diff options
| author | spz <spz@pkgsrc.org> | 2021-07-10 08:41:56 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2021-07-10 08:41:56 +0000 |
| commit | 73e0e4637aa41f9a8baa18bda8f24624097eb67a (patch) | |
| tree | ef1b79270833e292209843daaa8ffc7f7c3ee63c /mail | |
| parent | 4564a0f7cb4c72783f749d562abfef32c2664be5 (diff) | |
| download | pkgsrc-73e0e4637aa41f9a8baa18bda8f24624097eb67a.tar.gz | |
update postsrsd to version 1.11
The update fixes CVE-2020-35573 and CVE-2021-35525
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/postsrsd/MESSAGE | 27 | ||||
| -rw-r--r-- | mail/postsrsd/Makefile | 17 | ||||
| -rw-r--r-- | mail/postsrsd/PLIST | 3 | ||||
| -rw-r--r-- | mail/postsrsd/distinfo | 11 | ||||
| -rwxr-xr-x | mail/postsrsd/files/postsrsd.sh | 44 | ||||
| -rw-r--r-- | mail/postsrsd/patches/patch-postsrsd.c | 33 |
6 files changed, 126 insertions, 9 deletions
diff --git a/mail/postsrsd/MESSAGE b/mail/postsrsd/MESSAGE new file mode 100644 index 00000000000..7355df64c5c --- /dev/null +++ b/mail/postsrsd/MESSAGE @@ -0,0 +1,27 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1 2021/07/10 08:41:56 spz Exp $ + +When using postsrsd with its rc.d script, at the minimum set +postsrsd_flags="-dyour.domain" +in rc.conf. See the manpage for more options. + +You must store at least one secret key in ${PKG_SYSCONFDIR}/postsrsd.secret. +Be careful that no one can guess your secret, because anyone who knows it +can use your mail server as open relay. +Each line of ${PKG_SYSCONFDIR}/postsrsd.secret is used as secret. +The first secret is used for signing and verification, the others for +verification only. + +PostSRSd exposes its functionality via two TCP lookup tables. +Add or amend the following variables in your main.cf: + + sender_canonical_maps = tcp:localhost:10001 + sender_canonical_classes = envelope_sender + recipient_canonical_maps = tcp:localhost:10002 + recipient_canonical_classes= envelope_recipient,header_recipient + +This will transparently rewrite incoming and outgoing envelope addresses, +and additionally undo SRS rewrites in the To: header of bounce notifications +and vacation autoreplies. + +=========================================================================== diff --git a/mail/postsrsd/Makefile b/mail/postsrsd/Makefile index ccaeb6472ea..d239705b60e 100644 --- a/mail/postsrsd/Makefile +++ b/mail/postsrsd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.2 2017/12/31 13:22:46 wiz Exp $ +# $NetBSD: Makefile,v 1.3 2021/07/10 08:41:56 spz Exp $ -DISTNAME= postsrsd-1.4 -PKGREVISION= 1 +DISTNAME= postsrsd-1.11 +#PKGREVISION= 0 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_GITHUB:=roehling/} @@ -10,6 +10,17 @@ HOMEPAGE= https://github.com/roehling/postsrsd COMMENT= Postfix Sender Rewriting Scheme daemon LICENSE= gnu-gpl-v2 +RCD_SCRIPTS= postsrsd + +POSTSRSD_USER?= postsrsd +POSTSRSD_GROUP?= postsrsd +PKG_USERS= ${POSTSRSD_USER}:${POSTSRSD_GROUP} +PKG_GROUPS= ${POSTSRSD_GROUP} +USER_GROUP= ${POSTSRSD_USER} ${POSTSRSD_GROUP} + +PKG_GECOS.${POSTSRSD_USER}?= postSRSd + + USE_CMAKE= yes BUILD_DEPENDS+= help2man-[0-9]*:../../converters/help2man diff --git a/mail/postsrsd/PLIST b/mail/postsrsd/PLIST index a35d650d8b7..0f20377fe8f 100644 --- a/mail/postsrsd/PLIST +++ b/mail/postsrsd/PLIST @@ -1,6 +1,7 @@ -@comment $NetBSD: PLIST,v 1.2 2017/12/31 13:22:46 wiz Exp $ +@comment $NetBSD: PLIST,v 1.3 2021/07/10 08:41:56 spz Exp $ man/man8/postsrsd.8 sbin/postsrsd share/doc/postsrsd/README.md share/doc/postsrsd/README_UPGRADE.md share/doc/postsrsd/main.cf.ex +share/postsrsd/postsrsd-systemd-launcher diff --git a/mail/postsrsd/distinfo b/mail/postsrsd/distinfo index c1e6f92a9f0..d56fd981a10 100644 --- a/mail/postsrsd/distinfo +++ b/mail/postsrsd/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.1 2016/02/25 15:29:15 wiz Exp $ +$NetBSD: distinfo,v 1.2 2021/07/10 08:41:56 spz Exp $ -SHA1 (postsrsd-1.4.tar.gz) = 9b71bc8bbd40dab7d545cd2ec98cf69e4ff50450 -RMD160 (postsrsd-1.4.tar.gz) = 9402c4b9ab9f4bb356a07c67a74fd270c9c56655 -SHA512 (postsrsd-1.4.tar.gz) = e5b9d2091d562030dd8d35117a3c5fb7d99c0613120fc90f74be57af5e88a3fe0ce73a5ce702708047ae37f70c6aedb4a0df018dccbe480048ccb6ed4debbcef -Size (postsrsd-1.4.tar.gz) = 26555 bytes +SHA1 (postsrsd-1.11.tar.gz) = 664478941995a05166dc2bc73d744de48ecd8827 +RMD160 (postsrsd-1.11.tar.gz) = 8c94d4fdd5bc47566bcda83e968892204962e6a6 +SHA512 (postsrsd-1.11.tar.gz) = cc041bbbd0277dd416a19e427d63eace3489dc518ebe3a61a022b3e2e159bcb09731a0eb5547eb85bd55887821726b66e828326c109c2ebe26b27dbd062a8d89 +Size (postsrsd-1.11.tar.gz) = 36309 bytes +SHA1 (patch-postsrsd.c) = 06a9e294279e6ec17491d2b612473948bb92ef4c diff --git a/mail/postsrsd/files/postsrsd.sh b/mail/postsrsd/files/postsrsd.sh new file mode 100755 index 00000000000..75bd28ab6cb --- /dev/null +++ b/mail/postsrsd/files/postsrsd.sh @@ -0,0 +1,44 @@ +#!@RCD_SCRIPTS_SHELL@ +# +# PostSRSd provides the Sender Rewriting Scheme (SRS) for Postfix +# + +# PROVIDE: postsrsd +# BEFORE: mail +# REQUIRE: DAEMON LOGIN + +. /etc/rc.subr + +name="postsrsd" + +# user-settable rc.conf variables +: ${postsrsd_secret:="@PKG_SYSCONFDIR@/${name}.secret"} +: ${postsrsd_chrootdir:="@VARBASE@/chroot/postsrsd"} + +rcvar=${name} +required_files="${postsrsd_secret}" +pidfile="@VARBASE@/run/${name}.pid" +command="@PREFIX@/sbin/${name}" +start_precmd="postsrsd_precmd" + +postsrsd_precmd() +{ + rc_flags="-p${pidfile} -s${postsrsd_secret} -D $rc_flags" + if [ -z "$postsrsd_chrootdir" ]; then + return 0; + fi + + # If running in a chroot cage, ensure that the appropriate files + # exist inside the cage, as well as helper symlinks into the cage + # from outside. + if [ ! -d "${postsrsd_chrootdir}" ]; then + mkdir -p "${postsrsd_chrootdir}" + fi + + # Change run_rc_commands()'s internal copy of $ntpd_flags + # + rc_flags="-upostsrsd -c${postsrsd_chrootdir} $rc_flags" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/mail/postsrsd/patches/patch-postsrsd.c b/mail/postsrsd/patches/patch-postsrsd.c new file mode 100644 index 00000000000..bc0a2329504 --- /dev/null +++ b/mail/postsrsd/patches/patch-postsrsd.c @@ -0,0 +1,33 @@ +$NetBSD: patch-postsrsd.c,v 1.1 2021/07/10 08:41:56 spz Exp $ + +make sure we can use a connection more than once +it'll work without the patch but with many error messages in the log + +--- postsrsd.c.orig 2021-03-21 19:23:39.000000000 +0000 ++++ postsrsd.c 2021-07-09 10:29:40.996255562 +0000 +@@ -644,7 +644,7 @@ + } + while (TRUE) + { +- int conn; ++ int conn, flags; + FILE *fp_read, *fp_write; + char linebuf[1024], *line; + char keybuf[1024], *key; +@@ -667,6 +667,16 @@ + conn = accept(fds[sc].fd, NULL, NULL); + if (conn < 0) + continue; ++ /* remove the nonblocking for !Linux */ ++ flags = fcntl(conn, F_GETFL, 0); ++ if (flags < 0) { ++ close(conn); ++ continue; ++ } ++ if (fcntl(conn, F_SETFL, flags & ~O_NONBLOCK) < 0) { ++ close(conn); ++ continue; ++ } + if (fork() == 0) + { + int i; |