* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2016-02-26 15:10 Eray Aslan
0 siblings, 0 replies; 8+ messages in thread
From: Eray Aslan @ 2016-02-26 15:10 UTC (permalink / raw
To: gentoo-commits
commit: 5eef7b00212fabe09d866785bd170751b11c2c01
Author: Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 26 15:10:31 2016 +0000
Commit: Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Fri Feb 26 15:10:31 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eef7b00
mail-mta/postfix: remove unused patch
Package-Manager: portage-2.2.27
mail-mta/postfix/files/postfix-linux4.patch | 27 ---------------------------
1 file changed, 27 deletions(-)
diff --git a/mail-mta/postfix/files/postfix-linux4.patch b/mail-mta/postfix/files/postfix-linux4.patch
deleted file mode 100644
index a28ad52..0000000
--- a/mail-mta/postfix/files/postfix-linux4.patch
+++ /dev/null
@@ -1,27 +0,0 @@
---- a/makedefs
-+++ b/makedefs
-@@ -500,7 +500,12 @@ EOF
- : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
- : ${PLUGIN_LD="${CC-gcc} -shared"}
- ;;
-- Linux.3*) SYSTYPE=LINUX3
-+ Linux.[34]*)
-+ case "$RELEASE" in
-+ 3.*) SYSTYPE=LINUX3;;
-+ 4.*) SYSTYPE=LINUX4;;
-+ *) error "Unknown Linux version: `uname -r`.";;
-+ esac
- case "$CCARGS" in
- *-DNO_DB*) ;;
- *-DHAS_DB*) ;;
---- a/src/util/sys_defs.h
-+++ b/src/util/sys_defs.h
-@@ -756,7 +756,7 @@ extern int initgroups(const char *, int);
- /*
- * LINUX.
- */
--#if defined(LINUX2) || defined(LINUX3)
-+#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4)
- #define SUPPORTED
- #include <sys/types.h>
- #define UINT32_TYPE unsigned int
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2016-08-13 21:04 Richard Freeman
0 siblings, 0 replies; 8+ messages in thread
From: Richard Freeman @ 2016-08-13 21:04 UTC (permalink / raw
To: gentoo-commits
commit: 80f094370d5e5c11c8f5eb3bde48710403309261
Author: Richard Freeman <rich0 <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 13 21:03:55 2016 +0000
Commit: Richard Freeman <rich0 <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 21:03:55 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80f09437
mail-mta/postfix: add systemd hardening
Package-Manager: portage-2.2.28
mail-mta/postfix/files/postfix.service | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service
index d3d4804..eddd550 100644
--- a/mail-mta/postfix/files/postfix.service
+++ b/mail-mta/postfix/files/postfix.service
@@ -8,6 +8,12 @@ ExecStartPre=-/usr/bin/newaliases
ExecStart=/usr/sbin/postfix start
ExecStop=/usr/sbin/postfix stop
ExecReload=/usr/sbin/postfix reload
+# Hardening
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
+MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2017-01-29 23:46 Robin H. Johnson
0 siblings, 0 replies; 8+ messages in thread
From: Robin H. Johnson @ 2017-01-29 23:46 UTC (permalink / raw
To: gentoo-commits
commit: 6d1bfd687106fcb4a75e0d225d77153f2b9c581d
Author: Craig Andrews <candrews <AT> integralblue <DOT> com>
AuthorDate: Tue Jan 24 17:39:20 2017 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Jan 29 23:46:19 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d1bfd68
mail-mta/postfix: additional systemd hardening
Other distributions are doing the same thing, and these additions are recommended by systemd. See https://lwn.net/Articles/709755/
(cherry picked from commit 388f5cae8b89039f285a66651bc70d662a9d8e57)
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Fixes: https://github.com/gentoo/gentoo/pull/3629
mail-mta/postfix/files/postfix.service | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service
index 585849e..db585b3 100644
--- a/mail-mta/postfix/files/postfix.service
+++ b/mail-mta/postfix/files/postfix.service
@@ -15,6 +15,12 @@ ProtectSystem=full
ReadWritePaths=-/etc/mail/aliases.db
CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
+RestrictNamespaces=true
+RestrictRealtime=true
[Install]
WantedBy=multi-user.target
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2019-02-21 15:40 Eray Aslan
0 siblings, 0 replies; 8+ messages in thread
From: Eray Aslan @ 2019-02-21 15:40 UTC (permalink / raw
To: gentoo-commits
commit: abed133a13fa91bf5faf992458c4a23dc1d11d61
Author: Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 21 15:40:29 2019 +0000
Commit: Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Thu Feb 21 15:40:29 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abed133a
mail-mta/postfix: clean up and fix patch
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Eray Aslan <eras <AT> gentoo.org>
mail-mta/postfix/files/postfix-linux-5.patch | 52 ++++++++++++----------------
1 file changed, 23 insertions(+), 29 deletions(-)
diff --git a/mail-mta/postfix/files/postfix-linux-5.patch b/mail-mta/postfix/files/postfix-linux-5.patch
index df9d456c977..a806ab0dbb9 100644
--- a/mail-mta/postfix/files/postfix-linux-5.patch
+++ b/mail-mta/postfix/files/postfix-linux-5.patch
@@ -1,29 +1,23 @@
-diff --git a/mail-mta/postfix/files/postfix-linux-5.patch b/mail-mta/postfix/files/postfix-linux-5.patch
-new file mode 100644
-index 000000000000..a806ab0dbb9c
---- /dev/null
-+++ b/mail-mta/postfix/files/postfix-linux-5.patch
-@@ -0,0 +1,23 @@
-+See http://postfix.1071664.n5.nabble.com/Support-for-quot-Linux-5-quot-td99786.html
-+--- a/makedefs 2018-02-03 12:20:46.000000000 -0500
-++++ b/makedefs 2019-02-18 15:39:17.711376206 -0500
-+@@ -546,7 +546,7 @@
-+ : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
-+ : ${PLUGIN_LD="${CC-gcc} -shared"}
-+ ;;
-+- Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR
-++ Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
-+ case "$CCARGS" in
-+ *-DNO_DB*) ;;
-+ *-DHAS_DB*) ;;
-+--- a/src/util/sys_defs.h 2019-02-18 15:40:19.008167828 -0500
-++++ b/src/util/sys_defs.h 2019-02-18 15:42:17.241742169 -0500
-+@@ -748,7 +748,7 @@
-+ /*
-+ * LINUX.
-+ */
-+-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4)
-++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
-+ #define SUPPORTED
-+ #define UINT32_TYPE unsigned int
-+ #define UINT16_TYPE unsigned short
+See http://postfix.1071664.n5.nabble.com/Support-for-quot-Linux-5-quot-td99786.html
+--- a/makedefs 2018-02-03 12:20:46.000000000 -0500
++++ b/makedefs 2019-02-18 15:39:17.711376206 -0500
+@@ -546,7 +546,7 @@
+ : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
+ : ${PLUGIN_LD="${CC-gcc} -shared"}
+ ;;
+- Linux.[34].*) SYSTYPE=LINUX$RELEASE_MAJOR
++ Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
+ case "$CCARGS" in
+ *-DNO_DB*) ;;
+ *-DHAS_DB*) ;;
+--- a/src/util/sys_defs.h 2019-02-18 15:40:19.008167828 -0500
++++ b/src/util/sys_defs.h 2019-02-18 15:42:17.241742169 -0500
+@@ -748,7 +748,7 @@
+ /*
+ * LINUX.
+ */
+-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4)
++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
+ #define SUPPORTED
+ #define UINT32_TYPE unsigned int
+ #define UINT16_TYPE unsigned short
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2021-05-03 18:46 Sam James
0 siblings, 0 replies; 8+ messages in thread
From: Sam James @ 2021-05-03 18:46 UTC (permalink / raw
To: gentoo-commits
commit: 08bb1ba337ef41cf1261b832acb9be4cca6af5ad
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon May 3 18:37:27 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon May 3 18:45:46 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08bb1ba3
mail-mta/postfix: drop obsolete LibreSSL patch(es)
Package-Manager: Portage-3.0.18-prefix, Repoman-3.0.3
Signed-off-by: Sam James <sam <AT> gentoo.org>
mail-mta/postfix/files/postfix-libressl-certkey.patch | 13 -------------
mail-mta/postfix/files/postfix-libressl-server.patch | 14 --------------
2 files changed, 27 deletions(-)
diff --git a/mail-mta/postfix/files/postfix-libressl-certkey.patch b/mail-mta/postfix/files/postfix-libressl-certkey.patch
deleted file mode 100644
index b6ab8aeb790..00000000000
--- a/mail-mta/postfix/files/postfix-libressl-certkey.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-see https://bugs.gentoo.org/678874
-
---- a/src/tls/tls_certkey.c.orig 2019-03-07 23:57:10 UTC
-+++ b/src/tls/tls_certkey.c
-@@ -144,7 +144,7 @@ static void init_pem_load_state(pem_load
-
- /* use_chain - load cert, key and chain into ctx or ssl */
-
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fUL && !defined(LIBRESSL_VERSION_NUMBER)
- static int use_chain(pem_load_state_t *st)
- {
- int ret;
diff --git a/mail-mta/postfix/files/postfix-libressl-server.patch b/mail-mta/postfix/files/postfix-libressl-server.patch
deleted file mode 100644
index 8573bb80bb5..00000000000
--- a/mail-mta/postfix/files/postfix-libressl-server.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-see https://bugs.gentoo.org/678874
-
---- a/src/tls/tls_server.c.orig 2018-12-26 19:21:49 UTC
-+++ b/src/tls/tls_server.c
-@@ -518,7 +518,9 @@ TLS_APPL_STATE *tls_server_init(const TL
- * ticket decryption callback already (since 2.11) asks OpenSSL to
- * avoid issuing new tickets when the presented ticket is re-usable.
- */
-+#ifndef LIBRESSL_VERSION_NUMBER
- SSL_CTX_set_num_tickets(server_ctx, 1);
-+#endif
- }
- #endif
- if (!ticketable)
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2021-06-28 8:49 Eray Aslan
0 siblings, 0 replies; 8+ messages in thread
From: Eray Aslan @ 2021-06-28 8:49 UTC (permalink / raw
To: gentoo-commits
commit: 0b2b21691bd747fbd4b11fa0663f833726bd89c4
Author: Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 28 08:48:42 2021 +0000
Commit: Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Mon Jun 28 08:49:06 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b2b2169
mail-mta/postfix: [QA] Fix missing eend arg
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Eray Aslan <eras <AT> gentoo.org>
mail-mta/postfix/files/postfix.rc6.2.7 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mail-mta/postfix/files/postfix.rc6.2.7 b/mail-mta/postfix/files/postfix.rc6.2.7
index 9a1c1e21de9..62f6dda38cf 100644
--- a/mail-mta/postfix/files/postfix.rc6.2.7
+++ b/mail-mta/postfix/files/postfix.rc6.2.7
@@ -1,5 +1,5 @@
#!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
extra_started_commands="reload abort flush"
@@ -45,7 +45,7 @@ start() {
stop() {
ebegin "Stopping postfix ${CONF_MESSAGE}"
/usr/sbin/postfix ${CONF_PARAM} stop >/dev/null 2>&1
- eend
+ eend $?
}
status() {
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2023-03-14 23:01 Conrad Kostecki
0 siblings, 0 replies; 8+ messages in thread
From: Conrad Kostecki @ 2023-03-14 23:01 UTC (permalink / raw
To: gentoo-commits
commit: 6c3b48b5d1f722bf5ccdc0d89b464390254fdc35
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Wed Mar 8 18:15:17 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Tue Mar 14 22:59:42 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c3b48b5
mail-mta/postfix: remove unused patch
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/29998
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
mail-mta/postfix/files/linux-6.patch | 24 ------------------------
1 file changed, 24 deletions(-)
diff --git a/mail-mta/postfix/files/linux-6.patch b/mail-mta/postfix/files/linux-6.patch
deleted file mode 100644
index 19e73dc34b8e..000000000000
--- a/mail-mta/postfix/files/linux-6.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- a/makedefs 2022-01-23 21:53:41.000000000 +0100
-+++ b/makedefs 2022-09-07 19:07:02.000000000 +0200
-@@ -627,7 +627,8 @@
- : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
- : ${PLUGIN_LD="${CC-gcc} -shared"}
- ;;
-- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
-+ Linux.[3456].*)
-+ SYSTYPE=LINUX$RELEASE_MAJOR
- case "$CCARGS" in
- *-DNO_DB*) ;;
- *-DHAS_DB*) ;;
---- a/src/util/sys_defs.h 2021-12-05 19:59:27.000000000 +0100
-+++ b/src/util/sys_defs.h 2022-09-07 19:09:09.000000000 +0200
-@@ -751,7 +751,8 @@
- /*
- * LINUX.
- */
--#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
-+#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) \
-+ || defined(LINUX6)
- #define SUPPORTED
- #define UINT32_TYPE unsigned int
- #define UINT16_TYPE unsigned short
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/
@ 2023-08-14 13:28 Eray Aslan
0 siblings, 0 replies; 8+ messages in thread
From: Eray Aslan @ 2023-08-14 13:28 UTC (permalink / raw
To: gentoo-commits
commit: 17d3ba5e9c2b0d3b2acbf74db127d64b579edd93
Author: Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 14 13:25:08 2023 +0000
Commit: Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Mon Aug 14 13:25:08 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17d3ba5e
mail-mta/postfix: permit cdb and lmdb alias files
so that postfix can run newaliases when cdb or lmdb is the default db
AND postfix is started via systemd
Signed-off-by: Eray Aslan <eras <AT> gentoo.org>
mail-mta/postfix/files/postfix.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service
index db585b3e29db..7a72aaa8e50b 100644
--- a/mail-mta/postfix/files/postfix.service
+++ b/mail-mta/postfix/files/postfix.service
@@ -12,7 +12,7 @@ ExecReload=/usr/sbin/postfix reload
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
-ReadWritePaths=-/etc/mail/aliases.db
+ReadWritePaths=-/etc/mail/aliases.db -/etc/mail/aliases.cdb -/etc/mail/aliases.lmdb
CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
MemoryDenyWriteExecute=true
ProtectKernelModules=true
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-08-14 13:28 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-06-28 8:49 [gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/ Eray Aslan
-- strict thread matches above, loose matches on Subject: below --
2023-08-14 13:28 Eray Aslan
2023-03-14 23:01 Conrad Kostecki
2021-05-03 18:46 Sam James
2019-02-21 15:40 Eray Aslan
2017-01-29 23:46 Robin H. Johnson
2016-08-13 21:04 Richard Freeman
2016-02-26 15:10 Eray Aslan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox