[BlueOnyx:24009] 5210R: CentOS 8.2.2004 released

Michael Stauber mstauber at blueonyx.it
Tue Jun 16 01:07:24 -05 2020 

Hi all,

Today CentOS has released the update to 8.2.2004 and I just installed it
on a 5210R to see what breaks.

The YUM update on a 5210R is kinda fat - ranging between 580-600 RPMs.

To my utter surprise I noticed that RedHat has chosen to update the
version number of several RPMs:

- PHP:     Went from 7.2.11 to 7.2.24
- Dovecot: Went from 2.2.36 to 2.3.8-2

The PHP update is surprising, but uncritical.

The Dovecot update? Let me politely put it this way:

Redhat, ARE YOU OUT OF YOUR FRIGGIN' MIND?!? /facepalm

The configuration API changed between Dovecot 2.2 and 2.3 and the
configs aren't exactly compatible. In fact for anything TLS related the
old TLS configuration will now cause Dovecot to choke pretty hard and
it'll complain six ways 'til Sunday.

THAT is an update that rocks the boat and breaks stuff. THIS is exactly
what RedHat has avoided in the past by keeping stuff version number
locked and by backporting stuff in a way that there is no breakage or
unexpected behavior during or after updates.

Apparently they no longer give a shit. /shrug

The warning messages ...

Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:46:
ssl_dh_parameters_length is no longer needed
Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:49:
ssl_protocols has been replaced by ssl_min_protocol
Error: Could not find a minimum ssl_min_protocol setting from
ssl_protocols = TLSv1.2 TLSv1.3: Unrecognized protocol 'TLSv1.3'
Warning: please set ssl_dh=</etc/dovecot/dh.pem
Warning: You can generate it with: dd
if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam
-inform der > /etc/dovecot/dh.pem

... are of course super helpful and tell us what to do for fixing it.
But the credit for that goes entirely to the Dovecot people.

RedHat even went one step further to bork Dovecot by adding an
'ExecStartPre' command into the Dovecot Systemd Unit-File which executes
a NetworkManager check. Which is super inconvenient and disruptive on
5210R's that have NetworkManager turned off. Such as on OpenVZ.

To fix that mess I released an updated set of base-email-* RPMs which
(during their YUM install or during a CCEd restart) fix all these issues.

So if you did a YUM update on a 5210R and Dovecot broke, run a "yum
clean all" and a "yum update" to get the updated base-email-* RPMs as
well and that will fix it.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list