import cyrus-imapd-3.0.7-20.el8
This commit is contained in:
CentOS Sources
parent
b8511773eb
commit
0b0afb9bf1
68
SOURCES/cyrus-imapd-use_system_ciphers.patch
Normal file
68
SOURCES/cyrus-imapd-use_system_ciphers.patch
Normal file
@ -0,0 +1,68 @@
|
||||
diff --git a/lib/imapoptions b/lib/imapoptions
|
||||
index 37f8371..898b943 100644
|
||||
--- a/lib/imapoptions
|
||||
+++ b/lib/imapoptions
|
||||
@@ -2207,12 +2207,12 @@ product version in the capabilities
|
||||
{ "tls_cert_file", NULL, STRING, "2.5.0", "tls_server_cert" }
|
||||
/* Deprecated in favor of \fItls_server_cert\fR. */
|
||||
|
||||
-{ "tls_cipher_list", "DEFAULT", STRING, "2.5.0", "tls_ciphers" }
|
||||
+{ "tls_cipher_list", "PROFILE=SYSTEM", STRING, "2.5.0", "tls_ciphers" }
|
||||
/* Deprecated in favor of \fItls_ciphers\fR. */
|
||||
|
||||
-{ "tls_ciphers", "DEFAULT", STRING }
|
||||
+{ "tls_ciphers", "PROFILE=SYSTEM", STRING }
|
||||
/* The list of SSL/TLS ciphers to allow. The format of the string
|
||||
- (and definition of "DEFAULT") is described in \fBciphers(1)\fR.
|
||||
+ (and definition of "PROFILE=SYSTEM") is described in \fBciphers(1)\fR.
|
||||
.PP
|
||||
See also Mozilla's server-side TLS recommendations:
|
||||
.PP
|
||||
diff --git a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||
index c45d94b..495a2c7 100644
|
||||
--- a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||
+++ b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||
@@ -4298,7 +4298,7 @@ FIELD DESCRIPTIONS
|
||||
|
||||
.. startblob tls_cipher_list
|
||||
|
||||
- ``tls_cipher_list:`` DEFAULT
|
||||
+ ``tls_cipher_list:`` PROFILE=SYSTEM
|
||||
|
||||
Deprecated in favor of *tls_ciphers*.
|
||||
|
||||
@@ -4307,10 +4307,10 @@ FIELD DESCRIPTIONS
|
||||
|
||||
.. startblob tls_ciphers
|
||||
|
||||
- ``tls_ciphers:`` DEFAULT
|
||||
+ ``tls_ciphers:`` PROFILE=SYSTEM
|
||||
|
||||
The list of SSL/TLS ciphers to allow. The format of the string
|
||||
- (and definition of "DEFAULT") is described in **ciphers(1)**.
|
||||
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
|
||||
|
||||
See also Mozilla's server-side TLS recommendations:
|
||||
|
||||
diff --git a/doc/text/imap/reference/manpages/configs/imapd.conf.txt b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||
index 1801cd7..7c77154 100644
|
||||
--- a/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||
+++ b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||
@@ -2675,14 +2675,14 @@ FIELD DESCRIPTIONS
|
||||
|
||||
Deprecated in favor of *tls_server_cert*.
|
||||
|
||||
- "tls_cipher_list:" DEFAULT
|
||||
+ "tls_cipher_list:" PROFILE=SYSTEM
|
||||
|
||||
Deprecated in favor of *tls_ciphers*.
|
||||
|
||||
- "tls_ciphers:" DEFAULT
|
||||
+ "tls_ciphers:" PROFILE=SYSTEM
|
||||
|
||||
The list of SSL/TLS ciphers to allow. The format of the string
|
||||
- (and definition of "DEFAULT") is described in **ciphers(1)**.
|
||||
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
|
||||
|
||||
See also Mozilla's server-side TLS recommendations:
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
Name: cyrus-imapd
|
||||
Version: 3.0.7
|
||||
Release: 19%{?dist}
|
||||
Release: 20%{?dist}
|
||||
|
||||
%define ssl_pem_file_prefix /etc/pki/%name/%name
|
||||
|
||||
@ -46,6 +46,7 @@ Patch7: cyrus-imapd-close_backup_fd_on_error.patch
|
||||
Patch8: cyrus-imapd-cve_2019_11356.patch
|
||||
Patch9: cyrus-imapd-CVE-2019-19783.patch
|
||||
Patch10: cyrus-imapd-CVE-2019-18928.patch
|
||||
Patch11: cyrus-imapd-use_system_ciphers.patch
|
||||
|
||||
Source10: cyrus-imapd.logrotate
|
||||
Source11: cyrus-imapd.pam-config
|
||||
@ -246,7 +247,7 @@ popd
|
||||
# Drop expired certificates and generate new ones
|
||||
pushd cunit
|
||||
rm -rf *pem
|
||||
%{_bindir}/sscg --package %{name} --cert-file cert.pem --cert-key-file key.pem --ca-file cacert.pem
|
||||
%{_bindir}/sscg --package %{name} --cert-file cert.pem --cert-key-file key.pem --ca-file cacert.pem
|
||||
popd
|
||||
|
||||
## Modify docs master --> cyrus-master
|
||||
@ -325,7 +326,7 @@ make -C tools/vzic
|
||||
# Modify docs master --> cyrus-master
|
||||
%{__perl} -pi -e "s@master\(8\)@cyrus-master(8)@" man/*5 man/*8 lib/imapoptions
|
||||
sed -i -e 's|\([^-]\)master|\1cyrus-master|g;s|^master|cyrus-master|g;s|Master|Cyrus-master|g;s|MASTER|CYRUS-MASTER|g' \
|
||||
man/master.8 doc/legacy/man.html
|
||||
man/master.8 doc/legacy/man.html
|
||||
|
||||
%install
|
||||
make install DESTDIR=%buildroot
|
||||
@ -469,6 +470,8 @@ find %buildroot -name ".packlist" -exec rm {} \;
|
||||
|
||||
|
||||
%check
|
||||
## First of all check if imaptest is functional at all
|
||||
imaptest -h 2>&1 > /dev/null || (echo "Imaptest is not functional" && exit 1)
|
||||
make %{?_smp_mflags} check || exit 1
|
||||
|
||||
%if %{without cassandane}
|
||||
@ -677,6 +680,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 6 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-20
|
||||
- Use PROFILE=SYSTEM as default configuration for tls_ciphers
|
||||
|
||||
* Thu Apr 23 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-19
|
||||
- change ownership of pki files (#1710722)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user