pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/postsrsd update postsrsd to version 1.11
details: https://anonhg.NetBSD.org/pkgsrc/rev/d60cb063314b
branches: trunk
changeset: 455749:d60cb063314b
user: spz <spz%pkgsrc.org@localhost>
date: Sat Jul 10 08:41:56 2021 +0000
description:
update postsrsd to version 1.11
The update fixes CVE-2020-35573 and CVE-2021-35525
diffstat:
mail/postsrsd/MESSAGE | 27 ++++++++++++++++++++
mail/postsrsd/Makefile | 17 ++++++++++--
mail/postsrsd/PLIST | 3 +-
mail/postsrsd/distinfo | 11 ++++---
mail/postsrsd/files/postsrsd.sh | 44 ++++++++++++++++++++++++++++++++++
mail/postsrsd/patches/patch-postsrsd.c | 33 +++++++++++++++++++++++++
6 files changed, 126 insertions(+), 9 deletions(-)
diffs (176 lines):
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/MESSAGE
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/postsrsd/MESSAGE Sat Jul 10 08:41:56 2021 +0000
@@ -0,0 +1,27 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2021/07/10 08:41:56 spz Exp $
+
+When using postsrsd with its rc.d script, at the minimum set
+postsrsd_flags="-dyour.domain"
+in rc.conf. See the manpage for more options.
+
+You must store at least one secret key in ${PKG_SYSCONFDIR}/postsrsd.secret.
+Be careful that no one can guess your secret, because anyone who knows it
+can use your mail server as open relay.
+Each line of ${PKG_SYSCONFDIR}/postsrsd.secret is used as secret.
+The first secret is used for signing and verification, the others for
+verification only.
+
+PostSRSd exposes its functionality via two TCP lookup tables.
+Add or amend the following variables in your main.cf:
+
+ sender_canonical_maps = tcp:localhost:10001
+ sender_canonical_classes = envelope_sender
+ recipient_canonical_maps = tcp:localhost:10002
+ recipient_canonical_classes= envelope_recipient,header_recipient
+
+This will transparently rewrite incoming and outgoing envelope addresses,
+and additionally undo SRS rewrites in the To: header of bounce notifications
+and vacation autoreplies.
+
+===========================================================================
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/Makefile
--- a/mail/postsrsd/Makefile Sat Jul 10 06:05:00 2021 +0000
+++ b/mail/postsrsd/Makefile Sat Jul 10 08:41:56 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2017/12/31 13:22:46 wiz Exp $
+# $NetBSD: Makefile,v 1.3 2021/07/10 08:41:56 spz Exp $
-DISTNAME= postsrsd-1.4
-PKGREVISION= 1
+DISTNAME= postsrsd-1.11
+#PKGREVISION= 0
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_GITHUB:=roehling/}
@@ -10,6 +10,17 @@
COMMENT= Postfix Sender Rewriting Scheme daemon
LICENSE= gnu-gpl-v2
+RCD_SCRIPTS= postsrsd
+
+POSTSRSD_USER?= postsrsd
+POSTSRSD_GROUP?= postsrsd
+PKG_USERS= ${POSTSRSD_USER}:${POSTSRSD_GROUP}
+PKG_GROUPS= ${POSTSRSD_GROUP}
+USER_GROUP= ${POSTSRSD_USER} ${POSTSRSD_GROUP}
+
+PKG_GECOS.${POSTSRSD_USER}?= postSRSd
+
+
USE_CMAKE= yes
BUILD_DEPENDS+= help2man-[0-9]*:../../converters/help2man
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/PLIST
--- a/mail/postsrsd/PLIST Sat Jul 10 06:05:00 2021 +0000
+++ b/mail/postsrsd/PLIST Sat Jul 10 08:41:56 2021 +0000
@@ -1,6 +1,7 @@
-@comment $NetBSD: PLIST,v 1.2 2017/12/31 13:22:46 wiz Exp $
+@comment $NetBSD: PLIST,v 1.3 2021/07/10 08:41:56 spz Exp $
man/man8/postsrsd.8
sbin/postsrsd
share/doc/postsrsd/README.md
share/doc/postsrsd/README_UPGRADE.md
share/doc/postsrsd/main.cf.ex
+share/postsrsd/postsrsd-systemd-launcher
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/distinfo
--- a/mail/postsrsd/distinfo Sat Jul 10 06:05:00 2021 +0000
+++ b/mail/postsrsd/distinfo Sat Jul 10 08:41:56 2021 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1 2016/02/25 15:29:15 wiz Exp $
+$NetBSD: distinfo,v 1.2 2021/07/10 08:41:56 spz Exp $
-SHA1 (postsrsd-1.4.tar.gz) = 9b71bc8bbd40dab7d545cd2ec98cf69e4ff50450
-RMD160 (postsrsd-1.4.tar.gz) = 9402c4b9ab9f4bb356a07c67a74fd270c9c56655
-SHA512 (postsrsd-1.4.tar.gz) = e5b9d2091d562030dd8d35117a3c5fb7d99c0613120fc90f74be57af5e88a3fe0ce73a5ce702708047ae37f70c6aedb4a0df018dccbe480048ccb6ed4debbcef
-Size (postsrsd-1.4.tar.gz) = 26555 bytes
+SHA1 (postsrsd-1.11.tar.gz) = 664478941995a05166dc2bc73d744de48ecd8827
+RMD160 (postsrsd-1.11.tar.gz) = 8c94d4fdd5bc47566bcda83e968892204962e6a6
+SHA512 (postsrsd-1.11.tar.gz) = cc041bbbd0277dd416a19e427d63eace3489dc518ebe3a61a022b3e2e159bcb09731a0eb5547eb85bd55887821726b66e828326c109c2ebe26b27dbd062a8d89
+Size (postsrsd-1.11.tar.gz) = 36309 bytes
+SHA1 (patch-postsrsd.c) = 06a9e294279e6ec17491d2b612473948bb92ef4c
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/files/postsrsd.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/postsrsd/files/postsrsd.sh Sat Jul 10 08:41:56 2021 +0000
@@ -0,0 +1,44 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# PostSRSd provides the Sender Rewriting Scheme (SRS) for Postfix
+#
+
+# PROVIDE: postsrsd
+# BEFORE: mail
+# REQUIRE: DAEMON LOGIN
+
+. /etc/rc.subr
+
+name="postsrsd"
+
+# user-settable rc.conf variables
+: ${postsrsd_secret:="@PKG_SYSCONFDIR@/${name}.secret"}
+: ${postsrsd_chrootdir:="@VARBASE@/chroot/postsrsd"}
+
+rcvar=${name}
+required_files="${postsrsd_secret}"
+pidfile="@VARBASE@/run/${name}.pid"
+command="@PREFIX@/sbin/${name}"
+start_precmd="postsrsd_precmd"
+
+postsrsd_precmd()
+{
+ rc_flags="-p${pidfile} -s${postsrsd_secret} -D $rc_flags"
+ if [ -z "$postsrsd_chrootdir" ]; then
+ return 0;
+ fi
+
+ # If running in a chroot cage, ensure that the appropriate files
+ # exist inside the cage, as well as helper symlinks into the cage
+ # from outside.
+ if [ ! -d "${postsrsd_chrootdir}" ]; then
+ mkdir -p "${postsrsd_chrootdir}"
+ fi
+
+ # Change run_rc_commands()'s internal copy of $ntpd_flags
+ #
+ rc_flags="-upostsrsd -c${postsrsd_chrootdir} $rc_flags"
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff -r f71dd07768d9 -r d60cb063314b mail/postsrsd/patches/patch-postsrsd.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mail/postsrsd/patches/patch-postsrsd.c Sat Jul 10 08:41:56 2021 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-postsrsd.c,v 1.1 2021/07/10 08:41:56 spz Exp $
+
+make sure we can use a connection more than once
+it'll work without the patch but with many error messages in the log
+
+--- postsrsd.c.orig 2021-03-21 19:23:39.000000000 +0000
++++ postsrsd.c 2021-07-09 10:29:40.996255562 +0000
+@@ -644,7 +644,7 @@
+ }
+ while (TRUE)
+ {
+- int conn;
++ int conn, flags;
+ FILE *fp_read, *fp_write;
+ char linebuf[1024], *line;
+ char keybuf[1024], *key;
+@@ -667,6 +667,16 @@
+ conn = accept(fds[sc].fd, NULL, NULL);
+ if (conn < 0)
+ continue;
++ /* remove the nonblocking for !Linux */
++ flags = fcntl(conn, F_GETFL, 0);
++ if (flags < 0) {
++ close(conn);
++ continue;
++ }
++ if (fcntl(conn, F_SETFL, flags & ~O_NONBLOCK) < 0) {
++ close(conn);
++ continue;
++ }
+ if (fork() == 0)
+ {
+ int i;
Home |
Main Index |
Thread Index |
Old Index