From e27e02653991c297ba174de053f60a0ccded7baf Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Thu, 1 Feb 2018 03:55:38 +0100
Subject: [PATCH 1/2] dovecot: fix CVE-2017-15132

---
 pkgs/servers/mail/dovecot/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/servers/mail/dovecot/default.nix b/pkgs/servers/mail/dovecot/default.nix
index e995763a4a2..6b2adf57217 100644
--- a/pkgs/servers/mail/dovecot/default.nix
+++ b/pkgs/servers/mail/dovecot/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, perl, pkgconfig, systemd, openssl
+{ stdenv, lib, fetchurl, fetchpatch, perl, pkgconfig, systemd, openssl
 , bzip2, zlib, lz4, inotify-tools, pam, libcap
 , clucene_core_2, icu, openldap, libsodium, libstemmer
 # Auth modules
@@ -47,6 +47,16 @@ stdenv.mkDerivation rec {
     # so we can symlink plugins from several packages there.
     # The symlinking needs to be done in NixOS.
     ./2.2.x-module_dir.patch
+    (fetchpatch {
+      name = "CVE-2017-14132_part1.patch";
+      url = https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch;
+      sha256 = "1pcfzxr8xlwbpa7z19grp7mlvdnan6ln8zw74dj4pdmynmlk4aw9";
+    })
+    (fetchpatch {
+      name = "CVE-2017-14132_part2.patch";
+      url = https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22.patch;
+      sha256 = "0082iid5rvjmh003xi9s09jld2rb31hbvni0yai1h1ggbmd5zf8l";
+    })
   ];
 
   configureFlags = [

From 4dd92c4466b109f721790ac8ea9bda8694e73a2d Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Thu, 1 Feb 2018 04:49:43 +0100
Subject: [PATCH 2/2] dovecot_antispam: removed since upstream deprecated the
 package [1] and it fails to build anyway

[1] https://wiki2.dovecot.org/Plugins/Antispam
---
 .../mail/dovecot/plugins/antispam/default.nix | 34 -------------------
 pkgs/top-level/all-packages.nix               |  1 -
 2 files changed, 35 deletions(-)
 delete mode 100644 pkgs/servers/mail/dovecot/plugins/antispam/default.nix

diff --git a/pkgs/servers/mail/dovecot/plugins/antispam/default.nix b/pkgs/servers/mail/dovecot/plugins/antispam/default.nix
deleted file mode 100644
index 1a1ba1ad448..00000000000
--- a/pkgs/servers/mail/dovecot/plugins/antispam/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{ stdenv, fetchhg, autoconf, automake, dovecot, openssl }:
-
-stdenv.mkDerivation {
-  name = "dovecot-antispam-20130429";
-
-  src = fetchhg {
-    url = "http://hg.dovecot.org/dovecot-antispam-plugin/";
-    rev = "5ebc6aae4d7c";
-    sha256 = "181i79c9sf3a80mgmycfq1f77z7fpn3j2s0qiddrj16h3yklf4gv";
-  };
-
-  buildInputs = [ dovecot openssl ];
-  nativeBuildInputs = [ autoconf automake ];
-
-  preConfigure = ''
-    ./autogen.sh
-    # Ugly hack; any ideas?
-    sed "s,^dovecot_moduledir=.*,dovecot_moduledir=$out/lib/dovecot," ${dovecot}/lib/dovecot/dovecot-config > dovecot-config
-  '';
-
-  configureFlags = [
-    "--with-dovecot=."
-  ];
-
-  enableParallelBuilding = true;
-
-  meta = with stdenv.lib; {
-    homepage = http://wiki2.dovecot.org/Plugins/Antispam;
-    description = "An antispam plugin for the Dovecot IMAP server";
-    license = licenses.gpl2;
-    maintainers = with maintainers; [ abbradar ];
-    platforms = platforms.linux;
-  };
-}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index d89ab305966..c35c1c60b80 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -11901,7 +11901,6 @@ with pkgs;
 
   dovecot = callPackage ../servers/mail/dovecot { };
   dovecot_pigeonhole = callPackage ../servers/mail/dovecot/plugins/pigeonhole { };
-  dovecot_antispam = callPackage ../servers/mail/dovecot/plugins/antispam { };
 
   dspam = callPackage ../servers/mail/dspam {
     inherit (perlPackages) NetSMTP;