Accepting request 940834 from server:mail

OBS-URL: https://build.opensuse.org/request/show/940834
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=43

dovecot-2.3.0-better_ssl_defaults.patch

@@ -1,18 +1,19 @@
-diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
---- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf	2021-12-03 12:48:47.000000000 +0100
-+++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf	2021-12-07 20:09:55.575984341 +0100
+Index: dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
+===================================================================
+--- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf
++++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
 @@ -9,8 +9,8 @@
  # dropping root privileges, so keep the key file unreadable by anyone but
  # root. Included doc/mkcert.sh can be used to easily generate self-signed
  # certificate, just make sure to update the domains in dovecot-openssl.cnf
--ssl_cert = </etc/ssl/certs/dovecot.pem
+-ssl_cert = </etc/ssl/private/dovecot.pem
 -ssl_key = </etc/ssl/private/dovecot.pem
-+#ssl_cert = </etc/ssl/certs/dovecot.pem
++#ssl_cert = </etc/ssl/private/dovecot.pem
 +#ssl_key = </etc/ssl/private/dovecot.pem
  
  # If key file is password protected, give the password here. Alternatively
  # give it when starting dovecot with -p parameter. Since this file is often
-@@ -64,6 +64,7 @@
+@@ -64,6 +64,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
  #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
  # To disable non-EC DH, use:
  #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
@@ -20,7 +21,7 @@ diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3
  
  # Colon separated list of elliptic curves to use. Empty value (the default)
  # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
-@@ -71,7 +72,7 @@
+@@ -71,7 +72,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
  #ssl_curve_list =
  
  # Prefer the server's order of ciphers over client's.
@@ -29,15 +30,16 @@ diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3
  
  # SSL crypto device to use, for valid values run "openssl engine"
  #ssl_crypto_device =
-@@ -80,3 +81,4 @@
+@@ -80,3 +81,4 @@ ssl_key = </etc/ssl/private/dovecot.pem
  #   compression - Enable compression.
  #   no_ticket - Disable SSL session tickets.
  #ssl_options =
 +ssl_options = no_compression
-diff -ur dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c
---- dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c	2021-12-03 12:48:47.000000000 +0100
-+++ dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c	2021-12-07 20:10:57.811653344 +0100
-@@ -49,7 +49,7 @@
+Index: dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c
+===================================================================
+--- dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c
++++ dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c
+@@ -49,7 +49,7 @@ static const struct master_service_ssl_s
  	.ssl_client_ca_dir = "",
  	.ssl_client_cert = "",
  	.ssl_client_key = "",

dovecot-2.3.0-dont_use_etc_ssl_certs.patch

@@ -1,8 +1,8 @@
-Index: dovecot-2.3.9.3/doc/man/doveconf.1.in
+Index: dovecot-2.3.17.1/doc/man/doveconf.1.in
 ===================================================================
---- dovecot-2.3.9.3.orig/doc/man/doveconf.1.in
-+++ dovecot-2.3.9.3/doc/man/doveconf.1.in
-@@ -132,7 +132,7 @@ Show passwords and other sensitive value
+--- dovecot-2.3.17.1.orig/doc/man/doveconf.1.in
++++ dovecot-2.3.17.1/doc/man/doveconf.1.in
+@@ -136,7 +136,7 @@ Show passwords and other sensitive value
  .TP
  .B \-x
  Expand configuration variables (e.g. \(Domail_plugins \(rA quota) and show
@@ -11,17 +11,17 @@ Index: dovecot-2.3.9.3/doc/man/doveconf.1.in
  .\"---------------------------------
  .TP
  .I section_name
-@@ -213,4 +213,4 @@ dict/quota = pgsql:@pkgsysconfdir@/dovec
+@@ -217,4 +217,4 @@ dict/quota = pgsql:@pkgsysconfdir@/dovec
  .BR doveadm (1),
  .BR dovecot (1),
  .BR dovecot\-lda (1),
 -.BR dsync (1)
 \ No newline at end of file
 +.BR dsync (1)
-Index: dovecot-2.3.9.3/doc/mkcert.sh
+Index: dovecot-2.3.17.1/doc/mkcert.sh
 ===================================================================
---- dovecot-2.3.9.3.orig/doc/mkcert.sh
-+++ dovecot-2.3.9.3/doc/mkcert.sh
+--- dovecot-2.3.17.1.orig/doc/mkcert.sh
++++ dovecot-2.3.17.1/doc/mkcert.sh
 @@ -8,14 +8,14 @@ OPENSSL=${OPENSSL-openssl}
  SSLDIR=${SSLDIR-/etc/ssl}
  OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
@@ -40,10 +40,10 @@ Index: dovecot-2.3.9.3/doc/mkcert.sh
    exit 1
  fi
  
-Index: dovecot-2.3.9.3/doc/wiki/CompilingSource.txt
+Index: dovecot-2.3.17.1/doc/wiki/CompilingSource.txt
 ===================================================================
---- dovecot-2.3.9.3.orig/doc/wiki/CompilingSource.txt
-+++ dovecot-2.3.9.3/doc/wiki/CompilingSource.txt
+--- dovecot-2.3.17.1.orig/doc/wiki/CompilingSource.txt
++++ dovecot-2.3.17.1/doc/wiki/CompilingSource.txt
 @@ -142,7 +142,7 @@ non-standard path. Make sure you have th
  installed, and if it is not in the standard location, set 'CPPFLAGS' and
  'LDFLAGS' as shown in <the first section above.> [CompilingSource.txt]
@@ -53,10 +53,10 @@ Index: dovecot-2.3.9.3/doc/wiki/CompilingSource.txt
  the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory
  can be changed using the '--with-ssldir=DIR' configure option. Both can of
  course be overridden from the configuration file.
-Index: dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt
+Index: dovecot-2.3.17.1/doc/wiki/SSL.CertificateCreation.txt
 ===================================================================
---- dovecot-2.3.9.3.orig/doc/wiki/SSL.CertificateCreation.txt
-+++ dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt
+--- dovecot-2.3.17.1.orig/doc/wiki/SSL.CertificateCreation.txt
++++ dovecot-2.3.17.1/doc/wiki/SSL.CertificateCreation.txt
 @@ -39,7 +39,7 @@ CN matches the connected host name, othe
  invalid. It's also possible to use wildcards (eg. *.domain.com) in the host
  name. They should work with most clients.
@@ -66,10 +66,10 @@ Index: dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt
  private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default
  the certificate will expire in 365 days. If you wish to change any of these,
  modify the mkcert.sh script.
-Index: dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt
+Index: dovecot-2.3.17.1/doc/wiki/SSL.DovecotConfiguration.txt
 ===================================================================
---- dovecot-2.3.9.3.orig/doc/wiki/SSL.DovecotConfiguration.txt
-+++ dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt
+--- dovecot-2.3.17.1.orig/doc/wiki/SSL.DovecotConfiguration.txt
++++ dovecot-2.3.17.1/doc/wiki/SSL.DovecotConfiguration.txt
 @@ -41,7 +41,7 @@ The most important SSL settings are (in
  ---%<-------------------------------------------------------------------------
  ssl = yes
@@ -107,3 +107,16 @@ Index: dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt
    ssl_key = </etc/ssl/private/imap.example2.org.key
  }
  # ..etc..
+Index: dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
+===================================================================
+--- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf
++++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
+@@ -9,7 +9,7 @@
+ # dropping root privileges, so keep the key file unreadable by anyone but
+ # root. Included doc/mkcert.sh can be used to easily generate self-signed
+ # certificate, just make sure to update the domains in dovecot-openssl.cnf
+-ssl_cert = </etc/ssl/certs/dovecot.pem
++ssl_cert = </etc/ssl/private/dovecot.pem
+ ssl_key = </etc/ssl/private/dovecot.pem
+ 
+ # If key file is password protected, give the password here. Alternatively

dovecot23.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Dec 16 08:14:51 UTC 2021 - Fabian Vogt <fvogt@suse.com>
+
+- Update dovecot-2.3.0-dont_use_etc_ssl_certs.patch to also adjust
+  the path in the 10-ssl.conf example (boo#1193758)
+- Rebase dovecot-2.3.0-better_ssl_defaults.patch
+
 -------------------------------------------------------------------
 Tue Dec  7 18:54:54 UTC 2021 - Michael Ströder <michael@stroeder.com>