Hi, I have gone through the patches that are used in the Fedora package and probably only the "mkcert-permissions" [1] can be considered to be included upstream. It is dated into package version 1.0-0.beta2.3, but I cannot find any particular reason for the inclusion (like a bug in bugzilla, etc.). Some (winbind support, quota warnings) were obsoleted by dovecot 1.1, two are used for distro specific settings. So the only real patch that remains is the "pam_setcred" [2] patch that fixes https://bugzilla.redhat.com/show_bug.cgi?id=146198 Current state of the package for Fedora is at http://cvs.fedoraproject.org/viewcvs/rpms/dovecot/devel/ Dan [1] http://cvs.fedoraproject.org/viewcvs/rpms/dovecot/devel/dovecot-1.0.beta2-mkcert-permissions.patch?rev=1.1&view=auto [2] http://cvs.fedoraproject.org/viewcvs/rpms/dovecot/devel/dovecot-1.0.rc2-pam-setcred.patch?rev=1.1&view=auto -- Fedora and Red Hat package maintainer
On Fri, 2008-05-30 at 15:49 +0200, Dan Hor?k wrote:> Hi, > > I have gone through the patches that are used in the Fedora package and > probably only the "mkcert-permissions" [1] can be considered to be > included upstream. It is dated into package version 1.0-0.beta2.3, but I > cannot find any particular reason for the inclusion (like a bug in > bugzilla, etc.).Certificate file is public data, so chmoding it to 0600 doesn't really do any good. As for chowning the files to root:root, that's probably good if you use the script to generate certificates automatically, but I don't think the script should always do that since it may be run as non-root.> Some (winbind support, quota warnings) were obsoleted > by dovecot 1.1, two are used for distro specific settings. So the only > real patch that remains is the "pam_setcred" [2] patch that fixes > https://bugzilla.redhat.com/show_bug.cgi?id=146198Unnecessary (with v1.0 too). pam_setcred() is called only if setcred=yes is added to pam args. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080602/68f2da15/attachment-0002.bin>
Timo Sirainen p??e v Po 02. 06. 2008 v 21:50 +0300:> On Fri, 2008-05-30 at 15:49 +0200, Dan Hor?k wrote: > > Hi, > > > > I have gone through the patches that are used in the Fedora package and > > probably only the "mkcert-permissions" [1] can be considered to be > > included upstream. It is dated into package version 1.0-0.beta2.3, but I > > cannot find any particular reason for the inclusion (like a bug in > > bugzilla, etc.). > > Certificate file is public data, so chmoding it to 0600 doesn't really > do any good. As for chowning the files to root:root, that's probably > good if you use the script to generate certificates automatically, but I > don't think the script should always do that since it may be run as > non-root. >The script is run during package installation with the goal to be "ready to run" for the "general user".> > Some (winbind support, quota warnings) were obsoleted > > by dovecot 1.1, two are used for distro specific settings. So the only > > real patch that remains is the "pam_setcred" [2] patch that fixes > > https://bugzilla.redhat.com/show_bug.cgi?id=146198 > > Unnecessary (with v1.0 too). pam_setcred() is called only if setcred=yes > is added to pam args. >Thanks for the info. I will update the package appropriately. Dan