pool/dovecot23
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 893339 from server:mail

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/893339
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dovecot23?expand=0&rev=39
This commit is contained in:
Dominique Leuenberger 2021-05-15 21:16:30 +00:00 committed by Git OBS Bridge
commit bac18368a8
3 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dovecot23.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri May 14 10:07:07 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Add patch to fix insecure default openssl.cnf (boo#1184552):
* openssl-cnf-default_bits-2048.patch
- Use %autosetup
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 4 10:28:11 UTC 2021 - Michael Ströder <michael@stroeder.com> Thu Mar 4 10:28:11 UTC 2021 - Michael Ströder <michael@stroeder.com>

8
dovecot23.spec
View File

@ -150,6 +150,8 @@ Patch: dovecot-2.3.0-dont_use_etc_ssl_certs.patch
Patch1: dovecot-2.3.0-better_ssl_defaults.patch Patch1: dovecot-2.3.0-better_ssl_defaults.patch
# https://github.com/dovecot/core/pull/126 # https://github.com/dovecot/core/pull/126
Patch2: allow-tls1.3-only.patch Patch2: allow-tls1.3-only.patch
# https://github.com/dovecot/core/pull/161
Patch3: openssl-cnf-default_bits-2048.patch
Summary: IMAP and POP3 Server Written Primarily with Security in Mind Summary: IMAP and POP3 Server Written Primarily with Security in Mind
License: BSD-3-Clause AND LGPL-2.1-or-later AND MIT License: BSD-3-Clause AND LGPL-2.1-or-later AND MIT
Group: Productivity/Networking/Email/Servers Group: Productivity/Networking/Email/Servers
@ -326,10 +328,8 @@ This package holds the file needed to compile plugins outside of the
dovecot tree. dovecot tree.
%prep %prep
%setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %autosetup -p1 -n %{pkg_name}-%{dovecot_version} -a 1
%patch -p1
%patch1 -p1
%patch2 -p1
gzip -9v ChangeLog gzip -9v ChangeLog
# Fix plugins dir. # Fix plugins dir.
sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf

21
openssl-cnf-default_bits-2048.patch Normal file
View File

@ -0,0 +1,21 @@
From 397ca180b8e58bf38525afcf9af249b190120607 Mon Sep 17 00:00:00 2001
From: Arjen de Korte <build+github@de-korte.org>
Date: Sat, 10 Apr 2021 13:52:15 +0200
Subject: [PATCH] doc/openssl.cnf: Increase default_bits to 2048
NIST guidelines mandate that all SSL certificates must be of at least 2048 key length
---
doc/dovecot-openssl.cnf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/dovecot-openssl.cnf b/doc/dovecot-openssl.cnf
index b2dfebfea9..f65a80cc2f 100644
--- a/doc/dovecot-openssl.cnf
+++ b/doc/dovecot-openssl.cnf
@@ -1,5 +1,5 @@
[ req ]
-default_bits = 1024
+default_bits = 2048
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type