Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 201686

Summary: net-mail/dovecot < 1.0.8: use install_cert in pkg_postinst
Product: Gentoo Linux Reporter: Robert Buchholz (RETIRED) <rbu>
Component: New packagesAssignee: Net-Mail Packages <net-mail+disabled>
Status: RESOLVED FIXED    
Severity: normal CC: ulm, wschlich
Priority: Normal Keywords: SECURITY
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 203731    
Bug Blocks: 174759    

Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-08 14:46:20 UTC 
Installation of SSL certificates in src_install might expose the secret
keys when building binary packages (bug 174759).

Please update the package mentioned in this bug's title to use the new
"install_cert" function of ssl-cert.eclass, and use it only in
your pkg_postinst or pkg_config.

This bug is for keeping track of specific changes to your ebuilds
and stabling, general questions about this should be discussed in
bug 174759.

Our aim is to have fixed ebuilds in the tree by Dec. 23rd, otherwise
we will commit this minor change. Stabling should be done two weeks after the
commit, at last around Jan, 6th.
Comment 1 Ulrich Müller gentoo-dev 2007-12-08 16:29:00 UTC 
wschlich: Adding you to CC since you have version bumped the package today.
Comment 2 Wolfram Schlich (RETIRED) gentoo-dev 2007-12-09 02:24:10 UTC 
Fixed 1.0.8 in CVS :)
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-12-09 03:08:14 UTC 
we need new version to go stable or also fix the old ones, so the eclass function can go away. What do you advise for dovecot?
Comment 4 Ulrich Müller gentoo-dev 2007-12-09 08:05:01 UTC 
Another minor point: install_cert() already takes care of ROOT.
Comment 5 Wolfram Schlich (RETIRED) gentoo-dev 2007-12-09 23:37:00 UTC 
(In reply to comment #4)
> Another minor point: install_cert() already takes care of ROOT.

Fixed in CVS.
Comment 6 Ulrich Müller gentoo-dev 2007-12-31 13:56:33 UTC 
Please advise, what version should be targeted for stabilisation, 1.0.8, 1.0.9, or even newer (in which case we would have to wait)?
Comment 7 Ulrich Müller gentoo-dev 2008-01-04 09:49:26 UTC 
>>>>> On Fri, 4 Jan 2008, Robert Buchholz wrote:
> Dovecot 1.0.10 geht stable in bug 203731, hoffe das hilft?

Yes. Thanks.
Comment 8 Ulrich Müller gentoo-dev 2008-01-22 12:07:02 UTC 
Wolfram, could <=dovecot-1.0.7 be removed, now that 1.0.10 is stable?
Comment 9 Wolfram Schlich (RETIRED) gentoo-dev 2008-01-25 16:45:41 UTC 
(In reply to comment #8)
> Wolfram, could <=dovecot-1.0.7 be removed, now that 1.0.10 is stable?

Yeah, done :)