From a05649cc56acb21b0e968814475b747eea3cd437 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 01 2017 03:26:27 +0000
Subject: import cyrus-imapd-2.4.17-13.el7


---

diff --git a/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch b/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch
new file mode 100644
index 0000000..afe7433
--- /dev/null
+++ b/SOURCES/cyrus-imapd-2.4.17-no-mupdate-port.patch
@@ -0,0 +1,25 @@
+--- ./doc/man/imapd.conf.5.html.orig	2017-03-02 12:35:16.049738613 +0100
++++ ./doc/man/imapd.conf.5.html	2017-03-02 12:36:22.329737530 +0100
+@@ -1165,11 +1165,6 @@
+ <p style="margin-left:18%;">The SASL password (if needed)
+ to use when authenticating to the mupdate server.</p>
+ 
+-<p style="margin-left:11%;"><b>mupdate_port:</b> 3905</p>
+-
+-<p style="margin-left:18%;">The port of the mupdate server
+-for the Cyrus Murder</p>
+-
+ <p style="margin-left:11%;"><b>mupdate_realm:</b>
+ &lt;none&gt;</p>
+ 
+--- ./man/imapd.conf.5.orig	2017-03-02 12:35:16.049738613 +0100
++++ ./man/imapd.conf.5	2017-03-02 12:36:22.329737530 +0100
+@@ -628,8 +628,6 @@
+ .IP "\fBmupdate_password:\fR <none>" 5
+ The SASL password (if needed) to use when authenticating to the
+ mupdate server. 
+-.IP "\fBmupdate_port:\fR 3905" 5
+-The port of the mupdate server for the Cyrus Murder 
+ .IP "\fBmupdate_realm:\fR <none>" 5
+ The SASL realm (if needed) to use when authenticating to the mupdate
+ server. 
diff --git a/SOURCES/cyrus-imapd-keygen.service b/SOURCES/cyrus-imapd-keygen.service
new file mode 100644
index 0000000..ef2c490
--- /dev/null
+++ b/SOURCES/cyrus-imapd-keygen.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=cyrus-imapd Certificate Generator
+ConditionPathExists=!/etc/pki/cyrus-imapd/cyrus-imapd.pem
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/cyrus-imapd-keygen.sh
+RemainAfterExit=yes
diff --git a/SOURCES/cyrus-imapd-keygen.sh b/SOURCES/cyrus-imapd-keygen.sh
new file mode 100755
index 0000000..5067300
--- /dev/null
+++ b/SOURCES/cyrus-imapd-keygen.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+CERT_FILE="/etc/pki/cyrus-imapd/cyrus-imapd.pem"
+CERT_DIR="/etc/pki/tls/certs"
+
+umask 077
+cd "$CERT_DIR"
+
+cat << EOF | make cyrus-imapd.pem
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+localhost.localdomain
+root@localhost.localdomain
+EOF
+
+chown root.mail cyrus-imapd.pem
+chmod 640 cyrus-imapd.pem
+mv cyrus-imapd.pem "$CERT_FILE"
diff --git a/SOURCES/cyrus-imapd.service b/SOURCES/cyrus-imapd.service
index 9773723..f06eb20 100644
--- a/SOURCES/cyrus-imapd.service
+++ b/SOURCES/cyrus-imapd.service
@@ -1,6 +1,8 @@
 [Unit]
 Description=Cyrus-imapd IMAP/POP3 email server
 After=local-fs.target network.target
+After=cyrus-imapd-keygen.service
+Wants=cyrus-imapd-keygen.service
 
 [Service]
 Type=simple
diff --git a/SPECS/cyrus-imapd.spec b/SPECS/cyrus-imapd.spec
index 779a809..671e6b6 100644
--- a/SPECS/cyrus-imapd.spec
+++ b/SPECS/cyrus-imapd.spec
@@ -1,6 +1,6 @@
 Name: cyrus-imapd
 Version: 2.4.17
-Release: 8%{?dist}.1
+Release: 13%{?dist}
 
 %define ssl_pem_file %{_sysconfdir}/pki/%{name}/%{name}.pem
 
@@ -29,6 +29,8 @@ Source11: README.rpm
 #systemd support
 Source12: cyrus-imapd.service
 Source13: cyr_systemd_helper
+Source14: cyrus-imapd-keygen.service
+Source15: cyrus-imapd-keygen.sh
 
 Patch3: http://www.oakton.edu/~jwade/cyrus/cyrus-imapd-2.1.3/cyrus-imapd-2.1.3-flock.patch
 
@@ -42,8 +44,10 @@ Patch8: cyrus-imapd-2.4.12-debugopt.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1196210
 # https://access.redhat.com/security/cve/CVE-2014-3566
 Patch9: cyrus-imapd-2.3.16-tlsconfig.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=504813
+Patch10: cyrus-imapd-2.4.17-no-mupdate-port.patch
 ## https://bugzilla.redhat.com/show_bug.cgi?id=1449501
-Patch10: cyrus-imapd-2.4.17-free_body_leak.patch
+Patch11: cyrus-imapd-2.4.17-free_body_leak.patch
 
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -123,8 +127,10 @@ one running the server.
 %patch6 -p1 -b .libdb
 %patch8 -p1 -b .debugopt
 %patch9 -p1
+# We are skipping Patch10 so that we can apply it later in the process.
+# %patch10 -p1
 
-%patch10 -p1
+%patch11 -p1
 
 install -m 644 %{SOURCE11} doc/
 
@@ -184,6 +190,9 @@ make -C doc -f Makefile.dist
 make LDFLAGS="$LDFLAGS -pie %{__global_ldflags}"
 make -C notifyd notifytest
 
+# Now that the docs have been fully generated, patch it
+patch -p1 < %PATCH10
+
 %install
 rm -rf %{buildroot}
 
@@ -237,6 +246,8 @@ install -p -m 755 %{SOURCE10}   %{buildroot}%{_sysconfdir}/cron.daily/%{name}
 
 install -p -D -m 644 %{SOURCE12}   %{buildroot}%{_unitdir}/cyrus-imapd.service
 install -p -D -m 755 %{SOURCE13}   %{buildroot}%{_cyrexecdir}/cyr_systemd_helper
+install -p -D -m 644 %{SOURCE14}   %{buildroot}%{_unitdir}/cyrus-imapd-keygen.service
+install -p -D -m 755 %{SOURCE15}   %{buildroot}%{_libexecdir}/cyrus-imapd-keygen.sh
 
 # Cleanup of doc dir
 find doc perl -name CVS -type d -prune -exec rm -rf {} \;
@@ -310,34 +321,16 @@ do
   fi
 done
 
-# Create SSL certificates
-exec > /dev/null 2> /dev/null
-
-if [ ! -f %{ssl_pem_file} ]; then
-pushd %{_sysconfdir}/pki/tls/certs
-umask 077
-cat << EOF | make %{name}.pem
---
-SomeState
-SomeCity
-SomeOrganization
-SomeOrganizationalUnit
-localhost.localdomain
-root@localhost.localdomain
-EOF
-chown root.%{_cyrusgroup} %{name}.pem
-chmod 640 %{name}.pem
-mv %{name}.pem %{ssl_pem_file}
-popd
-fi
-
 %systemd_post cyrus-imapd.service
+%systemd_post cyrus-imapd-keygen.service
 
 %preun
 %systemd_preun cyrus-imapd.service
+%systemd_preun cyrus-imapd-keygen.service
 
 %postun
 %systemd_postun_with_restart cyrus-imapd.service
+%systemd_postun_with_restart cyrus-imapd-keygen.service
 
 %files
 %defattr(-,root,root,-)
@@ -356,6 +349,8 @@ fi
 %config(noreplace) %{_sysconfdir}/pam.d/nntp
 %{_sysconfdir}/cron.daily/%{name}
 %{_unitdir}/cyrus-imapd.service
+%{_unitdir}/cyrus-imapd-keygen.service
+%{_libexecdir}/cyrus-imapd-keygen.sh
 %dir %{_cyrexecdir}
 %{_cyrexecdir}/cyr_systemd_helper
 %{_cyrexecdir}/arbitron
@@ -476,9 +471,22 @@ fi
 %{_mandir}/man1/*
 
 %changelog
-* Wed May 10 2017 Pavel Zhukov <pzhukov@redhat.com> - 2.4.17-8.1
+* Wed May 10 2017 Pavel Zhukov <pzhukov@redhat.com> - 2.4.17-13
 - Resolves: #1449501 - Fix memory leak in cmd_append
 
+* Thu Mar 02 2017 Pavel Šimerda <psimerda@redhat.com> - 2.4.17-12
+- Resolves: #504813 - postpone the patch until the manpage is fully built
+
+* Thu Mar 02 2017 Pavel Šimerda <psimerda@redhat.com> - 2.4.17-11
+- Resolves: #504813 - manpage change: remove unimplemented mupdate_port from
+  cyrus-imapd
+
+* Thu Feb 09 2017 Pavel Šimerda <psimerda@redhat.com> - 2.4.17-10
+- Related: #1346059 - handle the new service file in scriptlets
+
+* Thu Feb 09 2017 Pavel Šimerda <psimerda@redhat.com> - 2.4.17-9
+- Resolves: #1346059 - build certificate at run time, not at install time
+
 * Thu Mar 19 2015 Pavel Šimerda <psimerda@redhat.com> - 2.4.17-8
 - Resolves: #1196210 - backport method to disable SSLv3