Browse Source

dovecot package update

Signed-off-by: webbuilder_pel7x64builder0 <webbuilder@powerel.org>
master
webbuilder_pel7x64builder0 6 years ago
parent
commit
c0065fad79
  1. 11
      SOURCES/dovecot-1.0.beta2-mkcert-permissions.patch
  2. 14
      SOURCES/dovecot-1.0.rc7-mkcert-paths.patch
  3. 34
      SOURCES/dovecot-2.0-defaultconfig.patch
  4. 11
      SOURCES/dovecot-2.1-privatetmp.patch
  5. 16
      SOURCES/dovecot-2.1.10-waitonline.patch
  6. 59
      SOURCES/dovecot-2.2-gidcheck.patch
  7. 13
      SOURCES/dovecot-2.2.36-aclfix.patch
  8. 41
      SOURCES/dovecot-2.2.9-nodevrand.patch
  9. 19
      SOURCES/dovecot.conf.5
  10. 107
      SOURCES/dovecot.init
  11. 5
      SOURCES/dovecot.pam
  12. 3
      SOURCES/dovecot.sysconfig
  13. 1
      SOURCES/dovecot.tmpfilesd
  14. 1913
      SPECS/dovecot.spec

11
SOURCES/dovecot-1.0.beta2-mkcert-permissions.patch

@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
--- dovecot-1.0.beta2/doc/mkcert.sh.configfile 2006-01-16 21:14:54.000000000 +0100
+++ dovecot-1.0.beta2/doc/mkcert.sh 2006-01-26 14:28:38.000000000 +0100
@@ -29,6 +29,7 @@
fi

$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
-chmod 0600 $KEYFILE
+chown root:root $CERTFILE $KEYFILE
+chmod 0600 $CERTFILE $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2

14
SOURCES/dovecot-1.0.rc7-mkcert-paths.patch

@ -0,0 +1,14 @@ @@ -0,0 +1,14 @@
diff -up dovecot-2.2.27/doc/mkcert.sh.mkcert-paths dovecot-2.2.27/doc/mkcert.sh
--- dovecot-2.2.27/doc/mkcert.sh.mkcert-paths 2016-12-05 10:26:07.913515286 +0100
+++ dovecot-2.2.27/doc/mkcert.sh 2016-12-05 10:28:25.439634417 +0100
@@ -5,8 +5,8 @@

umask 077
OPENSSL=${OPENSSL-openssl}
-SSLDIR=${SSLDIR-/etc/ssl}
-OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
+SSLDIR=${SSLDIR-/etc/pki/dovecot}
+OPENSSLCONFIG=${OPENSSLCONFIG-/etc/pki/dovecot/dovecot-openssl.cnf}

CERTDIR=$SSLDIR/certs
KEYDIR=$SSLDIR/private

34
SOURCES/dovecot-2.0-defaultconfig.patch

@ -0,0 +1,34 @@ @@ -0,0 +1,34 @@
diff -up dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf
--- dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf.default-settings 2013-04-23 12:33:55.000000000 +0200
+++ dovecot-2.2.10/doc/example-config/conf.d/10-mail.conf 2016-06-17 17:56:17.353210369 +0200
@@ -165,7 +165,7 @@ namespace inbox {
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
-#first_valid_uid = 500
+first_valid_uid = 1000
#last_valid_uid = 0

# Valid GID range for users, defaults to non-root/wheel. Users having
@@ -286,6 +286,7 @@ namespace inbox {
# them simultaneously.
#mbox_read_locks = fcntl
#mbox_write_locks = dotlock fcntl
+mbox_write_locks = fcntl

# Maximum time to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 5 mins
diff -up dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf
--- dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf.default-settings 2013-11-19 21:36:30.000000000 +0100
+++ dovecot-2.2.10/doc/example-config/conf.d/10-ssl.conf 2016-06-17 17:54:18.749626750 +0200
@@ -3,7 +3,9 @@
##

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
+# plain imap and pop3 are still allowed for local connections
+ssl = required

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but

11
SOURCES/dovecot-2.1-privatetmp.patch

@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
diff -up dovecot-2.1.10/dovecot.service.in.privatetmp dovecot-2.1.10/dovecot.service.in
--- dovecot-2.1.10/dovecot.service.in.privatetmp 2012-11-02 10:27:38.000000000 +0100
+++ dovecot-2.1.10/dovecot.service.in 2012-11-02 10:28:04.079320857 +0100
@@ -6,6 +6,7 @@ After=local-fs.target network.target
Type=simple
ExecStart=@sbindir@/dovecot -F
ExecReload=/bin/kill -HUP $MAINPID
+PrivateTmp=true
NonBlocking=yes

[Install]

16
SOURCES/dovecot-2.1.10-waitonline.patch

@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@
diff -up dovecot-2.2.36/dovecot.service.in.waitonline dovecot-2.2.36/dovecot.service.in
--- dovecot-2.2.36/dovecot.service.in.waitonline 2018-04-30 15:52:05.000000000 +0200
+++ dovecot-2.2.36/dovecot.service.in 2018-06-12 15:34:22.459995078 +0200
@@ -8,10 +8,11 @@
Description=Dovecot IMAP/POP3 email server
Documentation=man:dovecot(1)
Documentation=http://wiki2.dovecot.org/
-After=local-fs.target network.target
+After=local-fs.target network.target network-online.target

[Service]
Type=forking
+ExecStartPre=/usr/libexec/dovecot/prestartscript
ExecStart=@sbindir@/dovecot
PIDFile=@rundir@/master.pid
ExecReload=@bindir@/doveadm reload

59
SOURCES/dovecot-2.2-gidcheck.patch

@ -0,0 +1,59 @@ @@ -0,0 +1,59 @@
From ca5b3ec5331545b46ec1f1c4ecfa1302ddb10653 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Wed, 29 Jun 2016 00:56:56 +0300
Subject: [PATCH] auth: userdb passwd iteration now skips users not in
first/last_valid_gid range

Patch by Michal Hlavinka / Red Hat
---
src/auth/auth-settings.c | 4 ++++
src/auth/auth-settings.h | 2 ++
src/auth/userdb-passwd.c | 4 ++++
3 files changed, 10 insertions(+)

diff -up dovecot-2.2.36/src/auth/auth-settings.c.gidcheck dovecot-2.2.36/src/auth/auth-settings.c
--- dovecot-2.2.36/src/auth/auth-settings.c.gidcheck 2018-04-30 15:52:05.000000000 +0200
+++ dovecot-2.2.36/src/auth/auth-settings.c 2018-09-17 12:17:13.132032699 +0200
@@ -272,6 +272,8 @@ static const struct setting_define auth_
DEF_NOPREFIX(SET_BOOL, verbose_proctitle),
DEF_NOPREFIX(SET_UINT, first_valid_uid),
DEF_NOPREFIX(SET_UINT, last_valid_uid),
+ DEF_NOPREFIX(SET_UINT, first_valid_gid),
+ DEF_NOPREFIX(SET_UINT, last_valid_gid),

DEF_NOPREFIX(SET_STR, ssl_client_ca_dir),
DEF_NOPREFIX(SET_STR, ssl_client_ca_file),
@@ -331,6 +333,8 @@ static const struct auth_settings auth_d
.verbose_proctitle = FALSE,
.first_valid_uid = 500,
.last_valid_uid = 0,
+ .first_valid_gid = 1,
+ .last_valid_gid = 0,
};

const struct setting_parser_info auth_setting_parser_info = {
diff -up dovecot-2.2.36/src/auth/auth-settings.h.gidcheck dovecot-2.2.36/src/auth/auth-settings.h
--- dovecot-2.2.36/src/auth/auth-settings.h.gidcheck 2018-04-30 15:52:05.000000000 +0200
+++ dovecot-2.2.36/src/auth/auth-settings.h 2018-09-17 12:13:30.540159133 +0200
@@ -88,6 +88,8 @@ struct auth_settings {
bool verbose_proctitle;
unsigned int first_valid_uid;
unsigned int last_valid_uid;
+ unsigned int first_valid_gid;
+ unsigned int last_valid_gid;

/* generated: */
char username_chars_map[256];
diff -up dovecot-2.2.36/src/auth/userdb-passwd.c.gidcheck dovecot-2.2.36/src/auth/userdb-passwd.c
--- dovecot-2.2.36/src/auth/userdb-passwd.c.gidcheck 2018-04-30 15:52:05.000000000 +0200
+++ dovecot-2.2.36/src/auth/userdb-passwd.c 2018-09-17 12:13:30.540159133 +0200
@@ -145,6 +145,10 @@ passwd_iterate_want_pw(struct passwd *pw
return FALSE;
if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
return FALSE;
+ if (pw->pw_gid < (gid_t)set->first_valid_gid)
+ return FALSE;
+ if (pw->pw_gid > (gid_t)set->last_valid_gid && set->last_valid_gid != 0)
+ return FALSE;
return TRUE;
}

13
SOURCES/dovecot-2.2.36-aclfix.patch

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
diff -up dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c
--- dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c.aclfix 2018-09-18 15:00:08.778823903 +0200
+++ dovecot-2.2.36/src/plugins/acl/acl-backend-vfile.c 2018-09-18 15:00:08.814823737 +0200
@@ -161,8 +161,7 @@ acl_backend_vfile_object_init(struct acl
T_BEGIN {
if (*name == '\0' ||
mailbox_list_is_valid_name(_backend->list, name, &error)) {
- vname = *name == '\0' ? "" :
- mailbox_list_get_vname(_backend->list, name);
+ vname = mailbox_list_get_vname(_backend->list, name);

dir = acl_backend_vfile_get_local_dir(_backend, name, vname);
aclobj->local_path = dir == NULL ? NULL :

41
SOURCES/dovecot-2.2.9-nodevrand.patch

@ -0,0 +1,41 @@ @@ -0,0 +1,41 @@
diff -up dovecot-2.2.9/src/lib-master/master-service.c.fixit dovecot-2.2.9/src/lib-master/master-service.c
--- dovecot-2.2.9/src/lib-master/master-service.c.fixit 2013-11-24 14:37:39.000000000 +0100
+++ dovecot-2.2.9/src/lib-master/master-service.c 2013-11-27 17:52:48.802843395 +0100
@@ -559,6 +559,11 @@ const char *master_service_get_name(stru
return service->name;
}

+const enum master_service_flags master_service_get_flags(struct master_service *service)
+{
+ return service->flags;
+}
+
void master_service_run(struct master_service *service,
master_service_connection_callback_t *callback)
{
diff -up dovecot-2.2.9/src/lib-master/master-service.h.fixit dovecot-2.2.9/src/lib-master/master-service.h
--- dovecot-2.2.9/src/lib-master/master-service.h.fixit 2013-11-24 14:37:39.000000000 +0100
+++ dovecot-2.2.9/src/lib-master/master-service.h 2013-11-27 17:53:05.329705614 +0100
@@ -134,6 +134,8 @@ const char *master_service_get_version_s
/* Returns name of the service, as given in name parameter to _init(). */
const char *master_service_get_name(struct master_service *service);

+const enum master_service_flags master_service_get_flags(struct master_service *service);
+
/* Start the service. Blocks until finished */
void master_service_run(struct master_service *service,
master_service_connection_callback_t *callback)
diff -up dovecot-2.2.9/src/ssl-params/main.c.fixit dovecot-2.2.9/src/ssl-params/main.c
--- dovecot-2.2.9/src/ssl-params/main.c.fixit 2013-11-24 14:37:39.000000000 +0100
+++ dovecot-2.2.9/src/ssl-params/main.c 2013-11-27 17:51:06.664694558 +0100
@@ -103,7 +103,10 @@ static void sig_chld(const siginfo_t *si
if (waitpid(-1, &status, WNOHANG) < 0)
i_error("waitpid() failed: %m");
else if (status != 0)
+ {
i_error("child process failed with status %d", status);
+ if(master_service_get_flags(master_service) & MASTER_SERVICE_FLAG_STANDALONE) exit(1);
+ }
else {
/* params should have been created now. try refreshing. */
ssl_params_refresh(param);

19
SOURCES/dovecot.conf.5

@ -0,0 +1,19 @@ @@ -0,0 +1,19 @@
.TH DOVECOT.CONF 5 2010/06/27 "dovecot" "File Formats and Conventions"
.SH NAME
\fBdovecot.conf\fP \- The configuration file for dovecot imap and pop3 server

.SH FULL PATH
.B /etc/dovecot.conf

.SH DESCRIPTION
The dovecot.conf file is a configuration file for the
.BR dovecot (1)
imap and pop3 server. The dovecot.conf configuration file contains description to all available options. Some of these options are described also in offline wiki documentation placed in /usr/share/doc/dovecot*/wiki/.

For backup purposes unmodified version of dovecot.conf can be found in /usr/share/doc/dovecot-<version>/example-config/dovecot.conf.default

.SH "SEE ALSO"
.BR doveadm (1),
.BR dovecot (1),
.I /usr/share/doc/dovecot*/wiki/
.I /usr/share/doc/dovecot*/dovecot.conf.default

107
SOURCES/dovecot.init

@ -0,0 +1,107 @@ @@ -0,0 +1,107 @@
#!/bin/bash
#
# /etc/rc.d/init.d/dovecot
#
# Starts the dovecot daemon
#
# chkconfig: - 65 35
# description: Dovecot Imap Server
# processname: dovecot
# config: /etc/dovecot.conf
# config: /etc/sysconfig/dovecot
# pidfile: /var/run/dovecot/master.pid

### BEGIN INIT INFO
# Provides: dovecot
# Required-Start: $local_fs $network
# Required-Stop: $local_fs $network
# Should-Start: $remote_fs
# Should-Stop: $remote_fs
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
# Short-Description: start and stop Dovecot Imap server
# Description: Dovecot is an IMAP server for Linux/UNIX-like systems,
# written with security primarily in mind. It also contains
# a small POP3 server.
### END INIT INFO

# Source function library.
. /etc/init.d/functions

if [ -f /etc/sysconfig/dovecot -a $UID -eq 0 ]; then
. /etc/sysconfig/dovecot
fi

RETVAL=0
prog="Dovecot Imap"
exec="/usr/sbin/dovecot"
config="/etc/dovecot/dovecot.conf"
pidfile="/var/run/dovecot/master.pid"
lockfile="/var/lock/subsys/dovecot"

start() {
[ $UID -eq 0 ] || exit 4
[ -x $exec ] || exit 5
[ -f $config ] || exit 6

echo -n $"Starting $prog: "
daemon --pidfile $pidfile $exec $OPTIONS
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $lockfile
echo
}

stop() {
[ $UID -eq 0 ] || exit 4
echo -n $"Stopping $prog: "
killproc -p $pidfile $exec
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f $lockfile
echo
}

reload() {
[ $UID -eq 0 ] || exit 4
echo -n $"Reloading $prog: "
killproc -p $pidfile $exec -HUP
RETVAL=$?
echo
}

#
# See how we were called.
#
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
force-reload|restart)
stop
sleep 1
start
RETVAL=$?
;;
condrestart|try-restart)
if [ -f $lockfile ]; then
stop
sleep 3
start
fi
;;
status)
status -p $pidfile $exec
RETVAL=$?
;;
*)
echo $"Usage: $0 {condrestart|try-restart|start|stop|restart|reload|force-reload|status}"
RETVAL=2
[ "$1" = 'usage' ] && RETVAL=0
esac

exit $RETVAL

5
SOURCES/dovecot.pam

@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@
#%PAM-1.0
auth required pam_nologin.so
auth include password-auth
account include password-auth
session include password-auth

3
SOURCES/dovecot.sysconfig

@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
# Here you can specify your dovecot command line options.
#
#OPTIONS=""

1
SOURCES/dovecot.tmpfilesd

@ -0,0 +1 @@ @@ -0,0 +1 @@
d /var/run/dovecot 0755 root dovecot -

1913
SPECS/dovecot.spec

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save