Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dovecot23 for openSUSE:Factory checked in at 2021-05-15 23:16:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot23 (Old) and /work/SRC/openSUSE:Factory/.dovecot23.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot23" Sat May 15 23:16:30 2021 rev:39 rq:893339 version:2.3.14 Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot23/dovecot23.changes 2021-03-11 20:13:06.872743664 +0100 +++ /work/SRC/openSUSE:Factory/.dovecot23.new.2988/dovecot23.changes 2021-05-15 23:17:32.544410164 +0200 @@ -1,0 +2,7 @@ +Fri May 14 10:07:07 UTC 2021 - Fabian Vogt <fv...@suse.com> + +- Add patch to fix insecure default openssl.cnf (boo#1184552): + * openssl-cnf-default_bits-2048.patch +- Use %autosetup + +------------------------------------------------------------------- New: ---- openssl-cnf-default_bits-2048.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot23.spec ++++++ --- /var/tmp/diff_new_pack.wd2xB0/_old 2021-05-15 23:17:33.220406694 +0200 +++ /var/tmp/diff_new_pack.wd2xB0/_new 2021-05-15 23:17:33.224406673 +0200 @@ -150,6 +150,8 @@ Patch1: dovecot-2.3.0-better_ssl_defaults.patch # https://github.com/dovecot/core/pull/126 Patch2: allow-tls1.3-only.patch +# https://github.com/dovecot/core/pull/161 +Patch3: openssl-cnf-default_bits-2048.patch Summary: IMAP and POP3 Server Written Primarily with Security in Mind License: BSD-3-Clause AND LGPL-2.1-or-later AND MIT Group: Productivity/Networking/Email/Servers @@ -326,10 +328,8 @@ dovecot tree. %prep -%setup -q -n %{pkg_name}-%{dovecot_version} -a 1 -%patch -p1 -%patch1 -p1 -%patch2 -p1 +%autosetup -p1 -n %{pkg_name}-%{dovecot_version} -a 1 + gzip -9v ChangeLog # Fix plugins dir. sed -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++++++ openssl-cnf-default_bits-2048.patch ++++++ >From 397ca180b8e58bf38525afcf9af249b190120607 Mon Sep 17 00:00:00 2001 From: Arjen de Korte <build+git...@de-korte.org> Date: Sat, 10 Apr 2021 13:52:15 +0200 Subject: [PATCH] doc/openssl.cnf: Increase default_bits to 2048 NIST guidelines mandate that all SSL certificates must be of at least 2048 key length --- doc/dovecot-openssl.cnf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/dovecot-openssl.cnf b/doc/dovecot-openssl.cnf index b2dfebfea9..f65a80cc2f 100644 --- a/doc/dovecot-openssl.cnf +++ b/doc/dovecot-openssl.cnf @@ -1,5 +1,5 @@ [ req ] -default_bits = 1024 +default_bits = 2048 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type
