wok-6.x rev 17238

dovecot, proftpd: CVE-2014-3566
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sat Oct 18 14:31:43 2014 +0200 (2014-10-18)
parents f2bdc266fba2
children bdcd8803b305
files dovecot/receipt proftpd/receipt
line diff
     1.1 --- a/dovecot/receipt	Sat Oct 18 14:11:33 2014 +0200
     1.2 +++ b/dovecot/receipt	Sat Oct 18 14:31:43 2014 +0200
     1.3 @@ -63,14 +63,18 @@
     1.4  	chmod 755 $fs/etc/ssl/misc/*
     1.5  	
     1.6  	# Customising config.
     1.7 -	sed -i -e "s/^#default_vsz_limit.*/default_vsz_limit = 50M"/ \
     1.8 +	sed -i -e "s/^#default_vsz_limit.*/default_vsz_limit = 50M/" \
     1.9  		$fs/etc/dovecot/conf.d/10-master.conf
    1.10  
    1.11 -	sed -i -e "s!^#log_path =.*!log_path = /var/log/dovecot/dovecot.log"! \
    1.12 +	sed -i -e "s!^#log_path =.*!log_path = /var/log/dovecot/dovecot.log!" \
    1.13  		$fs/etc/dovecot/conf.d/10-logging.conf
    1.14  	
    1.15 -	sed -i -e "s/^#listen.*/listen = *"/ \
    1.16 +	sed -i -e "s/^#listen.*/listen = */" \
    1.17  		$fs/etc/dovecot/dovecot.conf
    1.18 +
    1.19 +	# Unsafe, see CVE-2014-3566 POODLE
    1.20 +	sed -i -e "s/^#ssl_protocols =.*/ssl_protocols = !SSLv2 !SSLv3/" \
    1.21 +		$fs/etc/dovecot/conf.d/10-ssl.conf
    1.22  }
    1.23  
    1.24  #nd post install commands for Tazpkg.
     2.1 --- a/proftpd/receipt	Sat Oct 18 14:11:33 2014 +0200
     2.2 +++ b/proftpd/receipt	Sat Oct 18 14:31:43 2014 +0200
     2.3 @@ -34,4 +34,9 @@
     2.4  	cp -a $install/usr/bin $fs/usr
     2.5  	cp -a $install/usr/lib/proftpd $fs/usr/lib
     2.6  	cp -a $install/etc $fs
     2.7 +	cat >> $fs/etc/proftpd.conf <<EOT
     2.8 +
     2.9 +# SSLv3 is unsafe, see CVE-2014-3566 POODLE
    2.10 +# TLSProtocol TLSv1
    2.11 +EOT
    2.12  }