From 25107bcb32c2e89bb6146d1240c62c364b4af786 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 06 2019 10:53:22 +0000 Subject: import cyrus-imapd-2.4.17-15.el7 --- diff --git a/SOURCES/cyrus-imapd-load_ecdh_ciphers.patch b/SOURCES/cyrus-imapd-load_ecdh_ciphers.patch new file mode 100644 index 0000000..b1ecfe4 --- /dev/null +++ b/SOURCES/cyrus-imapd-load_ecdh_ciphers.patch @@ -0,0 +1,14 @@ +diff --git a/imap/tls.c b/imap/tls.c +index fcc8ab6..4c83c83 100644 +--- a/imap/tls.c ++++ b/imap/tls.c +@@ -775,7 +775,8 @@ int tls_init_serverengine(const char *ident, + #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) + /* Load DH params for DHE-* key exchanges */ + SSL_CTX_set_tmp_dh(s_ctx, load_dh_param(s_key_file, s_cert_file)); +- /* FIXME: Load ECDH params for ECDHE suites when 0.9.9 is released */ ++ /* Enable ECDH ciphers */ ++ SSL_CTX_set_ecdh_auto(s_ctx,1); + #endif + + verify_depth = verifydepth; diff --git a/SOURCES/cyrus-imapd-password_option.patch b/SOURCES/cyrus-imapd-password_option.patch new file mode 100644 index 0000000..3605e0f --- /dev/null +++ b/SOURCES/cyrus-imapd-password_option.patch @@ -0,0 +1,175 @@ +diff --git a/man/imtest.1 b/man/imtest.1 +index 5323186..6a9bb12 100644 +--- a/man/imtest.1 ++++ b/man/imtest.1 +@@ -67,6 +67,10 @@ imtest \- interactive IMAP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -161,6 +165,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI \-w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/lmtptest.1 b/man/lmtptest.1 +index 4381628..25b646b 100644 +--- a/man/lmtptest.1 ++++ b/man/lmtptest.1 +@@ -67,6 +67,10 @@ lmtptest \- interactive LMTP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -139,6 +143,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt). ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/mupdatetest.1 b/man/mupdatetest.1 +index aa9b44c..6332725 100644 +--- a/man/mupdatetest.1 ++++ b/man/mupdatetest.1 +@@ -63,6 +63,10 @@ mupdatetest \- interactive MUPDATE test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -127,6 +131,9 @@ Userid to use for authentication; defaults to the current user. + This is the userid whose password or credentials will be presented to + the server for verification. + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -u " userid" + Userid to use for authorization; defaults to the current user. + This is the userid whose identity will be assumed after authentication. +diff --git a/man/nntptest.1 b/man/nntptest.1 +index 8a75487..55c4162 100644 +--- a/man/nntptest.1 ++++ b/man/nntptest.1 +@@ -67,6 +67,10 @@ nntptest \- interactive NNTP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -143,6 +147,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/pop3test.1 b/man/pop3test.1 +index 24b2efd..2d57c44 100644 +--- a/man/pop3test.1 ++++ b/man/pop3test.1 +@@ -67,6 +67,10 @@ pop3test \- interactive POP3 test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -143,6 +147,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/sivtest.1 b/man/sivtest.1 +index 993b337..51d191d 100644 +--- a/man/sivtest.1 ++++ b/man/sivtest.1 +@@ -67,6 +67,10 @@ sivtest \- interactive MANAGESIEVE test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -139,6 +143,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP +diff --git a/man/smtptest.1 b/man/smtptest.1 +index 2726d08..8f6902b 100644 +--- a/man/smtptest.1 ++++ b/man/smtptest.1 +@@ -67,6 +67,10 @@ smtptest \- interactive SMTP test program + .I userid + ] + [ ++.B \-w ++.I password ++] ++[ + .B \-k + .I num + ] +@@ -142,6 +146,9 @@ This is the userid whose identity will be assumed after authentication. + \fBNOTE:\fR This is only used with SASL mechanisms that allow proxying + (e.g. PLAIN, DIGEST-MD5). + .TP ++.BI -w " password" ++Password to use (if not supplied, we will prompt) ++.TP + .BI -k " num" + Minimum protection layer required. + .TP diff --git a/SPECS/cyrus-imapd.spec b/SPECS/cyrus-imapd.spec index 671e6b6..6ee3725 100644 --- a/SPECS/cyrus-imapd.spec +++ b/SPECS/cyrus-imapd.spec @@ -1,6 +1,6 @@ Name: cyrus-imapd Version: 2.4.17 -Release: 13%{?dist} +Release: 15%{?dist} %define ssl_pem_file %{_sysconfdir}/pki/%{name}/%{name}.pem @@ -49,6 +49,12 @@ Patch10: cyrus-imapd-2.4.17-no-mupdate-port.patch ## https://bugzilla.redhat.com/show_bug.cgi?id=1449501 Patch11: cyrus-imapd-2.4.17-free_body_leak.patch +## https://bugzilla.redhat.com/show_bug.cgi?id=1569941 +Patch12: cyrus-imapd-load_ecdh_ciphers.patch + +## https://bugzilla.redhat.com/1508363 +Patch13: cyrus-imapd-password_option.patch + BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: autoconf @@ -131,6 +137,8 @@ one running the server. # %patch10 -p1 %patch11 -p1 +%patch12 -p1 +%patch13 -p1 -b .pwd-option install -m 644 %{SOURCE11} doc/ @@ -471,6 +479,12 @@ done %{_mandir}/man1/* %changelog +* Thu Jan 10 2019 Pavel Zhukov - 2.4.17-15 +- Resolves: #1508363 - Add -w (password) option to manpages + +* Thu Dec 13 2018 Pavel Zhukov - 2.4.17-14 +- Resolves: #1569941 - Load echd ciphers + * Wed May 10 2017 Pavel Zhukov - 2.4.17-13 - Resolves: #1449501 - Fix memory leak in cmd_append