--- rpms/dovecot/sme7/dovecot.spec 2008/04/09 13:51:47 1.2 +++ rpms/dovecot/sme7/dovecot.spec 2008/09/19 21:26:12 1.3 @@ -1,17 +1,19 @@ -# $Id$ +%define upstream 1.0.7 +%define pkg_version 1.0.7 +%define my_release 2 +%define pkg_release %{my_release}%{?dist} Summary: Dovecot Secure imap server Name: dovecot -Version: 1.0 -Release: 1.2.rc15%{?dist} +Version: %{pkg_version} +Release: %{pkg_release} License: LGPL Group: System Environment/Daemons %define build_postgres 1 %define build_mysql 1 -%define upstream 1.0.rc15 -Source: %{name}-%{upstream}.tar.gz +Source: http://dovecot.org/releases/%{name}-%{upstream}.tar.gz Source1: dovecot.init Source2: dovecot.pam Source3: maildir-migration.txt @@ -19,11 +21,11 @@ Source4: migrate-folders Source5: migrate-users Source6: perfect_maildir.pl Source7: dovecot-REDHAT-FAQ.txt -Patch100: dovecot-1.0.rc15-default-settings.patch -Patch101: dovecot-1.0.beta2-pam-tty.patch +Patch100: dovecot-1.0.7-default-settings.patch +#Patch101: dovecot-1.0.beta2-pam-tty.patch Patch102: dovecot-1.0.rc2-pam-setcred.patch Patch103: dovecot-1.0.beta2-mkcert-permissions.patch -Patch104: dovecot-1.0.beta2-lib64.patch +#Patch104: dovecot-1.0.beta2-lib64.patch Patch105: dovecot-1.0.rc7-mkcert-paths.patch #Patch105: dovecot-1.0.beta2-sqlite-check.patch @@ -31,6 +33,9 @@ Patch105: dovecot-1.0.rc7-mkcert-paths.p #Patch105: dovecot-auth-log.patch # Patches 500+ from upstream fixes +Patch500: dovecot-1.0-CVE-2007-6598.patch +Patch501: dovecot-1.0-CVE-2008-1199.patch + URL: http://www.dovecot.org/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: openssl-devel @@ -45,7 +50,13 @@ BuildRequires: krb5-devel # gettext-devel is needed for running autoconf because of the # presence of AM_ICONV BuildRequires: gettext-devel -Prereq: openssl >= 0.9.7a-43.16, /sbin/chkconfig, /usr/sbin/useradd +# Explicit Runtime Requirements +Requires: openssl >= 0.9.7a-43.17 +# Package includes an initscript service file, needs to require initscripts package +Requires: initscripts +Requires(pre): /sbin/chkconfig, /usr/sbin/useradd, /sbin/service, /bin/touch, /bin/rm +Requires(post): /sbin/chkconfig, /usr/sbin/useradd, /sbin/chkconfig, /bin/mv, /bin/rm +Requires(preun): /usr/sbin/userdel, /usr/sbin/groupdel, /sbin/chkconfig, /sbin/service %if %{build_postgres} BuildRequires: postgresql-devel @@ -71,11 +82,13 @@ in either of maildir or mbox formats. %setup -q -n %{name}-%{upstream} %patch100 -p1 -b .default-settings -%patch101 -p2 -b .pam-tty +#%patch101 -p2 -b .pam-tty %patch102 -p1 -b .pam-setcred %patch103 -p1 -b .mkcert-permissions #%patch104 -p1 -b .lib64 %patch105 -p1 -b .mkcert-paths +%patch500 -p1 -b .CVE-2007-6598 +%patch501 -p1 -b .CVE-2008-1199 %build rm -f ./configure @@ -96,7 +109,7 @@ autoreconf --with-inotify \ --with-gssapi -make +make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT @@ -123,11 +136,16 @@ chmod 700 $RPM_BUILD_ROOT/var/run/doveco # Install dovecot.conf and dovecot-openssl.cnf mkdir -p $RPM_BUILD_ROOT/%{ssldir} install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/dovecot-example.conf $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot.conf -rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot-example.conf # dovecot seems to install this by itself +rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/dovecot-*example.conf # dovecot seems to install this by itself install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/doc/dovecot-openssl.cnf $RPM_BUILD_ROOT/%{ssldir}/dovecot-openssl.cnf # Install some of our own documentation -install -p -m644 $RPM_SOURCE_DIR/dovecot-REDHAT-FAQ.txt $RPM_BUILD_ROOT%{docdir}/REDHAT-FAQ.txt +install -p -m644 %{SOURCE7} $RPM_BUILD_ROOT%{docdir}/REDHAT-FAQ.txt + +# Install the licensing files into the documentation area +install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/COPYING $RPM_BUILD_ROOT%{docdir}/COPYING +install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/COPYING.MIT $RPM_BUILD_ROOT%{docdir}/COPYING.MIT +install -p -m644 $RPM_BUILD_DIR/dovecot-%{upstream}/COPYING.LGPL $RPM_BUILD_ROOT%{docdir}/COPYING.LGPL mkdir -p $RPM_BUILD_ROOT%{docdir}/examples/ install -p -m755 $RPM_BUILD_DIR/dovecot-%{upstream}/doc/mkcert.sh $RPM_BUILD_ROOT%{docdir}/examples/mkcert.sh @@ -136,9 +154,9 @@ for f in `cd $RPM_BUILD_DIR/dovecot-%{up done install -p -m755 -d $RPM_BUILD_ROOT%{docdir}/UW-to-Dovecot-Migration -for f in maildir-migration.txt migrate-folders migrate-users perfect_maildir.pl +for f in %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} do - install -p -m644 $RPM_SOURCE_DIR/$f $RPM_BUILD_ROOT%{docdir}/UW-to-Dovecot-Migration + install -p -m644 $f $RPM_BUILD_ROOT%{docdir}/UW-to-Dovecot-Migration done mv $RPM_BUILD_ROOT%{docdir} $RPM_BUILD_ROOT%{docdir}-%{version} @@ -201,11 +219,12 @@ rm -rf $RPM_BUILD_ROOT %doc %{docdir}-%{version} %config(noreplace) %{_sysconfdir}/dovecot.conf %config %{_sysconfdir}/rc.d/init.d/dovecot -%config %{_sysconfdir}/pam.d/dovecot +%config(noreplace) %{_sysconfdir}/pam.d/dovecot +%dir %{ssldir} +%dir %{ssldir}/certs %config(noreplace) %{ssldir}/dovecot-openssl.cnf %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/certs/dovecot.pem %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/private/dovecot.pem -%dir %{_libexecdir}/%{name} %{_libexecdir}/%{name} %{_libdir}/%{name} %{_sbindir}/dovecot @@ -217,6 +236,15 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Mar 13 2008 Tomas Janousek - 1.0.7-2 +- LDAP+auth cache user login mixup (CVE-2007-6598, #427575) +- insecure mail_extra_groups option (CVE-2008-1199, #436927) + +* Mon Nov 26 2007 Tomas Janousek - 1.0.7-1 +- update to latest upstream, fixes a few bugs (#331441, #245249), plus two + security vulnerabilities (CVE-2007-2231, CVE-2007-4211) +- increased default login_process_size to 64 (#253363) + * Fri Dec 22 2006 Tomas Janousek - 1.0-1.2.rc15 - reenabled GSSAPI (#220582)