import cyrus-imapd-3.0.7-20.el8

2021-05-18 02:45:35 -04:00 · 2021-05-18 02:45:35 -04:00 · 0b0afb9bf1
parent b8511773eb
commit 0b0afb9bf1
2 changed files with 77 additions and 3 deletions
--- a/SOURCES/cyrus-imapd-use_system_ciphers.patch
+++ b/SOURCES/cyrus-imapd-use_system_ciphers.patch
@ -0,0 +1,68 @@
+diff --git a/lib/imapoptions b/lib/imapoptions
+index 37f8371..898b943 100644
+--- a/lib/imapoptions
+++ b/lib/imapoptions
+@@ -2207,12 +2207,12 @@ product version in the capabilities
+ { "tls_cert_file", NULL, STRING, "2.5.0", "tls_server_cert" }
+ /* Deprecated in favor of \fItls_server_cert\fR. */
+ 
+-{ "tls_cipher_list", "DEFAULT", STRING, "2.5.0", "tls_ciphers" }
+{ "tls_cipher_list", "PROFILE=SYSTEM", STRING, "2.5.0", "tls_ciphers" }
+ /* Deprecated in favor of \fItls_ciphers\fR. */
+ 
+-{ "tls_ciphers", "DEFAULT", STRING }
+{ "tls_ciphers", "PROFILE=SYSTEM", STRING }
+ /* The list of SSL/TLS ciphers to allow.  The format of the string
+-   (and definition of "DEFAULT") is described in \fBciphers(1)\fR.
+   (and definition of "PROFILE=SYSTEM") is described in \fBciphers(1)\fR.
+ .PP
+    See also Mozilla's server-side TLS recommendations:
+ .PP
+diff --git a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
+index c45d94b..495a2c7 100644
+--- a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
+++ b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
+@@ -4298,7 +4298,7 @@ FIELD DESCRIPTIONS
+ 
+     .. startblob tls_cipher_list
+ 
+-    ``tls_cipher_list:`` DEFAULT
+    ``tls_cipher_list:`` PROFILE=SYSTEM
+ 
+         Deprecated in favor of *tls_ciphers*. 
+ 
+@@ -4307,10 +4307,10 @@ FIELD DESCRIPTIONS
+ 
+     .. startblob tls_ciphers
+ 
+-    ``tls_ciphers:`` DEFAULT
+    ``tls_ciphers:`` PROFILE=SYSTEM
+ 
+         The list of SSL/TLS ciphers to allow.  The format of the string
+-        (and definition of "DEFAULT") is described in **ciphers(1)**.
+        (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
+ 
+         See also Mozilla's server-side TLS recommendations:
+ 
+diff --git a/doc/text/imap/reference/manpages/configs/imapd.conf.txt b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
+index 1801cd7..7c77154 100644
+--- a/doc/text/imap/reference/manpages/configs/imapd.conf.txt
+++ b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
+@@ -2675,14 +2675,14 @@ FIELD DESCRIPTIONS
+ 
+       Deprecated in favor of *tls_server_cert*.
+ 
+-   "tls_cipher_list:" DEFAULT
+   "tls_cipher_list:" PROFILE=SYSTEM
+ 
+       Deprecated in favor of *tls_ciphers*.
+ 
+-   "tls_ciphers:" DEFAULT
+   "tls_ciphers:" PROFILE=SYSTEM
+ 
+       The list of SSL/TLS ciphers to allow.  The format of the string
+-      (and definition of "DEFAULT") is described in **ciphers(1)**.
+      (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
+ 
+       See also Mozilla's server-side TLS recommendations:
+ 
--- a/SPECS/cyrus-imapd.spec
+++ b/SPECS/cyrus-imapd.spec
@ -9,7 +9,7 @@

 Name: cyrus-imapd
 Version: 3.0.7
-Release: 19%{?dist}
+Release: 20%{?dist}

 %define ssl_pem_file_prefix /etc/pki/%name/%name

@ -46,6 +46,7 @@ Patch7: cyrus-imapd-close_backup_fd_on_error.patch
 Patch8: cyrus-imapd-cve_2019_11356.patch
 Patch9: cyrus-imapd-CVE-2019-19783.patch
 Patch10: cyrus-imapd-CVE-2019-18928.patch
+Patch11: cyrus-imapd-use_system_ciphers.patch

 Source10: cyrus-imapd.logrotate
 Source11: cyrus-imapd.pam-config
@ -246,7 +247,7 @@ popd
 # Drop expired certificates and generate new ones
 pushd cunit
 rm -rf *pem
-%{_bindir}/sscg --package %{name} --cert-file cert.pem --cert-key-file key.pem --ca-file cacert.pem 
+%{_bindir}/sscg --package %{name} --cert-file cert.pem --cert-key-file key.pem --ca-file cacert.pem
 popd

 ## Modify docs master --> cyrus-master
@ -325,7 +326,7 @@ make -C tools/vzic
 # Modify docs master --> cyrus-master
 %{__perl} -pi -e "s@master\(8\)@cyrus-master(8)@" man/*5 man/*8 lib/imapoptions
 sed -i -e 's|\([^-]\)master|\1cyrus-master|g;s|^master|cyrus-master|g;s|Master|Cyrus-master|g;s|MASTER|CYRUS-MASTER|g' \
-        man/master.8 doc/legacy/man.html
+	man/master.8 doc/legacy/man.html

 %install
 make install DESTDIR=%buildroot
@ -469,6 +470,8 @@ find %buildroot -name ".packlist" -exec rm {} \;


 %check
+## First of all check if imaptest is functional at all
+imaptest  -h 2>&1 > /dev/null || (echo "Imaptest is not functional" && exit 1)
 make %{?_smp_mflags} check || exit 1

 %if %{without cassandane}
@ -677,6 +680,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v


 %changelog
+* Fri Nov  6 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-20
+- Use PROFILE=SYSTEM as default configuration for tls_ciphers
+
 * Thu Apr 23 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-19
 - change ownership of pki files (#1710722)