From 384249ca6b10fd00853140753445b534de4da6d9 Mon Sep 17 00:00:00 2001 From: khorben Date: Thu, 11 Aug 2022 15:41:30 +0000 Subject: prosody: support Lua 5.4 and improve security The changes here are: * prosody can be built with Lua 5.4 (as recommended since the 0.12 series), also thanks to lua-unbound being available for Lua 5.4 * the prosody user's home directory is back to the default /nonexistent (prosody finds its own data directory nonetheless, as it is a compile-time option) * the corresponding directories created (data directory, PID directory, logging) do not seem to actually require write access (or not anymore) These last two changes together get rid of the security report "user prosody home directory is group writable" from the daily insecurity checks on NetBSD. Tested on NetBSD/amd64. --- chat/prosody/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/chat/prosody/Makefile b/chat/prosody/Makefile index 0f88f4be88f..d7d75e2e005 100644 --- a/chat/prosody/Makefile +++ b/chat/prosody/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.41 2022/07/27 01:53:40 khorben Exp $ +# $NetBSD: Makefile,v 1.42 2022/08/11 15:41:30 khorben Exp $ DISTNAME= prosody-0.12.1 +PKGREVISION= 1 CATEGORIES= chat MASTER_SITES= https://prosody.im/downloads/source/ @@ -19,7 +20,7 @@ HAS_CONFIGURE= yes USE_LANGUAGES= c BUILD_DEFS+= VARBASE -LUA_VERSIONS_ACCEPTED= 52 51 +LUA_VERSIONS_ACCEPTED= 54 52 51 .include "../../mk/bsd.prefs.mk" @@ -29,9 +30,9 @@ PROSODY_DATA?= ${VARBASE}/db/prosody PROSODY_LOG?= ${VARBASE}/log/prosody PROSODY_RUN?= ${VARBASE}/run/prosody -OWN_DIRS_PERMS+= ${PROSODY_DATA} ${PROSODY_USER} ${PROSODY_GROUP} 0770 -OWN_DIRS_PERMS+= ${PROSODY_LOG} ${PROSODY_USER} ${PROSODY_GROUP} 0770 -OWN_DIRS_PERMS+= ${PROSODY_RUN} ${PROSODY_USER} ${PROSODY_GROUP} 0770 +OWN_DIRS_PERMS+= ${PROSODY_DATA} ${PROSODY_USER} ${PROSODY_GROUP} 0750 +OWN_DIRS_PERMS+= ${PROSODY_LOG} ${PROSODY_USER} ${PROSODY_GROUP} 0750 +OWN_DIRS_PERMS+= ${PROSODY_RUN} ${PROSODY_USER} ${PROSODY_GROUP} 0750 MAKE_DIRS+= ${PKG_SYSCONFDIR}/certs PKG_USERS_VARS= PROSODY_USER @@ -39,7 +40,6 @@ PKG_GROUPS_VARS= PROSODY_GROUP PKG_GROUPS= ${PROSODY_GROUP} PKG_USERS= ${PROSODY_USER}:${PROSODY_GROUP} PKG_GECOS.${PROSODY_USER}= Prosody daemon user -PKG_HOME.${PROSODY_USER}= ${PROSODY_DATA} PKG_SHELL.${PROSODY_USER}= ${NOLOGIN} PKG_SYSCONFSUBDIR= ${PKGBASE} -- cgit v1.2.3