# HG changeset patch
# User Pascal Bellard <pascal.bellard@slitaz.org>
# Date 1413635503 -7200
# Node ID 70fb5fbb6fdea784a14b736fa378789faaeb811e
# Parent  f2bdc266fba2770b3b6c32984695be2f51b7858a
dovecot, proftpd: CVE-2014-3566

diff -r f2bdc266fba2 -r 70fb5fbb6fde dovecot/receipt
--- a/dovecot/receipt	Sat Oct 18 14:11:33 2014 +0200
+++ b/dovecot/receipt	Sat Oct 18 14:31:43 2014 +0200
@@ -63,14 +63,18 @@
 	chmod 755 $fs/etc/ssl/misc/*
 	
 	# Customising config.
-	sed -i -e "s/^#default_vsz_limit.*/default_vsz_limit = 50M"/ \
+	sed -i -e "s/^#default_vsz_limit.*/default_vsz_limit = 50M/" \
 		$fs/etc/dovecot/conf.d/10-master.conf
 
-	sed -i -e "s!^#log_path =.*!log_path = /var/log/dovecot/dovecot.log"! \
+	sed -i -e "s!^#log_path =.*!log_path = /var/log/dovecot/dovecot.log!" \
 		$fs/etc/dovecot/conf.d/10-logging.conf
 	
-	sed -i -e "s/^#listen.*/listen = *"/ \
+	sed -i -e "s/^#listen.*/listen = */" \
 		$fs/etc/dovecot/dovecot.conf
+
+	# Unsafe, see CVE-2014-3566 POODLE
+	sed -i -e "s/^#ssl_protocols =.*/ssl_protocols = !SSLv2 !SSLv3/" \
+		$fs/etc/dovecot/conf.d/10-ssl.conf
 }
 
 #nd post install commands for Tazpkg.
diff -r f2bdc266fba2 -r 70fb5fbb6fde proftpd/receipt
--- a/proftpd/receipt	Sat Oct 18 14:11:33 2014 +0200
+++ b/proftpd/receipt	Sat Oct 18 14:31:43 2014 +0200
@@ -34,4 +34,9 @@
 	cp -a $install/usr/bin $fs/usr
 	cp -a $install/usr/lib/proftpd $fs/usr/lib
 	cp -a $install/etc $fs
+	cat >> $fs/etc/proftpd.conf <<EOT
+
+# SSLv3 is unsafe, see CVE-2014-3566 POODLE
+# TLSProtocol TLSv1
+EOT
 }