diff options
author | Fabian Groffen <grobian@gentoo.org> | 2023-11-08 09:03:24 +0100 |
---|---|---|
committer | Fabian Groffen <grobian@gentoo.org> | 2023-11-08 09:03:24 +0100 |
commit | e1634b7a70c6c987472c68a979add070fea799d6 (patch) | |
tree | bb3cb3385fc40a35d6dbe8fcd0201db58262e8fb /mail-mta/exim | |
parent | mail-mta/exim-4.97-r1: fix build for musl (diff) | |
download | gentoo-e1634b7a70c6c987472c68a979add070fea799d6.tar.gz gentoo-e1634b7a70c6c987472c68a979add070fea799d6.tar.bz2 gentoo-e1634b7a70c6c987472c68a979add070fea799d6.zip |
mail-mta/exim: cleanup
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Diffstat (limited to 'mail-mta/exim')
-rw-r--r-- | mail-mta/exim/Manifest | 2 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.94.2-r12.ebuild | 662 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.94.2-r7.ebuild | 2 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.96.1.ebuild | 655 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch | 99 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch | 24 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.94.2-openssl3.patch | 332 |
7 files changed, 1 insertions, 1775 deletions
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest index 1ad7d2a61766..2422a76d59b8 100644 --- a/mail-mta/exim/Manifest +++ b/mail-mta/exim/Manifest @@ -1,11 +1,9 @@ DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db -DIST exim-4.96.1.tar.xz 1879404 BLAKE2B fc6425be41ef7722f7d7b6b541c01774a4bafe55ca38152dc3fbb837e00ea52fabc39a42fcbf0500f4e0eda40deec3cbb0d746da9700a4a615f9ee4869e325c5 SHA512 ef1a0e57c59cdf4e915b3ac5dcdbc69f565b14dd92b0527f6796b2c46a9ec34f991f9790fb4171c99417f7e482cdd62d77e780cc71fab227c8bed876103f7fdd DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968 DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0 -DIST exim-pdf-4.96.1.tar.xz 2132252 BLAKE2B 7e6d756630211b6465f9162c7a6b461774b3999ad8c3c1ace157a39b7e07f86644d206c5687991b6098aec47445319def44ddb2895b2a16146f6abd1c11d47a6 SHA512 d39ee2f9a05326809a6e8454a108d717838dacfa42c2cade72f5937b1b44d70e70152fa75f4b4e9548cd4198d54f8a8c1323e14d7d1f9a0a23c99a53db1001b0 DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74 DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1 DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b diff --git a/mail-mta/exim/exim-4.94.2-r12.ebuild b/mail-mta/exim/exim-4.94.2-r12.ebuild deleted file mode 100644 index c84859d97f58..000000000000 --- a/mail-mta/exim/exim-4.94.2-r12.ebuild +++ /dev/null @@ -1,662 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit db-use toolchain-funcs pam systemd - -IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl -dsn exiscan-acl gdbm gnutls idn ipv6 ldap lmtp maildir mbx -mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux -socks5 spf sqlite srs +srs-alt srs-native +ssl syslog tdb tcpd +tpda X" -REQUIRED_USE=" - arc? ( dkim spf ) - dane? ( ssl !gnutls ) - dmarc? ( dkim spf ) - dkim? ( ssl !gnutls ) - gnutls? ( ssl ) - pkcs11? ( ssl ) - spf? ( exiscan-acl ) - srs? ( - exiscan-acl - ^^ ( srs-alt srs-native ) - ) - || ( berkdb gdbm tdb ) -" -# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked -# for x86 and amd64 only, due to this, repoman won't allow depending on -# gnutls[dane] for all else. Because we cannot express USE=dane when -# USE=gnutls is in effect only in package.use.mask, the only option we -# have left is to a) ignore the dependency (but that results in bug -# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are -# incorrect, but b) is the only "correct" view from repoman. -# We cannot express a required use for berkdb/gdbm/tdb correctly because -# berkdb and gdbm are both enabled in base profile - -SDIR=$([[ ${PV} == *_rc* ]] && echo /test - [[ ${PV} == *.*.*.* ]] && echo /fixes) -COMM_URI="https://downloads.exim.org/exim4${SDIR}" - -DESCRIPTION="A highly configurable, drop-in replacement for sendmail" -SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz - mirror://gentoo/system_filter.exim.gz - doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" -HOMEPAGE="https://www.exim.org/" - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" - -COMMON_DEPEND=">=sys-apps/sed-4.0.5 - dev-libs/libpcre:= - tdb? ( sys-libs/tdb:= ) - !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) ) - !tdb? ( !berkdb? ( sys-libs/gdbm:= ) ) - idn? ( net-dns/libidn:= net-dns/libidn2:= ) - perl? ( dev-lang/perl:= ) - pam? ( sys-libs/pam ) - tcpd? ( sys-apps/tcp-wrappers ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[pkcs11?] - dev-libs/libtasn1 - ) - !gnutls? ( - dev-libs/openssl:0= - ) - ) - ldap? ( >=net-nds/openldap-2.0.7:= ) - elibc_glibc? ( - net-libs/libnsl:= - nis? ( - net-libs/libtirpc:= - >=net-libs/libnsl-1:= - ) - ) - mysql? ( dev-db/mysql-connector-c:= ) - postgres? ( dev-db/postgresql:= ) - sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) - redis? ( dev-libs/hiredis:= ) - spf? ( >=mail-filter/libspf2-1.2.5-r1 ) - dmarc? ( mail-filter/opendmarc:= ) - srs? ( srs-alt? ( mail-filter/libsrs_alt ) ) - X? ( - x11-libs/libX11 - x11-libs/libXmu - x11-libs/libXt - x11-libs/libXaw - ) - sqlite? ( dev-db/sqlite ) - radius? ( net-dialup/freeradius-client ) - virtual/libcrypt:= - virtual/libiconv - " - # added X check for #57206 -BDEPEND="virtual/pkgconfig" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND} - !mail-mta/courier - !mail-mta/esmtp - !mail-mta/msmtp[mta] - !mail-mta/netqmail - !mail-mta/nullmailer - !mail-mta/postfix - !mail-mta/sendmail - !mail-mta/opensmtpd - !mail-mta/ssmtp[mta] - >=net-mail/mailbase-0.00-r5 - virtual/logger - dcc? ( mail-filter/dcc ) - selinux? ( sec-policy/selinux-exim ) - " - -S=${WORKDIR}/${P//_rc/-RC} - -src_prepare() { - # Legacy patches which need a respin for -p1 - eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch - eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 - eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279 - eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 - eapply "${FILESDIR}"/exim-4.69-r1.27021.patch - eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch - eapply "${FILESDIR}"/exim-4.94.2-fix-crash-resolve.patch # 799368 upstr - eapply "${FILESDIR}"/exim-4.94-CVE-2022-3559.patch # 877607 upstr - eapply "${FILESDIR}"/exim-4.94.2-openssl3.patch # 888619 backports - - # for this reason we have a := dep on opendmarc, they changed their - # API in a minor release - if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then - eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch - fi - - if use maildir ; then - eapply "${FILESDIR}"/exim-4.94-maildir.patch - else - eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 - fi - - eapply_user - - # user Exim believes it should be - MAILUSER=mail - MAILGROUP=mail - if use prefix && [[ ${EUID} != 0 ]] ; then - MAILUSER=$(id -un) - MAILGROUP=$(id -gn) - fi -} - -src_configure() { - # general config and paths - - local aliases="${EPREFIX}/etc/mail/aliases" - sed -i \ - -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \ - src/configure.default || die - - sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die - - if use elibc_musl; then - sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die - fi - - local conffile="${EPREFIX}/etc/exim/exim.conf" - sed -e "48i\CFLAGS=${CFLAGS}" \ - -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ - -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \ - -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ - -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ - -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ - src/EDITME > Local/Makefile || die - - # work on Local/Makefile from now on - cd Local - - cat >> Makefile <<- EOC - INFO_DIRECTORY=${EPREFIX}/usr/share/info - PID_FILE_PATH=${EPREFIX}/run/exim.pid - SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim - HAVE_ICONV=yes - EOC - - # configure db implementation, Exim always needs one for its hints - # database, we prefer tdb and gdbm, since bdb is kind of getting - # less and less support - if use tdb ; then - cat >> Makefile <<- EOC - USE_TDB=yes - DBMLIB = -ltdb - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - elif use berkdb ; then - # use the "native" interfaces to the DBM and CDB libraries, support - # passwd and directory lookups by default - local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" - cat >> Makefile <<- EOC - USE_DB=yes - # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h - CFLAGS += -I$(db_includedir ${DB_VERS}) - DBMLIB = -l$(db_libname ${DB_VERS}) - EOC - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - else # must be gdbm via required_use - cat >> Makefile <<- EOC - USE_GDBM=yes - DBMLIB = -lgdbm - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - fi - - # if we use libiconv, now is the time to tell so - if use !elibc_glibc && use !elibc_musl ; then - cat >> Makefile <<- EOC - EXTRALIBS_EXIM=-liconv - EOC - fi - - # support for IPv6 - if use ipv6; then - cat >> Makefile <<- EOC - HAVE_IPV6=YES - EOC - fi - - # support i18n/IDNA - if use idn; then - cat >> Makefile <<- EOC - SUPPORT_I18N=yes - SUPPORT_I18N_2008=yes - EXTRALIBS_EXIM += -lidn -lidn2 - EOC - fi - - # - # mail storage formats - # - - # mailstore is Exim's traditional storage format - cat >> Makefile <<- EOC - SUPPORT_MAILSTORE=yes - EOC - - # mbox - if use mbx; then - cat >> Makefile <<- EOC - SUPPORT_MBX=yes - EOC - fi - - # maildir - if use maildir; then - cat >> Makefile <<- EOC - SUPPORT_MAILDIR=yes - EOC - fi - - # - # lookup methods - # - - # support passwd and directory lookups by default - cat >> Makefile <<- EOC - LOOKUP_CDB=yes - LOOKUP_PASSWD=yes - LOOKUP_DSEARCH=yes - EOC - - if ! use dnsdb; then - # DNSDB lookup is enabled by default - sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die - fi - - if use ldap; then - cat >> Makefile <<- EOC - LOOKUP_LDAP=yes - LDAP_LIB_TYPE=OPENLDAP2 - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap - LOOKUP_LIBS += -lldap -llber - EOC - fi - - if use mysql; then - cat >> Makefile <<- EOC - LOOKUP_MYSQL=yes - LOOKUP_INCLUDE += $(mysql_config --include) - LOOKUP_LIBS += $(mysql_config --libs) - EOC - fi - - if use nis; then - cat >> Makefile <<- EOC - LOOKUP_NIS=yes - LOOKUP_NISPLUS=yes - EOC - if use elibc_glibc ; then - cat >> Makefile <<- EOC - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc - LOOKUP_LIBS += -lnsl - EOC - fi - fi - - if use postgres; then - cat >> Makefile <<- EOC - LOOKUP_PGSQL=yes - LOOKUP_INCLUDE += -I$(pg_config --includedir) - LOOKUP_LIBS += -L$(pg_config --libdir) -lpq - EOC - fi - - if use sqlite; then - cat >> Makefile <<- EOC - LOOKUP_SQLITE=yes - LOOKUP_SQLITE_PC=sqlite3 - EOC - fi - - if use redis; then - cat >> Makefile <<- EOC - LOOKUP_REDIS=yes - LOOKUP_LIBS += -lhiredis - EOC - fi - - # Exim monitor, enabled by default, controlled via X USE-flag, - # disable if not requested, bug #46778 - if use X; then - cp ../exim_monitor/EDITME eximon.conf || die - cat >> Makefile <<- EOC - EXIM_MONITOR=eximon.bin - EOC - fi - - # - # features - # - - # content scanning support - if use exiscan-acl; then - cat >> Makefile <<- EOC - WITH_CONTENT_SCAN=yes - EOC - fi - - # DomainKeys Identified Mail, RFC4871 - if ! use dkim; then - # DKIM is enabled by default - cat >> Makefile <<- EOC - DISABLE_DKIM=yes - EOC - fi - - # Per-Recipient-Data-Response - if ! use prdr; then - # PRDR is enabled by default - cat >> Makefile <<- EOC - DISABLE_PRDR=yes - EOC - fi - - # Transport post-delivery actions - if use !tpda && use !dane; then - # EVENT is enabled by default - cat >> Makefile <<- EOC - DISABLE_EVENT=yes - EOC - fi - - # log to syslog - if use syslog; then - local eximlog="${EPREFIX}/var/log/exim/exim_%s.log" - sed -i \ - -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \ - Makefile || die - cat >> Makefile <<- EOC - LOG_FILE_PATH=syslog - EOC - else - cat >> Makefile <<- EOC - LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log - EOC - fi - - # starttls support (ssl) - if use ssl; then - if use gnutls; then - echo "USE_GNUTLS=yes" >> Makefile - echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \ - >> Makefile - use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile - else - echo "USE_OPENSSL=yes" >> Makefile - echo "USE_OPENSSL_PC=openssl" >> Makefile - fi - else - echo "DISABLE_TLS=yes" >> Makefile - fi - - # TCP wrappers - if use tcpd; then - cat >> Makefile <<- EOC - USE_TCP_WRAPPERS=yes - EXTRALIBS_EXIM += -lwrap - EOC - fi - - # Light Mail Transport Protocol - if use lmtp; then - cat >> Makefile <<- EOC - TRANSPORT_LMTP=yes - EOC - fi - - # embedded Perl - if use perl; then - cat >> Makefile <<- EOC - EXIM_PERL=perl.o - EOC - fi - - # dlfunc - if use dlfunc; then - cat >> Makefile <<- EOC - EXPAND_DLFUNC=yes - HAVE_LOCAL_SCAN=yes - DLOPEN_LOCAL_SCAN=yes - EOC - fi - - # Proxy Protocol - if use proxy; then - cat >> Makefile <<- EOC - SUPPORT_PROXY=yes - EOC - fi - - # SOCKS5 (outbound) proxy support - if use socks5; then - cat >> Makefile <<- EOC - SUPPORT_SOCKS=yes - EOC - fi - - # DANE - if use !dane; then - # DANE is enabled by default - sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die - fi - - # DMARC - if use dmarc; then - cat >> Makefile <<- EOC - SUPPORT_DMARC=yes - EXTRALIBS_EXIM += -lopendmarc - EOC - fi - - # Sender Policy Framework - if use spf; then - cat >> Makefile <<- EOC - SUPPORT_SPF=yes - EXTRALIBS_EXIM += -lspf2 - EOC - fi - - # - # experimental features - # - - # Authenticated Receive Chain - if use arc; then - echo "EXPERIMENTAL_ARC=yes">> Makefile - fi - - # Distributed Checksum Clearinghouse - if use dcc; then - echo "EXPERIMENTAL_DCC=yes">> Makefile - fi - - # Sender Rewriting Scheme - if use srs; then - # NOTE: we currently USE-default to srs-alt, because this is - # what USE=srs used to be. Eventually we want to rid ourselves - # of this external implementation. - if use srs-alt; then - # historical default, from 4.95 this becomes - # EXPERIMENTAL_SRS_ALT - cat >> Makefile <<- EOC - EXPERIMENTAL_SRS=yes - EXTRALIBS_EXIM += -lsrs_alt - EOC - fi - if use srs-native; then - # this one becomes SUPPORT_SRS in 4.95 - cat >> Makefile <<- EOC - EXPERIMENTAL_SRS_NATIVE=yes - EOC - fi - fi - - # Delivery Sender Notifications extra information in fail message - if use dsn; then - cat >> Makefile <<- EOC - EXPERIMENTAL_DSN_INFO=yes - EOC - fi - - # - # authentication (SMTP AUTH) - # - - # standard bits - cat >> Makefile <<- EOC - AUTH_SPA=yes - AUTH_CRAM_MD5=yes - AUTH_PLAINTEXT=yes - EOC - - # Cyrus SASL - if use sasl; then - cat >> Makefile <<- EOC - CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux - AUTH_CYRUS_SASL=yes - AUTH_LIBS += -lsasl2 - EOC - fi - - # Dovecot - if use dovecot-sasl; then - cat >> Makefile <<- EOC - AUTH_DOVECOT=yes - EOC - fi - - # Pluggable Authentication Modules - if use pam; then - cat >> Makefile <<- EOC - SUPPORT_PAM=yes - AUTH_LIBS += -lpam - EOC - fi - - # Radius - if use radius; then - cat >> Makefile <<- EOC - RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf - RADIUS_LIB_TYPE=RADIUSCLIENTNEW - AUTH_LIBS += -lfreeradius-client - EOC - fi -} - -src_compile() { - emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \ - AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' -} - -src_install() { - cd "${S}"/build-exim-gentoo || die - dosbin exim - if use X; then - dosbin eximon.bin - dosbin eximon - fi - fperms 4755 /usr/sbin/exim - - dosym exim /usr/sbin/sendmail - dosym exim /usr/sbin/rsmtp - dosym exim /usr/sbin/rmail - dosym ../sbin/exim /usr/bin/mailq - dosym ../sbin/exim /usr/bin/newaliases - dosym ../sbin/sendmail /usr/lib/sendmail - - for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ - exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ - convert4r3 convert4r4 exipick - do - dosbin $i - done - - dodoc -r "${S}"/doc/. - doman "${S}"/doc/exim.8 - use dsn && dodoc "${S}"/README.DSN - use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf - - # conf files - insinto /etc/exim - newins "${S}"/src/configure.default exim.conf.dist - if use exiscan-acl; then - newins "${S}"/src/configure.default exim.conf.exiscan-acl - fi - doins "${WORKDIR}"/system_filter.exim - doins "${FILESDIR}"/auth_conf.sub - - if use pam; then - pamd_mimic system-auth exim auth account - fi - - # headers, #436406 - if use dlfunc ; then - # fixup includes so they actually can be found when including - sed -i \ - -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \ - local_scan.h || die - insinto /usr/include/exim - doins {config,local_scan}.h ../src/{mytypes,store}.h - fi - - insinto /etc/logrotate.d - newins "${FILESDIR}/exim.logrotate" exim - - newinitd "${FILESDIR}"/exim.rc10 exim - newconfd "${FILESDIR}"/exim.confd exim - - systemd_dounit \ - "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} - systemd_newunit \ - "${FILESDIR}"/exim_at.service 'exim@.service' - systemd_newunit \ - "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' - - diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} - keepdir /var/log/${PN} -} - -pkg_postinst() { - if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then - einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter." - einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub" - einfo "for using smtp auth." - einfo "Please create ${EROOT}/etc/exim/exim.conf from" - einfo " ${EROOT}/etc/exim/exim.conf.dist." - fi - if use dmarc ; then - einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" - einfo "you can populate this file with the contents downloaded from" - einfo " https://publicsuffix.org/list/public_suffix_list.dat" - fi - if use dcc ; then - einfo "DCC support is experimental, you can find some limited" - einfo "documentation at the bottom of this prerelease message:" - einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" - fi - if use srs ; then - einfo "SRS support is experimental in this release of Exim" - if use srs-alt; then - elog "You are using libsrs_alt to implement SRS support." - elog "In future release of Exim, the native SRS implementation" - elog "(USE=srs-native) will become the default. Please prepare" - elog "your package.use or switch to USE=srs-native now." - fi - fi - use dsn && einfo "extra information in fail DSN message is experimental" - einfo - elog "Note that this release contains a tainted variable check that" - elog "is likely to break your configuration used with Exim 4.93 and before." - elog "Please check your transports for occurences of \$local_part, and" - elog "use a replacement like \$local_part_data where possible." -} diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.94.2-r7.ebuild index 4f2833ff82e5..8f5367aecfb8 100644 --- a/mail-mta/exim/exim-4.94.2-r7.ebuild +++ b/mail-mta/exim/exim-4.94.2-r7.ebuild @@ -39,7 +39,7 @@ HOMEPAGE="https://www.exim.org/" SLOT="0" LICENSE="GPL-2" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 sparc x86" +KEYWORDS="sparc" COMMON_DEPEND=">=sys-apps/sed-4.0.5 ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) diff --git a/mail-mta/exim/exim-4.96.1.ebuild b/mail-mta/exim/exim-4.96.1.ebuild deleted file mode 100644 index 2fb3f6b6970a..000000000000 --- a/mail-mta/exim/exim-4.96.1.ebuild +++ /dev/null @@ -1,655 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit db-use toolchain-funcs pam systemd - -IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl -dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx -mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux -socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" -REQUIRED_USE=" - arc? ( dkim spf ) - dane? ( ssl !gnutls ) - dmarc? ( dkim spf ) - dkim? ( ssl !gnutls ) - gnutls? ( ssl ) - pkcs11? ( ssl ) - || ( berkdb gdbm tdb ) -" -# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked -# for x86 and amd64 only, due to this, repoman won't allow depending on -# gnutls[dane] for all else. Because we cannot express USE=dane when -# USE=gnutls is in effect only in package.use.mask, the only option we -# have left is to a) ignore the dependency (but that results in bug -# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are -# incorrect, but b) is the only "correct" view from repoman. -# We cannot express a required use for berkdb/gdbm/tdb correctly because -# berkdb and gdbm are both enabled in base profile - -SDIR=$([[ ${PV} == *_rc* ]] && echo /test - [[ ${PV} == *.*.*.* ]] && echo /fixes) -COMM_URI="https://downloads.exim.org/exim4${SDIR}" - -GPV="r0" -DESCRIPTION="A highly configurable, drop-in replacement for sendmail" -SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz - https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz - mirror://gentoo/system_filter.exim.gz - doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" -HOMEPAGE="https://www.exim.org/" - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" - -COMMON_DEPEND=">=sys-apps/sed-4.0.5 - dev-libs/libpcre2:= - tdb? ( sys-libs/tdb:= ) - !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) ) - !tdb? ( !berkdb? ( sys-libs/gdbm:= ) ) - idn? ( net-dns/libidn:= net-dns/libidn2:= ) - perl? ( dev-lang/perl:= ) - pam? ( sys-libs/pam ) - tcpd? ( sys-apps/tcp-wrappers ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[pkcs11?] - dev-libs/libtasn1 - ) - !gnutls? ( - dev-libs/openssl:0= - ) - ) - ldap? ( >=net-nds/openldap-2.0.7:= ) - elibc_glibc? ( - net-libs/libnsl:= - nis? ( - net-libs/libtirpc:= - >=net-libs/libnsl-1:= - ) - ) - mysql? ( dev-db/mysql-connector-c:= ) - postgres? ( dev-db/postgresql:= ) - sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) - redis? ( dev-libs/hiredis:= ) - spf? ( >=mail-filter/libspf2-1.2.5-r1 ) - dmarc? ( mail-filter/opendmarc:= ) - X? ( - x11-libs/libX11 - x11-libs/libXmu - x11-libs/libXt - x11-libs/libXaw - ) - sqlite? ( dev-db/sqlite ) - radius? ( net-dialup/freeradius-client ) - virtual/libcrypt:= - virtual/libiconv - " - # added X check for #57206 -BDEPEND="virtual/pkgconfig" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND} - !mail-mta/courier - !mail-mta/esmtp - !mail-mta/msmtp[mta] - !mail-mta/netqmail - !mail-mta/nullmailer - !mail-mta/postfix - !mail-mta/sendmail - !mail-mta/opensmtpd - !mail-mta/ssmtp[mta] - >=net-mail/mailbase-0.00-r5 - virtual/logger - dcc? ( mail-filter/dcc ) - selinux? ( sec-policy/selinux-exim ) - " - -S=${WORKDIR}/${P//_rc/-RC} - -src_prepare() { - # Legacy patches which need a respin for -p1 - eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch - eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 - eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279 - eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 - eapply "${FILESDIR}"/exim-4.69-r1.27021.patch - eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch - - # Upstream post-release fixes :( - local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV} - eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr - eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr - eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr - eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr - eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr - eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr - - # oddity, they disable berkdb as hack, and then throw an error when - # berkdb isn't enabled - sed -i \ - -e 's/_DB_/_DONTMESS_/' \ - -e 's/define DB void/define DONTMESS void/' \ - src/auths/call_radius.c || die - - # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be - # used, but 1.3 has a CVE and Gentoo (like most downstreams) only - # has 1.4 available - eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch - - if use maildir ; then - eapply "${FILESDIR}"/exim-4.94-maildir.patch - else - eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 - fi - - eapply_user - - # user Exim believes it should be - MAILUSER=mail - MAILGROUP=mail - if use prefix && [[ ${EUID} != 0 ]] ; then - MAILUSER=$(id -un) - MAILGROUP=$(id -gn) - fi -} - -src_configure() { - # general config and paths - - local aliases="${EPREFIX}/etc/mail/aliases" - sed -i \ - -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \ - src/configure.default || die - - sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die - - if use elibc_musl; then - sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die - fi - - local conffile="${EPREFIX}/etc/exim/exim.conf" - sed -e "48i\CFLAGS=${CFLAGS}" \ - -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ - -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \ - -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ - -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ - -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ - src/EDITME > Local/Makefile || die - - # work on Local/Makefile from now on - cd Local - - cat >> Makefile <<- EOC - INFO_DIRECTORY=${EPREFIX}/usr/share/info - PID_FILE_PATH=${EPREFIX}/run/exim.pid - SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim - HAVE_ICONV=yes - WITH_CONTENT_SCAN=yes - EOC - - # configure db implementation, Exim always needs one for its hints - # database, we prefer tdb and gdbm, since bdb is kind of getting - # less and less support - if use tdb ; then - cat >> Makefile <<- EOC - USE_TDB=yes - DBMLIB = -ltdb - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - elif use gdbm ; then - cat >> Makefile <<- EOC - USE_GDBM=yes - DBMLIB = -lgdbm - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - else # must be berkdb via required_use - # use the "native" interfaces to the DBM and CDB libraries, support - # passwd and directory lookups by default - local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" - cat >> Makefile <<- EOC - USE_DB=yes - # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h - CFLAGS += -I$(db_includedir ${DB_VERS}) - DBMLIB = -l$(db_libname ${DB_VERS}) - EOC - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - fi - - # if we use libiconv, now is the time to tell so - if use !elibc_glibc && use !elibc_musl ; then - cat >> Makefile <<- EOC - EXTRALIBS_EXIM=-liconv - EOC - fi - - # support for IPv6 - if use ipv6; then - cat >> Makefile <<- EOC - HAVE_IPV6=YES - EOC - fi - - # support i18n/IDNA - if use idn; then - cat >> Makefile <<- EOC - SUPPORT_I18N=yes - SUPPORT_I18N_2008=yes - EXTRALIBS_EXIM += -lidn -lidn2 - EOC - fi - - # - # mail storage formats - # - - # mailstore is Exim's traditional storage format - cat >> Makefile <<- EOC - SUPPORT_MAILSTORE=yes - EOC - - # mbox - if use mbx; then - cat >> Makefile <<- EOC - SUPPORT_MBX=yes - EOC - fi - - # maildir - if use maildir; then - cat >> Makefile <<- EOC - SUPPORT_MAILDIR=yes - EOC - fi - - # - # lookup methods - # - - # support passwd and directory lookups by default - cat >> Makefile <<- EOC - LOOKUP_CDB=yes - LOOKUP_PASSWD=yes - LOOKUP_DSEARCH=yes - EOC - - if ! use dnsdb; then - # DNSDB lookup is enabled by default - sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die - fi - - if use ldap; then - cat >> Makefile <<- EOC - LOOKUP_LDAP=yes - LDAP_LIB_TYPE=OPENLDAP2 - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap - LOOKUP_LIBS += -lldap -llber - EOC - fi - - if use mysql; then - cat >> Makefile <<- EOC - LOOKUP_MYSQL=yes - LOOKUP_INCLUDE += $(mysql_config --include) - LOOKUP_LIBS += $(mysql_config --libs) - EOC - fi - - if use nis; then - cat >> Makefile <<- EOC - LOOKUP_NIS=yes - LOOKUP_NISPLUS=yes - EOC - if use elibc_glibc ; then - cat >> Makefile <<- EOC - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc - LOOKUP_LIBS += -lnsl - EOC - fi - fi - - if use postgres; then - cat >> Makefile <<- EOC - LOOKUP_PGSQL=yes - LOOKUP_INCLUDE += -I$(pg_config --includedir) - LOOKUP_LIBS += -L$(pg_config --libdir) -lpq - EOC - fi - - if use sqlite; then - cat >> Makefile <<- EOC - LOOKUP_SQLITE=yes - LOOKUP_SQLITE_PC=sqlite3 - EOC - fi - - if use redis; then - cat >> Makefile <<- EOC - LOOKUP_REDIS=yes - LOOKUP_LIBS += -lhiredis - EOC - fi - - # Exim monitor, enabled by default, controlled via X USE-flag, - # disable if not requested, bug #46778 - if use X; then - cp ../exim_monitor/EDITME eximon.conf || die - cat >> Makefile <<- EOC - EXIM_MONITOR=eximon.bin - EOC - fi - - # - # features - # - - # DomainKeys Identified Mail, RFC4871 - if ! use dkim; then - # DKIM is enabled by default - cat >> Makefile <<- EOC - DISABLE_DKIM=yes - EOC - fi - - # Per-Recipient-Data-Response - if ! use prdr; then - # PRDR is enabled by default - cat >> Makefile <<- EOC - DISABLE_PRDR=yes - EOC - fi - - # Transport post-delivery actions - if use !tpda && use !dane; then - # EVENT is enabled by default - cat >> Makefile <<- EOC - DISABLE_EVENT=yes - EOC - fi - - # log to syslog - if use syslog; then - local eximlog="${EPREFIX}/var/log/exim/exim_%s.log" - sed -i \ - -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \ - Makefile || die - cat >> Makefile <<- EOC - LOG_FILE_PATH=syslog - EOC - else - cat >> Makefile <<- EOC - LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log - EOC - fi - - # starttls support (ssl) - if use ssl; then - if use gnutls; then - echo "USE_GNUTLS=yes" >> Makefile - echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \ - >> Makefile - use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile - else - echo "USE_OPENSSL=yes" >> Makefile - echo "USE_OPENSSL_PC=openssl" >> Makefile - fi - else - echo "DISABLE_TLS=yes" >> Makefile - fi - - # TCP wrappers - if use tcpd; then - cat >> Makefile <<- EOC - USE_TCP_WRAPPERS=yes - EXTRALIBS_EXIM += -lwrap - EOC - fi - - # Light Mail Transport Protocol - if use lmtp; then - cat >> Makefile <<- EOC - TRANSPORT_LMTP=yes - EOC - fi - - # embedded Perl - if use perl; then - cat >> Makefile <<- EOC - EXIM_PERL=perl.o - EOC - fi - - # dlfunc - if use dlfunc; then - cat >> Makefile <<- EOC - EXPAND_DLFUNC=yes - HAVE_LOCAL_SCAN=yes - DLOPEN_LOCAL_SCAN=yes - EOC - fi - - # Proxy Protocol - if use proxy; then - cat >> Makefile <<- EOC - SUPPORT_PROXY=yes - EOC - fi - - # SOCKS5 (outbound) proxy support - if use socks5; then - cat >> Makefile <<- EOC - SUPPORT_SOCKS=yes - EOC - fi - - # DANE - if use !dane; then - # DANE is enabled by default - sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die - fi - - # DMARC - if use dmarc; then - cat >> Makefile <<- EOC - SUPPORT_DMARC=yes - EXTRALIBS_EXIM += -lopendmarc - EOC - fi - - # Sender Policy Framework - if use spf; then - cat >> Makefile <<- EOC - SUPPORT_SPF=yes - EXTRALIBS_EXIM += -lspf2 - EOC - fi - - # - # experimental features - # - - # Authenticated Receive Chain - if use arc; then - echo "EXPERIMENTAL_ARC=yes">> Makefile - fi - - # Distributed Checksum Clearinghouse - if use dcc; then - echo "EXPERIMENTAL_DCC=yes">> Makefile - fi - - # Sender Rewriting Scheme - if use srs; then - # this one is the default/supported variant since 4.95, and the - # only variant available since 4.96 - cat >> Makefile <<- EOC - SUPPORT_SRS=yes - EOC - fi - - # Delivery Sender Notifications extra information in fail message - if use dsn; then - cat >> Makefile <<- EOC - EXPERIMENTAL_DSN_INFO=yes - EOC - fi - - # - # authentication (SMTP AUTH) - # - - # standard bits - cat >> Makefile <<- EOC - AUTH_SPA=yes - AUTH_CRAM_MD5=yes - AUTH_PLAINTEXT=yes - EOC - - # Cyrus SASL - if use sasl; then - cat >> Makefile <<- EOC - CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux - AUTH_CYRUS_SASL=yes - AUTH_LIBS += -lsasl2 - EOC - fi - - # Dovecot - if use dovecot-sasl; then - cat >> Makefile <<- EOC - AUTH_DOVECOT=yes - EOC - fi - - # Pluggable Authentication Modules - if use pam; then - cat >> Makefile <<- EOC - SUPPORT_PAM=yes - AUTH_LIBS += -lpam - EOC - fi - - # Radius - if use radius; then - cat >> Makefile <<- EOC - RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf - RADIUS_LIB_TYPE=RADIUSCLIENTNEW - AUTH_LIBS += -lfreeradius-client - EOC - fi -} - -src_compile() { - emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \ - AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' -} - -src_install() { - cd "${S}"/build-exim-gentoo || die - dosbin exim - if use X; then - dosbin eximon.bin - dosbin eximon - fi - fperms 4755 /usr/sbin/exim - - dosym exim /usr/sbin/sendmail - dosym exim /usr/sbin/rsmtp - dosym exim /usr/sbin/rmail - dosym ../sbin/exim /usr/bin/mailq - dosym ../sbin/exim /usr/bin/newaliases - dosym ../sbin/sendmail /usr/lib/sendmail - - for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ - exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ - convert4r3 convert4r4 exipick - do - dosbin $i - done - - dodoc -r "${S}"/doc/. - doman "${S}"/doc/exim.8 - use dsn && dodoc "${S}"/README.DSN - use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf - - # conf files - insinto /etc/exim - newins "${S}"/src/configure.default exim.conf.dist - doins "${WORKDIR}"/system_filter.exim - doins "${FILESDIR}"/auth_conf.sub - - if use pam; then - pamd_mimic system-auth exim auth account - fi - - # headers, #436406 - if use dlfunc ; then - # fixup includes so they actually can be found when including - sed -i \ - -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \ - local_scan.h || die - insinto /usr/include/exim - doins {config,local_scan}.h ../src/{mytypes,store}.h - fi - - insinto /etc/logrotate.d - newins "${FILESDIR}/exim.logrotate" exim - - newinitd "${FILESDIR}"/exim.rc10 exim - newconfd "${FILESDIR}"/exim.confd exim - - systemd_dounit \ - "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} - systemd_newunit \ - "${FILESDIR}"/exim_at.service 'exim@.service' - systemd_newunit \ - "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' - - diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} - keepdir /var/log/${PN} -} - -pkg_postinst() { - if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then - einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter." - einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub" - einfo "for using smtp auth." - einfo "Please create ${EROOT}/etc/exim/exim.conf from" - einfo " ${EROOT}/etc/exim/exim.conf.dist." - fi - if use berkdb && ( use gdbm || use tdb ) ; then - ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!" - fi - if use dmarc ; then - einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" - einfo "you can populate this file with the contents downloaded from" - einfo " https://publicsuffix.org/list/public_suffix_list.dat" - fi - if use dcc ; then - einfo "DCC support is experimental, you can find some limited" - einfo "documentation at the bottom of this prerelease message:" - einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" - fi - if use srs; then - einfo "SRS support using libsrs_alt was dropped in this" - einfo "release of Exim, you are now using the native SRS implementation" - fi - use dsn && einfo "extra information in fail DSN message is experimental" - einfo - elog "Note that this release contains a tainted variable check that" - elog "is likely to break your configuration used with Exim 4.93 and before." - elog "Please check your transports for occurences of \$local_part, and" - elog "use a replacement like \$local_part_data where possible." -} diff --git a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch b/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch deleted file mode 100644 index 533aaf1f9e51..000000000000 --- a/mail-mta/exim/files/exim-4.94-CVE-2022-3559.patch +++ /dev/null @@ -1,99 +0,0 @@ -Patch cleaned up for Gentoo -- applied to 4.94 -- removed unnecessary whitespace changes - -From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Wed, 31 Aug 2022 15:37:40 +0100 -Subject: [PATCH 1/1] Fix $regex<n> use-after-free. Bug 2915 - ---- exim-4.94.2/src/exim.c 2021-04-30 14:08:21.000000000 +0200 -+++ exim-4.94.2/src/exim.c 2022-10-19 09:15:58.611447982 +0200 -@@ -1886,8 +1886,6 @@ - regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE); - #endif - --for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -- - /* If the program is called as "mailq" treat it as equivalent to "exim -bp"; - this seems to be a generally accepted convention, since one finds symbolic - links called "mailq" in standard OS configurations. */ -@@ -5841,7 +5839,7 @@ - deliver_localpart_data = deliver_domain_data = - recipient_data = sender_data = NULL; - acl_var_m = NULL; -- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+ regex_vars_clear(); - - store_reset(reset_point); - } ---- exim-4.94.2/src/functions.h 2021-04-30 14:08:21.000000000 +0200 -+++ exim-4.94.2/src/functions.h 2022-10-19 09:17:44.882122667 +0200 -@@ -417,6 +417,7 @@ - #endif - extern BOOL regex_match_and_setup(const pcre *, const uschar *, int, int); - extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL); -+extern void regex_vars_clear(void); - extern void retry_add_item(address_item *, uschar *, int); - extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL, - uschar **, uschar **); ---- exim-4.94.2/src/globals.c 2022-10-19 09:14:19.344751853 +0200 -+++ exim-4.94.2/src/globals.c 2022-10-19 09:18:27.675991666 +0200 -@@ -1289,7 +1289,7 @@ - #endif - const pcre *regex_ismsgid = NULL; - const pcre *regex_smtp_code = NULL; --uschar *regex_vars[REGEX_VARS]; -+uschar *regex_vars[REGEX_VARS] = { 0 }; - #ifdef WHITELIST_D_MACROS - const pcre *regex_whitelisted_macro = NULL; - #endif ---- exim-4.94.2/src/regex.c 2021-04-30 14:08:21.000000000 +0200 -+++ exim-4.94.2/src/regex.c 2022-10-19 09:35:03.229084750 +0200 -@@ -98,7 +106,7 @@ - int ret = FAIL; - - /* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - if (!mime_stream) /* We are in the DATA ACL */ - { -@@ -166,8 +174,7 @@ - int mime_subject_len = 0; - int ret; - --/* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - /* precompile our regexes */ - if (!(re_list_head = compile(*listptr))) -@@ -213,3 +205,14 @@ - } - - #endif /* WITH_CONTENT_SCAN */ -+ -+/* reset expansion variables */ -+void -+regex_vars_clear(void) -+{ -+#ifdef WITH_CONTENT_SCAN -+regex_match_string = NULL; -+#endif -+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+} -+ ---- exim-4.94.2/src/smtp_in.c 2021-04-30 14:08:21.000000000 +0200 -+++ exim-4.94.2/src/smtp_in.c 2022-10-19 09:15:58.613447975 +0200 -@@ -2161,8 +2161,10 @@ - #ifdef SUPPORT_I18N - message_smtputf8 = FALSE; - #endif -+regex_vars_clear(); - body_linecount = body_zerocount = 0; - -+lookup_value = NULL; /* Can be set by ACL */ - sender_rate = sender_rate_limit = sender_rate_period = NULL; - ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */ - /* Note that ratelimiters_conn persists across resets. */ diff --git a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch b/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch deleted file mode 100644 index 27e68bfdd74f..000000000000 --- a/mail-mta/exim/files/exim-4.94.2-fix-crash-resolve.patch +++ /dev/null @@ -1,24 +0,0 @@ -From d4bc023436e4cce7c23c5f8bb5199e178b4cc743 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sun, 16 May 2021 19:11:19 +0200 -Subject: [PATCH] Fix host_name_lookup (Close 2747) - -https://bugs.exim.org/show_bug.cgi?id=2747 - -(cherry picked from commit 20812729e3e47a193a21d326ecd036d67a8b2724) ---- - src/src/host.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/src/host.c b/src/src/host.c ---- a/src/host.c -+++ b/src/host.c -@@ -1691,7 +1691,7 @@ while ((ordername = string_nextinlist(&list, &sep, NULL, 0))) - { - uschar **aptr = NULL; - int ssize = 264; -- int count = 0; -+ int count = 1; /* need 1 more for terminating NULL */ - int old_pool = store_pool; - - sender_host_dnssec = dns_is_secure(dnsa); diff --git a/mail-mta/exim/files/exim-4.94.2-openssl3.patch b/mail-mta/exim/files/exim-4.94.2-openssl3.patch deleted file mode 100644 index f9758515bef1..000000000000 --- a/mail-mta/exim/files/exim-4.94.2-openssl3.patch +++ /dev/null @@ -1,332 +0,0 @@ -Original commits from upstream applied to 4.94.2 release tarball - -From a5d79c99f4948d9fd288a1bfaca3a44cf2caaa32 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Wed, 1 Dec 2021 17:36:18 +0000 -Subject: [PATCH] OpenSSL: use nondeprecated D-H functions under 3.0.0. - -From c6a290f4d8df3734b3cdc2232b4334ff8386c1da Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Wed, 1 Dec 2021 18:52:21 +0000 -Subject: [PATCH] OpenSSL: tidy DH and ECDH param setup Testsuite: expand DH - testcase - -From ff7829398d74e67f1c1f40339a772fd76708e5ac Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com> -Date: Sat, 27 Nov 2021 21:07:15 +0000 -Subject: [PATCH] Fix build for OpenSSL 3.0.0 . Bug 2810 - -From ca4014de81e6aa367aa0a54c49b4c3d4b137814c Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Sun, 1 Jan 2023 12:18:38 +0000 -Subject: [PATCH] OpenSSL: fix tls_eccurve setting explicit curve/group. Bug - 2954 - -From 7fa5764c203f2f4a900898a79ed02d674075313f Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Mon, 2 Jan 2023 15:04:14 +0000 -Subject: [PATCH] OpenSSL: Fix tls_eccurve on earlier versions than 3.0.0. Bug - 2954 - -Broken-by: ca4014de81e6 - ---- a/src/tls-openssl.c -+++ b/src/tls-openssl.c -@@ -227,12 +227,16 @@ - { US"no_tlsv1", SSL_OP_NO_TLSv1 }, - #endif - #ifdef SSL_OP_NO_TLSv1_1 --#if SSL_OP_NO_TLSv1_1 == 0x00000400L -+# if OPENSSL_VERSION_NUMBER < 0x30000000L -+# if SSL_OP_NO_TLSv1_1 == 0x00000400L - /* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */ --#warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring --#else -+# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring -+# define NO_SSL_OP_NO_TLSv1_1 -+# endif -+# endif -+# ifndef NO_SSL_OP_NO_TLSv1_1 - { US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 }, --#endif -+# endif - #endif - #ifdef SSL_OP_NO_TLSv1_2 - { US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 }, -@@ -1017,23 +1021,27 @@ - *************************************************/ - - /* If dhparam is set, expand it, and load up the parameters for DH encryption. -+Server only. - - Arguments: - sctx The current SSL CTX (inbound or outbound) - dhparam DH parameter file or fixed parameter identity string -- host connected host, if client; NULL if server - errstr error string pointer - - Returns: TRUE if OK (nothing to set up, or setup worked) - */ - - static BOOL --init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr) -+init_dh(SSL_CTX * sctx, uschar * dhparam, uschar ** errstr) - { --BIO *bio; --DH *dh; --uschar *dhexpanded; --const char *pem; -+BIO * bio; -+#if OPENSSL_VERSION_NUMBER < 0x30000000L -+DH * dh; -+#else -+EVP_PKEY * pkey; -+#endif -+uschar * dhexpanded; -+const char * pem; - int dh_bitsize; - - if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr)) -@@ -1046,7 +1054,7 @@ - if (!(bio = BIO_new_file(CS dhexpanded, "r"))) - { - tls_error(string_sprintf("could not read dhparams file %s", dhexpanded), -- host, US strerror(errno), errstr); -+ NULL, US strerror(errno), errstr); - return FALSE; - } - } -@@ -1061,17 +1069,23 @@ - if (!(pem = std_dh_prime_named(dhexpanded))) - { - tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded), -- host, US strerror(errno), errstr); -+ NULL, US strerror(errno), errstr); - return FALSE; - } - bio = BIO_new_mem_buf(CS pem, -1); - } - --if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL))) -+if (!( -+#if OPENSSL_VERSION_NUMBER < 0x30000000L -+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL) -+#else -+ pkey = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL) -+#endif -+ ) ) - { - BIO_free(bio); - tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded), -- host, NULL, errstr); -+ NULL, NULL, errstr); - return FALSE; - } - -@@ -1081,33 +1095,54 @@ - * If someone wants to dance at the edge, then they can raise the limit or use - * current libraries. */ --#ifdef EXIM_HAVE_OPENSSL_DH_BITS -+#if OPENSSL_VERSION_NUMBER < 0x30000000L -+# ifdef EXIM_HAVE_OPENSSL_DH_BITS - /* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022 - * This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */ - dh_bitsize = DH_bits(dh); --#else -+# else - dh_bitsize = 8 * DH_size(dh); -+# endif -+#else /* 3.0.0 + */ -+dh_bitsize = EVP_PKEY_get_bits(pkey); - #endif - --/* Even if it is larger, we silently return success rather than cause things -- * to fail out, so that a too-large DH will not knock out all TLS; it's a -- * debatable choice. */ --if (dh_bitsize > tls_dh_max_bits) -+/* Even if it is larger, we silently return success rather than cause things to -+fail out, so that a too-large DH will not knock out all TLS; it's a debatable -+choice. Likewise for a failing attempt to set one. */ -+ -+if (dh_bitsize <= tls_dh_max_bits) - { -- DEBUG(D_tls) -- debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n", -- dh_bitsize, tls_dh_max_bits); -+ if ( -+#if OPENSSL_VERSION_NUMBER < 0x30000000L -+ SSL_CTX_set_tmp_dh(sctx, dh) -+#else -+ SSL_CTX_set0_tmp_dh_pkey(sctx, pkey) -+#endif -+ == 0) -+ { -+ ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring)); -+ log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (D-H param setting '%s'): %s", -+ dhexpanded ? dhexpanded : US"default", ssl_errstring); -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ /* EVP_PKEY_free(pkey); crashes */ -+#endif -+ } -+ else -+ DEBUG(D_tls) -+ debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n", -+ dhexpanded ? dhexpanded : US"default", dh_bitsize); - } - else -- { -- SSL_CTX_set_tmp_dh(sctx, dh); - DEBUG(D_tls) -- debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n", -- dhexpanded ? dhexpanded : US"default", dh_bitsize); -- } -+ debug_printf("dhparams '%s' %d bits, is > tls_dh_max_bits limit of %d\n", -+ dhexpanded ? dhexpanded : US"default", dh_bitsize, tls_dh_max_bits); - -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - DH_free(dh); --BIO_free(bio); -+#endif -+/* The EVP_PKEY ownership stays with the ctx; do not free it */ - -+BIO_free(bio); - return TRUE; - } - -@@ -1118,7 +1154,7 @@ - * Initialize for ECDH * - *************************************************/ - --/* Load parameters for ECDH encryption. -+/* Load parameters for ECDH encryption. Server only. - - For now, we stick to NIST P-256 because: it's simple and easy to configure; - it avoids any patent issues that might bite redistributors; despite events in -@@ -1136,37 +1172,40 @@ - - Arguments: - sctx The current SSL CTX (inbound or outbound) -- host connected host, if client; NULL if server - errstr error string pointer - - Returns: TRUE if OK (nothing to set up, or setup worked) - */ - - static BOOL --init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr) -+init_ecdh(SSL_CTX * sctx, uschar ** errstr) - { - #ifdef OPENSSL_NO_ECDH - return TRUE; - #else - --EC_KEY * ecdh; - uschar * exp_curve; --int nid; --BOOL rv; -- --if (host) /* No ECDH setup for clients, only for servers */ -- return TRUE; -+int nid, rc; - - # ifndef EXIM_HAVE_ECDH - DEBUG(D_tls) -- debug_printf("No OpenSSL API to define ECDH parameters, skipping\n"); -+ debug_printf(" No OpenSSL API to define ECDH parameters, skipping\n"); - return TRUE; - # else - - if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr)) - return FALSE; -+ -+/* Is the option deliberately empty? */ -+ - if (!exp_curve || !*exp_curve) -+ { -+#if OPENSSL_VERSION_NUMBER >= 0x10002000L -+ DEBUG(D_tls) debug_printf( " ECDH OpenSSL 1.0.2+: clearing curves list\n"); -+ (void) SSL_CTX_set1_curves(sctx, &nid, 0); -+#endif - return TRUE; -+ } - - /* "auto" needs to be handled carefully. - * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1 -@@ -1202,27 +1241,41 @@ - # endif - ) - { -- tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve), -- host, NULL, errstr); -+ uschar * s = string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve); -+ DEBUG(D_tls) debug_printf("TLS error '%s'\n", s); -+ if (errstr) *errstr = s; - return FALSE; - } - --if (!(ecdh = EC_KEY_new_by_curve_name(nid))) -- { -- tls_error(US"Unable to create ec curve", host, NULL, errstr); -- return FALSE; -- } -+# if OPENSSL_VERSION_NUMBER < 0x30000000L -+ { -+ EC_KEY * ecdh; -+ if (!(ecdh = EC_KEY_new_by_curve_name(nid))) -+ { -+ tls_error(US"Unable to create ec curve", NULL, NULL, errstr); -+ return FALSE; -+ } - --/* The "tmp" in the name here refers to setting a temporary key --not to the stability of the interface. */ -+ /* The "tmp" in the name here refers to setting a temporary key -+ not to the stability of the interface. */ - --if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0)) -- tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr); -+ if ((rc = SSL_CTX_set_tmp_ecdh(sctx, ecdh)) == 0) -+ tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), NULL, NULL, errstr); -+ else -+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' curve\n", exp_curve); -+ EC_KEY_free(ecdh); -+ } -+ -+#else /* v 3.0.0 + */ -+ -+if ((rc = SSL_CTX_set1_groups(sctx, &nid, 1)) == 0) -+ tls_error(string_sprintf("Error enabling '%s' group", exp_curve), NULL, NULL, errstr); - else -- DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve); -+ DEBUG(D_tls) debug_printf(" ECDH: enabled '%s' group\n", exp_curve); -+ -+#endif - --EC_KEY_free(ecdh); --return !rv; -+return !!rc; - - # endif /*EXIM_HAVE_ECDH*/ - #endif /*OPENSSL_NO_ECDH*/ -@@ -1727,8 +1780,8 @@ - SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb); - SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo); - --if ( !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr) -- || !init_ecdh(server_sni, NULL, &dummy_errstr) -+if ( !init_dh(server_sni, cbinfo->dhparam, &dummy_errstr) -+ || !init_ecdh(server_sni, &dummy_errstr) - ) - goto bad; - -@@ -2213,8 +2266,8 @@ - /* Initialize with DH parameters if supplied */ - /* Initialize ECDH temp key parameter selection */ - --if ( !init_dh(ctx, dhparam, host, errstr) -- || !init_ecdh(ctx, host, errstr) -+if ( !init_dh(ctx, dhparam, errstr) -+ || !init_ecdh(ctx, errstr) - ) - return DEFER; - |