diff --git a/doc/Makefile.am b/doc/Makefile.am index 2b939b37e2..e8f3d5eeca 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,11 +1,9 @@ extra_dist_extra = SUBDIRS = man example-config -DOCDIRS = wiki example-config +DOCDIRS = example-config docfiles = \ - documentation.txt \ - securecoding.txt \ thread-refs.txt \ mkcert.sh \ dovecot-openssl.cnf \ diff --git a/doc/documentation.txt b/doc/documentation.txt deleted file mode 100644 index f5fcb64ccb..0000000000 --- a/doc/documentation.txt +++ /dev/null @@ -1,130 +0,0 @@ -The documentation in wiki/ directory has been imported from -http://wiki2.dovecot.org/. The actual Wiki may contain more up-to-date -information, so unless this is an old Dovecot release, you may want to use -the Wiki directly. - - * for people in hurry - * - Why doesn't Dovecot work? - -Generic information about mail servers -====================================== - - * Mail protocols: IMAP [http://en.wikipedia.org/wiki/Imap], POP3 - [http://en.wikipedia.org/wiki/Pop3] and SMTP - [http://en.wikipedia.org/wiki/Smtp] - * [MDA.txt] - * [MailboxFormat.txt] - * [IndexFiles.txt] - * [Authentication.txt] - * [Sasl.txt] - -Dovecot installation -==================== - -It's a good idea to start with a simple Dovecot installation to see that -everything works. After that you can start changing things one at a time, so if -you run into trouble you know immediately where the problem is. - -If you're in a hurry and you already know enough about mail servers, - may be more helpful to you instead. - - 1. Installing - * [CompilingSource.txt] - * [PrebuiltBinaries.txt] - 2. [FindMailLocation.txt] - 3. [BasicConfiguration.txt] - 4. [RunningDovecot.txt] - 5. - 6. [TestInstallation.txt] - * [TestPop3Installation.txt] - 7. [FinishBasicConfiguration.txt] - -Dovecot configuration -===================== - - * Starting guidelines - * [SystemUsers.txt] - * [VirtualUsers.txt] - * [UserIds.txt] - * [Authentication.txt] - * [PasswordDatabase.txt] - * [UserDatabase.txt] - * - [Authentication.MultipleDatabases.txt] - * [Authentication.Kerberos.txt] - * [Authentication.RestrictAccess.txt] - * [PasswordDatabase.ExtraFields.txt] - * [Authentication.MasterUsers.txt] - * [Authentication.Caching.txt] - * [MailLocation.txt] - * [MailLocation.LocalDisk.txt] - * [MailLocation.SharedDisk.txt] - (, clustered FS) - * for easily proxying same user to same server to - avoid caching problems. - * [MailLocation.Maildir.txt] - * [MailLocation.Mbox.txt] - * - * [SharedMailboxes.txt] - * [LoginProcess.txt] - * settings and certificate creation - * - * - * [ACL.txt] (ACLs) - * [POP3Server.txt] - * [LDA.txt] - * and - * [PostLoginScripting.txt] - -HOWTOs, examples and tutorials -============================== - -Some HOWTOs haven't been included in wiki/. Use http://wiki2.dovecot.org/ -instead. - - * [HowTo.txt] for different installations - * Existing Dovecot installations - [http://wiki2.dovecot.org/DovecotServerInstallations] - -Migration from existing systems -=============================== - - * [Migration.txt] - * - [MissingMailboxes.txt] - * [Upgrading.txt] - * [Migration.MailFormat.txt] (mbox <-> - Maildir, etc.) - -Troubleshooting -=============== - - * [WhyDoesItNotWork.txt] - * [Logging.txt] - * [Debugging.Authentication.txt] - * [Debugging.ProcessTracing.txt] is useful when Dovecot - seems slow or hangs completely - * Rawlog [Debugging.Rawlog.txt] can be used to log post-login IMAP/POP3 - traffic - * [MboxProblems.txt] - * [Clients.txt] - * [Clients.NegativeUIDs.txt] - * [Debugging.Thunderbird.txt] - * <"Time moved backwards" error> [TimeMovedBackwards.txt] - * <%d expands to empty string> [DomainLost.txt] - * [PreAuth.txt] - * Sending bug reports [http://dovecot.org/bugreport.html], debugging crashes - and sniffing network traffic - -Tuning -====== - - * [PerformanceTuning.txt] - * [SecurityTuning.txt] - * - -Reference -========= - - * [Design.txt] - * [Clients.txt] diff --git a/doc/securecoding.txt b/doc/securecoding.txt deleted file mode 100644 index 72489ae427..0000000000 --- a/doc/securecoding.txt +++ /dev/null @@ -1,142 +0,0 @@ -Simplicity provides security. The more you have to remember to maintain -security the easier it is to forget something. - - -Use Multiple Layers of Security -------------------------------- - -Input validation is useful to prevent clients from taking too much server -resources. Add the restrictions only where it's useful. For example a -simple "maximum line length" will limit the length of pretty much all -possible client input. - -Don't rely on input validation. Maybe you missed something. Maybe someone -calls your function somewhere else where you didn't originally intend it. -Maybe someone makes the input validation less restrictive for some reason. -Point is, it's not an excuse to cause a security hole just because input -wasn't what you expected it to be. - -Don't trust memory. If code somewhere overflowed a buffer, don't make it -easier to exploit it. For example if you have code: - - static char staticbuf[100]; - .. - char stackbuf[100]; - strcpy(stackbuf, staticbuf); - -Just because staticbuf was declared as [100], it doesn't mean it couldn't -contain more data. Overflowing static buffers can't be directly exploited, -but the strcpy() overflowing stackbuf makes it possible. Always copy data -with bounds checking. - - -Prevent Buffer Overflows ------------------------- - -Avoid writing to buffers directly. Write everything through buffer API -(lib/buffer.h) which guarantees protection against buffer overflows. -There are various safe string APIs as well (lib/str.h, lib/strfuncs.h). -Dovecot also provides a type safe array API (lib/array.h). - -If you do write to buffers directly, mark the code with /* @UNSAFE */ -unless it's _obviously_ safe. Only obviously safe code is calling a -function with (buffer, sizeof(buffer)) parameters. If you do _any_ -calculations with buffer size, mark it unsafe. - -Use const with buffers whenever you can. It guarantees that you can't -accidentally modify it. - -Use "char *" only for NUL-terminated strings. Use "unsigned char *" -if it's not guaranteed to be NUL-terminated. - - -Avoid free() ------------- - -Accessing freed memory is the most difficult problem to solve with C code. -Only real solution is to use garbage collector, but it's not possible to -write a portable GC without radical changes in how you write code. - -There are a few ways to avoid most free() calls however: data stack and -memory pools. - -Data stack works in somewhat similar way to C's control stack. alloca() is -quite near to what it does, but there's one major difference: Stack frames -are explicitly defined, so functions can return values allocated from data -stack. t_strdup_printf() call is an excellent example of why this is -useful. Rather than creating some arbitrary sized buffer and using -snprintf() which may truncate the value, you can just use t_strdup_printf() -without worrying about buffer sizes being large enough. - -Try to keep the allocations from data stack small, since the data stack's -highest memory usage size is kept for the rest of the process's lifetime. -The initial data stack size is 32kB and it should be enough in normal use. -See lib/data-stack.h. - -Memory pools are useful when you have to construct an object from multiple -pieces and you can free it all at once. Actually Dovecot's Memory Pool API -is just an abstract class for allocating memory. There's system_pool for -allocating memory with calloc(), realloc() and free() and you can create a -pool to allocate memory from data stack. If your function needs to allocate -memory for multiple objects, you may want to take struct pool as parameter -to allow caller to specify where the memory is allocated from. -See lib/mempool.h - - -Deinitialize safely -------------------- - -Whenever you free a pointer, set it to NULL. That way if you accidentally -try to free it again, it's less likely to cause a security hole. Dovecot -does this automatically with most of its free() calls, but you should also -make it a habit of making all your _destroy() functions take a -pointer-to-pointer parameter which you set to NULL. - -Don't Keep Secrets ------------------- - -We don't do anything special to protect ourself against read access buffer -overflows, so don't store anything sensitive in memory. We use multiple -processes to protect sensitive information between users. - -When dealing with passwords and such, erase them from memory after you -don't need it anymore. Note that such memset() may be optimized away by -compiler, use safe_memset(). - - -Use GCC Extensions ------------------- - -GCC makes it easy to catch some potential errors: - -Format string vulnerabilities can be prevented by marking all functions -using format strings with __attr_format__() and __attr_format_arg__() -macros and using -Wformat=2 GCC option. - --W option checks that you don't compare signed and unsigned variables. - -I hope GCC will later emit a warning whenever there's potential integer -truncation. -Wconversion kind of does that, but it's not really meant for -it and it gives too many other useless warnings. - - -Use union Safely ----------------- - -Suppose there was code: - -union { - unsigned int number; - char *str; -} u; - -If it was possible for user to set number arbitrarily, but access the union -as string it'd be possible to read or write arbitrary memory locations. - -There's two ways to handle this. First would be to avoid union entirely and -use a struct instead. You don't really need the extra few bytes of memory -that union saves. - -Another way is to access the union only through macro that verifies that -you're accessing it correctly. See IMAP_ARG_*() macros in -lib-imap/imap-parser.h. diff --git a/doc/wiki/Makefile.am.in b/doc/wiki/Makefile.am.in deleted file mode 100644 index e96ed9f435..0000000000 --- a/doc/wiki/Makefile.am.in +++ /dev/null @@ -1,9 +0,0 @@ -if BUILD_DOCS -wikidir = $(docdir)/wiki -wiki_DATA = $(wikifiles) -endif - -EXTRA_DIST = \ - $(wikifiles) - -wikifiles = \ No newline at end of file