import cyrus-imapd-3.0.7-20.el8
This commit is contained in:
parent
b8511773eb
commit
0b0afb9bf1
68
SOURCES/cyrus-imapd-use_system_ciphers.patch
Normal file
68
SOURCES/cyrus-imapd-use_system_ciphers.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
diff --git a/lib/imapoptions b/lib/imapoptions
|
||||||
|
index 37f8371..898b943 100644
|
||||||
|
--- a/lib/imapoptions
|
||||||
|
+++ b/lib/imapoptions
|
||||||
|
@@ -2207,12 +2207,12 @@ product version in the capabilities
|
||||||
|
{ "tls_cert_file", NULL, STRING, "2.5.0", "tls_server_cert" }
|
||||||
|
/* Deprecated in favor of \fItls_server_cert\fR. */
|
||||||
|
|
||||||
|
-{ "tls_cipher_list", "DEFAULT", STRING, "2.5.0", "tls_ciphers" }
|
||||||
|
+{ "tls_cipher_list", "PROFILE=SYSTEM", STRING, "2.5.0", "tls_ciphers" }
|
||||||
|
/* Deprecated in favor of \fItls_ciphers\fR. */
|
||||||
|
|
||||||
|
-{ "tls_ciphers", "DEFAULT", STRING }
|
||||||
|
+{ "tls_ciphers", "PROFILE=SYSTEM", STRING }
|
||||||
|
/* The list of SSL/TLS ciphers to allow. The format of the string
|
||||||
|
- (and definition of "DEFAULT") is described in \fBciphers(1)\fR.
|
||||||
|
+ (and definition of "PROFILE=SYSTEM") is described in \fBciphers(1)\fR.
|
||||||
|
.PP
|
||||||
|
See also Mozilla's server-side TLS recommendations:
|
||||||
|
.PP
|
||||||
|
diff --git a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
index c45d94b..495a2c7 100644
|
||||||
|
--- a/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
+++ b/doc/html/_sources/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
@@ -4298,7 +4298,7 @@ FIELD DESCRIPTIONS
|
||||||
|
|
||||||
|
.. startblob tls_cipher_list
|
||||||
|
|
||||||
|
- ``tls_cipher_list:`` DEFAULT
|
||||||
|
+ ``tls_cipher_list:`` PROFILE=SYSTEM
|
||||||
|
|
||||||
|
Deprecated in favor of *tls_ciphers*.
|
||||||
|
|
||||||
|
@@ -4307,10 +4307,10 @@ FIELD DESCRIPTIONS
|
||||||
|
|
||||||
|
.. startblob tls_ciphers
|
||||||
|
|
||||||
|
- ``tls_ciphers:`` DEFAULT
|
||||||
|
+ ``tls_ciphers:`` PROFILE=SYSTEM
|
||||||
|
|
||||||
|
The list of SSL/TLS ciphers to allow. The format of the string
|
||||||
|
- (and definition of "DEFAULT") is described in **ciphers(1)**.
|
||||||
|
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
|
||||||
|
|
||||||
|
See also Mozilla's server-side TLS recommendations:
|
||||||
|
|
||||||
|
diff --git a/doc/text/imap/reference/manpages/configs/imapd.conf.txt b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
index 1801cd7..7c77154 100644
|
||||||
|
--- a/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
+++ b/doc/text/imap/reference/manpages/configs/imapd.conf.txt
|
||||||
|
@@ -2675,14 +2675,14 @@ FIELD DESCRIPTIONS
|
||||||
|
|
||||||
|
Deprecated in favor of *tls_server_cert*.
|
||||||
|
|
||||||
|
- "tls_cipher_list:" DEFAULT
|
||||||
|
+ "tls_cipher_list:" PROFILE=SYSTEM
|
||||||
|
|
||||||
|
Deprecated in favor of *tls_ciphers*.
|
||||||
|
|
||||||
|
- "tls_ciphers:" DEFAULT
|
||||||
|
+ "tls_ciphers:" PROFILE=SYSTEM
|
||||||
|
|
||||||
|
The list of SSL/TLS ciphers to allow. The format of the string
|
||||||
|
- (and definition of "DEFAULT") is described in **ciphers(1)**.
|
||||||
|
+ (and definition of "PROFILE=SYSTEM") is described in **ciphers(1)**.
|
||||||
|
|
||||||
|
See also Mozilla's server-side TLS recommendations:
|
||||||
|
|
@ -9,7 +9,7 @@
|
|||||||
|
|
||||||
Name: cyrus-imapd
|
Name: cyrus-imapd
|
||||||
Version: 3.0.7
|
Version: 3.0.7
|
||||||
Release: 19%{?dist}
|
Release: 20%{?dist}
|
||||||
|
|
||||||
%define ssl_pem_file_prefix /etc/pki/%name/%name
|
%define ssl_pem_file_prefix /etc/pki/%name/%name
|
||||||
|
|
||||||
@ -46,6 +46,7 @@ Patch7: cyrus-imapd-close_backup_fd_on_error.patch
|
|||||||
Patch8: cyrus-imapd-cve_2019_11356.patch
|
Patch8: cyrus-imapd-cve_2019_11356.patch
|
||||||
Patch9: cyrus-imapd-CVE-2019-19783.patch
|
Patch9: cyrus-imapd-CVE-2019-19783.patch
|
||||||
Patch10: cyrus-imapd-CVE-2019-18928.patch
|
Patch10: cyrus-imapd-CVE-2019-18928.patch
|
||||||
|
Patch11: cyrus-imapd-use_system_ciphers.patch
|
||||||
|
|
||||||
Source10: cyrus-imapd.logrotate
|
Source10: cyrus-imapd.logrotate
|
||||||
Source11: cyrus-imapd.pam-config
|
Source11: cyrus-imapd.pam-config
|
||||||
@ -246,7 +247,7 @@ popd
|
|||||||
# Drop expired certificates and generate new ones
|
# Drop expired certificates and generate new ones
|
||||||
pushd cunit
|
pushd cunit
|
||||||
rm -rf *pem
|
rm -rf *pem
|
||||||
%{_bindir}/sscg --package %{name} --cert-file cert.pem --cert-key-file key.pem --ca-file cacert.pem
|
%{_bindir}/sscg --package %{name} --cert-file cert.pem --cert-key-file key.pem --ca-file cacert.pem
|
||||||
popd
|
popd
|
||||||
|
|
||||||
## Modify docs master --> cyrus-master
|
## Modify docs master --> cyrus-master
|
||||||
@ -325,7 +326,7 @@ make -C tools/vzic
|
|||||||
# Modify docs master --> cyrus-master
|
# Modify docs master --> cyrus-master
|
||||||
%{__perl} -pi -e "s@master\(8\)@cyrus-master(8)@" man/*5 man/*8 lib/imapoptions
|
%{__perl} -pi -e "s@master\(8\)@cyrus-master(8)@" man/*5 man/*8 lib/imapoptions
|
||||||
sed -i -e 's|\([^-]\)master|\1cyrus-master|g;s|^master|cyrus-master|g;s|Master|Cyrus-master|g;s|MASTER|CYRUS-MASTER|g' \
|
sed -i -e 's|\([^-]\)master|\1cyrus-master|g;s|^master|cyrus-master|g;s|Master|Cyrus-master|g;s|MASTER|CYRUS-MASTER|g' \
|
||||||
man/master.8 doc/legacy/man.html
|
man/master.8 doc/legacy/man.html
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=%buildroot
|
make install DESTDIR=%buildroot
|
||||||
@ -469,6 +470,8 @@ find %buildroot -name ".packlist" -exec rm {} \;
|
|||||||
|
|
||||||
|
|
||||||
%check
|
%check
|
||||||
|
## First of all check if imaptest is functional at all
|
||||||
|
imaptest -h 2>&1 > /dev/null || (echo "Imaptest is not functional" && exit 1)
|
||||||
make %{?_smp_mflags} check || exit 1
|
make %{?_smp_mflags} check || exit 1
|
||||||
|
|
||||||
%if %{without cassandane}
|
%if %{without cassandane}
|
||||||
@ -677,6 +680,9 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 6 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-20
|
||||||
|
- Use PROFILE=SYSTEM as default configuration for tls_ciphers
|
||||||
|
|
||||||
* Thu Apr 23 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-19
|
* Thu Apr 23 2020 Pavel Zhukov <pzhukov@redhat.com> - 3.0.7-19
|
||||||
- change ownership of pki files (#1710722)
|
- change ownership of pki files (#1710722)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user