From b92ba256aea7e9e7dc0256de14031b26efcf458a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 15 May 2017 16:57:26 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- courier-imap/imapd-ssl | 57 ++++++++++++++------------------------ courier-imap/pop3d-ssl | 59 +++++++++++++++++++++++++--------------- init.d/courier-imapd | 9 +++--- init.d/courier-imapd-ssl | 11 ++++---- init.d/courier-pop3d | 9 +++--- init.d/courier-pop3d-ssl | 11 ++++---- 6 files changed, 75 insertions(+), 81 deletions(-) diff --git a/courier-imap/imapd-ssl b/courier-imap/imapd-ssl index 47ca432..812ed4c 100644 --- a/courier-imap/imapd-ssl +++ b/courier-imap/imapd-ssl @@ -1,11 +1,11 @@ -##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ +##VERSION: $Id: 22aa61750562f69db443f93518080cd1b5d923ea-20170113192021$ # # imapd-ssl created from imapd-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000 - 2013 Double Precision, Inc. See COPYING for +# Copyright 2000 - 2016 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -136,13 +136,11 @@ COURIERTLS=/usr/sbin/couriertls # # OpenSSL: # -# SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) # TLSv1 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all # higher protocols. # # The default value is TLSv1+ @@ -184,17 +182,7 @@ COURIERTLS=/usr/sbin/couriertls # # It takes the same values for OpenSSL as TLS_PROTOCOL -##NAME: TLS_CIPHER_LIST:0 -# -# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the -# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST -# undefined -# -# OpenSSL: -# -# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" -# -# +TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL" ##NAME: TLS_MIN_DH_BITS:0 # @@ -220,30 +208,29 @@ COURIERTLS=/usr/sbin/couriertls # treated as confidential, and must not be world-readable. Set TLS_CERTFILE # instead of TLS_DHCERTFILE if this is a garden-variety certificate # -# VIRTUAL HOSTS (servers only): +# VIRTUAL HOSTS ON THE SAME IP ADDRESS. +# +# Install each certificate $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.www.example.com, +# /etc/certificate.pem.www.domain.com and so on. Then, create a link from +# $TLS_CERTFILE to whichever certificate you consider to be the main one, +# for example: +# /etc/certificate.pem => /etc/certificate.pem.www.example.com +# +# IP-BASED VIRTUAL HOSTS: # -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as +# There may be a need to support older SSL/TLS client that don't support +# virtual hosts on the same IP address, and require a dedicated IP address +# for each SSL/TLS host. If so, install each certificate file as # $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address # for the certificate's domain name. So, if TLS_CERTFILE is set to # /etc/certificate.pem, then you'll need to install the actual certificate # files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 # and so on, for each IP address. # -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. +# In all cases, $TLS_CERTFILE needs to be linked to one of the existing +# certificate files. TLS_CERTFILE=/etc/courier-imap/imapd.pem @@ -307,10 +294,6 @@ TLS_VERIFYPEER=NONE # that open multiple SSL sessions to the server. TLS_CACHEFILE will be # automatically created, TLS_CACHESIZE bytes long, and used as a cache # buffer. -# -# This is an experimental feature and should be disabled if it causes -# problems with SSL clients. Disable SSL caching by commenting out the -# following settings: TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache TLS_CACHESIZE=524288 diff --git a/courier-imap/pop3d-ssl b/courier-imap/pop3d-ssl index 7f5fc42..3317efa 100644 --- a/courier-imap/pop3d-ssl +++ b/courier-imap/pop3d-ssl @@ -1,11 +1,11 @@ -##VERSION: $Id: d4d0683714b8d6ec02c9db26cc7e371a1dde0269-20150609200831$ +##VERSION: $Id: dd1ec1a65ba3ed030069698824a4b3eabc58b455-20170113192021$ # # pop3d-ssl created from pop3d-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000-2013 Double Precision, Inc. See COPYING for +# Copyright 2000-2016 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -121,17 +121,24 @@ COURIERTLS=/usr/sbin/couriertls # # OpenSSL: # -# SSL3 - SSLv3 -# SSL23 - all protocols (including TLS 1.x protocols) # TLSv11 - TLS1 # TLSv1.1 - TLS1.1 # TLSv1.2 - TLS1.2 # -# SSL3+, TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all +# TLSv1+, TLSv1.1+, and TLSv1.2+ - the corresponding protocol, and all # higher protocols. # # The default value is TLSv1+ +##NAME: TLS_STARTTLS_PROTOCOL:0 +# +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STLS +# extension, as opposed to POP3 over SSL on port 995. +# +# It takes the same values for OpenSSL as TLS_PROTOCOL + +TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL" + ##NAME: TLS_CIPHER_LIST:0 # # TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the @@ -162,6 +169,15 @@ COURIERTLS=/usr/sbin/couriertls # See GnuTLS documentation, gnutls_priority_init(3) for additional # documentation. +##NAME: TLS_STARTTLS_PROTOCOL:0 +# +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS +# extension, as opposed to IMAP over SSL on port 993. +# +# It takes the same values for OpenSSL as TLS_PROTOCOL + +TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL" + ##NAME: TLS_MIN_DH_BITS:0 # # TLS_MIN_DH_BITS=n @@ -186,30 +202,29 @@ COURIERTLS=/usr/sbin/couriertls # treated as confidential, and must not be world-readable. Set TLS_CERTFILE # instead of TLS_DHCERTFILE if this is a garden-variety certificate # -# VIRTUAL HOSTS (servers only): +# VIRTUAL HOSTS ON THE SAME IP ADDRESS. +# +# Install each certificate $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.www.example.com, +# /etc/certificate.pem.www.domain.com and so on. Then, create a link from +# $TLS_CERTFILE to whichever certificate you consider to be the main one, +# for example: +# /etc/certificate.pem => /etc/certificate.pem.www.example.com +# +# IP-BASED VIRTUAL HOSTS: # -# Due to technical limitations in the original SSL/TLS protocol, a dedicated -# IP address is required for each virtual host certificate. If you have -# multiple certificates, install each certificate file as +# There may be a need to support older SSL/TLS client that don't support +# virtual hosts on the same IP address, and require a dedicated IP address +# for each SSL/TLS host. If so, install each certificate file as # $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address # for the certificate's domain name. So, if TLS_CERTFILE is set to # /etc/certificate.pem, then you'll need to install the actual certificate # files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 # and so on, for each IP address. # -# GnuTLS only (servers only): -# -# GnuTLS implements a new TLS extension that eliminates the need to have a -# dedicated IP address for each SSL/TLS domain name. Install each certificate -# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, -# then you'll need to install the actual certificate files as -# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com -# and so on. -# -# Note that this TLS extension also requires a corresponding support in the -# client. Older SSL/TLS clients may not support this feature. -# -# This is an experimental feature. +# In all cases, $TLS_CERTFILE needs to be linked to one of the existing +# certificate files. TLS_CERTFILE=/etc/courier-imap/pop3d.pem diff --git a/init.d/courier-imapd b/init.d/courier-imapd index 06d0dc0..e5b5f6f 100755 --- a/init.d/courier-imapd +++ b/init.d/courier-imapd @@ -1,21 +1,20 @@ #!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ depend() { need net courier-authlib use famd } -source /etc/courier-imap/imapd +. /etc/courier-imap/imapd checkconfig() { - if [[ ! -e /etc/courier-imap/imapd ]] ; then + if [ ! -e /etc/courier-imap/imapd ] ; then eerror "You need an /etc/courier-imap/imapd file to run courier-imapd" return 1 fi - source /etc/courier-imap/imapd || { + . /etc/courier-imap/imapd || { eerror "There are syntax errors in /etc/courier-imap/imapd" eerror "Please correct them before trying to start courier-imapd" return 2 diff --git a/init.d/courier-imapd-ssl b/init.d/courier-imapd-ssl index ed42aac..b811da0 100755 --- a/init.d/courier-imapd-ssl +++ b/init.d/courier-imapd-ssl @@ -1,26 +1,25 @@ #!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ depend() { need net courier-authlib use famd } -source /etc/courier-imap/imapd-ssl +. /etc/courier-imap/imapd-ssl checkconfig() { - if [[ ! -e /etc/courier-imap/imapd-ssl ]] ; then + if [ ! -e /etc/courier-imap/imapd-ssl ] ; then eerror "You need an /etc/courier-imap/imapd-ssl file to run courier-imapd-ssl" return 1 fi - source /etc/courier-imap/imapd-ssl || { + . /etc/courier-imap/imapd-ssl || { eerror "There are syntax errors in /etc/courier-imap/imapd-ssl" eerror "Please correct them before trying to start courier-imapd-ssl" return 3 } - if [[ ! -e "${TLS_CERTFILE}" ]] ; then + if [ ! -e "${TLS_CERTFILE}" ] ; then eerror "You need to create a SSL certificate to use IMAP over SSL" eerror "Edit /etc/courier-imap/imapd.cnf, then run: mkimapdcert" return 2 diff --git a/init.d/courier-pop3d b/init.d/courier-pop3d index 6625962..3031cb3 100755 --- a/init.d/courier-pop3d +++ b/init.d/courier-pop3d @@ -1,21 +1,20 @@ #!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ depend() { need net courier-authlib use famd } -source /etc/courier-imap/pop3d +. /etc/courier-imap/pop3d checkconfig() { - if [[ ! -e /etc/courier-imap/pop3d ]] ; then + if [ ! -e /etc/courier-imap/pop3d ] ; then eerror "You need an /etc/courier-imap/pop3d file to run courier-pop3d" return 1 fi - source /etc/courier-imap/pop3d || { + . /etc/courier-imap/pop3d || { eerror "There are syntax errors in /etc/courier-imap/pop3d" eerror "Please correct them before trying to start courier-pop3d" return 2 diff --git a/init.d/courier-pop3d-ssl b/init.d/courier-pop3d-ssl index 7d97935..8d82833 100755 --- a/init.d/courier-pop3d-ssl +++ b/init.d/courier-pop3d-ssl @@ -1,26 +1,25 @@ #!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ depend() { need net courier-authlib use famd } -source /etc/courier-imap/pop3d-ssl +. /etc/courier-imap/pop3d-ssl checkconfig() { - if [[ ! -e /etc/courier-imap/pop3d-ssl ]] ; then + if [ ! -e /etc/courier-imap/pop3d-ssl ] ; then eerror "You need an /etc/courier-imap/pop3d-ssl file to run courier-pop3d-ssl" return 1 fi - source /etc/courier-imap/pop3d-ssl || { + . /etc/courier-imap/pop3d-ssl || { eerror "There are syntax errors in /etc/courier-imap/pop3d-ssl" eerror "Please correct them before trying to start courier-pop3d-ssl" return 3 } - if [[ ! -e "${TLS_CERTFILE}" ]] ; then + if [ ! -e "${TLS_CERTFILE}" ] ; then eerror "You need to create a SSL certificate to use POP3 over SSL" eerror "Edit /etc/courier-imap/pop3d.cnf, then run: mkpop3dcert" return 2 -- 2.39.5