[packages/dovecot] Disabled SSLv3 in default configuration.

arekm arekm at pld-linux.org
Mon Jan 19 09:21:12 CET 2015 

commit 5a0821caf6239564322a754a0aa03acaebeb0036
Author: Michał Giżyński <michal at mailmix.pl>
Date:   Mon Jan 19 09:17:58 2015 +0100

    Disabled SSLv3 in default configuration.

 dovecot-disableSSLv3.patch | 16 ++++++++++++++++
 dovecot.spec               |  4 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)
---
diff --git a/dovecot.spec b/dovecot.spec
index 2cf9062..bffe66e 100644
--- a/dovecot.spec
+++ b/dovecot.spec
@@ -12,7 +12,7 @@ Summary:	IMAP and POP3 server written with security primarily in mind
 Summary(pl.UTF-8):	Serwer IMAP i POP3 pisany głównie z myślą o bezpieczeństwie
 Name:		dovecot
 Version:	2.2.15
-Release:	2
+Release:	3
 Epoch:		1
 License:	MIT (libraries), LGPL v2.1 (the rest)
 Group:		Networking/Daemons
@@ -25,6 +25,7 @@ Source4:	%{name}.tmpfiles
 Patch0:		%{name}-config.patch
 Patch1:		%{name}-rpath.patch
 Patch2:		%{name}-exttextcat.patch
+Patch3:		%{name}-disableSSLv3.patch
 URL:		http://dovecot.org/
 BuildRequires:	autoconf
 BuildRequires:	automake
@@ -156,6 +157,7 @@ Współdzielone biblioteki Dovecota.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p2
 
 %{__sed} -i 's,/usr/lib/dovecot,%{_libdir}/dovecot,g' doc/example-config/*.conf doc/example-config/conf.d/*.conf
 
diff --git a/dovecot-disableSSLv3.patch b/dovecot-disableSSLv3.patch
new file mode 100644
index 0000000..f1884b8
--- /dev/null
+++ b/dovecot-disableSSLv3.patch
@@ -0,0 +1,16 @@
+diff -urN dovecot/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf dovecotorg/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf
+--- dovecot/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf	2014-10-03 16:36:00.000000000 +0200
++++ dovecotorg/dovecot-2.2.15/doc/example-config/conf.d/10-ssl.conf	2015-01-16 15:52:55.917727519 +0100
+@@ -46,10 +46,10 @@
+ #ssl_dh_parameters_length = 1024
+ 
+ # SSL protocols to use
+-#ssl_protocols = !SSLv2
++ssl_protocols = !SSLv2 !SSLv3
+ 
+ # SSL ciphers to use
+-#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
++ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!SSLv3
+ 
+ # Prefer the server's order of ciphers over client's.
+ #ssl_prefer_server_ciphers = no
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/dovecot.git/commitdiff/5a0821caf6239564322a754a0aa03acaebeb0036

More information about the pld-cvs-commit mailing list