From c97bd0e2aa41d659ac1a5f39c241c2093c7f4241 Mon Sep 17 00:00:00 2001 From: Aaron Bauman Date: Sun, 16 Aug 2020 22:52:02 -0400 Subject: mail-mta/sendmail: bump to 8.16.1 * Bump due to security issue * Add -D_FFR_TLS_EC to compile options which supports ECDHE and PFS * Stop building libmilter separately and introduce dep on mail-filter/libmilter * By depending on mail-filter/libmilter sendmail no longer installs static-libs. * Add -DMAXDAEMONS=64 to fix IPV6 environments * Fix various QA issues with lack of dies. More to be fixed. Bug: https://bugs.gentoo.org/730890 Bug: https://bugs.gentoo.org/681232 Closes: https://bugs.gentoo.org/542370 Closes: https://bugs.gentoo.org/681224 Closes: https://bugs.gentoo.org/724548 Closes: https://bugs.gentoo.org/606490 Acked-by: Sam James Signed-off-by: Aaron Bauman --- mail-mta/sendmail/Manifest | 1 + .../files/sendmail-8.14.6-build-system.patch | 73 +------- mail-mta/sendmail/sendmail-8.16.1.ebuild | 208 +++++++++++++++++++++ 3 files changed, 219 insertions(+), 63 deletions(-) create mode 100644 mail-mta/sendmail/sendmail-8.16.1.ebuild (limited to 'mail-mta') diff --git a/mail-mta/sendmail/Manifest b/mail-mta/sendmail/Manifest index 0134628b792a..0b878d0a33c3 100644 --- a/mail-mta/sendmail/Manifest +++ b/mail-mta/sendmail/Manifest @@ -1 +1,2 @@ DIST sendmail.8.15.2.tar.gz 2207417 BLAKE2B 3d9dfb5bc2b535e30ef2fc61333e12a9b1fc45a5d730d2bed1ef956adb574721833f87aeba0475705b76e0c7d6cf00f9a10025bffb0de6c6b4dae606eb2ec399 SHA512 04feb37316c13b66b1518596507a7da7c16cb0bf1abf10367f7fd888a428fadb093a9efa55342fa55b936c3f0cbdc63b9e2505cd99201a69a0c05b8ad65f49f9 +DIST sendmail.8.16.1.tar.gz 2236402 BLAKE2B 80a9c2f1d04719099703e55f0a0c54fd638cf69b72839d358ae6863c95c9e0965d1b7fdd5b1807bec1ffdf87bca0c7c9ba91060962e6de5da5bf14422f6279ea SHA512 d7d4aac3c6d7505782abdb166204901b8b51cac000d610dfe40eda9eef7441a073af9e8e0b14c8719b07b445f55a1e2c28ac63d663d0daa7f1eafc5a101788b2 diff --git a/mail-mta/sendmail/files/sendmail-8.14.6-build-system.patch b/mail-mta/sendmail/files/sendmail-8.14.6-build-system.patch index 3348e921926c..c317a4e854fb 100644 --- a/mail-mta/sendmail/files/sendmail-8.14.6-build-system.patch +++ b/mail-mta/sendmail/files/sendmail-8.14.6-build-system.patch @@ -126,37 +126,25 @@ diff -Nru sendmail-8.14.3.orig/rmail/Makefile.m4 sendmail-8.14.3/rmail/Makefile. divert bldFINISH -diff -Nru sendmail-8.14.3.orig/sendmail/Makefile.m4 sendmail-8.14.3/sendmail/Makefile.m4 ---- sendmail-8.14.3.orig/sendmail/Makefile.m4.orig 2008-03-27 17:13:33.000000000 +0100 -+++ sendmail-8.14.3/sendmail/Makefile.m4 2009-09-20 11:07:24.000000000 +0200 -@@ -14,9 +14,9 @@ - - dnl hack: /etc/mail is not defined as "location of .cf" in the build system - define(`bldTARGET_INST_DEP', ifdef(`confINST_DEP', `confINST_DEP', --`${DESTDIR}/etc/mail/submit.cf ${DESTDIR}${MSPQ}'))dnl -+`"${DESTDIR}/etc/mail/submit.cf" "${DESTDIR}${MSPQ}"'))dnl - define(`bldTARGET_LINKS', ifdef(`confLINKS', `confLINKS', --`${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat') -+`"${DESTDIR}${UBINDIR}/newaliases" "${DESTDIR}${UBINDIR}/mailq" "${DESTDIR}${UBINDIR}/hoststat" "${DESTDIR}${UBINDIR}/purgestat"') - )dnl - - # location of sendmail statistics file (usually /etc/mail/ or /var/log) + +--- a/sendmail/Makefile.m4 2020-08-10 23:14:23.209900406 -0400 ++++ b/sendmail/Makefile.m4 2020-08-10 23:23:51.272863753 -0400 @@ -43,21 +43,21 @@ statistics: ${CP} /dev/null statistics - + -${DESTDIR}/etc/mail/submit.cf: -+"${DESTDIR}/etc/mail/submit.cf": ++${DESTDIR}/etc/mail/submit.cf: @echo "Please read INSTALL if anything fails while installing the binary." @echo "${DESTDIR}/etc/mail/submit.cf will be installed now." cd ${SRCDIR}/cf/cf && make install-submit-cf - + MSPQ=ifdef(`confMSP_QUEUE_DIR', `confMSP_QUEUE_DIR', `/var/spool/clientmqueue') - + -${DESTDIR}${MSPQ}: -+"${DESTDIR}${MSPQ}": ++${DESTDIR}${MSPQ}: @echo "Please read INSTALL if anything fails while installing the binary." - @echo "You must have setup a new user ${MSPQOWN} and a new group ${GBINGRP}" + @echo "You must have set up a new user ${MSPQOWN} and a new group ${GBINGRP}" @echo "as explained in sendmail/SECURITY." - mkdir -p ${DESTDIR}${MSPQ} - chown ${MSPQOWN} ${DESTDIR}${MSPQ} @@ -166,46 +154,5 @@ diff -Nru sendmail-8.14.3.orig/sendmail/Makefile.m4 sendmail-8.14.3/sendmail/Mak + chown ${MSPQOWN} "${DESTDIR}${MSPQ}" + chgrp ${GBINGRP} "${DESTDIR}${MSPQ}" + chmod 0770 "${DESTDIR}${MSPQ}" - - divert(0) - -@@ -68,30 +68,30 @@ - divert(bldTARGETS_SECTION) - - install-set-user-id: bldCURRENT_PRODUCT ifdef(`confNO_HELPFILE_INSTALL',, `install-hf') ifdef(`confNO_STATISTICS_INSTALL',, `install-st') ifdef(`confNO_MAN_BUILD',, `install-docs') -- ${INSTALL} -c -o ${S`'BINOWN} -g ${S`'BINGRP} -m ${S`'BINMODE} bldCURRENT_PRODUCT ${DESTDIR}${M`'BINDIR} -+ ${INSTALL} -c -o ${S`'BINOWN} -g ${S`'BINGRP} -m ${S`'BINMODE} bldCURRENT_PRODUCT "${DESTDIR}${M`'BINDIR}" - for i in ${sendmailTARGET_LINKS}; do \ - rm -f $$i; \ - ${LN} ${LNOPTS} ${M`'BINDIR}/sendmail $$i; \ - done - --define(`confMTA_LINKS', `${DESTDIR}${UBINDIR}/newaliases ${DESTDIR}${UBINDIR}/mailq ${DESTDIR}${UBINDIR}/hoststat ${DESTDIR}${UBINDIR}/purgestat') -+define(`confMTA_LINKS', `"${DESTDIR}${UBINDIR}/newaliases" "${DESTDIR}${UBINDIR}/mailq" "${DESTDIR}${UBINDIR}/hoststat" "${DESTDIR}${UBINDIR}/purgestat"') - install-sm-mta: bldCURRENT_PRODUCT -- ${INSTALL} -c -o ${M`'BINOWN} -g ${M`'BINGRP} -m ${M`'BINMODE} bldCURRENT_PRODUCT ${DESTDIR}${M`'BINDIR}/sm-mta -+ ${INSTALL} -c -o ${M`'BINOWN} -g ${M`'BINGRP} -m ${M`'BINMODE} bldCURRENT_PRODUCT "${DESTDIR}${M`'BINDIR}/sm-mta" - for i in confMTA_LINKS; do \ - rm -f $$i; \ - ${LN} ${LNOPTS} ${M`'BINDIR}/sm-mta $$i; \ - done - - install-hf: -- if [ ! -d ${DESTDIR}${HFDIR} ]; then mkdir -p ${DESTDIR}${HFDIR}; else :; fi -- ${INSTALL} -c -o ${UBINOWN} -g ${UBINGRP} -m 444 helpfile ${DESTDIR}${HFFILE} -+ if [ ! -d "${DESTDIR}${HFDIR}" ]; then mkdir -p "${DESTDIR}${HFDIR}"; else :; fi -+ ${INSTALL} -c -o ${UBINOWN} -g ${UBINGRP} -m 444 helpfile "${DESTDIR}${HFFILE}" - - install-st: statistics -- if [ ! -d ${DESTDIR}${STDIR} ]; then mkdir -p ${DESTDIR}${STDIR}; else :; fi -- ${INSTALL} -c -o ${SBINOWN} -g ${UBINGRP} -m ifdef(`confSTMODE', `confSTMODE', `0600') statistics ${DESTDIR}${STPATH} -+ if [ ! -d "${DESTDIR}${STDIR}" ]; then mkdir -p "${DESTDIR}${STDIR}"; else :; fi -+ ${INSTALL} -c -o ${SBINOWN} -g ${UBINGRP} -m ifdef(`confSTMODE', `confSTMODE', `0600') statistics "${DESTDIR}${STPATH}" - --install-submit-st: statistics ${DESTDIR}${MSPQ} -- ${INSTALL} -c -o ${MSPQOWN} -g ${GBINGRP} -m ifdef(`confSTMODE', `confSTMODE', `0600') statistics ${DESTDIR}${MSPQ}/${MSPSTFILE} -+install-submit-st: statistics "${DESTDIR}${MSPQ}" -+ ${INSTALL} -c -o ${MSPQOWN} -g ${GBINGRP} -m ifdef(`confSTMODE', `confSTMODE', `0600') statistics "${DESTDIR}${MSPQ}/${MSPSTFILE}" - + divert(0) - bldPRODUCT_END diff --git a/mail-mta/sendmail/sendmail-8.16.1.ebuild b/mail-mta/sendmail/sendmail-8.16.1.ebuild new file mode 100644 index 000000000000..fc5113138ed1 --- /dev/null +++ b/mail-mta/sendmail/sendmail-8.16.1.ebuild @@ -0,0 +1,208 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit multilib systemd toolchain-funcs + +DESCRIPTION="Widely-used Mail Transport Agent (MTA)" +HOMEPAGE="https://www.sendmail.org/" +SRC_URI="ftp://ftp.sendmail.org/pub/${PN}/${PN}.${PV}.tar.gz" + +LICENSE="Sendmail GPL-2" # GPL-2 is here for initscript +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="ipv6 ldap libressl mbox nis sasl sockets ssl tcpd" + +DEPEND="net-mail/mailbase + sys-devel/m4 + sasl? ( >=dev-libs/cyrus-sasl-2.1.10 ) + tcpd? ( sys-apps/tcp-wrappers ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + ldap? ( net-nds/openldap ) + sys-libs/db:6.0 + !net-mail/vacation + " +RDEPEND="${DEPEND} + acct-group/smmsp + acct-user/smmsp + >=net-mail/mailbase-0.00 + >=mail-filter/libmilter-1.0.2_p1-r1 + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/exim + !mail-mta/mini-qmail + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/postfix + !mail-mta/opensmtpd + !mail-mta/qmail-ldap + !>=mail-mta/ssmtp-2.64-r2[mta]" + +PDEPEND="!mbox? ( mail-filter/procmail )" + +src_prepare() { + eapply "${FILESDIR}"/"${PN}"-8.14.6-build-system.patch + eapply -p0 "${FILESDIR}"/sendmail-delivered_hdr.patch + + local confCC="$(tc-getCC)" + local confCCOPTS="${CFLAGS}" + local confLDOPTS="${LDFLAGS}" + local confMAPDEF="-DMAP_REGEX" + local confENVDEF="-DMAXDAEMONS=64" + local conf_sendmail_LIBS="" + + use sasl && confLIBS="${confLIBS} -lsasl2" \ + && confENVDEF="${confENVDEF} -DSASL=2" \ + && confCCOPTS="${confCCOPTS} -I/usr/include/sasl" \ + && conf_sendmail_LIBS="${conf_sendmail_LIBS} -lsasl2" + + use tcpd && confENVDEF="${confENVDEF} -DTCPWRAPPERS" \ + && confLIBS="${confLIBS} -lwrap" + + # Bug #542370 - lets add support for modern crypto (PFS) + use ssl && confENVDEF="${confENVDEF} -DSTARTTLS -D_FFR_DEAL_WITH_ERROR_SSL" \ + && confENVDEF="${confENVDEF} -D_FFR_TLS_1 -D_FFR_TLS_EC" \ + && confLIBS="${confLIBS} -lssl -lcrypto" \ + && conf_sendmail_LIBS="${conf_sendmail_LIBS} -lssl -lcrypto" + + use ldap && confMAPDEF="${confMAPDEF} -DLDAPMAP" \ + && confLIBS="${confLIBS} -lldap -llber" + + use ipv6 && confENVDEF="${confENVDEF} -DNETINET6" + + use nis && confENVDEF="${confENVDEF} -DNIS" + + use sockets && confENVDEF="${confENVDEF} -DSOCKETMAP" + + sed -e "s:@@confCCOPTS@@:${confCCOPTS}:" \ + -e "s/@@confLDOPTS@@/${confLDOPTS}/" \ + -e "s/@@confCC@@/${confCC}/" \ + -e "s/@@confMAPDEF@@/${confMAPDEF}/" \ + -e "s/@@confENVDEF@@/${confENVDEF}/" \ + -e "s/@@confLIBS@@/${confLIBS}/" \ + -e "s/@@conf_sendmail_LIBS@@/${conf_sendmail_LIBS}/" \ + "${FILESDIR}"/site.config.m4 > devtools/Site/site.config.m4 || die "sed failed" + + echo "APPENDDEF(\`confLIBDIRS', \`-L${EROOT}/usr/$(get_libdir)')" >> devtools/Site/site.config.m4 || die "echo failed" + + eapply_user +} + +src_compile() { + sh Build AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" || die "compilation failed in main build script" +} + +src_install() { + local MY_LIBDIR=/usr/$(get_libdir) + local MY_OBJDIR="obj.`uname -s`.`uname -r`.`uname -m`" + + dodir /usr/bin ${MY_LIBDIR} + dodir /usr/share/man/man{1,5,8} /usr/sbin /usr/share/sendmail-cf + dodir /var/spool/{mqueue,clientmqueue} /etc/conf.d + + keepdir /var/spool/{clientmqueue,mqueue} + + for dir in libsmutil sendmail mailstats praliases smrsh makemap vacation editmap + do + make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \ + SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \ + MANOWN=root MANGRP=root INCOWN=root INCGRP=root \ + LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \ + MSPQOWN=root CFOWN=root CFGRP=root \ + install -C "${MY_OBJDIR}/${dir}" \ + || die "install 1 failed" + done + + for dir in rmail mail.local + do + make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \ + SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \ + MANOWN=root MANGRP=root INCOWN=root INCGRP=root \ + LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \ + MSPQOWN=root CFOWN=root CFGRP=root \ + force-install -C "${MY_OBJDIR}/${dir}" \ + || die "install 2 failed" + done + + fowners root:smmsp /usr/sbin/sendmail + fperms 2555 /usr/sbin/sendmail + fowners smmsp:smmsp /var/spool/clientmqueue + fperms 770 /var/spool/clientmqueue + fperms 700 /var/spool/mqueue + dosym /usr/sbin/makemap /usr/bin/makemap + dodoc FAQ KNOWNBUGS README RELEASE_NOTES doc/op/op.ps + + newdoc sendmail/README README.sendmail + newdoc sendmail/SECURITY SECURITY + newdoc sendmail/TUNING TUNING + newdoc smrsh/README README.smrsh + + newdoc cf/README README.cf + newdoc cf/cf/README README.install-cf + + cp -pPR cf/* "${D}"/usr/share/sendmail-cf || die "copy failed" + + docinto contrib + dodoc contrib/* + + insinto /etc/mail + + if use mbox + then + newins "${FILESDIR}"/sendmail.mc-r1 sendmail.mc + else + newins "${FILESDIR}"/sendmail-procmail.mc sendmail.mc + fi + + m4 "${D}"/usr/share/sendmail-cf/m4/cf.m4 "${D}"/etc/mail/sendmail.mc \ + > "${D}"/etc/mail/sendmail.cf || die "cf.m4 failed" + + echo "include(\`/usr/share/sendmail-cf/m4/cf.m4')dnl" \ + > "${D}"/etc/mail/submit.mc || die "echo failed" + + cat "${D}"/usr/share/sendmail-cf/cf/submit.mc >> "${D}"/etc/mail/submit.mc || die "submit.mc cat failed" + + echo "# local-host-names - include all aliases for your machine here" \ + > "${D}"/etc/mail/local-host-names || die "local-host-names echo failed" + + cat <<- EOF > "${D}"/etc/mail/trusted-users + # trusted-users - users that can send mail as others without a warning + # apache, mailman, majordomo, uucp are good candidates + EOF + + cat <<- EOF > "${D}"/etc/mail/access + # Check the /usr/share/doc/sendmail/README.cf file for a description + # of the format of this file. (search for access_db in that file) + # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc + # package. + # + + EOF + + cat <<- EOF > "${D}"/etc/conf.d/sendmail + # Config file for /etc/init.d/sendmail + # add start-up options here + SENDMAIL_OPTS="-bd -q30m -L sm-mta" # default daemon mode + CLIENTMQUEUE_OPTS="-Ac -q30m -L sm-cm" # clientmqueue + KILL_OPTS="" # add -9/-15/your favorite evil SIG level here + + EOF + + if use sasl; then + dodir /etc/sasl2 + cat <<- EOF > "${D}"/etc/sasl2/Sendmail.conf + pwcheck_method: saslauthd + mech_list: PLAIN LOGIN + + EOF + fi + + doinitd "${FILESDIR}"/sendmail + systemd_dounit "${FILESDIR}"/sendmail.service + systemd_dounit "${FILESDIR}"/sm-client.service +} -- cgit v1.2.3-65-gdbad