diff --git a/dovecot-1.0.beta2-default-settings.patch b/dovecot-1.0.beta2-default-settings.patch new file mode 100644 index 0000000..94eab74 --- /dev/null +++ b/dovecot-1.0.beta2-default-settings.patch @@ -0,0 +1,109 @@ +--- ./dovecot-1.0.beta2/src/master/master-settings.c.default-settings 2006-02-02 12:28:54.000000000 +0100 ++++ ./dovecot-1.0.beta2/src/master/master-settings.c 2006-02-02 12:33:06.000000000 +0100 +@@ -254,8 +254,8 @@ + MEMBER(syslog_facility) "mail", + + /* general */ +- MEMBER(protocols) "imap imaps", +- MEMBER(listen) "*", ++ MEMBER(protocols) "imap imaps pop3 pop3s", ++ MEMBER(listen) "[::]", + MEMBER(ssl_listen) NULL, + + MEMBER(ssl_disable) FALSE, +@@ -266,7 +266,7 @@ + MEMBER(ssl_parameters_regenerate) 168, + MEMBER(ssl_cipher_list) NULL, + MEMBER(ssl_verify_client_cert) FALSE, +- MEMBER(disable_plaintext_auth) TRUE, ++ MEMBER(disable_plaintext_auth) FALSE, + MEMBER(verbose_ssl) FALSE, + + /* login */ +@@ -318,7 +318,7 @@ + MEMBER(maildir_stat_dirs) FALSE, + MEMBER(maildir_copy_with_hardlinks) FALSE, + MEMBER(mbox_read_locks) "fcntl", +- MEMBER(mbox_write_locks) "dotlock fcntl", ++ MEMBER(mbox_write_locks) "fcntl", + MEMBER(mbox_lock_timeout) 300, + MEMBER(mbox_dotlock_change_timeout) 30, + MEMBER(mbox_min_index_size) 0, +@@ -346,7 +346,7 @@ + MEMBER(pop3_no_flag_updates) FALSE, + MEMBER(pop3_enable_last) FALSE, + MEMBER(pop3_reuse_xuidl) FALSE, +- MEMBER(pop3_uidl_format) NULL, ++ MEMBER(pop3_uidl_format) "%08Xu%08Xv", + MEMBER(pop3_client_workarounds) NULL, + MEMBER(pop3_logout_format) "top=%t/%T, retr=%r/%R, del=%d/%m, size=%s", + +--- ./dovecot-1.0.beta2/dovecot-example.conf.default-settings 2006-02-02 12:31:10.000000000 +0100 ++++ ./dovecot-1.0.beta2/dovecot-example.conf 2006-02-02 12:32:50.000000000 +0100 +@@ -5,17 +5,14 @@ + # value inside quotes, eg.: key = "# char and trailing whitespace " + + # Default values are shown after each value, it's not required to uncomment +-# any of the lines. Exception to this are paths, they're just examples +-# with real defaults being based on configure options. The paths listed here +-# are for configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var +-# --with-ssldir=/etc/ssl ++# any of the lines. + + # Base directory where to store runtime data. + #base_dir = /var/run/dovecot/ + + # Protocols we want to be serving: + # imap imaps pop3 pop3s +-#protocols = imap imaps ++#protocols = imap imaps pop3 pop3s + + # IP or host address where to listen in for connections. It's not currently + # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. +@@ -24,7 +21,7 @@ + # for each service, you will need to configure these settings inside the + # protocol imap/pop3 { ... } section, so you can specify different ports + # for IMAP/POP3. +-#listen = * ++#listen = [::] + + # IP or host address where to listen in for SSL connections. Defaults + # to above if not specified. +@@ -37,8 +34,8 @@ + # dropping root privileges, so keep the key file unreadable by anyone but + # root. Included doc/mkcert.sh can be used to easily generate self-signed + # certificate, just make sure to update the domains in dovecot-openssl.cnf +-#ssl_cert_file = /etc/ssl/certs/dovecot.pem +-#ssl_key_file = /etc/ssl/private/dovecot.pem ++#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem ++#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem + + # If key file is password protected, give the password here. Alternatively + # give it when starting dovecot with -p parameter. +@@ -62,7 +59,7 @@ + # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and + # IPv6 ::1 addresses are considered secure, this setting has no effect if + # you connect from those addresses. +-#disable_plaintext_auth = yes ++#disable_plaintext_auth = no + + # Use this logfile instead of syslog(). /dev/stderr can be used if you want to + # use stderr for logging (ONLY /dev/stderr - otherwise it is closed). +@@ -352,7 +349,7 @@ + # locking methods as well. Some operating systems don't allow using some of + # them simultaneously. + #mbox_read_locks = fcntl +-#mbox_write_locks = dotlock fcntl ++#mbox_write_locks = fcntl + + # Maximum time in seconds to wait for lock (all of them) before aborting. + #mbox_lock_timeout = 300 +@@ -521,7 +518,7 @@ + # installations. %08Xu%08Xv will be the new default, so use it for new + # installations. + # +- #pop3_uidl_format = ++ #pop3_uidl_format = %08Xu%08Xv + + # POP3 logout format string: + # %t - number of TOP commands diff --git a/dovecot-1.0.beta2-mkcert-permissions.patch b/dovecot-1.0.beta2-mkcert-permissions.patch new file mode 100644 index 0000000..68ac01b --- /dev/null +++ b/dovecot-1.0.beta2-mkcert-permissions.patch @@ -0,0 +1,11 @@ +--- dovecot-1.0.beta2/doc/mkcert.sh.configfile 2006-01-16 21:14:54.000000000 +0100 ++++ dovecot-1.0.beta2/doc/mkcert.sh 2006-01-26 14:28:38.000000000 +0100 +@@ -29,6 +29,7 @@ + fi + + $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 +-chmod 0600 $KEYFILE ++chown root:root $CERTFILE $KEYFILE ++chmod 0600 $CERTFILE $KEYFILE + echo + $OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 diff --git a/dovecot.spec b/dovecot.spec index a97aa4a..35af386 100644 --- a/dovecot.spec +++ b/dovecot.spec @@ -1,7 +1,7 @@ Summary: Dovecot Secure imap server Name: dovecot Version: 1.0 -Release: 0.beta2.2 +Release: 0.beta2.3 License: LGPL Group: System Environment/Daemons @@ -17,11 +17,10 @@ Source4: migrate-folders Source5: migrate-users Source6: perfect_maildir.pl Source7: dovecot-REDHAT-FAQ.txt -Patch100: dovecot-conf.patch -Patch101: dovecot-configfile.patch -Patch102: dovecot-0.99-no-literal-plus-capability.patch -Patch103: dovecot-1.0.beta2-pam-tty.patch -Patch104: dovecot-1.0.beta2-pam-setcred.patch +Patch100: dovecot-1.0.beta2-default-settings.patch +Patch101: dovecot-1.0.beta2-pam-tty.patch +Patch102: dovecot-1.0.beta2-pam-setcred.patch +Patch103: dovecot-1.0.beta2-mkcert-permissions.patch # XXX this patch needs review and forward porting #Patch105: dovecot-auth-log.patch @@ -62,12 +61,10 @@ in either of maildir or mbox formats. %setup -q -n %{name}-%{upstream} -#%patch100 -p1 -b .config -#cp $RPM_BUILD_DIR/dovecot-%{upstream}/dovecot-example.conf $RPM_BUILD_DIR/${RPM_PACKAGE_NAME}-%{upstream}/dovecot.conf -%patch101 -p1 -b .configfile -#%patch102 -p1 -b .no-literal-plus-capability -%patch103 -p2 -b .pam-tty -%patch104 -p2 -b .pam-setcred +%patch100 -p2 -b .default-settings +%patch101 -p2 -b .pam-tty +%patch102 -p2 -b .pam-setcred +%patch103 -p1 -b .mkcert-permissions #%patch105 -p1 -b .auth-log %build @@ -205,6 +202,15 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Feb 02 2006 Petr Rockai - 1.0-0.beta2.3 +- change the compiled-in defaults and adjust the default's configfile + commented-out example settings to match compiled-in defaults, + instead of changing the defaults only in the configfile, as per #179432 +- fix #179574 by providing a default uidl_format for pop3 +- half-fix #179620 by having plaintext auth enabled by default... this + needs more thinking (which one we really want) and documentation + either way + * Tue Jan 31 2006 Petr Rockai - 1.0-0.beta2.2 - update URL in description - call dovecot --build-ssl-parameters in postinst as per #179430