[packages/dovecot] Disabled SSLv3 in default configuration.
arekm
arekm at pld-linux.org
Mon Jan 19 09:21:12 CET 2015
commit 5a0821caf6239564322a754a0aa03acaebeb0036
Author: Michał Giżyński <michal at mailmix.pl>
Date: Mon Jan 19 09:17:58 2015 +0100
Disabled SSLv3 in default configuration.
dovecot-disableSSLv3.patch | 16 ++++++++++++++++
dovecot.spec | 4 +++-
2 files changed, 19 insertions(+), 1 deletion(-)
---
diff --git a/dovecot.spec b/dovecot.spec
index 2cf9062..bffe66e 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -12,7 +12,7 @@ Summary: IMAP and POP3 server written with security primarily in mind
Summary(pl.UTF-8): Serwer IMAP i POP3 pisany głównie z myślą o bezpieczeństwie
Name: dovecot
Version: 2.2.15
-Release: 2
+Release: 3
Epoch: 1
License: MIT (libraries), LGPL v2.1 (the rest)
Group: Networking/Daemons
@@ -25,6 +25,7 @@ Source4: %{name}.tmpfiles
Patch0: %{name}-config.patch
Patch1: %{name}-rpath.patch
Patch2: %{name}-exttextcat.patch
+Patch3: %{name}-disableSSLv3.patch
URL: http://dovecot.org/
BuildRequires: autoconf
BuildRequires: automake
@@ -156,6 +157,7 @@ Współdzielone biblioteki Dovecota.
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p2
%{__sed} -i 's,/usr/lib/dovecot,%{_libdir}/dovecot,g' doc/example-config/*.conf doc/example-config/conf.d/*.conf
diff --git a/dovecot-disableSSLv3.patch b/dovecot-disableSSLv3.patch
new file mode 100644
index 0000000..f1884b8
--- /dev/null
+++ b/dovecot-disableSSLv3.patch
@@ -0,0 +1,16 @@
+diff -urN dovecot/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf dovecotorg/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf
+--- dovecot/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf 2014-10-03 16:36:00.000000000 +0200
++++ dovecotorg/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf 2015-01-16 15:52:55.917727519 +0100
+@@ -46,10 +46,10 @@
+ #ssl_dh_parameters_length = 1024
+
+ # SSL protocols to use
+-#ssl_protocols = !SSLv2
++ssl_protocols = !SSLv2 !SSLv3
+
+ # SSL ciphers to use
+-#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
++ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!SSLv3
+
+ # Prefer the server's order of ciphers over client's.
+ #ssl_prefer_server_ciphers = no
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/dovecot.git/commitdiff/5a0821caf6239564322a754a0aa03acaebeb0036
More information about the pld-cvs-commit
mailing list