[gentoo-commits] repo/gentoo:master commit in: mail-mta/postfix/files/, mail-mta/postfix/

["Eray Aslan" <eras@gentoo.org>]

commit:     c16397904a998b5f011a6870e9d35d98b21e2e0c
Author:     Eray Aslan <eras <AT> gentoo <DOT> org>
AuthorDate: Sat Oct  5 07:23:47 2024 +0000
Commit:     Eray Aslan <eras <AT> gentoo <DOT> org>
CommitDate: Sat Oct  5 07:53:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1639790

mail-mta/postfix: backport fix for too eager warning

do not log a warning for minor version changes for openssl >= 3.0.0. The
overall warning logic is:

	when the OpenSSL library compile-time version
	differs from the run-time version, allow forward-compatible
	minor version differences with OpenSSL >= 3.x.x, allow
	forward-compatible micro version differences with OpenSSL
	1.1.x, and allow no version difference with OpenSSL <=
	1.0.x. Otherwise, log a potential version mismatch warning

Closes: https://bugs.gentoo.org/940708
Signed-off-by: Eray Aslan <eras <AT> gentoo.org>

 .../files/openssl-compatibility-warning.patch      |  40 +++
 mail-mta/postfix/postfix-3.9.0-r2.ebuild           | 315 +++++++++++++++++++++
 2 files changed, 355 insertions(+)

diff --git a/mail-mta/postfix/files/openssl-compatibility-warning.patch b/mail-mta/postfix/files/openssl-compatibility-warning.patch
new file mode 100644
index 000000000000..275efed85971
--- /dev/null
+++ b/mail-mta/postfix/files/openssl-compatibility-warning.patch
@@ -0,0 +1,40 @@
+# bug 940708
+--- postfix-3.9.0/src/tls/tls_misc.c	2023-08-07 15:42:24.000000000 +0200
++++ postfix-3.10_pre20240612/work/postfix-3.10-20240612/src/tls/tls_misc.c	2024-06-12 17:59:54.000000000 +0200
+@@ -1433,20 +1433,29 @@
+ {
+     TLS_VINFO hdr_info;
+     TLS_VINFO lib_info;
++    int     warn_compat = 0;
+ 
+     tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
+     tls_version_split(OpenSSL_version_num(), &lib_info);
+ 
+     /*
+      * Warn if run-time library is different from compile-time library,
+-     * allowing later run-time "micro" versions starting with 1.1.0.
++     * allowing later run-time "micro" versions starting with 1.1.0, and
++     * later minor numbers starting with 3.0.0.
+      */
+-    if (lib_info.major != hdr_info.major
+-	|| lib_info.minor != hdr_info.minor
+-	|| (lib_info.micro != hdr_info.micro
+-	    && (lib_info.micro < hdr_info.micro
+-		|| hdr_info.major == 0
+-		|| (hdr_info.major == 1 && hdr_info.minor == 0))))
++    if (hdr_info.major >= 3) {
++        warn_compat = lib_info.major != hdr_info.major 
++            || lib_info.minor < hdr_info.minor;
++    } else if (hdr_info.major == 1 && hdr_info.minor != 0) {
++        warn_compat = lib_info.major != hdr_info.major 
++            || lib_info.minor != hdr_info.minor
++            || lib_info.micro < hdr_info.micro;
++    } else {
++        warn_compat = lib_info.major != hdr_info.major
++            || lib_info.minor != hdr_info.minor
++            || lib_info.micro != hdr_info.micro;
++    }
++    if (warn_compat)
+ 	msg_warn("run-time library vs. compile-time header version mismatch: "
+ 	     "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
+ 		 lib_info.major, lib_info.minor, lib_info.micro,

diff --git a/mail-mta/postfix/postfix-3.9.0-r2.ebuild b/mail-mta/postfix/postfix-3.9.0-r2.ebuild
new file mode 100644
index 000000000000..316613eea2d2
--- /dev/null
+++ b/mail-mta/postfix/postfix-3.9.0-r2.ebuild
@@ -0,0 +1,315 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit pam systemd toolchain-funcs
+
+MY_PV="${PV/_pre/-}"
+MY_SRC="${PN}-${MY_PV}"
+MY_URI="ftp://ftp.porcupine.org/mirrors/postfix-release/official"
+RC_VER="2.7"
+
+DESCRIPTION="A fast and secure drop-in replacement for sendmail"
+HOMEPAGE="http://www.postfix.org/"
+SRC_URI="${MY_URI}/${MY_SRC}.tar.gz"
+S="${WORKDIR}/${MY_SRC}"
+
+LICENSE="|| ( IBM EPL-2.0 )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+
+IUSE="+berkdb cdb dovecot-sasl +eai ldap ldap-bind lmdb mbox memcached mongodb mysql nis pam postgres sasl selinux sqlite ssl"
+
+DEPEND="
+	acct-group/postfix
+	acct-group/postdrop
+	acct-user/postfix
+	dev-libs/libpcre2:0
+	dev-lang/perl
+	berkdb? ( >=sys-libs/db-3.2:* )
+	cdb? ( || ( >=dev-db/tinycdb-0.76 >=dev-db/cdb-0.75-r4 ) )
+	eai? ( dev-libs/icu:= )
+	ldap? ( net-nds/openldap:= )
+	ldap-bind? ( net-nds/openldap:=[sasl] )
+	lmdb? ( >=dev-db/lmdb-0.9.11:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.23.0 >=dev-libs/libbson-1.23.0 )
+	mysql? ( dev-db/mysql-connector-c:0= )
+	nis? ( net-libs/libnsl:= )
+	pam? ( sys-libs/pam )
+	postgres? ( dev-db/postgresql:* )
+	sasl? (  >=dev-libs/cyrus-sasl-2 )
+	sqlite? ( dev-db/sqlite:3 )
+	ssl? ( >=dev-libs/openssl-1.1.1:0= )
+	"
+
+RDEPEND="${DEPEND}
+	memcached? ( net-misc/memcached )
+	net-mail/mailbase
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/exim
+	!mail-mta/msmtp[mta]
+	!mail-mta/netqmail
+	!mail-mta/nullmailer
+	!mail-mta/sendmail
+	!mail-mta/opensmtpd
+	!mail-mta/ssmtp[mta]
+	selinux? ( sec-policy/selinux-postfix )"
+
+# require at least one db implementation for newalias (and postmap)
+# command to function properly
+REQUIRED_USE="
+	|| ( berkdb cdb lmdb )
+	ldap-bind? ( ldap sasl )
+	"
+
+PATCHES=(
+	"${FILESDIR}/openssl-compatibility-warning.patch"
+)
+
+src_prepare() {
+	default
+	sed -i -e "/^#define ALIAS_DB_MAP/s|:/etc/aliases|:/etc/mail/aliases|" \
+		src/util/sys_defs.h || die "sed failed"
+	# change default paths to better comply with portage standard paths
+	sed -i -e "s:/usr/local/:/usr/:g" conf/master.cf || die "sed failed"
+}
+
+src_configure() {
+	# bug #915670
+	unset LD_LIBRARY_PATH
+
+	for name in CDB LDAP LMDB MONGODB MYSQL PCRE PGSQL SDBM SQLITE
+	do
+		local AUXLIBS_${name}=""
+	done
+
+	# Make sure LDFLAGS get passed down to the executables.
+	local mycc="" mylibs="${LDFLAGS} -ldl"
+
+	# libpcre is EOL. prefer libpcre2
+	mycc=" -DHAS_PCRE=2"
+	AUXLIBS_PCRE="$(pcre2-config --libs8)"
+
+	use pam && mylibs="${mylibs} -lpam"
+
+	if use ssl; then
+		mycc="${mycc} -DUSE_TLS"
+		mylibs="${mylibs} -lssl -lcrypto"
+	fi
+
+	if ! use eai; then
+		mycc="${mycc} -DNO_EAI"
+	fi
+
+	if use ldap; then
+		mycc="${mycc} -DHAS_LDAP"
+		AUXLIBS_LDAP="-lldap -llber"
+	fi
+
+	if use lmdb; then
+		mycc="${mycc} -DHAS_LMDB"
+		AUXLIBS_LMDB="-llmdb -lpthread"
+	fi
+
+	if use mongodb; then
+		mycc="${mycc} -DHAS_MONGODB $(pkg-config --cflags libmongoc-1.0)"
+		AUXLIBS_MONGODB="-lmongoc-1.0 -lbson-1.0"
+	fi
+
+	if use mysql; then
+		mycc="${mycc} -DHAS_MYSQL $(mysql_config --include)"
+		AUXLIBS_MYSQL="$(mysql_config --libs)"
+	fi
+
+	if use postgres; then
+		mycc="${mycc} -DHAS_PGSQL -I$(pg_config --includedir)"
+		AUXLIBS_PGSQL="-L$(pg_config --libdir) -lpq"
+	fi
+
+	if use sqlite; then
+		mycc="${mycc} -DHAS_SQLITE"
+		AUXLIBS_SQLITE="-lsqlite3 -lpthread"
+	fi
+
+	if use sasl; then
+		if use dovecot-sasl; then
+			# Set dovecot as default.
+			mycc="${mycc} -DDEF_SASL_SERVER=\\\"dovecot\\\""
+		fi
+		if use ldap-bind; then
+			mycc="${mycc} -DUSE_LDAP_SASL"
+		fi
+		mycc="${mycc} -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"
+		mylibs="${mylibs} -lsasl2"
+	elif use dovecot-sasl; then
+		mycc="${mycc} -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\""
+	fi
+
+	if ! use nis; then
+		mycc="${mycc} -DNO_NIS"
+	fi
+
+	if ! use berkdb; then
+		mycc="${mycc} -DNO_DB"
+		# change default database type
+		if use lmdb; then
+			mycc="${mycc} -DDEF_DB_TYPE=\\\"lmdb\\\""
+		elif use cdb; then
+			mycc="${mycc} -DDEF_DB_TYPE=\\\"cdb\\\""
+		fi
+	fi
+
+	if use cdb; then
+		mycc="${mycc} -DHAS_CDB -I/usr/include/cdb"
+		# Tinycdb is preferred.
+		if has_version dev-db/tinycdb ; then
+			AUXLIBS_CDB="-lcdb"
+		else
+			CDB_PATH="/usr/$(get_libdir)"
+			for i in cdb.a alloc.a buffer.a unix.a byte.a ; do
+				AUXLIBS_CDB="${AUXLIBS_CDB} ${CDB_PATH}/${i}"
+			done
+		fi
+	fi
+
+	sed -i -e "/^RANLIB/s/ranlib/$(tc-getRANLIB)/g" "${S}"/makedefs
+	sed -i -e "/^AR/s/ar/$(tc-getAR)/g" "${S}"/makedefs
+
+	emake makefiles \
+		shared=yes \
+		dynamicmaps=no \
+		pie=yes \
+		shlib_directory="/usr/$(get_libdir)/postfix/MAIL_VERSION" \
+		DEBUG="" \
+		CC="$(tc-getCC)" \
+		OPT="${CFLAGS}" \
+		CCARGS="${mycc}" \
+		AUXLIBS="${mylibs}" \
+		AUXLIBS_CDB="${AUXLIBS_CDB}" \
+		AUXLIBS_LDAP="${AUXLIBS_LDAP}" \
+		AUXLIBS_LMDB="${AUXLIBS_LMDB}" \
+		AUXLIBS_MONGODB="${AUXLIBS_MONGODB}" \
+		AUXLIBS_MYSQL="${AUXLIBS_MYSQL}" \
+		AUXLIBS_PCRE="${AUXLIBS_PCRE}" \
+		AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" \
+		AUXLIBS_SDBM="${AUXLIBS_SDBM}" \
+		AUXLIBS_SQLITE="${AUXLIBS_SQLITE}"
+}
+
+src_install() {
+	LD_LIBRARY_PATH="${S}/lib" \
+	/bin/sh postfix-install \
+		-non-interactive \
+		install_root="${D}" \
+		config_directory="/etc/postfix" \
+		manpage_directory="/usr/share/man" \
+		command_directory="/usr/sbin" \
+		mailq_path="/usr/bin/mailq" \
+		newaliases_path="/usr/bin/newaliases" \
+		sendmail_path="/usr/sbin/sendmail" \
+		|| die "postfix-install failed"
+
+	# Fix spool removal on upgrade
+	rm -Rf "${D}"/var
+	keepdir /var/spool/postfix
+
+	# Install rmail for UUCP, closes bug #19127
+	dobin auxiliary/rmail/rmail
+
+	# Provide another link for legacy FSH
+	dosym ../sbin/sendmail /usr/$(get_libdir)/sendmail
+
+	# Install qshape, posttls-finger, collate and tlstype
+	dobin auxiliary/qshape/qshape.pl
+	doman man/man1/qshape.1
+	dobin bin/posttls-finger
+	doman man/man1/posttls-finger.1
+	dobin auxiliary/collate/collate.pl
+	newdoc auxiliary/collate/README README.collate
+	dobin auxiliary/collate/tlstype.pl
+	dodoc auxiliary/collate/README.tlstype
+
+	# Performance tuning tools and their manuals
+	dosbin bin/smtp-{source,sink} bin/qmqp-{source,sink}
+	doman man/man1/smtp-{source,sink}.1 man/man1/qmqp-{source,sink}.1
+
+	# Set proper permissions on required files/directories
+	keepdir /var/lib/postfix
+	fowners -R postfix:postfix /var/lib/postfix
+	fperms 0750 /var/lib/postfix
+	fowners root:postdrop /usr/sbin/post{drop,queue,log}
+	fperms 02755 /usr/sbin/post{drop,queue,log}
+
+	keepdir /etc/postfix
+	keepdir /etc/postfix/postfix-files.d
+	if use mbox; then
+		mypostconf="mail_spool_directory=/var/mail"
+	else
+		mypostconf="home_mailbox=.maildir/"
+	fi
+	LD_LIBRARY_PATH="${S}/lib" \
+	"${D}"/usr/sbin/postconf -c "${D}"/etc/postfix \
+		-e ${mypostconf} || die "postconf failed"
+
+	insinto /etc/postfix
+	newins "${FILESDIR}"/smtp.pass saslpass
+	fperms 600 /etc/postfix/saslpass
+
+	newinitd "${FILESDIR}"/postfix.rc6.${RC_VER} postfix
+	# do not start mysql/postgres unnecessarily - bug #359913
+	use mysql || sed -i -e "s/mysql //" "${D}/etc/init.d/postfix"
+	use postgres || sed -i -e "s/postgresql //" "${D}/etc/init.d/postfix"
+
+	dodoc *README COMPATIBILITY HISTORY PORTING RELEASE_NOTES*
+	dodoc -r README_FILES/ examples/
+	# postfix set-permissions expects uncompressed man files
+	docompress -x /usr/share/man
+
+	if use pam; then
+		pamd_mimic_system smtp auth account
+	fi
+
+	if use sasl; then
+		insinto /etc/sasl2
+		newins "${FILESDIR}"/smtp.sasl smtpd.conf
+	fi
+
+	# header files
+	insinto /usr/include/postfix
+	doins include/*.h
+
+	systemd_dounit "${FILESDIR}/${PN}.service"
+}
+
+pkg_postinst() {
+	# warn if no aliases database
+	# do not assume berkdb
+	if [[ ! -e /etc/mail/aliases.db \
+	   && ! -e /etc/mail/aliases.cdb \
+	   && ! -e /etc/mail/aliases.lmdb ]] ; then
+		ewarn
+		ewarn "You must edit /etc/mail/aliases to suit your needs"
+		ewarn "and then run /usr/bin/newaliases. Postfix will not"
+		ewarn "work correctly without it."
+		ewarn
+	fi
+	# run newaliases anyway. otherwise, we might break when switching
+	# default database implementation - from berkdb to cdb for example
+	"${EROOT}"/usr/bin/newaliases
+
+	# check and fix file permissions
+	"${EROOT}"/usr/sbin/postfix set-permissions
+
+	# hint for configuring tls
+	if use ssl ; then
+		if "${EROOT}"/usr/sbin/postfix tls all-default-client; then
+			elog "To configure client side TLS settings, please run:"
+			elog "${EROOT}"/usr/sbin/postfix tls enable-client
+		fi
+		if "${EROOT}"/usr/sbin/postfix tls all-default-server; then
+			elog "To configure server side TLS settings, please run:"
+			elog "${EROOT}"/usr/sbin/postfix tls enable-server
+		fi
+	fi
+}