<pre style='margin:0'>
Renee Otten (reneeotten) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/3cda5d271a22d5d33849caa255dba94a804ce14f">https://github.com/macports/macports-ports/commit/3cda5d271a22d5d33849caa255dba94a804ce14f</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 3cda5d271a2 mail-server: Update to version 1.5
</span>3cda5d271a2 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 3cda5d271a22d5d33849caa255dba94a804ce14f
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sun Nov 27 18:13:32 2022 -0500
<span style='display:block; white-space:pre;color:#404040;'> mail-server: Update to version 1.5
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Fixes: https://trac.macports.org/ticket/60273
</span><span style='display:block; white-space:pre;color:#404040;'> * Fix logrotate permission issue
</span><span style='display:block; white-space:pre;color:#404040;'> * Migrate to EC P-384 default x509 certificates
</span>---
mail/mail-server/Portfile | 29 ++++++++++++++--------
.../files/prefix/etc/certificates/ca/openssl.cnf | 17 +++++++------
.../files/prefix/etc/dovecot/conf.d/10-ssl.conf | 2 +-
mail/mail-server/files/prefix/etc/logrotate.d/mail | 1 +
mail/mail-server/files/prefix/etc/postfix/main.cf | 2 +-
5 files changed, 32 insertions(+), 19 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/Portfile b/mail/mail-server/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 4f2f66298d0..27ca92475a4 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,7 +4,7 @@ PortSystem 1.0
</span> PortGroup active_variants 1.1
name mail-server
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 1.4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 1.5
</span> revision 0
categories mail net
platforms darwin
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -302,6 +302,14 @@ if {${os.platform} eq "darwin" && ${os.major} >= 21} {
</span> }
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+pre-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # mail-server 1.1 inadvertently installed org.macports.logrotate.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # into /Library/LaunchDaemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://trac.macports.org/ticket/60273
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # This cleanup hack can be removed after December 2023.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete /Library/LaunchDaemons/org.macports.logrotate.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> proc plutil_startup {plcmds label} {
global prefix startupitem.location
foreach cmd ${plcmds} {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -577,8 +585,9 @@ SOLR_DELETE_DOVECOT
</span> system -W ${tls_ca_dir} \
"sh <<TLS_CERTIFICATE_SURROGATE
# CA encrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl genrsa -aes256 -out private/ca.key.pem \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -passout file:private/passphrase.txt 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl genpkey -out private/ca.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passout file:private/passphrase.txt
</span> chmod go-r private/ca.key.pem
# CA certificate
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -596,10 +605,10 @@ SOLR_DELETE_DOVECOT
</span> ##################
# Intermediate CA encrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl genrsa -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl genpkey \\
</span> -out intermediate/private/intermediate.key.pem \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>- -passout file:intermediate/private/passphrase_intermediate.txt \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passout file:intermediate/private/passphrase_intermediate.txt
</span> chmod go-r intermediate/private/intermediate.key.pem
# Intermediate CA CSR
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -632,14 +641,14 @@ SOLR_DELETE_DOVECOT
</span> ##################
# Client certificate encrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl genrsa -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl genpkey \\
</span> -out intermediate/private/${fullhost}.key.pem \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>- -passout file:intermediate/private/passphrase_client.txt \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passout file:intermediate/private/passphrase_client.txt
</span> chmod go-r intermediate/private/${fullhost}.key.pem
# Client certificate decrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl rsa -in intermediate/private/${fullhost}.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkey -in intermediate/private/${fullhost}.key.pem \\
</span> -passin file:intermediate/private/passphrase_client.txt \\
-out intermediate/private/${fullhost}.key.pem.decrypted
chmod go-r intermediate/private/${fullhost}.key.pem.decrypted
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf b/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf
</span><span style='display:block; white-space:pre;color:#808080;'>index f3a8f0c2c8f..6ee3ba3bab6 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/certificates/ca/openssl.cnf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5,8 +5,9 @@
</span> ##################
# CA encrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# -passout file:private/passphrase.txt 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out private/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -passout file:private/passphrase.txt
</span>
# CA certificate
# openssl req -config openssl.cnf \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -24,8 +25,9 @@
</span> ##################
# Intermediate CA encrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out intermediate/private/intermediate.key.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# -passout file:intermediate/private/passphrase_intermediate.txt 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out intermediate/private/intermediate.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -passout file:intermediate/private/passphrase_intermediate.txt
</span>
# Intermediate CA CSR
# openssl req -config intermediate/openssl_intermediate.cnf -new -sha256 \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -59,11 +61,12 @@
</span> ##################
# Client certificate encrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl genrsa -aes256 -out intermediate/private/www.example.com.key.pem \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-# -passout file:intermediate/private/passphrase_client.txt 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out intermediate/private/www.example.com.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -passout file:intermediate/private/passphrase_client.txt
</span>
# Client certificate decrypted key
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# openssl rsa -in intermediate/private/www.example.com.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl pkey -in intermediate/private/www.example.com.key.pem \
</span> # -passin file:intermediate/private/passphrase_client.txt \
# -out intermediate/private/www.example.com.key.pem.decrypted
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf b/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf
</span><span style='display:block; white-space:pre;color:#808080;'>index 144fd1e0e89..62f3647d79d 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/dovecot/conf.d/10-ssl.conf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -56,7 +56,7 @@ ssl_key = <@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_
</span> #
# `ssl_key_password` wasn't working on my install, so put the decrypted key in @PREFIX@/etc/certificates/private
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# $ sudo openssl rsa -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo openssl pkey -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase
</span> # $ sudo chmod -R go-rwx @PREFIX@/etc/certificates/private
#
# 2. Link to the existing TLS chain.
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/logrotate.d/mail b/mail/mail-server/files/prefix/etc/logrotate.d/mail
</span><span style='display:block; white-space:pre;color:#808080;'>index bfe00c61b19..ab292cf7b93 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/logrotate.d/mail
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/logrotate.d/mail
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,4 +1,5 @@
</span> @PREFIX@/var/log/mail/*.log {
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ su root mail
</span> weekly
missingok
# rotate 52
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/mail/mail-server/files/prefix/etc/postfix/main.cf b/mail/mail-server/files/prefix/etc/postfix/main.cf
</span><span style='display:block; white-space:pre;color:#808080;'>index e0797539432..55bfe91813c 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/mail/mail-server/files/prefix/etc/postfix/main.cf
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/mail/mail-server/files/prefix/etc/postfix/main.cf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -910,7 +910,7 @@ recipient_delimiter = +
</span> #
# `ssl_key_password` wasn't working on my install, so put the decrypted key in @PREFIX@/etc/certificates/private
#
<span style='display:block; white-space:pre;background:#ffe0e0;'>-# $ sudo openssl rsa -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo openssl pkey -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase
</span> # $ sudo chmod -R go-rwx @PREFIX@/etc/certificates/private
#
# 2. Link to the existing TLS chain.
</pre><pre style='margin:0'>
</pre>