pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/mail/postsrsd update postsrsd to version 1.11



details:   https://anonhg.NetBSD.org/pkgsrc/rev/d60cb063314b
branches:  trunk
changeset: 455749:d60cb063314b
user:      spz <spz%pkgsrc.org@localhost>
date:      Sat Jul 10 08:41:56 2021 +0000

description:
update postsrsd to version 1.11

The update fixes CVE-2020-35573 and CVE-2021-35525

diffstat:

 mail/postsrsd/MESSAGE                  |  27 ++++++++++++++++++++
 mail/postsrsd/Makefile                 |  17 ++++++++++--
 mail/postsrsd/PLIST                    |   3 +-
 mail/postsrsd/distinfo                 |  11 ++++---
 mail/postsrsd/files/postsrsd.sh        |  44 ++++++++++++++++++++++++++++++++++
 mail/postsrsd/patches/patch-postsrsd.c |  33 +++++++++++++++++++++++++
 6 files changed, 126 insertions(+), 9 deletions(-)

diffs (176 lines):

diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/MESSAGE
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/postsrsd/MESSAGE     Sat Jul 10 08:41:56 2021 +0000
@@ -0,0 +1,27 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2021/07/10 08:41:56 spz Exp $
+
+When using postsrsd with its rc.d script, at the minimum set
+postsrsd_flags="-dyour.domain"
+in rc.conf. See the manpage for more options.
+
+You must store at least one secret key in ${PKG_SYSCONFDIR}/postsrsd.secret.
+Be careful that no one can guess your secret, because anyone who knows it
+can use your mail server as open relay.
+Each line of ${PKG_SYSCONFDIR}/postsrsd.secret is used as secret.
+The first secret is used for signing and verification, the others for
+verification only.
+
+PostSRSd exposes its functionality via two TCP lookup tables.
+Add or amend the following variables in your main.cf:
+
+    sender_canonical_maps = tcp:localhost:10001
+    sender_canonical_classes = envelope_sender
+    recipient_canonical_maps = tcp:localhost:10002
+    recipient_canonical_classes= envelope_recipient,header_recipient
+
+This will transparently rewrite incoming and outgoing envelope addresses,
+and additionally undo SRS rewrites in the To: header of bounce notifications
+and vacation autoreplies.
+
+===========================================================================
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/Makefile
--- a/mail/postsrsd/Makefile    Sat Jul 10 06:05:00 2021 +0000
+++ b/mail/postsrsd/Makefile    Sat Jul 10 08:41:56 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2017/12/31 13:22:46 wiz Exp $
+# $NetBSD: Makefile,v 1.3 2021/07/10 08:41:56 spz Exp $
 
-DISTNAME=      postsrsd-1.4
-PKGREVISION=   1
+DISTNAME=      postsrsd-1.11
+#PKGREVISION=  0
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=roehling/}
 
@@ -10,6 +10,17 @@
 COMMENT=       Postfix Sender Rewriting Scheme daemon
 LICENSE=       gnu-gpl-v2
 
+RCD_SCRIPTS=   postsrsd
+
+POSTSRSD_USER?=                postsrsd
+POSTSRSD_GROUP?=       postsrsd
+PKG_USERS=             ${POSTSRSD_USER}:${POSTSRSD_GROUP}
+PKG_GROUPS=            ${POSTSRSD_GROUP}
+USER_GROUP=            ${POSTSRSD_USER} ${POSTSRSD_GROUP}
+
+PKG_GECOS.${POSTSRSD_USER}?=   postSRSd
+
+
 USE_CMAKE=     yes
 BUILD_DEPENDS+=        help2man-[0-9]*:../../converters/help2man
 
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/PLIST
--- a/mail/postsrsd/PLIST       Sat Jul 10 06:05:00 2021 +0000
+++ b/mail/postsrsd/PLIST       Sat Jul 10 08:41:56 2021 +0000
@@ -1,6 +1,7 @@
-@comment $NetBSD: PLIST,v 1.2 2017/12/31 13:22:46 wiz Exp $
+@comment $NetBSD: PLIST,v 1.3 2021/07/10 08:41:56 spz Exp $
 man/man8/postsrsd.8
 sbin/postsrsd
 share/doc/postsrsd/README.md
 share/doc/postsrsd/README_UPGRADE.md
 share/doc/postsrsd/main.cf.ex
+share/postsrsd/postsrsd-systemd-launcher
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/distinfo
--- a/mail/postsrsd/distinfo    Sat Jul 10 06:05:00 2021 +0000
+++ b/mail/postsrsd/distinfo    Sat Jul 10 08:41:56 2021 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1 2016/02/25 15:29:15 wiz Exp $
+$NetBSD: distinfo,v 1.2 2021/07/10 08:41:56 spz Exp $
 
-SHA1 (postsrsd-1.4.tar.gz) = 9b71bc8bbd40dab7d545cd2ec98cf69e4ff50450
-RMD160 (postsrsd-1.4.tar.gz) = 9402c4b9ab9f4bb356a07c67a74fd270c9c56655
-SHA512 (postsrsd-1.4.tar.gz) = e5b9d2091d562030dd8d35117a3c5fb7d99c0613120fc90f74be57af5e88a3fe0ce73a5ce702708047ae37f70c6aedb4a0df018dccbe480048ccb6ed4debbcef
-Size (postsrsd-1.4.tar.gz) = 26555 bytes
+SHA1 (postsrsd-1.11.tar.gz) = 664478941995a05166dc2bc73d744de48ecd8827
+RMD160 (postsrsd-1.11.tar.gz) = 8c94d4fdd5bc47566bcda83e968892204962e6a6
+SHA512 (postsrsd-1.11.tar.gz) = cc041bbbd0277dd416a19e427d63eace3489dc518ebe3a61a022b3e2e159bcb09731a0eb5547eb85bd55887821726b66e828326c109c2ebe26b27dbd062a8d89
+Size (postsrsd-1.11.tar.gz) = 36309 bytes
+SHA1 (patch-postsrsd.c) = 06a9e294279e6ec17491d2b612473948bb92ef4c
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/files/postsrsd.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/postsrsd/files/postsrsd.sh   Sat Jul 10 08:41:56 2021 +0000
@@ -0,0 +1,44 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# PostSRSd provides the Sender Rewriting Scheme (SRS) for Postfix
+#
+
+# PROVIDE: postsrsd
+# BEFORE: mail
+# REQUIRE: DAEMON LOGIN
+
+. /etc/rc.subr
+
+name="postsrsd"
+
+# user-settable rc.conf variables
+: ${postsrsd_secret:="@PKG_SYSCONFDIR@/${name}.secret"}
+: ${postsrsd_chrootdir:="@VARBASE@/chroot/postsrsd"}
+
+rcvar=${name}
+required_files="${postsrsd_secret}"
+pidfile="@VARBASE@/run/${name}.pid"
+command="@PREFIX@/sbin/${name}"
+start_precmd="postsrsd_precmd"
+
+postsrsd_precmd()
+{
+       rc_flags="-p${pidfile} -s${postsrsd_secret} -D $rc_flags"
+       if [ -z "$postsrsd_chrootdir" ]; then
+               return 0;
+       fi
+
+       # If running in a chroot cage, ensure that the appropriate files
+       # exist inside the cage, as well as helper symlinks into the cage 
+       # from outside.
+       if [ ! -d "${postsrsd_chrootdir}" ]; then
+               mkdir -p "${postsrsd_chrootdir}"
+       fi
+
+       #       Change run_rc_commands()'s internal copy of $ntpd_flags
+       #
+       rc_flags="-upostsrsd -c${postsrsd_chrootdir} $rc_flags"
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/patches/patch-postsrsd.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/postsrsd/patches/patch-postsrsd.c    Sat Jul 10 08:41:56 2021 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-postsrsd.c,v 1.1 2021/07/10 08:41:56 spz Exp $
+
+make sure we can use a connection more than once
+it'll work without the patch but with many error messages in the log
+
+--- postsrsd.c.orig    2021-03-21 19:23:39.000000000 +0000
++++ postsrsd.c 2021-07-09 10:29:40.996255562 +0000
+@@ -644,7 +644,7 @@
+     }
+     while (TRUE)
+     {
+-        int conn;
++        int conn, flags;
+         FILE *fp_read, *fp_write;
+         char linebuf[1024], *line;
+         char keybuf[1024], *key;
+@@ -667,6 +667,16 @@
+                 conn = accept(fds[sc].fd, NULL, NULL);
+                 if (conn < 0)
+                     continue;
++                /* remove the nonblocking for !Linux */
++                flags = fcntl(conn, F_GETFL, 0);
++                if (flags < 0) {
++                    close(conn);
++                    continue;
++                }
++                if (fcntl(conn, F_SETFL, flags & ~O_NONBLOCK) < 0) {
++                    close(conn);
++                    continue;
++                }
+                 if (fork() == 0)
+                 {
+                     int i;



Home | Main Index | Thread Index | Old Index