diff --git a/.cvsignore b/.cvsignore index 92fa4d1..cacbd90 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -dovecot-1.0.beta8.tar.gz +dovecot-1.0.rc2.tar.gz diff --git a/dovecot-1.0.rc2-default-settings.patch b/dovecot-1.0.rc2-default-settings.patch new file mode 100644 index 0000000..1efa87a --- /dev/null +++ b/dovecot-1.0.rc2-default-settings.patch @@ -0,0 +1,106 @@ +--- dovecot-1.0.rc2/src/master/master-settings.c.default-settings 2006-07-02 21:18:13.000000000 +0200 ++++ dovecot-1.0.rc2/src/master/master-settings.c 2006-07-13 11:53:24.000000000 +0200 +@@ -267,8 +267,8 @@ + MEMBER(syslog_facility) "mail", + + /* general */ +- MEMBER(protocols) "imap imaps", +- MEMBER(listen) "*", ++ MEMBER(protocols) "imap imaps pop3 pop3s", ++ MEMBER(listen) "[::]", + MEMBER(ssl_listen) "", + + MEMBER(ssl_disable) FALSE, +@@ -279,7 +279,7 @@ + MEMBER(ssl_parameters_regenerate) 168, + MEMBER(ssl_cipher_list) "", + MEMBER(ssl_verify_client_cert) FALSE, +- MEMBER(disable_plaintext_auth) TRUE, ++ MEMBER(disable_plaintext_auth) FALSE, + MEMBER(verbose_ssl) FALSE, + MEMBER(shutdown_clients) TRUE, + MEMBER(nfs_check) TRUE, +@@ -333,7 +333,7 @@ + MEMBER(maildir_stat_dirs) FALSE, + MEMBER(maildir_copy_with_hardlinks) FALSE, + MEMBER(mbox_read_locks) "fcntl", +- MEMBER(mbox_write_locks) "dotlock fcntl", ++ MEMBER(mbox_write_locks) "fcntl", + MEMBER(mbox_lock_timeout) 300, + MEMBER(mbox_dotlock_change_timeout) 120, + MEMBER(mbox_min_index_size) 0, +@@ -362,7 +362,7 @@ + MEMBER(pop3_enable_last) FALSE, + MEMBER(pop3_reuse_xuidl) FALSE, + MEMBER(pop3_lock_session) FALSE, +- MEMBER(pop3_uidl_format) "", ++ MEMBER(pop3_uidl_format) "%08Xu%08Xv", + MEMBER(pop3_client_workarounds) "", + MEMBER(pop3_logout_format) "top=%t/%p, retr=%r/%b, del=%d/%m, size=%s", + +--- dovecot-1.0.rc2/dovecot-example.conf.default-settings 2006-07-01 22:07:32.000000000 +0200 ++++ dovecot-1.0.rc2/dovecot-example.conf 2006-07-13 11:55:38.000000000 +0200 +@@ -7,16 +7,13 @@ + # value inside quotes, eg.: key = "# char and trailing whitespace " + + # Default values are shown after each value, it's not required to uncomment +-# any of the lines. Exception to this are paths, they're just examples +-# with real defaults being based on configure options. The paths listed here +-# are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +-# --with-ssldir=/etc/ssl ++# any of the lines. + + # Base directory where to store runtime data. + #base_dir = /var/run/dovecot/ + + # Protocols we want to be serving: imap imaps pop3 pop3s +-#protocols = imap imaps ++#protocols = imap imaps pop3 pop3s + + # IP or host address where to listen in for connections. It's not currently + # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. +@@ -35,13 +32,13 @@ + # listen = *:10100 + # .. + # } +-#listen = * ++#listen = [::] + + # Disable LOGIN command and all other plaintext authentications unless + # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP + # matches the local IP (ie. you're connecting from the same computer), the + # connection is considered secure and plaintext authentication is allowed. +-#disable_plaintext_auth = yes ++#disable_plaintext_auth = no + + # Should all IMAP and POP3 processes be killed when Dovecot master process + # shuts down. Setting this to "no" means that Dovecot can be upgraded without +@@ -86,8 +83,8 @@ + # dropping root privileges, so keep the key file unreadable by anyone but + # root. Included doc/mkcert.sh can be used to easily generate self-signed + # certificate, just make sure to update the domains in dovecot-openssl.cnf +-#ssl_cert_file = /etc/ssl/certs/dovecot.pem +-#ssl_key_file = /etc/ssl/private/dovecot.pem ++#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem ++#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem + + # If key file is password protected, give the password here. Alternatively + # give it when starting dovecot with -p parameter. +@@ -412,7 +409,7 @@ + # locking methods as well. Some operating systems don't allow using some of + # them simultaneously. + #mbox_read_locks = fcntl +-#mbox_write_locks = dotlock fcntl ++#mbox_write_locks = fcntl + + # Maximum time in seconds to wait for lock (all of them) before aborting. + #mbox_lock_timeout = 300 +@@ -576,7 +573,7 @@ + # installations. %08Xu%08Xv will be the new default, so use it for new + # installations. + # +- #pop3_uidl_format = ++ #pop3_uidl_format = %08Xu%08Xv + + # POP3 logout format string: + # %t - number of TOP commands diff --git a/dovecot-1.0.rc2-pam-setcred.patch b/dovecot-1.0.rc2-pam-setcred.patch new file mode 100644 index 0000000..d42b905 --- /dev/null +++ b/dovecot-1.0.rc2-pam-setcred.patch @@ -0,0 +1,41 @@ +--- dovecot-1.0.rc2/src/auth/passdb-pam.c.pam-setcred 2006-07-13 11:59:00.000000000 +0200 ++++ dovecot-1.0.rc2/src/auth/passdb-pam.c 2006-07-13 12:03:41.000000000 +0200 +@@ -187,6 +187,30 @@ + } + + #ifdef HAVE_PAM_SETCRED ++#if 0 ++/* ++ * This is to fix a bug where dovecot was leaving a lot of temporary ++ * kerberos tickets around and filling up disk space. If ++ * pam_setcred(pamh, PAM_ESTABLISH_CRED) is called, which creates the ++ * ticket, then a matching pam_setcred(pamh, PAM_DELETE_CRED) also ++ * needs to be called to clean the ticket up. But the only reason to ++ * have a cached ticket on disk is if the service is going to perform ++ * some action during the session that requires access to the ticket ++ * for validation. This implies the pam session is being held open, ++ * which would be more typical pam usage. But the usage here is to ++ * close the pam session immediately after authenticating the user ++ * with pam_end, thus there is no benefit to creating the disk copy of ++ * the ticket. So rather than finding all the early returns before ++ * pam_end is invoked and adding pam_setcred(pamh, PAM_DELETE_CRED) to ++ * each it is more sensible to not create the ticket in the first ++ * place if we're not going to use it and thus not have to worry about ++ * the clean up. Note the way the code is currently structured, with ++ * an immediate call to pam_end() after authentication it implies the ++ * code probably won't work with a file system like AFS which uses the ++ * ticket for file system permissions, but restructuring the code for ++ * this case is beyond the needs of fixing the aforementioned bug. ++ * John Dennis ++ */ + if (module->pam_setcred) { + if ((status = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != + PAM_SUCCESS) { +@@ -196,6 +220,7 @@ + } + } + #endif ++#endif + + if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) { + *error = t_strdup_printf("pam_acct_mgmt() failed: %s", diff --git a/dovecot.spec b/dovecot.spec index 5aa42b0..016ac7d 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -1,13 +1,13 @@ Summary: Dovecot Secure imap server Name: dovecot Version: 1.0 -Release: 0.beta8.2.1 +Release: 0.rc2%{?dist} License: LGPL Group: System Environment/Daemons %define build_postgres 1 %define build_mysql 1 -%define upstream 1.0.beta8 +%define upstream 1.0.rc2 Source: %{name}-%{upstream}.tar.gz Source1: dovecot.init @@ -17,9 +17,9 @@ Source4: migrate-folders Source5: migrate-users Source6: perfect_maildir.pl Source7: dovecot-REDHAT-FAQ.txt -Patch100: dovecot-1.0.beta8-default-settings.patch +Patch100: dovecot-1.0.rc2-default-settings.patch Patch101: dovecot-1.0.beta2-pam-tty.patch -Patch102: dovecot-1.0.beta2-pam-setcred.patch +Patch102: dovecot-1.0.rc2-pam-setcred.patch Patch103: dovecot-1.0.beta2-mkcert-permissions.patch Patch104: dovecot-1.0.beta2-lib64.patch #Patch105: dovecot-1.0.beta2-sqlite-check.patch @@ -68,7 +68,7 @@ in either of maildir or mbox formats. %patch100 -p1 -b .default-settings %patch101 -p2 -b .pam-tty -%patch102 -p2 -b .pam-setcred +%patch102 -p1 -b .pam-setcred %patch103 -p1 -b .mkcert-permissions #%patch104 -p1 -b .lib64 #%patch105 -p1 -b .sqlite-check @@ -212,6 +212,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Jul 13 2006 Petr Rockai - 1.0-0.rc2 +- update to latest upstream release candidate + * Wed Jul 12 2006 Jesse Keating - 1.0-0.beta8.2.1 - rebuild diff --git a/sources b/sources index 94b31fe..cef8595 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6a87718a86ee1ae2334c75843dd9a7df dovecot-1.0.beta8.tar.gz +e27a248b2ee224e4618aa2f020150041 dovecot-1.0.rc2.tar.gz