* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2015-10-19 10:52 Sergey Popov
0 siblings, 0 replies; 26+ messages in thread
From: Sergey Popov @ 2015-10-19 10:52 UTC (permalink / raw
To: gentoo-commits
commit: 2091c3a9d7ceccca564d8277d4de8e0e934615d7
Author: Alexander Tsoy <alexander <AT> tsoy <DOT> me>
AuthorDate: Sat Oct 17 21:44:31 2015 +0000
Commit: Sergey Popov <pinkbyte <AT> gentoo <DOT> org>
CommitDate: Mon Oct 19 10:52:50 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2091c3a9
mail-mta/exim: use freeradius-client instead of radiusclient
Also fix compilation with USE=radius. It was broken since
4.86 release.
Acked-by: Sergey Popov <pinkbyte <AT> gentoo.org>
Gentoo-Bug: 563356
mail-mta/exim/exim-4.86-r2.ebuild | 513 +++++++++++++++++++++
mail-mta/exim/files/exim-4.86-radius-include.patch | 15 +
.../exim/files/exim-4.86-radius-type-fix.patch | 25 +
3 files changed, 553 insertions(+)
diff --git a/mail-mta/exim/exim-4.86-r2.ebuild b/mail-mta/exim/exim-4.86-r2.ebuild
new file mode 100644
index 0000000..ef5243c
--- /dev/null
+++ b/mail-mta/exim/exim-4.86-r2.ebuild
@@ -0,0 +1,513 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
+REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ >=sys-libs/db-3.2
+ dev-libs/libpcre
+ perl? ( dev-lang/perl:= )
+ pam? ( virtual/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ gnutls? ( net-libs/gnutls[pkcs11?]
+ dev-libs/libtasn1 )
+ ldap? ( >=net-nds/openldap-2.0.7 )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc )
+ srs? ( mail-filter/libsrs_alt )
+ X? ( x11-proto/xproto
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libiconv
+ "
+ # added X check for #57206
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/mini-qmail
+ !<mail-mta/msmtp-1.4.19-r1
+ !>=mail-mta/msmtp-1.4.19-r1[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/qmail-ldap
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]
+ !net-mail/mailwrapper
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+ epatch "${FILESDIR}"/exim-4.14-tail.patch
+ epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+ epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+ epatch "${FILESDIR}"/exim-4.86-radius-type-fix.patch
+ epatch "${FILESDIR}"/exim-4.86-radius-include.patch
+
+ if use maildir ; then
+ epatch "${FILESDIR}"/exim-4.20-maildir.patch
+ else
+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ sed -i.orig \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+ "${S}"/src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile
+
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ EOC
+
+ # if we use libiconv, now is the time to tell so
+ use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ #
+ # mail storage formats
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ DBMLIB=-ldb
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ #
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ else
+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+ fi
+
+ #
+ # features
+
+ # content scanning support
+ if use exiscan-acl; then
+ cat >> Makefile <<- EOC
+ WITH_CONTENT_SCAN=yes
+ WITH_OLD_DEMIME=yes
+ EOC
+ fi
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ echo "SUPPORT_TLS=yes" >> Makefile
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls" >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ EOC
+ fi
+
+ #
+ # experimental features
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SRS=yes
+ EXTRALIBS_EXIM += -lsrs_alt
+ EOC
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use tpda; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_EVENT=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_PROXY=yes
+ EOC
+ fi
+
+ # Delivery Sender Notifications
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+ || die "make failed"
+}
+
+src_install () {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym /usr/sbin/exim /usr/bin/mailq
+ dosym /usr/sbin/exim /usr/bin/newaliases
+ dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc "${S}"/doc/*
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ if use exiscan-acl; then
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
+ fi
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ pamd_mimic system-auth exim auth account
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc9 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ DIROPTIONS="-m 0750 -o ${MAILUSER} -g ${MAILGROUP}"
+ dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+ fi
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use spf && einfo "SPF support is experimental"
+ use srs && einfo "SRS support is experimental"
+ if use dmarc ; then
+ einfo "DMARC support is experimental. See global settings to"
+ einfo "configure DMARC, for usage see the documentation at "
+ einfo "experimental-spec.txt."
+ fi
+ use tpda && einfo "TPDA/EVENT support is experimental"
+ use proxy && einfo "proxy support is experimental"
+ if use dsn ; then
+ einfo "Starting from Exim 4.83, DSN support comes from upstream."
+ einfo "DSN support is an experimental feature. If you used DSN"
+ einfo "support prior to 4.83, make sure to remove all dsn_process"
+ einfo "switches from your routers, see https://bugs.gentoo.org/511818"
+ fi
+ einfo "Exim maintains some db files under its spool directory that need"
+ einfo "cleaning from time to time. (${EROOT}var/spool/exim/db)"
+ einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
+ einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
+}
diff --git a/mail-mta/exim/files/exim-4.86-radius-include.patch b/mail-mta/exim/files/exim-4.86-radius-include.patch
new file mode 100644
index 0000000..acff7fc
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.86-radius-include.patch
@@ -0,0 +1,15 @@
+diff -urN exim-4.86.orig/src/auths/call_radius.c exim-4.86/src/auths/call_radius.c
+--- exim-4.86.orig/src/auths/call_radius.c 2015-07-24 00:20:37.000000000 +0300
++++ exim-4.86/src/auths/call_radius.c 2015-10-17 20:05:31.581240956 +0300
+@@ -38,7 +38,11 @@
+ #if !defined(RADIUS_LIB_RADIUSCLIENT) && !defined(RADIUS_LIB_RADIUSCLIENTNEW)
+ #define RADIUS_LIB_RADIUSCLIENT
+ #endif
++ #ifdef RADIUS_LIB_RADIUSCLIENTNEW
++ #include <freeradius-client.h>
++ #else
+ #include <radiusclient.h>
++ #endif
+ #endif
+
+
diff --git a/mail-mta/exim/files/exim-4.86-radius-type-fix.patch b/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
new file mode 100644
index 0000000..3ff4722
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
@@ -0,0 +1,25 @@
+commit 1b2adaee621f520aa640669a35c089c448294e9e
+Author: Alexander Tsoy <alexander@tsoy.me>
+Date: Sat Oct 17 20:39:10 2015 +0300
+
+ Fix conflicting types errors in radius auth
+
+ Was broken by commits 93a6fce2 and 55414b25
+
+diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
+index 2064ed2..1201078 100644
+--- a/src/src/auths/call_radius.c
++++ b/src/src/auths/call_radius.c
+@@ -60,10 +60,10 @@ Returns: OK if authentication succeeded
+ */
+
+ int
+-auth_call_radius(uschar *s, uschar **errptr)
++auth_call_radius(const uschar *s, uschar **errptr)
+ {
+ uschar *user;
+-uschar *radius_args = s;
++const uschar *radius_args = s;
+ int result;
+ int sep = 0;
+
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2015-12-11 9:23 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2015-12-11 9:23 UTC (permalink / raw
To: gentoo-commits
commit: 173a12d5c7db64de27086e6ac64c47bd3432bb81
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 11 09:21:06 2015 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Dec 11 09:21:06 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=173a12d5
mail-mta/exim: version bump to 4.87 RC1
Package-Manager: portage-2.2.20.1
mail-mta/exim/Manifest | 2 +
mail-mta/exim/exim-4.87_rc1.ebuild | 511 +++++++++++++++++++++
.../exim/files/exim-4.87-as-needed-ldflags.patch | 145 ++++++
3 files changed, 658 insertions(+)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index ba03148..2168cd0 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,7 +1,9 @@
DIST exim-4.84.tar.bz2 1761790 SHA256 78ea22be87fb6df880e7fd482f3bec9ef6ceca0c9dedd50f8a26cae0b38b9e9c SHA512 3cd41af6d57e5f0377fc93367753eae6cb6bf835803e8608c44e1da5acefce1ed8886f4fe7536950de072bfed6e927afe1536c1e6466cf3121dd352b69a68039 WHIRLPOOL 9e840aa6afa0db68455b4ab458706eedd7ea57b084999c9e85eaaec0530ed93958731d934ff1d7830d9b5cd086e36cb56dc8a2f78dad85bdba9ae6573510e840
DIST exim-4.85.tar.bz2 1784150 SHA256 13211f2bbc5400d095a9b4be075eb1347e0d98676fdfe4be8a3b4d56281daaa4 SHA512 2c5846528ee98e4aff5dbabe49dfa5ba6753fa64154b9671a7849db8a17773917fe13bcb9e5f732c43d7479debfadd8012b8650823eb12504a6b1b28be456161 WHIRLPOOL 4057cd745f12ff62e956838406544060d3d2d7383027959f3c1ca12eff43bddb9be63e284767245b271e53bef92596c1241f5e90e9ed611d02e95b7a30adc7c8
DIST exim-4.86.tar.bz2 1804807 SHA256 f1ccf2ce2ea51b7fbbf160e7e0e41d24ca401cf44a185128ad99ea04635fc456 SHA512 0b90cd1b4d99bbb976336ccf9c2c3375f453a74bb306f1b0215f7ecca80fbda83cf5cc38c502516c2903c5d753f1f559c534fc4f4b1b32ee3300db86de6610ab WHIRLPOOL a7e938cfaeb92af1b81c8a113752914b61e49d7fd71c39460b944716725b1e98b50a7c9ef1699569cd031ee7cac210639d9ef9bd21280e5ce7682eb40db91726
+DIST exim-4.87_RC1.tar.bz2 1818628 SHA256 cec26ecd7879cd04ab30fc1c152c4967549c8499a4432754ec97c6ecbc712911 SHA512 a97eb31ea612fb19f5fe2da23a51e248beb4faa5a378939207d52207254f50c54b97047a83e6995214ec5e58beeee1540dc12fb4c865ba81b7013c923342d2e0 WHIRLPOOL 4a57f87c84b83853892c400042a221992d9d4a3049195059feb6735ddb848482eac00d1f429da0dbcca2ca3cf984b4ba23f5645ebd1eab5ea92b31ed7cc4aa0b
DIST exim-html-4.84.tar.bz2 465281 SHA256 7ee7e9015b853915604b7806be93d56e9ba1fb915b63f0d6828c47f2228fd45b SHA512 7de8513476b6abcdfd36b0121a2a9d6decf1ccf94ef51b8363e544066cc05670e6f2b4d03d5fbc49071b1431183dfd9badde5cbcc65f51d55ec6b25ebcb070b9 WHIRLPOOL 88c376fd399e17b2bc06d2d0fad19f8c6485807118a81e0c200f6c39defe7155fa920489481a8b82e629951766ce0222b85956f387d22d22549303bd3dff7f82
DIST exim-html-4.85.tar.bz2 467069 SHA256 fd91946369626e74842a0799b93d0d9e4a201fe640af84e1b5349fe6ff204167 SHA512 8214576300827f79c0880e2d2163f71d7f1b3fe2aff714b591a011e48816965de5a773c3509137b085fec3d4d2128931f8398768c24dad6c92b7df27cbcafe74 WHIRLPOOL a7edffd7124c4920708616d3e59c0db5159dee5f7e4fd62ce29fdba769d39781a3826d4e3e39cdc97669941bb9a5c977defe280feb73cbe159b23df4cb6fe95f
DIST exim-html-4.86.tar.bz2 471159 SHA256 02226a9fbb6d5aaa9d35f3e2a3bd9077e2307463de6baf6e3e2e938c1fe39146 SHA512 0c15fbccaf9b744fb8b7990d2b2bd0555a04ef5ed82ffbf2e32372a539bae6d7cebad96960f5570a2f8f27d31ebdf2467c51cb053b059996bb9122bc02fa741b WHIRLPOOL d9fbaa73491ab1657afb6ba59da5adea26144b58b358aeb9829731d3f35d6c1d8c7021c5243cb989e7c704cc346cde2a330f9eedc5b357326c1d56d7caa4a6c5
+DIST exim-html-4.87_RC1.tar.bz2 475376 SHA256 37303fbca2282e86328e2b3bab84526b920ac54e0d4b96d3597639a495ef70db SHA512 1d338abda79aa49968ded992cfa60e4c791bd647783095991be9d7eaf144e4b20460915585af78b498def4a8d3f160937eef85f767adb4512f28384e9ab620db WHIRLPOOL e12e97e1cd0d9b6648377f298c478e5fa2f060ebd004b4726e100414c83f53e6b8e294a8b102357ac15a3868f34ae299edc4213a46851bb78c6e62415999a1ef
DIST system_filter.exim.gz 3075 SHA256 3a3471b486a09e0a0153f7b520e1eaf26d21b97d73ea8348bdc593c00eb1e437 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 WHIRLPOOL ce68d9c18b24eca3ef97ea810964cc1ada5f85b795a7c432ad39b5788188a16419101c92fb52b418738d760e1d658f7a41485e5561079a667d84d276c71be5a4
diff --git a/mail-mta/exim/exim-4.87_rc1.ebuild b/mail-mta/exim/exim-4.87_rc1.ebuild
new file mode 100644
index 0000000..99e8dde
--- /dev/null
+++ b/mail-mta/exim/exim-4.87_rc1.ebuild
@@ -0,0 +1,511 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
+REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~hppa ~ppc64 ~x86"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ >=sys-libs/db-3.2
+ dev-libs/libpcre
+ perl? ( dev-lang/perl:= )
+ pam? ( virtual/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ gnutls? ( net-libs/gnutls[pkcs11?]
+ dev-libs/libtasn1 )
+ ldap? ( >=net-nds/openldap-2.0.7 )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc )
+ srs? ( mail-filter/libsrs_alt )
+ X? ( x11-proto/xproto
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libiconv
+ "
+ # added X check for #57206
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/mini-qmail
+ !<mail-mta/msmtp-1.4.19-r1
+ !>=mail-mta/msmtp-1.4.19-r1[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/qmail-ldap
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]
+ !net-mail/mailwrapper
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+ epatch "${FILESDIR}"/exim-4.14-tail.patch
+ epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+ epatch "${FILESDIR}"/exim-4.87-as-needed-ldflags.patch # 352265, 391279
+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+
+ if use maildir ; then
+ epatch "${FILESDIR}"/exim-4.20-maildir.patch
+ else
+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ sed -i.orig \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+ "${S}"/src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile
+
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ EOC
+
+ # if we use libiconv, now is the time to tell so
+ use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ #
+ # mail storage formats
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ DBMLIB=-ldb
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ #
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ else
+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+ fi
+
+ #
+ # features
+
+ # content scanning support
+ if use exiscan-acl; then
+ cat >> Makefile <<- EOC
+ WITH_CONTENT_SCAN=yes
+ WITH_OLD_DEMIME=yes
+ EOC
+ fi
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ echo "SUPPORT_TLS=yes" >> Makefile
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls" >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ EOC
+ fi
+
+ #
+ # experimental features
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SRS=yes
+ EXTRALIBS_EXIM += -lsrs_alt
+ EOC
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use tpda; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_EVENT=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_PROXY=yes
+ EOC
+ fi
+
+ # Delivery Sender Notifications
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+ || die "make failed"
+}
+
+src_install () {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym /usr/sbin/exim /usr/bin/mailq
+ dosym /usr/sbin/exim /usr/bin/newaliases
+ dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc "${S}"/doc/*
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ if use exiscan-acl; then
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
+ fi
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ pamd_mimic system-auth exim auth account
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc9 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+ dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+ fi
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use spf && einfo "SPF support is experimental"
+ use srs && einfo "SRS support is experimental"
+ if use dmarc ; then
+ einfo "DMARC support is experimental. See global settings to"
+ einfo "configure DMARC, for usage see the documentation at "
+ einfo "experimental-spec.txt."
+ fi
+ use tpda && einfo "TPDA/EVENT support is experimental"
+ use proxy && einfo "proxy support is experimental"
+ if use dsn ; then
+ einfo "Starting from Exim 4.83, DSN support comes from upstream."
+ einfo "DSN support is an experimental feature. If you used DSN"
+ einfo "support prior to 4.83, make sure to remove all dsn_process"
+ einfo "switches from your routers, see https://bugs.gentoo.org/511818"
+ fi
+ einfo "Exim maintains some db files under its spool directory that need"
+ einfo "cleaning from time to time. (${EROOT}var/spool/exim/db)"
+ einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
+ einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
+}
diff --git a/mail-mta/exim/files/exim-4.87-as-needed-ldflags.patch b/mail-mta/exim/files/exim-4.87-as-needed-ldflags.patch
new file mode 100644
index 0000000..e438485
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.87-as-needed-ldflags.patch
@@ -0,0 +1,145 @@
+https://bugs.gentoo.org/show_bug.cgi?id=352265
+
+Make sure LDFLAGS comes first, such that all libraries are considered,
+and not discarded when --as-needed is in effect.
+
+https://bugs.gentoo.org/show_bug.cgi?id=391279
+
+Use LDFLAGS for all targets, not just the exim binary, such that
+--as-needed works as well.
+
+
+--- OS/Makefile-Base
++++ OS/Makefile-Base
+@@ -325,12 +325,12 @@
+ buildrouters buildtransports \
+ $(OBJ_EXIM) version.o
+ @echo "$(LNCC) -o exim"
+- $(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
++ $(FE)$(PURIFY) $(LNCC) -o exim $(LDFLAGS) $(OBJ_EXIM) version.o \
+ routers/routers.a transports/transports.a lookups/lookups.a \
+ auths/auths.a pdkim/pdkim.a \
+ $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
+ $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
+- $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
++ $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim; \
+ $(STRIP_COMMAND) exim; \
+@@ -346,8 +346,8 @@
+
+ exim_dumpdb: $(OBJ_DUMPDB)
+ @echo "$(LNCC) -o exim_dumpdb"
+- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
+- $(LIBS) $(EXTRALIBS) $(DBMLIB)
++ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LDFLAGS) $(OBJ_DUMPDB) \
++ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_dumpdb; \
+ $(STRIP_COMMAND) exim_dumpdb; \
+@@ -361,8 +361,8 @@
+
+ exim_fixdb: $(OBJ_FIXDB) buildauths
+ @echo "$(LNCC) -o exim_fixdb"
+- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
+- auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB)
++ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \
++ auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_fixdb; \
+ $(STRIP_COMMAND) exim_fixdb; \
+@@ -376,8 +376,8 @@
+
+ exim_tidydb: $(OBJ_TIDYDB)
+ @echo "$(LNCC) -o exim_tidydb"
+- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
+- $(LIBS) $(EXTRALIBS) $(DBMLIB)
++ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LDFLAGS) $(OBJ_TIDYDB) \
++ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_tidydb; \
+ $(STRIP_COMMAND) exim_tidydb; \
+@@ -389,8 +389,8 @@
+
+ exim_dbmbuild: exim_dbmbuild.o
+ @echo "$(LNCC) -o exim_dbmbuild"
+- $(FE)$(LNCC) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
+- $(LIBS) $(EXTRALIBS) $(DBMLIB)
++ $(FE)$(LNCC) -o exim_dbmbuild $(LDFLAGS) exim_dbmbuild.o \
++ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_dbmbuild; \
+ $(STRIP_COMMAND) exim_dbmbuild; \
+@@ -404,8 +404,8 @@
+ @echo "$(CC) exim_lock.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
+ @echo "$(LNCC) -o exim_lock"
+- $(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o \
+- $(LIBS) $(EXTRALIBS)
++ $(FE)$(LNCC) -o exim_lock $(LDFLAGS) exim_lock.o \
++ $(LIBS) $(EXTRALIBS) $(LFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_lock; \
+ $(STRIP_COMMAND) exim_lock; \
+@@ -435,9 +435,9 @@
+ $(FE)$(CC) -o em_version.o -c \
+ $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
+ @echo "$(LNCC) -o eximon.bin"
+- $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
++ $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LDFLAGS) $(XLFLAGS) \
+ $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
+- $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
++ $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc $(LFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) eximon.bin; \
+ $(STRIP_COMMAND) eximon.bin; \
+@@ -745,9 +745,9 @@
+ test_dbfn: config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \
+ string.o tod.o version.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
+- $(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
++ $(LNCC) -o test_dbfn $(LDFLAGS) dbfn.o \
+ dummies.o sa-globals.o sa-os.o store.o string.o \
+- tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
++ tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LFLAGS)
+ rm -f dbfn.o
+
+ test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
+@@ -756,29 +756,29 @@
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
+- $(LNCC) -o test_host $(LFLAGS) \
++ $(LNCC) -o test_host $(LDFLAGS) \
+ host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
+- tod.o tree.o $(LIBS) $(LIBRESOLV)
++ tod.o tree.o $(LIBS) $(LIBRESOLV) $(LFLAGS)
+ rm -f child.o dummies.o host.o dns.o
+
+ test_os: os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
+- $(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
+- sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
++ $(LNCC) -o test_os $(LDFLAGS) os.o dummies.o \
++ sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LFLAGS)
+ rm -f os.o
+
+ test_parse: config.h parse.c dummies.o sa-globals.o \
+ store.o string.o tod.o version.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
+- $(LNCC) -o test_parse $(LFLAGS) parse.o \
++ $(LNCC) -o test_parse $(LDFLAGS) parse.o \
+ dummies.o sa-globals.o store.o string.o tod.o version.o \
+- utf8.o $(LDFLAGS)
++ utf8.o $(LFLAGS)
+ rm -f parse.o
+
+ test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
+- $(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
+- dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
++ $(LNCC) -o test_string $(LDFLAGS) -DSTAND_ALONE string.o \
++ dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LFLAGS)
+ rm -f string.o
+
+ # End
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2016-03-04 10:58 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2016-03-04 10:58 UTC (permalink / raw
To: gentoo-commits
commit: d64c7f7c68164c8d99325dd8fba7efcd515b9b09
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 4 10:56:37 2016 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Mar 4 10:56:37 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d64c7f7c
mail-mta/exim: fix TMPDIR patch for 4.86.2, drop for 4.87_rc5 as it's upstream, bug #576332
Package-Manager: portage-2.2.26
mail-mta/exim/exim-4.86.2.ebuild | 2 +-
mail-mta/exim/exim-4.87_rc5.ebuild | 1 -
mail-mta/exim/files/exim-4.86.2-TMPDIR.patch | 68 ++++++++++++++++++++++++++++
3 files changed, 69 insertions(+), 2 deletions(-)
diff --git a/mail-mta/exim/exim-4.86.2.ebuild b/mail-mta/exim/exim-4.86.2.ebuild
index afad148..1e63f26 100644
--- a/mail-mta/exim/exim-4.86.2.ebuild
+++ b/mail-mta/exim/exim-4.86.2.ebuild
@@ -87,7 +87,7 @@ src_prepare() {
epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
epatch "${FILESDIR}"/exim-4.86-radius-type-fix.patch
epatch "${FILESDIR}"/exim-4.86-radius-include.patch
- epatch "${FILESDIR}"/exim-4.86-TMPDIR.patch # 63420
+ epatch "${FILESDIR}"/exim-4.86.2-TMPDIR.patch # 63420
if use maildir ; then
epatch "${FILESDIR}"/exim-4.20-maildir.patch
diff --git a/mail-mta/exim/exim-4.87_rc5.ebuild b/mail-mta/exim/exim-4.87_rc5.ebuild
index 2bcd192..661bf5e 100644
--- a/mail-mta/exim/exim-4.87_rc5.ebuild
+++ b/mail-mta/exim/exim-4.87_rc5.ebuild
@@ -85,7 +85,6 @@ src_prepare() {
epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
epatch "${FILESDIR}"/exim-4.87-as-needed-ldflags.patch # 352265, 391279
epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- epatch "${FILESDIR}"/exim-4.86-TMPDIR.patch # 63420
if use maildir ; then
epatch "${FILESDIR}"/exim-4.20-maildir.patch
diff --git a/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch b/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
new file mode 100644
index 0000000..9c05a24
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
@@ -0,0 +1,68 @@
+Adapted for 4.86.2
+
+From c36cf51b85cfc86e46226c846914c8d915f9f3c0 Mon Sep 17 00:00:00 2001
+From: Alexander Tsoy <alexander@tsoy.me>
+Date: Tue, 2 Feb 2016 20:56:15 +0300
+Subject: [PATCH] Rename build-time option TMPDIR to EXIM_TMPDIR
+
+---
+ src/EDITME | 2 +-
+ src/config.h.defaults | 2 +-
+ src/exim.c | 12 ++++++------
+ 3 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/EDITME b/src/EDITME
+index 30a296e..6afe0c7 100644
+--- a/src/EDITME
++++ b/src/EDITME
+@@ -1123,7 +1123,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+ # it replaces the value with what is defined here. Commenting this setting
+ # suppresses the check altogether.
+
+-TMPDIR="/tmp"
++EXIM_TMPDIR="/tmp"
+
+
+ #------------------------------------------------------------------------------
+diff --git a/src/config.h.defaults b/src/config.h.defaults
+index 14de083..c1cf1a9 100644
+--- a/src/config.h.defaults
++++ b/src/config.h.defaults
+@@ -150,7 +150,7 @@ it's a default value. */
+
+ #define TCP_WRAPPERS_DAEMON_NAME "exim"
+ #define TIMEZONE_DEFAULT
+-#define TMPDIR
++#define EXIM_TMPDIR
+
+ #define TRANSPORT_APPENDFILE
+ #define TRANSPORT_AUTOREPLY
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3887,20 +3887,20 @@
+ temporary files are created; Exim doesn't use these (apart from when delivering
+ to MBX mailboxes), but called libraries such as DBM libraries may require them.
+ If TMPDIR is found in the environment, reset it to the value defined in the
+-TMPDIR macro, if this macro is defined. */
++EXIM_TMPDIR macro, if this macro is defined. */
+
+-#ifdef TMPDIR
++#ifdef EXIM_TMPDIR
+ {
+ uschar **p;
+ if (environ) for (p = USS environ; *p != NULL; p++)
+ {
+ if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
+- Ustrcmp(*p+7, TMPDIR) != 0)
++ Ustrcmp(*p+7, EXIM_TMPDIR) != 0)
+ {
+- uschar *newp = malloc(Ustrlen(TMPDIR) + 8);
+- sprintf(CS newp, "TMPDIR=%s", TMPDIR);
++ uschar *newp = malloc(Ustrlen(EXIM_TMPDIR) + 8);
++ sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR);
+ *p = newp;
+- DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", TMPDIR);
++ DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR);
+ }
+ }
+ }
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2016-07-08 11:28 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2016-07-08 11:28 UTC (permalink / raw
To: gentoo-commits
commit: 62a850cc4c30b096ca965f64dc9b21a8fcf8b53b
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 8 11:28:24 2016 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Jul 8 11:28:24 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62a850cc
mail-mta/exim: cleanup
Package-Manager: portage-2.2.28
mail-mta/exim/Manifest | 8 -
mail-mta/exim/exim-4.84.2.ebuild | 508 --------------------
mail-mta/exim/exim-4.84.ebuild | 508 --------------------
mail-mta/exim/exim-4.85.2.ebuild | 508 --------------------
mail-mta/exim/exim-4.86.2.ebuild | 525 ---------------------
mail-mta/exim/files/exim-4.86-TMPDIR.patch | 71 ---
mail-mta/exim/files/exim-4.86-radius-include.patch | 15 -
.../exim/files/exim-4.86-radius-type-fix.patch | 25 -
mail-mta/exim/files/exim-4.86.2-TMPDIR.patch | 68 ---
mail-mta/exim/files/exim.rc8 | 30 --
10 files changed, 2266 deletions(-)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 7f78b6b..c702b5e 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,15 +1,7 @@
-DIST exim-4.84.2.tar.bz2 1745970 SHA256 eb082aedf9349a29e25120e53f9e67a7ca6c4a6dad579c1425da1e131599bf52 SHA512 04f0f4631d5eb81d7732f4e210fdda87e34adb497f1af744868fab0fe1dc64845b0d1228b34660e0123436a78d0ecf62a6d18702a0ba4f2c1a1c1398b8ac4aaf WHIRLPOOL 34054528aa0a1724001942474ad23385221a42def71bb7460574052f06fe93bead0af04ba5cbdd463fddcb85d855c5441ed3b72a1a97f862a4bf9534267f4434
-DIST exim-4.84.tar.bz2 1761790 SHA256 78ea22be87fb6df880e7fd482f3bec9ef6ceca0c9dedd50f8a26cae0b38b9e9c SHA512 3cd41af6d57e5f0377fc93367753eae6cb6bf835803e8608c44e1da5acefce1ed8886f4fe7536950de072bfed6e927afe1536c1e6466cf3121dd352b69a68039 WHIRLPOOL 9e840aa6afa0db68455b4ab458706eedd7ea57b084999c9e85eaaec0530ed93958731d934ff1d7830d9b5cd086e36cb56dc8a2f78dad85bdba9ae6573510e840
-DIST exim-4.85.2.tar.bz2 1773050 SHA256 b0dcdb8832e77716396a6ca8a7523263af518d23910d818ba9a492fe93bef618 SHA512 17398ac730cc355ea063d68f9396e1f9238d2c9cc90939dd0ed3a003aa995e79190f6a206f1b338c95f300a43c97481b0b24d34bcded7b281b521f9dbb41fc6d WHIRLPOOL faa21b50b76e7d5ffe94d4bbf3616492108a0ab3702c16d1e0e6fe62d6ecc351d5df62d99f0c97aa32d8e20c1af96a3ed57207a026f8830f0df149edf508a33d
DIST exim-4.85.tar.bz2 1784150 SHA256 13211f2bbc5400d095a9b4be075eb1347e0d98676fdfe4be8a3b4d56281daaa4 SHA512 2c5846528ee98e4aff5dbabe49dfa5ba6753fa64154b9671a7849db8a17773917fe13bcb9e5f732c43d7479debfadd8012b8650823eb12504a6b1b28be456161 WHIRLPOOL 4057cd745f12ff62e956838406544060d3d2d7383027959f3c1ca12eff43bddb9be63e284767245b271e53bef92596c1241f5e90e9ed611d02e95b7a30adc7c8
-DIST exim-4.86.2.tar.bz2 1799316 SHA256 7756deafd0583776e091f2efcba9b36203e668cf420d8876f314980803636eb3 SHA512 5869a7ae8fd66819f654f6617c7e77075a24b110074317b77135b8cc86f12632e79758d41819c6e91871e0145adaba4b91651f5c6c1d2ebd17927f0198876231 WHIRLPOOL 81e284bf6d1be9597e858468834ce8ff60f2783b75fea85a020df20a15a088339c4b2ccc6199c83672fcb37c05d4ca7957e70a2f2827292454266e7f9bcab87f
DIST exim-4.86.tar.bz2 1804807 SHA256 f1ccf2ce2ea51b7fbbf160e7e0e41d24ca401cf44a185128ad99ea04635fc456 SHA512 0b90cd1b4d99bbb976336ccf9c2c3375f453a74bb306f1b0215f7ecca80fbda83cf5cc38c502516c2903c5d753f1f559c534fc4f4b1b32ee3300db86de6610ab WHIRLPOOL a7e938cfaeb92af1b81c8a113752914b61e49d7fd71c39460b944716725b1e98b50a7c9ef1699569cd031ee7cac210639d9ef9bd21280e5ce7682eb40db91726
DIST exim-4.87.tar.bz2 1801422 SHA256 74691e0dff4d1b5d387e9c33c86f96a8f6d2adbc781c0dec9d2061a847b07dc9 SHA512 2b0d5c82133315c444e29abd182e0866482c904db1abe5ffe9a3008c2174f52eca850a433c069b4102874dc32bbe4af112beac94ffa154f1c06615c24deb47a4 WHIRLPOOL 3aede6629fbf41a71f6907e636458165258b523a3080d0b59ba6b295c1a258d8ce205a3295d4c49c2e6e88ef597b64895684fd47a3f5c3fba360d8e56be5f7f9
-DIST exim-html-4.84.2.tar.bz2 459553 SHA256 407165354936515c28d6f206cf20bb3c3c7f55e70e66c551154e8e9dd554955d SHA512 17b1151f90eec13334ac27f9f8430276bf1a7b4c9c6e41c76afb52e18fe107ab421194881876221acef6386a7bd8c6a5372fec6217f88e3dd4bcaef8809aa178 WHIRLPOOL df3960dfbb631b9b82d60edda27910e58936e17edc6782cd63bf70bf826bce8dbe76d7add6444045334eb6230167f5f76984274d9ba3a6c6b50009412c6e6e8b
-DIST exim-html-4.84.tar.bz2 465281 SHA256 7ee7e9015b853915604b7806be93d56e9ba1fb915b63f0d6828c47f2228fd45b SHA512 7de8513476b6abcdfd36b0121a2a9d6decf1ccf94ef51b8363e544066cc05670e6f2b4d03d5fbc49071b1431183dfd9badde5cbcc65f51d55ec6b25ebcb070b9 WHIRLPOOL 88c376fd399e17b2bc06d2d0fad19f8c6485807118a81e0c200f6c39defe7155fa920489481a8b82e629951766ce0222b85956f387d22d22549303bd3dff7f82
-DIST exim-html-4.85.2.tar.bz2 461392 SHA256 b84e19f53b4077efbb94e232c8ce6557d133e0275a1d0ec32f2677068ad33dfa SHA512 e6f8531cbf0edc50db43d74b1e671ea51a2eaac7c06c8551f0229bc3a7882c725c8025a95d8a728aeb4ab3feddf6d2e1e5b7191869ac02cdfcb428e986a86422 WHIRLPOOL 8fe3a6575300ce660770b1357cef1158ef1171bcd79d7a4d7170a4867a4f7d5fd5e33d3be8a48ddfc875860d209b0771cd1c49173a9b821b3c1d70b48ea1583c
DIST exim-html-4.85.tar.bz2 467069 SHA256 fd91946369626e74842a0799b93d0d9e4a201fe640af84e1b5349fe6ff204167 SHA512 8214576300827f79c0880e2d2163f71d7f1b3fe2aff714b591a011e48816965de5a773c3509137b085fec3d4d2128931f8398768c24dad6c92b7df27cbcafe74 WHIRLPOOL a7edffd7124c4920708616d3e59c0db5159dee5f7e4fd62ce29fdba769d39781a3826d4e3e39cdc97669941bb9a5c977defe280feb73cbe159b23df4cb6fe95f
-DIST exim-html-4.86.2.tar.bz2 466139 SHA256 1c97a6efd0a7aaf4b9960ce70fed4df37725f676397ce744efea1503ec1f5914 SHA512 593df23914939f8fa76c15a2ab7fc197efa05fcbb984179c9dc2c7d535fe2bef1394c07bc8449f2219f54615ff2f4ee13b76409d89b846dc71e54880681c913e WHIRLPOOL e6bbcf9bc20e2231542d20f40c656b30ce1f2e6fff5005f594191c5e325d0c5fbd45543b680151773fc14cbee253f417e7cea4e514d4e677486a6d334a36a3a7
DIST exim-html-4.86.tar.bz2 471159 SHA256 02226a9fbb6d5aaa9d35f3e2a3bd9077e2307463de6baf6e3e2e938c1fe39146 SHA512 0c15fbccaf9b744fb8b7990d2b2bd0555a04ef5ed82ffbf2e32372a539bae6d7cebad96960f5570a2f8f27d31ebdf2467c51cb053b059996bb9122bc02fa741b WHIRLPOOL d9fbaa73491ab1657afb6ba59da5adea26144b58b358aeb9829731d3f35d6c1d8c7021c5243cb989e7c704cc346cde2a330f9eedc5b357326c1d56d7caa4a6c5
DIST exim-html-4.87.tar.bz2 478953 SHA256 8f87876d4a392f59d1009ba64ac461862951a3f4eed9c0b14a49be7bcbdc1f12 SHA512 224884abfd7ab9a2410dbdd24bb65545faf427f1b83a942c6c72309e7d85771f78bf7dc5ec1439de95e1038959cdfc4ab549abb98852c8b17c8310b51ad0385c WHIRLPOOL 0444f0b8d8f2e6fab66e9ec7b169eb1d175247e31c323f0a2817b60e2ce6b75057c8d38477697472b009f73fd4b285595b8ca09bac845763767e8146d6c87491
DIST system_filter.exim.gz 3075 SHA256 3a3471b486a09e0a0153f7b520e1eaf26d21b97d73ea8348bdc593c00eb1e437 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 WHIRLPOOL ce68d9c18b24eca3ef97ea810964cc1ada5f85b795a7c432ad39b5788188a16419101c92fb52b418738d760e1d658f7a41485e5561079a667d84d276c71be5a4
diff --git a/mail-mta/exim/exim-4.84.2.ebuild b/mail-mta/exim/exim-4.84.2.ebuild
deleted file mode 100644
index 4479c70..0000000
--- a/mail-mta/exim/exim-4.84.2.ebuild
+++ /dev/null
@@ -1,508 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4/old"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- >=sys-libs/db-3.2:=
- dev-libs/libpcre
- perl? ( dev-lang/perl:= )
- pam? ( virtual/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? ( dev-libs/openssl:= )
- gnutls? ( net-libs/gnutls[pkcs11?]
- dev-libs/libtasn1 )
- ldap? ( >=net-nds/openldap-2.0.7 )
- mysql? ( virtual/mysql )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc )
- srs? ( mail-filter/libsrs_alt )
- X? ( x11-proto/xproto
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/radiusclient )
- virtual/libiconv
- "
- # added X check for #57206
-DEPEND="${COMMON_DEPEND}
- virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/mini-qmail
- !<mail-mta/msmtp-1.4.19-r1
- !>=mail-mta/msmtp-1.4.19-r1[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/qmail-ldap
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !<mail-mta/ssmtp-2.64-r2
- !>=mail-mta/ssmtp-2.64-r2[mta]
- !net-mail/mailwrapper
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
- epatch "${FILESDIR}"/exim-4.14-tail.patch
- epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
- epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
- epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
- epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
- epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
- if use maildir ; then
- epatch "${FILESDIR}"/exim-4.20-maildir.patch
- else
- epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- sed -i.orig \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
- "${S}"/src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
- -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile
-
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # if we use libiconv, now is the time to tell so
- use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- #
- # mail storage formats
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
-
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- cat >> Makefile <<- EOC
- USE_DB=yes
- DBMLIB=-ldb
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- #
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- else
- sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
- fi
-
- #
- # features
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- WITH_OLD_DEMIME=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- echo "SUPPORT_TLS=yes" >> Makefile
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls" >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- EOC
- fi
-
- #
- # experimental features
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Transport post-delivery actions
- if use tpda; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_TPDA=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_PROXY=yes
- EOC
- fi
-
- # Delivery Sender Notifications
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENT
- AUTH_LIBS += -lradiusclient
- EOC
- fi
-}
-
-src_compile() {
- emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
- || die "make failed"
-}
-
-src_install () {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym /usr/sbin/exim /usr/bin/mailq
- dosym /usr/sbin/exim /usr/bin/newaliases
- dosym /usr/sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc "${S}"/doc/*
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- pamd_mimic system-auth exim auth account
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc8 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- dodir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
- einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
- einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- use spf && einfo "SPF support is experimental"
- use srs && einfo "SRS support is experimental"
- if use dmarc ; then
- einfo "DMARC support is experimental. See global settings to"
- einfo "configure DMARC, for usage see the documentation at "
- einfo "experimental-spec.txt."
- fi
- use tpda && einfo "TPDA support is experimental"
- use proxy && einfo "proxy support is experimental"
- if use dsn ; then
- einfo "Starting from Exim 4.83, DSN support comes from upstream."
- einfo "DSN support is an experimental feature. If you used DSN"
- einfo "support prior to 4.83, make sure to remove all dsn_process"
- einfo "switches from your routers, see https://bugs.gentoo.org/511818"
- fi
- einfo "Exim maintains some db files under its spool directory that need"
- einfo "cleaning from time to time. (${EROOT}var/spool/exim/db)"
- einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
- einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
-}
diff --git a/mail-mta/exim/exim-4.84.ebuild b/mail-mta/exim/exim-4.84.ebuild
deleted file mode 100644
index a09c05c..0000000
--- a/mail-mta/exim/exim-4.84.ebuild
+++ /dev/null
@@ -1,508 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- >=sys-libs/db-3.2:=
- dev-libs/libpcre
- perl? ( dev-lang/perl:= )
- pam? ( virtual/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? ( dev-libs/openssl:= )
- gnutls? ( net-libs/gnutls[pkcs11?]
- dev-libs/libtasn1 )
- ldap? ( >=net-nds/openldap-2.0.7 )
- mysql? ( virtual/mysql )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc )
- srs? ( mail-filter/libsrs_alt )
- X? ( x11-proto/xproto
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/radiusclient )
- virtual/libiconv
- "
- # added X check for #57206
-DEPEND="${COMMON_DEPEND}
- virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/mini-qmail
- !<mail-mta/msmtp-1.4.19-r1
- !>=mail-mta/msmtp-1.4.19-r1[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/qmail-ldap
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !<mail-mta/ssmtp-2.64-r2
- !>=mail-mta/ssmtp-2.64-r2[mta]
- !net-mail/mailwrapper
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
- epatch "${FILESDIR}"/exim-4.14-tail.patch
- epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
- epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
- epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
- epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
- epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
- if use maildir ; then
- epatch "${FILESDIR}"/exim-4.20-maildir.patch
- else
- epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- sed -i.orig \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
- "${S}"/src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
- -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile
-
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # if we use libiconv, now is the time to tell so
- use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- #
- # mail storage formats
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
-
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- cat >> Makefile <<- EOC
- USE_DB=yes
- DBMLIB=-ldb
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- #
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- else
- sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
- fi
-
- #
- # features
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- WITH_OLD_DEMIME=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- echo "SUPPORT_TLS=yes" >> Makefile
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls" >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- EOC
- fi
-
- #
- # experimental features
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Transport post-delivery actions
- if use tpda; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_TPDA=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_PROXY=yes
- EOC
- fi
-
- # Delivery Sender Notifications
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENT
- AUTH_LIBS += -lradiusclient
- EOC
- fi
-}
-
-src_compile() {
- emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
- || die "make failed"
-}
-
-src_install () {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym /usr/sbin/exim /usr/bin/mailq
- dosym /usr/sbin/exim /usr/bin/newaliases
- dosym /usr/sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc "${S}"/doc/*
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- pamd_mimic system-auth exim auth account
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc8 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- dodir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
- einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
- einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- use spf && einfo "SPF support is experimental"
- use srs && einfo "SRS support is experimental"
- if use dmarc ; then
- einfo "DMARC support is experimental. See global settings to"
- einfo "configure DMARC, for usage see the documentation at "
- einfo "experimental-spec.txt."
- fi
- use tpda && einfo "TPDA support is experimental"
- use proxy && einfo "proxy support is experimental"
- if use dsn ; then
- einfo "Starting from Exim 4.83, DSN support comes from upstream."
- einfo "DSN support is an experimental feature. If you used DSN"
- einfo "support prior to 4.83, make sure to remove all dsn_process"
- einfo "switches from your routers, see https://bugs.gentoo.org/511818"
- fi
- einfo "Exim maintains some db files under its spool directory that need"
- einfo "cleaning from time to time. (${EROOT}var/spool/exim/db)"
- einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
- einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
-}
diff --git a/mail-mta/exim/exim-4.85.2.ebuild b/mail-mta/exim/exim-4.85.2.ebuild
deleted file mode 100644
index 5f918df..0000000
--- a/mail-mta/exim/exim-4.85.2.ebuild
+++ /dev/null
@@ -1,508 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4/old"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- >=sys-libs/db-3.2:=
- dev-libs/libpcre
- perl? ( dev-lang/perl:= )
- pam? ( virtual/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? ( dev-libs/openssl:= )
- gnutls? ( net-libs/gnutls[pkcs11?]
- dev-libs/libtasn1 )
- ldap? ( >=net-nds/openldap-2.0.7 )
- mysql? ( virtual/mysql )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc )
- srs? ( mail-filter/libsrs_alt )
- X? ( x11-proto/xproto
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/radiusclient )
- virtual/libiconv
- "
- # added X check for #57206
-DEPEND="${COMMON_DEPEND}
- virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/mini-qmail
- !<mail-mta/msmtp-1.4.19-r1
- !>=mail-mta/msmtp-1.4.19-r1[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/qmail-ldap
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !<mail-mta/ssmtp-2.64-r2
- !>=mail-mta/ssmtp-2.64-r2[mta]
- !net-mail/mailwrapper
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
- epatch "${FILESDIR}"/exim-4.14-tail.patch
- epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
- epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
- epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
- epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
- epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
- if use maildir ; then
- epatch "${FILESDIR}"/exim-4.20-maildir.patch
- else
- epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- sed -i.orig \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
- "${S}"/src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
- -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile
-
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # if we use libiconv, now is the time to tell so
- use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- #
- # mail storage formats
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
-
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- cat >> Makefile <<- EOC
- USE_DB=yes
- DBMLIB=-ldb
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- #
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- else
- sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
- fi
-
- #
- # features
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- WITH_OLD_DEMIME=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- echo "SUPPORT_TLS=yes" >> Makefile
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls" >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- EOC
- fi
-
- #
- # experimental features
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Transport post-delivery actions
- if use tpda; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_EVENT=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_PROXY=yes
- EOC
- fi
-
- # Delivery Sender Notifications
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENT
- AUTH_LIBS += -lradiusclient
- EOC
- fi
-}
-
-src_compile() {
- emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
- || die "make failed"
-}
-
-src_install () {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym /usr/sbin/exim /usr/bin/mailq
- dosym /usr/sbin/exim /usr/bin/newaliases
- dosym /usr/sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc "${S}"/doc/*
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- pamd_mimic system-auth exim auth account
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc9 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- dodir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
- einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
- einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- use spf && einfo "SPF support is experimental"
- use srs && einfo "SRS support is experimental"
- if use dmarc ; then
- einfo "DMARC support is experimental. See global settings to"
- einfo "configure DMARC, for usage see the documentation at "
- einfo "experimental-spec.txt."
- fi
- use tpda && einfo "TPDA/EVENT support is experimental"
- use proxy && einfo "proxy support is experimental"
- if use dsn ; then
- einfo "Starting from Exim 4.83, DSN support comes from upstream."
- einfo "DSN support is an experimental feature. If you used DSN"
- einfo "support prior to 4.83, make sure to remove all dsn_process"
- einfo "switches from your routers, see https://bugs.gentoo.org/511818"
- fi
- einfo "Exim maintains some db files under its spool directory that need"
- einfo "cleaning from time to time. (${EROOT}var/spool/exim/db)"
- einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
- einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
-}
diff --git a/mail-mta/exim/exim-4.86.2.ebuild b/mail-mta/exim/exim-4.86.2.ebuild
deleted file mode 100644
index 4e7e8ea..0000000
--- a/mail-mta/exim/exim-4.86.2.ebuild
+++ /dev/null
@@ -1,525 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X"
-REQUIRED_USE="spf? ( exiscan-acl ) srs? ( exiscan-acl ) dmarc? ( spf dkim ) pkcs11? ( gnutls )"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-html-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- >=sys-libs/db-3.2:=
- dev-libs/libpcre
- perl? ( dev-lang/perl:= )
- pam? ( virtual/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- !libressl? ( dev-libs/openssl:0=[-bindist] )
- libressl? ( dev-libs/libressl:= )
- )
- gnutls? ( net-libs/gnutls[pkcs11?]
- dev-libs/libtasn1 )
- ldap? ( >=net-nds/openldap-2.0.7 )
- mysql? ( virtual/mysql )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc )
- srs? ( mail-filter/libsrs_alt )
- X? ( x11-proto/xproto
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libiconv
- "
- # added X check for #57206
-DEPEND="${COMMON_DEPEND}
- virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/mini-qmail
- !<mail-mta/msmtp-1.4.19-r1
- !>=mail-mta/msmtp-1.4.19-r1[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/qmail-ldap
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !<mail-mta/ssmtp-2.64-r2
- !>=mail-mta/ssmtp-2.64-r2[mta]
- !net-mail/mailwrapper
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
- epatch "${FILESDIR}"/exim-4.14-tail.patch
- epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
- epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
- epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
- epatch "${FILESDIR}"/exim-4.77-as-needed-ldflags.patch # 352265, 391279
- epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- epatch "${FILESDIR}"/exim-4.86-radius-type-fix.patch
- epatch "${FILESDIR}"/exim-4.86-radius-include.patch
- epatch "${FILESDIR}"/exim-4.86.2-TMPDIR.patch # 63420
-
- if use maildir ; then
- epatch "${FILESDIR}"/exim-4.20-maildir.patch
- else
- epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- sed -i.orig \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
- "${S}"/src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
- -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile
-
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # if we use libiconv, now is the time to tell so
- use !elibc_glibc && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- #
- # mail storage formats
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
-
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- cat >> Makefile <<- EOC
- USE_DB=yes
- DBMLIB=-ldb
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- #
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- else
- sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
- fi
-
- #
- # features
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- WITH_OLD_DEMIME=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- echo "SUPPORT_TLS=yes" >> Makefile
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls" >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- EOC
- fi
-
- #
- # experimental features
-
- # DANE
- if use dane; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DANE=yes
- EOC
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Transport post-delivery actions
- if use tpda; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_EVENT=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_PROXY=yes
- EOC
- fi
-
- # Delivery Sender Notifications
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake -j1 CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
- || die "make failed"
-}
-
-src_install () {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym /usr/sbin/exim /usr/bin/mailq
- dosym /usr/sbin/exim /usr/bin/newaliases
- dosym /usr/sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc "${S}"/doc/*
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dohtml -r "${WORKDIR}"/${PN}-html-${PV//rc/RC}/doc/html/spec_html/*
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- pamd_mimic system-auth exim auth account
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc9 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- dodir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
- einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
- einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
- fi
- use dane && einfo "DANE support is experimental"
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- use spf && einfo "SPF support is experimental"
- use srs && einfo "SRS support is experimental"
- if use dmarc ; then
- einfo "DMARC support is experimental. See global settings to"
- einfo "configure DMARC, for usage see the documentation at "
- einfo "experimental-spec.txt."
- fi
- use tpda && einfo "TPDA/EVENT support is experimental"
- use proxy && einfo "proxy support is experimental"
- if use dsn ; then
- einfo "Starting from Exim 4.83, DSN support comes from upstream."
- einfo "DSN support is an experimental feature. If you used DSN"
- einfo "support prior to 4.83, make sure to remove all dsn_process"
- einfo "switches from your routers, see https://bugs.gentoo.org/511818"
- fi
- einfo "Exim maintains some db files under its spool directory that need"
- einfo "cleaning from time to time. (${EROOT}var/spool/exim/db)"
- einfo "Please use the exim_tidydb tool as documented in the Exim manual:"
- einfo "http://www.exim.org/exim-html-current/doc/html/spec_html/ch-exim_utilities.html#SECThindatmai"
- einfo "For CVE-2016-1531, Exim introduced keep_environment and"
- einfo "add_environment flags. You might want to set them, see:"
- einfo "https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html"
-}
diff --git a/mail-mta/exim/files/exim-4.86-TMPDIR.patch b/mail-mta/exim/files/exim-4.86-TMPDIR.patch
deleted file mode 100644
index 7fb0a79..0000000
--- a/mail-mta/exim/files/exim-4.86-TMPDIR.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From c36cf51b85cfc86e46226c846914c8d915f9f3c0 Mon Sep 17 00:00:00 2001
-From: Alexander Tsoy <alexander@tsoy.me>
-Date: Tue, 2 Feb 2016 20:56:15 +0300
-Subject: [PATCH] Rename build-time option TMPDIR to EXIM_TMPDIR
-
----
- src/EDITME | 2 +-
- src/config.h.defaults | 2 +-
- src/exim.c | 12 ++++++------
- 3 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/EDITME b/src/EDITME
-index 30a296e..6afe0c7 100644
---- a/src/EDITME
-+++ b/src/EDITME
-@@ -1123,7 +1123,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
- # it replaces the value with what is defined here. Commenting this setting
- # suppresses the check altogether.
-
--TMPDIR="/tmp"
-+EXIM_TMPDIR="/tmp"
-
-
- #------------------------------------------------------------------------------
-diff --git a/src/config.h.defaults b/src/config.h.defaults
-index 14de083..c1cf1a9 100644
---- a/src/config.h.defaults
-+++ b/src/config.h.defaults
-@@ -150,7 +150,7 @@ it's a default value. */
-
- #define TCP_WRAPPERS_DAEMON_NAME "exim"
- #define TIMEZONE_DEFAULT
--#define TMPDIR
-+#define EXIM_TMPDIR
-
- #define TRANSPORT_APPENDFILE
- #define TRANSPORT_AUTOREPLY
-diff --git a/src/exim.c b/src/exim.c
-index ebc71dd..c134bf5 100644
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3899,20 +3899,20 @@ if (log_oneline)
- temporary files are created; Exim doesn't use these (apart from when delivering
- to MBX mailboxes), but called libraries such as DBM libraries may require them.
- If TMPDIR is found in the environment, reset it to the value defined in the
--TMPDIR macro, if this macro is defined. */
-+EXIM_TMPDIR macro, if this macro is defined. */
-
--#ifdef TMPDIR
-+#ifdef EXIM_TMPDIR
- {
- uschar **p;
- for (p = USS environ; *p != NULL; p++)
- {
- if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
-- Ustrcmp(*p+7, TMPDIR) != 0)
-+ Ustrcmp(*p+7, EXIM_TMPDIR) != 0)
- {
-- uschar *newp = malloc(Ustrlen(TMPDIR) + 8);
-- sprintf(CS newp, "TMPDIR=%s", TMPDIR);
-+ uschar *newp = malloc(Ustrlen(EXIM_TMPDIR) + 8);
-+ sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR);
- *p = newp;
-- DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", TMPDIR);
-+ DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR);
- }
- }
- }
---
-2.4.10
-
diff --git a/mail-mta/exim/files/exim-4.86-radius-include.patch b/mail-mta/exim/files/exim-4.86-radius-include.patch
deleted file mode 100644
index acff7fc..0000000
--- a/mail-mta/exim/files/exim-4.86-radius-include.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -urN exim-4.86.orig/src/auths/call_radius.c exim-4.86/src/auths/call_radius.c
---- exim-4.86.orig/src/auths/call_radius.c 2015-07-24 00:20:37.000000000 +0300
-+++ exim-4.86/src/auths/call_radius.c 2015-10-17 20:05:31.581240956 +0300
-@@ -38,7 +38,11 @@
- #if !defined(RADIUS_LIB_RADIUSCLIENT) && !defined(RADIUS_LIB_RADIUSCLIENTNEW)
- #define RADIUS_LIB_RADIUSCLIENT
- #endif
-+ #ifdef RADIUS_LIB_RADIUSCLIENTNEW
-+ #include <freeradius-client.h>
-+ #else
- #include <radiusclient.h>
-+ #endif
- #endif
-
-
diff --git a/mail-mta/exim/files/exim-4.86-radius-type-fix.patch b/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
deleted file mode 100644
index 3ff4722..0000000
--- a/mail-mta/exim/files/exim-4.86-radius-type-fix.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-commit 1b2adaee621f520aa640669a35c089c448294e9e
-Author: Alexander Tsoy <alexander@tsoy.me>
-Date: Sat Oct 17 20:39:10 2015 +0300
-
- Fix conflicting types errors in radius auth
-
- Was broken by commits 93a6fce2 and 55414b25
-
-diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
-index 2064ed2..1201078 100644
---- a/src/src/auths/call_radius.c
-+++ b/src/src/auths/call_radius.c
-@@ -60,10 +60,10 @@ Returns: OK if authentication succeeded
- */
-
- int
--auth_call_radius(uschar *s, uschar **errptr)
-+auth_call_radius(const uschar *s, uschar **errptr)
- {
- uschar *user;
--uschar *radius_args = s;
-+const uschar *radius_args = s;
- int result;
- int sep = 0;
-
diff --git a/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch b/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
deleted file mode 100644
index 9c05a24..0000000
--- a/mail-mta/exim/files/exim-4.86.2-TMPDIR.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-Adapted for 4.86.2
-
-From c36cf51b85cfc86e46226c846914c8d915f9f3c0 Mon Sep 17 00:00:00 2001
-From: Alexander Tsoy <alexander@tsoy.me>
-Date: Tue, 2 Feb 2016 20:56:15 +0300
-Subject: [PATCH] Rename build-time option TMPDIR to EXIM_TMPDIR
-
----
- src/EDITME | 2 +-
- src/config.h.defaults | 2 +-
- src/exim.c | 12 ++++++------
- 3 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/EDITME b/src/EDITME
-index 30a296e..6afe0c7 100644
---- a/src/EDITME
-+++ b/src/EDITME
-@@ -1123,7 +1123,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
- # it replaces the value with what is defined here. Commenting this setting
- # suppresses the check altogether.
-
--TMPDIR="/tmp"
-+EXIM_TMPDIR="/tmp"
-
-
- #------------------------------------------------------------------------------
-diff --git a/src/config.h.defaults b/src/config.h.defaults
-index 14de083..c1cf1a9 100644
---- a/src/config.h.defaults
-+++ b/src/config.h.defaults
-@@ -150,7 +150,7 @@ it's a default value. */
-
- #define TCP_WRAPPERS_DAEMON_NAME "exim"
- #define TIMEZONE_DEFAULT
--#define TMPDIR
-+#define EXIM_TMPDIR
-
- #define TRANSPORT_APPENDFILE
- #define TRANSPORT_AUTOREPLY
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3887,20 +3887,20 @@
- temporary files are created; Exim doesn't use these (apart from when delivering
- to MBX mailboxes), but called libraries such as DBM libraries may require them.
- If TMPDIR is found in the environment, reset it to the value defined in the
--TMPDIR macro, if this macro is defined. */
-+EXIM_TMPDIR macro, if this macro is defined. */
-
--#ifdef TMPDIR
-+#ifdef EXIM_TMPDIR
- {
- uschar **p;
- if (environ) for (p = USS environ; *p != NULL; p++)
- {
- if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
-- Ustrcmp(*p+7, TMPDIR) != 0)
-+ Ustrcmp(*p+7, EXIM_TMPDIR) != 0)
- {
-- uschar *newp = malloc(Ustrlen(TMPDIR) + 8);
-- sprintf(CS newp, "TMPDIR=%s", TMPDIR);
-+ uschar *newp = malloc(Ustrlen(EXIM_TMPDIR) + 8);
-+ sprintf(CS newp, "TMPDIR=%s", EXIM_TMPDIR);
- *p = newp;
-- DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", TMPDIR);
-+ DEBUG(D_any) debug_printf("reset TMPDIR=%s in environment\n", EXIM_TMPDIR);
- }
- }
- }
diff --git a/mail-mta/exim/files/exim.rc8 b/mail-mta/exim/files/exim.rc8
deleted file mode 100644
index c88750b..0000000
--- a/mail-mta/exim/files/exim.rc8
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-extra_started_commands="reload"
-
-depend() {
- need logger
- use antivirus net
- provide mta
-}
-
-start() {
- ebegin "Starting ${SVCNAME}"
- start-stop-daemon --start --exec /usr/sbin/exim --pidfile /run/${SVCNAME}.pid -- -C /etc/exim/${SVCNAME}.conf ${EXIM_OPTS:--bd -q15m}
- eend $?
-}
-
-stop() {
- ebegin "Stopping ${SVCNAME}"
- start-stop-daemon --stop --pidfile /run/${SVCNAME}.pid --name exim
- eend $?
-}
-
-reload() {
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP --pidfile /run/${SVCNAME}.pid --name exim
- eend $?
-}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-03-11 7:58 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-03-11 7:58 UTC (permalink / raw
To: gentoo-commits
commit: 12942acaa4b53ec62de0112ecda4fb24e7386312
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 11 07:58:35 2017 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sat Mar 11 07:58:35 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12942aca
mail-mta/exim: remove bashisms from init-script, bug #612262
Package-Manager: Portage-2.3.3, Repoman-2.3.1
mail-mta/exim/exim-4.89.ebuild | 2 +-
mail-mta/exim/files/exim.rc10 | 47 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/mail-mta/exim/exim-4.89.ebuild b/mail-mta/exim/exim-4.89.ebuild
index 5a527a41b49..562c9d8ef25 100644
--- a/mail-mta/exim/exim-4.89.ebuild
+++ b/mail-mta/exim/exim-4.89.ebuild
@@ -490,7 +490,7 @@ src_install () {
insinto /etc/logrotate.d
newins "${FILESDIR}/exim.logrotate" exim
- newinitd "${FILESDIR}"/exim.rc9 exim
+ newinitd "${FILESDIR}"/exim.rc10 exim
newconfd "${FILESDIR}"/exim.confd exim
systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
diff --git a/mail-mta/exim/files/exim.rc10 b/mail-mta/exim/files/exim.rc10
new file mode 100644
index 00000000000..c44dba16ce2
--- /dev/null
+++ b/mail-mta/exim/files/exim.rc10
@@ -0,0 +1,47 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload"
+
+depend() {
+ need logger
+ use antivirus net
+ provide mta
+}
+
+tidy_dbs() {
+ local spooldir=$(/usr/sbin/exim -C /etc/exim/${SVCNAME}.conf -bP -n spool_directory)
+ local db
+ local ret=0
+ ebegin "Tidying hints databases in ${spooldir}/db"
+ for db in "${spooldir}"/db/* ; do
+ case "${db}" in
+ *".lockfile"|*"*") continue ;;
+ esac
+ /usr/sbin/exim_tidydb ${TIDY_OPTS} "${spooldir}" ${db##*/} > /dev/null
+ : $((ret += $?))
+ done
+ eend ${ret}
+}
+
+start() {
+ # if you use multiple instances, make sure you set spool_directory
+ # in the configfile
+ tidy_dbs
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec /usr/sbin/exim --pidfile /run/${SVCNAME}.pid -- -C /etc/exim/${SVCNAME}.conf ${EXIM_OPTS:--bd -q15m}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --pidfile /run/${SVCNAME}.pid --name exim
+ eend $?
+}
+
+reload() {
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP --pidfile /run/${SVCNAME}.pid --name exim
+ eend $?
+}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-06-19 16:06 Thomas Deutschmann
0 siblings, 0 replies; 26+ messages in thread
From: Thomas Deutschmann @ 2017-06-19 16:06 UTC (permalink / raw
To: gentoo-commits
commit: 81618852a1f9d12b4aeea8a85b9d0f37f81f05b9
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 19 16:06:14 2017 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 19 16:06:32 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81618852
mail-mta/exim: Rev bump to add patch for CVE-2017-1000369 (bug #622212)
Package-Manager: Portage-2.3.5, Repoman-2.3.2
mail-mta/exim/exim-4.89-r1.ebuild | 529 +++++++++++++++++++++
.../exim/files/exim-4.89-CVE-2017-1000369.patch | 58 +++
2 files changed, 587 insertions(+)
diff --git a/mail-mta/exim/exim-4.89-r1.ebuild b/mail-mta/exim/exim-4.89-r1.ebuild
new file mode 100644
index 00000000000..0d1ab8856b6
--- /dev/null
+++ b/mail-mta/exim/exim-4.89-r1.ebuild
@@ -0,0 +1,529 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
+REQUIRED_USE="
+ dane? ( !gnutls )
+ dmarc? ( spf dkim )
+ pkcs11? ( gnutls )
+ spf? ( exiscan-acl )
+ srs? ( exiscan-acl )
+"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ >=sys-libs/db-3.2:=
+ dev-libs/libpcre
+ perl? ( dev-lang/perl:= )
+ pam? ( virtual/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ gnutls? ( net-libs/gnutls[pkcs11?]
+ dev-libs/libtasn1 )
+ ldap? ( >=net-nds/openldap-2.0.7 )
+ nis? ( elibc_glibc? ( || (
+ <sys-libs/glibc-2.23
+ >=sys-libs/glibc-2.23[rpc]
+ ) ) )
+ mysql? ( virtual/libmysqlclient )
+ postgres? ( dev-db/postgresql:= )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc )
+ srs? ( mail-filter/libsrs_alt )
+ X? ( x11-proto/xproto
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libiconv
+ "
+ # added X check for #57206
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/mini-qmail
+ !<mail-mta/msmtp-1.4.19-r1
+ !>=mail-mta/msmtp-1.4.19-r1[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/qmail-ldap
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]
+ !net-mail/mailwrapper
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+ epatch "${FILESDIR}"/exim-4.14-tail.patch
+ epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+ epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+ epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
+
+ if use maildir ; then
+ epatch "${FILESDIR}"/exim-4.20-maildir.patch
+ else
+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ eapply_user
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ sed -i.orig \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+ "${S}"/src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile
+
+ if use elibc_musl; then
+ sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+ -i OS/Makefile-Linux
+ fi
+
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ EOC
+
+ # if we use libiconv, now is the time to tell so
+ use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ #
+ # mail storage formats
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ DBMLIB=-ldb
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ #
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ else
+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+ fi
+
+ #
+ # features
+
+ # content scanning support
+ if use exiscan-acl; then
+ cat >> Makefile <<- EOC
+ WITH_CONTENT_SCAN=yes
+ WITH_OLD_DEMIME=yes
+ EOC
+ fi
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ echo "SUPPORT_TLS=yes" >> Makefile
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls" >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ EOC
+ fi
+
+ #
+ # experimental features
+
+ # DANE
+ if use dane; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DANE=yes
+ EOC
+ fi
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SRS=yes
+ EXTRALIBS_EXIM += -lsrs_alt
+ EOC
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use tpda; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_EVENT=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_PROXY=yes
+ EOC
+ fi
+
+ # Delivery Sender Notifications
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+ || die "make failed"
+}
+
+src_install () {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym /usr/sbin/exim /usr/bin/mailq
+ dosym /usr/sbin/exim /usr/bin/newaliases
+ dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc "${S}"/doc/*
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ if use exiscan-acl; then
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
+ fi
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ pamd_mimic system-auth exim auth account
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc10 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+ dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+ fi
+ use dane && einfo "DANE support is experimental"
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use spf && einfo "SPF support is experimental"
+ use srs && einfo "SRS support is experimental"
+ if use dmarc ; then
+ einfo "DMARC support is experimental. See global settings to"
+ einfo "configure DMARC, for usage see the documentation at "
+ einfo "experimental-spec.txt."
+ fi
+ use tpda && einfo "TPDA/EVENT support is experimental"
+ use proxy && einfo "proxy support is experimental"
+ use dsn && einfo "DSN support is experimental"
+ elog "The obsolete acl condition 'demime' is removed, the replacements"
+ elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}
diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch
new file mode 100644
index 00000000000..c3d976a2b90
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch
@@ -0,0 +1,58 @@
+CVE-2017-1000369
+
+https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
+
+--- a/doc/exim.8
++++ b/doc/exim.8
+@@ -1350,7 +1350,7 @@ option sets the received protocol value that is stored in
+ or \fB\-bs\fP is used. For \fB\-bh\fP, the protocol is forced to one of the standard
+ SMTP protocol names. For \fB\-bs\fP, the protocol is always "local\-" followed by
+ one of those same names. For \fB\-bS\fP (batched SMTP) however, the protocol can
+-be set by \fB\-oMr\fP.
++be set by \fB\-oMr\fP. Repeated use of this option is not supported.
+ .TP 10
+ \fB\-oMs\fP <\fIhost name\fP>
+ See \fB\-oMa\fP above for general remarks about the \fB\-oM\fP options. The \fB\-oMs\fP
+@@ -1418,6 +1418,7 @@ host name and its colon can be omitted when only the protocol is to be set.
+ Note the Exim already has two private options, \fB\-pd\fP and \fB\-ps\fP, that refer
+ to embedded Perl. It is therefore impossible to set a protocol value of d
+ or s using this option (but that does not seem a real limitation).
++Repeated use of this option is not supported.
+ .TP 10
+ \fB\-q\fP
+ This option is normally restricted to admin users. However, there is a
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3092,7 +3092,14 @@ for (i = 1; i < argc; i++)
+
+ /* -oMr: Received protocol */
+
+- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
++ else if (Ustrcmp(argrest, "Mr") == 0)
++
++ if (received_protocol)
++ {
++ fprintf(stderr, "received_protocol is set already\n");
++ exit(EXIT_FAILURE);
++ }
++ else received_protocol = argv[++i];
+
+ /* -oMs: Set sender host name */
+
+@@ -3188,7 +3195,15 @@ for (i = 1; i < argc; i++)
+
+ if (*argrest != 0)
+ {
+- uschar *hn = Ustrchr(argrest, ':');
++ uschar *hn;
++
++ if (received_protocol)
++ {
++ fprintf(stderr, "received_protocol is set already\n");
++ exit(EXIT_FAILURE);
++ }
++
++ hn = Ustrchr(argrest, ':');
+ if (hn == NULL)
+ {
+ received_protocol = argrest;
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-09-20 6:47 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-09-20 6:47 UTC (permalink / raw
To: gentoo-commits
commit: a28012017468408c57306f590e3fb254d8746dd2
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 20 06:47:22 2017 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Sep 20 06:47:22 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2801201
mail-mta/exim: add backport for crash on remote server behaviour
Package-Manager: Portage-2.3.8, Repoman-2.3.1
mail-mta/exim/exim-4.89-r2.ebuild | 529 +++++++++++++++++++++
.../exim/files/exim-4.89-transport-crash.patch | 62 +++
2 files changed, 591 insertions(+)
diff --git a/mail-mta/exim/exim-4.89-r2.ebuild b/mail-mta/exim/exim-4.89-r2.ebuild
new file mode 100644
index 00000000000..1f2228c4f0c
--- /dev/null
+++ b/mail-mta/exim/exim-4.89-r2.ebuild
@@ -0,0 +1,529 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils toolchain-funcs multilib pam systemd
+
+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
+REQUIRED_USE="
+ dane? ( !gnutls )
+ dmarc? ( spf dkim )
+ pkcs11? ( gnutls )
+ spf? ( exiscan-acl )
+ srs? ( exiscan-acl )
+"
+
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ >=sys-libs/db-3.2:=
+ dev-libs/libpcre
+ perl? ( dev-lang/perl:= )
+ pam? ( virtual/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ gnutls? ( net-libs/gnutls[pkcs11?]
+ dev-libs/libtasn1 )
+ ldap? ( >=net-nds/openldap-2.0.7 )
+ nis? ( elibc_glibc? ( || (
+ <sys-libs/glibc-2.23
+ >=sys-libs/glibc-2.23[rpc]
+ ) ) )
+ mysql? ( virtual/libmysqlclient )
+ postgres? ( dev-db/postgresql:= )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc )
+ srs? ( mail-filter/libsrs_alt )
+ X? ( x11-proto/xproto
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libiconv
+ "
+ # added X check for #57206
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/mini-qmail
+ !<mail-mta/msmtp-1.4.19-r1
+ !>=mail-mta/msmtp-1.4.19-r1[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/qmail-ldap
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]
+ !net-mail/mailwrapper
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+ epatch "${FILESDIR}"/exim-4.14-tail.patch
+ epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+ epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+ epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
+ epatch "${FILESDIR}"/${P}-transport-crash.patch # from git/in next release
+
+ if use maildir ; then
+ epatch "${FILESDIR}"/exim-4.20-maildir.patch
+ else
+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ eapply_user
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ sed -i.orig \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+ "${S}"/src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile
+
+ if use elibc_musl; then
+ sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+ -i OS/Makefile-Linux
+ fi
+
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ EOC
+
+ # if we use libiconv, now is the time to tell so
+ use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ #
+ # mail storage formats
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ DBMLIB=-ldb
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ #
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ else
+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+ fi
+
+ #
+ # features
+
+ # content scanning support
+ if use exiscan-acl; then
+ cat >> Makefile <<- EOC
+ WITH_CONTENT_SCAN=yes
+ WITH_OLD_DEMIME=yes
+ EOC
+ fi
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ echo "SUPPORT_TLS=yes" >> Makefile
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls" >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PROXY=yes
+ EOC
+ fi
+
+ #
+ # experimental features
+
+ # DANE
+ if use dane; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DANE=yes
+ EOC
+ fi
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SRS=yes
+ EXTRALIBS_EXIM += -lsrs_alt
+ EOC
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use tpda; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_EVENT=yes
+ EOC
+ fi
+
+ # Delivery Sender Notifications
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+ || die "make failed"
+}
+
+src_install () {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym /usr/sbin/exim /usr/bin/mailq
+ dosym /usr/sbin/exim /usr/bin/newaliases
+ dosym /usr/sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc "${S}"/doc/*
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ if use exiscan-acl; then
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
+ fi
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ pamd_mimic system-auth exim auth account
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc10 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+ dodir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+ fi
+ use dane && einfo "DANE support is experimental"
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use spf && einfo "SPF support is experimental"
+ use srs && einfo "SRS support is experimental"
+ if use dmarc ; then
+ einfo "DMARC support is experimental. See global settings to"
+ einfo "configure DMARC, for usage see the documentation at "
+ einfo "experimental-spec.txt."
+ fi
+ use tpda && einfo "TPDA/EVENT support is experimental"
+ use dsn && einfo "DSN support is experimental"
+ elog "The obsolete acl condition 'demime' is removed, the replacements"
+ elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}
diff --git a/mail-mta/exim/files/exim-4.89-transport-crash.patch b/mail-mta/exim/files/exim-4.89-transport-crash.patch
new file mode 100644
index 00000000000..94a1d6b1552
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-transport-crash.patch
@@ -0,0 +1,62 @@
+This is a manual backport of the following commit which fixes the
+original bug as well as https://bugs.exim.org/show_bug.cgi?id=2166:
+
+From e69636bc9ddf3617be688b07941d7d659d50eaa7 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sat, 3 Jun 2017 13:39:18 +0100
+Subject: [PATCH 1/1] Fix crash in transport, on second smtp-connect fail for a
+ list of target hosts
+
+Reported as the sequence:
+ 1MX: 554 on connect (banner)
+ 2MX: TCP conn timeout
+
+diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
+index 454c0f7..dc9e03b 100644
+--- a/src/src/transports/smtp.c
++++ b/src/src/transports/smtp.c
+@@ -2177,25 +2177,34 @@ return OK;
+
+ /* The failure happened while setting up the call; see if the failure was
+ a 5xx response (this will either be on connection, or following HELO - a 5xx
+- after EHLO causes it to try HELO). If so, fail all addresses, as this host is
+- never going to accept them. For other errors during setting up (timeouts or
+- whatever), defer all addresses, and yield DEFER, so that the host is not
+- tried again for a while. */
++ after EHLO causes it to try HELO). If so, and there are no more hosts to try,
++ fail all addresses, as this host is never going to accept them. For other
++ errors during setting up (timeouts or whatever), defer all addresses, and
++ yield DEFER, so that the host is not tried again for a while.
++
++ XXX This peeking for another host feels like a layering violation. We want
++ to note the host as unusable, but down here we shouldn't know if this was
++ the last host to try for the addr(list). Perhaps the upper layer should be
++ the one to do set_errno() ? The problem is that currently the addr is where
++ errno etc. are stashed, but until we run out of hosts to try the errors are
++ host-specific. Maybe we should enhance the host_item definition? */
+
+ FAILED:
+ sx->ok = FALSE; /* For when reached by GOTO */
+-
+- yield = code == '5'
++ set_errno(sx->addrlist, errno, message,
++ sx->host->next
++ ? DEFER
++ : code == '5'
+ #ifdef SUPPORT_I18N
+- || errno == ERRNO_UTF8_FWD
++ || errno == ERRNO_UTF8_FWD
+ #endif
+- ? FAIL : DEFER;
+-
+- set_errno(sx->addrlist, errno, message, yield, pass_message, sx->host
++ ? FAIL : DEFER,
++ pass_message, sx->host
+ #ifdef EXPERIMENTAL_DSN_INFO
+ , sx->smtp_greeting, sx->helo_response
+ #endif
+ );
++ yield = DEFER;
+ }
+
+
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-10-05 13:39 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-10-05 13:39 UTC (permalink / raw
To: gentoo-commits
commit: 1a5cdd9ceb1e3b02e4076b9033b54fa980083e24
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 5 13:37:33 2017 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Thu Oct 5 13:37:33 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a5cdd9c
mail-mta/exim: cleanupsecurity affected version, bug #622212
Package-Manager: Portage-2.3.8, Repoman-2.3.3
mail-mta/exim/Manifest | 2 -
mail-mta/exim/exim-4.88.ebuild | 528 ---------------------
.../exim/files/exim-4.88-as-needed-ldflags.patch | 145 ------
mail-mta/exim/files/exim.rc9 | 45 --
4 files changed, 720 deletions(-)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 85e003d0642..bfccbae830e 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,5 +1,3 @@
-DIST exim-4.88.tar.bz2 1824610 SHA256 119d5fd7e31fc224e84dfa458fe182f200856bae7adf852a8287c242161f8a2d SHA512 ea094bf703628c201de119fc5f09539475e52158e935f8f2a9e4138c4a1bfe885017145c3cc5e22aa9087b195091955c69385ebf1ea0baec64ed5c1b8e3b1caf WHIRLPOOL d2d8c404217fcc5bbc7bc18500456f2709a099b0a31d4930343b836c35c62e3914fa1c686ea7d9ba5eea95f0caab13c3b76c1508eda74cb75dabb0d61472428e
DIST exim-4.89.tar.bz2 1844430 SHA256 912f2ee03c8dba06a3a4c0ee40522d367e1b65dc59e38dfcc1f5d9eecff51ab0 SHA512 1e059966a93b47f055ab4ec2a4556f2c918aff56ea0367585f3a853f00411e9c275e13be4f9ae615a468fa06263135cd6a138fa1753f1b7fb3259a3321fcca65 WHIRLPOOL d0b30cde5cf2dbe278d393eae70e40a3861a153a2411f98f73a7ae43881032cc3e0f15163b09e17d61c09e673c2e766371c80533908af3460f483a5c18dff80f
-DIST exim-pdf-4.88.tar.bz2 1922494 SHA256 33736fafb45c5922fcbc0def7626f46cb74927987b78943aa26949ef30789574 SHA512 8c4f580fa319c0285bcb49056ecd72b056cbbfa287a15a4d856965b4218469c85607ec7321ae0f2ba3be868f05a70a7fb8a77d5836a574417e6bffc64720bee5 WHIRLPOOL 7e3e65c58cc9a313d3440de6b79ed4f113ea265e39201aa2d36c091037c2b20718bd49f04e99f2aa029a20d238cd21178762e2ba6b470596309e83fb3ffc542b
DIST exim-pdf-4.89.tar.bz2 1924606 SHA256 17d70ef5b2814f725633efcf339bcb49ac9564ecd648e0e3d010b5e43d6c167d SHA512 b04ea2e4dcdb1aaf52ef77ccd76e6599c68c4c6e5a98090720dbd3c50f7191bf3f6cd7dc2089a765c47576311780809cff547f85f004caec411d0f1ac9985299 WHIRLPOOL 4ab5bc7bdbbfc998ae7ee63f19449d051a1d7183f9b70297db100f44b82df2cca0853c309ddfccafee2d44cd1228258e06628ed82dab76de851bec856321c58f
DIST system_filter.exim.gz 3075 SHA256 3a3471b486a09e0a0153f7b520e1eaf26d21b97d73ea8348bdc593c00eb1e437 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 WHIRLPOOL ce68d9c18b24eca3ef97ea810964cc1ada5f85b795a7c432ad39b5788188a16419101c92fb52b418738d760e1d658f7a41485e5561079a667d84d276c71be5a4
diff --git a/mail-mta/exim/exim-4.88.ebuild b/mail-mta/exim/exim-4.88.ebuild
deleted file mode 100644
index 767a7dd9736..00000000000
--- a/mail-mta/exim/exim-4.88.ebuild
+++ /dev/null
@@ -1,528 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eutils toolchain-funcs multilib pam systemd
-
-IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
-REQUIRED_USE="
- dane? ( !gnutls )
- dmarc? ( spf dkim )
- pkcs11? ( gnutls )
- spf? ( exiscan-acl )
- srs? ( exiscan-acl )
-"
-
-COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="hppa" # 622212
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- >=sys-libs/db-3.2:=
- dev-libs/libpcre
- perl? ( dev-lang/perl:= )
- pam? ( virtual/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- gnutls? ( net-libs/gnutls[pkcs11?]
- dev-libs/libtasn1 )
- ldap? ( >=net-nds/openldap-2.0.7 )
- nis? ( elibc_glibc? ( || (
- <sys-libs/glibc-2.23
- >=sys-libs/glibc-2.23[rpc]
- ) ) )
- mysql? ( virtual/libmysqlclient )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc )
- srs? ( mail-filter/libsrs_alt )
- X? ( x11-proto/xproto
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libiconv
- "
- # added X check for #57206
-DEPEND="${COMMON_DEPEND}
- virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/mini-qmail
- !<mail-mta/msmtp-1.4.19-r1
- !>=mail-mta/msmtp-1.4.19-r1[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/qmail-ldap
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !<mail-mta/ssmtp-2.64-r2
- !>=mail-mta/ssmtp-2.64-r2[mta]
- !net-mail/mailwrapper
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
- epatch "${FILESDIR}"/exim-4.14-tail.patch
- epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
- epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
- epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
- epatch "${FILESDIR}"/exim-4.88-as-needed-ldflags.patch # 352265, 391279
- epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
- if use maildir ; then
- epatch "${FILESDIR}"/exim-4.20-maildir.patch
- else
- epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- sed -i.orig \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
- "${S}"/src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
- -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile
-
- if use elibc_musl; then
- sed -e 's/^LIBS = -lnsl/LIBS =/g' \
- -i OS/Makefile-Linux
- fi
-
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # if we use libiconv, now is the time to tell so
- use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- #
- # mail storage formats
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
-
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- cat >> Makefile <<- EOC
- USE_DB=yes
- DBMLIB=-ldb
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- #
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- else
- sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
- fi
-
- #
- # features
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- WITH_OLD_DEMIME=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- echo "SUPPORT_TLS=yes" >> Makefile
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls" >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- EOC
- fi
-
- #
- # experimental features
-
- # DANE
- if use dane; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DANE=yes
- EOC
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Transport post-delivery actions
- if use tpda; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_EVENT=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_PROXY=yes
- EOC
- fi
-
- # Delivery Sender Notifications
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
- || die "make failed"
-}
-
-src_install () {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym /usr/sbin/exim /usr/bin/mailq
- dosym /usr/sbin/exim /usr/bin/newaliases
- dosym /usr/sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc "${S}"/doc/*
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- pamd_mimic system-auth exim auth account
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc9 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- dodir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
- einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
- einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
- fi
- use dane && einfo "DANE support is experimental"
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- use spf && einfo "SPF support is experimental"
- use srs && einfo "SRS support is experimental"
- if use dmarc ; then
- einfo "DMARC support is experimental. See global settings to"
- einfo "configure DMARC, for usage see the documentation at "
- einfo "experimental-spec.txt."
- fi
- use tpda && einfo "TPDA/EVENT support is experimental"
- use proxy && einfo "proxy support is experimental"
- use dsn && einfo "DSN support is experimental"
- elog "The obsolete acl condition 'demime' is removed, the replacements"
- elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
-}
diff --git a/mail-mta/exim/files/exim-4.88-as-needed-ldflags.patch b/mail-mta/exim/files/exim-4.88-as-needed-ldflags.patch
deleted file mode 100644
index a733ca09c2a..00000000000
--- a/mail-mta/exim/files/exim-4.88-as-needed-ldflags.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-https://bugs.gentoo.org/show_bug.cgi?id=352265
-
-Make sure LDFLAGS comes first, such that all libraries are considered,
-and not discarded when --as-needed is in effect.
-
-https://bugs.gentoo.org/show_bug.cgi?id=391279
-
-Use LDFLAGS for all targets, not just the exim binary, such that
---as-needed works as well.
-
-
---- OS/Makefile-Base
-+++ OS/Makefile-Base
-@@ -346,12 +346,12 @@
- buildrouters buildtransports \
- $(OBJ_EXIM) version.o
- @echo "$(LNCC) -o exim"
-- $(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
-+ $(FE)$(PURIFY) $(LNCC) -o exim $(LDFLAGS) $(OBJ_EXIM) version.o \
- routers/routers.a transports/transports.a lookups/lookups.a \
- auths/auths.a pdkim/pdkim.a \
- $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
- $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
-- $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
-+ $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim; \
- $(STRIP_COMMAND) exim; \
-@@ -367,8 +367,8 @@
-
- exim_dumpdb: $(OBJ_DUMPDB)
- @echo "$(LNCC) -o exim_dumpdb"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
-- $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LDFLAGS) $(OBJ_DUMPDB) \
-+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_dumpdb; \
- $(STRIP_COMMAND) exim_dumpdb; \
-@@ -382,8 +382,8 @@
-
- exim_fixdb: $(OBJ_FIXDB) buildauths
- @echo "$(LNCC) -o exim_fixdb"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
-- auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \
-+ auths/auths.a $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_fixdb; \
- $(STRIP_COMMAND) exim_fixdb; \
-@@ -397,8 +397,8 @@
-
- exim_tidydb: $(OBJ_TIDYDB)
- @echo "$(LNCC) -o exim_tidydb"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
-- $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LDFLAGS) $(OBJ_TIDYDB) \
-+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_tidydb; \
- $(STRIP_COMMAND) exim_tidydb; \
-@@ -410,8 +410,8 @@
-
- exim_dbmbuild: exim_dbmbuild.o
- @echo "$(LNCC) -o exim_dbmbuild"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
-- $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LDFLAGS) exim_dbmbuild.o \
-+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_dbmbuild; \
- $(STRIP_COMMAND) exim_dbmbuild; \
-@@ -425,8 +425,8 @@
- @echo "$(CC) exim_lock.c"
- $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
- @echo "$(LNCC) -o exim_lock"
-- $(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o \
-- $(LIBS) $(EXTRALIBS)
-+ $(FE)$(LNCC) -o exim_lock $(LDFLAGS) exim_lock.o \
-+ $(LIBS) $(EXTRALIBS) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_lock; \
- $(STRIP_COMMAND) exim_lock; \
-@@ -462,9 +462,9 @@
- $(FE)$(CC) -o em_version.o -c \
- $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
- @echo "$(LNCC) -o eximon.bin"
-- $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
-+ $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LDFLAGS) $(XLFLAGS) \
- $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
-- $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
-+ $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) eximon.bin; \
- $(STRIP_COMMAND) eximon.bin; \
-@@ -779,9 +779,9 @@
- test_dbfn: config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \
- string.o tod.o version.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
-- $(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
-+ $(LNCC) -o test_dbfn $(LDFLAGS) dbfn.o \
- dummies.o sa-globals.o sa-os.o store.o string.o \
-- tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
-+ tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LFLAGS)
- rm -f dbfn.o
-
- test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
-@@ -790,29 +790,29 @@
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
-- $(LNCC) -o test_host $(LFLAGS) \
-+ $(LNCC) -o test_host $(LDFLAGS) \
- host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
-- tod.o tree.o $(LIBS) $(LIBRESOLV)
-+ tod.o tree.o $(LIBS) $(LIBRESOLV) $(LFLAGS)
- rm -f child.o dummies.o host.o dns.o
-
- test_os: os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
-- $(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
-- sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+ $(LNCC) -o test_os $(LDFLAGS) os.o dummies.o \
-+ sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LFLAGS)
- rm -f os.o
-
- test_parse: config.h parse.c dummies.o sa-globals.o \
- store.o string.o tod.o version.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
-- $(LNCC) -o test_parse $(LFLAGS) parse.o \
-+ $(LNCC) -o test_parse $(LDFLAGS) parse.o \
- dummies.o sa-globals.o store.o string.o tod.o version.o \
-- utf8.o $(LDFLAGS)
-+ utf8.o $(LFLAGS)
- rm -f parse.o
-
- test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
-- $(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
-- dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+ $(LNCC) -o test_string $(LDFLAGS) -DSTAND_ALONE string.o \
-+ dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LFLAGS)
- rm -f string.o
-
- # End
diff --git a/mail-mta/exim/files/exim.rc9 b/mail-mta/exim/files/exim.rc9
deleted file mode 100644
index ebc74115378..00000000000
--- a/mail-mta/exim/files/exim.rc9
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_started_commands="reload"
-
-depend() {
- need logger
- use antivirus net
- provide mta
-}
-
-tidy_dbs() {
- local spooldir=$(/usr/sbin/exim -C /etc/exim/${SVCNAME}.conf -bP -n spool_directory)
- local db
- local ret=0
- ebegin "Tidying hints databases in ${spooldir}/db"
- for db in "${spooldir}"/db/* ; do
- [[ ${db} == *".lockfile" || ${db} == *"*" ]] && continue
- /usr/sbin/exim_tidydb ${TIDY_OPTS} "${spooldir}" ${db##*/} > /dev/null
- : $((ret += $?))
- done
- eend ${ret}
-}
-
-start() {
- # if you use multiple instances, make sure you set spool_directory
- # in the configfile
- tidy_dbs
- ebegin "Starting ${SVCNAME}"
- start-stop-daemon --start --exec /usr/sbin/exim --pidfile /run/${SVCNAME}.pid -- -C /etc/exim/${SVCNAME}.conf ${EXIM_OPTS:--bd -q15m}
- eend $?
-}
-
-stop() {
- ebegin "Stopping ${SVCNAME}"
- start-stop-daemon --stop --pidfile /run/${SVCNAME}.pid --name exim
- eend $?
-}
-
-reload() {
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP --pidfile /run/${SVCNAME}.pid --name exim
- eend $?
-}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2017-10-08 9:24 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2017-10-08 9:24 UTC (permalink / raw
To: gentoo-commits
commit: c87c9d43f1e04c6f13067946c6cdb868667e4c2f
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 8 09:02:10 2017 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Oct 8 09:24:54 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c87c9d43
mail-mta/exim: add patch from upstream for crash in address expando
Package-Manager: Portage-2.3.8, Repoman-2.3.3
.../{exim-4.89-r2.ebuild => exim-4.89-r3.ebuild} | 1 +
.../files/exim-4.89-address-expando-crash.patch | 85 ++++++++++++++++++++++
2 files changed, 86 insertions(+)
diff --git a/mail-mta/exim/exim-4.89-r2.ebuild b/mail-mta/exim/exim-4.89-r3.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.89-r2.ebuild
rename to mail-mta/exim/exim-4.89-r3.ebuild
index 1f2228c4f0c..654084176e6 100644
--- a/mail-mta/exim/exim-4.89-r2.ebuild
+++ b/mail-mta/exim/exim-4.89-r3.ebuild
@@ -96,6 +96,7 @@ src_prepare() {
epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
epatch "${FILESDIR}"/${P}-transport-crash.patch # from git/in next release
+ epatch "${FILESDIR}"/${P}-address-expando-crash.patch # from git/in next release
if use maildir ; then
epatch "${FILESDIR}"/exim-4.20-maildir.patch
diff --git a/mail-mta/exim/files/exim-4.89-address-expando-crash.patch b/mail-mta/exim/files/exim-4.89-address-expando-crash.patch
new file mode 100644
index 00000000000..2a868490a42
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-address-expando-crash.patch
@@ -0,0 +1,85 @@
+ignoring parts which don't match due to repo reorg post release
+
+From 1b7cf216d933b395dee691f05becca4dd44b26f7 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Wed, 4 Oct 2017 22:25:45 +0200
+Subject: [PATCH] Check for proper output separator in expanding
+ ${addresses:STRING} (Closes 2171)
+
+Better yet would be to force setting the output separator literally,
+and not after expansion of the STRING. But this would be an incompatible
+change.
+---
+ doc/doc-docbook/spec.xfpt | 10 +++++++++-
+ src/src/expand.c | 8 +++++++-
+ test/scripts/0000-Basic/0002 | 1 +
+ test/stdout/0002 | 1 +
+ 4 files changed, 18 insertions(+), 2 deletions(-)
+
+ignored - diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
+ignored - index 4a8e1d0..c140945 100644
+ignored - --- a/doc/doc-docbook/spec.xfpt
+ignored - +++ b/doc/doc-docbook/spec.xfpt
+ignored - @@ -10118,7 +10118,15 @@ character. For example:
+ignored - .code
+ignored - ${addresses:>& Chief <ceo@up.stairs>, sec@base.ment (dogsbody)}
+ignored - .endd
+ignored - -expands to &`ceo@up.stairs&&sec@base.ment`&. Compare the &*address*& (singular)
+ignored - +expands to &`ceo@up.stairs&&sec@base.ment`&. The string is expanded
+ignored - +first, so if the expanded string starts with >, it may change the output
+ignored - +separator unintentionally. This can be avoided by setting the output
+ignored - +separator explicitly:
+ignored - +.code
+ignored - +${addresses:>:$h_from:}
+ignored - +.endd
+ignored - +
+ignored - +Compare the &*address*& (singular)
+ignored - expansion item, which extracts the working address from a single RFC2822
+ignored - address. See the &*filter*&, &*map*&, and &*reduce*& items for ways of
+ignored - processing lists.
+diff --git a/src/src/expand.c b/src/src/expand.c
+index 353b8ea..67b3d65 100644
+--- a/src/src/expand.c
++++ b/src/src/expand.c
+@@ -6797,7 +6797,13 @@ while (*s != 0)
+ int start, end, domain; /* Not really used */
+
+ while (isspace(*sub)) sub++;
+- if (*sub == '>') { *outsep = *++sub; ++sub; }
++ if (*sub == '>')
++ if (*outsep = *++sub) ++sub;
++ else {
++ expand_string_message = string_sprintf("output separator "
++ "missing in expanding ${addresses:%s}", --sub);
++ goto EXPAND_FAILED;
++ }
+ parse_allow_group = TRUE;
+
+ for (;;)
+ignored - diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002
+ignored - index cb0bb18..dd9cea2 100644
+ignored - --- a/test/scripts/0000-Basic/0002
+ignored - +++ b/test/scripts/0000-Basic/0002
+ignored - @@ -133,6 +133,7 @@ addresses: ${addresses:>+ Exim Person <local-part@dom.ain> (that's me),\
+ignored - addresses: ${addresses:Exim Person <local-part@dom.ain> (that's me), \
+ignored - xyz@abc, nullgroupname:;, group: p@q, r@s; }
+ignored - addresses: ${addresses:local-part@dom.ain <local-part@dom.ain>}
+ignored - +addresses: ${addresses:>}
+ignored -
+ignored - escape: ${escape:B7·F2ò}
+ignored - excape8bit: ${escape8bit:undisturbed text\ttab\nnewline\ttab\\backslash \176tilde\177DEL\200\x81.}
+ignored - diff --git a/test/stdout/0002 b/test/stdout/0002
+ignored - index 5593f06..1422289 100644
+ignored - --- a/test/stdout/0002
+ignored - +++ b/test/stdout/0002
+ignored - @@ -123,6 +123,7 @@
+ignored - > addresses: local-part@dom.ain+xyz@abc
+ignored - > addresses: local-part@dom.ain:xyz@abc:p@q:r@s
+ignored - > addresses:
+ignored - +> Failed: output separator missing in expanding ${addresses:>}
+ignored - >
+ignored - > escape: B7\267F2\362
+ignored - > excape8bit: undisturbed text tab
+--
+1.9.1
+
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2019-02-19 12:20 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2019-02-19 12:20 UTC (permalink / raw
To: gentoo-commits
commit: 85749f8757dad788e0a475affc9b77f4a722aac9
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 17 10:37:02 2019 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Feb 19 12:19:43 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85749f87
mail-mta/exim: version bump
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
mail-mta/exim/Manifest | 2 +
mail-mta/exim/exim-4.92.ebuild | 561 +++++++++++++++++++++
.../exim/files/exim-4.92-localscan_dlopen.patch | 267 ++++++++++
3 files changed, 830 insertions(+)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index a9d8a746f01..7195d5f1d29 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,3 +1,5 @@
DIST exim-4.91.tar.xz 1744660 BLAKE2B 8d50a709def02a52f8e76a16fcf51a4fc7e553217d5513a361aa780f58bff336a9ab90d8683e3841a074f54f3c75f2f77bf1a353a849be1207bffdd5fb6e4c51 SHA512 35b34dda8dd0f27c0429e6eb8409756ecd3cf9e535bac421d696b1560db0ff3bf4cd0e4a00bc0b7e32137d31bb5de20776c7c1830ec125aa36b5c4376b0c71a2
+DIST exim-4.92.tar.xz 1767136 BLAKE2B 6c97578807073a782112218c65de460cc94f046d807eddc7330f2f67266c0ef341ded61050a16aca13c88e606a923a9e08033c8bfb618a7ef34b3d2ea6db32ca SHA512 62c327e6184a358ba7f0dbc38b44d2537234be91727a5bfac97e74af64a8d77e376b3221dcfdd8f6eca7d812f9233595503dc6e50e2972bed40a1b74eb209c31
DIST exim-pdf-4.91.tar.xz 1973672 BLAKE2B 0b9e3f65c8e8a5f727dd4359d1c5c6c867c0ecfce3b44763d5a24f2d98353bc58c42456e9884994f404d17685909ea287a478189407ba8e7835352274c788980 SHA512 82add9b42749b6d938ff3b44a4dea3dfe84bcb2a1efea8a32b64d81a9ea312033d33023b5c224a44a2c053b18f9042bd1f2834847cf48873d1725a5594704a12
+DIST exim-pdf-4.92.tar.xz 2038812 BLAKE2B d5966a27f980a2ceb31293d92049a6691a08262bd20ae7315f41929f0d7a45b5d66c7000f9596b193e74d0c17f91c56a3262602047673c49649f1cad6b216547 SHA512 3a40818025fceaa7ac17f8e7ce06a61e3cf65267c821aea93e1a1a659782b047ab177b88a38c9b2271c0a296e1dc7939e23fe0f89415a11cd45693cb8af10c15
DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3
diff --git a/mail-mta/exim/exim-4.92.ebuild b/mail-mta/exim/exim-4.92.ebuild
new file mode 100644
index 00000000000..1b4f24e9a07
--- /dev/null
+++ b/mail-mta/exim/exim-4.92.ebuild
@@ -0,0 +1,561 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit db-use eutils toolchain-funcs multilib pam systemd
+
+IUSE="arc dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd +tpda X"
+REQUIRED_USE="
+ arc? ( dkim spf )
+ dane? ( ssl !gnutls )
+ dmarc? ( dkim spf )
+ gnutls? ( ssl )
+ pkcs11? ( ssl )
+ spf? ( exiscan-acl )
+ srs? ( exiscan-acl )
+"
+# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
+# for x86 and amd64 only, due to this, repoman won't allow depending on
+# gnutls[dane] for all else. Because we cannot express USE=dane when
+# USE=gnutls is in effect only in package.use.mask, the only option we
+# have left is to a) ignore the dependency (but that results in bug
+# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
+# incorrect, but b) is the only "correct" view from repoman.
+
+COMM_URI="https://downloads.exim.org/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.xz
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.xz )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ ( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
+ dev-libs/libpcre
+ idn? ( net-dns/libidn:= net-dns/libidn2:= )
+ perl? ( dev-lang/perl:= )
+ pam? ( virtual/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ gnutls? (
+ net-libs/gnutls:0=[pkcs11?]
+ dev-libs/libtasn1
+ )
+ ldap? ( >=net-nds/openldap-2.0.7 )
+ nis? (
+ elibc_glibc? (
+ net-libs/libtirpc
+ >=net-libs/libnsl-1:=
+ )
+ )
+ mysql? ( virtual/libmysqlclient )
+ postgres? ( dev-db/postgresql:= )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc )
+ srs? ( mail-filter/libsrs_alt )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libiconv
+ elibc_glibc? ( net-libs/libnsl )
+ "
+ # added X check for #57206
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/mini-qmail
+ !<mail-mta/msmtp-1.4.19-r1
+ !>=mail-mta/msmtp-1.4.19-r1[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/qmail-ldap
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]
+ !net-mail/mailwrapper
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+ epatch "${FILESDIR}"/exim-4.14-tail.patch
+ epatch "${FILESDIR}"/exim-4.92-localscan_dlopen.patch
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+ epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+
+ if use maildir ; then
+ epatch "${FILESDIR}"/exim-4.20-maildir.patch
+ else
+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ eapply_user
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ sed -i.orig \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+ "${S}"/src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile
+
+ if use elibc_musl; then
+ sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+ -i OS/Makefile-Linux
+ fi
+
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ EOC
+
+ # if we use libiconv, now is the time to tell so
+ use !elibc_glibc && use !elibc_musl && \
+ echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ # support i18n/IDNA
+ if use idn; then
+ cat >> Makefile <<- EOC
+ SUPPORT_I18N=yes
+ SUPPORT_I18N_2008=yes
+ EXTRALIBS_EXIM += -lidn -lidn2
+ EOC
+ fi
+
+ #
+ # mail storage formats
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ CFLAGS+=-I$(db_includedir ${DB_VERS})
+ DBMLIB=-l$(db_libname ${DB_VERS})
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ if use elibc_glibc ; then
+ cat >> Makefile <<- EOC
+ CFLAGS += -I/usr/include/tirpc
+ EOC
+ fi
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ #
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ else
+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+ fi
+
+ #
+ # features
+
+ # content scanning support
+ if use exiscan-acl; then
+ cat >> Makefile <<- EOC
+ WITH_CONTENT_SCAN=yes
+ EOC
+ fi
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use !tpda && use !dane; then
+ # EVENT is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_EVENT=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ echo "SUPPORT_TLS=yes" >> Makefile
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls" >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PROXY=yes
+ EOC
+ fi
+
+ # DANE
+ if use dane; then
+ cat >> Makefile <<- EOC
+ SUPPORT_DANE=yes
+ EOC
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ SUPPORT_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ #
+ # experimental features
+
+ # Authenticated Receive Chain
+ if use arc; then
+ echo "EXPERIMENTAL_ARC=yes">> Makefile
+ fi
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SRS=yes
+ EXTRALIBS_EXIM += -lsrs_alt
+ EOC
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Delivery Sender Notifications extra information in fail message
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN_INFO=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+ || die "make failed"
+}
+
+src_install () {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym ../sbin/exim /usr/bin/mailq
+ dosym ../sbin/exim /usr/bin/newaliases
+ dosym ../sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc "${S}"/doc/*
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ if use exiscan-acl; then
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
+ fi
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ pamd_mimic system-auth exim auth account
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc10 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+ keepdir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+ fi
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use srs && einfo "SRS support is experimental"
+ if use dmarc ; then
+ einfo "DMARC support is experimental. See global settings to"
+ einfo "configure DMARC, for usage see the documentation at "
+ einfo "experimental-spec.txt."
+ fi
+ use dsn && einfo "extra information in fail DSN message is experimental"
+ elog "The obsolete acl condition 'demime' is removed, the replacements"
+ elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}
diff --git a/mail-mta/exim/files/exim-4.92-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.92-localscan_dlopen.patch
new file mode 100644
index 00000000000..b52d2ad7b9c
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.92-localscan_dlopen.patch
@@ -0,0 +1,267 @@
+diff -ur exim-4.92.orig/src/config.h.defaults exim-4.92/src/config.h.defaults
+--- exim-4.92.orig/src/config.h.defaults 2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/config.h.defaults 2019-02-16 18:17:24.547216157 +0100
+@@ -32,6 +32,8 @@
+
+ #define AUTH_VARS 3
+
++#define DLOPEN_LOCAL_SCAN
++
+ #define BIN_DIRECTORY
+
+ #define CONFIGURE_FILE
+Only in exim-4.92/src: config.h.defaults.orig
+diff -ur exim-4.92.orig/src/EDITME exim-4.92/src/EDITME
+--- exim-4.92.orig/src/EDITME 2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/EDITME 2019-02-16 18:17:24.547216157 +0100
+@@ -824,6 +824,24 @@
+
+
+ #------------------------------------------------------------------------------
++# On systems which support dynamic loading of shared libraries, Exim can
++# load a local_scan function specified in its config file instead of having
++# to be recompiled with the desired local_scan function. For a full
++# description of the API to this function, see the Exim specification.
++
++DLOPEN_LOCAL_SCAN=yes
++
++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
++# linker flags. Without it, the loaded .so won't be able to access any
++# functions from exim.
++
++LFLAGS = -rdynamic
++ifeq ($(OSTYPE),Linux)
++LFLAGS += -ldl
++endif
++
++
++#------------------------------------------------------------------------------
+ # The default distribution of Exim contains only the plain text form of the
+ # documentation. Other forms are available separately. If you want to install
+ # the documentation in "info" format, first fetch the Texinfo documentation
+Only in exim-4.92/src: EDITME.orig
+diff -ur exim-4.92.orig/src/globals.c exim-4.92/src/globals.c
+--- exim-4.92.orig/src/globals.c 2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/globals.c 2019-02-16 18:17:24.549216150 +0100
+@@ -41,6 +41,10 @@
+
+ uschar *no_aliases = NULL;
+
++#ifdef DLOPEN_LOCAL_SCAN
++uschar *local_scan_path = NULL;
++#endif
++
+
+ /* For comments on these variables, see globals.h. I'm too idle to
+ duplicate them here... */
+Only in exim-4.92/src: globals.c.orig
+diff -ur exim-4.92.orig/src/globals.h exim-4.92/src/globals.h
+--- exim-4.92.orig/src/globals.h 2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/globals.h 2019-02-16 18:17:24.549216150 +0100
+@@ -152,6 +152,9 @@
+ extern int (*receive_ferror)(void);
+ extern BOOL (*receive_smtp_buffered)(void);
+
++#ifdef DLOPEN_LOCAL_SCAN
++extern uschar *local_scan_path; /* Path to local_scan() library */
++#endif
+
+ /* For clearing, saving, restoring address expansion variables. We have to have
+ the size of this vector set explicitly, because it is referenced from more than
+Only in exim-4.92/src: globals.h.orig
+diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
+--- exim-4.92.orig/src/local_scan.c 2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/local_scan.c 2019-02-16 18:29:56.832732592 +0100
+@@ -5,61 +5,131 @@
+ /* Copyright (c) University of Cambridge 1995 - 2009 */
+ /* See the file NOTICE for conditions of use and distribution. */
+
++#include "exim.h"
+
+-/******************************************************************************
+-This file contains a template local_scan() function that just returns ACCEPT.
+-If you want to implement your own version, you should copy this file to, say
+-Local/local_scan.c, and edit the copy. To use your version instead of the
+-default, you must set
+-
+-HAVE_LOCAL_SCAN=yes
+-LOCAL_SCAN_SOURCE=Local/local_scan.c
+-
+-in your Local/Makefile. This makes it easy to copy your version for use with
+-subsequent Exim releases.
+-
+-For a full description of the API to this function, see the Exim specification.
+-******************************************************************************/
+-
+-
+-/* This is the only Exim header that you should include. The effect of
+-including any other Exim header is not defined, and may change from release to
+-release. Use only the documented interface! */
+-
+-#include "local_scan.h"
+-
+-
+-/* This is a "do-nothing" version of a local_scan() function. The arguments
+-are:
+-
+- fd The file descriptor of the open -D file, which contains the
+- body of the message. The file is open for reading and
+- writing, but modifying it is dangerous and not recommended.
+-
+- return_text A pointer to an unsigned char* variable which you can set in
+- order to return a text string. It is initialized to NULL.
+-
+-The return values of this function are:
+-
+- LOCAL_SCAN_ACCEPT
+- The message is to be accepted. The return_text argument is
+- saved in $local_scan_data.
+-
+- LOCAL_SCAN_REJECT
+- The message is to be rejected. The returned text is used
+- in the rejection message.
+-
+- LOCAL_SCAN_TEMPREJECT
+- This specifies a temporary rejection. The returned text
+- is used in the rejection message.
+-*/
++#ifdef DLOPEN_LOCAL_SCAN
++#include <dlfcn.h>
++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
++static int load_local_scan_library(void);
++#endif
+
+ int
+ local_scan(int fd, uschar **return_text)
+ {
+ fd = fd; /* Keep picky compilers happy */
+ return_text = return_text;
+-return LOCAL_SCAN_ACCEPT;
++#ifdef DLOPEN_LOCAL_SCAN
++/* local_scan_path is defined AND not the empty string */
++if (local_scan_path && *local_scan_path)
++ {
++ if (!local_scan_fn)
++ {
++ if (!load_local_scan_library())
++ {
++ char *base_msg , *error_msg , *final_msg ;
++ int final_length = -1 ;
++
++ base_msg=US"Local configuration error - local_scan() library failure\n";
++ error_msg = dlerror() ;
++
++ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
++ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
++ *final_msg = '\0' ;
++
++ strcat( final_msg , base_msg ) ;
++ strcat( final_msg , error_msg ) ;
++
++ *return_text = final_msg ;
++ return LOCAL_SCAN_TEMPREJECT;
++ }
++ }
++ return local_scan_fn(fd, return_text);
++ }
++else
++#endif
++ return LOCAL_SCAN_ACCEPT;
++}
++
++#ifdef DLOPEN_LOCAL_SCAN
++
++static int load_local_scan_library(void)
++{
++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
++void *local_scan_lib = NULL;
++int (*local_scan_version_fn)(void);
++int vers_maj;
++int vers_min;
++
++local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
++if (!local_scan_lib)
++ {
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
++ "message temporarily rejected");
++ return FALSE;
++ }
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_major() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The major number is increased when the ABI is changed in a non
++ backward compatible way. */
++vers_maj = local_scan_version_fn();
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_minor() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The minor number is increased each time a new feature is added (in a
++ way that doesn't break backward compatibility) -- Marc */
++vers_min = local_scan_version_fn();
++
++
++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++
++local_scan_fn = dlsym(local_scan_lib, "local_scan");
++if (!local_scan_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan() function - message temporarily rejected");
++ return FALSE;
++ }
++
++return TRUE;
+ }
+
++#endif /* DLOPEN_LOCAL_SCAN */
++
+ /* End of local_scan.c */
+diff -ur exim-4.92.orig/src/readconf.c exim-4.92/src/readconf.c
+--- exim-4.92.orig/src/readconf.c 2019-01-30 14:59:52.000000000 +0100
++++ exim-4.92/src/readconf.c 2019-02-16 18:18:46.013947455 +0100
+@@ -199,6 +199,9 @@
+ { "local_from_prefix", opt_stringptr, &local_from_prefix },
+ { "local_from_suffix", opt_stringptr, &local_from_suffix },
+ { "local_interfaces", opt_stringptr, &local_interfaces },
++#ifdef DLOPEN_LOCAL_SCAN
++ { "local_scan_path", opt_stringptr, &local_scan_path },
++#endif
+ #ifdef HAVE_LOCAL_SCAN
+ { "local_scan_timeout", opt_time, &local_scan_timeout },
+ #endif
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2019-06-11 8:17 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2019-06-11 8:17 UTC (permalink / raw
To: gentoo-commits
commit: 4971a74df5e8753cfbb4d40c0ff4960d951b2e52
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 11 08:16:54 2019 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Jun 11 08:16:54 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4971a74d
mail-mta/exim: revbump for fix for bug #687554
Bug: https://bugs.gentoo.org/687554
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
Package-Manager: Portage-2.3.66, Repoman-2.3.11
mail-mta/exim/exim-4.92-r1.ebuild | 562 +++++++++++++++++++++
.../files/exim-4.92-fix-eval-expansion-32bit.patch | 51 ++
2 files changed, 613 insertions(+)
diff --git a/mail-mta/exim/exim-4.92-r1.ebuild b/mail-mta/exim/exim-4.92-r1.ebuild
new file mode 100644
index 00000000000..a0346ffb579
--- /dev/null
+++ b/mail-mta/exim/exim-4.92-r1.ebuild
@@ -0,0 +1,562 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit db-use eutils toolchain-funcs multilib pam systemd
+
+IUSE="arc dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd +tpda X"
+REQUIRED_USE="
+ arc? ( dkim spf )
+ dane? ( ssl !gnutls )
+ dmarc? ( dkim spf )
+ gnutls? ( ssl )
+ pkcs11? ( ssl )
+ spf? ( exiscan-acl )
+ srs? ( exiscan-acl )
+"
+# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
+# for x86 and amd64 only, due to this, repoman won't allow depending on
+# gnutls[dane] for all else. Because we cannot express USE=dane when
+# USE=gnutls is in effect only in package.use.mask, the only option we
+# have left is to a) ignore the dependency (but that results in bug
+# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
+# incorrect, but b) is the only "correct" view from repoman.
+
+COMM_URI="https://downloads.exim.org/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.xz
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.xz )"
+HOMEPAGE="http://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ ( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
+ dev-libs/libpcre
+ idn? ( net-dns/libidn:= net-dns/libidn2:= )
+ perl? ( dev-lang/perl:= )
+ pam? ( virtual/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ gnutls? (
+ net-libs/gnutls:0=[pkcs11?]
+ dev-libs/libtasn1
+ )
+ ldap? ( >=net-nds/openldap-2.0.7 )
+ nis? (
+ elibc_glibc? (
+ net-libs/libtirpc
+ >=net-libs/libnsl-1:=
+ )
+ )
+ mysql? ( virtual/libmysqlclient )
+ postgres? ( dev-db/postgresql:= )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc )
+ srs? ( mail-filter/libsrs_alt )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libiconv
+ elibc_glibc? ( net-libs/libnsl )
+ "
+ # added X check for #57206
+DEPEND="${COMMON_DEPEND}
+ virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/mini-qmail
+ !<mail-mta/msmtp-1.4.19-r1
+ !>=mail-mta/msmtp-1.4.19-r1[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/qmail-ldap
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]
+ !net-mail/mailwrapper
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//rc/RC}
+
+src_prepare() {
+ epatch "${FILESDIR}"/exim-4.14-tail.patch
+ epatch "${FILESDIR}"/exim-4.92-localscan_dlopen.patch
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
+ epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+ epatch "${FILESDIR}"/exim-4.92-fix-eval-expansion-32bit.patch #687554
+
+ if use maildir ; then
+ epatch "${FILESDIR}"/exim-4.20-maildir.patch
+ else
+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ eapply_user
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ sed -i.orig \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
+ "${S}"/src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
+
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile
+
+ if use elibc_musl; then
+ sed -e 's/^LIBS = -lnsl/LIBS =/g' \
+ -i OS/Makefile-Linux
+ fi
+
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ EOC
+
+ # if we use libiconv, now is the time to tell so
+ use !elibc_glibc && use !elibc_musl && \
+ echo "EXTRALIBS_EXIM=-liconv" >> Makefile
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ # support i18n/IDNA
+ if use idn; then
+ cat >> Makefile <<- EOC
+ SUPPORT_I18N=yes
+ SUPPORT_I18N_2008=yes
+ EXTRALIBS_EXIM += -lidn -lidn2
+ EOC
+ fi
+
+ #
+ # mail storage formats
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ CFLAGS+=-I$(db_includedir ${DB_VERS})
+ DBMLIB=-l$(db_libname ${DB_VERS})
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ if use elibc_glibc ; then
+ cat >> Makefile <<- EOC
+ CFLAGS += -I/usr/include/tirpc
+ EOC
+ fi
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ #
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ else
+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
+ fi
+
+ #
+ # features
+
+ # content scanning support
+ if use exiscan-acl; then
+ cat >> Makefile <<- EOC
+ WITH_CONTENT_SCAN=yes
+ EOC
+ fi
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use !tpda && use !dane; then
+ # EVENT is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_EVENT=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ echo "SUPPORT_TLS=yes" >> Makefile
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls" >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PROXY=yes
+ EOC
+ fi
+
+ # DANE
+ if use dane; then
+ cat >> Makefile <<- EOC
+ SUPPORT_DANE=yes
+ EOC
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ SUPPORT_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ #
+ # experimental features
+
+ # Authenticated Receive Chain
+ if use arc; then
+ echo "EXPERIMENTAL_ARC=yes">> Makefile
+ fi
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_SRS=yes
+ EXTRALIBS_EXIM += -lsrs_alt
+ EOC
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Delivery Sender Notifications extra information in fail message
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN_INFO=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
+ || die "make failed"
+}
+
+src_install () {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym ../sbin/exim /usr/bin/mailq
+ dosym ../sbin/exim /usr/bin/newaliases
+ dosym ../sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc "${S}"/doc/*
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ if use exiscan-acl; then
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
+ fi
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ pamd_mimic system-auth exim auth account
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc10 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+ keepdir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
+ fi
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use srs && einfo "SRS support is experimental"
+ if use dmarc ; then
+ einfo "DMARC support is experimental. See global settings to"
+ einfo "configure DMARC, for usage see the documentation at "
+ einfo "experimental-spec.txt."
+ fi
+ use dsn && einfo "extra information in fail DSN message is experimental"
+ elog "The obsolete acl condition 'demime' is removed, the replacements"
+ elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
+}
diff --git a/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch b/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch
new file mode 100644
index 00000000000..17d7d21113d
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.92-fix-eval-expansion-32bit.patch
@@ -0,0 +1,51 @@
+Extract from complete patch from
+https://git.exim.org/exim.git/patch/26dd3aa007b3b77969610c031f59388e0953bd00
+to only take the buildconfig.c change because the git directory
+structure is different from a release tarball causing this patch to fail
+otherwise.
+
+From 26dd3aa007b3b77969610c031f59388e0953bd00 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 7 Jun 2019 11:54:10 +0100
+Subject: [PATCH] Fix detection of 32b platform at build time. Bug 2405
+
+---
+ src/src/buildconfig.c | 12 +++++---
+ test/scripts/0000-Basic/0002 | 72 +++++++++++++++++++++++---------------------
+ test/stdout/0002 | 72 +++++++++++++++++++++++---------------------
+ 3 files changed, 83 insertions(+), 73 deletions(-)
+
+diff --git a/src/src/buildconfig.c b/src/src/buildconfig.c
+index 71cf97b..a680b34 100644
+--- a/src/src/buildconfig.c
++++ b/src/src/buildconfig.c
+@@ -111,6 +111,7 @@ unsigned long test_ulong_t = 0L;
+ unsigned int test_uint_t = 0;
+ #endif
+ long test_long_t = 0;
++long long test_longlong_t = 0;
+ int test_int_t = 0;
+ FILE *base;
+ FILE *new;
+@@ -155,15 +156,16 @@ This assumption is known to be OK for the common operating systems. */
+
+ fprintf(new, "#ifndef OFF_T_FMT\n");
+ if (sizeof(test_off_t) > sizeof(test_long_t))
+- {
+ fprintf(new, "# define OFF_T_FMT \"%%lld\"\n");
+- fprintf(new, "# define LONGLONG_T long long int\n");
+- }
+ else
+- {
+ fprintf(new, "# define OFF_T_FMT \"%%ld\"\n");
++fprintf(new, "#endif\n\n");
++
++fprintf(new, "#ifndef LONGLONG_T\n");
++if (sizeof(test_longlong_t) > sizeof(test_long_t))
++ fprintf(new, "# define LONGLONG_T long long int\n");
++else
+ fprintf(new, "# define LONGLONG_T long int\n");
+- }
+ fprintf(new, "#endif\n\n");
+
+ /* Now do the same thing for time_t variables. If the length is greater than
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2019-08-02 6:44 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2019-08-02 6:44 UTC (permalink / raw
To: gentoo-commits
commit: e4104b9c4bd8cbaba4712e6a8d4e6c8d120ba5c0
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 2 06:42:47 2019 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Aug 2 06:42:47 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4104b9c
mail-mta/exim: cleanup vulnerable CVE-2019-10149
Bug: https://bugs.gentoo.org/687336
Package-Manager: Portage-2.3.66, Repoman-2.3.16
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/Manifest | 2 -
mail-mta/exim/exim-4.91-r2.ebuild | 561 ---------------------
.../exim/files/exim-4.74-localscan_dlopen.patch | 262 ----------
3 files changed, 825 deletions(-)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index c666f92c515..92f89a8e4ee 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,7 +1,5 @@
-DIST exim-4.91.tar.xz 1744660 BLAKE2B 8d50a709def02a52f8e76a16fcf51a4fc7e553217d5513a361aa780f58bff336a9ab90d8683e3841a074f54f3c75f2f77bf1a353a849be1207bffdd5fb6e4c51 SHA512 35b34dda8dd0f27c0429e6eb8409756ecd3cf9e535bac421d696b1560db0ff3bf4cd0e4a00bc0b7e32137d31bb5de20776c7c1830ec125aa36b5c4376b0c71a2
DIST exim-4.92.1.tar.xz 1767976 BLAKE2B fb5bdb8762f16e30c43c7899e5fb5b459bb5e910458f970d20a5cb26cdde842d87a1f8150e4c0f9e931fa277e2f33a0fb8a6d478b5bf871d03a12ebd06c36d67 SHA512 fd43448db0aa5139f8b459322b95e258f232ac8a4bf21a19099c7768329ec20c344c4e0d8dd2e98c33a192a5f97d7666a746de2c87bdfb8da42c625c985d7e05
DIST exim-4.92.tar.xz 1767136 BLAKE2B 6c97578807073a782112218c65de460cc94f046d807eddc7330f2f67266c0ef341ded61050a16aca13c88e606a923a9e08033c8bfb618a7ef34b3d2ea6db32ca SHA512 62c327e6184a358ba7f0dbc38b44d2537234be91727a5bfac97e74af64a8d77e376b3221dcfdd8f6eca7d812f9233595503dc6e50e2972bed40a1b74eb209c31
-DIST exim-pdf-4.91.tar.xz 1973672 BLAKE2B 0b9e3f65c8e8a5f727dd4359d1c5c6c867c0ecfce3b44763d5a24f2d98353bc58c42456e9884994f404d17685909ea287a478189407ba8e7835352274c788980 SHA512 82add9b42749b6d938ff3b44a4dea3dfe84bcb2a1efea8a32b64d81a9ea312033d33023b5c224a44a2c053b18f9042bd1f2834847cf48873d1725a5594704a12
DIST exim-pdf-4.92.1.tar.xz 2038948 BLAKE2B 6624fb8930944f79e0c7e52a001727cfcff508ac69cb4107247201b8598d6e223cac7c7eda14c3102d0eabc151a547b6cc5ef11a6c4a830f31dfd88e24907c1d SHA512 437b868cd7dedae59e32b9245c8c1ca3375605eb4911846bc3508b627acf32c99bda644b3c3e84eb539a39b3c2cc4f83314eebe55160b3da617ccaec2f1623a2
DIST exim-pdf-4.92.tar.xz 2038812 BLAKE2B d5966a27f980a2ceb31293d92049a6691a08262bd20ae7315f41929f0d7a45b5d66c7000f9596b193e74d0c17f91c56a3262602047673c49649f1cad6b216547 SHA512 3a40818025fceaa7ac17f8e7ce06a61e3cf65267c821aea93e1a1a659782b047ab177b88a38c9b2271c0a296e1dc7939e23fe0f89415a11cd45693cb8af10c15
DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3
diff --git a/mail-mta/exim/exim-4.91-r2.ebuild b/mail-mta/exim/exim-4.91-r2.ebuild
deleted file mode 100644
index cf587588b81..00000000000
--- a/mail-mta/exim/exim-4.91-r2.ebuild
+++ /dev/null
@@ -1,561 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit db-use eutils toolchain-funcs multilib pam systemd
-
-IUSE="arc dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn elibc_glibc exiscan-acl gnutls idn ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- spf? ( exiscan-acl )
- srs? ( exiscan-acl )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-
-COMM_URI="https://downloads.exim.org/exim4$([[ ${PV} == *_rc* ]] && echo /test)"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//rc/RC}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.xz )"
-HOMEPAGE="http://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd ~x86-solaris"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- ( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
- dev-libs/libpcre
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( virtual/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl:= )
- )
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- ldap? ( >=net-nds/openldap-2.0.7 )
- nis? (
- elibc_glibc? (
- net-libs/libtirpc
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( virtual/libmysqlclient )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc )
- srs? ( mail-filter/libsrs_alt )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libiconv
- elibc_glibc? ( net-libs/libnsl )
- "
- # added X check for #57206
-DEPEND="${COMMON_DEPEND}
- virtual/pkgconfig"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/mini-qmail
- !<mail-mta/msmtp-1.4.19-r1
- !>=mail-mta/msmtp-1.4.19-r1[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/qmail-ldap
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !<mail-mta/ssmtp-2.64-r2
- !>=mail-mta/ssmtp-2.64-r2[mta]
- !net-mail/mailwrapper
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//rc/RC}
-
-src_prepare() {
- epatch "${FILESDIR}"/exim-4.14-tail.patch
- epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
- epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
- epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
- epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
- epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
-
- if use maildir ; then
- epatch "${FILESDIR}"/exim-4.20-maildir.patch
- else
- epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- sed -i.orig \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
- "${S}"/src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die
-
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
- -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile
-
- if use elibc_musl; then
- sed -e 's/^LIBS = -lnsl/LIBS =/g' \
- -i OS/Makefile-Linux
- fi
-
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # if we use libiconv, now is the time to tell so
- use !elibc_glibc && use !elibc_musl && \
- echo "EXTRALIBS_EXIM=-liconv" >> Makefile
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
-
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- CFLAGS+=-I$(db_includedir ${DB_VERS})
- DBMLIB=-l$(db_libname ${DB_VERS})
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- CFLAGS += -I/usr/include/tirpc
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- #
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- else
- sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
- fi
-
- #
- # features
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- echo "SUPPORT_TLS=yes" >> Makefile
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls" >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # DANE
- if use dane; then
- cat >> Makefile <<- EOC
- SUPPORT_DANE=yes
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
- || die "make failed"
-}
-
-src_install () {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc "${S}"/doc/*
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- pamd_mimic system-auth exim auth account
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
- einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
- einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- use srs && einfo "SRS support is experimental"
- if use dmarc ; then
- einfo "DMARC support is experimental. See global settings to"
- einfo "configure DMARC, for usage see the documentation at "
- einfo "experimental-spec.txt."
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- elog "The obsolete acl condition 'demime' is removed, the replacements"
- elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
-}
diff --git a/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch
deleted file mode 100644
index 3bb57c1637c..00000000000
--- a/mail-mta/exim/files/exim-4.74-localscan_dlopen.patch
+++ /dev/null
@@ -1,262 +0,0 @@
-diff -Naur exim-4.32/src/EDITME exim-4.32-dlopen/src/EDITME
---- src/EDITME 2004-04-15 08:27:01.000000000 +0000
-+++ src/EDITME 2004-05-06 16:15:47.000000000 +0000
-@@ -505,6 +505,24 @@
-
-
- #------------------------------------------------------------------------------
-+# On systems which support dynamic loading of shared libraries, Exim can
-+# load a local_scan function specified in its config file instead of having
-+# to be recompiled with the desired local_scan function. For a full
-+# description of the API to this function, see the Exim specification.
-+
-+DLOPEN_LOCAL_SCAN=yes
-+
-+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
-+# linker flags. Without it, the loaded .so won't be able to access any
-+# functions from exim.
-+
-+LFLAGS = -rdynamic
-+ifeq ($(OSTYPE),Linux)
-+LFLAGS += -ldl
-+endif
-+
-+
-+#------------------------------------------------------------------------------
- # The default distribution of Exim contains only the plain text form of the
- # documentation. Other forms are available separately. If you want to install
- # the documentation in "info" format, first fetch the Texinfo documentation
-diff -Naur exim-4.32/src/config.h.defaults exim-4.32-dlopen/src/config.h.defaults
---- src/config.h.defaults 2004-04-15 08:27:01.000000000 +0000
-+++ src/config.h.defaults 2004-05-06 16:16:30.000000000 +0000
-@@ -20,6 +20,8 @@
- #define AUTH_PLAINTEXT
- #define AUTH_SPA
-
-+#define DLOPEN_LOCAL_SCAN
-+
- #define BIN_DIRECTORY
-
- #define CONFIGURE_FILE
-diff -Naur exim-4.32/src/globals.c exim-4.32-dlopen/src/globals.c
---- src/globals.c 2004-04-15 08:27:01.000000000 +0000
-+++ src/globals.c 2004-05-06 16:17:07.000000000 +0000
-@@ -109,6 +109,10 @@
- uschar *tls_verify_hosts = NULL;
- #endif
-
-+#ifdef DLOPEN_LOCAL_SCAN
-+uschar *local_scan_path = NULL;
-+#endif
-+
-
- /* Input-reading functions for messages, so we can use special ones for
- incoming TCP/IP. The defaults use stdin. We never need these for any
-diff -Naur exim-4.32/src/globals.h exim-4.32-dlopen/src/globals.h
---- src/globals.h 2004-04-15 08:27:01.000000000 +0000
-+++ src/globals.h 2004-05-06 16:17:50.000000000 +0000
-@@ -73,6 +73,9 @@
- extern uschar *tls_verify_hosts; /* Mandatory client verification */
- #endif
-
-+#ifdef DLOPEN_LOCAL_SCAN
-+extern uschar *local_scan_path; /* Path to local_scan() library */
-+#endif
-
- /* Input-reading functions for messages, so we can use special ones for
- incoming TCP/IP. */
-diff -Naur exim-4.32/src/local_scan.c exim-4.32-dlopen/src/local_scan.c
---- src/local_scan.c 2004-04-15 08:27:01.000000000 +0000
-+++ src/local_scan.c 2004-05-06 16:21:57.000000000 +0000
-@@ -5,60 +5,131 @@
- /* Copyright (c) University of Cambridge 1995 - 2004 */
- /* See the file NOTICE for conditions of use and distribution. */
-
-+#include "exim.h"
-
--/******************************************************************************
--This file contains a template local_scan() function that just returns ACCEPT.
--If you want to implement your own version, you should copy this file to, say
--Local/local_scan.c, and edit the copy. To use your version instead of the
--default, you must set
--
--LOCAL_SCAN_SOURCE=Local/local_scan.c
--
--in your Local/Makefile. This makes it easy to copy your version for use with
--subsequent Exim releases.
--
--For a full description of the API to this function, see the Exim specification.
--******************************************************************************/
--
--
--/* This is the only Exim header that you should include. The effect of
--including any other Exim header is not defined, and may change from release to
--release. Use only the documented interface! */
--
--#include "local_scan.h"
--
--
--/* This is a "do-nothing" version of a local_scan() function. The arguments
--are:
--
-- fd The file descriptor of the open -D file, which contains the
-- body of the message. The file is open for reading and
-- writing, but modifying it is dangerous and not recommended.
--
-- return_text A pointer to an unsigned char* variable which you can set in
-- order to return a text string. It is initialized to NULL.
--
--The return values of this function are:
--
-- LOCAL_SCAN_ACCEPT
-- The message is to be accepted. The return_text argument is
-- saved in $local_scan_data.
--
-- LOCAL_SCAN_REJECT
-- The message is to be rejected. The returned text is used
-- in the rejection message.
--
-- LOCAL_SCAN_TEMPREJECT
-- This specifies a temporary rejection. The returned text
-- is used in the rejection message.
--*/
-+#ifdef DLOPEN_LOCAL_SCAN
-+#include <dlfcn.h>
-+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
-+static int load_local_scan_library(void);
-+#endif
-
- int
- local_scan(int fd, uschar **return_text)
- {
- fd = fd; /* Keep picky compilers happy */
- return_text = return_text;
--return LOCAL_SCAN_ACCEPT;
-+#ifdef DLOPEN_LOCAL_SCAN
-+/* local_scan_path is defined AND not the empty string */
-+if (local_scan_path && *local_scan_path)
-+ {
-+ if (!local_scan_fn)
-+ {
-+ if (!load_local_scan_library())
-+ {
-+ char *base_msg , *error_msg , *final_msg ;
-+ int final_length = -1 ;
-+
-+ base_msg=US"Local configuration error - local_scan() library failure\n";
-+ error_msg = dlerror() ;
-+
-+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
-+ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
-+ *final_msg = '\0' ;
-+
-+ strcat( final_msg , base_msg ) ;
-+ strcat( final_msg , error_msg ) ;
-+
-+ *return_text = final_msg ;
-+ return LOCAL_SCAN_TEMPREJECT;
-+ }
-+ }
-+ return local_scan_fn(fd, return_text);
-+ }
-+else
-+#endif
-+ return LOCAL_SCAN_ACCEPT;
-+}
-+
-+#ifdef DLOPEN_LOCAL_SCAN
-+
-+static int load_local_scan_library(void)
-+{
-+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
-+void *local_scan_lib = NULL;
-+int (*local_scan_version_fn)(void);
-+int vers_maj;
-+int vers_min;
-+
-+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
-+if (!local_scan_lib)
-+ {
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
-+ "message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
-+if (!local_scan_version_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan_version_major() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+/* The major number is increased when the ABI is changed in a non
-+ backward compatible way. */
-+vers_maj = local_scan_version_fn();
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
-+if (!local_scan_version_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan_version_minor() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+/* The minor number is increased each time a new feature is added (in a
-+ way that doesn't break backward compatibility) -- Marc */
-+vers_min = local_scan_version_fn();
-+
-+
-+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
-+ {
-+ dlclose(local_scan_lib);
-+ local_scan_lib = NULL;
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
-+ "version number, you need to recompile your module for this version"
-+ "of exim (The module was compiled for version %d.%d and this exim provides"
-+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+ LOCAL_SCAN_ABI_VERSION_MINOR);
-+ return FALSE;
-+ }
-+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
-+ {
-+ dlclose(local_scan_lib);
-+ local_scan_lib = NULL;
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
-+ "version number, you need to recompile your module for this version"
-+ "of exim (The module was compiled for version %d.%d and this exim provides"
-+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+ LOCAL_SCAN_ABI_VERSION_MINOR);
-+ return FALSE;
-+ }
-+
-+local_scan_fn = dlsym(local_scan_lib, "local_scan");
-+if (!local_scan_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+return TRUE;
- }
-
-+#endif /* DLOPEN_LOCAL_SCAN */
-+
- /* End of local_scan.c */
-diff -Naur exim-4.32/src/readconf.c exim-4.32-dlopen/src/readconf.c
---- src/readconf.c 2004-04-15 08:27:01.000000000 +0000
-+++ src/readconf.c 2004-05-06 16:23:12.000000000 +0000
-@@ -223,6 +223,9 @@
- { "local_from_prefix", opt_stringptr, &local_from_prefix },
- { "local_from_suffix", opt_stringptr, &local_from_suffix },
- { "local_interfaces", opt_stringptr, &local_interfaces },
-+#ifdef DLOPEN_LOCAL_SCAN
-+ { "local_scan_path", opt_stringptr, &local_scan_path },
-+#endif
- { "local_scan_timeout", opt_time, &local_scan_timeout },
- { "local_sender_retain", opt_bool, &local_sender_retain },
- { "localhost_number", opt_stringptr, &host_number_string },
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2020-05-09 9:57 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2020-05-09 9:57 UTC (permalink / raw
To: gentoo-commits
commit: 631b045c07527ab0ca4d4d585c56faa3855187fe
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sat May 9 09:57:23 2020 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sat May 9 09:57:38 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=631b045c
mail-mta/exim-4.93.0.4: fix compilation with certain USE-combinations
- fix localscan compilation
- fix nis compilation
- refine DB includes to lookup only
- fix radius compilation
Closes: https://bugs.gentoo.org/720364
Closes: https://bugs.gentoo.org/720362
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/exim-4.93.0.4.ebuild | 8 ++-
.../exim/files/exim-4.93-localscan_dlopen.patch | 4 +-
mail-mta/exim/files/exim-4.93-radius.patch | 66 ++++++++++++++++++++++
3 files changed, 74 insertions(+), 4 deletions(-)
diff --git a/mail-mta/exim/exim-4.93.0.4.ebuild b/mail-mta/exim/exim-4.93.0.4.ebuild
index a7ac64a9ffb..6e787039465 100644
--- a/mail-mta/exim/exim-4.93.0.4.ebuild
+++ b/mail-mta/exim/exim-4.93.0.4.ebuild
@@ -114,6 +114,7 @@ src_prepare() {
eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
eapply "${FILESDIR}"/exim-4.93-localscan_dlopen.patch
+ eapply -p2 "${FILESDIR}"/exim-4.93-radius.patch # 720364
if use maildir ; then
eapply "${FILESDIR}"/exim-4.20-maildir.patch
@@ -219,11 +220,11 @@ src_configure() {
local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
cat >> Makefile <<- EOC
USE_DB=yes
- CFLAGS+=-I$(db_includedir ${DB_VERS})
- DBMLIB=-l$(db_libname ${DB_VERS})
LOOKUP_CDB=yes
LOOKUP_PASSWD=yes
LOOKUP_DSEARCH=yes
+ LOOKUP_INCLUDE += -I$(db_includedir ${DB_VERS})
+ DBMLIB = -l$(db_libname ${DB_VERS})
EOC
if ! use dnsdb; then
@@ -255,7 +256,8 @@ src_configure() {
EOC
if use elibc_glibc ; then
cat >> Makefile <<- EOC
- CFLAGS += -I"${EPREFIX}"/usr/include/tirpc
+ LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
+ LOOKUP_LIBS += -lnsl
EOC
fi
fi
diff --git a/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
index d2a5e63128a..0d016dbeb26 100644
--- a/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
+++ b/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch
@@ -72,7 +72,7 @@ Only in exim-4.92/src: globals.h.orig
diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
--- exim-4.92.orig/src/local_scan.c 2019-01-30 14:59:52.000000000 +0100
+++ exim-4.92/src/local_scan.c 2019-02-16 18:29:56.832732592 +0100
-@@ -5,61 +5,131 @@
+@@ -5,61 +5,133 @@
/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */
@@ -126,9 +126,11 @@ diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
- is used in the rejection message.
-*/
+#ifdef DLOPEN_LOCAL_SCAN
++#include <stdlib.h>
+#include <dlfcn.h>
+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
+static int load_local_scan_library(void);
++extern uschar *local_scan_path; /* Path to local_scan() library */
+#endif
int
diff --git a/mail-mta/exim/files/exim-4.93-radius.patch b/mail-mta/exim/files/exim-4.93-radius.patch
new file mode 100644
index 00000000000..55c52bee561
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.93-radius.patch
@@ -0,0 +1,66 @@
+From 70b28b113e21d21a528876c3abe88ccb5f7cc77d Mon Sep 17 00:00:00 2001
+From: Fabian Groffen <grobian@gentoo.org>
+Date: Sat, 9 May 2020 11:35:12 +0200
+Subject: [PATCH] call_radius: fix compilation due to incorrect usage of
+ string_sprintf
+
+Since f3ebb786e451da973560f1c9d8cdb151d25108b5, string_sprintf cannot be
+used without arguments any more, so use US directly.
+
+While at it, also make newline usage consistent to not return a newline
+in errptr, when it is debug-printed, a newline is added.
+
+https://bugs.gentoo.org/720364
+
+Signed-off-by: Fabian Groffen <grobian@gentoo.org>
+---
+ src/src/auths/call_radius.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c
+index c3637436d..253fd75cd 100644
+--- a/src/src/auths/call_radius.c
++++ b/src/src/auths/call_radius.c
+@@ -115,16 +115,16 @@ if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
+ *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+
+ else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
+- *errptr = string_sprintf("RADIUS: can't read dictionary");
++ *errptr = US("RADIUS: can't read dictionary");
+
+ else if (rc_avpair_add(&send, PW_USER_NAME, user, 0) == NULL)
+- *errptr = string_sprintf("RADIUS: add user name failed\n");
++ *errptr = US("RADIUS: add user name failed");
+
+ else if (rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0) == NULL)
+- *errptr = string_sprintf("RADIUS: add password failed\n");
++ *errptr = US("RADIUS: add password failed");
+
+ else if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0) == NULL)
+- *errptr = string_sprintf("RADIUS: add service type failed\n");
++ *errptr = US("RADIUS: add service type failed");
+
+ #else /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
+
+@@ -132,17 +132,17 @@ if ((h = rc_read_config(RADIUS_CONFIG_FILE)) == NULL)
+ *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
+
+ else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
+- *errptr = string_sprintf("RADIUS: can't read dictionary");
++ *errptr = US("RADIUS: can't read dictionary");
+
+ else if (rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0) == NULL)
+- *errptr = string_sprintf("RADIUS: add user name failed\n");
++ *errptr = US("RADIUS: add user name failed");
+
+ else if (rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
+ Ustrlen(radius_args), 0) == NULL)
+- *errptr = string_sprintf("RADIUS: add password failed\n");
++ *errptr = US("RADIUS: add password failed");
+
+ else if (rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0) == NULL)
+- *errptr = string_sprintf("RADIUS: add service type failed\n");
++ *errptr = US("RADIUS: add service type failed");
+
+ #endif /* RADIUS_LIB_RADIUSCLIENT */
+
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2020-05-13 7:45 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2020-05-13 7:45 UTC (permalink / raw
To: gentoo-commits
commit: 1468afd12e683a61448e2ff58c47e54715f0ff29
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed May 13 07:44:37 2020 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed May 13 07:45:13 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1468afd1
mail-mta/exim-4.93.0.4-r1: revbump for CVE-2020-12783
Bug: https://bugs.gentoo.org/722484
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
...xim-4.93.0.4.ebuild => exim-4.93.0.4-r1.ebuild} | 1 +
mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch | 83 ++++++++++++++++++++++
2 files changed, 84 insertions(+)
diff --git a/mail-mta/exim/exim-4.93.0.4.ebuild b/mail-mta/exim/exim-4.93.0.4-r1.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.93.0.4.ebuild
rename to mail-mta/exim/exim-4.93.0.4-r1.ebuild
index ae3fd4019c8..714de0e7045 100644
--- a/mail-mta/exim/exim-4.93.0.4.ebuild
+++ b/mail-mta/exim/exim-4.93.0.4-r1.ebuild
@@ -115,6 +115,7 @@ src_prepare() {
eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
eapply "${FILESDIR}"/exim-4.93-localscan_dlopen.patch
eapply -p2 "${FILESDIR}"/exim-4.93-radius.patch # 720364
+ eapply "${FILESDIR}"/exim-4.93-CVE-2020-12783.patch # 722484
if use maildir ; then
eapply "${FILESDIR}"/exim-4.20-maildir.patch
diff --git a/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
new file mode 100644
index 00000000000..c957d5541e4
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
@@ -0,0 +1,83 @@
+auths/spa: fix for CVE-2020-12783
+
+This is a combined patch of git commits:
+
+57aa14b216432be381b6295c312065b2fd034f86
+a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
+
+leaving out whitespace noise for a smaller patch
+and made it apply to the 4.93 release
+
+modified paths because Exim dists differ in layout from the git repo
+
+Fix SPA authenticator, checking client-supplied data before using it. Bug 2571
+Rework SPA fix to avoid overflows. Bug 2571
+
+
+--- a/src/auths/auth-spa.c
++++ b/src/auths/auth-spa.c
+@@ -405,7 +405,7 @@ int
+ /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
+ {
+ int len = 0;
+- register uschar digit1, digit2, digit3, digit4;
++ uschar digit1, digit2, digit3, digit4;
+
+ if (in[0] == '+' && in[1] == ' ')
+ in += 2;
+--- a/src/auths/spa.c
++++ b/src/auths/spa.c
+@@ -139,7 +139,8 @@ SPAAuthChallenge challenge;
+ SPAAuthResponse response;
+ SPAAuthResponse *responseptr = &response;
+ uschar msgbuf[2048];
+-uschar *clearpass;
++uschar *clearpass, *s;
++unsigned off;
+
+ /* send a 334, MS Exchange style, and grab the client's request,
+ unless we already have it via an initial response. */
+@@ -194,9 +195,19 @@ that causes failure if the size of msgbuf is exceeded. ****/
+
+ {
+ int i;
+- char *p = ((char*)responseptr) + IVAL(&responseptr->uUser.offset,0);
++ char * p;
+ int len = SVAL(&responseptr->uUser.len,0)/2;
+
++ if ( (off = IVAL(&responseptr->uUser.offset,0)) >= sizeof(SPAAuthResponse)
++ || len >= sizeof(responseptr->buffer)/2
++ || (p = (CS responseptr) + off) + len*2 >= CS (responseptr+1)
++ )
++ {
++ DEBUG(D_auth)
++ debug_printf("auth_spa_server(): bad uUser spec in response\n");
++ return FAIL;
++ }
++
+ if (len + 1 >= sizeof(msgbuf)) return FAIL;
+ for (i = 0; i < len; ++i)
+ {
+@@ -245,12 +256,16 @@ spa_smb_nt_encrypt(clearpass, challenge.challengeData, ntRespData);
+
+ /* compare NT hash (LM may not be available) */
+
+-if (memcmp(ntRespData,
+- ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
+- 24) == 0)
+- /* success. we have a winner. */
+- {
++off = IVAL(&responseptr->ntResponse.offset,0);
++if (off >= sizeof(SPAAuthResponse) - 24)
++ {
++ DEBUG(D_auth)
++ debug_printf("auth_spa_server(): bad ntRespData spec in response\n");
++ return FAIL;
++ }
++s = (US responseptr) + off;
++
++if (memcmp(ntRespData, s, 24) == 0)
+ return auth_check_serv_cond(ablock);
+- }
+
+ /* Expand server_condition as an authorization check (PH) */
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2020-06-08 8:06 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2020-06-08 8:06 UTC (permalink / raw
To: gentoo-commits
commit: 6a18f75bc0b98b1bc66844c82d5eee10eac9dfd7
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 8 08:05:57 2020 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Jun 8 08:06:10 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a18f75b
mail-mta/exim-4.94-r1: fix PAM expansion, bug #727310
Closes: https://bugs.gentoo.org/727310
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
.../exim/{exim-4.94.ebuild => exim-4.94-r1.ebuild} | 1 +
.../exim/files/exim-4.94-taint-pam-expansion.patch | 35 ++++++++++++++++++++++
2 files changed, 36 insertions(+)
diff --git a/mail-mta/exim/exim-4.94.ebuild b/mail-mta/exim/exim-4.94-r1.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.94.ebuild
rename to mail-mta/exim/exim-4.94-r1.ebuild
index cc977b34b9a..52358f32bef 100644
--- a/mail-mta/exim/exim-4.94.ebuild
+++ b/mail-mta/exim/exim-4.94-r1.ebuild
@@ -114,6 +114,7 @@ src_prepare() {
eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
+ eapply -p2 "${FILESDIR}"/exim-4.94-taint-pam-expansion.patch # drop on NR
if use maildir ; then
eapply "${FILESDIR}"/exim-4.94-maildir.patch
diff --git a/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch b/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch
new file mode 100644
index 00000000000..81863d340ed
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch
@@ -0,0 +1,35 @@
+From f7f933a199be8bb7362c715e0040545b514cddca Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 2 Jun 2020 14:50:31 +0100
+Subject: [PATCH] Taint: fix pam expansion condition. Bug 2587
+
+---
+ doc/doc-txt/ChangeLog | 5 +++++
+ src/src/auths/call_pam.c | 5 ++---
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+modified for gentoo so the patch applies by dropping Changelog part
+
+diff --git a/src/src/auths/call_pam.c b/src/src/auths/call_pam.c
+index 2959cbbf3..80bb23ec3 100644
+--- a/src/src/auths/call_pam.c
++++ b/src/src/auths/call_pam.c
+@@ -83,8 +83,7 @@ for (int i = 0; i < num_msg; i++)
+ {
+ case PAM_PROMPT_ECHO_ON:
+ case PAM_PROMPT_ECHO_OFF:
+- arg = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
+- if (!arg)
++ if (!(arg = string_nextinlist(&pam_args, &sep, NULL, 0)))
+ {
+ arg = US"";
+ pam_arg_ended = TRUE;
+@@ -155,7 +154,7 @@ pam_arg_ended = FALSE;
+ fail. PAM doesn't support authentication with an empty user (it prompts for it,
+ causing a potential mis-interpretation). */
+
+-user = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
++user = string_nextinlist(&pam_args, &sep, NULL, 0);
+ if (user == NULL || user[0] == 0) return FAIL;
+
+ /* Start off PAM interaction */
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2022-10-19 9:20 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2022-10-19 9:20 UTC (permalink / raw
To: gentoo-commits
commit: c1ee45f74e9ab5f27b279d1a604f6dc71f7685b7
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 19 09:18:29 2022 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Oct 19 09:20:50 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1ee45f7
mail-mta/exim-4.94.2-r10: revbump to fix compilation with exiscan
The CVE patch broke compilation when content scanning is not enabled.
Ensure the regex_vars_clear function is always built.
Closes: https://bugs.gentoo.org/877633
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
...xim-4.94.2-r9.ebuild => exim-4.94.2-r10.ebuild} | 0
mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch | 28 ++++++++++------------
2 files changed, 13 insertions(+), 15 deletions(-)
diff --git a/mail-mta/exim/exim-4.94.2-r9.ebuild b/mail-mta/exim/exim-4.94.2-r10.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.94.2-r9.ebuild
rename to mail-mta/exim/exim-4.94.2-r10.ebuild
diff --git a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
index 9617c70d9e57..8793514b8fb7 100644
--- a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
+++ b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
@@ -50,21 +50,6 @@ Subject: [PATCH 1/1] Fix $regex<n> use-after-free. Bug 2915
#endif
--- exim-4.94.2/src/regex.c 2021-04-30 14:08:21.000000000 +0200
+++ exim-4.94.2/src/regex.c 2022-10-19 09:35:03.229084750 +0200
-@@ -87,6 +87,14 @@
- return FAIL;
- }
-
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
- int
- regex(const uschar **listptr)
- {
@@ -98,7 +106,7 @@
int ret = FAIL;
@@ -84,6 +69,19 @@ Subject: [PATCH 1/1] Fix $regex<n> use-after-free. Bug 2915
/* precompile our regexes */
if (!(re_list_head = compile(*listptr)))
+@@ -213,3 +205,12 @@
+ }
+
+ #endif /* WITH_CONTENT_SCAN */
++
++/* reset expansion variables */
++void
++regex_vars_clear(void)
++{
++regex_match_string = NULL;
++for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
++}
++
--- exim-4.94.2/src/smtp_in.c 2021-04-30 14:08:21.000000000 +0200
+++ exim-4.94.2/src/smtp_in.c 2022-10-19 09:15:58.613447975 +0200
@@ -2161,8 +2161,10 @@
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-01-03 10:22 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-01-03 10:22 UTC (permalink / raw
To: gentoo-commits
commit: d4637e8d3a6d78bfb956570ddf9b03236f3620c0
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 3 10:22:20 2023 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Jan 3 10:22:20 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4637e8d
mail-mta/exim-4.94.2-r12: update openssl-3 patches
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
...im-4.94.2-r11.ebuild => exim-4.94.2-r12.ebuild} | 2 +-
mail-mta/exim/files/exim-4.94.2-openssl3.patch | 306 ++++++++++++++++++++-
2 files changed, 303 insertions(+), 5 deletions(-)
diff --git a/mail-mta/exim/exim-4.94.2-r11.ebuild b/mail-mta/exim/exim-4.94.2-r12.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.94.2-r11.ebuild
rename to mail-mta/exim/exim-4.94.2-r12.ebuild
index 352ae0cdcd7e..a347cf1581f6 100644
--- a/mail-mta/exim/exim-4.94.2-r11.ebuild
+++ b/mail-mta/exim/exim-4.94.2-r12.ebuild
@@ -122,7 +122,7 @@ src_prepare() {
eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
eapply "${FILESDIR}"/exim-4.94.2-fix-crash-resolve.patch # 799368 upstr
eapply "${FILESDIR}"/exim-4.94-CVE-2022-3559.patch # 877607 upstr
- eapply "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backport
+ eapply "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backports
# for this reason we have a := dep on opendmarc, they changed their
# API in a minor release
diff --git a/mail-mta/exim/files/exim-4.94.2-openssl3.patch b/mail-mta/exim/files/exim-4.94.2-openssl3.patch
index d1102aac8bfa..f9758515bef1 100644
--- a/mail-mta/exim/files/exim-4.94.2-openssl3.patch
+++ b/mail-mta/exim/files/exim-4.94.2-openssl3.patch
@@ -1,13 +1,34 @@
-Based on original commit, but applied to 4.94.2 tarball.
+Original commits from upstream applied to 4.94.2 release tarball
+
+From a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 1 Dec 2021 17:36:18 +0000
+Subject: [PATCH] OpenSSL: use nondeprecated D-H functions under 3.0.0.
+
+From c6a290f4d8df3734b3cdc2232b4334ff8386c1da Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 1 Dec 2021 18:52:21 +0000
+Subject: [PATCH] OpenSSL: tidy DH and ECDH param setup Testsuite: expand DH
+ testcase
From ff7829398d74e67f1c1f40339a772fd76708e5ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Sat, 27 Nov 2021 21:07:15 +0000
Subject: [PATCH] Fix build for OpenSSL 3.0.0 . Bug 2810
----
- src/src/tls-openssl.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
+From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 1 Jan 2023 12:18:38 +0000
+Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group. Bug
+ 2954
+
+From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 2 Jan 2023 15:04:14 +0000
+Subject: [PATCH] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0. Bug
+ 2954
+
+Broken-by: ca4014de81e6
--- a/src/tls-openssl.c
+++ b/src/tls-openssl.c
@@ -32,3 +53,280 @@ Subject: [PATCH] Fix build for OpenSSL 3.0.0 . Bug 2810
#endif
#ifdef SSL_OP_NO_TLSv1_2
{ US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },
+@@ -1017,23 +1021,27 @@
+ *************************************************/
+
+ /* If dhparam is set, expand it, and load up the parameters for DH encryption.
++Server only.
+
+ Arguments:
+ sctx The current SSL CTX (inbound or outbound)
+ dhparam DH parameter file or fixed parameter identity string
+- host connected host, if client; NULL if server
+ errstr error string pointer
+
+ Returns: TRUE if OK (nothing to set up, or setup worked)
+ */
+
+ static BOOL
+-init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr)
++init_dh(SSL_CTX * sctx, uschar * dhparam, uschar ** errstr)
+ {
+-BIO *bio;
+-DH *dh;
+-uschar *dhexpanded;
+-const char *pem;
++BIO * bio;
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++DH * dh;
++#else
++EVP_PKEY * pkey;
++#endif
++uschar * dhexpanded;
++const char * pem;
+ int dh_bitsize;
+
+ if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
+@@ -1046,7 +1054,7 @@
+ if (!(bio = BIO_new_file(CS dhexpanded, "r")))
+ {
+ tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
+- host, US strerror(errno), errstr);
++ NULL, US strerror(errno), errstr);
+ return FALSE;
+ }
+ }
+@@ -1061,17 +1069,23 @@
+ if (!(pem = std_dh_prime_named(dhexpanded)))
+ {
+ tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
+- host, US strerror(errno), errstr);
++ NULL, US strerror(errno), errstr);
+ return FALSE;
+ }
+ bio = BIO_new_mem_buf(CS pem, -1);
+ }
+
+-if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)))
++if (!(
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)
++#else
++ pkey = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL)
++#endif
++ ) )
+ {
+ BIO_free(bio);
+ tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
+- host, NULL, errstr);
++ NULL, NULL, errstr);
+ return FALSE;
+ }
+
+@@ -1081,33 +1095,54 @@
+ * If someone wants to dance at the edge, then they can raise the limit or use
+ * current libraries. */
+-#ifdef EXIM_HAVE_OPENSSL_DH_BITS
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++# ifdef EXIM_HAVE_OPENSSL_DH_BITS
+ /* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022
+ * This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */
+ dh_bitsize = DH_bits(dh);
+-#else
++# else
+ dh_bitsize = 8 * DH_size(dh);
++# endif
++#else /* 3.0.0 + */
++dh_bitsize = EVP_PKEY_get_bits(pkey);
+ #endif
+
+-/* Even if it is larger, we silently return success rather than cause things
+- * to fail out, so that a too-large DH will not knock out all TLS; it's a
+- * debatable choice. */
+-if (dh_bitsize > tls_dh_max_bits)
++/* Even if it is larger, we silently return success rather than cause things to
++fail out, so that a too-large DH will not knock out all TLS; it's a debatable
++choice. Likewise for a failing attempt to set one. */
++
++if (dh_bitsize <= tls_dh_max_bits)
+ {
+- DEBUG(D_tls)
+- debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n",
+- dh_bitsize, tls_dh_max_bits);
++ if (
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
++ SSL_CTX_set_tmp_dh(sctx, dh)
++#else
++ SSL_CTX_set0_tmp_dh_pkey(sctx, pkey)
++#endif
++ == 0)
++ {
++ ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
++ log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (D-H param setting '%s'): %s",
++ dhexpanded ? dhexpanded : US"default", ssl_errstring);
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ /* EVP_PKEY_free(pkey); crashes */
++#endif
++ }
++ else
++ DEBUG(D_tls)
++ debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
++ dhexpanded ? dhexpanded : US"default", dh_bitsize);
+ }
+ else
+- {
+- SSL_CTX_set_tmp_dh(sctx, dh);
+ DEBUG(D_tls)
+- debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
+- dhexpanded ? dhexpanded : US"default", dh_bitsize);
+- }
++ debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
++ dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
+
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ DH_free(dh);
+-BIO_free(bio);
++#endif
++/* The EVP_PKEY ownership stays with the ctx; do not free it */
+
++BIO_free(bio);
+ return TRUE;
+ }
+
+@@ -1118,7 +1154,7 @@
+ * Initialize for ECDH *
+ *************************************************/
+
+-/* Load parameters for ECDH encryption.
++/* Load parameters for ECDH encryption. Server only.
+
+ For now, we stick to NIST P-256 because: it's simple and easy to configure;
+ it avoids any patent issues that might bite redistributors; despite events in
+@@ -1136,37 +1172,40 @@
+
+ Arguments:
+ sctx The current SSL CTX (inbound or outbound)
+- host connected host, if client; NULL if server
+ errstr error string pointer
+
+ Returns: TRUE if OK (nothing to set up, or setup worked)
+ */
+
+ static BOOL
+-init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr)
++init_ecdh(SSL_CTX * sctx, uschar ** errstr)
+ {
+ #ifdef OPENSSL_NO_ECDH
+ return TRUE;
+ #else
+
+-EC_KEY * ecdh;
+ uschar * exp_curve;
+-int nid;
+-BOOL rv;
+-
+-if (host) /* No ECDH setup for clients, only for servers */
+- return TRUE;
++int nid, rc;
+
+ # ifndef EXIM_HAVE_ECDH
+ DEBUG(D_tls)
+- debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
++ debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
+ return TRUE;
+ # else
+
+ if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
+ return FALSE;
++
++/* Is the option deliberately empty? */
++
+ if (!exp_curve || !*exp_curve)
++ {
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++ DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
++ (void) SSL_CTX_set1_curves(sctx, &nid, 0);
++#endif
+ return TRUE;
++ }
+
+ /* "auto" needs to be handled carefully.
+ * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
+@@ -1202,27 +1241,41 @@
+ # endif
+ )
+ {
+- tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
+- host, NULL, errstr);
++ uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
++ DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
++ if (errstr) *errstr = s;
+ return FALSE;
+ }
+
+-if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
+- {
+- tls_error(US"Unable to create ec curve", host, NULL, errstr);
+- return FALSE;
+- }
++# if OPENSSL_VERSION_NUMBER < 0x30000000L
++ {
++ EC_KEY * ecdh;
++ if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
++ {
++ tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
++ return FALSE;
++ }
+
+-/* The "tmp" in the name here refers to setting a temporary key
+-not to the stability of the interface. */
++ /* The "tmp" in the name here refers to setting a temporary key
++ not to the stability of the interface. */
+
+-if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
+- tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr);
++ if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
++ tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
++ else
++ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
++ EC_KEY_free(ecdh);
++ }
++
++#else /* v 3.0.0 + */
++
++if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
++ tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
+ else
+- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
++ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
++
++#endif
+
+-EC_KEY_free(ecdh);
+-return !rv;
++return !!rc;
+
+ # endif /*EXIM_HAVE_ECDH*/
+ #endif /*OPENSSL_NO_ECDH*/
+@@ -1727,8 +1780,8 @@
+ SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);
+
+-if ( !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr)
+- || !init_ecdh(server_sni, NULL, &dummy_errstr)
++if ( !init_dh(server_sni, cbinfo->dhparam, &dummy_errstr)
++ || !init_ecdh(server_sni, &dummy_errstr)
+ )
+ goto bad;
+
+@@ -2213,8 +2266,8 @@
+ /* Initialize with DH parameters if supplied */
+ /* Initialize ECDH temp key parameter selection */
+
+-if ( !init_dh(ctx, dhparam, host, errstr)
+- || !init_ecdh(ctx, host, errstr)
++if ( !init_dh(ctx, dhparam, errstr)
++ || !init_ecdh(ctx, errstr)
+ )
+ return DEFER;
+
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-05-27 9:25 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-05-27 9:25 UTC (permalink / raw
To: gentoo-commits
commit: 050f88a892c6dc4f60c338ed8da4fb953f85090e
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sat May 27 09:24:25 2023 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sat May 27 09:24:50 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=050f88a8
mail-mta/exim-4.96-r3: move 4.96 patches into tarball
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/Manifest | 1 +
mail-mta/exim/exim-4.96-r3.ebuild | 33 +--
mail-mta/exim/files/exim-4.96-dane-dns_again.patch | 81 -------
.../exim/files/exim-4.96-deamon-startup-fix.patch | 53 -----
.../files/exim-4.96-dmarc_use_after_free.patch | 31 ---
.../exim/files/exim-4.96-expansion-crash.patch | 69 ------
.../exim/files/exim-4.96-openssl-bad-alpn.patch | 101 ---------
.../files/exim-4.96-openssl-double-expansion.patch | 217 -------------------
.../files/exim-4.96-openssl-tls_eccurve-lt-3.patch | 44 ----
.../exim-4.96-openssl-tls_eccurve-setting.patch | 169 ---------------
.../exim/files/exim-4.96-openssl-verify-ocsp.patch | 232 ---------------------
.../exim/files/exim-4.96-recursion-dns_again.patch | 57 -----
.../files/exim-4.96-regex-use-after-free.patch | 173 ---------------
.../exim-4.96-rewrite-malformed-addr-fix.patch | 42 ----
.../files/exim-4.96-spf-memory-error-fix.patch | 25 ---
.../exim/files/exim-4.96-transport-crash.patch | 27 ---
16 files changed, 20 insertions(+), 1335 deletions(-)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 254aa57e04a2..079903b715c8 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,4 +1,5 @@
DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
+DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
diff --git a/mail-mta/exim/exim-4.96-r3.ebuild b/mail-mta/exim/exim-4.96-r3.ebuild
index 646aa80b8ade..b9f58258caa4 100644
--- a/mail-mta/exim/exim-4.96-r3.ebuild
+++ b/mail-mta/exim/exim-4.96-r3.ebuild
@@ -34,8 +34,10 @@ SDIR=$([[ ${PV} == *_rc* ]] && echo /test
[[ ${PV} == *.*.*.* ]] && echo /fixes)
COMM_URI="https://downloads.exim.org/exim4${SDIR}"
+GPV="r0"
DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+ https://dev.gentoo.org/~grobian/distfiles/${P}-gentoo-patches-${GPV}.tar.xz
mirror://gentoo/system_filter.exim.gz
doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
HOMEPAGE="https://www.exim.org/"
@@ -116,20 +118,23 @@ src_prepare() {
eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
- eapply "${FILESDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-regex-use-after-free.patch # upstr
- eapply -p2 "${FILESDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-recursion-dns_again.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-dane-dns_again.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-expansion-crash.patch # upstr
- eapply "${FILESDIR}"/exim-4.96-transport-crash.patch # upstr
+
+ # Upstream post-release fixes :(
+ local GPVDIR=${WORKDIR}/${P}-gentoo-patches-${GPV}
+ eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
+ eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
# oddity, they disable berkdb as hack, and then throw an error when
# berkdb isn't enabled
diff --git a/mail-mta/exim/files/exim-4.96-dane-dns_again.patch b/mail-mta/exim/files/exim-4.96-dane-dns_again.patch
deleted file mode 100644
index 9bd94f784594..000000000000
--- a/mail-mta/exim/files/exim-4.96-dane-dns_again.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-modified for Gentoo, removed Changelog due to conflicts
-
-From 30520c8f87fcf660ed99a2344cae7f9787f7bc89 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 5 Jan 2023 18:39:51 +0000
-Subject: [PATCH 3/3] DANE: do not check dns_again_means_nonexist for TLSA
- results of TRY_AGAIN
-
----
- doc/doc-docbook/spec.xfpt | 7 ++++++-
- doc/ChangeLog | 4 ++++
- src/dns.c | 35 ++++++++++++++++++++++-------------
- 3 files changed, 32 insertions(+), 14 deletions(-)
-
---- a/src/dns.c
-+++ b/src/dns.c
-@@ -904,25 +904,34 @@ if (dnsa->answerlen < 0) switch (h_errno
- DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n",
- name, dns_text_type(type));
-
- /* Cut this out for various test programs */
- #ifndef STAND_ALONE
-- if (try_again_recursion)
-+ /* Permitting dns_again_means nonexist for TLSA lookups breaks the
-+ doewngrade resistance of dane, so avoid for those. */
-+
-+ if (type == T_TLSA)
-+ rc = FAIL;
-+ else
- {
-- log_write(0, LOG_MAIN|LOG_PANIC,
-- "dns_again_means_nonexist recursion seen for %s (assuming nonexist)",
-- name);
-- return dns_fail_return(name, type, dns_expire_from_soa(dnsa, type), DNS_NOMATCH);
-- }
-+ if (try_again_recursion)
-+ {
-+ log_write(0, LOG_MAIN|LOG_PANIC,
-+ "dns_again_means_nonexist recursion seen for %s"
-+ " (assuming nonexist)", name);
-+ return dns_fail_return(name, type, dns_expire_from_soa(dnsa, type),
-+ DNS_NOMATCH);
-+ }
-
-- try_again_recursion = TRUE;
-- save_domain = deliver_domain;
-- deliver_domain = string_copy(name); /* set $domain */
-- rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0,
-- &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
-- deliver_domain = save_domain;
-- try_again_recursion = FALSE;
-+ try_again_recursion = TRUE;
-+ save_domain = deliver_domain;
-+ deliver_domain = string_copy(name); /* set $domain */
-+ rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0,
-+ &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
-+ deliver_domain = save_domain;
-+ try_again_recursion = FALSE;
-+ }
-
- if (rc != OK)
- {
- DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n");
- return dns_fail_return(name, type, 0, DNS_AGAIN);
---- a/doc/spec.txt
-+++ b/doc/spec.txt
-@@ -14246,11 +14246,13 @@ dns_again_means_nonexist, it is treated
- should be used with care. You can make it apply to reverse lookups by a setting
- such as this:
-
- dns_again_means_nonexist = *.in-addr.arpa
-
--This option applies to all DNS lookups that Exim does. It also applies when the
-+This option applies to all DNS lookups that Exim does, except for TLSA lookups
-+(where knowing about such failures +is security-relevant). It also applies
-+when the
- gethostbyname() or getipnodebyname() functions give temporary errors, since
- these are most likely to be caused by DNS lookup problems. The dnslookup router
- has some options of its own for controlling what happens when lookups for MX or
- SRV records give temporary errors. These more specific options are applied
- after this global option.
diff --git a/mail-mta/exim/files/exim-4.96-deamon-startup-fix.patch b/mail-mta/exim/files/exim-4.96-deamon-startup-fix.patch
deleted file mode 100644
index 8cf0cb703f1d..000000000000
--- a/mail-mta/exim/files/exim-4.96-deamon-startup-fix.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-modified for Gentoo, removed Changelog to avoid conflicts
-
-From 221321d2c51b83d1feced80ecd6c2fe33ec5456c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 3 Nov 2022 20:08:25 +0000
-Subject: [PATCH 1/2] Fix daemon startup. Bug 2930
-
-Broken-by: 7d5055276a
----
- doc/ChangeLog | 4 ++++
- src/daemon.c | 8 ++++++--
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
---- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -1744,19 +1744,23 @@
- {
- /* If the parent process of this one has pid == 1, we are re-initializing the
- daemon as the result of a SIGHUP. In this case, there is no need to do
- anything, because the controlling terminal has long gone. Otherwise, fork, in
- case current process is a process group leader (see 'man setsid' for an
-- explanation) before calling setsid(). */
-+ explanation) before calling setsid().
-+ All other forks want daemon_listen cleared. Rather than blow a register, jsut
-+ restore it here. */
-
- if (getppid() != 1)
- {
-+ BOOL daemon_listen = f.daemon_listen;
- pid_t pid = exim_fork(US"daemon");
- if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE,
- "fork() failed when starting daemon: %s", strerror(errno));
- if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */
- (void)setsid(); /* release controlling terminal */
-+ f.daemon_listen = daemon_listen;
- }
- }
-
- /* We are now in the disconnected, daemon process (unless debugging). Set up
- the listening sockets if required. */
-@@ -2090,11 +2094,11 @@
- { /* found; append port to list */
- for (p = i2->log; *p; ) p++; /* end of existing string */
- if (*--p == '}') *p = '\0'; /* drop EOL */
- while (isdigit(*--p)) ; /* char before port */
-
-- i2->log = *p == ':' /* no list yet? */
-+ i2->log = *p == ':' /* no list yet? { */
- ? string_sprintf("%.*s{%s,%d}",
- (int)(p - i2->log + 1), i2->log, p+1, ipa->port)
- : string_sprintf("%s,%d}", i2->log, ipa->port);
- ipa->log = NULL;
- break;
diff --git a/mail-mta/exim/files/exim-4.96-dmarc_use_after_free.patch b/mail-mta/exim/files/exim-4.96-dmarc_use_after_free.patch
deleted file mode 100644
index dc2f62e9ba0f..000000000000
--- a/mail-mta/exim/files/exim-4.96-dmarc_use_after_free.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@brun.one>
-Date: Fri, 14 Oct 2022 21:02:51 +0200
-Subject: [PATCH] DMARC: fix use-after-free in dmarc_dns_lookup
-
-This fixes a use-after-free in dmarc_dns_lookup where the result
-of dns_lookup in dnsa is freed before the required data is copied out.
-
-Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
----
- src/src/dmarc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/src/dmarc.c b/src/src/dmarc.c
-index ad0c26c91..53c2752ac 100644
---- a/src/src/dmarc.c
-+++ b/src/src/dmarc.c
-@@ -230,8 +230,9 @@ if (rc == DNS_SUCCEED)
- rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
- if (rr->type == T_TXT && rr->size > 3)
- {
-+ uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
- store_free_dns_answer(dnsa);
-- return string_copyn_taint(US rr->data, rr->size, GET_TAINTED);
-+ return record;
- }
- store_free_dns_answer(dnsa);
- return NULL;
---
-2.30.2
-
diff --git a/mail-mta/exim/files/exim-4.96-expansion-crash.patch b/mail-mta/exim/files/exim-4.96-expansion-crash.patch
deleted file mode 100644
index 4b79784f9979..000000000000
--- a/mail-mta/exim/files/exim-4.96-expansion-crash.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-modified for Gentoo, removed Changelog and tests
-
-From 70069b65a39a7ba73a36fbd95371ff03cde1eb23 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 2 Feb 2023 20:00:35 +0000
-Subject: [PATCH] Fix crash in expansions
-
-Broken-by: 1058096b8c53
----
- doc/ChangeLog | 4 ++++
- src/expand.c | 9 +++++----
- test/stderr/0630 | 1 +
- 3 files changed, 10 insertions(+), 4 deletions(-)
-
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -4652,11 +4652,11 @@ while (*s)
- yield = string_catn(yield, value, len);
-
- continue;
- }
-
-- if (isdigit(*s))
-+ if (isdigit(*s)) /* A $<n> variable */
- {
- int n;
- s = read_cnumber(&n, s);
- if (n >= 0 && n <= expand_nmax)
- yield = string_catn(yield, expand_nstring[n], expand_nlength[n]);
-@@ -7060,10 +7060,11 @@ NOT_ITEM: ;
- if (arg) *arg++ = '_'; /* Put back for error messages */
- }
-
- /* Deal specially with operators that might take a certificate variable
- as we do not want to do the usual expansion. For most, expand the string.*/
-+
- switch(c)
- {
- #ifndef DISABLE_TLS
- case EOP_MD5:
- case EOP_SHA1:
-@@ -7107,11 +7108,11 @@ NOT_ITEM: ;
-
- /* Otherwise, switch on the operator type. After handling go back
- to the main loop top. */
-
- {
-- int start = yield->ptr;
-+ unsigned expansion_start = gstring_length(yield);
- switch(c)
- {
- case EOP_BASE32:
- {
- uschar *t;
-@@ -8168,12 +8169,12 @@ NOT_ITEM: ;
- goto EXPAND_FAILED;
- } /* EOP_* switch */
-
- DEBUG(D_expand)
- {
-- const uschar * s = yield->s + start;
-- int i = yield->ptr - start;
-+ const uschar * s = yield->s + expansion_start;
-+ int i = gstring_length(yield) - expansion_start;
- BOOL tainted = is_tainted(s);
-
- DEBUG(D_noutf8)
- {
- debug_printf_indent("|-----op-res: %.*s\n", i, s);
diff --git a/mail-mta/exim/files/exim-4.96-openssl-bad-alpn.patch b/mail-mta/exim/files/exim-4.96-openssl-bad-alpn.patch
deleted file mode 100644
index f494fff85a09..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-bad-alpn.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-modified for Gentoo, removed tests
-
-From e1aca33756f73c22b00a98d40ce2be8ed94464b1 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 5 Jan 2023 13:03:37 +0000
-Subject: [PATCH 2/3] OpenSSL: log conns rejected for bad ALPN, with the
- offered value
-
-Unfortunately, no way to do this under GnuTLS
----
- src/match.c | 1 +
- src/tls-gnu.c | 9 ++++++++-
- src/tls-openssl.c | 13 +++++++++++--
- test/log/1190 | 2 ++
- test/runtest | 3 +++
- 5 files changed, 25 insertions(+), 3 deletions(-)
-
-diff --git a/src/match.c b/src/match.c
-index 91a49c0f0..07070362d 100644
---- a/src/match.c
-+++ b/src/match.c
-@@ -968,6 +968,7 @@ Arguments:
- s string to search for
- listptr ptr to ptr to colon separated list of patterns, or NULL
- sep a separator value for the list (see string_nextinlist())
-+ or zero for auto
- anchorptr ptr to tree for named items, or NULL if no named items
- cache_bits ptr to cache_bits for ditto, or NULL if not caching
- type MCL_DOMAIN when matching a domain list
-diff --git a/src/tls-gnu.c b/src/tls-gnu.c
-index 729fb5879..b47fabf1d 100644
---- a/src/tls-gnu.c
-+++ b/src/tls-gnu.c
-@@ -1119,21 +1119,28 @@ switch (tls_id)
- /* The format of "data" here doesn't seem to be documented, but appears
- to be a 2-byte field with a (redundant, given the "size" arg) total length
- then a sequence of one-byte size then string (not nul-term) names. The
-- latter is as described in OpenSSL documentation. */
-+ latter is as described in OpenSSL documentation.
-+ Note that we do not get called for a match_fail, making it hard to log
-+ a single bad ALPN being offered (the common case). */
-+ {
-+ gstring * g = NULL;
-
- DEBUG(D_tls) debug_printf("Seen ALPN extension from client (s=%u):", size);
- for (const uschar * s = data+2; s-data < size-1; s += *s + 1)
- {
- server_seen_alpn++;
-+ g = string_append_listele_n(g, ':', s+1, *s);
- DEBUG(D_tls) debug_printf(" '%.*s'", (int)*s, s+1);
- }
- DEBUG(D_tls) debug_printf("\n");
- if (server_seen_alpn > 1)
- {
-+ log_write(0, LOG_MAIN, "TLS ALPN (%s) rejected", string_from_gstring(g));
- DEBUG(D_tls) debug_printf("TLS: too many ALPNs presented in handshake\n");
- return GNUTLS_E_NO_APPLICATION_PROTOCOL;
- }
- break;
-+ }
- #endif
- }
- return 0;
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index e063d29bd..513ba0d3a 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -2324,6 +2324,8 @@ static int
- tls_server_alpn_cb(SSL *ssl, const uschar ** out, uschar * outlen,
- const uschar * in, unsigned int inlen, void * arg)
- {
-+gstring * g = NULL;
-+
- server_seen_alpn = TRUE;
- DEBUG(D_tls)
- {
-@@ -2354,12 +2356,19 @@ if ( inlen > 1 /* at least one name */
- }
- }
-
--/* More than one name from clilent, or name did not match our list. */
-+/* More than one name from client, or name did not match our list. */
-
- /* This will be fatal to the TLS conn; would be nice to kill TCP also.
- Maybe as an option in future; for now leave control to the config (must-tls). */
-
--DEBUG(D_tls) debug_printf("TLS ALPN rejected\n");
-+for (int pos = 0, siz; pos < inlen; pos += siz+1)
-+ {
-+ siz = in[pos];
-+ if (pos + 1 + siz > inlen) siz = inlen - pos - 1;
-+ g = string_append_listele_n(g, ':', in + pos + 1, siz);
-+ }
-+log_write(0, LOG_MAIN, "TLS ALPN (%s) rejected", string_from_gstring(g));
-+gstring_release_unused(g);
- return SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- #endif /* EXIM_HAVE_ALPN */
---
-2.39.0
-
diff --git a/mail-mta/exim/files/exim-4.96-openssl-double-expansion.patch b/mail-mta/exim/files/exim-4.96-openssl-double-expansion.patch
deleted file mode 100644
index 09e4f11ef20e..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-double-expansion.patch
+++ /dev/null
@@ -1,217 +0,0 @@
-From 62b97c2ecf148ee86053d82e5509e4c3a5a20054 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sat, 29 Oct 2022 22:33:43 +0100
-Subject: [PATCH 2/2] OpenSSL: fix double-expansion of tls_verify_certificates
-
----
- src/tls-openssl.c | 66 +++++++++++++++++++++----------------------
- 1 file changed, 33 insertions(+), 33 deletions(-)
-
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index fdf0d92b2..2e09882d2 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -435,15 +435,15 @@ typedef struct exim_openssl_state {
- /* should figure out a cleanup of API to handle state preserved per
- implementation, for various reasons, which can be void * in the APIs.
- For now, we hack around it. */
- exim_openssl_state_st *client_static_state = NULL; /*XXX should not use static; multiple concurrent clients! */
- exim_openssl_state_st state_server = {.is_server = TRUE};
-
- static int
--setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host,
-+setup_certs(SSL_CTX * sctx, uschar ** certs, uschar * crl, host_item * host,
- uschar ** errstr );
-
- /* Callbacks */
- #ifndef DISABLE_OCSP
- static int tls_server_stapling_cb(SSL *s, void *arg);
- static void x509_stack_dump_cert_s_names(const STACK_OF(X509) * sk);
- static void x509_store_dump_cert_s_names(X509_STORE * store);
-@@ -1762,18 +1762,18 @@ if ( opt_set_and_noexpand(tls_verify_certificates)
- {
- /* Watch the default dir also as they are always included */
-
- if ( tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
- && tls_set_watch(tls_verify_certificates, FALSE)
- && tls_set_watch(tls_crl, FALSE))
- {
-+ uschar * v_certs = tls_verify_certificates;
- DEBUG(D_tls) debug_printf("TLS: preloading CA bundle for server\n");
-
-- if (setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, &dummy_errstr)
-- == OK)
-+ if (setup_certs(ctx, &v_certs, tls_crl, NULL, &dummy_errstr) == OK)
- state_server.lib_state.cabundle = TRUE;
-
- /* If we can, preload the server-side cert, key and ocsp */
-
- if ( opt_set_and_noexpand(tls_certificate)
- # ifndef DISABLE_OCSP
- && opt_unset_or_noexpand(tls_ocsp_file)
-@@ -1897,18 +1897,19 @@ if ( opt_set_and_noexpand(ob->tls_verify_certificates)
- {
- if ( !watch
- || tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
- && tls_set_watch(ob->tls_verify_certificates, FALSE)
- && tls_set_watch(ob->tls_crl, FALSE)
- )
- {
-+ uschar * v_certs = ob->tls_verify_certificates;
- DEBUG(D_tls)
- debug_printf("TLS: preloading CA bundle for transport '%s'\n", t->name);
-
-- if (setup_certs(ctx, ob->tls_verify_certificates,
-+ if (setup_certs(ctx, &v_certs,
- ob->tls_crl, dummy_host, &dummy_errstr) == OK)
- ob->tls_preload.cabundle = TRUE;
- }
- }
- else
- DEBUG(D_tls)
- debug_printf("TLS: not preloading CA bundle, for transport '%s'\n", t->name);
-@@ -2238,22 +2239,20 @@ if (state->u_ocsp.server.file)
- {
- SSL_CTX_set_tlsext_status_cb(server_sni, tls_server_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(server_sni, state);
- }
- #endif
-
- {
-- uschar * expcerts;
-- if ( !expand_check(tls_verify_certificates, US"tls_verify_certificates",
-- &expcerts, &dummy_errstr)
-- || (rc = setup_certs(server_sni, expcerts, tls_crl, NULL,
-+ uschar * v_certs = tls_verify_certificates;
-+ if ((rc = setup_certs(server_sni, &v_certs, tls_crl, NULL,
- &dummy_errstr)) != OK)
- goto bad;
-
-- if (expcerts && *expcerts)
-+ if (v_certs && *v_certs)
- setup_cert_verify(server_sni, FALSE, verify_callback_server);
- }
-
- /* do this after setup_certs, because this can require the certs for verifying
- OCSP information. */
- if ((rc = tls_expand_session_files(server_sni, state, &dummy_errstr)) != OK)
- goto bad;
-@@ -3017,32 +3016,33 @@ return TRUE;
-
-
- /* Called by both client and server startup; on the server possibly
- repeated after a Server Name Indication.
-
- Arguments:
- sctx SSL_CTX* to initialise
-- certs certs file, expanded
-+ certs certs file, returned expanded
- crl CRL file or NULL
- host NULL in a server; the remote host in a client
- errstr error string pointer
-
- Returns: OK/DEFER/FAIL
- */
-
- static int
--setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host,
-+setup_certs(SSL_CTX * sctx, uschar ** certsp, uschar * crl, host_item * host,
- uschar ** errstr)
- {
--uschar *expcerts, *expcrl;
-+uschar * expcerts, * expcrl;
-
--if (!expand_check(certs, US"tls_verify_certificates", &expcerts, errstr))
-+if (!expand_check(*certsp, US"tls_verify_certificates", &expcerts, errstr))
- return DEFER;
- DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
-
-+*certsp = expcerts;
- if (expcerts && *expcerts)
- {
- /* Tell the library to use its compiled-in location for the system default
- CA bundle. Then add the ones specified in the config, if any. */
-
- if (!SSL_CTX_set_default_verify_paths(sctx))
- return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL, errstr);
-@@ -3330,28 +3330,28 @@ if (verify_check_host(&tls_verify_hosts) == OK)
- server_verify_optional = FALSE;
- else if (verify_check_host(&tls_try_verify_hosts) == OK)
- server_verify_optional = TRUE;
- else
- goto skip_certs;
-
- {
-- uschar * expcerts;
-- if (!expand_check(tls_verify_certificates, US"tls_verify_certificates",
-- &expcerts, errstr))
-- return DEFER;
-- DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
-+ uschar * v_certs = tls_verify_certificates;
-
- if (state_server.lib_state.cabundle)
-- { DEBUG(D_tls) debug_printf("TLS: CA bundle for server was preloaded\n"); }
-+ {
-+ DEBUG(D_tls) debug_printf("TLS: CA bundle for server was preloaded\n");
-+ setup_cert_verify(ctx, server_verify_optional, verify_callback_server);
-+ }
- else
-- if ((rc = setup_certs(ctx, expcerts, tls_crl, NULL, errstr)) != OK)
-+ {
-+ if ((rc = setup_certs(ctx, &v_certs, tls_crl, NULL, errstr)) != OK)
- return rc;
--
-- if (expcerts && *expcerts)
-- setup_cert_verify(ctx, server_verify_optional, verify_callback_server);
-+ if (v_certs && *v_certs)
-+ setup_cert_verify(ctx, server_verify_optional, verify_callback_server);
-+ }
- }
- skip_certs: ;
-
- #ifndef DISABLE_TLS_RESUME
- # if OPENSSL_VERSION_NUMBER < 0x30000000L
- SSL_CTX_set_tlsext_ticket_key_cb(ctx, ticket_key_callback);
- /* despite working, appears to always return failure, so ignoring */
-@@ -3606,28 +3606,28 @@ if ( ( ( !ob->tls_verify_hosts || !ob->tls_verify_hosts
- client_verify_optional = FALSE;
- else if (verify_check_given_host(CUSS &ob->tls_try_verify_hosts, host) == OK)
- client_verify_optional = TRUE;
- else
- return OK;
-
- {
-- uschar * expcerts;
-- if (!expand_check(ob->tls_verify_certificates, US"tls_verify_certificates",
-- &expcerts, errstr))
-- return DEFER;
-- DEBUG(D_tls) debug_printf("tls_verify_certificates: %s\n", expcerts);
-+ uschar * v_certs = ob->tls_verify_certificates;
-
- if (state->lib_state.cabundle)
-- { DEBUG(D_tls) debug_printf("TLS: CA bundle was preloaded\n"); }
-+ {
-+ DEBUG(D_tls) debug_printf("TLS: CA bundle for tpt was preloaded\n");
-+ setup_cert_verify(ctx, client_verify_optional, verify_callback_client);
-+ }
- else
-- if ((rc = setup_certs(ctx, expcerts, ob->tls_crl, host, errstr)) != OK)
-+ {
-+ if ((rc = setup_certs(ctx, &v_certs, ob->tls_crl, host, errstr)) != OK)
- return rc;
--
-- if (expcerts && *expcerts)
-- setup_cert_verify(ctx, client_verify_optional, verify_callback_client);
-+ if (v_certs && *v_certs)
-+ setup_cert_verify(ctx, client_verify_optional, verify_callback_client);
-+ }
- }
-
- if (verify_check_given_host(CUSS &ob->tls_verify_cert_hostnames, host) == OK)
- {
- state->verify_cert_hostnames =
- #ifdef SUPPORT_I18N
- string_domain_utf8_to_alabel(host->certname, NULL);
---
-2.35.1
-
diff --git a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-lt-3.patch b/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-lt-3.patch
deleted file mode 100644
index 37d1d445cb0a..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-lt-3.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-modified for Gentoo, removed tests due to conflicts
-
-From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Mon, 2 Jan 2023 15:04:14 +0000
-Subject: [PATCH 1/3] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0.
- Bug 2954
-
-Broken-by: ca4014de81e6
----
- src/tls-openssl.c | 7 ++++---
- test/log/2149 | 28 ++++++++++++++--------------
- test/runtest | 3 +++
- test/scripts/2100-OpenSSL/2149 | 22 ++++++++++++----------
- 4 files changed, 33 insertions(+), 27 deletions(-)
-
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index 4d0f99ea9..e063d29bd 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -786,8 +786,9 @@ if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
- # endif
- )
- {
-- tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
-- NULL, NULL, errstr);
-+ uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
-+ DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
-+ if (errstr) *errstr = s;
- return FALSE;
- }
-
-@@ -803,7 +804,7 @@ if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
- /* The "tmp" in the name here refers to setting a temporary key
- not to the stability of the interface. */
-
-- if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
-+ if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
- tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
- else
- DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
---
-2.39.0
-
diff --git a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-setting.patch b/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-setting.patch
deleted file mode 100644
index 6ccfbca9a985..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-tls_eccurve-setting.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-modified for Gentoo, dropped Changelog and test due to conflicts
-
-From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 1 Jan 2023 12:18:38 +0000
-Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group. Bug
- 2954
-
----
- doc/ChangeLog | 4 +++
- src/tls-openssl.c | 39 ++++++++++++++----------
- test/confs/2148 | 54 ++++++++++++++++++++++++++++++++++
- test/confs/2149 | 39 +++++++++++++-----------
- test/log/2148 | 48 ++++++++++++++++++++++++++++++
- test/log/2149 | 39 ++++++++++++------------
- test/paniclog/{2149 => 2148} | 0
- test/scripts/2100-OpenSSL/2148 | 50 +++++++++++++++++++++++++++++++
- test/scripts/2100-OpenSSL/2149 | 50 ++++++++++++++++---------------
- test/stderr/2148 | 5 ++++
- test/stderr/2149 | 3 --
- 11 files changed, 250 insertions(+), 81 deletions(-)
- create mode 100644 test/confs/2148
- create mode 100644 test/log/2148
- rename test/paniclog/{2149 => 2148} (100%)
- create mode 100644 test/scripts/2100-OpenSSL/2148
- create mode 100644 test/stderr/2148
-
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -657,16 +657,16 @@ if (dh_bitsize <= tls_dh_max_bits)
- /* EVP_PKEY_free(pkey); crashes */
- #endif
- }
- else
- DEBUG(D_tls)
-- debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
-+ debug_printf(" Diffie-Hellman initialized from %s with %d-bit prime\n",
- dhexpanded ? dhexpanded : US"default", dh_bitsize);
- }
- else
- DEBUG(D_tls)
-- debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
-+ debug_printf(" dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
- dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
-
- #if OPENSSL_VERSION_NUMBER < 0x30000000L
- DH_free(dh);
- #endif
-@@ -712,23 +712,31 @@ init_ecdh(SSL_CTX * sctx, uschar ** errs
- #ifdef OPENSSL_NO_ECDH
- return TRUE;
- #else
-
- uschar * exp_curve;
--int nid;
--BOOL rv;
-+int nid, rc;
-
- # ifndef EXIM_HAVE_ECDH
- DEBUG(D_tls)
-- debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
-+ debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
- return TRUE;
- # else
-
- if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
- return FALSE;
-+
-+/* Is the option deliberately empty? */
-+
- if (!exp_curve || !*exp_curve)
-+ {
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+ DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
-+ (void) SSL_CTX_set1_curves(sctx, &nid, 0);
-+#endif
- return TRUE;
-+ }
-
- /* "auto" needs to be handled carefully.
- * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
- * OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto
- * (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
-@@ -737,27 +745,26 @@ if (!exp_curve || !*exp_curve)
- */
- if (Ustrcmp(exp_curve, "auto") == 0)
- {
- #if OPENSSL_VERSION_NUMBER < 0x10002000L
- DEBUG(D_tls) debug_printf(
-- "ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
-+ " ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
- exp_curve = US"prime256v1";
- #else
- # if defined SSL_CTRL_SET_ECDH_AUTO
- DEBUG(D_tls) debug_printf(
-- "ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
-+ " ECDH OpenSSL 1.0.2+: temp key parameter settings: autoselection\n");
- SSL_CTX_set_ecdh_auto(sctx, 1);
- return TRUE;
- # else
- DEBUG(D_tls) debug_printf(
-- "ECDH OpenSSL 1.1.0+: temp key parameter settings: default selection\n");
-+ " ECDH OpenSSL 1.1.0+: temp key parameter settings: library default selection\n");
- return TRUE;
- # endif
- #endif
- }
-
--DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
- if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
- # ifdef EXIM_HAVE_OPENSSL_EC_NIST2NID
- && (nid = EC_curve_nist2nid(CCS exp_curve)) == NID_undef
- # endif
- )
-@@ -777,27 +784,27 @@ if ( (nid = OBJ_sn2nid (CCS exp_c
- }
-
- /* The "tmp" in the name here refers to setting a temporary key
- not to the stability of the interface. */
-
-- if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
-+ if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
- tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
- else
-- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
-+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
- EC_KEY_free(ecdh);
- }
-
- #else /* v 3.0.0 + */
-
--if ((rv = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
-+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
- tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
- else
-- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' group\n", exp_curve);
-+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
-
- #endif
-
--return !rv;
-+return !!rc;
-
- # endif /*EXIM_HAVE_ECDH*/
- #endif /*OPENSSL_NO_ECDH*/
- }
-
-@@ -1719,19 +1726,19 @@ state_server.lib_state.lib_ctx = ctx;
-
- /* Preload DH params and EC curve */
-
- if (opt_unset_or_noexpand(tls_dhparam))
- {
-- DEBUG(D_tls) debug_printf("TLS: preloading DH params for server\n");
-+ DEBUG(D_tls) debug_printf("TLS: preloading DH params '%s' for server\n", tls_dhparam);
- if (init_dh(ctx, tls_dhparam, &dummy_errstr))
- state_server.lib_state.dh = TRUE;
- }
- else
- DEBUG(D_tls) debug_printf("TLS: not preloading DH params for server\n");
- if (opt_unset_or_noexpand(tls_eccurve))
- {
-- DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve for server\n");
-+ DEBUG(D_tls) debug_printf("TLS: preloading ECDH curve '%s' for server\n", tls_eccurve);
- if (init_ecdh(ctx, &dummy_errstr))
- state_server.lib_state.ecdh = TRUE;
- }
- else
- DEBUG(D_tls) debug_printf("TLS: not preloading ECDH curve for server\n");
diff --git a/mail-mta/exim/files/exim-4.96-openssl-verify-ocsp.patch b/mail-mta/exim/files/exim-4.96-openssl-verify-ocsp.patch
deleted file mode 100644
index 2e21065fb1d6..000000000000
--- a/mail-mta/exim/files/exim-4.96-openssl-verify-ocsp.patch
+++ /dev/null
@@ -1,232 +0,0 @@
-From 7f65a63b60c6ea86db683ac00e221939f3bb1d47 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Tue, 25 Oct 2022 21:26:30 +0100
-Subject: [PATCH 1/2] OpenSSL: when preloading creds do the server certs before
- the OCSP proofs so that the latter can ve verified before loading
-
----
- src/tls-openssl.c | 113 ++++++++++++++++++++++--------------------
- 1 file changed, 58 insertions(+), 55 deletions(-)
-
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index 68ad6f15b..fdf0d92b2 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -441,14 +441,16 @@ exim_openssl_state_st state_server = {.is_server = TRUE};
- static int
- setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host,
- uschar ** errstr );
-
- /* Callbacks */
- #ifndef DISABLE_OCSP
- static int tls_server_stapling_cb(SSL *s, void *arg);
-+static void x509_stack_dump_cert_s_names(const STACK_OF(X509) * sk);
-+static void x509_store_dump_cert_s_names(X509_STORE * store);
- #endif
-
-
-
- /* Daemon-called, before every connection, key create/rotate */
- #ifndef DISABLE_TLS_RESUME
- static void tk_init(void);
-@@ -1307,15 +1309,14 @@ ocsp_load_response(exim_openssl_state_st * state, const uschar * filename,
- {
- BIO * bio;
- OCSP_RESPONSE * resp;
- OCSP_BASICRESP * basic_response;
- OCSP_SINGLERESP * single_response;
- ASN1_GENERALIZEDTIME * rev, * thisupd, * nextupd;
- STACK_OF(X509) * sk;
--unsigned long verify_flags;
- int status, reason, i;
-
- DEBUG(D_tls)
- debug_printf("tls_ocsp_file (%s) '%s'\n", is_pem ? "PEM" : "DER", filename);
-
- if (!filename || !*filename) return;
-
-@@ -1372,28 +1373,28 @@ if ((status = OCSP_response_status(resp)) != OCSP_RESPONSE_STATUS_SUCCESSFUL)
- if (!(basic_response = OCSP_response_get1_basic(resp)))
- {
- DEBUG(D_tls)
- debug_printf("OCSP response parse error: unable to extract basic response.\n");
- goto bad;
- }
-
--sk = state->verify_stack;
--verify_flags = OCSP_NOVERIFY; /* check sigs, but not purpose */
-+sk = state->verify_stack; /* set by setup_certs() / chain_from_pem_file() */
-
- /* May need to expose ability to adjust those flags?
- OCSP_NOSIGS OCSP_NOVERIFY OCSP_NOCHAIN OCSP_NOCHECKS OCSP_NOEXPLICIT
- OCSP_TRUSTOTHER OCSP_NOINTERN */
-
--/* This does a full verify on the OCSP proof before we load it for serving
--up; possibly overkill - just date-checks might be nice enough.
-+/* This does a partial verify (only the signer link, not the whole chain-to-CA)
-+on the OCSP proof before we load it for serving up; possibly overkill -
-+just date-checks might be nice enough.
-
- OCSP_basic_verify takes a "store" arg, but does not
--use it for the chain verification, which is all we do
--when OCSP_NOVERIFY is set. The content from the wire
--"basic_response" and a cert-stack "sk" are all that is used.
-+use it for the chain verification, when OCSP_NOVERIFY is set.
-+The content from the wire "basic_response" and a cert-stack "sk" are all
-+that is used.
-
- We have a stack, loaded in setup_certs() if tls_verify_certificates
- was a file (not a directory, or "system"). It is unfortunate we
- cannot used the connection context store, as that would neatly
- handle the "system" case too, but there seems to be no library
- function for getting a stack from a store.
- [ In OpenSSL 1.1 - ? X509_STORE_CTX_get0_chain(ctx) ? ]
-@@ -1402,15 +1403,15 @@ SNI handling.
-
- Separately we might try to replace using OCSP_basic_verify() - which seems to not
- be a public interface into the OpenSSL library (there's no manual entry) -
- But what with? We also use OCSP_basic_verify in the client stapling callback.
- And there we NEED it; we must verify that status... unless the
- library does it for us anyway? */
-
--if ((i = OCSP_basic_verify(basic_response, sk, NULL, verify_flags)) < 0)
-+if ((i = OCSP_basic_verify(basic_response, sk, NULL, OCSP_NOVERIFY)) < 0)
- {
- DEBUG(D_tls)
- {
- ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
- debug_printf("OCSP response verify failure: %s\n", US ssl_errstring);
- }
- goto bad;
-@@ -1747,61 +1748,18 @@ if (opt_unset_or_noexpand(tls_eccurve))
- if (init_ecdh(ctx, &dummy_errstr))
- state_server.lib_state.ecdh = TRUE;
- }
- else
- DEBUG(D_tls) debug_printf("TLS: not preloading ECDH curve for server\n");
-
- #if defined(EXIM_HAVE_INOTIFY) || defined(EXIM_HAVE_KEVENT)
--/* If we can, preload the server-side cert, key and ocsp */
--
--if ( opt_set_and_noexpand(tls_certificate)
--# ifndef DISABLE_OCSP
-- && opt_unset_or_noexpand(tls_ocsp_file)
--#endif
-- && opt_unset_or_noexpand(tls_privatekey))
-- {
-- /* Set watches on the filenames. The implementation does de-duplication
-- so we can just blindly do them all. */
--
-- if ( tls_set_watch(tls_certificate, TRUE)
--# ifndef DISABLE_OCSP
-- && tls_set_watch(tls_ocsp_file, TRUE)
--#endif
-- && tls_set_watch(tls_privatekey, TRUE))
-- {
-- state_server.certificate = tls_certificate;
-- state_server.privatekey = tls_privatekey;
--#ifndef DISABLE_OCSP
-- state_server.u_ocsp.server.file = tls_ocsp_file;
--#endif
--
-- DEBUG(D_tls) debug_printf("TLS: preloading server certs\n");
-- if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
-- state_server.lib_state.conn_certs = TRUE;
-- }
-- }
--else if ( !tls_certificate && !tls_privatekey
--# ifndef DISABLE_OCSP
-- && !tls_ocsp_file
--#endif
-- )
-- { /* Generate & preload a selfsigned cert. No files to watch. */
-- if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
-- {
-- state_server.lib_state.conn_certs = TRUE;
-- lifetime = f.running_in_test_harness ? 2 : 60 * 60; /* 1 hour */
-- }
-- }
--else
-- DEBUG(D_tls) debug_printf("TLS: not preloading server certs\n");
--
--
- /* If we can, preload the Authorities for checking client certs against.
- Actual choice to do verify is made (tls_{,try_}verify_hosts)
--at TLS conn startup */
-+at TLS conn startup.
-+Do this before the server ocsp so that its info can verify the ocsp. */
-
- if ( opt_set_and_noexpand(tls_verify_certificates)
- && opt_unset_or_noexpand(tls_crl))
- {
- /* Watch the default dir also as they are always included */
-
- if ( tls_set_watch(CUS X509_get_default_cert_file(), FALSE)
-@@ -1809,18 +1767,63 @@ if ( opt_set_and_noexpand(tls_verify_certificates)
- && tls_set_watch(tls_crl, FALSE))
- {
- DEBUG(D_tls) debug_printf("TLS: preloading CA bundle for server\n");
-
- if (setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, &dummy_errstr)
- == OK)
- state_server.lib_state.cabundle = TRUE;
-- }
-+
-+ /* If we can, preload the server-side cert, key and ocsp */
-+
-+ if ( opt_set_and_noexpand(tls_certificate)
-+# ifndef DISABLE_OCSP
-+ && opt_unset_or_noexpand(tls_ocsp_file)
-+# endif
-+ && opt_unset_or_noexpand(tls_privatekey))
-+ {
-+ /* Set watches on the filenames. The implementation does de-duplication
-+ so we can just blindly do them all. */
-+
-+ if ( tls_set_watch(tls_certificate, TRUE)
-+# ifndef DISABLE_OCSP
-+ && tls_set_watch(tls_ocsp_file, TRUE)
-+# endif
-+ && tls_set_watch(tls_privatekey, TRUE))
-+ {
-+ state_server.certificate = tls_certificate;
-+ state_server.privatekey = tls_privatekey;
-+#ifndef DISABLE_OCSP
-+ state_server.u_ocsp.server.file = tls_ocsp_file;
-+# endif
-+
-+ DEBUG(D_tls) debug_printf("TLS: preloading server certs\n");
-+ if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
-+ state_server.lib_state.conn_certs = TRUE;
-+ }
-+ }
-+ else if ( !tls_certificate && !tls_privatekey
-+# ifndef DISABLE_OCSP
-+ && !tls_ocsp_file
-+# endif
-+ )
-+ { /* Generate & preload a selfsigned cert. No files to watch. */
-+ if (tls_expand_session_files(ctx, &state_server, &dummy_errstr) == OK)
-+ {
-+ state_server.lib_state.conn_certs = TRUE;
-+ lifetime = f.running_in_test_harness ? 2 : 60 * 60; /* 1 hour */
-+ }
-+ }
-+ else
-+ DEBUG(D_tls) debug_printf("TLS: not preloading server certs\n");
-+ }
- }
- else
- DEBUG(D_tls) debug_printf("TLS: not preloading CA bundle for server\n");
-+
-+
- #endif /* EXIM_HAVE_INOTIFY */
-
-
- /* If we can, preload the ciphers control string */
-
- if (opt_set_and_noexpand(tls_require_ciphers))
- {
---
-2.35.1
-
diff --git a/mail-mta/exim/files/exim-4.96-recursion-dns_again.patch b/mail-mta/exim/files/exim-4.96-recursion-dns_again.patch
deleted file mode 100644
index 6ac0e81c9551..000000000000
--- a/mail-mta/exim/files/exim-4.96-recursion-dns_again.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-modified for Gentoo, removed Changelog due to conflicts
-
-From 1d38781da934809e6ce0b8c3718c4b3bccdfe1d2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 28 Dec 2022 19:39:06 +0000
-Subject: [PATCH] Fix recursion on dns_again_means_nonexist. Bug 2911
-
----
- doc/ChangeLog | 8 +++++
- src/dns.c | 12 ++++++++
- test/confs/2202 | 18 +++++++++--
- test/scripts/2200-dnsdb/2202 | 8 +++++
- test/stderr/2202 | 58 +++++++++++++++++++++++++++++++++++-
- test/stdout/2202 | 8 +++++
- 6 files changed, 108 insertions(+), 4 deletions(-)
-
---- a/src/dns.c
-+++ b/src/dns.c
-@@ -799,10 +799,11 @@ int
- dns_basic_lookup(dns_answer * dnsa, const uschar * name, int type)
- {
- int rc;
- #ifndef STAND_ALONE
- const uschar * save_domain;
-+static BOOL try_again_recursion = FALSE;
- #endif
-
- /* DNS lookup failures of any kind are cached in a tree. This is mainly so that
- a timeout on one domain doesn't happen time and time again for messages that
- have many addresses in the same domain. We rely on the resolver and name server
-@@ -903,15 +904,26 @@ if (dnsa->answerlen < 0) switch (h_errno
- DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) gave TRY_AGAIN\n",
- name, dns_text_type(type));
-
- /* Cut this out for various test programs */
- #ifndef STAND_ALONE
-+ if (try_again_recursion)
-+ {
-+ log_write(0, LOG_MAIN|LOG_PANIC,
-+ "dns_again_means_nonexist recursion seen for %s (assuming nonexist)",
-+ name);
-+ return dns_fail_return(name, type, dns_expire_from_soa(dnsa, type), DNS_NOMATCH);
-+ }
-+
-+ try_again_recursion = TRUE;
- save_domain = deliver_domain;
- deliver_domain = string_copy(name); /* set $domain */
- rc = match_isinlist(name, CUSS &dns_again_means_nonexist, 0,
- &domainlist_anchor, NULL, MCL_DOMAIN, TRUE, NULL);
- deliver_domain = save_domain;
-+ try_again_recursion = FALSE;
-+
- if (rc != OK)
- {
- DEBUG(D_dns) debug_printf("returning DNS_AGAIN\n");
- return dns_fail_return(name, type, 0, DNS_AGAIN);
- }
diff --git a/mail-mta/exim/files/exim-4.96-regex-use-after-free.patch b/mail-mta/exim/files/exim-4.96-regex-use-after-free.patch
deleted file mode 100644
index 1ec6d9a4abd6..000000000000
--- a/mail-mta/exim/files/exim-4.96-regex-use-after-free.patch
+++ /dev/null
@@ -1,173 +0,0 @@
-modified for Gentoo, removed Changelog due to conflicts
-
-From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 15:37:40 +0100
-Subject: [PATCH] Fix $regex<n> use-after-free. Bug 2915
-
----
- doc/ChangeLog | 8 +++++++-
- src/exim.c | 4 +---
- src/expand.c | 2 +-
- src/functions.h | 1 +
- src/globals.c | 2 +-
- src/regex.c | 29 ++++++++++++++++++-----------
- src/smtp_in.c | 2 ++
- test/confs/4002 | 10 ++++++++++
- test/mail/4002.userx | 7 +++++++
- test/scripts/4000-scanning/4002 | 7 +++++++
- 10 files changed, 55 insertions(+), 17 deletions(-)
-
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -1999,12 +1999,10 @@
-
- regex_whitelisted_macro =
- regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
-
--for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
-
- if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) ||
-@@ -6082,11 +6080,11 @@
- callout_address = NULL;
- sending_ip_address = NULL;
- deliver_localpart_data = deliver_domain_data =
- recipient_data = sender_data = NULL;
- acl_var_m = NULL;
-- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+ regex_vars_clear();
-
- store_reset(reset_point);
- }
-
- exim_exit(EXIT_SUCCESS); /* Never returns */
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -1871,11 +1871,11 @@
- {
- tree_node * node = tree_search(router_var, name + 2);
- return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
- }
-
--/* Handle $auth<n> variables. */
-+/* Handle $auth<n>, $regex<n> variables. */
-
- if (Ustrncmp(name, "auth", 4) == 0)
- {
- uschar *endptr;
- int n = Ustrtoul(name + 4, &endptr, 10);
---- a/src/functions.h
-+++ b/src/functions.h
-@@ -436,10 +436,11 @@
- extern int regex(const uschar **);
- #endif
- extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void regex_vars_clear(void);
- extern void retry_add_item(address_item *, uschar *, int);
- extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
- uschar **, uschar **);
- extern retry_config *retry_find_config(const uschar *, const uschar *, int, int);
- extern BOOL retry_ultimate_address_timeout(uschar *, const uschar *,
---- a/src/globals.c
-+++ b/src/globals.c
-@@ -1313,11 +1313,11 @@
- #ifndef DISABLE_PIPE_CONNECT
- const pcre2_code *regex_EARLY_PIPE = NULL;
- #endif
- const pcre2_code *regex_ismsgid = NULL;
- const pcre2_code *regex_smtp_code = NULL;
--const uschar *regex_vars[REGEX_VARS];
-+const uschar *regex_vars[REGEX_VARS] = { 0 };;
- #ifdef WHITELIST_D_MACROS
- const pcre2_code *regex_whitelisted_macro = NULL;
- #endif
- #ifdef WITH_CONTENT_SCAN
- uschar *regex_match_string = NULL;
---- a/src/regex.c
-+++ b/src/regex.c
-@@ -94,22 +94,32 @@
- }
- pcre2_match_data_free(md);
- return FAIL;
- }
-
-+
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
-+
- int
--regex(const uschar **listptr)
-+regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
--FILE *mbox_file;
--pcre_list *re_list_head;
--uschar *linebuffer;
-+FILE * mbox_file;
-+pcre_list * re_list_head;
-+uschar * linebuffer;
- long f_pos = 0;
- int ret = FAIL;
-
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- if (!mime_stream) /* We are in the DATA ACL */
- {
- if (!(mbox_file = spool_mbox(&mbox_size, NULL, NULL)))
- { /* error while spooling */
-@@ -167,18 +177,17 @@
-
-
- int
- mime_regex(const uschar **listptr)
- {
--pcre_list *re_list_head = NULL;
--FILE *f;
--uschar *mime_subject = NULL;
-+pcre_list * re_list_head = NULL;
-+FILE * f;
-+uschar * mime_subject = NULL;
- int mime_subject_len = 0;
- int ret;
-
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
- return FAIL; /* no regexes -> nothing to do */
-
---- a/src/smtp_in.c
-+++ b/src/smtp_in.c
-@@ -2155,12 +2155,14 @@
- prdr_requested = FALSE;
- #endif
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
-
-+lookup_value = NULL; /* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
- /* Note that ratelimiters_conn persists across resets. */
-
- /* Reset message ACL variables */
diff --git a/mail-mta/exim/files/exim-4.96-rewrite-malformed-addr-fix.patch b/mail-mta/exim/files/exim-4.96-rewrite-malformed-addr-fix.patch
deleted file mode 100644
index 2d3363e7b6cf..000000000000
--- a/mail-mta/exim/files/exim-4.96-rewrite-malformed-addr-fix.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-modified for Gentoo, removed Changelog change due to conflicts
-
-From e7ec503729970a03d4509921342bc81313976126 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Tue, 12 Jul 2022 22:14:04 +0100
-Subject: [PATCH] Fix exit on attempt to rewrite a malformed address. Bug 2903
-
----
- doc/ChangeLog | 5 +
- src/rewrite.c | 9 +-
- test/confs/0471 | 7 +
- test/log/0471 | 5 +
- test/scripts/0000-Basic/0471 | 4 +-
- test/stderr/0471 | 245 ++++++++++++++++++++++++++++++++++-
- 6 files changed, 267 insertions(+), 8 deletions(-)
-
---- a/src/rewrite.c
-+++ b/src/rewrite.c
-@@ -493,19 +493,18 @@
- empty address, overlong addres. Sometimes the result matters, sometimes not.
- It seems this function is called for *any* header we see. */
-
- if (!recipient)
- {
-- /* Handle unparesable addresses in the header. Slightly ugly because a
-+ /* Log unparesable addresses in the header. Slightly ugly because a
- null output from the extract can also result from a header without an
-- address, "To: undisclosed recpients:;" being the classic case. */
-+ address, "To: undisclosed recpients:;" being the classic case. Ignore
-+ this one and carry on. */
-
- if ((rewrite_rules || routed_old) && Ustrcmp(errmess, "empty address") != 0)
-- {
- log_write(0, LOG_MAIN, "rewrite: %s", errmess);
-- exim_exit(EXIT_FAILURE);
-- }
-+
- loop_reset_point = store_reset(loop_reset_point);
- continue;
- }
-
- /* If routed_old is not NULL, this is a rewrite caused by a router,
diff --git a/mail-mta/exim/files/exim-4.96-spf-memory-error-fix.patch b/mail-mta/exim/files/exim-4.96-spf-memory-error-fix.patch
deleted file mode 100644
index e474acf6f54d..000000000000
--- a/mail-mta/exim/files/exim-4.96-spf-memory-error-fix.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 93c722ce0549360af68269f088f4e59ed8fc130e Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 7 Aug 2022 17:00:27 +0100
-Subject: [PATCH] SPF: fix memory accounting for error case
-
----
- src/spf.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/spf.c b/src/spf.c
-index db6eea3a8..a8c0f75c4 100644
---- a/src/spf.c
-+++ b/src/spf.c
-@@ -204,7 +204,7 @@ spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server,
- "", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND);
- if (!spf_nxdomain)
- {
-- free(spf_dns_server);
-+ store_free(spf_dns_server);
- return NULL;
- }
-
---
-2.35.1
-
diff --git a/mail-mta/exim/files/exim-4.96-transport-crash.patch b/mail-mta/exim/files/exim-4.96-transport-crash.patch
deleted file mode 100644
index 913fbf2d0918..000000000000
--- a/mail-mta/exim/files/exim-4.96-transport-crash.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-modified for Gentoo, removed Changelog
-
-From a8786a66feb3c003c74551399b345b1634cc6739 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Thu, 4 May 2023 15:41:46 +0100
-Subject: [PATCH 1/3] Fix variable initialisation in smtp transport. Bug 2996
-
----
- doc/ChangeLog | 8 ++++++++
- src/transports/smtp.c | 2 +-
- 2 files changed, 9 insertions(+), 1 deletion(-)
-
---- a/src/transports/smtp.c
-+++ b/src/transports/smtp.c
-@@ -4950,11 +4950,11 @@ Returns: nothing
- void
- smtp_transport_closedown(transport_instance *tblock)
- {
- smtp_transport_options_block * ob = SOB tblock->options_block;
- client_conn_ctx cctx;
--smtp_context sx;
-+smtp_context sx = {0};
- uschar buffer[256];
- uschar inbuffer[4096];
- uschar outbuffer[16];
-
- /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-11-08 8:03 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-11-08 8:03 UTC (permalink / raw
To: gentoo-commits
commit: e1634b7a70c6c987472c68a979add070fea799d6
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 8 08:03:24 2023 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Nov 8 08:03:24 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1634b7a
mail-mta/exim: cleanup
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/Manifest | 2 -
mail-mta/exim/exim-4.94.2-r12.ebuild | 662 ---------------------
mail-mta/exim/exim-4.94.2-r7.ebuild | 2 +-
mail-mta/exim/exim-4.96.1.ebuild | 655 --------------------
mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch | 99 ---
.../exim/files/exim-4.94.2-fix-crash-resolve.patch | 24 -
mail-mta/exim/files/exim-4.94.2-openssl3.patch | 332 -----------
7 files changed, 1 insertion(+), 1775 deletions(-)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 1ad7d2a61766..2422a76d59b8 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,11 +1,9 @@
DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
-DIST exim-4.96.1.tar.xz 1879404 BLAKE2B fc6425be41ef7722f7d7b6b541c01774a4bafe55ca38152dc3fbb837e00ea52fabc39a42fcbf0500f4e0eda40deec3cbb0d746da9700a4a615f9ee4869e325c5 SHA512 ef1a0e57c59cdf4e915b3ac5dcdbc69f565b14dd92b0527f6796b2c46a9ec34f991f9790fb4171c99417f7e482cdd62d77e780cc71fab227c8bed876103f7fdd
DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968
DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
-DIST exim-pdf-4.96.1.tar.xz 2132252 BLAKE2B 7e6d756630211b6465f9162c7a6b461774b3999ad8c3c1ace157a39b7e07f86644d206c5687991b6098aec47445319def44ddb2895b2a16146f6abd1c11d47a6 SHA512 d39ee2f9a05326809a6e8454a108d717838dacfa42c2cade72f5937b1b44d70e70152fa75f4b4e9548cd4198d54f8a8c1323e14d7d1f9a0a23c99a53db1001b0
DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b
diff --git a/mail-mta/exim/exim-4.94.2-r12.ebuild b/mail-mta/exim/exim-4.94.2-r12.ebuild
deleted file mode 100644
index c84859d97f58..000000000000
--- a/mail-mta/exim/exim-4.94.2-r12.ebuild
+++ /dev/null
@@ -1,662 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn exiscan-acl gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +srs-alt srs-native +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- spf? ( exiscan-acl )
- srs? (
- exiscan-acl
- ^^ ( srs-alt srs-native )
- )
- || ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- dev-libs/libpcre:=
- tdb? ( sys-libs/tdb:= )
- !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
- !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- elibc_glibc? (
- net-libs/libnsl:=
- nis? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- srs? ( srs-alt? ( mail-filter/libsrs_alt ) )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
- eapply "${FILESDIR}"/exim-4.94.2-fix-crash-resolve.patch # 799368 upstr
- eapply "${FILESDIR}"/exim-4.94-CVE-2022-3559.patch # 877607 upstr
- eapply "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backports
-
- # for this reason we have a := dep on opendmarc, they changed their
- # API in a minor release
- if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
- fi
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # configure db implementation, Exim always needs one for its hints
- # database, we prefer tdb and gdbm, since bdb is kind of getting
- # less and less support
- if use tdb ; then
- cat >> Makefile <<- EOC
- USE_TDB=yes
- DBMLIB = -ltdb
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- elif use berkdb ; then
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- else # must be gdbm via required_use
- cat >> Makefile <<- EOC
- USE_GDBM=yes
- DBMLIB = -lgdbm
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- fi
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
- #
-
- # support passwd and directory lookups by default
- cat >> Makefile <<- EOC
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # SOCKS5 (outbound) proxy support
- if use socks5; then
- cat >> Makefile <<- EOC
- SUPPORT_SOCKS=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # NOTE: we currently USE-default to srs-alt, because this is
- # what USE=srs used to be. Eventually we want to rid ourselves
- # of this external implementation.
- if use srs-alt; then
- # historical default, from 4.95 this becomes
- # EXPERIMENTAL_SRS_ALT
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
- if use srs-native; then
- # this one becomes SUPPORT_SRS in 4.95
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS_NATIVE=yes
- EOC
- fi
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs ; then
- einfo "SRS support is experimental in this release of Exim"
- if use srs-alt; then
- elog "You are using libsrs_alt to implement SRS support."
- elog "In future release of Exim, the native SRS implementation"
- elog "(USE=srs-native) will become the default. Please prepare"
- elog "your package.use or switch to USE=srs-native now."
- fi
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.94.2-r7.ebuild
index 4f2833ff82e5..8f5367aecfb8 100644
--- a/mail-mta/exim/exim-4.94.2-r7.ebuild
+++ b/mail-mta/exim/exim-4.94.2-r7.ebuild
@@ -39,7 +39,7 @@ HOMEPAGE="https://www.exim.org/"
SLOT="0"
LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 sparc x86"
+KEYWORDS="sparc"
COMMON_DEPEND=">=sys-apps/sed-4.0.5
( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
diff --git a/mail-mta/exim/exim-4.96.1.ebuild b/mail-mta/exim/exim-4.96.1.ebuild
deleted file mode 100644
index 2fb3f6b6970a..000000000000
--- a/mail-mta/exim/exim-4.96.1.ebuild
+++ /dev/null
@@ -1,655 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- || ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- dev-libs/libpcre2:=
- tdb? ( sys-libs/tdb:= )
- !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
- !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- elibc_glibc? (
- net-libs/libnsl:=
- nis? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-
- # Upstream post-release fixes :(
- local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
- eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
- eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
- # oddity, they disable berkdb as hack, and then throw an error when
- # berkdb isn't enabled
- sed -i \
- -e 's/_DB_/_DONTMESS_/' \
- -e 's/define DB void/define DONTMESS void/' \
- src/auths/call_radius.c || die
-
- # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
- # used, but 1.3 has a CVE and Gentoo (like most downstreams) only
- # has 1.4 available
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- WITH_CONTENT_SCAN=yes
- EOC
-
- # configure db implementation, Exim always needs one for its hints
- # database, we prefer tdb and gdbm, since bdb is kind of getting
- # less and less support
- if use tdb ; then
- cat >> Makefile <<- EOC
- USE_TDB=yes
- DBMLIB = -ltdb
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- elif use gdbm ; then
- cat >> Makefile <<- EOC
- USE_GDBM=yes
- DBMLIB = -lgdbm
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- else # must be berkdb via required_use
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- fi
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
- #
-
- # support passwd and directory lookups by default
- cat >> Makefile <<- EOC
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # SOCKS5 (outbound) proxy support
- if use socks5; then
- cat >> Makefile <<- EOC
- SUPPORT_SOCKS=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # this one is the default/supported variant since 4.95, and the
- # only variant available since 4.96
- cat >> Makefile <<- EOC
- SUPPORT_SRS=yes
- EOC
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use berkdb && ( use gdbm || use tdb ) ; then
- ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs; then
- einfo "SRS support using libsrs_alt was dropped in this"
- einfo "release of Exim, you are now using the native SRS implementation"
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
deleted file mode 100644
index 533aaf1f9e51..000000000000
--- a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Patch cleaned up for Gentoo
-- applied to 4.94
-- removed unnecessary whitespace changes
-
-From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 31 Aug 2022 15:37:40 +0100
-Subject: [PATCH 1/1] Fix $regex<n> use-after-free. Bug 2915
-
---- exim-4.94.2/src/exim.c 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/exim.c 2022-10-19 09:15:58.611447982 +0200
-@@ -1886,8 +1886,6 @@
- regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
-
--for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
--
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
-@@ -5841,7 +5839,7 @@
- deliver_localpart_data = deliver_domain_data =
- recipient_data = sender_data = NULL;
- acl_var_m = NULL;
-- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+ regex_vars_clear();
-
- store_reset(reset_point);
- }
---- exim-4.94.2/src/functions.h 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/functions.h 2022-10-19 09:17:44.882122667 +0200
-@@ -417,6 +417,7 @@
- #endif
- extern BOOL regex_match_and_setup(const pcre *, const uschar *, int, int);
- extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void regex_vars_clear(void);
- extern void retry_add_item(address_item *, uschar *, int);
- extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
- uschar **, uschar **);
---- exim-4.94.2/src/globals.c 2022-10-19 09:14:19.344751853 +0200
-+++ exim-4.94.2/src/globals.c 2022-10-19 09:18:27.675991666 +0200
-@@ -1289,7 +1289,7 @@
- #endif
- const pcre *regex_ismsgid = NULL;
- const pcre *regex_smtp_code = NULL;
--uschar *regex_vars[REGEX_VARS];
-+uschar *regex_vars[REGEX_VARS] = { 0 };
- #ifdef WHITELIST_D_MACROS
- const pcre *regex_whitelisted_macro = NULL;
- #endif
---- exim-4.94.2/src/regex.c 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/regex.c 2022-10-19 09:35:03.229084750 +0200
-@@ -98,7 +106,7 @@
- int ret = FAIL;
-
- /* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- if (!mime_stream) /* We are in the DATA ACL */
- {
-@@ -166,8 +174,7 @@
- int mime_subject_len = 0;
- int ret;
-
--/* reset expansion variable */
--regex_match_string = NULL;
-+regex_vars_clear();
-
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
-@@ -213,3 +205,14 @@
- }
-
- #endif /* WITH_CONTENT_SCAN */
-+
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+#ifdef WITH_CONTENT_SCAN
-+regex_match_string = NULL;
-+#endif
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
---- exim-4.94.2/src/smtp_in.c 2021-04-30 14:08:21.000000000 +0200
-+++ exim-4.94.2/src/smtp_in.c 2022-10-19 09:15:58.613447975 +0200
-@@ -2161,8 +2161,10 @@
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
-
-+lookup_value = NULL; /* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
- /* Note that ratelimiters_conn persists across resets. */
diff --git a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch b/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch
deleted file mode 100644
index 27e68bfdd74f..000000000000
--- a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From d4bc023436e4cce7c23c5f8bb5199e178b4cc743 Mon Sep 17 00:00:00 2001
-From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
-Date: Sun, 16 May 2021 19:11:19 +0200
-Subject: [PATCH] Fix host_name_lookup (Close 2747)
-
-https://bugs.exim.org/show_bug.cgi?id=2747
-
-(cherry picked from commit 20812729e3e47a193a21d326ecd036d67a8b2724)
----
- src/src/host.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/src/host.c b/src/src/host.c
---- a/src/host.c
-+++ b/src/host.c
-@@ -1691,7 +1691,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0)))
- {
- uschar **aptr = NULL;
- int ssize = 264;
-- int count = 0;
-+ int count = 1; /* need 1 more for terminating NULL */
- int old_pool = store_pool;
-
- sender_host_dnssec = dns_is_secure(dnsa);
diff --git a/mail-mta/exim/files/exim-4.94.2-openssl3.patch b/mail-mta/exim/files/exim-4.94.2-openssl3.patch
deleted file mode 100644
index f9758515bef1..000000000000
--- a/mail-mta/exim/files/exim-4.94.2-openssl3.patch
+++ /dev/null
@@ -1,332 +0,0 @@
-Original commits from upstream applied to 4.94.2 release tarball
-
-From a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 1 Dec 2021 17:36:18 +0000
-Subject: [PATCH] OpenSSL: use nondeprecated D-H functions under 3.0.0.
-
-From c6a290f4d8df3734b3cdc2232b4334ff8386c1da Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Wed, 1 Dec 2021 18:52:21 +0000
-Subject: [PATCH] OpenSSL: tidy DH and ECDH param setup Testsuite: expand DH
- testcase
-
-From ff7829398d74e67f1c1f40339a772fd76708e5ac Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Sat, 27 Nov 2021 21:07:15 +0000
-Subject: [PATCH] Fix build for OpenSSL 3.0.0 . Bug 2810
-
-From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sun, 1 Jan 2023 12:18:38 +0000
-Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group. Bug
- 2954
-
-From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Mon, 2 Jan 2023 15:04:14 +0000
-Subject: [PATCH] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0. Bug
- 2954
-
-Broken-by: ca4014de81e6
-
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -227,12 +227,16 @@
- { US"no_tlsv1", SSL_OP_NO_TLSv1 },
- #endif
- #ifdef SSL_OP_NO_TLSv1_1
--#if SSL_OP_NO_TLSv1_1 == 0x00000400L
-+# if OPENSSL_VERSION_NUMBER < 0x30000000L
-+# if SSL_OP_NO_TLSv1_1 == 0x00000400L
- /* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */
--#warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
--#else
-+# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
-+# define NO_SSL_OP_NO_TLSv1_1
-+# endif
-+# endif
-+# ifndef NO_SSL_OP_NO_TLSv1_1
- { US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 },
--#endif
-+# endif
- #endif
- #ifdef SSL_OP_NO_TLSv1_2
- { US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },
-@@ -1017,23 +1021,27 @@
- *************************************************/
-
- /* If dhparam is set, expand it, and load up the parameters for DH encryption.
-+Server only.
-
- Arguments:
- sctx The current SSL CTX (inbound or outbound)
- dhparam DH parameter file or fixed parameter identity string
-- host connected host, if client; NULL if server
- errstr error string pointer
-
- Returns: TRUE if OK (nothing to set up, or setup worked)
- */
-
- static BOOL
--init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr)
-+init_dh(SSL_CTX * sctx, uschar * dhparam, uschar ** errstr)
- {
--BIO *bio;
--DH *dh;
--uschar *dhexpanded;
--const char *pem;
-+BIO * bio;
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+DH * dh;
-+#else
-+EVP_PKEY * pkey;
-+#endif
-+uschar * dhexpanded;
-+const char * pem;
- int dh_bitsize;
-
- if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
-@@ -1046,7 +1054,7 @@
- if (!(bio = BIO_new_file(CS dhexpanded, "r")))
- {
- tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
-- host, US strerror(errno), errstr);
-+ NULL, US strerror(errno), errstr);
- return FALSE;
- }
- }
-@@ -1061,17 +1069,23 @@
- if (!(pem = std_dh_prime_named(dhexpanded)))
- {
- tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
-- host, US strerror(errno), errstr);
-+ NULL, US strerror(errno), errstr);
- return FALSE;
- }
- bio = BIO_new_mem_buf(CS pem, -1);
- }
-
--if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)))
-+if (!(
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)
-+#else
-+ pkey = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL)
-+#endif
-+ ) )
- {
- BIO_free(bio);
- tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
-- host, NULL, errstr);
-+ NULL, NULL, errstr);
- return FALSE;
- }
-
-@@ -1081,33 +1095,54 @@
- * If someone wants to dance at the edge, then they can raise the limit or use
- * current libraries. */
--#ifdef EXIM_HAVE_OPENSSL_DH_BITS
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+# ifdef EXIM_HAVE_OPENSSL_DH_BITS
- /* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022
- * This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */
- dh_bitsize = DH_bits(dh);
--#else
-+# else
- dh_bitsize = 8 * DH_size(dh);
-+# endif
-+#else /* 3.0.0 + */
-+dh_bitsize = EVP_PKEY_get_bits(pkey);
- #endif
-
--/* Even if it is larger, we silently return success rather than cause things
-- * to fail out, so that a too-large DH will not knock out all TLS; it's a
-- * debatable choice. */
--if (dh_bitsize > tls_dh_max_bits)
-+/* Even if it is larger, we silently return success rather than cause things to
-+fail out, so that a too-large DH will not knock out all TLS; it's a debatable
-+choice. Likewise for a failing attempt to set one. */
-+
-+if (dh_bitsize <= tls_dh_max_bits)
- {
-- DEBUG(D_tls)
-- debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n",
-- dh_bitsize, tls_dh_max_bits);
-+ if (
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-+ SSL_CTX_set_tmp_dh(sctx, dh)
-+#else
-+ SSL_CTX_set0_tmp_dh_pkey(sctx, pkey)
-+#endif
-+ == 0)
-+ {
-+ ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring));
-+ log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (D-H param setting '%s'): %s",
-+ dhexpanded ? dhexpanded : US"default", ssl_errstring);
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ /* EVP_PKEY_free(pkey); crashes */
-+#endif
-+ }
-+ else
-+ DEBUG(D_tls)
-+ debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
-+ dhexpanded ? dhexpanded : US"default", dh_bitsize);
- }
- else
-- {
-- SSL_CTX_set_tmp_dh(sctx, dh);
- DEBUG(D_tls)
-- debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n",
-- dhexpanded ? dhexpanded : US"default", dh_bitsize);
-- }
-+ debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n",
-+ dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits);
-
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
- DH_free(dh);
--BIO_free(bio);
-+#endif
-+/* The EVP_PKEY ownership stays with the ctx; do not free it */
-
-+BIO_free(bio);
- return TRUE;
- }
-
-@@ -1118,7 +1154,7 @@
- * Initialize for ECDH *
- *************************************************/
-
--/* Load parameters for ECDH encryption.
-+/* Load parameters for ECDH encryption. Server only.
-
- For now, we stick to NIST P-256 because: it's simple and easy to configure;
- it avoids any patent issues that might bite redistributors; despite events in
-@@ -1136,37 +1172,40 @@
-
- Arguments:
- sctx The current SSL CTX (inbound or outbound)
-- host connected host, if client; NULL if server
- errstr error string pointer
-
- Returns: TRUE if OK (nothing to set up, or setup worked)
- */
-
- static BOOL
--init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr)
-+init_ecdh(SSL_CTX * sctx, uschar ** errstr)
- {
- #ifdef OPENSSL_NO_ECDH
- return TRUE;
- #else
-
--EC_KEY * ecdh;
- uschar * exp_curve;
--int nid;
--BOOL rv;
--
--if (host) /* No ECDH setup for clients, only for servers */
-- return TRUE;
-+int nid, rc;
-
- # ifndef EXIM_HAVE_ECDH
- DEBUG(D_tls)
-- debug_printf("No OpenSSL API to define ECDH parameters, skipping\n");
-+ debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n");
- return TRUE;
- # else
-
- if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
- return FALSE;
-+
-+/* Is the option deliberately empty? */
-+
- if (!exp_curve || !*exp_curve)
-+ {
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+ DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n");
-+ (void) SSL_CTX_set1_curves(sctx, &nid, 0);
-+#endif
- return TRUE;
-+ }
-
- /* "auto" needs to be handled carefully.
- * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
-@@ -1202,27 +1241,41 @@
- # endif
- )
- {
-- tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
-- host, NULL, errstr);
-+ uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve);
-+ DEBUG(D_tls) debug_printf("TLS error '%s'\n", s);
-+ if (errstr) *errstr = s;
- return FALSE;
- }
-
--if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
-- {
-- tls_error(US"Unable to create ec curve", host, NULL, errstr);
-- return FALSE;
-- }
-+# if OPENSSL_VERSION_NUMBER < 0x30000000L
-+ {
-+ EC_KEY * ecdh;
-+ if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
-+ {
-+ tls_error(US"Unable to create ec curve", NULL, NULL, errstr);
-+ return FALSE;
-+ }
-
--/* The "tmp" in the name here refers to setting a temporary key
--not to the stability of the interface. */
-+ /* The "tmp" in the name here refers to setting a temporary key
-+ not to the stability of the interface. */
-
--if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
-- tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr);
-+ if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0)
-+ tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr);
-+ else
-+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve);
-+ EC_KEY_free(ecdh);
-+ }
-+
-+#else /* v 3.0.0 + */
-+
-+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0)
-+ tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr);
- else
-- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
-+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve);
-+
-+#endif
-
--EC_KEY_free(ecdh);
--return !rv;
-+return !!rc;
-
- # endif /*EXIM_HAVE_ECDH*/
- #endif /*OPENSSL_NO_ECDH*/
-@@ -1727,8 +1780,8 @@
- SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
- SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);
-
--if ( !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr)
-- || !init_ecdh(server_sni, NULL, &dummy_errstr)
-+if ( !init_dh(server_sni, cbinfo->dhparam, &dummy_errstr)
-+ || !init_ecdh(server_sni, &dummy_errstr)
- )
- goto bad;
-
-@@ -2213,8 +2266,8 @@
- /* Initialize with DH parameters if supplied */
- /* Initialize ECDH temp key parameter selection */
-
--if ( !init_dh(ctx, dhparam, host, errstr)
-- || !init_ecdh(ctx, host, errstr)
-+if ( !init_dh(ctx, dhparam, errstr)
-+ || !init_ecdh(ctx, errstr)
- )
- return DEFER;
-
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-12-25 10:42 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-12-25 10:42 UTC (permalink / raw
To: gentoo-commits
commit: 8a7059d941873a35822e577495cf71fdea4dcc08
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 25 10:34:01 2023 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Dec 25 10:42:12 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a7059d9
mail-mta/exim-4.94.2: drop old
sparc how has exim-4.96.2 stable
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/exim-4.94.2-r7.ebuild | 618 ---------------------
.../exim/files/exim-4.94-localscan_dlopen.patch | 269 ---------
2 files changed, 887 deletions(-)
diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.94.2-r7.ebuild
deleted file mode 100644
index 8f5367aecfb8..000000000000
--- a/mail-mta/exim/exim-4.94.2-r7.ebuild
+++ /dev/null
@@ -1,618 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls idn ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs +srs-alt srs-native +ssl syslog tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- spf? ( exiscan-acl )
- srs? (
- exiscan-acl
- ^^ ( srs-alt srs-native )
- )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="sparc"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- ( >=sys-libs/db-3.2:= <sys-libs/db-6:= )
- dev-libs/libpcre
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- nis? (
- elibc_glibc? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- srs? ( srs-alt? ( mail-filter/libsrs_alt ) )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- elibc_glibc? ( net-libs/libnsl )
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch
-
- # for this reason we have a := dep on opendmarc, they changed their
- # API in a minor release
- if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
- fi
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- EOC
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
-
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # content scanning support
- if use exiscan-acl; then
- cat >> Makefile <<- EOC
- WITH_CONTENT_SCAN=yes
- EOC
- fi
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # NOTE: we currently USE-default to srs-alt, because this is
- # what USE=srs used to be. Eventually we want to rid ourselves
- # of this external implementation.
- if use srs-alt; then
- # historical default, from 4.95 this becomes
- # EXPERIMENTAL_SRS_ALT
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS=yes
- EXTRALIBS_EXIM += -lsrs_alt
- EOC
- fi
- if use srs-native; then
- # this one becomes SUPPORT_SRS in 4.95
- cat >> Makefile <<- EOC
- EXPERIMENTAL_SRS_NATIVE=yes
- EOC
- fi
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- if use exiscan-acl; then
- newins "${S}"/src/configure.default exim.conf.exiscan-acl
- fi
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs ; then
- einfo "SRS support is experimental in this release of Exim"
- if use srs-alt; then
- elog "You are using libsrs_alt to implement SRS support."
- elog "In future release of Exim, the native SRS implementation"
- elog "(USE=srs-native) will become the default. Please prepare"
- elog "your package.use or switch to USE=srs-native now."
- fi
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch
deleted file mode 100644
index 68ff48ac2a33..000000000000
--- a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-diff -ur exim-4.92.orig/src/config.h.defaults exim-4.92/src/config.h.defaults
---- exim-4.92.orig/src/config.h.defaults 2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/config.h.defaults 2019-02-16 18:17:24.547216157 +0100
-@@ -32,6 +32,8 @@
-
- #define AUTH_VARS 3
-
-+#define DLOPEN_LOCAL_SCAN
-+
- #define BIN_DIRECTORY
-
- #define CONFIGURE_FILE
-Only in exim-4.92/src: config.h.defaults.orig
-diff -ur exim-4.92.orig/src/EDITME exim-4.92/src/EDITME
---- exim-4.92.orig/src/EDITME 2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/EDITME 2019-02-16 18:17:24.547216157 +0100
-@@ -824,6 +824,24 @@
-
-
- #------------------------------------------------------------------------------
-+# On systems which support dynamic loading of shared libraries, Exim can
-+# load a local_scan function specified in its config file instead of having
-+# to be recompiled with the desired local_scan function. For a full
-+# description of the API to this function, see the Exim specification.
-+
-+#DLOPEN_LOCAL_SCAN=yes
-+
-+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
-+# linker flags. Without it, the loaded .so won't be able to access any
-+# functions from exim.
-+
-+LFLAGS = -rdynamic
-+ifeq ($(OSTYPE),Linux)
-+LFLAGS += -ldl
-+endif
-+
-+
-+#------------------------------------------------------------------------------
- # The default distribution of Exim contains only the plain text form of the
- # documentation. Other forms are available separately. If you want to install
- # the documentation in "info" format, first fetch the Texinfo documentation
-Only in exim-4.92/src: EDITME.orig
-diff -ur exim-4.92.orig/src/globals.c exim-4.92/src/globals.c
---- exim-4.92.orig/src/globals.c 2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/globals.c 2019-02-16 18:17:24.549216150 +0100
-@@ -41,6 +41,10 @@
-
- uschar *no_aliases = NULL;
-
-+#ifdef DLOPEN_LOCAL_SCAN
-+uschar *local_scan_path = NULL;
-+#endif
-+
-
- /* For comments on these variables, see globals.h. I'm too idle to
- duplicate them here... */
-Only in exim-4.92/src: globals.c.orig
-diff -ur exim-4.92.orig/src/globals.h exim-4.92/src/globals.h
---- exim-4.92.orig/src/globals.h 2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/globals.h 2019-02-16 18:17:24.549216150 +0100
-@@ -152,6 +152,9 @@
- extern int (*receive_ferror)(void);
- extern BOOL (*receive_smtp_buffered)(void);
-
-+#ifdef DLOPEN_LOCAL_SCAN
-+extern uschar *local_scan_path; /* Path to local_scan() library */
-+#endif
-
- /* For clearing, saving, restoring address expansion variables. We have to have
- the size of this vector set explicitly, because it is referenced from more than
-Only in exim-4.92/src: globals.h.orig
-diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c
---- exim-4.92.orig/src/local_scan.c 2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/local_scan.c 2019-02-16 18:29:56.832732592 +0100
-@@ -5,61 +5,133 @@
- /* Copyright (c) University of Cambridge 1995 - 2009 */
- /* See the file NOTICE for conditions of use and distribution. */
-
-+#include "local_scan.h"
-
--/******************************************************************************
--This file contains a template local_scan() function that just returns ACCEPT.
--If you want to implement your own version, you should copy this file to, say
--Local/local_scan.c, and edit the copy. To use your version instead of the
--default, you must set
--
--HAVE_LOCAL_SCAN=yes
--LOCAL_SCAN_SOURCE=Local/local_scan.c
--
--in your Local/Makefile. This makes it easy to copy your version for use with
--subsequent Exim releases.
--
--For a full description of the API to this function, see the Exim specification.
--******************************************************************************/
--
--
--/* This is the only Exim header that you should include. The effect of
--including any other Exim header is not defined, and may change from release to
--release. Use only the documented interface! */
--
--#include "local_scan.h"
--
--
--/* This is a "do-nothing" version of a local_scan() function. The arguments
--are:
--
-- fd The file descriptor of the open -D file, which contains the
-- body of the message. The file is open for reading and
-- writing, but modifying it is dangerous and not recommended.
--
-- return_text A pointer to an unsigned char* variable which you can set in
-- order to return a text string. It is initialized to NULL.
--
--The return values of this function are:
--
-- LOCAL_SCAN_ACCEPT
-- The message is to be accepted. The return_text argument is
-- saved in $local_scan_data.
--
-- LOCAL_SCAN_REJECT
-- The message is to be rejected. The returned text is used
-- in the rejection message.
--
-- LOCAL_SCAN_TEMPREJECT
-- This specifies a temporary rejection. The returned text
-- is used in the rejection message.
--*/
-+#ifdef DLOPEN_LOCAL_SCAN
-+#include <stdlib.h>
-+#include <dlfcn.h>
-+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
-+static int load_local_scan_library(void);
-+extern uschar *local_scan_path; /* Path to local_scan() library */
-+#endif
-
- int
- local_scan(int fd, uschar **return_text)
- {
- fd = fd; /* Keep picky compilers happy */
- return_text = return_text;
--return LOCAL_SCAN_ACCEPT;
-+#ifdef DLOPEN_LOCAL_SCAN
-+/* local_scan_path is defined AND not the empty string */
-+if (local_scan_path && *local_scan_path)
-+ {
-+ if (!local_scan_fn)
-+ {
-+ if (!load_local_scan_library())
-+ {
-+ char *base_msg , *error_msg , *final_msg ;
-+ int final_length = -1 ;
-+
-+ base_msg=US"Local configuration error - local_scan() library failure\n";
-+ error_msg = dlerror() ;
-+
-+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
-+ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
-+ *final_msg = '\0' ;
-+
-+ strcat( final_msg , base_msg ) ;
-+ strcat( final_msg , error_msg ) ;
-+
-+ *return_text = final_msg ;
-+ return LOCAL_SCAN_TEMPREJECT;
-+ }
-+ }
-+ return local_scan_fn(fd, return_text);
-+ }
-+else
-+#endif
-+ return LOCAL_SCAN_ACCEPT;
-+}
-+
-+#ifdef DLOPEN_LOCAL_SCAN
-+
-+static int load_local_scan_library(void)
-+{
-+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
-+void *local_scan_lib = NULL;
-+int (*local_scan_version_fn)(void);
-+int vers_maj;
-+int vers_min;
-+
-+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
-+if (!local_scan_lib)
-+ {
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
-+ "message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
-+if (!local_scan_version_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan_version_major() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+/* The major number is increased when the ABI is changed in a non
-+ backward compatible way. */
-+vers_maj = local_scan_version_fn();
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
-+if (!local_scan_version_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan_version_minor() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+/* The minor number is increased each time a new feature is added (in a
-+ way that doesn't break backward compatibility) -- Marc */
-+vers_min = local_scan_version_fn();
-+
-+
-+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
-+ {
-+ dlclose(local_scan_lib);
-+ local_scan_lib = NULL;
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
-+ "version number, you need to recompile your module for this version"
-+ "of exim (The module was compiled for version %d.%d and this exim provides"
-+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+ LOCAL_SCAN_ABI_VERSION_MINOR);
-+ return FALSE;
-+ }
-+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
-+ {
-+ dlclose(local_scan_lib);
-+ local_scan_lib = NULL;
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
-+ "version number, you need to recompile your module for this version"
-+ "of exim (The module was compiled for version %d.%d and this exim provides"
-+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+ LOCAL_SCAN_ABI_VERSION_MINOR);
-+ return FALSE;
-+ }
-+
-+local_scan_fn = dlsym(local_scan_lib, "local_scan");
-+if (!local_scan_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+return TRUE;
- }
-
-+#endif /* DLOPEN_LOCAL_SCAN */
-+
- /* End of local_scan.c */
-diff -ur exim-4.92.orig/src/readconf.c exim-4.92/src/readconf.c
---- exim-4.92.orig/src/readconf.c 2019-01-30 14:59:52.000000000 +0100
-+++ exim-4.92/src/readconf.c 2019-02-16 18:18:46.013947455 +0100
-@@ -205,6 +205,9 @@
- { "local_from_prefix", opt_stringptr, {&local_from_prefix} },
- { "local_from_suffix", opt_stringptr, {&local_from_suffix} },
- { "local_interfaces", opt_stringptr, {&local_interfaces} },
-+#ifdef DLOPEN_LOCAL_SCAN
-+ { "local_scan_path", opt_stringptr, {&local_scan_path} },
-+#endif
- #ifdef HAVE_LOCAL_SCAN
- { "local_scan_timeout", opt_time, {&local_scan_timeout} },
- #endif
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2023-12-25 10:42 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2023-12-25 10:42 UTC (permalink / raw
To: gentoo-commits
commit: 38b56d6352c696749e20078af71daaf871e58691
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 25 10:39:54 2023 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Dec 25 10:42:12 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38b56d63
mail-mta/exim: add backport for CVE-2023-51766 to 4.96 and 4.97
Addresses:
Partially vulnerable to "SMTP Smuggling" if pipelining is enabled and
chunking is disabled/unused
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/Manifest | 2 -
.../{exim-4.97-r1.ebuild => exim-4.96-r5.ebuild} | 33 ++-
.../{exim-4.97-r1.ebuild => exim-4.97-r2.ebuild} | 1 +
mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch | 265 +++++++++++++++++++++
4 files changed, 294 insertions(+), 7 deletions(-)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 2422a76d59b8..897713920daf 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,9 +1,7 @@
-DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968
-DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0
DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b
diff --git a/mail-mta/exim/exim-4.97-r1.ebuild b/mail-mta/exim/exim-4.96-r5.ebuild
similarity index 90%
copy from mail-mta/exim/exim-4.97-r1.ebuild
copy to mail-mta/exim/exim-4.96-r5.ebuild
index 3dbed307e7e4..95cd963bee1d 100644
--- a/mail-mta/exim/exim-4.97-r1.ebuild
+++ b/mail-mta/exim/exim-4.96-r5.ebuild
@@ -3,7 +3,7 @@
EAPI="7"
-inherit db-use flag-o-matic toolchain-funcs pam systemd
+inherit db-use toolchain-funcs pam systemd
IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
@@ -35,6 +35,7 @@ COMM_URI="https://downloads.exim.org/exim4${SDIR}"
GPV="r0"
DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+ https://dev.gentoo.org/~grobian/distfiles/${P}-gentoo-patches-${GPV}.tar.xz
mirror://gentoo/system_filter.exim.gz
doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
HOMEPAGE="https://www.exim.org/"
@@ -111,11 +112,29 @@ src_prepare() {
# Legacy patches which need a respin for -p1
eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.97-as-needed-ldflags.patch # 352265, 391279
+ eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
- eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+ eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
+
+ # Upstream post-release fixes :(
+ local GPVDIR=${WORKDIR}/${P}-gentoo-patches-${GPV}
+ eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
+ eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
+ eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
+
+ eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
# oddity, they disable berkdb as hack, and then throw an error when
# berkdb isn't enabled
@@ -124,6 +143,11 @@ src_prepare() {
-e 's/define DB void/define DONTMESS void/' \
src/auths/call_radius.c || die
+ # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
+ # used, but 1.3 has a CVE and Gentoo (like most downstreams) only
+ # has 1.4 available
+ eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
+
if use maildir ; then
eapply "${FILESDIR}"/exim-4.94-maildir.patch
else
@@ -153,7 +177,6 @@ src_configure() {
if use elibc_musl; then
sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- append-cflags -DNO_EXECINFO
fi
local conffile="${EPREFIX}/etc/exim/exim.conf"
diff --git a/mail-mta/exim/exim-4.97-r1.ebuild b/mail-mta/exim/exim-4.97-r2.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.97-r1.ebuild
rename to mail-mta/exim/exim-4.97-r2.ebuild
index 3dbed307e7e4..06ad474f9e9c 100644
--- a/mail-mta/exim/exim-4.97-r1.ebuild
+++ b/mail-mta/exim/exim-4.97-r2.ebuild
@@ -116,6 +116,7 @@ src_prepare() {
eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+ eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
# oddity, they disable berkdb as hack, and then throw an error when
# berkdb isn't enabled
diff --git a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
new file mode 100644
index 000000000000..7eed4eb1855f
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
@@ -0,0 +1,265 @@
+https://nvd.nist.gov/vuln/detail/CVE-2023-51766
+
+
+From cf1376206284f2a4f11e32d931d4aade34c206c5 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 22 Dec 2023 23:57:05 +0000
+Subject: [PATCH] Reject "dot, LF" as ending data phase. Bug 3063
+
+From 5bb786d5ad568a88d50d15452aacc8404047e5ca Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sat, 23 Dec 2023 17:42:57 +0000
+Subject: [PATCH] Reject "dot, LF" as ending data phase (pt. 2). Bug 3063
+
+reduced to source changes only for Gentoo
+
+
+
+diff --git a/src/src/receive.c b/src/src/receive.c
+index e35400aec..c6f612832 100644
+--- a/src/src/receive.c
++++ b/src/src/receive.c
+@@ -836,93 +842,101 @@
+ */
+
+ static int
+-read_message_data_smtp(FILE *fout)
++read_message_data_smtp(FILE * fout, BOOL strict_crlf)
+ {
+-int ch_state = 0;
+-int ch;
+-int linelength = 0;
++enum { s_linestart, s_normal, s_had_cr, s_had_nl_dot, s_had_dot_cr } ch_state =
++ s_linestart;
++int linelength = 0, ch;
+
+ while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
+ {
+ if (ch == 0) body_zerocount++;
+ switch (ch_state)
+ {
+- case 0: /* After LF or CRLF */
+- if (ch == '.')
+- {
+- ch_state = 3;
+- continue; /* Don't ever write . after LF */
+- }
+- ch_state = 1;
++ case s_linestart: /* After LF or CRLF */
++ if (ch == '.')
++ {
++ ch_state = s_had_nl_dot;
++ continue; /* Don't ever write . after LF */
++ }
++ ch_state = s_normal;
+
+- /* Else fall through to handle as normal uschar. */
++ /* Else fall through to handle as normal uschar. */
+
+- case 1: /* Normal state */
+- if (ch == '\n')
+- {
+- ch_state = 0;
+- body_linecount++;
++ case s_normal: /* Normal state */
++ if (ch == '\r')
++ {
++ ch_state = s_had_cr;
++ continue; /* Don't write the CR */
++ }
++ if (ch == '\n') /* Bare LF at end of line */
++ if (strict_crlf)
++ ch = ' '; /* replace LF with space */
++ else
++ { /* treat as line ending */
++ ch_state = s_linestart;
++ body_linecount++;
++ if (linelength > max_received_linelength)
++ max_received_linelength = linelength;
++ linelength = -1;
++ }
++ break;
++
++ case s_had_cr: /* After (unwritten) CR */
++ body_linecount++; /* Any char ends line */
+ if (linelength > max_received_linelength)
+- max_received_linelength = linelength;
++ max_received_linelength = linelength;
+ linelength = -1;
+- }
+- else if (ch == '\r')
+- {
+- ch_state = 2;
+- continue;
+- }
+- break;
++ if (ch == '\n') /* proper CRLF */
++ ch_state = s_linestart;
++ else
++ {
++ message_size++; /* convert the dropped CR to a stored NL */
++ if (fout && fputc('\n', fout) == EOF) return END_WERROR;
++ cutthrough_data_put_nl();
++ if (ch == '\r') /* CR; do not write */
++ continue;
++ ch_state = s_normal; /* not LF or CR; process as standard */
++ }
++ break;
+
+- case 2: /* After (unwritten) CR */
+- body_linecount++;
+- if (linelength > max_received_linelength)
+- max_received_linelength = linelength;
+- linelength = -1;
+- if (ch == '\n')
+- {
+- ch_state = 0;
+- }
+- else
+- {
+- message_size++;
+- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+- cutthrough_data_put_nl();
+- if (ch != '\r') ch_state = 1; else continue;
+- }
+- break;
++ case s_had_nl_dot: /* After [CR] LF . */
++ if (ch == '\n') /* [CR] LF . LF */
++ if (strict_crlf)
++ ch = ' '; /* replace LF with space */
++ else
++ return END_DOT;
++ else if (ch == '\r') /* [CR] LF . CR */
++ {
++ ch_state = s_had_dot_cr;
++ continue; /* Don't write the CR */
++ }
++ /* The dot was removed on reaching s_had_nl_dot. For a doubled dot, here,
++ reinstate it to cutthrough. The current ch, dot or not, is passed both to
++ cutthrough and to file below. */
++ else if (ch == '.')
++ {
++ uschar c = ch;
++ cutthrough_data_puts(&c, 1);
++ }
++ ch_state = s_normal;
++ break;
+
+- case 3: /* After [CR] LF . */
+- if (ch == '\n')
+- return END_DOT;
+- if (ch == '\r')
+- {
+- ch_state = 4;
+- continue;
+- }
+- /* The dot was removed at state 3. For a doubled dot, here, reinstate
+- it to cutthrough. The current ch, dot or not, is passed both to cutthrough
+- and to file below. */
+- if (ch == '.')
+- {
+- uschar c= ch;
+- cutthrough_data_puts(&c, 1);
+- }
+- ch_state = 1;
+- break;
++ case s_had_dot_cr: /* After [CR] LF . CR */
++ if (ch == '\n')
++ return END_DOT; /* Preferred termination */
+
+- case 4: /* After [CR] LF . CR */
+- if (ch == '\n') return END_DOT;
+- message_size++;
+- body_linecount++;
+- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+- cutthrough_data_put_nl();
+- if (ch == '\r')
+- {
+- ch_state = 2;
+- continue;
+- }
+- ch_state = 1;
+- break;
++ message_size++; /* convert the dropped CR to a stored NL */
++ body_linecount++;
++ if (fout && fputc('\n', fout) == EOF) return END_WERROR;
++ cutthrough_data_put_nl();
++ if (ch == '\r')
++ {
++ ch_state = s_had_cr;
++ continue; /* CR; do not write */
++ }
++ ch_state = s_normal;
++ break;
+ }
+
+ /* Add the character to the spool file, unless skipping; then loop for the
+@@ -1140,7 +1152,7 @@ receive_swallow_smtp(void)
+ {
+ if (message_ended >= END_NOTENDED)
+ message_ended = chunking_state <= CHUNKING_OFFERED
+- ? read_message_data_smtp(NULL)
++ ? read_message_data_smtp(NULL, FALSE)
+ : read_message_bdat_smtp_wire(NULL);
+ }
+
+@@ -1960,8 +1960,10 @@ for (;;)
+
+ if (ch == '\n')
+ {
+- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
+- else if (first_line_ended_crlf) receive_ungetc(' ');
++ if (first_line_ended_crlf == TRUE_UNSET)
++ first_line_ended_crlf = FALSE;
++ else if (first_line_ended_crlf)
++ receive_ungetc(' ');
+ goto EOL;
+ }
+
+@@ -1977,7 +1980,11 @@ for (;;)
+ if (f.dot_ends && ptr == 0 && ch == '.')
+ {
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+- if (ch == '\r')
++ if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ )
++ /* dot, LF but we are in CRLF mode. Attack? */
++ ch = ' '; /* replace the LF with a space */
++
++ else if (ch == '\r')
+ {
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+ if (ch != '\n')
+@@ -2013,7 +2020,8 @@ for (;;)
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+ if (ch == '\n')
+ {
+- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
++ if (first_line_ended_crlf == TRUE_UNSET)
++ first_line_ended_crlf = TRUE;
+ goto EOL;
+ }
+
+@@ -3241,7 +3253,7 @@ if (!ferror(spool_data_file) && !(receive_feof)() && message_ended != END_DOT)
+ if (smtp_input)
+ {
+ message_ended = chunking_state <= CHUNKING_OFFERED
+- ? read_message_data_smtp(spool_data_file)
++ ? read_message_data_smtp(spool_data_file, first_line_ended_crlf)
+ : spool_wireformat
+ ? read_message_bdat_smtp_wire(spool_data_file)
+ : read_message_bdat_smtp(spool_data_file);
+diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
+index e19c86ff8..aeaffeb37 100644
+--- a/src/src/smtp_in.c
++++ b/src/src/smtp_in.c
+@@ -5112,7 +5112,10 @@ while (done <= 0)
+ to get the DATA command sent. */
+
+ if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
++ {
++ if (!check_sync()) goto SYNC_FAILURE;
+ rc = OK;
++ }
+ else
+ {
+ uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept";
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-01-12 11:56 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-01-12 11:56 UTC (permalink / raw
To: gentoo-commits
commit: c11d2a7a9507bd2392e0c8c83e6719debbf18ab1
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 12 11:56:22 2024 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Jan 12 11:56:22 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c11d2a7a
mail-mta/exim: cleanup vulnerable
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/Manifest | 5 -
mail-mta/exim/exim-4.96-r4.ebuild | 655 --------------------
mail-mta/exim/exim-4.96.2-r1.ebuild | 656 ---------------------
mail-mta/exim/exim-4.96.2.ebuild | 655 --------------------
.../exim/files/exim-4.93-as-needed-ldflags.patch | 145 -----
mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch | 14 -
.../exim/files/exim-4.95-localscan_dlopen.patch | 221 -------
mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch | 265 ---------
8 files changed, 2616 deletions(-)
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest
index 9553d4d46a0a..d87f52e906c4 100644
--- a/mail-mta/exim/Manifest
+++ b/mail-mta/exim/Manifest
@@ -1,8 +1,3 @@
-DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db
-DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
-DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
DIST exim-4.97.1.tar.xz 1919308 BLAKE2B ea41bf851185c7330e648c7757f2bf0b0aea3133e399630a40d220f5f542e9055e3ed0cd67c9ee5dcede281ccc17919a4ac328abd8f05d4d828e0381f10df0b8 SHA512 eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc
-DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74
-DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1
DIST exim-pdf-4.97.1.tar.xz 2139688 BLAKE2B baadbb6ca7b88b11ea88f6b5ce0c96d9d713a1f5b358e4dfb52647ccc2bb1a9a6f74e75341839a8ee7df327f2f5645dbf223e4e5923631b02aa53a777701b436 SHA512 6aa733b1d48b6237f458939ff53e484e702f47a0c10ba781ba101db404d39667bd2ddc876af4f597deda1991e534d5b8b874c549e6a86b5325ebd624a6713183
DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3
diff --git a/mail-mta/exim/exim-4.96-r4.ebuild b/mail-mta/exim/exim-4.96-r4.ebuild
deleted file mode 100644
index c3bb1a1d477e..000000000000
--- a/mail-mta/exim/exim-4.96-r4.ebuild
+++ /dev/null
@@ -1,655 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- || ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- https://dev.gentoo.org/~grobian/distfiles/${P}-gentoo-patches-${GPV}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- dev-libs/libpcre2:=
- tdb? ( sys-libs/tdb:= )
- !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
- !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- elibc_glibc? (
- net-libs/libnsl:=
- nis? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-
- # Upstream post-release fixes :(
- local GPVDIR=${WORKDIR}/${P}-gentoo-patches-${GPV}
- eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
- eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
- # oddity, they disable berkdb as hack, and then throw an error when
- # berkdb isn't enabled
- sed -i \
- -e 's/_DB_/_DONTMESS_/' \
- -e 's/define DB void/define DONTMESS void/' \
- src/auths/call_radius.c || die
-
- # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
- # used, but 1.3 has a CVE and Gentoo (like most downstreams) only
- # has 1.4 available
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- WITH_CONTENT_SCAN=yes
- EOC
-
- # configure db implementation, Exim always needs one for its hints
- # database, we prefer tdb and gdbm, since bdb is kind of getting
- # less and less support
- if use tdb ; then
- cat >> Makefile <<- EOC
- USE_TDB=yes
- DBMLIB = -ltdb
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- elif use gdbm ; then
- cat >> Makefile <<- EOC
- USE_GDBM=yes
- DBMLIB = -lgdbm
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- else # must be berkdb via required_use
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- fi
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
- #
-
- # support passwd and directory lookups by default
- cat >> Makefile <<- EOC
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # SOCKS5 (outbound) proxy support
- if use socks5; then
- cat >> Makefile <<- EOC
- SUPPORT_SOCKS=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # this one is the default/supported variant since 4.95, and the
- # only variant available since 4.96
- cat >> Makefile <<- EOC
- SUPPORT_SRS=yes
- EOC
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use berkdb && ( use gdbm || use tdb ) ; then
- ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs; then
- einfo "SRS support using libsrs_alt was dropped in this"
- einfo "release of Exim, you are now using the native SRS implementation"
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/exim-4.96.2-r1.ebuild b/mail-mta/exim/exim-4.96.2-r1.ebuild
deleted file mode 100644
index f31266dbaa83..000000000000
--- a/mail-mta/exim/exim-4.96.2-r1.ebuild
+++ /dev/null
@@ -1,656 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- || ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- dev-libs/libpcre2:=
- tdb? ( sys-libs/tdb:= )
- !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
- !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- elibc_glibc? (
- net-libs/libnsl:=
- nis? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
- eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063
-
- # Upstream post-release fixes :(
- local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
- eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
- eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
- # oddity, they disable berkdb as hack, and then throw an error when
- # berkdb isn't enabled
- sed -i \
- -e 's/_DB_/_DONTMESS_/' \
- -e 's/define DB void/define DONTMESS void/' \
- src/auths/call_radius.c || die
-
- # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
- # used, but 1.3 has a CVE and Gentoo (like most downstreams) only
- # has 1.4 available
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- WITH_CONTENT_SCAN=yes
- EOC
-
- # configure db implementation, Exim always needs one for its hints
- # database, we prefer tdb and gdbm, since bdb is kind of getting
- # less and less support
- if use tdb ; then
- cat >> Makefile <<- EOC
- USE_TDB=yes
- DBMLIB = -ltdb
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- elif use gdbm ; then
- cat >> Makefile <<- EOC
- USE_GDBM=yes
- DBMLIB = -lgdbm
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- else # must be berkdb via required_use
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- fi
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
- #
-
- # support passwd and directory lookups by default
- cat >> Makefile <<- EOC
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # SOCKS5 (outbound) proxy support
- if use socks5; then
- cat >> Makefile <<- EOC
- SUPPORT_SOCKS=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # this one is the default/supported variant since 4.95, and the
- # only variant available since 4.96
- cat >> Makefile <<- EOC
- SUPPORT_SRS=yes
- EOC
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use berkdb && ( use gdbm || use tdb ) ; then
- ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs; then
- einfo "SRS support using libsrs_alt was dropped in this"
- einfo "release of Exim, you are now using the native SRS implementation"
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/exim-4.96.2.ebuild b/mail-mta/exim/exim-4.96.2.ebuild
deleted file mode 100644
index 1a6f85e5b4ec..000000000000
--- a/mail-mta/exim/exim-4.96.2.ebuild
+++ /dev/null
@@ -1,655 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit db-use toolchain-funcs pam systemd
-
-IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
-dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
-mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
-socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
-REQUIRED_USE="
- arc? ( dkim spf )
- dane? ( ssl !gnutls )
- dmarc? ( dkim spf )
- dkim? ( ssl !gnutls )
- gnutls? ( ssl )
- pkcs11? ( ssl )
- || ( berkdb gdbm tdb )
-"
-# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
-# for x86 and amd64 only, due to this, repoman won't allow depending on
-# gnutls[dane] for all else. Because we cannot express USE=dane when
-# USE=gnutls is in effect only in package.use.mask, the only option we
-# have left is to a) ignore the dependency (but that results in bug
-# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
-# incorrect, but b) is the only "correct" view from repoman.
-# We cannot express a required use for berkdb/gdbm/tdb correctly because
-# berkdb and gdbm are both enabled in base profile
-
-SDIR=$([[ ${PV} == *_rc* ]] && echo /test
- [[ ${PV} == *.*.*.* ]] && echo /fixes)
-COMM_URI="https://downloads.exim.org/exim4${SDIR}"
-
-GPV="r0"
-DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
-SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
- https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz
- mirror://gentoo/system_filter.exim.gz
- doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
-HOMEPAGE="https://www.exim.org/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 sparc ~x86"
-
-COMMON_DEPEND=">=sys-apps/sed-4.0.5
- dev-libs/libpcre2:=
- tdb? ( sys-libs/tdb:= )
- !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
- !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
- idn? ( net-dns/libidn:= net-dns/libidn2:= )
- perl? ( dev-lang/perl:= )
- pam? ( sys-libs/pam )
- tcpd? ( sys-apps/tcp-wrappers )
- ssl? (
- gnutls? (
- net-libs/gnutls:0=[pkcs11?]
- dev-libs/libtasn1
- )
- !gnutls? (
- dev-libs/openssl:0=
- )
- )
- ldap? ( >=net-nds/openldap-2.0.7:= )
- elibc_glibc? (
- net-libs/libnsl:=
- nis? (
- net-libs/libtirpc:=
- >=net-libs/libnsl-1:=
- )
- )
- mysql? ( dev-db/mysql-connector-c:= )
- postgres? ( dev-db/postgresql:= )
- sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
- redis? ( dev-libs/hiredis:= )
- spf? ( >=mail-filter/libspf2-1.2.5-r1 )
- dmarc? ( mail-filter/opendmarc:= )
- X? (
- x11-libs/libX11
- x11-libs/libXmu
- x11-libs/libXt
- x11-libs/libXaw
- )
- sqlite? ( dev-db/sqlite )
- radius? ( net-dialup/freeradius-client )
- virtual/libcrypt:=
- virtual/libiconv
- "
- # added X check for #57206
-BDEPEND="virtual/pkgconfig"
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}
- !mail-mta/courier
- !mail-mta/esmtp
- !mail-mta/msmtp[mta]
- !mail-mta/netqmail
- !mail-mta/nullmailer
- !mail-mta/postfix
- !mail-mta/sendmail
- !mail-mta/opensmtpd
- !mail-mta/ssmtp[mta]
- >=net-mail/mailbase-0.00-r5
- virtual/logger
- dcc? ( mail-filter/dcc )
- selinux? ( sec-policy/selinux-exim )
- "
-
-S=${WORKDIR}/${P//_rc/-RC}
-
-src_prepare() {
- # Legacy patches which need a respin for -p1
- eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
- eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
- eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279
- eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
- eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
- eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch
-
- # Upstream post-release fixes :(
- local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV}
- eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr
- eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr
- eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr
-
- # oddity, they disable berkdb as hack, and then throw an error when
- # berkdb isn't enabled
- sed -i \
- -e 's/_DB_/_DONTMESS_/' \
- -e 's/define DB void/define DONTMESS void/' \
- src/auths/call_radius.c || die
-
- # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be
- # used, but 1.3 has a CVE and Gentoo (like most downstreams) only
- # has 1.4 available
- eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch
-
- if use maildir ; then
- eapply "${FILESDIR}"/exim-4.94-maildir.patch
- else
- eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
- fi
-
- eapply_user
-
- # user Exim believes it should be
- MAILUSER=mail
- MAILGROUP=mail
- if use prefix && [[ ${EUID} != 0 ]] ; then
- MAILUSER=$(id -un)
- MAILGROUP=$(id -gn)
- fi
-}
-
-src_configure() {
- # general config and paths
-
- local aliases="${EPREFIX}/etc/mail/aliases"
- sed -i \
- -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
- src/configure.default || die
-
- sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
-
- if use elibc_musl; then
- sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
- fi
-
- local conffile="${EPREFIX}/etc/exim/exim.conf"
- sed -e "48i\CFLAGS=${CFLAGS}" \
- -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
- -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
- -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
- -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
- -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
- src/EDITME > Local/Makefile || die
-
- # work on Local/Makefile from now on
- cd Local
-
- cat >> Makefile <<- EOC
- INFO_DIRECTORY=${EPREFIX}/usr/share/info
- PID_FILE_PATH=${EPREFIX}/run/exim.pid
- SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
- HAVE_ICONV=yes
- WITH_CONTENT_SCAN=yes
- EOC
-
- # configure db implementation, Exim always needs one for its hints
- # database, we prefer tdb and gdbm, since bdb is kind of getting
- # less and less support
- if use tdb ; then
- cat >> Makefile <<- EOC
- USE_TDB=yes
- DBMLIB = -ltdb
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- elif use gdbm ; then
- cat >> Makefile <<- EOC
- USE_GDBM=yes
- DBMLIB = -lgdbm
- EOC
- sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- else # must be berkdb via required_use
- # use the "native" interfaces to the DBM and CDB libraries, support
- # passwd and directory lookups by default
- local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
- cat >> Makefile <<- EOC
- USE_DB=yes
- # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
- CFLAGS += -I$(db_includedir ${DB_VERS})
- DBMLIB = -l$(db_libname ${DB_VERS})
- EOC
- sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
- sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
- fi
-
- # if we use libiconv, now is the time to tell so
- if use !elibc_glibc && use !elibc_musl ; then
- cat >> Makefile <<- EOC
- EXTRALIBS_EXIM=-liconv
- EOC
- fi
-
- # support for IPv6
- if use ipv6; then
- cat >> Makefile <<- EOC
- HAVE_IPV6=YES
- EOC
- fi
-
- # support i18n/IDNA
- if use idn; then
- cat >> Makefile <<- EOC
- SUPPORT_I18N=yes
- SUPPORT_I18N_2008=yes
- EXTRALIBS_EXIM += -lidn -lidn2
- EOC
- fi
-
- #
- # mail storage formats
- #
-
- # mailstore is Exim's traditional storage format
- cat >> Makefile <<- EOC
- SUPPORT_MAILSTORE=yes
- EOC
-
- # mbox
- if use mbx; then
- cat >> Makefile <<- EOC
- SUPPORT_MBX=yes
- EOC
- fi
-
- # maildir
- if use maildir; then
- cat >> Makefile <<- EOC
- SUPPORT_MAILDIR=yes
- EOC
- fi
-
- #
- # lookup methods
- #
-
- # support passwd and directory lookups by default
- cat >> Makefile <<- EOC
- LOOKUP_CDB=yes
- LOOKUP_PASSWD=yes
- LOOKUP_DSEARCH=yes
- EOC
-
- if ! use dnsdb; then
- # DNSDB lookup is enabled by default
- sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
- fi
-
- if use ldap; then
- cat >> Makefile <<- EOC
- LOOKUP_LDAP=yes
- LDAP_LIB_TYPE=OPENLDAP2
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
- LOOKUP_LIBS += -lldap -llber
- EOC
- fi
-
- if use mysql; then
- cat >> Makefile <<- EOC
- LOOKUP_MYSQL=yes
- LOOKUP_INCLUDE += $(mysql_config --include)
- LOOKUP_LIBS += $(mysql_config --libs)
- EOC
- fi
-
- if use nis; then
- cat >> Makefile <<- EOC
- LOOKUP_NIS=yes
- LOOKUP_NISPLUS=yes
- EOC
- if use elibc_glibc ; then
- cat >> Makefile <<- EOC
- LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
- LOOKUP_LIBS += -lnsl
- EOC
- fi
- fi
-
- if use postgres; then
- cat >> Makefile <<- EOC
- LOOKUP_PGSQL=yes
- LOOKUP_INCLUDE += -I$(pg_config --includedir)
- LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
- EOC
- fi
-
- if use sqlite; then
- cat >> Makefile <<- EOC
- LOOKUP_SQLITE=yes
- LOOKUP_SQLITE_PC=sqlite3
- EOC
- fi
-
- if use redis; then
- cat >> Makefile <<- EOC
- LOOKUP_REDIS=yes
- LOOKUP_LIBS += -lhiredis
- EOC
- fi
-
- # Exim monitor, enabled by default, controlled via X USE-flag,
- # disable if not requested, bug #46778
- if use X; then
- cp ../exim_monitor/EDITME eximon.conf || die
- cat >> Makefile <<- EOC
- EXIM_MONITOR=eximon.bin
- EOC
- fi
-
- #
- # features
- #
-
- # DomainKeys Identified Mail, RFC4871
- if ! use dkim; then
- # DKIM is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_DKIM=yes
- EOC
- fi
-
- # Per-Recipient-Data-Response
- if ! use prdr; then
- # PRDR is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_PRDR=yes
- EOC
- fi
-
- # Transport post-delivery actions
- if use !tpda && use !dane; then
- # EVENT is enabled by default
- cat >> Makefile <<- EOC
- DISABLE_EVENT=yes
- EOC
- fi
-
- # log to syslog
- if use syslog; then
- local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
- sed -i \
- -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
- Makefile || die
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=syslog
- EOC
- else
- cat >> Makefile <<- EOC
- LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
- EOC
- fi
-
- # starttls support (ssl)
- if use ssl; then
- if use gnutls; then
- echo "USE_GNUTLS=yes" >> Makefile
- echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
- >> Makefile
- use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
- else
- echo "USE_OPENSSL=yes" >> Makefile
- echo "USE_OPENSSL_PC=openssl" >> Makefile
- fi
- else
- echo "DISABLE_TLS=yes" >> Makefile
- fi
-
- # TCP wrappers
- if use tcpd; then
- cat >> Makefile <<- EOC
- USE_TCP_WRAPPERS=yes
- EXTRALIBS_EXIM += -lwrap
- EOC
- fi
-
- # Light Mail Transport Protocol
- if use lmtp; then
- cat >> Makefile <<- EOC
- TRANSPORT_LMTP=yes
- EOC
- fi
-
- # embedded Perl
- if use perl; then
- cat >> Makefile <<- EOC
- EXIM_PERL=perl.o
- EOC
- fi
-
- # dlfunc
- if use dlfunc; then
- cat >> Makefile <<- EOC
- EXPAND_DLFUNC=yes
- HAVE_LOCAL_SCAN=yes
- DLOPEN_LOCAL_SCAN=yes
- EOC
- fi
-
- # Proxy Protocol
- if use proxy; then
- cat >> Makefile <<- EOC
- SUPPORT_PROXY=yes
- EOC
- fi
-
- # SOCKS5 (outbound) proxy support
- if use socks5; then
- cat >> Makefile <<- EOC
- SUPPORT_SOCKS=yes
- EOC
- fi
-
- # DANE
- if use !dane; then
- # DANE is enabled by default
- sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
- fi
-
- # DMARC
- if use dmarc; then
- cat >> Makefile <<- EOC
- SUPPORT_DMARC=yes
- EXTRALIBS_EXIM += -lopendmarc
- EOC
- fi
-
- # Sender Policy Framework
- if use spf; then
- cat >> Makefile <<- EOC
- SUPPORT_SPF=yes
- EXTRALIBS_EXIM += -lspf2
- EOC
- fi
-
- #
- # experimental features
- #
-
- # Authenticated Receive Chain
- if use arc; then
- echo "EXPERIMENTAL_ARC=yes">> Makefile
- fi
-
- # Distributed Checksum Clearinghouse
- if use dcc; then
- echo "EXPERIMENTAL_DCC=yes">> Makefile
- fi
-
- # Sender Rewriting Scheme
- if use srs; then
- # this one is the default/supported variant since 4.95, and the
- # only variant available since 4.96
- cat >> Makefile <<- EOC
- SUPPORT_SRS=yes
- EOC
- fi
-
- # Delivery Sender Notifications extra information in fail message
- if use dsn; then
- cat >> Makefile <<- EOC
- EXPERIMENTAL_DSN_INFO=yes
- EOC
- fi
-
- #
- # authentication (SMTP AUTH)
- #
-
- # standard bits
- cat >> Makefile <<- EOC
- AUTH_SPA=yes
- AUTH_CRAM_MD5=yes
- AUTH_PLAINTEXT=yes
- EOC
-
- # Cyrus SASL
- if use sasl; then
- cat >> Makefile <<- EOC
- CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
- AUTH_CYRUS_SASL=yes
- AUTH_LIBS += -lsasl2
- EOC
- fi
-
- # Dovecot
- if use dovecot-sasl; then
- cat >> Makefile <<- EOC
- AUTH_DOVECOT=yes
- EOC
- fi
-
- # Pluggable Authentication Modules
- if use pam; then
- cat >> Makefile <<- EOC
- SUPPORT_PAM=yes
- AUTH_LIBS += -lpam
- EOC
- fi
-
- # Radius
- if use radius; then
- cat >> Makefile <<- EOC
- RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
- RADIUS_LIB_TYPE=RADIUSCLIENTNEW
- AUTH_LIBS += -lfreeradius-client
- EOC
- fi
-}
-
-src_compile() {
- emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
- AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
-}
-
-src_install() {
- cd "${S}"/build-exim-gentoo || die
- dosbin exim
- if use X; then
- dosbin eximon.bin
- dosbin eximon
- fi
- fperms 4755 /usr/sbin/exim
-
- dosym exim /usr/sbin/sendmail
- dosym exim /usr/sbin/rsmtp
- dosym exim /usr/sbin/rmail
- dosym ../sbin/exim /usr/bin/mailq
- dosym ../sbin/exim /usr/bin/newaliases
- dosym ../sbin/sendmail /usr/lib/sendmail
-
- for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
- exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
- convert4r3 convert4r4 exipick
- do
- dosbin $i
- done
-
- dodoc -r "${S}"/doc/.
- doman "${S}"/doc/exim.8
- use dsn && dodoc "${S}"/README.DSN
- use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
-
- # conf files
- insinto /etc/exim
- newins "${S}"/src/configure.default exim.conf.dist
- doins "${WORKDIR}"/system_filter.exim
- doins "${FILESDIR}"/auth_conf.sub
-
- if use pam; then
- pamd_mimic system-auth exim auth account
- fi
-
- # headers, #436406
- if use dlfunc ; then
- # fixup includes so they actually can be found when including
- sed -i \
- -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
- local_scan.h || die
- insinto /usr/include/exim
- doins {config,local_scan}.h ../src/{mytypes,store}.h
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/exim.logrotate" exim
-
- newinitd "${FILESDIR}"/exim.rc10 exim
- newconfd "${FILESDIR}"/exim.confd exim
-
- systemd_dounit \
- "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
- systemd_newunit \
- "${FILESDIR}"/exim_at.service 'exim@.service'
- systemd_newunit \
- "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
-
- diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
- keepdir /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
- einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
- einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
- einfo "for using smtp auth."
- einfo "Please create ${EROOT}/etc/exim/exim.conf from"
- einfo " ${EROOT}/etc/exim/exim.conf.dist."
- fi
- if use berkdb && ( use gdbm || use tdb ) ; then
- ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
- fi
- if use dmarc ; then
- einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
- einfo "you can populate this file with the contents downloaded from"
- einfo " https://publicsuffix.org/list/public_suffix_list.dat"
- fi
- if use dcc ; then
- einfo "DCC support is experimental, you can find some limited"
- einfo "documentation at the bottom of this prerelease message:"
- einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
- fi
- if use srs; then
- einfo "SRS support using libsrs_alt was dropped in this"
- einfo "release of Exim, you are now using the native SRS implementation"
- fi
- use dsn && einfo "extra information in fail DSN message is experimental"
- einfo
- elog "Note that this release contains a tainted variable check that"
- elog "is likely to break your configuration used with Exim 4.93 and before."
- elog "Please check your transports for occurences of \$local_part, and"
- elog "use a replacement like \$local_part_data where possible."
-}
diff --git a/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch b/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch
deleted file mode 100644
index 3b3ea4628174..000000000000
--- a/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-https://bugs.gentoo.org/show_bug.cgi?id=352265
-
-Make sure LDFLAGS comes first, such that all libraries are considered,
-and not discarded when --as-needed is in effect.
-
-https://bugs.gentoo.org/show_bug.cgi?id=391279
-
-Use LDFLAGS for all targets, not just the exim binary, such that
---as-needed works as well.
-
-
---- a/OS/Makefile-Base
-+++ b/OS/Makefile-Base
-@@ -496,12 +496,12 @@
- buildrouters buildtransports \
- $(OBJ_EXIM) version.o
- @echo "$(LNCC) -o exim"
-- $(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
-+ $(FE)$(PURIFY) $(LNCC) -o exim $(LDFLAGS) $(OBJ_EXIM) version.o \
- routers/routers.a transports/transports.a lookups/lookups.a \
- auths/auths.a pdkim/pdkim.a \
- $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
- $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
-- $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
-+ $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim; \
- $(STRIP_COMMAND) exim; \
-@@ -517,8 +517,8 @@
-
- exim_dumpdb: $(OBJ_DUMPDB)
- @echo "$(LNCC) -o exim_dumpdb"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
-- $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LDFLAGS) $(OBJ_DUMPDB) \
-+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_dumpdb; \
- $(STRIP_COMMAND) exim_dumpdb; \
-@@ -532,8 +532,8 @@
-
- exim_fixdb: $(OBJ_FIXDB)
- @echo "$(LNCC) -o exim_fixdb"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
-- $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \
-+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_fixdb; \
- $(STRIP_COMMAND) exim_fixdb; \
-@@ -547,8 +547,8 @@
-
- exim_tidydb: $(OBJ_TIDYDB)
- @echo "$(LNCC) -o exim_tidydb"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
-- $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LDFLAGS) $(OBJ_TIDYDB) \
-+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_tidydb; \
- $(STRIP_COMMAND) exim_tidydb; \
-@@ -560,8 +560,8 @@
-
- exim_dbmbuild: exim_dbmbuild.o
- @echo "$(LNCC) -o exim_dbmbuild"
-- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
-- $(LIBS) $(EXTRALIBS) $(DBMLIB)
-+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LDFLAGS) exim_dbmbuild.o \
-+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_dbmbuild; \
- $(STRIP_COMMAND) exim_dbmbuild; \
-@@ -575,8 +575,8 @@
- @echo "$(CC) exim_lock.c"
- $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
- @echo "$(LNCC) -o exim_lock"
-- $(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o \
-- $(LIBS) $(EXTRALIBS)
-+ $(FE)$(LNCC) -o exim_lock $(LDFLAGS) exim_lock.o \
-+ $(LIBS) $(EXTRALIBS) $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) exim_lock; \
- $(STRIP_COMMAND) exim_lock; \
-@@ -612,9 +612,9 @@
- $(FE)$(CC) -o em_version.o -c \
- $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
- @echo "$(LNCC) -o eximon.bin"
-- $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
-+ $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LDFLAGS) $(XLFLAGS) \
- $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
-- $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
-+ $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc $(LFLAGS)
- @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
- echo $(STRIP_COMMAND) eximon.bin; \
- $(STRIP_COMMAND) eximon.bin; \
-@@ -947,9 +947,9 @@
- string.o tod.o version.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
- $(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c
-- $(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
-+ $(LNCC) -o test_dbfn $(LDFLAGS) dbfn.o \
- dummies.o sa-globals.o sa-os.o store.o string.o \
-- tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
-+ tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LFLAGS)
- rm -f dbfn.o store.o
-
- test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
-@@ -958,29 +958,29 @@
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
-- $(LNCC) -o test_host $(LFLAGS) \
-+ $(LNCC) -o test_host $(LDFLAGS) \
- host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
-- tod.o tree.o $(LIBS) $(LIBRESOLV)
-+ tod.o tree.o $(LIBS) $(LIBRESOLV) $(LFLAGS)
- rm -f child.o dummies.o host.o dns.o
-
- test_os: os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
-- $(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
-- sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+ $(LNCC) -o test_os $(LDFLAGS) os.o dummies.o \
-+ sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LFLAGS)
- rm -f os.o
-
- test_parse: config.h parse.c dummies.o sa-globals.o \
- store.o string.o tod.o version.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
-- $(LNCC) -o test_parse $(LFLAGS) parse.o \
-+ $(LNCC) -o test_parse $(LDFLAGS) parse.o \
- dummies.o sa-globals.o store.o string.o tod.o version.o \
-- utf8.o $(LDFLAGS)
-+ utf8.o $(LFLAGS)
- rm -f parse.o
-
- test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
- $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
-- $(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
-- dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
-+ $(LNCC) -o test_string $(LDFLAGS) -DSTAND_ALONE string.o \
-+ dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LFLAGS)
- rm -f string.o
-
- # End
diff --git a/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch b/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch
deleted file mode 100644
index d37c320d1592..000000000000
--- a/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-https://bugs.exim.org/show_bug.cgi?id=2728
-
-
---- a/src/dmarc.c
-+++ b/src/dmarc.c
-@@ -446,7 +446,7 @@
- vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
- DMARC_POLICY_DKIM_OUTCOME_NONE;
- libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,
-- dkim_result, US"");
-+ sig->selector, dkim_result, US"");
- DEBUG(D_receive)
- debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
- if (libdm_status != DMARC_PARSE_OKAY)
diff --git a/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch
deleted file mode 100644
index 320cc9936da9..000000000000
--- a/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch
+++ /dev/null
@@ -1,221 +0,0 @@
-Only in exim-4.95: dlopen.patch
-diff -aur exim-4.95.orig/src/config.h.defaults exim-4.95/src/config.h.defaults
---- exim-4.95.orig/src/config.h.defaults 2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/config.h.defaults 2021-09-29 08:20:03.677883649 +0200
-@@ -35,6 +35,8 @@
-
- #define AUTH_VARS 4
-
-+#define DLOPEN_LOCAL_SCAN
-+
- #define BIN_DIRECTORY
-
- #define CONFIGURE_FILE
-Only in exim-4.95/src: config.h.defaults.orig
-diff -aur exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
---- exim-4.95.orig/src/EDITME 2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/EDITME 2021-09-29 08:20:03.678883649 +0200
-@@ -883,6 +883,24 @@
-
-
- #------------------------------------------------------------------------------
-+# On systems which support dynamic loading of shared libraries, Exim can
-+# load a local_scan function specified in its config file instead of having
-+# to be recompiled with the desired local_scan function. For a full
-+# description of the API to this function, see the Exim specification.
-+
-+#DLOPEN_LOCAL_SCAN=yes
-+
-+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
-+# linker flags. Without it, the loaded .so won't be able to access any
-+# functions from exim.
-+
-+LFLAGS = -rdynamic
-+ifeq ($(OSTYPE),Linux)
-+LFLAGS += -ldl
-+endif
-+
-+
-+#------------------------------------------------------------------------------
- # The default distribution of Exim contains only the plain text form of the
- # documentation. Other forms are available separately. If you want to install
- # the documentation in "info" format, first fetch the Texinfo documentation
-Only in exim-4.95/src: EDITME.orig
-diff -aur exim-4.95.orig/src/globals.c exim-4.95/src/globals.c
---- exim-4.95.orig/src/globals.c 2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/globals.c 2021-09-29 08:20:03.679883649 +0200
-@@ -42,6 +42,10 @@
-
- uschar *no_aliases = NULL;
-
-+#ifdef DLOPEN_LOCAL_SCAN
-+uschar *local_scan_path = NULL;
-+#endif
-+
-
- /* For comments on these variables, see globals.h. I'm too idle to
- duplicate them here... */
-Only in exim-4.95/src: globals.c.orig
-diff -aur exim-4.95.orig/src/globals.h exim-4.95/src/globals.h
---- exim-4.95.orig/src/globals.h 2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/globals.h 2021-09-29 08:20:03.680883648 +0200
-@@ -170,6 +170,9 @@
- extern int (*receive_ferror)(void);
- extern BOOL (*receive_smtp_buffered)(void);
-
-+#ifdef DLOPEN_LOCAL_SCAN
-+extern uschar *local_scan_path; /* Path to local_scan() library */
-+#endif
-
- /* For clearing, saving, restoring address expansion variables. We have to have
- the size of this vector set explicitly, because it is referenced from more than
-Only in exim-4.95/src: globals.h.orig
-diff -aur exim-4.95.orig/src/local_scan.c exim-4.95/src/local_scan.c
---- exim-4.95.orig/src/local_scan.c 2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/local_scan.c 2021-09-29 08:23:33.756785663 +0200
-@@ -54,10 +54,130 @@
- is used in the rejection message.
- */
-
-+#ifdef DLOPEN_LOCAL_SCAN
-+# include <stdlib.h>
-+# include <dlfcn.h>
-+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
-+static int load_local_scan_library(void);
-+extern uschar *local_scan_path; /* Path to local_scan() library */
-+#endif
-+
- int
- local_scan(int fd, uschar **return_text)
- {
--return LOCAL_SCAN_ACCEPT;
-+#ifdef DLOPEN_LOCAL_SCAN
-+/* local_scan_path is defined AND not the empty string */
-+if (local_scan_path && *local_scan_path)
-+ {
-+ if (!local_scan_fn)
-+ {
-+ if (!load_local_scan_library())
-+ {
-+ char *base_msg , *error_msg , *final_msg ;
-+ int final_length = -1 ;
-+
-+ base_msg=US"Local configuration error - local_scan() library failure\n";
-+ error_msg = dlerror() ;
-+
-+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
-+ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
-+ *final_msg = '\0' ;
-+
-+ strcat( final_msg , base_msg ) ;
-+ strcat( final_msg , error_msg ) ;
-+
-+ *return_text = final_msg ;
-+ return LOCAL_SCAN_TEMPREJECT;
-+ }
-+ }
-+ return local_scan_fn(fd, return_text);
-+ }
-+else
-+#endif
-+ return LOCAL_SCAN_ACCEPT;
-+}
-+
-+#ifdef DLOPEN_LOCAL_SCAN
-+
-+static int load_local_scan_library(void)
-+{
-+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
-+void *local_scan_lib = NULL;
-+int (*local_scan_version_fn)(void);
-+int vers_maj;
-+int vers_min;
-+
-+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
-+if (!local_scan_lib)
-+ {
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
-+ "message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
-+if (!local_scan_version_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan_version_major() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+/* The major number is increased when the ABI is changed in a non
-+ backward compatible way. */
-+vers_maj = local_scan_version_fn();
-+
-+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
-+if (!local_scan_version_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan_version_minor() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+/* The minor number is increased each time a new feature is added (in a
-+ way that doesn't break backward compatibility) -- Marc */
-+vers_min = local_scan_version_fn();
-+
-+
-+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
-+ {
-+ dlclose(local_scan_lib);
-+ local_scan_lib = NULL;
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
-+ "version number, you need to recompile your module for this version"
-+ "of exim (The module was compiled for version %d.%d and this exim provides"
-+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+ LOCAL_SCAN_ABI_VERSION_MINOR);
-+ return FALSE;
-+ }
-+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
-+ {
-+ dlclose(local_scan_lib);
-+ local_scan_lib = NULL;
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
-+ "version number, you need to recompile your module for this version"
-+ "of exim (The module was compiled for version %d.%d and this exim provides"
-+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
-+ LOCAL_SCAN_ABI_VERSION_MINOR);
-+ return FALSE;
-+ }
-+
-+local_scan_fn = dlsym(local_scan_lib, "local_scan");
-+if (!local_scan_fn)
-+ {
-+ dlclose(local_scan_lib);
-+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
-+ "local_scan() function - message temporarily rejected");
-+ return FALSE;
-+ }
-+
-+return TRUE;
- }
-
-+#endif /* DLOPEN_LOCAL_SCAN */
-+
-+
- /* End of local_scan.c */
-diff -aur exim-4.95.orig/src/readconf.c exim-4.95/src/readconf.c
---- exim-4.95.orig/src/readconf.c 2021-09-28 10:24:46.000000000 +0200
-+++ exim-4.95/src/readconf.c 2021-09-29 08:20:03.682883647 +0200
-@@ -215,6 +215,9 @@
- { "local_from_prefix", opt_stringptr, {&local_from_prefix} },
- { "local_from_suffix", opt_stringptr, {&local_from_suffix} },
- { "local_interfaces", opt_stringptr, {&local_interfaces} },
-+#ifdef DLOPEN_LOCAL_SCAN
-+ { "local_scan_path", opt_stringptr, {&local_scan_path} },
-+#endif
- #ifdef HAVE_LOCAL_SCAN
- { "local_scan_timeout", opt_time, {&local_scan_timeout} },
- #endif
-Only in exim-4.95/src: readconf.c.orig
diff --git a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
deleted file mode 100644
index 7eed4eb1855f..000000000000
--- a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch
+++ /dev/null
@@ -1,265 +0,0 @@
-https://nvd.nist.gov/vuln/detail/CVE-2023-51766
-
-
-From cf1376206284f2a4f11e32d931d4aade34c206c5 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Fri, 22 Dec 2023 23:57:05 +0000
-Subject: [PATCH] Reject "dot, LF" as ending data phase. Bug 3063
-
-From 5bb786d5ad568a88d50d15452aacc8404047e5ca Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sat, 23 Dec 2023 17:42:57 +0000
-Subject: [PATCH] Reject "dot, LF" as ending data phase (pt. 2). Bug 3063
-
-reduced to source changes only for Gentoo
-
-
-
-diff --git a/src/src/receive.c b/src/src/receive.c
-index e35400aec..c6f612832 100644
---- a/src/src/receive.c
-+++ b/src/src/receive.c
-@@ -836,93 +842,101 @@
- */
-
- static int
--read_message_data_smtp(FILE *fout)
-+read_message_data_smtp(FILE * fout, BOOL strict_crlf)
- {
--int ch_state = 0;
--int ch;
--int linelength = 0;
-+enum { s_linestart, s_normal, s_had_cr, s_had_nl_dot, s_had_dot_cr } ch_state =
-+ s_linestart;
-+int linelength = 0, ch;
-
- while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
- {
- if (ch == 0) body_zerocount++;
- switch (ch_state)
- {
-- case 0: /* After LF or CRLF */
-- if (ch == '.')
-- {
-- ch_state = 3;
-- continue; /* Don't ever write . after LF */
-- }
-- ch_state = 1;
-+ case s_linestart: /* After LF or CRLF */
-+ if (ch == '.')
-+ {
-+ ch_state = s_had_nl_dot;
-+ continue; /* Don't ever write . after LF */
-+ }
-+ ch_state = s_normal;
-
-- /* Else fall through to handle as normal uschar. */
-+ /* Else fall through to handle as normal uschar. */
-
-- case 1: /* Normal state */
-- if (ch == '\n')
-- {
-- ch_state = 0;
-- body_linecount++;
-+ case s_normal: /* Normal state */
-+ if (ch == '\r')
-+ {
-+ ch_state = s_had_cr;
-+ continue; /* Don't write the CR */
-+ }
-+ if (ch == '\n') /* Bare LF at end of line */
-+ if (strict_crlf)
-+ ch = ' '; /* replace LF with space */
-+ else
-+ { /* treat as line ending */
-+ ch_state = s_linestart;
-+ body_linecount++;
-+ if (linelength > max_received_linelength)
-+ max_received_linelength = linelength;
-+ linelength = -1;
-+ }
-+ break;
-+
-+ case s_had_cr: /* After (unwritten) CR */
-+ body_linecount++; /* Any char ends line */
- if (linelength > max_received_linelength)
-- max_received_linelength = linelength;
-+ max_received_linelength = linelength;
- linelength = -1;
-- }
-- else if (ch == '\r')
-- {
-- ch_state = 2;
-- continue;
-- }
-- break;
-+ if (ch == '\n') /* proper CRLF */
-+ ch_state = s_linestart;
-+ else
-+ {
-+ message_size++; /* convert the dropped CR to a stored NL */
-+ if (fout && fputc('\n', fout) == EOF) return END_WERROR;
-+ cutthrough_data_put_nl();
-+ if (ch == '\r') /* CR; do not write */
-+ continue;
-+ ch_state = s_normal; /* not LF or CR; process as standard */
-+ }
-+ break;
-
-- case 2: /* After (unwritten) CR */
-- body_linecount++;
-- if (linelength > max_received_linelength)
-- max_received_linelength = linelength;
-- linelength = -1;
-- if (ch == '\n')
-- {
-- ch_state = 0;
-- }
-- else
-- {
-- message_size++;
-- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
-- cutthrough_data_put_nl();
-- if (ch != '\r') ch_state = 1; else continue;
-- }
-- break;
-+ case s_had_nl_dot: /* After [CR] LF . */
-+ if (ch == '\n') /* [CR] LF . LF */
-+ if (strict_crlf)
-+ ch = ' '; /* replace LF with space */
-+ else
-+ return END_DOT;
-+ else if (ch == '\r') /* [CR] LF . CR */
-+ {
-+ ch_state = s_had_dot_cr;
-+ continue; /* Don't write the CR */
-+ }
-+ /* The dot was removed on reaching s_had_nl_dot. For a doubled dot, here,
-+ reinstate it to cutthrough. The current ch, dot or not, is passed both to
-+ cutthrough and to file below. */
-+ else if (ch == '.')
-+ {
-+ uschar c = ch;
-+ cutthrough_data_puts(&c, 1);
-+ }
-+ ch_state = s_normal;
-+ break;
-
-- case 3: /* After [CR] LF . */
-- if (ch == '\n')
-- return END_DOT;
-- if (ch == '\r')
-- {
-- ch_state = 4;
-- continue;
-- }
-- /* The dot was removed at state 3. For a doubled dot, here, reinstate
-- it to cutthrough. The current ch, dot or not, is passed both to cutthrough
-- and to file below. */
-- if (ch == '.')
-- {
-- uschar c= ch;
-- cutthrough_data_puts(&c, 1);
-- }
-- ch_state = 1;
-- break;
-+ case s_had_dot_cr: /* After [CR] LF . CR */
-+ if (ch == '\n')
-+ return END_DOT; /* Preferred termination */
-
-- case 4: /* After [CR] LF . CR */
-- if (ch == '\n') return END_DOT;
-- message_size++;
-- body_linecount++;
-- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
-- cutthrough_data_put_nl();
-- if (ch == '\r')
-- {
-- ch_state = 2;
-- continue;
-- }
-- ch_state = 1;
-- break;
-+ message_size++; /* convert the dropped CR to a stored NL */
-+ body_linecount++;
-+ if (fout && fputc('\n', fout) == EOF) return END_WERROR;
-+ cutthrough_data_put_nl();
-+ if (ch == '\r')
-+ {
-+ ch_state = s_had_cr;
-+ continue; /* CR; do not write */
-+ }
-+ ch_state = s_normal;
-+ break;
- }
-
- /* Add the character to the spool file, unless skipping; then loop for the
-@@ -1140,7 +1152,7 @@ receive_swallow_smtp(void)
- {
- if (message_ended >= END_NOTENDED)
- message_ended = chunking_state <= CHUNKING_OFFERED
-- ? read_message_data_smtp(NULL)
-+ ? read_message_data_smtp(NULL, FALSE)
- : read_message_bdat_smtp_wire(NULL);
- }
-
-@@ -1960,8 +1960,10 @@ for (;;)
-
- if (ch == '\n')
- {
-- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE;
-- else if (first_line_ended_crlf) receive_ungetc(' ');
-+ if (first_line_ended_crlf == TRUE_UNSET)
-+ first_line_ended_crlf = FALSE;
-+ else if (first_line_ended_crlf)
-+ receive_ungetc(' ');
- goto EOL;
- }
-
-@@ -1977,7 +1980,11 @@ for (;;)
- if (f.dot_ends && ptr == 0 && ch == '.')
- {
- ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
-- if (ch == '\r')
-+ if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ )
-+ /* dot, LF but we are in CRLF mode. Attack? */
-+ ch = ' '; /* replace the LF with a space */
-+
-+ else if (ch == '\r')
- {
- ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
- if (ch != '\n')
-@@ -2013,7 +2020,8 @@ for (;;)
- ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
- if (ch == '\n')
- {
-- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
-+ if (first_line_ended_crlf == TRUE_UNSET)
-+ first_line_ended_crlf = TRUE;
- goto EOL;
- }
-
-@@ -3241,7 +3253,7 @@ if (!ferror(spool_data_file) && !(receive_feof)() && message_ended != END_DOT)
- if (smtp_input)
- {
- message_ended = chunking_state <= CHUNKING_OFFERED
-- ? read_message_data_smtp(spool_data_file)
-+ ? read_message_data_smtp(spool_data_file, first_line_ended_crlf)
- : spool_wireformat
- ? read_message_bdat_smtp_wire(spool_data_file)
- : read_message_bdat_smtp(spool_data_file);
-diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
-index e19c86ff8..aeaffeb37 100644
---- a/src/src/smtp_in.c
-+++ b/src/src/smtp_in.c
-@@ -5112,7 +5112,10 @@ while (done <= 0)
- to get the DATA command sent. */
-
- if (!acl_smtp_predata && cutthrough.cctx.sock < 0)
-+ {
-+ if (!check_sync()) goto SYNC_FAILURE;
- rc = OK;
-+ }
- else
- {
- uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept";
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-01-28 18:20 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-01-28 18:20 UTC (permalink / raw
To: gentoo-commits
commit: 662e4585eef68252845c897c989764dddd350141
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 28 18:18:46 2024 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Jan 28 18:20:00 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=662e4585
mail-mta/exim-4.97.1-r2: update upstream patches for pcre2 memory usage
Bug: https://bugs.gentoo.org/922780
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
...exim-4.97.1-r1.ebuild => exim-4.97.1-r2.ebuild} | 0
.../files/exim-4.97.1-memory-usage-bug-3047.patch | 210 +++++++++++++++++++--
2 files changed, 190 insertions(+), 20 deletions(-)
diff --git a/mail-mta/exim/exim-4.97.1-r1.ebuild b/mail-mta/exim/exim-4.97.1-r2.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.97.1-r1.ebuild
rename to mail-mta/exim/exim-4.97.1-r2.ebuild
diff --git a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
index f141d08bb7b4..75e5d1a42781 100644
--- a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
+++ b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
@@ -1,36 +1,60 @@
-https://bugs.exim.org/show_bug.cgi?id=3047
-https://bugs.gentoo.org/922780
+From b4e7527561f1c68b821d5cf25efe29ae63d1d434 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 25 Jan 2024 17:48:43 +0000
+Subject: [PATCH] Appendfile: release regex-match store every thousand files.
+ Bug 3047
-diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c
-index ec41ca035..91b353079 100644
---- a/src/transports/appendfile.c
-+++ b/src/transports/appendfile.c
-@@ -153,6 +153,10 @@ static const char *mailbox_formats[] = {
- (!ob->quota_warn_threshold_is_percent || ob->quota_value > 0))
+From 35aacb69f5c839a4b77158464e401d86eb422ed6 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 26 Jan 2024 21:58:59 +0000
+Subject: [PATCH] ACL: in "regex" condition, release store every thousand
+ lines. Bug 3047
+
+
+diff --git a/src/src/exim.c b/src/src/exim.c
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -49,6 +49,8 @@ optimize out the tail recursion and so not make them too expensive. */
+ static void *
+ function_store_malloc(PCRE2_SIZE size, void * tag)
+ {
++if (size > INT_MAX)
++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "excessive memory alloc request");
+ return store_malloc((int)size);
+ }
+@@ -63,12 +65,15 @@ if (block) store_free(block);
+ static void *
+ function_store_get(PCRE2_SIZE size, void * tag)
+ {
++if (size > INT_MAX)
++ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "excessive memory alloc request");
+ return store_get((int)size, GET_UNTAINTED); /* loses track of taint */
+ }
+
+ static void
+ function_store_nullfree(void * block, void * tag)
+ {
++/* We cannot free memory allocated using store_get() */
+ }
-+/* Free memory allocated by PCRE2 every so often, because a recent version
-+is now using 20kB for every match call */
-+
-+#define RESET_STORE_FILECNT 1000
- /*************************************************
- * Setup entry point *
+diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c
+--- a/src/transports/appendfile.c
++++ b/src/transports/appendfile.c
@@ -661,13 +665,14 @@ Returns: the sum of the sizes of the stattable files
off_t
check_dir_size(const uschar * dirname, int * countptr, const pcre2_code * re)
{
--DIR *dir;
-+DIR * dir;
+ DIR *dir;
off_t sum = 0;
-int count = *countptr;
-+int count = *countptr, lcount = RESET_STORE_FILECNT;
++int count = *countptr, lcount = REGEX_LOOPCOUNT_STORE_RESET;
+rmark reset_point = store_mark();
if (!(dir = exim_opendir(dirname))) return 0;
--for (struct dirent *ent; ent = readdir(dir); )
-+for (struct dirent * ent; ent = readdir(dir); )
+ for (struct dirent *ent; ent = readdir(dir); )
{
uschar * path, * name = US ent->d_name;
struct stat statbuf;
@@ -41,7 +65,7 @@ index ec41ca035..91b353079 100644
+ if (--lcount == 0)
+ {
+ store_reset(reset_point); reset_point = store_mark();
-+ lcount = RESET_STORE_FILECNT;
++ lcount = REGEX_LOOPCOUNT_STORE_RESET;
+ }
/* If there's a regex, try to find the size using it */
@@ -54,3 +78,149 @@ index ec41ca035..91b353079 100644
*countptr = count;
return sum;
}
+diff --git a/src/src/macros.h b/src/src/macros.h
+--- a/src/macros.h
++++ b/src/macros.h
+@@ -1185,4 +1185,9 @@ typedef enum {
+ sw_mrc_tx_fail, /* transmit failed */
+ } sw_mrc_t;
+
++/* Recent versions of PCRE2 are allocating 20kB per match, rather than the previous 112 B.
++When doing en extended loop of matching, release store periodically. */
++
++#define REGEX_LOOPCOUNT_STORE_RESET 1000
++
+ /* End of macros.h */
+diff --git a/src/src/regex.c b/src/src/regex.c
+--- a/src/regex.c
++++ b/src/regex.c
+@@ -31,12 +31,11 @@ extern uschar *mime_current_boundary;
+
+
+ static pcre_list *
+-compile(const uschar * list, BOOL cacheable)
++compile(const uschar * list, BOOL cacheable, int * cntp)
+ {
+-int sep = 0;
++int sep = 0, cnt = 0;
+ uschar * regex_string;
+-pcre_list * re_list_head = NULL;
+-pcre_list * ri;
++pcre_list * re_list_head = NULL, * ri;
+
+ /* precompile our regexes */
+ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
+@@ -58,7 +57,9 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
+ ri->pcre_text = regex_string;
+ ri->next = re_list_head;
+ re_list_head = ri;
++ cnt++;
+ }
++if (cntp) *cntp = cnt;
+ return re_list_head;
+ }
+
+@@ -112,7 +113,8 @@ FILE * mbox_file;
+ pcre_list * re_list_head;
+ uschar * linebuffer;
+ long f_pos = 0;
+-int ret = FAIL;
++int ret = FAIL, cnt, lcount = REGEX_LOOPCOUNT_STORE_RESET;
++rmark reset_point;
+
+ regex_vars_clear();
+
+@@ -136,26 +138,34 @@ else
+ mbox_file = mime_stream;
+ }
+
+-/* precompile our regexes */
+-if (!(re_list_head = compile(*listptr, cacheable)))
+- return FAIL; /* no regexes -> nothing to do */
+-
+-/* match each line against all regexes */
+-linebuffer = store_get(32767, GET_TAINTED);
+-while (fgets(CS linebuffer, 32767, mbox_file))
++reset_point = store_mark();
+ {
+- if ( mime_stream && mime_current_boundary /* check boundary */
+- && Ustrncmp(linebuffer, "--", 2) == 0
+- && Ustrncmp((linebuffer+2), mime_current_boundary,
+- Ustrlen(mime_current_boundary)) == 0)
+- break; /* found boundary */
+-
+- if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
+- goto done;
++ /* precompile our regexes */
++ if ((re_list_head = compile(*listptr, cacheable, &cnt)))
++ {
++ /* match each line against all regexes */
++ linebuffer = store_get(32767, GET_TAINTED);
++ while (fgets(CS linebuffer, 32767, mbox_file))
++ {
++ if ( mime_stream && mime_current_boundary /* check boundary */
++ && Ustrncmp(linebuffer, "--", 2) == 0
++ && Ustrncmp((linebuffer+2), mime_current_boundary,
++ Ustrlen(mime_current_boundary)) == 0)
++ break; /* found boundary */
++
++ if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK)
++ break;
++
++ if ((lcount -= cnt) <= 0)
++ {
++ store_reset(reset_point); reset_point = store_mark();
++ lcount = REGEX_LOOPCOUNT_STORE_RESET;
++ }
++ }
++ }
+ }
+-/* no matches ... */
++store_reset(reset_point);
+
+-done:
+ if (!mime_stream)
+ (void)fclose(mbox_file);
+ else
+@@ -180,14 +190,11 @@ pcre_list * re_list_head = NULL;
+ FILE * f;
+ uschar * mime_subject = NULL;
+ int mime_subject_len = 0;
+-int ret;
++int ret = FAIL;
++rmark reset_point;
+
+ regex_vars_clear();
+
+-/* precompile our regexes */
+-if (!(re_list_head = compile(*listptr, cacheable)))
+- return FAIL; /* no regexes -> nothing to do */
+-
+ /* check if the file is already decoded */
+ if (!mime_decoded_filename)
+ { /* no, decode it first */
+@@ -210,12 +217,20 @@ if (!(f = fopen(CS mime_decoded_filename, "rb")))
+ return DEFER;
+ }
+
+-/* get 32k memory, tainted */
+-mime_subject = store_get(32767, GET_TAINTED);
++reset_point = store_mark();
++ {
++ /* precompile our regexes */
++ if ((re_list_head = compile(*listptr, cacheable, NULL)))
++ {
++ /* get 32k memory, tainted */
++ mime_subject = store_get(32767, GET_TAINTED);
+
+-mime_subject_len = fread(mime_subject, 1, 32766, f);
++ mime_subject_len = fread(mime_subject, 1, 32766, f);
+
+-ret = matcher(re_list_head, mime_subject, mime_subject_len);
++ ret = matcher(re_list_head, mime_subject, mime_subject_len);
++ }
++ }
++store_reset(reset_point);
+ (void)fclose(f);
+ return ret;
+ }
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-02-11 20:07 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-02-11 20:07 UTC (permalink / raw
To: gentoo-commits
commit: 2582b32d9016fdda44afd8cbbfbb198584e14c41
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 11 20:05:31 2024 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Feb 11 20:05:31 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2582b32d
mail-mta/exim-4.97.1-r3: update regex memory patch
Include 84add256b346 from upstream.
Bug: https://bugs.gentoo.org/922780
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
...exim-4.97.1-r2.ebuild => exim-4.97.1-r3.ebuild} | 0
.../files/exim-4.97.1-memory-usage-bug-3047.patch | 35 +++++++++++++++++++++-
2 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/mail-mta/exim/exim-4.97.1-r2.ebuild b/mail-mta/exim/exim-4.97.1-r3.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.97.1-r2.ebuild
rename to mail-mta/exim/exim-4.97.1-r3.ebuild
diff --git a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
index 75e5d1a42781..b8f4eb9c5eef 100644
--- a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
+++ b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
@@ -10,6 +10,11 @@ Date: Fri, 26 Jan 2024 21:58:59 +0000
Subject: [PATCH] ACL: in "regex" condition, release store every thousand
lines. Bug 3047
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 11 Feb 2024 13:57:18 +0000 (+0000)
+Subject: Use non-releaseable memory for regex match strings. Bug 3047
+Broken-by: 35aacb69f5c8
+
diff --git a/src/src/exim.c b/src/src/exim.c
--- a/src/exim.c
@@ -110,7 +115,7 @@ diff --git a/src/src/regex.c b/src/src/regex.c
/* precompile our regexes */
while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
-@@ -58,7 +57,9 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
+@@ -58,10 +57,19 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0)))
ri->pcre_text = regex_string;
ri->next = re_list_head;
re_list_head = ri;
@@ -120,6 +125,34 @@ diff --git a/src/src/regex.c b/src/src/regex.c
return re_list_head;
}
++
++/* Check list of REs against buffer, returning OK for (first) match,
++else FAIL. On match return allocated result strings in regex_vars[].
++
++We use the perm-pool for that, so that our caller can release
++other allocations.
++*/
+ static int
+ matcher(pcre_list * re_list_head, uschar * linebuffer, int len)
+ {
+@@ -75,6 +82,9 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
+ /* try matcher on the line */
+ if ((n = pcre2_match(ri->re, (PCRE2_SPTR)linebuffer, len, 0, 0, md, pcre_gen_mtc_ctx)) > 0)
+ {
++ int save_pool = store_pool;
++ store_pool = POOL_PERM;
++
+ Ustrncpy(regex_match_string_buffer, ri->pcre_text,
+ sizeof(regex_match_string_buffer)-1);
+ regex_match_string = regex_match_string_buffer;
+@@ -87,6 +97,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next)
+ regex_vars[nn-1] = string_copyn(linebuffer + ovec[off], len);
+ }
+
++ store_pool = save_pool;
+ return OK;
+ }
+ }
@@ -112,7 +113,8 @@ FILE * mbox_file;
pcre_list * re_list_head;
uschar * linebuffer;
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-02-16 12:08 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-02-16 12:08 UTC (permalink / raw
To: gentoo-commits
commit: 8b177cea39a5f4c6b96b698fb29266678ee19e0b
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 16 12:07:39 2024 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Feb 16 12:07:39 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b177cea
mail-mta/exim-4.97.1-r4: update regex memory patch
Include 44b3172e3694 from upstream.
Bug: https://bugs.gentoo.org/922780
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
.../{exim-4.97.1-r4.ebuild => exim-4.97.1-r5.ebuild} | 0
.../exim/files/exim-4.97.1-memory-usage-bug-3047.patch | 18 ++++++++++++------
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/mail-mta/exim/exim-4.97.1-r4.ebuild b/mail-mta/exim/exim-4.97.1-r5.ebuild
similarity index 100%
rename from mail-mta/exim/exim-4.97.1-r4.ebuild
rename to mail-mta/exim/exim-4.97.1-r5.ebuild
diff --git a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
index e467edf71fa2..c9b52f2aebfe 100644
--- a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
+++ b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch
@@ -26,6 +26,11 @@ Date: Tue, 13 Feb 2024 17:34:19 +0000
Subject: [PATCH] Use non-releasable memory for regex line-buffer
Broken-by: 5aacb69f5c8
+From 44b3172e369435c2c1baa4e9c837252f729d2905 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 15 Feb 2024 19:56:40 +0000
+Subject: [PATCH] regex: avoid releasing built RE midloop
+
diff --git a/src/src/exim.c b/src/src/exim.c
--- a/src/exim.c
+++ b/src/exim.c
@@ -176,7 +181,7 @@ diff --git a/src/src/regex.c b/src/src/regex.c
return OK;
}
}
-@@ -110,9 +111,9 @@ FILE * mbox_file;
+@@ -110,9 +111,8 @@ FILE * mbox_file;
unsigned long mbox_size;
FILE * mbox_file;
pcre_list * re_list_head;
@@ -184,7 +189,6 @@ diff --git a/src/src/regex.c b/src/src/regex.c
long f_pos = 0;
-int ret = FAIL;
+int ret = FAIL, cnt, lcount = REGEX_LOOPCOUNT_STORE_RESET;
-+rmark reset_point;
regex_vars_clear();
@@ -199,8 +203,7 @@ diff --git a/src/src/regex.c b/src/src/regex.c
-/* match each line against all regexes */
-linebuffer = store_get(32767, GET_TAINTED);
-while (fgets(CS linebuffer, 32767, mbox_file))
-+reset_point = store_mark();
- {
+- {
- if ( mime_stream && mime_current_boundary /* check boundary */
- && Ustrncmp(linebuffer, "--", 2) == 0
- && Ustrncmp((linebuffer+2), mime_current_boundary,
@@ -212,6 +215,8 @@ diff --git a/src/src/regex.c b/src/src/regex.c
+ /* precompile our regexes */
+ if ((re_list_head = compile(*listptr, cacheable, &cnt)))
+ {
++ rmark reset_point = store_mark();
++
+ while (fgets(CS big_buffer, big_buffer_size, mbox_file))
+ {
+ if ( mime_stream && mime_current_boundary /* check boundary */
@@ -229,10 +234,11 @@ diff --git a/src/src/regex.c b/src/src/regex.c
+ lcount = REGEX_LOOPCOUNT_STORE_RESET;
+ }
+ }
++
++ store_reset(reset_point);
+ }
- }
+- }
-/* no matches ... */
-+store_reset(reset_point);
-done:
if (!mime_stream)
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
@ 2024-08-21 7:40 Fabian Groffen
0 siblings, 0 replies; 26+ messages in thread
From: Fabian Groffen @ 2024-08-21 7:40 UTC (permalink / raw
To: gentoo-commits
commit: 1097635d14eeaaa52eeda75da3257a08c27bcf30
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 21 07:39:00 2024 +0000
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed Aug 21 07:39:47 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1097635d
mail-mta/exim-4.97.1-r6: CVE-2024-39929
Bug: https://bugs.gentoo.org/938214
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
mail-mta/exim/exim-4.97.1-r6.ebuild | 637 +++++++++++++++++++++
.../files/exim-4.97.1-CVE-2024-39929-part1.patch | 111 ++++
.../files/exim-4.97.1-CVE-2024-39929-part2.patch | 247 ++++++++
3 files changed, 995 insertions(+)
diff --git a/mail-mta/exim/exim-4.97.1-r6.ebuild b/mail-mta/exim/exim-4.97.1-r6.ebuild
new file mode 100644
index 000000000000..fbc02d2e7b6f
--- /dev/null
+++ b/mail-mta/exim/exim-4.97.1-r6.ebuild
@@ -0,0 +1,637 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit db-use flag-o-matic toolchain-funcs pam systemd
+
+IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl
+dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx
+mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux
+socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X"
+REQUIRED_USE="
+ arc? ( dkim spf )
+ dane? ( ssl !gnutls )
+ !dane? ( ssl? ( gnutls ) )
+ dmarc? ( dkim spf )
+ dkim? ( ssl !gnutls )
+ gnutls? ( ssl )
+ pkcs11? ( ssl )
+ || ( berkdb gdbm tdb )
+"
+# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked
+# for x86 and amd64 only (probably due to unbound dep)
+# Exim supports it but we cannot express the dep USE=dane when
+# USE=gnutls is in effect only in package.use.mask, the only option we
+# have left is to a) ignore the dependency (but that results in bug
+# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are
+# incorrect, but b) is the only "correct" view from dep-pointofview.
+# Bug #925108 showed that DANE is basically non-optional with OpenSSL,
+# so we make -dane mandatory to use gnutls. Bleh.
+# We cannot express a required use for berkdb/gdbm/tdb correctly because
+# berkdb and gdbm are both enabled in base profile
+
+SDIR=$([[ ${PV} == *_rc* ]] && echo /test
+ [[ ${PV} == *.*.*.* ]] && echo /fixes)
+COMM_URI="https://downloads.exim.org/exim4${SDIR}"
+
+GPV="r0"
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz
+ mirror://gentoo/system_filter.exim.gz
+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )"
+HOMEPAGE="https://www.exim.org/"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+COMMON_DEPEND=">=sys-apps/sed-4.0.5
+ dev-libs/libpcre2:=
+ tdb? ( sys-libs/tdb:= )
+ !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) )
+ !tdb? ( !berkdb? ( sys-libs/gdbm:= ) )
+ idn? ( net-dns/libidn:= net-dns/libidn2:= )
+ perl? ( dev-lang/perl:= )
+ pam? ( sys-libs/pam )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ gnutls? (
+ net-libs/gnutls:0=[pkcs11?]
+ dev-libs/libtasn1
+ )
+ !gnutls? (
+ dev-libs/openssl:0=
+ )
+ )
+ ldap? ( >=net-nds/openldap-2.0.7:= )
+ elibc_glibc? (
+ net-libs/libnsl:=
+ nis? (
+ net-libs/libtirpc:=
+ >=net-libs/libnsl-1:=
+ )
+ )
+ mysql? ( dev-db/mysql-connector-c:= )
+ postgres? ( dev-db/postgresql:= )
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
+ redis? ( dev-libs/hiredis:= )
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
+ dmarc? ( mail-filter/opendmarc:= )
+ X? (
+ x11-libs/libX11
+ x11-libs/libXmu
+ x11-libs/libXt
+ x11-libs/libXaw
+ )
+ sqlite? ( dev-db/sqlite )
+ radius? ( net-dialup/freeradius-client )
+ virtual/libcrypt:=
+ virtual/libiconv
+ "
+ # added X check for #57206
+BDEPEND="virtual/pkgconfig"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/msmtp[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/sendmail
+ !mail-mta/opensmtpd
+ !mail-mta/ssmtp[mta]
+ >=net-mail/mailbase-0.00-r5
+ virtual/logger
+ dcc? ( mail-filter/dcc )
+ selinux? ( sec-policy/selinux-exim )
+ "
+
+S=${WORKDIR}/${P//_rc/-RC}
+
+src_prepare() {
+ # Legacy patches which need a respin for -p1
+ eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch
+ eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
+ eapply "${FILESDIR}"/exim-4.97-as-needed-ldflags.patch # 352265, 391279
+ eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
+ eapply "${FILESDIR}"/exim-4.69-r1.27021.patch
+ eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch
+ eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch
+ eapply "${FILESDIR}"/exim-4.97.1-memory-usage-bug-3047.patch # 922780
+
+ eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part1.patch
+ eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part2.patch
+
+ # oddity, they disable berkdb as hack, and then throw an error when
+ # berkdb isn't enabled
+ sed -i \
+ -e 's/_DB_/_DONTMESS_/' \
+ -e 's/define DB void/define DONTMESS void/' \
+ src/auths/call_radius.c || die
+
+ if use maildir ; then
+ eapply "${FILESDIR}"/exim-4.94-maildir.patch
+ else
+ eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
+ fi
+
+ eapply_user
+
+ # user Exim believes it should be
+ MAILUSER=mail
+ MAILGROUP=mail
+ if use prefix && [[ ${EUID} != 0 ]] ; then
+ MAILUSER=$(id -un)
+ MAILGROUP=$(id -gn)
+ fi
+}
+
+src_configure() {
+ # general config and paths
+
+ local aliases="${EPREFIX}/etc/mail/aliases"
+ sed -i \
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \
+ src/configure.default || die
+
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die
+
+ if use elibc_musl; then
+ sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die
+ append-cflags -DNO_EXECINFO
+ fi
+
+ local conffile="${EPREFIX}/etc/exim/exim.conf"
+ sed -e "48i\CFLAGS=${CFLAGS}" \
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
+ -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \
+ -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
+ src/EDITME > Local/Makefile || die
+
+ # work on Local/Makefile from now on
+ cd Local
+
+ cat >> Makefile <<- EOC
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
+ HAVE_ICONV=yes
+ WITH_CONTENT_SCAN=yes
+ EOC
+
+ # configure db implementation, Exim always needs one for its hints
+ # database, we prefer tdb and gdbm, since bdb is kind of getting
+ # less and less support
+ if use tdb ; then
+ cat >> Makefile <<- EOC
+ USE_TDB=yes
+ DBMLIB = -ltdb
+ EOC
+ sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+ sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+ elif use gdbm ; then
+ cat >> Makefile <<- EOC
+ USE_GDBM=yes
+ DBMLIB = -lgdbm
+ EOC
+ sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die
+ sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+ else # must be berkdb via required_use
+ # use the "native" interfaces to the DBM and CDB libraries, support
+ # passwd and directory lookups by default
+ local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2"
+ cat >> Makefile <<- EOC
+ USE_DB=yes
+ # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h
+ CFLAGS += -I$(db_includedir ${DB_VERS})
+ DBMLIB = -l$(db_libname ${DB_VERS})
+ EOC
+ sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die
+ sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die
+ fi
+
+ # if we use libiconv, now is the time to tell so
+ if use !elibc_glibc && use !elibc_musl ; then
+ cat >> Makefile <<- EOC
+ EXTRALIBS_EXIM=-liconv
+ EOC
+ fi
+
+ # support for IPv6
+ if use ipv6; then
+ cat >> Makefile <<- EOC
+ HAVE_IPV6=YES
+ EOC
+ fi
+
+ # support i18n/IDNA
+ if use idn; then
+ cat >> Makefile <<- EOC
+ SUPPORT_I18N=yes
+ SUPPORT_I18N_2008=yes
+ EXTRALIBS_EXIM += -lidn -lidn2
+ EOC
+ fi
+
+ #
+ # mail storage formats
+ #
+
+ # mailstore is Exim's traditional storage format
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILSTORE=yes
+ EOC
+
+ # mbox
+ if use mbx; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MBX=yes
+ EOC
+ fi
+
+ # maildir
+ if use maildir; then
+ cat >> Makefile <<- EOC
+ SUPPORT_MAILDIR=yes
+ EOC
+ fi
+
+ #
+ # lookup methods
+ #
+
+ # support passwd and directory lookups by default
+ cat >> Makefile <<- EOC
+ LOOKUP_CDB=yes
+ LOOKUP_PASSWD=yes
+ LOOKUP_DSEARCH=yes
+ EOC
+
+ if ! use dnsdb; then
+ # DNSDB lookup is enabled by default
+ sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die
+ fi
+
+ if use ldap; then
+ cat >> Makefile <<- EOC
+ LOOKUP_LDAP=yes
+ LDAP_LIB_TYPE=OPENLDAP2
+ LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap
+ LOOKUP_LIBS += -lldap -llber
+ EOC
+ fi
+
+ if use mysql; then
+ cat >> Makefile <<- EOC
+ LOOKUP_MYSQL=yes
+ LOOKUP_INCLUDE += $(mysql_config --include)
+ LOOKUP_LIBS += $(mysql_config --libs)
+ EOC
+ fi
+
+ if use nis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_NIS=yes
+ LOOKUP_NISPLUS=yes
+ EOC
+ if use elibc_glibc ; then
+ cat >> Makefile <<- EOC
+ LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc
+ LOOKUP_LIBS += -lnsl
+ EOC
+ fi
+ fi
+
+ if use postgres; then
+ cat >> Makefile <<- EOC
+ LOOKUP_PGSQL=yes
+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
+ EOC
+ fi
+
+ if use sqlite; then
+ cat >> Makefile <<- EOC
+ LOOKUP_SQLITE=yes
+ LOOKUP_SQLITE_PC=sqlite3
+ EOC
+ fi
+
+ if use redis; then
+ cat >> Makefile <<- EOC
+ LOOKUP_REDIS=yes
+ LOOKUP_LIBS += -lhiredis
+ EOC
+ fi
+
+ # Exim monitor, enabled by default, controlled via X USE-flag,
+ # disable if not requested, bug #46778
+ if use X; then
+ cp ../exim_monitor/EDITME eximon.conf || die
+ cat >> Makefile <<- EOC
+ EXIM_MONITOR=eximon.bin
+ EOC
+ fi
+
+ #
+ # features
+ #
+
+ # DomainKeys Identified Mail, RFC4871
+ if ! use dkim; then
+ # DKIM is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_DKIM=yes
+ EOC
+ fi
+
+ # Per-Recipient-Data-Response
+ if ! use prdr; then
+ # PRDR is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_PRDR=yes
+ EOC
+ fi
+
+ # Transport post-delivery actions
+ if use !tpda && use !dane; then
+ # EVENT is enabled by default
+ cat >> Makefile <<- EOC
+ DISABLE_EVENT=yes
+ EOC
+ fi
+
+ # log to syslog
+ if use syslog; then
+ local eximlog="${EPREFIX}/var/log/exim/exim_%s.log"
+ sed -i \
+ -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \
+ Makefile || die
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=syslog
+ EOC
+ else
+ cat >> Makefile <<- EOC
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
+ EOC
+ fi
+
+ # starttls support (ssl)
+ if use ssl; then
+ if use gnutls; then
+ echo "USE_GNUTLS=yes" >> Makefile
+ echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \
+ >> Makefile
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
+ else
+ echo "USE_OPENSSL=yes" >> Makefile
+ echo "USE_OPENSSL_PC=openssl" >> Makefile
+ fi
+ else
+ echo "DISABLE_TLS=yes" >> Makefile
+ fi
+
+ # TCP wrappers
+ if use tcpd; then
+ cat >> Makefile <<- EOC
+ USE_TCP_WRAPPERS=yes
+ EXTRALIBS_EXIM += -lwrap
+ EOC
+ fi
+
+ # Light Mail Transport Protocol
+ if use lmtp; then
+ cat >> Makefile <<- EOC
+ TRANSPORT_LMTP=yes
+ EOC
+ fi
+
+ # embedded Perl
+ if use perl; then
+ cat >> Makefile <<- EOC
+ EXIM_PERL=perl.o
+ EOC
+ fi
+
+ # dlfunc
+ if use dlfunc; then
+ cat >> Makefile <<- EOC
+ EXPAND_DLFUNC=yes
+ HAVE_LOCAL_SCAN=yes
+ DLOPEN_LOCAL_SCAN=yes
+ EOC
+ fi
+
+ # Proxy Protocol
+ if use proxy; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PROXY=yes
+ EOC
+ fi
+
+ # SOCKS5 (outbound) proxy support
+ if use socks5; then
+ cat >> Makefile <<- EOC
+ SUPPORT_SOCKS=yes
+ EOC
+ fi
+
+ # DANE
+ if use !dane; then
+ # DANE is enabled by default
+ sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die
+ fi
+
+ # DMARC
+ if use dmarc; then
+ cat >> Makefile <<- EOC
+ SUPPORT_DMARC=yes
+ EXTRALIBS_EXIM += -lopendmarc
+ EOC
+ fi
+
+ # Sender Policy Framework
+ if use spf; then
+ cat >> Makefile <<- EOC
+ SUPPORT_SPF=yes
+ EXTRALIBS_EXIM += -lspf2
+ EOC
+ fi
+
+ #
+ # experimental features
+ #
+
+ # Authenticated Receive Chain
+ if use arc; then
+ echo "EXPERIMENTAL_ARC=yes">> Makefile
+ fi
+
+ # Distributed Checksum Clearinghouse
+ if use dcc; then
+ echo "EXPERIMENTAL_DCC=yes">> Makefile
+ fi
+
+ # Sender Rewriting Scheme
+ if use srs; then
+ # this one is the default/supported variant since 4.95, and the
+ # only variant available since 4.96
+ cat >> Makefile <<- EOC
+ SUPPORT_SRS=yes
+ EOC
+ fi
+
+ # Delivery Sender Notifications extra information in fail message
+ if use dsn; then
+ cat >> Makefile <<- EOC
+ EXPERIMENTAL_DSN_INFO=yes
+ EOC
+ fi
+
+ #
+ # authentication (SMTP AUTH)
+ #
+
+ # standard bits
+ cat >> Makefile <<- EOC
+ AUTH_SPA=yes
+ AUTH_CRAM_MD5=yes
+ AUTH_PLAINTEXT=yes
+ EOC
+
+ # Cyrus SASL
+ if use sasl; then
+ cat >> Makefile <<- EOC
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
+ AUTH_CYRUS_SASL=yes
+ AUTH_LIBS += -lsasl2
+ EOC
+ fi
+
+ # Dovecot
+ if use dovecot-sasl; then
+ cat >> Makefile <<- EOC
+ AUTH_DOVECOT=yes
+ EOC
+ fi
+
+ # Pluggable Authentication Modules
+ if use pam; then
+ cat >> Makefile <<- EOC
+ SUPPORT_PAM=yes
+ AUTH_LIBS += -lpam
+ EOC
+ fi
+
+ # Radius
+ if use radius; then
+ cat >> Makefile <<- EOC
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
+ AUTH_LIBS += -lfreeradius-client
+ EOC
+ fi
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO=''
+}
+
+src_install() {
+ cd "${S}"/build-exim-gentoo || die
+ dosbin exim
+ if use X; then
+ dosbin eximon.bin
+ dosbin eximon
+ fi
+ fperms 4755 /usr/sbin/exim
+
+ dosym exim /usr/sbin/sendmail
+ dosym exim /usr/sbin/rsmtp
+ dosym exim /usr/sbin/rmail
+ dosym ../sbin/exim /usr/bin/mailq
+ dosym ../sbin/exim /usr/bin/newaliases
+ dosym ../sbin/sendmail /usr/lib/sendmail
+
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
+ convert4r3 convert4r4 exipick
+ do
+ dosbin $i
+ done
+
+ dodoc -r "${S}"/doc/.
+ doman "${S}"/doc/exim.8
+ use dsn && dodoc "${S}"/README.DSN
+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
+
+ # conf files
+ insinto /etc/exim
+ newins "${S}"/src/configure.default exim.conf.dist
+ doins "${WORKDIR}"/system_filter.exim
+ doins "${FILESDIR}"/auth_conf.sub
+
+ if use pam; then
+ pamd_mimic system-auth exim auth account
+ fi
+
+ # headers, #436406
+ if use dlfunc ; then
+ # fixup includes so they actually can be found when including
+ sed -i \
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
+ local_scan.h || die
+ insinto /usr/include/exim
+ doins {config,local_scan}.h ../src/{mytypes,store}.h
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/exim.logrotate" exim
+
+ newinitd "${FILESDIR}"/exim.rc10 exim
+ newconfd "${FILESDIR}"/exim.confd exim
+
+ systemd_dounit \
+ "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
+ systemd_newunit \
+ "${FILESDIR}"/exim_at.service 'exim@.service'
+ systemd_newunit \
+ "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
+
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
+ keepdir /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then
+ einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter."
+ einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub"
+ einfo "for using smtp auth."
+ einfo "Please create ${EROOT}/etc/exim/exim.conf from"
+ einfo " ${EROOT}/etc/exim/exim.conf.dist."
+ fi
+ if use berkdb && ( use gdbm || use tdb ) ; then
+ ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!"
+ fi
+ if use dmarc ; then
+ einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds"
+ einfo "you can populate this file with the contents downloaded from"
+ einfo " https://publicsuffix.org/list/public_suffix_list.dat"
+ fi
+ if use dcc ; then
+ einfo "DCC support is experimental, you can find some limited"
+ einfo "documentation at the bottom of this prerelease message:"
+ einfo " http://article.gmane.org/gmane.mail.exim.devel/3579"
+ fi
+ use dsn && einfo "extra information in fail DSN message is experimental"
+ einfo
+ elog "Note that this release contains a tainted variable check that"
+ elog "is likely to break your configuration used with Exim 4.93 and before."
+ elog "Please check your transports for occurences of \$local_part, and"
+ elog "use a replacement like \$local_part_data where possible."
+}
diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch
new file mode 100644
index 000000000000..e83a44abc986
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch
@@ -0,0 +1,111 @@
+patch reduced to code only
+
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 1 Jul 2024 18:35:12 +0000 (+0100)
+Subject: Fix MIME parsing of filenames specified using multiple parameters. Bug 3099
+X-Git-Tag: exim-4.98-RC3~2
+X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/6ce5c70cff89
+
+Fix MIME parsing of filenames specified using multiple parameters. Bug 3099
+---
+
+diff --git a/src/src/mime.c b/src/src/mime.c
+index 975ddca85..5f9e1ade7 100644
+--- a/src/src/mime.c
++++ b/src/src/mime.c
+@@ -587,10 +587,10 @@ while(1)
+
+ while (*p)
+ {
+- DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: considering paramlist '%s'\n", p);
+
+- if ( !mime_filename
+- && strncmpic(CUS"content-disposition:", header, 20) == 0
++ if ( strncmpic(CUS"content-disposition:", header, 20) == 0
+ && strncmpic(CUS"filename*", p, 9) == 0
+ )
+ { /* RFC 2231 filename */
+@@ -604,11 +604,12 @@ while(1)
+
+ if (q && *q)
+ {
+- uschar * temp_string, * err_msg;
++ uschar * temp_string, * err_msg, * fname = q;
+ int slen;
+
+ /* build up an un-decoded filename over successive
+ filename*= parameters (for use when 2047 decode fails) */
++/*XXX could grow a gstring here */
+
+ mime_fname_rfc2231 = string_sprintf("%#s%s",
+ mime_fname_rfc2231, q);
+@@ -623,26 +624,32 @@ while(1)
+ /* look for a ' in the "filename" */
+ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
+
+- if ((size = s-q) > 0)
+- mime_filename_charset = string_copyn(q, size);
++ if (*s) /* there was a ' */
++ {
++ if ((size = s-q) > 0)
++ mime_filename_charset = string_copyn(q, size);
+
+- if (*(p = s)) p++;
+- while(*p == '\'') p++; /* p is after 2nd ' */
++ if (*(fname = s)) fname++;
++ while(*fname == '\'') fname++; /* fname is after 2nd ' */
++ }
+ }
+- else
+- p = q;
+
+- DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n",
+- mime_filename_charset ? mime_filename_charset : US"<NULL>", p);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: charset %s fname '%s'\n",
++ mime_filename_charset ? mime_filename_charset : US"<NULL>",
++ fname);
+
+- temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen);
+- DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string);
++ temp_string = rfc2231_to_2047(fname, mime_filename_charset,
++ &slen);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: 2047-name %s\n", temp_string);
+
+ temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
+- NULL, &err_msg);
+- DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string);
++ NULL, &err_msg);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: plain-name %s\n", temp_string);
+
+- if (!temp_string || (size = Ustrlen(temp_string)) == slen)
++ if (!temp_string || (size = Ustrlen(temp_string)) == slen)
+ decoding_failed = TRUE;
+ else
+ /* build up a decoded filename over successive
+@@ -651,9 +658,9 @@ while(1)
+ mime_filename = mime_fname = mime_fname
+ ? string_sprintf("%s%s", mime_fname, temp_string)
+ : temp_string;
+- }
+- }
+- }
++ } /*!decoding_failed*/
++ } /*q*/
++ } /*2231 filename*/
+
+ else
+ /* look for interesting parameters */
+@@ -682,7 +689,7 @@ while(1)
+
+
+ /* There is something, but not one of our interesting parameters.
+- Advance past the next semicolon */
++ Advance past the next semicolon */
+ p = mime_next_semicolon(p);
+ if (*p) p++;
+ } /* param scan on line */
diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch
new file mode 100644
index 000000000000..f33e33598379
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch
@@ -0,0 +1,247 @@
+patch reduced to code only
+
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 2 Jul 2024 13:41:19 +0000 (+0100)
+Subject: MIME: support RFC 2331 for name=. Bug 3099
+X-Git-Tag: exim-4.98-RC3~1
+X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/1b3209b0577a
+
+MIME: support RFC 2331 for name=. Bug 3099
+---
+
+diff --git a/src/src/mime.c b/src/src/mime.c
+index 5f9e1ade7..8044bb3fd 100644
+--- a/src/src/mime.c
++++ b/src/src/mime.c
+@@ -30,10 +30,10 @@ static int mime_header_list_size = nelem(mime_header_list);
+
+ static mime_parameter mime_parameter_list[] = {
+ /* name namelen value */
+- { US"name=", 5, &mime_filename },
+- { US"filename=", 9, &mime_filename },
+- { US"charset=", 8, &mime_charset },
+- { US"boundary=", 9, &mime_boundary }
++ { US"name", 4, &mime_filename },
++ { US"filename", 8, &mime_filename },
++ { US"charset", 7, &mime_charset },
++ { US"boundary", 8, &mime_boundary }
+ };
+
+
+@@ -577,8 +577,8 @@ while(1)
+ if (*(p = q)) p++; /* jump past the ; */
+
+ {
+- uschar * mime_fname = NULL;
+- uschar * mime_fname_rfc2231 = NULL;
++ gstring * mime_fname = NULL;
++ gstring * mime_fname_rfc2231 = NULL;
+ uschar * mime_filename_charset = NULL;
+ BOOL decoding_failed = FALSE;
+
+@@ -590,90 +590,92 @@ while(1)
+ DEBUG(D_acl)
+ debug_printf_indent("MIME: considering paramlist '%s'\n", p);
+
+- if ( strncmpic(CUS"content-disposition:", header, 20) == 0
+- && strncmpic(CUS"filename*", p, 9) == 0
+- )
+- { /* RFC 2231 filename */
+- uschar * q;
+-
+- /* find value of the filename */
+- p += 9;
+- while(*p != '=' && *p) p++;
+- if (*p) p++; /* p is filename or NUL */
+- q = mime_param_val(&p); /* p now trailing ; or NUL */
+-
+- if (q && *q)
++ /* look for interesting parameters */
++ for (mime_parameter * mp = mime_parameter_list;
++ mp < mime_parameter_list + nelem(mime_parameter_list);
++ mp++
++ ) if (strncmpic(mp->name, p, mp->namelen) == 0)
++ {
++ p += mp->namelen;
++ if (*p == '*') /* RFC 2231 */
+ {
+- uschar * temp_string, * err_msg, * fname = q;
+- int slen;
+-
+- /* build up an un-decoded filename over successive
+- filename*= parameters (for use when 2047 decode fails) */
+-/*XXX could grow a gstring here */
+-
+- mime_fname_rfc2231 = string_sprintf("%#s%s",
+- mime_fname_rfc2231, q);
+-
+- if (!decoding_failed)
++ while (isdigit(*++p)) ; /* ignore cont-cnt values */
++ if (*p == '*') p++; /* step over sep chset mark */
++ if (*p == '=')
+ {
+- int size;
+- if (!mime_filename_charset)
++ uschar * q;
++ p++; /* step over = */
++ q = mime_param_val(&p); /* p now trailing ; or NUL */
++
++ if (q && *q) /* q is the dequoted value */
+ {
+- uschar * s = q;
++ uschar * err_msg, * fname = q;
++ int slen;
++
++ /* build up an un-decoded filename over successive
++ filename*= parameters (for use when 2047 decode fails) */
+
+- /* look for a ' in the "filename" */
+- while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
++ mime_fname_rfc2231 = string_cat(mime_fname_rfc2231, q);
+
+- if (*s) /* there was a ' */
++ if (!decoding_failed)
+ {
+- if ((size = s-q) > 0)
+- mime_filename_charset = string_copyn(q, size);
+-
+- if (*(fname = s)) fname++;
+- while(*fname == '\'') fname++; /* fname is after 2nd ' */
+- }
+- }
+-
+- DEBUG(D_acl)
+- debug_printf_indent("MIME: charset %s fname '%s'\n",
+- mime_filename_charset ? mime_filename_charset : US"<NULL>",
+- fname);
+-
+- temp_string = rfc2231_to_2047(fname, mime_filename_charset,
+- &slen);
+- DEBUG(D_acl)
+- debug_printf_indent("MIME: 2047-name %s\n", temp_string);
+-
+- temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
+- NULL, &err_msg);
+- DEBUG(D_acl)
+- debug_printf_indent("MIME: plain-name %s\n", temp_string);
+-
+- if (!temp_string || (size = Ustrlen(temp_string)) == slen)
+- decoding_failed = TRUE;
+- else
+- /* build up a decoded filename over successive
+- filename*= parameters */
+-
+- mime_filename = mime_fname = mime_fname
+- ? string_sprintf("%s%s", mime_fname, temp_string)
+- : temp_string;
+- } /*!decoding_failed*/
+- } /*q*/
+- } /*2231 filename*/
+-
+- else
+- /* look for interesting parameters */
+- for (mime_parameter * mp = mime_parameter_list;
+- mp < mime_parameter_list + nelem(mime_parameter_list);
+- mp++
+- ) if (strncmpic(mp->name, p, mp->namelen) == 0)
+- {
+- uschar * q;
+- uschar * dummy_errstr;
++ if (!mime_filename_charset)
++ { /* try for RFC 2231 chset/lang */
++ uschar * s = q;
++
++ /* look for a ' in the raw paramval */
++ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */
++
++ if (*s) /* there was a ' */
++ {
++ int size;
++ if ((size = s-q) > 0)
++ mime_filename_charset = string_copyn(q, size);
++
++ if (*(fname = s)) fname++;
++ while(*fname == '\'') fname++; /*fname is after 2nd '*/
++ }
++ }
++
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: charset %s fname '%s'\n",
++ mime_filename_charset ? mime_filename_charset : US"<NULL>",
++ fname);
++
++ fname = rfc2231_to_2047(fname, mime_filename_charset,
++ &slen);
++ DEBUG(D_acl)
++ debug_printf_indent("MIME: 2047-name %s\n", fname);
++
++ fname = rfc2047_decode(fname, FALSE, NULL, ' ',
++ NULL, &err_msg);
++ DEBUG(D_acl) debug_printf_indent(
++ "MIME: plain-name %s\n", fname);
++
++ if (!fname || Ustrlen(fname) == slen)
++ decoding_failed = TRUE;
++ else if (mp->value == &mime_filename)
++ {
++ /* build up a decoded filename over successive
++ filename*= parameters */
++
++ mime_fname = string_cat(mime_fname, fname);
++ mime_filename = string_from_gstring(mime_fname);
++ }
++ } /*!decoding_failed*/
++ } /*q*/
++
++ if (*p) p++; /* p is past ; */
++ goto param_done; /* done matching param names */
++ } /*2231 param coding extension*/
++ }
++ else if (*p == '=')
++ { /* non-2231 param */
++ uschar * q, * dummy_errstr;
+
+ /* grab the value and copy to its expansion variable */
+- p += mp->namelen;
++
++ if (*p) p++; /* step over = */
+ q = mime_param_val(&p); /* p now trailing ; or NUL */
+
+ *mp->value = q && *q
+@@ -684,26 +686,31 @@ while(1)
+ "MIME: found %s parameter in %s header, value '%s'\n",
+ mp->name, mh->name, *mp->value);
+
+- break; /* done matching param names */
++ if (*p) p++; /* p is past ; */
++ goto param_done; /* done matching param names */
+ }
+-
++ } /* interesting parameters */
+
+ /* There is something, but not one of our interesting parameters.
+ Advance past the next semicolon */
++
+ p = mime_next_semicolon(p);
+ if (*p) p++;
+- } /* param scan on line */
++ param_done:
++ } /* param scan on line */
+
+ if (strncmpic(CUS"content-disposition:", header, 20) == 0)
+ {
+- if (decoding_failed) mime_filename = mime_fname_rfc2231;
++ if (decoding_failed)
++ mime_filename = string_from_gstring(mime_fname_rfc2231);
+
+ DEBUG(D_acl) debug_printf_indent(
+ "MIME: found %s parameter in %s header, value is '%s'\n",
+ "filename", mh->name, mime_filename);
+ }
+ }
+- }
++ break;
++ } /* interesting headers */
+
+ /* set additional flag variables (easier access) */
+ if ( mime_content_type
^ permalink raw reply related [flat|nested] 26+ messages in thread
end of thread, other threads:[~2024-08-21 7:40 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-08 8:06 [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/ Fabian Groffen
-- strict thread matches above, loose matches on Subject: below --
2024-08-21 7:40 Fabian Groffen
2024-02-16 12:08 Fabian Groffen
2024-02-11 20:07 Fabian Groffen
2024-01-28 18:20 Fabian Groffen
2024-01-12 11:56 Fabian Groffen
2023-12-25 10:42 Fabian Groffen
2023-12-25 10:42 Fabian Groffen
2023-11-08 8:03 Fabian Groffen
2023-05-27 9:25 Fabian Groffen
2023-01-03 10:22 Fabian Groffen
2022-10-19 9:20 Fabian Groffen
2020-05-13 7:45 Fabian Groffen
2020-05-09 9:57 Fabian Groffen
2019-08-02 6:44 Fabian Groffen
2019-06-11 8:17 Fabian Groffen
2019-02-19 12:20 Fabian Groffen
2017-10-08 9:24 Fabian Groffen
2017-10-05 13:39 Fabian Groffen
2017-09-20 6:47 Fabian Groffen
2017-06-19 16:06 Thomas Deutschmann
2017-03-11 7:58 Fabian Groffen
2016-07-08 11:28 Fabian Groffen
2016-03-04 10:58 Fabian Groffen
2015-12-11 9:23 Fabian Groffen
2015-10-19 10:52 Sergey Popov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox