f838a05fb9
CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. CVE-2021-33515: On-path attacker could have injected plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Add TSLv1.3 support to min_protocols. Allow configuring ssl_cipher_suites. (for TLSv1.3+)
52 lines
1.8 KiB
Diff
52 lines
1.8 KiB
Diff
diff -up dovecot-2.3.15/dovecot-init.service.initbysystemd dovecot-2.3.15/dovecot-init.service
|
|
--- dovecot-2.3.15/dovecot-init.service.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
|
+++ dovecot-2.3.15/dovecot-init.service 2021-06-21 20:21:49.250680889 +0200
|
|
@@ -0,0 +1,13 @@
|
|
+[Unit]
|
|
+Description=One-time Dovecot init service
|
|
+ConditionPathExists=|!/etc/pki/dovecot/certs/dovecot.pem
|
|
+
|
|
+[Service]
|
|
+Type=oneshot
|
|
+RemainAfterExit=no
|
|
+ExecStart=/bin/sh -c '\
|
|
+if [ ! -f /etc/pki/dovecot/certs/dovecot.pem ]; \
|
|
+then\
|
|
+ SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
|
|
+fi'
|
|
+
|
|
diff -up dovecot-2.3.15/dovecot.service.in.initbysystemd dovecot-2.3.15/dovecot.service.in
|
|
--- dovecot-2.3.15/dovecot.service.in.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
|
+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:22:46.935981920 +0200
|
|
@@ -11,7 +11,8 @@
|
|
Description=Dovecot IMAP/POP3 email server
|
|
Documentation=man:dovecot(1)
|
|
Documentation=https://doc.dovecot.org/
|
|
-After=local-fs.target network-online.target
|
|
+After=local-fs.target network-online.target dovecot-init.service
|
|
+Requires=dovecot-init.service
|
|
|
|
[Service]
|
|
Type=@systemdservicetype@
|
|
diff -up dovecot-2.3.15/Makefile.am.initbysystemd dovecot-2.3.15/Makefile.am
|
|
--- dovecot-2.3.15/Makefile.am.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
|
+++ dovecot-2.3.15/Makefile.am 2021-06-21 20:24:26.676765849 +0200
|
|
@@ -21,6 +21,7 @@ EXTRA_DIST = \
|
|
run-test-valgrind.supp \
|
|
dovecot.service.in \
|
|
dovecot.socket \
|
|
+ dovecot-init.service \
|
|
$(conf_DATA)
|
|
|
|
noinst_DATA = dovecot-config
|
|
@@ -69,7 +70,8 @@ dovecot-config: dovecot-config.in Makefi
|
|
if WANT_SYSTEMD
|
|
systemdsystemunit_DATA = \
|
|
dovecot.socket \
|
|
- dovecot.service
|
|
+ dovecot.service \
|
|
+ dovecot-init.service
|
|
endif
|
|
|
|
install-exec-hook:
|