pool/dovecot23
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 940830 from home:favogt:branches:server:mail

Browse Source 
- Update dovecot-2.3.0-dont_use_etc_ssl_certs.patch to also adjust
  the path in the 10-ssl.conf example (boo#1193758)
- Rebase dovecot-2.3.0-better_ssl_defaults.patch

OBS-URL: https://build.opensuse.org/request/show/940830
OBS-URL: https://build.opensuse.org/package/show/server:mail/dovecot23?expand=0&rev=100
This commit is contained in:
Peter Varkoly 2021-12-16 08:56:12 +00:00 committed by Git OBS Bridge
parent 5c9be102f7
commit 958249c91d
3 changed files with 51 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
dovecot-2.3.0-better_ssl_defaults.patch
View File

@ -1,18 +1,19 @@
diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf Index: dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
--- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf 2021-12-03 12:48:47.000000000 +0100 ===================================================================
+++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf 2021-12-07 20:09:55.575984341 +0100 --- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf
+++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
@@ -9,8 +9,8 @@ @@ -9,8 +9,8 @@
# dropping root privileges, so keep the key file unreadable by anyone but # dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed # root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/dovecot.pem -ssl_cert = </etc/ssl/private/dovecot.pem
-ssl_key = </etc/ssl/private/dovecot.pem -ssl_key = </etc/ssl/private/dovecot.pem
+#ssl_cert = </etc/ssl/certs/dovecot.pem +#ssl_cert = </etc/ssl/private/dovecot.pem
+#ssl_key = </etc/ssl/private/dovecot.pem +#ssl_key = </etc/ssl/private/dovecot.pem
# If key file is password protected, give the password here. Alternatively # If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often # give it when starting dovecot with -p parameter. Since this file is often
@@ -64,6 +64,7 @@ @@ -64,6 +64,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
# To disable non-EC DH, use: # To disable non-EC DH, use:
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
@ -20,7 +21,7 @@ diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3
# Colon separated list of elliptic curves to use. Empty value (the default) # Colon separated list of elliptic curves to use. Empty value (the default)
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an # means use the defaults from the SSL library. P-521:P-384:P-256 would be an
@@ -71,7 +72,7 @@ @@ -71,7 +72,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
#ssl_curve_list = #ssl_curve_list =
# Prefer the server's order of ciphers over client's. # Prefer the server's order of ciphers over client's.
@ -29,15 +30,16 @@ diff -ur dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf dovecot-2.3
# SSL crypto device to use, for valid values run "openssl engine" # SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device = #ssl_crypto_device =
@@ -80,3 +81,4 @@ @@ -80,3 +81,4 @@ ssl_key = </etc/ssl/private/dovecot.pem
# compression - Enable compression. # compression - Enable compression.
# no_ticket - Disable SSL session tickets. # no_ticket - Disable SSL session tickets.
#ssl_options = #ssl_options =
+ssl_options = no_compression +ssl_options = no_compression
diff -ur dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c Index: dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c
--- dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c 2021-12-03 12:48:47.000000000 +0100 ===================================================================
+++ dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c 2021-12-07 20:10:57.811653344 +0100 --- dovecot-2.3.17.1.orig/src/lib-master/master-service-ssl-settings.c
@@ -49,7 +49,7 @@ +++ dovecot-2.3.17.1/src/lib-master/master-service-ssl-settings.c
@@ -49,7 +49,7 @@ static const struct master_service_ssl_s
.ssl_client_ca_dir = "", .ssl_client_ca_dir = "",
.ssl_client_cert = "", .ssl_client_cert = "",
.ssl_client_key = "", .ssl_client_key = "",

47
dovecot-2.3.0-dont_use_etc_ssl_certs.patch
View File

@ -1,8 +1,8 @@
Index: dovecot-2.3.9.3/doc/man/doveconf.1.in Index: dovecot-2.3.17.1/doc/man/doveconf.1.in
=================================================================== ===================================================================
--- dovecot-2.3.9.3.orig/doc/man/doveconf.1.in --- dovecot-2.3.17.1.orig/doc/man/doveconf.1.in
+++ dovecot-2.3.9.3/doc/man/doveconf.1.in +++ dovecot-2.3.17.1/doc/man/doveconf.1.in
@@ -132,7 +132,7 @@ Show passwords and other sensitive value @@ -136,7 +136,7 @@ Show passwords and other sensitive value
.TP .TP
.B \-x .B \-x
Expand configuration variables (e.g. \(Domail_plugins \(rA quota) and show Expand configuration variables (e.g. \(Domail_plugins \(rA quota) and show
@ -11,17 +11,17 @@ Index: dovecot-2.3.9.3/doc/man/doveconf.1.in
.\"--------------------------------- .\"---------------------------------
.TP .TP
.I section_name .I section_name
@@ -213,4 +213,4 @@ dict/quota = pgsql:@pkgsysconfdir@/dovec @@ -217,4 +217,4 @@ dict/quota = pgsql:@pkgsysconfdir@/dovec
.BR doveadm (1), .BR doveadm (1),
.BR dovecot (1), .BR dovecot (1),
.BR dovecot\-lda (1), .BR dovecot\-lda (1),
-.BR dsync (1) -.BR dsync (1)
\ No newline at end of file \ No newline at end of file
+.BR dsync (1) +.BR dsync (1)
Index: dovecot-2.3.9.3/doc/mkcert.sh Index: dovecot-2.3.17.1/doc/mkcert.sh
=================================================================== ===================================================================
--- dovecot-2.3.9.3.orig/doc/mkcert.sh --- dovecot-2.3.17.1.orig/doc/mkcert.sh
+++ dovecot-2.3.9.3/doc/mkcert.sh +++ dovecot-2.3.17.1/doc/mkcert.sh
@@ -8,14 +8,14 @@ OPENSSL=${OPENSSL-openssl} @@ -8,14 +8,14 @@ OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl} SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
@ -40,10 +40,10 @@ Index: dovecot-2.3.9.3/doc/mkcert.sh
exit 1 exit 1
fi fi
Index: dovecot-2.3.9.3/doc/wiki/CompilingSource.txt Index: dovecot-2.3.17.1/doc/wiki/CompilingSource.txt
=================================================================== ===================================================================
--- dovecot-2.3.9.3.orig/doc/wiki/CompilingSource.txt --- dovecot-2.3.17.1.orig/doc/wiki/CompilingSource.txt
+++ dovecot-2.3.9.3/doc/wiki/CompilingSource.txt +++ dovecot-2.3.17.1/doc/wiki/CompilingSource.txt
@@ -142,7 +142,7 @@ non-standard path. Make sure you have th @@ -142,7 +142,7 @@ non-standard path. Make sure you have th
installed, and if it is not in the standard location, set 'CPPFLAGS' and installed, and if it is not in the standard location, set 'CPPFLAGS' and
'LDFLAGS' as shown in <the first section above.> [CompilingSource.txt] 'LDFLAGS' as shown in <the first section above.> [CompilingSource.txt]
@ -53,10 +53,10 @@ Index: dovecot-2.3.9.3/doc/wiki/CompilingSource.txt
the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory the private key from '/etc/ssl/private/dovecot.pem'. The '/etc/ssl' directory
can be changed using the '--with-ssldir=DIR' configure option. Both can of can be changed using the '--with-ssldir=DIR' configure option. Both can of
course be overridden from the configuration file. course be overridden from the configuration file.
Index: dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt Index: dovecot-2.3.17.1/doc/wiki/SSL.CertificateCreation.txt
=================================================================== ===================================================================
--- dovecot-2.3.9.3.orig/doc/wiki/SSL.CertificateCreation.txt --- dovecot-2.3.17.1.orig/doc/wiki/SSL.CertificateCreation.txt
+++ dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt +++ dovecot-2.3.17.1/doc/wiki/SSL.CertificateCreation.txt
@@ -39,7 +39,7 @@ CN matches the connected host name, othe @@ -39,7 +39,7 @@ CN matches the connected host name, othe
invalid. It's also possible to use wildcards (eg. *.domain.com) in the host invalid. It's also possible to use wildcards (eg. *.domain.com) in the host
name. They should work with most clients. name. They should work with most clients.
@ -66,10 +66,10 @@ Index: dovecot-2.3.9.3/doc/wiki/SSL.CertificateCreation.txt
private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default private key file is created to '/etc/ssl/private/dovecot.pem'. Also by default
the certificate will expire in 365 days. If you wish to change any of these, the certificate will expire in 365 days. If you wish to change any of these,
modify the mkcert.sh script. modify the mkcert.sh script.
Index: dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt Index: dovecot-2.3.17.1/doc/wiki/SSL.DovecotConfiguration.txt
=================================================================== ===================================================================
--- dovecot-2.3.9.3.orig/doc/wiki/SSL.DovecotConfiguration.txt --- dovecot-2.3.17.1.orig/doc/wiki/SSL.DovecotConfiguration.txt
+++ dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt +++ dovecot-2.3.17.1/doc/wiki/SSL.DovecotConfiguration.txt
@@ -41,7 +41,7 @@ The most important SSL settings are (in @@ -41,7 +41,7 @@ The most important SSL settings are (in
---%<------------------------------------------------------------------------- ---%<-------------------------------------------------------------------------
ssl = yes ssl = yes
@ -107,3 +107,16 @@ Index: dovecot-2.3.9.3/doc/wiki/SSL.DovecotConfiguration.txt
ssl_key = </etc/ssl/private/imap.example2.org.key ssl_key = </etc/ssl/private/imap.example2.org.key
} }
# ..etc.. # ..etc..
Index: dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
===================================================================
--- dovecot-2.3.17.1.orig/doc/example-config/conf.d/10-ssl.conf
+++ dovecot-2.3.17.1/doc/example-config/conf.d/10-ssl.conf
@@ -9,7 +9,7 @@
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/dovecot.pem
+ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
# If key file is password protected, give the password here. Alternatively

7
dovecot23.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Dec 16 08:14:51 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update dovecot-2.3.0-dont_use_etc_ssl_certs.patch to also adjust
the path in the 10-ssl.conf example (boo#1193758)
- Rebase dovecot-2.3.0-better_ssl_defaults.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 7 18:54:54 UTC 2021 - Michael Ströder <michael@stroeder.com> Tue Dec 7 18:54:54 UTC 2021 - Michael Ströder <michael@stroeder.com>