Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 492370 Details for
Bug 629914
<mail-filter/opendkim-2.10.3-r8: privilege escalation via PID file manipulation
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
opendkim-2.10.3-r4.ebuild
opendkim-2.10.3-r4.ebuild (text/plain), 6.16 KB, created by
Michael Orlitzky
on 2017-09-04 20:46:50 UTC
(
hide
)
Description:
opendkim-2.10.3-r4.ebuild
Filename:
MIME Type:
Creator:
Michael Orlitzky
Created:
2017-09-04 20:46:50 UTC
Size:
6.16 KB
patch
obsolete
># Copyright 1999-2017 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 > >EAPI=6 > >inherit autotools db-use eutils systemd user > >DESCRIPTION="A milter providing DKIM signing and verification" >HOMEPAGE="http://opendkim.org/" >SRC_URI="mirror://sourceforge/opendkim/${P}.tar.gz" > ># The GPL-2 is for the init script, bug 425960. >LICENSE="BSD GPL-2 Sendmail-Open-Source" >SLOT="0" >KEYWORDS="~amd64 ~arm ~x86" >IUSE="+berkdb gnutls ldap libressl lmdb lua memcached opendbx poll sasl selinux +ssl static-libs unbound" > >DEPEND="|| ( mail-filter/libmilter mail-mta/sendmail ) > dev-libs/libbsd > ssl? ( > !libressl? ( dev-libs/openssl:0= ) > libressl? ( dev-libs/libressl:0= ) > ) > berkdb? ( >=sys-libs/db-3.2:* ) > opendbx? ( >=dev-db/opendbx-1.4.0 ) > lua? ( dev-lang/lua:* ) > ldap? ( net-nds/openldap ) > lmdb? ( dev-db/lmdb ) > memcached? ( dev-libs/libmemcached ) > sasl? ( dev-libs/cyrus-sasl ) > unbound? ( >=net-dns/unbound-1.4.1 net-dns/dnssec-root ) > !unbound? ( net-libs/ldns ) > gnutls? ( >=net-libs/gnutls-3.3 )" > >RDEPEND="${DEPEND} > sys-process/psmisc > selinux? ( sec-policy/selinux-dkim ) >" > >REQUIRED_USE="sasl? ( ldap )" > >PATCHES=( > "${FILESDIR}/${P}-gnutls-3.4.patch" >) > >pkg_setup() { > enewuser opendkim >} > >src_prepare() { > default > > # Drop the "Socket" setting now that it's in the conf.d file. > sed -e 's:/var/db/dkim:/etc/opendkim:g' \ > -e 's:/var/db/opendkim:/var/lib/opendkim:g' \ > -e 's:/etc/mail:/etc/opendkim:g' \ > -e 's:mailnull:opendkim:g' \ > -e '/^[[:space:]]*Socket/d' \ > -i opendkim/opendkim.conf.sample opendkim/opendkim.conf.simple.in \ > stats/opendkim-reportstats{,.in} || die > > sed -i -e 's:dist_doc_DATA:dist_html_DATA:' libopendkim/docs/Makefile.am \ > || die > > sed -e '/sock.*mt.getcwd/s:mt.getcwd():"/tmp":' \ > -i opendkim/tests/*.lua || die > sed -e '/sock.*mt.getcwd/s:mt.getcwd():"/proc/self/cwd":' \ > -i opendkim/tests/*.lua || die > > eautoreconf >} > >src_configure() { > local myconf=() > if use berkdb ; then > myconf+=( > $(db_includedir) > --with-db-incdir=${myconf#-I} > --enable-popauth > --enable-query_cache > --enable-stats > ) > fi > if use unbound; then > myconf+=( --with-unbound ) > else > myconf+=( --with-ldns ) > fi > if use ldap; then > myconf+=( $(use_with sasl) ) > fi > econf \ > $(use_with berkdb db) \ > $(use_with opendbx odbx) \ > $(use_with lua) \ > $(use_enable lua rbl) \ > $(use_with ldap openldap) \ > $(use_with lmdb) \ > $(use_enable poll) \ > $(use_enable static-libs static) \ > $(use_with gnutls) \ > $(use_with memcached libmemcached) \ > "${myconf[@]}" \ > --enable-filter \ > --enable-atps \ > --enable-identity_header \ > --enable-rate_limit \ > --enable-resign \ > --enable-replace_rules \ > --enable-default_sender \ > --enable-sender_macro \ > --enable-vbr \ > --disable-live-testing >} > >src_install() { > default > prune_libtool_files > > dosbin stats/opendkim-reportstats > > newinitd "${FILESDIR}/opendkim.init.r4" opendkim > newconfd "${FILESDIR}/opendkim.confd" opendkim > systemd_newunit "${FILESDIR}/opendkim-r2.service" opendkim.service > systemd_install_serviced "${FILESDIR}/${PN}.service.conf" "${PN}.service" > > dodir /etc/opendkim /var/lib/opendkim > > # The OpenDKIM data should be read-only to the UserID that the > # daemon runs as. > fowners root:opendkim /var/lib/opendkim > fperms 750 /var/lib/opendkim > > # default configuration > if [ ! -f "${ROOT}"/etc/opendkim/opendkim.conf ]; then > grep ^[^#] "${S}"/opendkim/opendkim.conf.simple \ > > "${D}"/etc/opendkim/opendkim.conf > if use unbound; then > echo TrustAnchorFile /etc/dnssec/root-anchors.txt >> "${D}"/etc/opendkim/opendkim.conf > fi > echo UserID opendkim >> "${D}"/etc/opendkim/opendkim.conf > if use berkdb; then > echo Statistics /var/lib/opendkim/stats.dat >> \ > "${D}"/etc/opendkim/opendkim.conf > fi > fi >} > >pkg_postinst() { > if [[ -z ${REPLACING_VERSION} ]]; then > elog "If you want to sign your mail messages and need some help," > elog "please run:" > elog > elog " emerge --config ${CATEGORY}/${PN}" > elog > elog "It will help you create your key and give you hints on how" > elog "to configure your DNS and MTA." > > ewarn "If you are using a local (UNIX) socket, then you will" > ewarn "need to make sure that your MTA has read/write access" > ewarn "to the socket file. This is best accomplished by creating" > ewarn "a completely-new group with only your MTA user and the " > ewarn "\"opendkim\" user in it. You would then set \"UMask 0112\"" > ewarn "in your opendkim.conf, and switch the primary group of your" > ewarn "\"opendkim\" user to the group that you just created. The" > ewarn "last step is necessary for the socket to be created as the" > ewarn "new group (and not as group \"opendkim\")". > fi >} > >pkg_config() { > local selector keysize pubkey > > read -p "Enter the selector name (default ${HOSTNAME}): " selector > [[ -n "${selector}" ]] || selector=${HOSTNAME} > if [[ -z "${selector}" ]]; then > eerror "Oddly enough, you don't have a HOSTNAME." > return 1 > fi > if [[ -f "${ROOT}"etc/opendkim/${selector}.private ]]; then > ewarn "The private key for this selector already exists." > else > keysize=1024 > # generate the private and public keys > opendkim-genkey -b ${keysize} -D "${ROOT}"etc/opendkim/ \ > -s ${selector} -d '(your domain)' && \ > fowners opendkim:opendkim \ > "${ROOT}"etc/opendkim/"${selector}".private || \ > { eerror "Failed to create private and public keys." ; return 1; } > fperms go-r "${ROOT}"etc/opendkim/"${selector}".private > fi > > # opendkim selector configuration > echo > einfo "Make sure you have the following settings in your /etc/opendkim/opendkim.conf:" > einfo " Keyfile /etc/opendkim/${selector}.private" > einfo " Selector ${selector}" > > # MTA configuration > echo > einfo "If you are using Postfix, add following lines to your main.cf:" > einfo " smtpd_milters = unix:/run/opendkim/opendkim.sock" > einfo " non_smtpd_milters = unix:/run/opendkim/opendkim.sock" > einfo " and read http://www.postfix.org/MILTER_README.html" > > # DNS configuration > einfo "After you configured your MTA, publish your key by adding this TXT record to your domain:" > cat "${ROOT}"etc/opendkim/${selector}.txt > einfo "t=y signifies you only test the DKIM on your domain. See following page for the complete list of tags:" > einfo " http://www.dkim.org/specs/rfc4871-dkimbase.html#key-text" >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=492370">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 629914
: 492370 |
492372
|
492374
|
492376
|
492378
