wok annotate postfix/receipt @ rev 17237
postfix, apache lighttpd-ssl, nginx: CVE-2014-3566
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Sat Oct 18 14:11:33 2014 +0200 (2014-10-18) |
parents | ad05e742684d |
children | ef162b1d3c0b |
rev | line source |
---|---|
pascal@1159 | 1 # SliTaz package receipt. |
pascal@1159 | 2 |
pascal@1159 | 3 PACKAGE="postfix" |
erjo@15709 | 4 VERSION="2.10.2" |
pascal@1159 | 5 CATEGORY="network" |
pascal@1159 | 6 SHORT_DESC="fast, easy to administer, and secure mailer." |
pascal@1159 | 7 MAINTAINER="pascal.bellard@slitaz.org" |
pascal@15375 | 8 LICENSE="other" |
pascal@1159 | 9 TARBALL="$PACKAGE-$VERSION.tar.gz" |
pascal@1159 | 10 WEB_SITE="http://www.postfix.org/" |
pankso@3845 | 11 WGET_URL="ftp://ftp.cs.tu-berlin.de/pub/net/mail/postfix/official/$TARBALL" |
pascal@14772 | 12 TAZPANEL_DAEMON="man|edit::/etc/postfix/main.cf|options|web::$WEB_SITE" |
pascal@1195 | 13 CONFIG_FILES="/etc/postfix" |
pascal@15779 | 14 PROVIDE="sendmail" |
pascal@1159 | 15 |
pascal@12163 | 16 DEPENDS="libdb libldap pcre libssl slitaz-base-files libsasl libkrb5 \ |
pascal@12163 | 17 libcomerr3 libmysqlclient" |
pascal@12163 | 18 BUILD_DEPENDS="db-dev openldap-dev pcre-dev openssl-dev perl mysql-dev \ |
pascal@12163 | 19 cyrus-sasl-dev libsasl" |
pascal@12163 | 20 |
pascal@1159 | 21 # Rules to configure and make the package. |
pascal@1159 | 22 compile_rules() |
pascal@1159 | 23 { |
pascal@1159 | 24 cd $src |
pankso@3845 | 25 make makefiles \ |
pankso@3845 | 26 CCARGS='-DHAS_DB -DHAS_LDAP \ |
pascal@12163 | 27 -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I /usr/include/sasl \ |
erjo@9679 | 28 -DHAS_MYSQL -I/usr/include/mysql \ |
pankso@3845 | 29 -DDEF_DAEMON_DIR=\"/usr/lib/postfix\" \ |
erjo@15709 | 30 -DUSE_TLS \ |
pankso@3845 | 31 -DDEF_MANPAGE_DIR=\"/usr/share/man\"' \ |
pascal@15711 | 32 AUXLIBS="-ldb -lldap -llber -lsasl2 -lssl -lcrypto \ |
erjo@9679 | 33 -L/usr/lib/mysql -lmysqlclient -lz -lm " && |
pascal@1159 | 34 make |
erjo@12040 | 35 install_root=$WOK/$PACKAGE/install \ |
pascal@1159 | 36 sh postfix-install -non-interactive |
pascal@1159 | 37 } |
pascal@1159 | 38 |
pascal@1159 | 39 # Rules to gen a SliTaz package suitable for Tazpkg. |
pascal@1159 | 40 genpkg_rules() |
pascal@1159 | 41 { |
pascal@1159 | 42 mkdir -p $fs/usr/share/licenses/ |
erjo@12040 | 43 cp -a $install/usr/lib $fs/usr |
erjo@12040 | 44 cp -a $install/usr/bin $fs/usr |
erjo@12040 | 45 cp -a $install/usr/sbin $fs/usr |
erjo@12040 | 46 cp -a $install/etc $fs |
pankso@3845 | 47 |
pascal@1195 | 48 awk 'BEGIN {n=0} /MUST/ {n++} /ALIASES/ {n++} { if (n==1) print }' \ |
erjo@12040 | 49 < $install/etc/postfix/aliases > $fs/etc/postfix/aliases |
pascal@1203 | 50 while read keyword data; do |
pascal@1203 | 51 grep -q ^$keyword $fs/etc/postfix/main.cf && continue |
pascal@1203 | 52 mv $fs/etc/postfix/main.cf $fs/etc/postfix/main.cf.$$ |
pascal@1203 | 53 awk "BEGIN { scan=1 } /^#$keyword / { if (scan) { print \"$keyword $data\" ; scan=0 } } { print }" \ |
pascal@1203 | 54 < $fs/etc/postfix/main.cf.$$ > $fs/etc/postfix/main.cf |
pascal@1203 | 55 rm -f $fs/etc/postfix/main.cf.$$ |
pascal@1203 | 56 done << EOF |
pascal@1203 | 57 mydomain = localdomain |
pascal@1203 | 58 myorigin = localhost |
pascal@1203 | 59 mydestination = localhost, localhost.\$mydomain |
pascal@1203 | 60 mynetworks = 127.0.0.0/8 |
pascal@1203 | 61 alias_maps = hash:/etc/postfix/aliases |
pascal@1203 | 62 EOF |
pascal@17237 | 63 cat >> $fs/etc/postfix/main.cf <<EOT |
pascal@17237 | 64 |
pascal@17237 | 65 # Unsafe, see CVE-2014-3566 POODLE |
pascal@17237 | 66 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 |
pascal@17237 | 67 EOF |
erjo@9672 | 68 cp -a $stuff/etc $fs |
erjo@12040 | 69 cp -a $install/var $fs |
pascal@1159 | 70 mv $fs/etc/postfix/TLS_LICENSE $fs/usr/share/licenses/POSTFIX_TLS_LICENSE |
pascal@1159 | 71 mv $fs/etc/postfix/LICENSE $fs/usr/share/licenses/POSTFIX_LICENSE |
erjo@9672 | 72 cp -a $stuff/etc/init.d $fs/etc |
pankso@3845 | 73 rm -f $fs/usr/lib/postfix/post* $fs/usr/lib/postfix/*.cf |
pankso@3845 | 74 strip -s $fs/usr/lib/postfix/* |
pascal@1159 | 75 } |
pascal@1159 | 76 |
pascal@1159 | 77 # Pre and post install commands for Tazpkg. |
pascal@1159 | 78 post_install() |
pascal@1159 | 79 { |
erjo@12040 | 80 |
erjo@12040 | 81 local user |
erjo@12040 | 82 local group |
erjo@12040 | 83 |
erjo@12040 | 84 user=postfix |
erjo@12040 | 85 group=postdrop |
erjo@12040 | 86 |
erjo@12040 | 87 if ! grep -q $user $1/etc/passwd; then |
erjo@12040 | 88 echo -n "Adding user/group $user..." |
erjo@12040 | 89 chroot $1/ addgroup -S $user |
erjo@12040 | 90 chroot $1/ adduser -S -D -H -G $user $user |
erjo@12040 | 91 chroot $1/ addgroup -S $group |
pascal@1159 | 92 status |
pascal@1159 | 93 fi |
erjo@12040 | 94 |
pascal@1159 | 95 # addgroup postdrop if needed |
pascal@1159 | 96 if ! grep -q postdrop $1/etc/group; then |
erjo@12040 | 97 echo -n "Adding group ${group}..." |
erjo@12040 | 98 chroot $1/ addgroup -S $group |
pascal@1159 | 99 status |
pascal@1159 | 100 fi |
erjo@12040 | 101 |
erjo@12040 | 102 chroot $1/ chown ${user} /var/spool/postfix/* /var/lib/postfix |
erjo@12040 | 103 chroot $1/ chgrp ${group} /var/spool/postfix/maildrop \ |
pascal@2391 | 104 /var/spool/postfix/public /usr/sbin/postdrop /usr/sbin/postqueue |
pascal@1206 | 105 chmod 2755 $1/usr/sbin/postdrop $1/usr/sbin/postqueue |
pascal@1206 | 106 chmod 2710 $1/var/spool/postfix/public |
pascal@1206 | 107 chmod 1730 $1/var/spool/postfix/maildrop |
pascal@2391 | 108 chroot $1/ postalias /etc/postfix/aliases |
pascal@1159 | 109 cat <<EOF |
erjo@12040 | 110 |
pascal@1159 | 111 ---- |
pascal@1159 | 112 Warning: you still need to edit myorigin/mydestination/mynetworks |
pascal@1159 | 113 parameter settings in /etc/postfix/main.cf. |
pascal@1159 | 114 See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html |
pascal@1159 | 115 |
pascal@1159 | 116 To start $PACKAGE server you can run : |
pascal@1159 | 117 |
pascal@1159 | 118 /etc/init.d/$PACKAGE start |
pascal@1159 | 119 |
pascal@1159 | 120 Or add $PACKAGE to RUN_DAEMONS in /etc/rcS.conf |
pascal@1159 | 121 ---- |
pascal@1159 | 122 EOF |
pascal@1159 | 123 } |
pascal@1159 | 124 |
pascal@8878 | 125 # Overlap busybox |
pascal@8878 | 126 pre_install() |
pascal@8878 | 127 { |
pascal@8878 | 128 rm -f $1/usr/sbin/sendmail |
pascal@8878 | 129 } |
pascal@8878 | 130 |
pascal@1159 | 131 post_remove() |
pascal@1159 | 132 { |
pascal@1159 | 133 deluser postfix |
pascal@1159 | 134 delgroup postdrop |
pascal@8878 | 135 ln -s /bin/busybox /usr/sbin/sendmail |
pascal@1159 | 136 } |