<pre style='margin:0'>

Renee Otten (reneeotten) pushed a commit to branch master

in repository macports-ports.

</pre>

<p><a href="https://github.com/macports/macports-ports/commit/3cda5d271a22d5d33849caa255dba94a804ce14f">https://github.com/macports/macports-ports/commit/3cda5d271a22d5d33849caa255dba94a804ce14f</a></p>

<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:

<span style='display:block; white-space:pre;color:#404040;'>     new 3cda5d271a2 mail-server: Update to version 1.5

</span>3cda5d271a2 is described below

<span style='display:block; white-space:pre;color:#808000;'>commit 3cda5d271a22d5d33849caa255dba94a804ce14f

</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>

AuthorDate: Sun Nov 27 18:13:32 2022 -0500

<span style='display:block; white-space:pre;color:#404040;'>    mail-server: Update to version 1.5

</span><span style='display:block; white-space:pre;color:#404040;'>    

</span><span style='display:block; white-space:pre;color:#404040;'>    * Fixes: https://trac.macports.org/ticket/60273

</span><span style='display:block; white-space:pre;color:#404040;'>    * Fix logrotate permission issue

</span><span style='display:block; white-space:pre;color:#404040;'>    * Migrate to EC P-384 default x509 certificates

</span>---

 mail/mail-server/Portfile                          | 29 ++++++++++++++--------

 .../files/prefix/etc/certificates/ca/openssl.cnf   | 17 +++++++------

 .../files/prefix/etc/dovecot/conf.d/10-ssl.conf    |  2 +-

 mail/mail-server/files/prefix/etc/logrotate.d/mail |  1 +

 mail/mail-server/files/prefix/etc/postfix/main.cf  |  2 +-

 5 files changed, 32 insertions(+), 19 deletions(-)

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/Portfile b/mail/mail-server/Portfile

</span><span style='display:block; white-space:pre;color:#808080;'>index 4f2f66298d0..27ca92475a4 100644

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/Portfile

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/Portfile

</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,7 +4,7 @@ PortSystem              1.0

</span> PortGroup               active_variants 1.1

 name                    mail-server

<span style='display:block; white-space:pre;background:#ffe0e0;'>-version                 1.4

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version                 1.5

</span> revision                0

 categories              mail net

 platforms               darwin

<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -302,6 +302,14 @@ if {${os.platform} eq "darwin" && ${os.major} >= 21} {

</span>     }

 }

<span style='display:block; white-space:pre;background:#e0ffe0;'>+pre-activate {

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+    # mail-server 1.1 inadvertently installed org.macports.logrotate.plist

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+    # into /Library/LaunchDaemons

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+    # https://trac.macports.org/ticket/60273

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+    # This cleanup hack can be removed after December 2023.

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+    delete /Library/LaunchDaemons/org.macports.logrotate.plist

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+

</span> proc plutil_startup {plcmds label} {

     global prefix startupitem.location

     foreach cmd ${plcmds} {

<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -577,8 +585,9 @@ SOLR_DELETE_DOVECOT

</span>     system -W ${tls_ca_dir} \

         "sh <<TLS_CERTIFICATE_SURROGATE

             # CA encrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-            openssl genrsa -aes256 -out private/ca.key.pem \\

</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-                -passout file:private/passphrase.txt 4096

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            openssl genpkey -out private/ca.key.pem \\

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \\

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                -passout file:private/passphrase.txt

</span>             chmod go-r private/ca.key.pem

             # CA certificate

<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -596,10 +605,10 @@ SOLR_DELETE_DOVECOT

</span>             ##################

             # Intermediate CA encrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-            openssl genrsa -aes256 \\

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            openssl genpkey \\

</span>                 -out intermediate/private/intermediate.key.pem \\

<span style='display:block; white-space:pre;background:#ffe0e0;'>-                -passout file:intermediate/private/passphrase_intermediate.txt \\

</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-                4096

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \\

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                -passout file:intermediate/private/passphrase_intermediate.txt

</span>             chmod go-r intermediate/private/intermediate.key.pem

             # Intermediate CA CSR

<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -632,14 +641,14 @@ SOLR_DELETE_DOVECOT

</span>             ##################

             # Client certificate encrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-            openssl genrsa -aes256 \\

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            openssl genpkey \\

</span>                 -out intermediate/private/${fullhost}.key.pem \\

<span style='display:block; white-space:pre;background:#ffe0e0;'>-                -passout file:intermediate/private/passphrase_client.txt \\

</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-                4096

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \\

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+                -passout file:intermediate/private/passphrase_client.txt

</span>             chmod go-r intermediate/private/${fullhost}.key.pem

             # Client certificate decrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-            openssl rsa -in intermediate/private/${fullhost}.key.pem \\

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+            openssl pkey -in intermediate/private/${fullhost}.key.pem \\

</span>                 -passin file:intermediate/private/passphrase_client.txt \\

                 -out intermediate/private/${fullhost}.key.pem.decrypted

             chmod go-r intermediate/private/${fullhost}.key.pem.decrypted

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf b/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf

</span><span style='display:block; white-space:pre;color:#808080;'>index f3a8f0c2c8f..6ee3ba3bab6 100644

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf

</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5,8 +5,9 @@

</span> ##################

 # CA encrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out private/ca.key.pem \

</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#     -passout file:private/passphrase.txt 4096

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out private/ca.key.pem \

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     -passout file:private/passphrase.txt

</span> 

 # CA certificate

 # openssl req -config openssl.cnf \

<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -24,8 +25,9 @@

</span> ##################

 # Intermediate CA encrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out intermediate/private/intermediate.key.pem \

</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#     -passout file:intermediate/private/passphrase_intermediate.txt 4096

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out intermediate/private/intermediate.key.pem \

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     -passout file:intermediate/private/passphrase_intermediate.txt

</span> 

 # Intermediate CA CSR

 # openssl req -config intermediate/openssl_intermediate.cnf -new -sha256 \

<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -59,11 +61,12 @@

</span> ##################

 # Client certificate encrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out intermediate/private/www.example.com.key.pem \

</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-#     -passout file:intermediate/private/passphrase_client.txt 4096

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out intermediate/private/www.example.com.key.pem \

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#     -passout file:intermediate/private/passphrase_client.txt

</span> 

 # Client certificate decrypted key

<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl rsa -in intermediate/private/www.example.com.key.pem \

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl pkey -in intermediate/private/www.example.com.key.pem \

</span> #     -passin file:intermediate/private/passphrase_client.txt \

 #     -out intermediate/private/www.example.com.key.pem.decrypted

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf b/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf

</span><span style='display:block; white-space:pre;color:#808080;'>index 144fd1e0e89..62f3647d79d 100644

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf

</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -56,7 +56,7 @@ ssl_key = <@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_

</span> # 

 # `ssl_key_password` wasn't working on my install, so put the decrypted key in @PREFIX@/etc/certificates/private

 # 

<span style='display:block; white-space:pre;background:#ffe0e0;'>-# $ sudo openssl rsa -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo openssl pkey -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase

</span> # $ sudo chmod -R go-rwx @PREFIX@/etc/certificates/private

 # 

 # 2. Link to the existing TLS chain.

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/logrotate.d/mail b/mail/mail-server/files/prefix/etc/logrotate.d/mail

</span><span style='display:block; white-space:pre;color:#808080;'>index bfe00c61b19..ab292cf7b93 100644

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/logrotate.d/mail

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/logrotate.d/mail

</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,4 +1,5 @@

</span> @PREFIX@/var/log/mail/*.log {

<span style='display:block; white-space:pre;background:#e0ffe0;'>+        su root mail

</span>   weekly

        missingok

 #      rotate 52

<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/postfix/main.cf b/mail/mail-server/files/prefix/etc/postfix/main.cf

</span><span style='display:block; white-space:pre;color:#808080;'>index e0797539432..55bfe91813c 100644

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/postfix/main.cf

</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/postfix/main.cf

</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -910,7 +910,7 @@ recipient_delimiter = +

</span> # 

 # `ssl_key_password` wasn't working on my install, so put the decrypted key in @PREFIX@/etc/certificates/private

 # 

<span style='display:block; white-space:pre;background:#ffe0e0;'>-# $ sudo openssl rsa -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase

</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo openssl pkey -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase

</span> # $ sudo chmod -R go-rwx @PREFIX@/etc/certificates/private

 # 

 # 2. Link to the existing TLS chain.

</pre><pre style='margin:0'>

</pre>