packages/dovecot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init package

Browse Source
This commit is contained in:
daidai_is_here 2020-02-18 09:51:25 +08:00
parent 22614912a0
commit b34e0dbbf6
16 changed files with 642 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
CVE-2019-10691.patch Normal file
View File

@ -0,0 +1,62 @@
From 973769d74433de3c56c4ffdf4f343cb35d98e4f7 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 2 Apr 2019 13:09:48 +0300
Subject: [PATCH] lib: json - Escape invalid UTF-8 as unicode bytes
This prevents dovecot from crashing if invalid UTF-8 input
is given.
---
src/lib/json-parser.c | 12 ++++++++----
src/lib/test-json-parser.c | 8 ++++----
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/lib/json-parser.c b/src/lib/json-parser.c
index 677091d649..e7846a329f 100644
--- a/src/lib/json-parser.c
+++ b/src/lib/json-parser.c
@@ -803,9 +803,13 @@ void json_append_escaped_data(string_t *dest, const unsigned char *src, size_t s
for (i = 0; i < size;) {
bytes = uni_utf8_get_char_n(src+i, size-i, &chr);
- /* refuse to add invalid data */
- i_assert(bytes > 0 && uni_is_valid_ucs4(chr));
- json_append_escaped_ucs4(dest, chr);
- i += bytes;
+ if (bytes > 0 && uni_is_valid_ucs4(chr)) {
+ json_append_escaped_ucs4(dest, chr);
+ i += bytes;
+ } else {
+ str_append_data(dest, UNICODE_REPLACEMENT_CHAR_UTF8,
+ UTF8_REPLACEMENT_CHAR_LEN);
+ i++;
+ }
}
}
diff --git a/src/lib/test-json-parser.c b/src/lib/test-json-parser.c
index bae6fb202b..9ce1e489ba 100644
--- a/src/lib/test-json-parser.c
+++ b/src/lib/test-json-parser.c
@@ -267,20 +267,20 @@ static void test_json_append_escaped(void)
string_t *str = t_str_new(32);
test_begin("json_append_escaped()");
- json_append_escaped(str, "\b\f\r\n\t\"\\\001\002-\xC3\xA4\xf0\x90\x90\xb7");
- test_assert(strcmp(str_c(str), "\\b\\f\\r\\n\\t\\\"\\\\\\u0001\\u0002-\\u00e4\\ud801\\udc37") == 0);
+ json_append_escaped(str, "\b\f\r\n\t\"\\\001\002-\xC3\xA4\xf0\x90\x90\xb7\xff");
+ test_assert(strcmp(str_c(str), "\\b\\f\\r\\n\\t\\\"\\\\\\u0001\\u0002-\\u00e4\\ud801\\udc37" UNICODE_REPLACEMENT_CHAR_UTF8) == 0);
test_end();
}
static void test_json_append_escaped_data(void)
{
static const unsigned char test_input[] =
- "\b\f\r\n\t\"\\\000\001\002-\xC3\xA4\xf0\x90\x90\xb7";
+ "\b\f\r\n\t\"\\\000\001\002-\xC3\xA4\xf0\x90\x90\xb7\xff";
string_t *str = t_str_new(32);
test_begin("json_append_escaped()");
json_append_escaped_data(str, test_input, sizeof(test_input)-1);
- test_assert(strcmp(str_c(str), "\\b\\f\\r\\n\\t\\\"\\\\\\u0000\\u0001\\u0002-\\u00e4\\ud801\\udc37") == 0);
+ test_assert(strcmp(str_c(str), "\\b\\f\\r\\n\\t\\\"\\\\\\u0000\\u0001\\u0002-\\u00e4\\ud801\\udc37" UNICODE_REPLACEMENT_CHAR_UTF8) == 0);
test_end();
}

31
CVE-2019-11494-1.patch Normal file
View File

@ -0,0 +1,31 @@
From e9d60648abb9bbceff89882a5309cb9532e702e9 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Thu, 25 Apr 2019 09:51:32 +0200
Subject: [PATCH 3/3] lib-smtp: smtp-server-cmd-auth - Fix AUTH response error
handling so that it stops reading more input.
Otherwise, it may try to read more data from the stream as the next AUTH
response, which causes an assert crash in the command parser later on. Even when
the parser finds no input from the stream, it will advance its state
towards AUTH response parsing, which is a problem when the next command is
subsequently being parsed.
Panic was:
Panic: file smtp-command-parser.c: line 438 (smtp_command_parse_next): assertion failed: (!parser->auth_response || parser->state.state == SMTP_COMMAND_PARSE_STATE_INIT || parser->state.state == SMTP_COMMAND_PARSE_STATE_ERROR)
---
src/lib-smtp/smtp-server-cmd-auth.c | 1 +
1 file changed, 1 insertion(+)
Index: dovecot-2.3.4.1/src/lib-smtp/smtp-server-cmd-auth.c
===================================================================
--- dovecot-2.3.4.1.orig/src/lib-smtp/smtp-server-cmd-auth.c 2019-04-29 07:39:15.045289307 -0400
+++ dovecot-2.3.4.1/src/lib-smtp/smtp-server-cmd-auth.c 2019-04-29 07:39:15.037289277 -0400
@@ -97,6 +97,7 @@ static void cmd_auth_input(struct smtp_s
smtp_server_connection_debug(conn,
"Client sent invalid AUTH response: %s", error);
+ smtp_server_command_input_lock(cmd);
switch (error_code) {
case SMTP_COMMAND_PARSE_ERROR_BROKEN_COMMAND:
conn->input_broken = TRUE;

37
CVE-2019-11494-2.patch Normal file
View File

@ -0,0 +1,37 @@
From f79745dae4a9a5fca33320e03a4fc9064b88d01e Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Tue, 12 Mar 2019 03:18:33 +0100
Subject: [PATCH 2/3] submission-login: client-authenticate - Fix crash
occurring when client disconnects during authentication.
---
src/submission-login/client-authenticate.c | 3 +++
src/submission-login/client.c | 1 +
2 files changed, 4 insertions(+)
Index: dovecot-2.3.4.1/src/submission-login/client-authenticate.c
===================================================================
--- dovecot-2.3.4.1.orig/src/submission-login/client-authenticate.c 2019-04-29 07:39:05.705254949 -0400
+++ dovecot-2.3.4.1/src/submission-login/client-authenticate.c 2019-04-29 07:39:05.705254949 -0400
@@ -89,6 +89,9 @@ void submission_client_auth_result(struc
container_of(client, struct submission_client, common);
struct smtp_server_cmd_ctx *cmd = subm_client->pending_auth;
+ if (subm_client->conn == NULL)
+ return;
+
subm_client->pending_auth = NULL;
i_assert(cmd != NULL);
Index: dovecot-2.3.4.1/src/submission-login/client.c
===================================================================
--- dovecot-2.3.4.1.orig/src/submission-login/client.c 2019-04-29 07:39:05.705254949 -0400
+++ dovecot-2.3.4.1/src/submission-login/client.c 2019-04-29 07:39:05.705254949 -0400
@@ -176,6 +176,7 @@ static void client_connection_disconnect
{
struct submission_client *client = context;
+ client->pending_auth = NULL;
client_disconnect(&client->common, reason);
}

22
CVE-2019-11499.patch Normal file
View File

@ -0,0 +1,22 @@
From 754f791dd26313de8d75b740bddd1a192f11bf3f Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@dovecot.fi>
Date: Tue, 23 Apr 2019 00:13:46 +0200
Subject: [PATCH 1/3] submission-login: Remove unused client->pending_starttls.
---
src/submission-login/client.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: dovecot-2.3.4.1/src/submission-login/client.h
===================================================================
--- dovecot-2.3.4.1.orig/src/submission-login/client.h 2019-04-29 07:38:39.541158696 -0400
+++ dovecot-2.3.4.1/src/submission-login/client.h 2019-04-29 07:38:39.537158682 -0400
@@ -22,7 +22,7 @@ struct submission_client {
const struct submission_login_settings *set;
struct smtp_server_connection *conn;
- struct smtp_server_cmd_ctx *pending_auth, *pending_starttls;
+ struct smtp_server_cmd_ctx *pending_auth;
enum submission_proxy_state proxy_state;
enum smtp_capability proxy_capability;

22
CVE-2019-3814-1.patch Normal file
View File

@ -0,0 +1,22 @@
From d21218b416c7f26cb42a491bbd04bcd0d6a65b51 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 16 Jan 2019 18:28:57 +0200
Subject: [PATCH 1/3] auth: Do not import empty certificate username
---
src/auth/auth-request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: dovecot-2.3.2.1/src/auth/auth-request.c
===================================================================
--- dovecot-2.3.2.1.orig/src/auth/auth-request.c 2019-01-28 08:49:08.117668002 -0500
+++ dovecot-2.3.2.1/src/auth/auth-request.c 2019-01-28 08:49:08.113667992 -0500
@@ -454,7 +454,7 @@ bool auth_request_import_auth(struct aut
else if (strcmp(key, "valid-client-cert") == 0)
request->valid_client_cert = TRUE;
else if (strcmp(key, "cert_username") == 0) {
- if (request->set->ssl_username_from_cert) {
+ if (request->set->ssl_username_from_cert && *value != '\0') {
/* get username from SSL certificate. it overrides
the username given by the auth mechanism. */
request->user = p_strdup(request->pool, value);

31
CVE-2019-3814-2.patch Normal file
View File

@ -0,0 +1,31 @@
From 1a6d921b831af5228e8ad493a88bc46bdb30ca4b Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 16 Jan 2019 18:24:20 +0200
Subject: [PATCH 2/3] auth: Fail authentication if certificate username was
unexpectedly missing
---
src/auth/auth-request-handler.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index ae7b458c9..318f15031 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -581,6 +581,14 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
return TRUE;
}
+ if (request->set->ssl_require_client_cert &&
+ request->set->ssl_username_from_cert &&
+ !request->cert_username) {
+ auth_request_handler_auth_fail(handler, request,
+ "SSL certificate didn't contain username");
+ return TRUE;
+ }
+
/* Handle initial respose */
if (initial_resp == NULL) {
/* No initial response */
--
2.11.0

88
CVE-2019-3814-3.patch Normal file
View File

@ -0,0 +1,88 @@
From 3f109288a477fbf69db300b55d0dd8cd1c4da8ea Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 15 Jan 2019 17:36:37 +0200
Subject: [PATCH 3/3] login-common: Ensure we get username from certificate
---
src/login-common/sasl-server.c | 52 +++++++++++++++++++++++++++++++++++++++---
1 file changed, 49 insertions(+), 3 deletions(-)
diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index dedfb5b8f..ea14c0b6e 100644
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -338,6 +338,43 @@ authenticate_callback(struct auth_client_request *request,
}
}
+static bool get_cert_username(struct client *client, const char **username_r,
+ const char **error_r)
+{
+ /* this was proxied connection, so we use the name here */
+ if (client->client_cert_common_name != NULL) {
+ *username_r = client->client_cert_common_name;
+ return TRUE;
+ }
+
+ /* no SSL */
+ if (client->ssl_iostream == NULL) {
+ *username_r = NULL;
+ return TRUE;
+ }
+
+ /* no client certificate */
+ if (!ssl_iostream_has_valid_client_cert(client->ssl_iostream)) {
+ *username_r = NULL;
+ return TRUE;
+ }
+
+ /* get peer name */
+ const char *username = ssl_iostream_get_peer_name(client->ssl_iostream);
+
+ /* if we wanted peer name, but it was not there, fail */
+ if (client->set->auth_ssl_username_from_cert &&
+ (username == NULL || *username == '\0')) {
+ if (client->set->auth_ssl_require_client_cert) {
+ *error_r = "Missing username in certificate";
+ return FALSE;
+ }
+ }
+
+ *username_r = username;
+ return TRUE;
+}
+
void sasl_server_auth_begin(struct client *client,
const char *service, const char *mech_name,
const char *initial_resp_base64,
@@ -345,6 +382,7 @@ void sasl_server_auth_begin(struct client *client,
{
struct auth_request_info info;
const struct auth_mech_desc *mech;
+ const char *error;
i_assert(auth_client_is_connected(auth_client));
@@ -376,9 +414,17 @@ void sasl_server_auth_begin(struct client *client,
info.mech = mech->name;
info.service = service;
info.session_id = client_get_session_id(client);
- if (client->client_cert_common_name != NULL)
- info.cert_username = client->client_cert_common_name;
- else if (client->ssl_iostream != NULL) {
+
+ if (!get_cert_username(client, &info.cert_username, &error)) {
+ client_log_err(client, t_strdup_printf("Cannot get username "
+ "from certificate: %s", error));
+ sasl_server_auth_failed(client,
+ "Unable to validate certificate",
+ AUTH_CLIENT_FAIL_CODE_AUTHZFAILED);
+ return;
+ }
+
+ if (client->ssl_iostream != NULL) {
info.cert_username = ssl_iostream_get_peer_name(client->ssl_iostream);
info.ssl_cipher = ssl_iostream_get_cipher(client->ssl_iostream,
&info.ssl_cipher_bits);
--
2.11.0

34
CVE-2019-7524-1.patch Normal file
View File

@ -0,0 +1,34 @@
From 578cf77e84b3d25e2f95f08133a2b0b212aa77cc Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Mon, 4 Feb 2019 19:23:02 -0800
Subject: [PATCH 1/2] lib-storage: Fix buffer overflow when reading oversized
hdr-pop3-uidl header
---
src/lib-storage/index/index-pop3-uidl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib-storage/index/index-pop3-uidl.c b/src/lib-storage/index/index-pop3-uidl.c
index 13b7363ef..e537e9ff5 100644
--- a/src/lib-storage/index/index-pop3-uidl.c
+++ b/src/lib-storage/index/index-pop3-uidl.c
@@ -37,7 +37,7 @@ bool index_pop3_uidl_can_exist(struct mail *mail)
/* this header isn't set yet */
return TRUE;
}
- memcpy(&uidl, data, size);
+ memcpy(&uidl, data, sizeof(uidl));
return mail->uid <= uidl.max_uid_with_pop3_uidl;
}
@@ -95,7 +95,7 @@ void index_pop3_uidl_update_exists_finish(struct mailbox_transaction_context *tr
/* check if we have already the same header */
if (size >= sizeof(uidl)) {
- memcpy(&uidl, data, size);
+ memcpy(&uidl, data, sizeof(uidl));
if (trans->highest_pop3_uidl_uid == uidl.max_uid_with_pop3_uidl)
return;
}
--
2.11.0

11
CVE-2019-7524.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/src/plugins/fts/fts-api.c 2018-04-30 21:52:04.000000000 +0800
+++ b/src/plugins/fts/fts-api.c 2019-04-04 17:51:00.170000000 +0800
@@ -425,7 +425,7 @@ bool fts_index_get_header(struct mailbox
i_zero(hdr_r);
ret = FALSE;
} else {
- memcpy(hdr_r, data, data_size);
+ memcpy(hdr_r, data, sizeof(*hdr_r));
ret = TRUE;
}
mail_index_view_close(&view);

BIN
dovecot-2.3-pigeonhole-0.5.3.tar.gz Normal file
View File

Binary file not shown.

12
dovecot-2.3.0.1-libxcrypt.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
@@ -14,6 +14,7 @@
# define _XPG6 /* Some Solaris versions require this, some break with this */
#endif
#include <unistd.h>
+#include <crypt.h>
#include "mycrypt.h"

BIN
dovecot-2.3.3.tar.gz Normal file
View File

Binary file not shown.

5
dovecot.pam Normal file
View File

@ -0,0 +1,5 @@
#%PAM-1.0
auth required pam_nologin.so
auth include password-auth
account include password-auth
session include password-auth

282
dovecot.spec Normal file
View File

@ -0,0 +1,282 @@
%global __provides_exclude_from %{_docdir}
%global __requires_exclude_from %{_docdir}
%global ssldir %{_sysconfdir}/pki/%{name}
%global restart_flag /var/run/%{name}/%{name}-restart-after-rpm-install
%global _hardened_build 1
Name: dovecot
Version: 2.3.3
Release: 4
Summary: Dovecot Secure imap server
License: MIT and LGPLv2
URL: http://www.dovecot.org/
Epoch: 1
Source: http://www.dovecot.org/releases/2.3/%{name}-%{version}%{?prever}.tar.gz
Source2: dovecot.pam
Source8: http://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.3.tar.gz
Source9: dovecot.sysconfig
Source10: dovecot.tmpfilesd
Patch0001: dovecot-2.3.0.1-libxcrypt.patch
Patch6000: CVE-2019-7524.patch
Patch6001: CVE-2019-3814-1.patch
Patch6002: CVE-2019-3814-2.patch
Patch6003: CVE-2019-3814-3.patch
Patch6004: CVE-2019-7524-1.patch
Patch6005: CVE-2019-10691.patch
Patch6006: CVE-2019-11494-1.patch
Patch6007: CVE-2019-11494-2.patch
Patch6008: CVE-2019-11499.patch
BuildRequires: gcc-c++ openssl-devel pam-devel zlib-devel bzip2-devel libcap-devel
BuildRequires: libtool autoconf automake pkgconfig sqlite-devel libpq-devel
BuildRequires: mariadb-connector-c-devel libxcrypt-devel openldap-devel krb5-devel
BuildRequires: quota-devel xz-devel gettext-devel clucene-core-devel libcurl-devel expat-devel
Requires: openssl >= 0.9.7f-4 systemd
Requires(pre): shadow-utils
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Provides: %{name}-pigeonhole = 1:%{version}-%{release} %{name}-pgsql = 1:%{version}-%{release}
Obsoletes: %{name}-pigeonhole < 1:%{version}-%{release} %{name}-pgsql < 1:%{version}-%{release}
Provides: %{name}-mysql = 1:%{version}-%{release}
Obsoletes: %{name}-mysql < 1:%{version}-%{release}
%description
Dovecot is an IMAP server for Linux/UNIX-like systemsa wrapper package
that will just handle common things for all versioned dovecot packages.
%package devel
Requires: %{name} = %{epoch}:%{version}-%{release}
Summary: Development files for dovecot
%description devel
This package provides the development files for dovecot.
%package help
Summary: Help documentation for %{name}
%description help
Man pages and other related help documents for %{name}.
%prep
%autosetup -n %{name}-%{version}%{?prever} -a 8 -p1
sed -i '/DEFAULT_INCLUDES *=/s|$| '"$(pkg-config --cflags libclucene-core)|" src/plugins/fts-lucene/Makefile.in
%build
export CFLAGS="%{__global_cflags} -fno-strict-aliasing" LDFLAGS="-Wl,-z,now -Wl,-z,relro %{?__global_ldflags}"
mkdir -p m4
autoreconf -I . -fiv #required for aarch64 support
%configure INSTALL_DATA="install -c -p -m644" \
--docdir=%{_docdir}/%{name} --disable-static --disable-rpath --with-nss \
--with-shadow --with-pam --with-gssapi=plugin --with-ldap=plugin --with-sql=plugin --with-pgsql --with-mysql \
--with-sqlite --with-zlib --with-libcap --with-lucene --with-ssl=openssl --with-ssldir=%{ssldir} \
--with-solr --with-systemdsystemunitdir=%{_unitdir} --with-docs
sed -i 's|/etc/ssl|/etc/pki/dovecot|' doc/mkcert.sh doc/example-config/conf.d/10-ssl.conf
%make_build
cd dovecot-2*3-pigeonhole-0.5.3
[ -f configure ] || autoreconf -fiv
[ -f ChangeLog ] || echo "Pigeonhole ChangeLog is not available, yet" >ChangeLog
%configure \
INSTALL_DATA="install -c -p -m644" --disable-static --with-dovecot=../ --without-unfinished-features
%make_build
cd -
%install
%make_install
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} %{_builddir}/%{name}-%{version}%{?prever}/docinstall
cd dovecot-2*3-pigeonhole-0.5.3
%make_install
mv $RPM_BUILD_ROOT/%{_docdir}/%{name} $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
install -m 644 AUTHORS ChangeLog COPYING COPYING.LGPL INSTALL NEWS README $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole
cd -
install -p -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/dovecot
install -d $RPM_BUILD_ROOT%{ssldir}/certs
install -d $RPM_BUILD_ROOT%{ssldir}/private
touch $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem
chmod 600 $RPM_BUILD_ROOT%{ssldir}/certs/dovecot.pem
touch $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
chmod 600 $RPM_BUILD_ROOT%{ssldir}/private/dovecot.pem
install -p -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_tmpfilesdir}/dovecot.conf
install -d $RPM_BUILD_ROOT/var/run/dovecot/{login,empty,token-login}
install -d $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
install -p -m 644 docinstall/example-config/dovecot.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot
install -p -m 644 docinstall/example-config/conf.d/*.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
install -p -m 644 $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole/example-config/conf.d/*.conf $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
install -p -m 644 docinstall/example-config/conf.d/*.conf.ext $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d
install -p -m 644 $RPM_BUILD_ROOT/%{_docdir}/%{name}-pigeonhole/example-config/conf.d/*.conf.ext $RPM_BUILD_ROOT%{_sysconfdir}/dovecot/conf.d ||:
install -p -m 644 doc/dovecot-openssl.cnf $RPM_BUILD_ROOT%{ssldir}/dovecot-openssl.cnf
install -p -m755 doc/mkcert.sh $RPM_BUILD_ROOT%{_libexecdir}/%{name}/mkcert.sh
install -d $RPM_BUILD_ROOT/var/lib/dovecot
%delete_la
cd docinstall
rm -f securecoding.txt thread-refs.txt
cd -
%pre
getent group dovecot >/dev/null || groupadd -r --gid 97 dovecot
getent passwd dovecot >/dev/null || \
useradd -r --uid 97 -g dovecot -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot IMAP server" dovecot
getent group dovenull >/dev/null || groupadd -r dovenull
getent passwd dovenull >/dev/null || \
useradd -r -g dovenull -d /usr/libexec/dovecot -s /sbin/nologin -c "Dovecot's unauthorized user" dovenull
if [ "$1" = "2" ]; then
rm -f %restart_flag
/bin/systemctl is-active %{name}.service >/dev/null 2>&1 && touch %restart_flag ||:
/bin/systemctl stop %{name}.service >/dev/null 2>&1
fi
%post
if [ $1 -eq 1 ]; then
%systemd_post dovecot.service
fi
install -d -m 0755 -g dovecot -d /var/run/dovecot
install -d -m 0755 -d /var/run/dovecot/empty
install -d -m 0750 -g dovenull -d /var/run/dovecot/login
install -d -m 0755 -g dovenull -d /var/run/dovecot/token-login
[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/dovecot
%preun
if [ $1 = 0 ]; then
/bin/systemctl disable dovecot.service dovecot.socket >/dev/null 2>&1 || :
/bin/systemctl stop dovecot.service dovecot.socket >/dev/null 2>&1 || :
rm -rf /var/run/dovecot
fi
%postun
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ "$1" -ge "1" -a -e %restart_flag ]; then
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
rm -f %restart_flag
fi
%posttrans
if [ -e %restart_flag ]; then
/bin/systemctl start dovecot.service >/dev/null 2>&1 || :
rm -f %restart_flag
fi
%check
make check
cd dovecot-2*3-pigeonhole-0.5.3
make check
%files
%doc docinstall/* AUTHORS ChangeLog COPYING COPYING.LGPL COPYING.MIT NEWS README
%{_sbindir}/dovecot
%{_bindir}/{doveadm,doveconf,dsync}
%_tmpfilesdir/dovecot.conf
%{_unitdir}/{dovecot.service,dovecot.socket}
%dir %{_sysconfdir}/dovecot
%dir %{_sysconfdir}/dovecot/conf.d
%config(noreplace) %{_sysconfdir}/dovecot/dovecot.conf
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{10-auth.conf,10-director.conf,10-logging.conf,10-mail.conf}
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{10-master.conf,10-ssl.conf,15-lda.conf,15-mailboxes.conf}
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{20-imap.conf,20-lmtp.conf,20-pop3.conf,20-submission.conf}
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{90-acl.conf,90-quota.conf,90-plugin.conf,auth-checkpassword.conf.ext}
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{auth-deny.conf.ext,auth-dict.conf.ext,auth-ldap.conf.ext}
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{auth-master.conf.ext,auth-passwdfile.conf.ext,auth-sql.conf.ext}
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{auth-static.conf.ext,auth-system.conf.ext,auth-vpopmail.conf.ext}
%config(noreplace) %{_sysconfdir}/pam.d/dovecot
%config(noreplace) %{ssldir}/dovecot-openssl.cnf
%dir %{ssldir}
%dir %{ssldir}/certs
%dir %{ssldir}/private
%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/certs/dovecot.pem
%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) %{ssldir}/private/dovecot.pem
%dir %{_libdir}/dovecot
%dir %{_libdir}/dovecot/{auth,dict}
%{_libdir}/dovecot/doveadm
%exclude %{_libdir}/dovecot/doveadm/*sieve*
%{_libdir}/dovecot/*.so.*
%{_libdir}/dovecot/*_plugin.so
%exclude %{_libdir}/dovecot/*_sieve_plugin.so
%{_libdir}/dovecot/auth/{lib20_auth_var_expand_crypt.so,libauthdb_imap.so,libauthdb_ldap.so}
%{_libdir}/dovecot/auth/{libmech_gssapi.so,libdriver_sqlite.so}
%{_libdir}/dovecot/dict/{libdriver_sqlite.so,libdict_ldap.so}
%{_libdir}/dovecot/{libdriver_sqlite.so,libssl_iostream_openssl.so,libfs_compress.so,libfs_crypt.so}
%{_libdir}/dovecot/{libfs_mail_crypt.so,libdcrypt_openssl.so,lib20_var_expand_crypt.so}
%{_libdir}/dovecot/old-stats/{libold_stats_mail.so,libstats_auth.so}
%dir %{_libdir}/dovecot/settings
%{_libexecdir}/%{name}
%ghost /var/run/dovecot
%attr(0750,dovecot,dovecot) /var/lib/dovecot
%{_datadir}/%{name}
%{_bindir}/{sieve-dump,sieve-filter,sieve-test,sievec}
%config(noreplace) %{_sysconfdir}/dovecot/conf.d/{20-managesieve.conf,90-sieve.conf,90-sieve-extprograms.conf}
%{_docdir}/%{name}-pigeonhole
%{_libexecdir}/%{name}/{managesieve,managesieve-login}
%{_libdir}/dovecot/doveadm/*sieve*
%{_libdir}/dovecot/*_sieve_plugin.so
%{_libdir}/dovecot/settings/{libmanagesieve_*.so,libpigeonhole_*.so}
%{_libdir}/dovecot/sieve/
%{_libdir}/%{name}/libdriver_mysql.so
%{_libdir}/%{name}/auth/libdriver_mysql.so
%{_libdir}/%{name}/dict/libdriver_mysql.so
%{_libdir}/%{name}/libdriver_pgsql.so
%{_libdir}/%{name}/auth/libdriver_pgsql.so
%{_libdir}/%{name}/dict/libdriver_pgsql.so
%exclude %{_sysconfdir}/dovecot/README
%files devel
%{_includedir}/dovecot
%{_datadir}/aclocal/dovecot*.m4
%{_libdir}/dovecot/libdovecot*.so
%{_libdir}/dovecot/dovecot-config
%files help
%{_mandir}/man1/*
%{_mandir}/man7/doveadm-search-query.7*
%{_mandir}/man7/pigeonhole.7*
%changelog
* Mon Dec 2 2019 wangzhishun <wangzhishun1@huawei.com> - 2.3.3-4
- Package init

3
dovecot.sysconfig Normal file
View File

@ -0,0 +1,3 @@
# Here you can specify your dovecot command line options.
#
#OPTIONS=""

2
dovecot.tmpfilesd Normal file
View File

@ -0,0 +1,2 @@
d /var/run/dovecot 0755 root dovecot -