From 7d8d824e23d828c84fada5fb3b0180a0a0aa4409 Mon Sep 17 00:00:00 2001
From: "Richard A Nelson (Rick)" <cowboy@debian.org>
Date: Fri, 7 Dec 2007 20:15:00 +0000
Subject: Imported Debian patch 8.14.2-3

---
 debian/local/Makefile.in     |  4 ++--
 debian/local/Parse_mc.pm.in  |  2 ++
 debian/local/update_tls.in   | 14 +++++++-------
 debian/local/update_tlsm4.in |  4 ++++
 4 files changed, 15 insertions(+), 9 deletions(-)

(limited to 'debian/local')

diff --git a/debian/local/Makefile.in b/debian/local/Makefile.in
index cbd9fec..32b6d15 100644
--- a/debian/local/Makefile.in
+++ b/debian/local/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.10 from Makefile.am.
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
diff --git a/debian/local/Parse_mc.pm.in b/debian/local/Parse_mc.pm.in
index e21d61d..a1e40b0 100644
--- a/debian/local/Parse_mc.pm.in
+++ b/debian/local/Parse_mc.pm.in
@@ -191,6 +191,8 @@ my %smdb_hash = (
             ['-','-',["${smdb_loc}tls/sendmail-server.crt"],'-']
     ,'confSERVER_KEY' =>
             ['-','-',["${smdb_loc}tls/sendmail-common.key"],'-']
+    ,'confDH_PARAMETERS' =>
+            ['-','-',["${smdb_loc}tls/sendmail-common.prm"],'-']
 	,'confTLS_SRV_OPTIONS' =>
             ['-','-',["V"],'-']
 # -----------  SMTP AUTH (SASL)
diff --git a/debian/local/update_tls.in b/debian/local/update_tls.in
index 99358bf..524e651 100644
--- a/debian/local/update_tls.in
+++ b/debian/local/update_tls.in
@@ -123,7 +123,7 @@ echo 'Creating/Updating SSL(for TLS) information';
 case "$1" in
 	[Nn][Ee][Ww]* | \
 	[Rr][Ee][Nn][Ee][Ww]* | \
-	[Rr][Ee][Ss][Ii][Nn][Gg]*)
+	[Rr][Ee][Ss][Ii][Gg][Nn]*)
 		echo 'Removing any pre-existing sendmail certificates.';
 		if [ -x @bindir@/openssl ]; then
 			if [ -f $MTA_CRT ]; then
@@ -186,6 +186,7 @@ if [ -d "$CERT_DIR" ]; then
 	if [ -f $MTA_CRT ] && [ -f $MSP_CRT ]; then
 		echo 'You already have sendmail certificates';
 		echo ' ';
+		chown root:smmsp $COM_PRM;
 		chown root:smmsp $COM_KEY;
 		chown root:smmsp $MTA_CRT;
 		chown root:smmsp $MSP_CRT;
@@ -235,12 +236,11 @@ if [ -d "$CERT_DIR" ]; then
 				chmod 0600 $MSP_CFG;
 				fi;
 			# Create shared DSA/DH password parameters
-			# Skip this for now...
-			if [ ! -f $COM_PRM ]; then
-				#openssl dsaparam 2048 -out $COM_PRM;
-				#openssl dhparam -dsaparam -in $COM_PRM >> $COM_PRM;
-				touch $COM_PRM;
-				chmod 0600 $COM_PRM;
+			if [ ! -s $COM_PRM ]; then
+				openssl dsaparam 2048 -out $COM_PRM;
+				openssl dhparam -dsaparam -in $COM_PRM >> $COM_PRM;
+				chown root:smmsp $COM_PRM;
+				chmod 0640 $COM_PRM;
 				fi;
 			# Create shared DSA/RSA key (RSA preferred for browser support)
 			if [ ! -f $COM_KEY ]; then
diff --git a/debian/local/update_tlsm4.in b/debian/local/update_tlsm4.in
index a2951c4..9e321f4 100644
--- a/debian/local/update_tlsm4.in
+++ b/debian/local/update_tlsm4.in
@@ -114,6 +114,7 @@ sub get_data {
 			,'confCLIENT_KEY'
 			,'confSERVER_CERT'
 			,'confSERVER_KEY'
+			,'confDH_PARAMETERS'
 			,'confTLS_SRV_OPTIONS'
 			);
 
@@ -239,6 +240,9 @@ dnl # NOTE: The key must *NOT* be encrypted !!!
 define(\`confCLIENT_CERT\',     \`$Def_Map{'confCLIENT_CERT'}\')dnl   # <= EDIT
 define(\`confCLIENT_KEY\',      \`$Def_Map{'confCLIENT_KEY'}\')dnl   # <= EDIT
 dnl #
+dnl # DH parameters
+define(\`confDH_PARAMETERS\',   \`$Def_Map{'confDH_PARAMETERS'}\')dnl # <= EDIT
+dnl #
 dnl # Optional settings
 define(\`confTLS_SRV_OPTIONS\', \`$Def_Map{'confTLS_SRV_OPTIONS'}\')dnl   # <= EDIT
 dnl #
-- 
cgit v1.2.3