summaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
authorspz <spz@pkgsrc.org>2021-07-10 08:41:56 +0000
committerspz <spz@pkgsrc.org>2021-07-10 08:41:56 +0000
commit73e0e4637aa41f9a8baa18bda8f24624097eb67a (patch)
treeef1b79270833e292209843daaa8ffc7f7c3ee63c /mail
parent4564a0f7cb4c72783f749d562abfef32c2664be5 (diff)
downloadpkgsrc-73e0e4637aa41f9a8baa18bda8f24624097eb67a.tar.gz
update postsrsd to version 1.11
The update fixes CVE-2020-35573 and CVE-2021-35525
Diffstat (limited to 'mail')
-rw-r--r--mail/postsrsd/MESSAGE27
-rw-r--r--mail/postsrsd/Makefile17
-rw-r--r--mail/postsrsd/PLIST3
-rw-r--r--mail/postsrsd/distinfo11
-rwxr-xr-xmail/postsrsd/files/postsrsd.sh44
-rw-r--r--mail/postsrsd/patches/patch-postsrsd.c33
6 files changed, 126 insertions, 9 deletions
diff --git a/mail/postsrsd/MESSAGE b/mail/postsrsd/MESSAGE
new file mode 100644
index 00000000000..7355df64c5c
--- /dev/null
+++ b/mail/postsrsd/MESSAGE
@@ -0,0 +1,27 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2021/07/10 08:41:56 spz Exp $
+
+When using postsrsd with its rc.d script, at the minimum set
+postsrsd_flags="-dyour.domain"
+in rc.conf. See the manpage for more options.
+
+You must store at least one secret key in ${PKG_SYSCONFDIR}/postsrsd.secret.
+Be careful that no one can guess your secret, because anyone who knows it
+can use your mail server as open relay.
+Each line of ${PKG_SYSCONFDIR}/postsrsd.secret is used as secret.
+The first secret is used for signing and verification, the others for
+verification only.
+
+PostSRSd exposes its functionality via two TCP lookup tables.
+Add or amend the following variables in your main.cf:
+
+ sender_canonical_maps = tcp:localhost:10001
+ sender_canonical_classes = envelope_sender
+ recipient_canonical_maps = tcp:localhost:10002
+ recipient_canonical_classes= envelope_recipient,header_recipient
+
+This will transparently rewrite incoming and outgoing envelope addresses,
+and additionally undo SRS rewrites in the To: header of bounce notifications
+and vacation autoreplies.
+
+===========================================================================
diff --git a/mail/postsrsd/Makefile b/mail/postsrsd/Makefile
index ccaeb6472ea..d239705b60e 100644
--- a/mail/postsrsd/Makefile
+++ b/mail/postsrsd/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2017/12/31 13:22:46 wiz Exp $
+# $NetBSD: Makefile,v 1.3 2021/07/10 08:41:56 spz Exp $
-DISTNAME= postsrsd-1.4
-PKGREVISION= 1
+DISTNAME= postsrsd-1.11
+#PKGREVISION= 0
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_GITHUB:=roehling/}
@@ -10,6 +10,17 @@ HOMEPAGE= https://github.com/roehling/postsrsd
COMMENT= Postfix Sender Rewriting Scheme daemon
LICENSE= gnu-gpl-v2
+RCD_SCRIPTS= postsrsd
+
+POSTSRSD_USER?= postsrsd
+POSTSRSD_GROUP?= postsrsd
+PKG_USERS= ${POSTSRSD_USER}:${POSTSRSD_GROUP}
+PKG_GROUPS= ${POSTSRSD_GROUP}
+USER_GROUP= ${POSTSRSD_USER} ${POSTSRSD_GROUP}
+
+PKG_GECOS.${POSTSRSD_USER}?= postSRSd
+
+
USE_CMAKE= yes
BUILD_DEPENDS+= help2man-[0-9]*:../../converters/help2man
diff --git a/mail/postsrsd/PLIST b/mail/postsrsd/PLIST
index a35d650d8b7..0f20377fe8f 100644
--- a/mail/postsrsd/PLIST
+++ b/mail/postsrsd/PLIST
@@ -1,6 +1,7 @@
-@comment $NetBSD: PLIST,v 1.2 2017/12/31 13:22:46 wiz Exp $
+@comment $NetBSD: PLIST,v 1.3 2021/07/10 08:41:56 spz Exp $
man/man8/postsrsd.8
sbin/postsrsd
share/doc/postsrsd/README.md
share/doc/postsrsd/README_UPGRADE.md
share/doc/postsrsd/main.cf.ex
+share/postsrsd/postsrsd-systemd-launcher
diff --git a/mail/postsrsd/distinfo b/mail/postsrsd/distinfo
index c1e6f92a9f0..d56fd981a10 100644
--- a/mail/postsrsd/distinfo
+++ b/mail/postsrsd/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1 2016/02/25 15:29:15 wiz Exp $
+$NetBSD: distinfo,v 1.2 2021/07/10 08:41:56 spz Exp $
-SHA1 (postsrsd-1.4.tar.gz) = 9b71bc8bbd40dab7d545cd2ec98cf69e4ff50450
-RMD160 (postsrsd-1.4.tar.gz) = 9402c4b9ab9f4bb356a07c67a74fd270c9c56655
-SHA512 (postsrsd-1.4.tar.gz) = e5b9d2091d562030dd8d35117a3c5fb7d99c0613120fc90f74be57af5e88a3fe0ce73a5ce702708047ae37f70c6aedb4a0df018dccbe480048ccb6ed4debbcef
-Size (postsrsd-1.4.tar.gz) = 26555 bytes
+SHA1 (postsrsd-1.11.tar.gz) = 664478941995a05166dc2bc73d744de48ecd8827
+RMD160 (postsrsd-1.11.tar.gz) = 8c94d4fdd5bc47566bcda83e968892204962e6a6
+SHA512 (postsrsd-1.11.tar.gz) = cc041bbbd0277dd416a19e427d63eace3489dc518ebe3a61a022b3e2e159bcb09731a0eb5547eb85bd55887821726b66e828326c109c2ebe26b27dbd062a8d89
+Size (postsrsd-1.11.tar.gz) = 36309 bytes
+SHA1 (patch-postsrsd.c) = 06a9e294279e6ec17491d2b612473948bb92ef4c
diff --git a/mail/postsrsd/files/postsrsd.sh b/mail/postsrsd/files/postsrsd.sh
new file mode 100755
index 00000000000..75bd28ab6cb
--- /dev/null
+++ b/mail/postsrsd/files/postsrsd.sh
@@ -0,0 +1,44 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# PostSRSd provides the Sender Rewriting Scheme (SRS) for Postfix
+#
+
+# PROVIDE: postsrsd
+# BEFORE: mail
+# REQUIRE: DAEMON LOGIN
+
+. /etc/rc.subr
+
+name="postsrsd"
+
+# user-settable rc.conf variables
+: ${postsrsd_secret:="@PKG_SYSCONFDIR@/${name}.secret"}
+: ${postsrsd_chrootdir:="@VARBASE@/chroot/postsrsd"}
+
+rcvar=${name}
+required_files="${postsrsd_secret}"
+pidfile="@VARBASE@/run/${name}.pid"
+command="@PREFIX@/sbin/${name}"
+start_precmd="postsrsd_precmd"
+
+postsrsd_precmd()
+{
+ rc_flags="-p${pidfile} -s${postsrsd_secret} -D $rc_flags"
+ if [ -z "$postsrsd_chrootdir" ]; then
+ return 0;
+ fi
+
+ # If running in a chroot cage, ensure that the appropriate files
+ # exist inside the cage, as well as helper symlinks into the cage
+ # from outside.
+ if [ ! -d "${postsrsd_chrootdir}" ]; then
+ mkdir -p "${postsrsd_chrootdir}"
+ fi
+
+ # Change run_rc_commands()'s internal copy of $ntpd_flags
+ #
+ rc_flags="-upostsrsd -c${postsrsd_chrootdir} $rc_flags"
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/mail/postsrsd/patches/patch-postsrsd.c b/mail/postsrsd/patches/patch-postsrsd.c
new file mode 100644
index 00000000000..bc0a2329504
--- /dev/null
+++ b/mail/postsrsd/patches/patch-postsrsd.c
@@ -0,0 +1,33 @@
+$NetBSD: patch-postsrsd.c,v 1.1 2021/07/10 08:41:56 spz Exp $
+
+make sure we can use a connection more than once
+it'll work without the patch but with many error messages in the log
+
+--- postsrsd.c.orig 2021-03-21 19:23:39.000000000 +0000
++++ postsrsd.c 2021-07-09 10:29:40.996255562 +0000
+@@ -644,7 +644,7 @@
+ }
+ while (TRUE)
+ {
+- int conn;
++ int conn, flags;
+ FILE *fp_read, *fp_write;
+ char linebuf[1024], *line;
+ char keybuf[1024], *key;
+@@ -667,6 +667,16 @@
+ conn = accept(fds[sc].fd, NULL, NULL);
+ if (conn < 0)
+ continue;
++ /* remove the nonblocking for !Linux */
++ flags = fcntl(conn, F_GETFL, 0);
++ if (flags < 0) {
++ close(conn);
++ continue;
++ }
++ if (fcntl(conn, F_SETFL, flags & ~O_NONBLOCK) < 0) {
++ close(conn);
++ continue;
++ }
+ if (fork() == 0)
+ {
+ int i;