diff --git a/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch b/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch
new file mode 100644
index 0000000..afe7433
--- /dev/null
+++ b/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch
@@ -0,0 +1,25 @@
+--- ./doc/man/imapd.conf.5.html.orig 2017-03-02 12:35:16.049738613 +0100
++++ ./doc/man/imapd.conf.5.html 2017-03-02 12:36:22.329737530 +0100
+@@ -1165,11 +1165,6 @@
+
The SASL password (if needed)
+ to use when authenticating to the mupdate server.
+
+-mupdate_port: 3905
+-
+-The port of the mupdate server
+-for the Cyrus Murder
+-
+ mupdate_realm:
+ <none>
+
+--- ./man/imapd.conf.5.orig 2017-03-02 12:35:16.049738613 +0100
++++ ./man/imapd.conf.5 2017-03-02 12:36:22.329737530 +0100
+@@ -628,8 +628,6 @@
+ .IP "\fBmupdate_password:\fR " 5
+ The SASL password (if needed) to use when authenticating to the
+ mupdate server.
+-.IP "\fBmupdate_port:\fR 3905" 5
+-The port of the mupdate server for the Cyrus Murder
+ .IP "\fBmupdate_realm:\fR " 5
+ The SASL realm (if needed) to use when authenticating to the mupdate
+ server.
diff --git a/SOURCES/cyrus-imapd-keygen.service b/SOURCES/cyrus-imapd-keygen.service
new file mode 100644
index 0000000..ef2c490
--- /dev/null
+++ b/SOURCES/cyrus-imapd-keygen.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=cyrus-imapd Certificate Generator
+ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd.pem
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/cyrus-imapd-keygen.sh
+RemainAfterExit=yes
diff --git a/SOURCES/cyrus-imapd-keygen.sh b/SOURCES/cyrus-imapd-keygen.sh
new file mode 100755
index 0000000..5067300
--- /dev/null
+++ b/SOURCES/cyrus-imapd-keygen.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+CERT_FILE="/etc/pki/cyrus-imapd/cyrus-imapd.pem"
+CERT_DIR="/etc/pki/tls/certs"
+
+umask 077
+cd "$CERT_DIR"
+
+cat << EOF | make cyrus-imapd.pem
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+localhost.localdomain
+root@localhost.localdomain
+EOF
+
+chown root.mail cyrus-imapd.pem
+chmod 640 cyrus-imapd.pem
+mv cyrus-imapd.pem "$CERT_FILE"
diff --git a/SOURCES/cyrus-imapd.service b/SOURCES/cyrus-imapd.service
index 9773723..f06eb20 100644
--- a/SOURCES/cyrus-imapd.service
+++ b/SOURCES/cyrus-imapd.service
@@ -1,6 +1,8 @@
[Unit]
Description=Cyrus-imapd IMAP/POP3 email server
After=local-fs.target network.target
+After=cyrus-imapd-keygen.service
+Wants=cyrus-imapd-keygen.service
[Service]
Type=simple
diff --git a/SPECS/cyrus-imapd.spec b/SPECS/cyrus-imapd.spec
index 779a809..671e6b6 100644
--- a/SPECS/cyrus-imapd.spec
+++ b/SPECS/cyrus-imapd.spec
@@ -1,6 +1,6 @@
Name: cyrus-imapd
Version: 2.4.17
-Release: 8%{?dist}.1
+Release: 13%{?dist}
%define ssl_pem_file %{_sysconfdir}/pki/%{name}/%{name}.pem
@@ -29,6 +29,8 @@ Source11: README.rpm
#systemd support
Source12: cyrus-imapd.service
Source13: cyr_systemd_helper
+Source14: cyrus-imapd-keygen.service
+Source15: cyrus-imapd-keygen.sh
Patch3: http://www.oakton.edu/~jwade/cyrus/cyrus-imapd-2.1.3/cyrus-imapd-2.1.3-flock.patch
@@ -42,8 +44,10 @@ Patch8: cyrus-imapd-2.4.12-debugopt.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1196210
# https://access.redhat.com/security/cve/CVE-2014-3566
Patch9: cyrus-imapd-2.3.16-tlsconfig.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=504813
+Patch10: cyrus-imapd-2.4.17-no-mupdate-port.patch
## https://bugzilla.redhat.com/show_bug.cgi?id=1449501
-Patch10: cyrus-imapd-2.4.17-free_body_leak.patch
+Patch11: cyrus-imapd-2.4.17-free_body_leak.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -123,8 +127,10 @@ one running the server.
%patch6 -p1 -b .libdb
%patch8 -p1 -b .debugopt
%patch9 -p1
+# We are skipping Patch10 so that we can apply it later in the process.
+# %patch10 -p1
-%patch10 -p1
+%patch11 -p1
install -m 644 %{SOURCE11} doc/
@@ -184,6 +190,9 @@ make -C doc -f Makefile.dist
make LDFLAGS="$LDFLAGS -pie %{__global_ldflags}"
make -C notifyd notifytest
+# Now that the docs have been fully generated, patch it
+patch -p1 < %PATCH10
+
%install
rm -rf %{buildroot}
@@ -237,6 +246,8 @@ install -p -m 755 %{SOURCE10} %{buildroot}%{_sysconfdir}/cron.daily/%{name}
install -p -D -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/cyrus-imapd.service
install -p -D -m 755 %{SOURCE13} %{buildroot}%{_cyrexecdir}/cyr_systemd_helper
+install -p -D -m 644 %{SOURCE14} %{buildroot}%{_unitdir}/cyrus-imapd-keygen.service
+install -p -D -m 755 %{SOURCE15} %{buildroot}%{_libexecdir}/cyrus-imapd-keygen.sh
# Cleanup of doc dir
find doc perl -name CVS -type d -prune -exec rm -rf {} \;
@@ -310,34 +321,16 @@ do
fi
done
-# Create SSL certificates
-exec > /dev/null 2> /dev/null
-
-if [ ! -f %{ssl_pem_file} ]; then
-pushd %{_sysconfdir}/pki/tls/certs
-umask 077
-cat << EOF | make %{name}.pem
---
-SomeState
-SomeCity
-SomeOrganization
-SomeOrganizationalUnit
-localhost.localdomain
-root@localhost.localdomain
-EOF
-chown root.%{_cyrusgroup} %{name}.pem
-chmod 640 %{name}.pem
-mv %{name}.pem %{ssl_pem_file}
-popd
-fi
-
%systemd_post cyrus-imapd.service
+%systemd_post cyrus-imapd-keygen.service
%preun
%systemd_preun cyrus-imapd.service
+%systemd_preun cyrus-imapd-keygen.service
%postun
%systemd_postun_with_restart cyrus-imapd.service
+%systemd_postun_with_restart cyrus-imapd-keygen.service
%files
%defattr(-,root,root,-)
@@ -356,6 +349,8 @@ fi
%config(noreplace) %{_sysconfdir}/pam.d/nntp
%{_sysconfdir}/cron.daily/%{name}
%{_unitdir}/cyrus-imapd.service
+%{_unitdir}/cyrus-imapd-keygen.service
+%{_libexecdir}/cyrus-imapd-keygen.sh
%dir %{_cyrexecdir}
%{_cyrexecdir}/cyr_systemd_helper
%{_cyrexecdir}/arbitron
@@ -476,9 +471,22 @@ fi
%{_mandir}/man1/*
%changelog
-* Wed May 10 2017 Pavel Zhukov - 2.4.17-8.1
+* Wed May 10 2017 Pavel Zhukov - 2.4.17-13
- Resolves: #1449501 - Fix memory leak in cmd_append
+* Thu Mar 02 2017 Pavel Šimerda - 2.4.17-12
+- Resolves: #504813 - postpone the patch until the manpage is fully built
+
+* Thu Mar 02 2017 Pavel Šimerda - 2.4.17-11
+- Resolves: #504813 - manpage change: remove unimplemented mupdate_port from
+ cyrus-imapd
+
+* Thu Feb 09 2017 Pavel Šimerda - 2.4.17-10
+- Related: #1346059 - handle the new service file in scriptlets
+
+* Thu Feb 09 2017 Pavel Šimerda - 2.4.17-9
+- Resolves: #1346059 - build certificate at run time, not at install time
+
* Thu Mar 19 2015 Pavel Šimerda - 2.4.17-8
- Resolves: #1196210 - backport method to disable SSLv3