From 63a5416c5b3bbcfc879e51e871bef24b6535c5f7 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@fedoraproject.org>
Date: Mon, 3 Nov 2008 10:12:01 +0000
Subject: [PATCH] update to upstream version 1.1.6 change permissions of
 deliver and     dovecot.conf to prevent possible password exposure

---
 .cvsignore                                |  4 ++--
 dovecot-1.1-default-settings-passwd.patch | 11 ----------
 dovecot.spec                              | 25 ++++++++++++++++++-----
 sources                                   |  4 ++--
 4 files changed, 24 insertions(+), 20 deletions(-)
 delete mode 100644 dovecot-1.1-default-settings-passwd.patch

diff --git a/.cvsignore b/.cvsignore
index 9a6ba63..10d08ef 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,4 +1,4 @@
-dovecot-1.1.5.tar.gz
+dovecot-1.1.6.tar.gz
+dovecot-1.1.6.tar.gz.sig
 dovecot-sieve-1.1.5.tar.gz
-dovecot-1.1.5.tar.gz.sig
 dovecot-sieve-1.1.5.tar.gz.sig
diff --git a/dovecot-1.1-default-settings-passwd.patch b/dovecot-1.1-default-settings-passwd.patch
deleted file mode 100644
index 17e89b2..0000000
--- a/dovecot-1.1-default-settings-passwd.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- dovecot-1.1.2/dovecot-example.conf.passwd	2008-07-29 14:30:57.000000000 +0200
-+++ dovecot-1.1.2/dovecot-example.conf	2008-07-29 14:32:48.000000000 +0200
-@@ -92,6 +92,8 @@
- 
- # If key file is password protected, give the password here. Alternatively
- # give it when starting dovecot with -p parameter.
-+# Security note: if you have this config file world readable, then enable
-+# password asking during start-up in /etc/sysconfig/dovecot.
- #ssl_key_password =
- 
- # File containing trusted SSL certificate authorities. Set this only if you
diff --git a/dovecot.spec b/dovecot.spec
index 29eb3be..a50dbcb 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -1,7 +1,7 @@
 Summary: Dovecot Secure imap server
 Name: dovecot
 Epoch: 1
-Version: 1.1.5
+Version: 1.1.6
 Release: 1%{?dist}
 License: MIT and LGPLv2 and BSD with advertising
 Group: System Environment/Daemons
@@ -31,7 +31,6 @@ Patch1: dovecot-1.1-default-settings.patch
 Patch2: dovecot-1.0.beta2-mkcert-permissions.patch
 # local filesystem rules
 Patch3: dovecot-1.0.rc7-mkcert-paths.patch
-Patch4: dovecot-1.1-default-settings-passwd.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: openssl-devel, pam-devel, zlib-devel
@@ -150,7 +149,6 @@ This package provides the development files for dovecot.
 %patch1 -p1 -b .default-settings
 %patch2 -p1 -b .mkcert-permissions
 %patch3 -p1 -b .mkcert-paths
-%patch4 -p1 -b .passwd
 
 %if %{build_sieve}
 %setup -q -D -T -a 8
@@ -228,7 +226,7 @@ chmod 700 $RPM_BUILD_ROOT/var/run/dovecot/login
 	
 # Install dovecot.conf and dovecot-openssl.cnf
 mkdir -p $RPM_BUILD_ROOT%{ssldir}
-install -p -m644 dovecot-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot.conf
+install -p -m640 dovecot-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot.conf
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/dovecot-*example.conf # dovecot seems to install this by itself
 install -p -m644 doc/dovecot-openssl.cnf $RPM_BUILD_ROOT%{ssldir}/dovecot-openssl.cnf
 
@@ -309,7 +307,7 @@ fi
 %files -f libs.filelist
 %defattr(-,root,root,-)
 %doc %{docdir}-%{version}
-%config(noreplace) %{_sysconfdir}/dovecot.conf
+%attr(0640,root,mail) %config(noreplace) %{_sysconfdir}/dovecot.conf
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/dovecot
 %{_initrddir}/dovecot
 %config(noreplace) %{_sysconfdir}/pam.d/dovecot
@@ -320,6 +318,19 @@ fi
 %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/certs/dovecot.pem
 %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/private/dovecot.pem
 %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/checkpassword-reply
+%attr(2755,root,mail) %{_libexecdir}/%{name}/deliver
+%{_libexecdir}/%{name}/dict
+%{_libexecdir}/%{name}/dovecot-auth
+%{_libexecdir}/%{name}/gdbhelper
+%{_libexecdir}/%{name}/idxview
+%{_libexecdir}/%{name}/imap
+%{_libexecdir}/%{name}/imap-login
+%{_libexecdir}/%{name}/logview
+%{_libexecdir}/%{name}/pop3
+%{_libexecdir}/%{name}/pop3-login
+%{_libexecdir}/%{name}/rawlog
+%{_libexecdir}/%{name}/ssl-build-param
 %{_sbindir}/dovecot
 %{_sbindir}/dovecotpw
 %attr(0755,root,dovecot) %dir /var/run/dovecot
@@ -376,6 +387,10 @@ fi
 
 
 %changelog
+* Mon Nov 3 2008 Michal Hlavinka <mhlavink@redhat.com> - 1:1.1.6-1
+- update to upstream version 1.1.6
+- change permissions of deliver and dovecot.conf to prevent possible password exposure
+
 * Wed Oct 29 2008 Michal Hlavinka <mhlavink@redhat.com> - 1:1.1.5-1
 - update to upstream version 1.1.5 (Resolves: CVE-2008-4577, CVE-2008-4578)
 
diff --git a/sources b/sources
index 0d42e85..885996e 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-64e7809aeee750e7c86d81777078e434  dovecot-1.1.5.tar.gz
+ccbfcfcb5e6d19a3228885a2f7eae2dd  dovecot-1.1.6.tar.gz
+de8dc8f5b07e6f3aeef5059738ff5bbe  dovecot-1.1.6.tar.gz.sig
 b4362defe3fc18865db8cf8e1c940b13  dovecot-sieve-1.1.5.tar.gz
-e04825c658194f44acd39722d3ef9982  dovecot-1.1.5.tar.gz.sig
 0fdb01f9fd960fbd5a8271584ac62cb8  dovecot-sieve-1.1.5.tar.gz.sig