CVS commit: pkgsrc/mail/rspamd

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/mail/rspamd
From: "Filip Hajny" <fhajny%netbsd.org@localhost>
Date: Thu, 1 Feb 2018 09:07:23 +0000

Module Name:    pkgsrc
Committed By:   fhajny
Date:           Thu Feb  1 09:07:23 UTC 2018

Modified Files:
        pkgsrc/mail/rspamd: Makefile
        pkgsrc/mail/rspamd/files: rspamd.sh
        pkgsrc/mail/rspamd/files/smf: manifest.xml

Log Message:
mail/rspamd: Fix unprivileged execution in rc.d and SMF.


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 pkgsrc/mail/rspamd/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/mail/rspamd/files/rspamd.sh
cvs rdiff -u -r1.3 -r1.4 pkgsrc/mail/rspamd/files/smf/manifest.xml

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/rspamd/Makefile
diff -u pkgsrc/mail/rspamd/Makefile:1.32 pkgsrc/mail/rspamd/Makefile:1.33
--- pkgsrc/mail/rspamd/Makefile:1.32    Thu Nov 30 16:45:30 2017
+++ pkgsrc/mail/rspamd/Makefile Thu Feb  1 09:07:23 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.32 2017/11/30 16:45:30 adam Exp $
+# $NetBSD: Makefile,v 1.33 2018/02/01 09:07:23 fhajny Exp $
 
 DISTNAME=      rspamd-1.6.1
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    mail
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=vstakhov/}
 
@@ -42,6 +42,9 @@ LOGDIR=               ${VARBASE}/log/rspamd
 DBDIR=         ${VARBASE}/db/rspamd
 RUNDIR=                ${VARBASE}/run/rspamd
 
+FILES_SUBST+=  RSPAMD_USER=${RSPAMD_USER}
+FILES_SUBST+=  RSPAMD_GROUP=${RSPAMD_GROUP}
+
 RCD_SCRIPTS=   rspamd
 
 CMAKE_ARGS+=   -DMANDIR:PATH=${PREFIX}/${PKGMANDIR}

Index: pkgsrc/mail/rspamd/files/rspamd.sh
diff -u pkgsrc/mail/rspamd/files/rspamd.sh:1.1 pkgsrc/mail/rspamd/files/rspamd.sh:1.2
--- pkgsrc/mail/rspamd/files/rspamd.sh:1.1      Mon Mar 20 14:15:16 2017
+++ pkgsrc/mail/rspamd/files/rspamd.sh  Thu Feb  1 09:07:23 2018
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: rspamd.sh,v 1.1 2017/03/20 14:15:16 wiz Exp $
+# $NetBSD: rspamd.sh,v 1.2 2018/02/01 09:07:23 fhajny Exp $
 #
 # PROVIDE: rspamd
 # REQUIRE: DAEMON
@@ -14,7 +14,7 @@ name="rspamd"
 rcvar=$name
 command="@PREFIX@/bin/rspamd"
 pidfile="@VARBASE@/run/rspamd/${name}.pid"
-command_args="-c @PKG_SYSCONFDIR@/rspamd.conf"
+command_args="-u @RSPAMD_USER@ -g @RSPAMD_GROUP@ -c @PKG_SYSCONFDIR@/rspamd.conf"
 required_files="@PKG_SYSCONFDIR@/rspamd.conf"
 start_precmd="rspamd_precmd"
 

Index: pkgsrc/mail/rspamd/files/smf/manifest.xml
diff -u pkgsrc/mail/rspamd/files/smf/manifest.xml:1.3 pkgsrc/mail/rspamd/files/smf/manifest.xml:1.4
--- pkgsrc/mail/rspamd/files/smf/manifest.xml:1.3       Wed Jun  8 10:16:53 2016
+++ pkgsrc/mail/rspamd/files/smf/manifest.xml   Thu Feb  1 09:07:23 2018
@@ -1,45 +1,29 @@
 <?xml version="1.0"?>
 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
 <service_bundle type="manifest" name="export">
-
-    <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
-
-        <create_default_instance enabled="false"/>
-        
-        <single_instance/>
-
-        <dependency name="network" grouping="require_all" restart_on="error" type="service">
-            <service_fmri value="svc:/milestone/network:default"/>
-        </dependency>
-
-        <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
-            <service_fmri value="svc:/system/filesystem/local"/>
-        </dependency>
-        
-        <method_context>
-        </method_context>
-
-        <exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -i -f -c %{config_file}" timeout_seconds="60"/>
-        <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
-
-        <property_group name="startd" type="framework">
-            <propval name="duration" type="astring" value="child"/>
-            <propval name="ignore_error" type="astring" value="core,signal"/>
-        </property_group>
-
-        <property_group name="application" type="application">
-            <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf"/>
-        </property_group>
-        
-
-        <template>
-            <common_name>
-                <loctext xml:lang="C">
-                    Rspamd spam filtering system.
-                </loctext>
-            </common_name>
-        </template>
-
-    </service>
-
+  <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
+    <create_default_instance enabled="false" />
+    <single_instance />
+    <dependency name="network" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/milestone/network:default" />
+    </dependency>
+    <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
+      <service_fmri value="svc:/system/filesystem/local" />
+    </dependency>
+    <method_context></method_context>
+    <exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -u @RSPAMD_USER@ -g @RSPAMD_USER@ -c %{config_file}" timeout_seconds="60" />
+    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
+    <property_group name="startd" type="framework">
+      <propval name="duration" type="astring" value="contract" />
+      <propval name="ignore_error" type="astring" value="core,signal" />
+    </property_group>
+    <property_group name="application" type="application">
+      <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf" />
+    </property_group>
+    <template>
+      <common_name>
+        <loctext xml:lang="C">Rspamd spam filtering system.</loctext>
+      </common_name>
+    </template>
+  </service>
 </service_bundle>

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/kdoctools
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/devel/kdoctools
Indexes:

Home | Main Index | Thread Index | Old Index