[gentoo-commits] repo/gentoo:master commit in: net-mail/dovecot/, net-mail/dovecot/files/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-mail/dovecot/, net-mail/dovecot/files/
Date:	Thu, 01 Feb 2018 01:19:01
Message-Id:	`1517447897.e3acd4d22b48eca30b27ce4694e4ae1de51fba40.whissi@gentoo`

1

commit:     e3acd4d22b48eca30b27ce4694e4ae1de51fba40

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Thu Feb  1 01:18:17 2018 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Thu Feb  1 01:18:17 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3acd4d2

7

8

net-mail/dovecot: bump, fixup for problem caused by patch for CVE-2017-15132

9

10

Dovecot login process would crash after few minutes of idle after

11

consecutive aborted logins when patch for CVE-2017-15132 was applied.

12

13

Bug: https://bugs.gentoo.org/644214

14

Package-Manager: Portage-2.3.21, Repoman-2.3.6

15

16

 net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild        | 292 +++++++++++++++++++++

17

 net-mail/dovecot/dovecot-2.3.0-r3.ebuild           | 289 ++++++++++++++++++++

18

 .../dovecot-2.2.33.2-CVE-2017-15132-fixup.patch    |  37 +++

19

 3 files changed, 618 insertions(+)

20

21

diff --git a/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild b/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild

22

new file mode 100644

23

index 00000000000..3ff57c442d7

24

--- /dev/null

25

+++ b/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild

26

@@ -0,0 +1,292 @@

27

+# Copyright 1999-2018 Gentoo Foundation

28

+# Distributed under the terms of the GNU General Public License v2

29

+

30

+EAPI=6

31

+inherit ssl-cert systemd user versionator

32

+

33

+MY_P="${P/_/.}"

34

+major_minor="$(get_version_component_range 1-2)"

35

+sieve_version="0.4.21"

36

+if [[ ${PV} == *_rc* ]] ; then

37

+	rc_dir="rc/"

38

+else

39

+	rc_dir=""

40

+fi

41

+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz

42

+	sieve? (

43

+	https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz

44

+	)

45

+	managesieve? (

46

+	https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz

47

+	) "

48

+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"

49

+HOMEPAGE="http://www.dovecot.org/"

50

+

51

+SLOT="0"

52

+LICENSE="LGPL-2.1 MIT"

53

+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86"

54

+

55

+IUSE_DOVECOT_AUTH="kerberos ldap mysql pam postgres sqlite vpopmail"

56

+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib"

57

+IUSE_DOVECOT_OTHER="caps doc ipv6 libressl lucene managesieve selinux sieve solr +ssl static-libs suid tcpd textcat"

58

+

59

+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"

60

+

61

+DEPEND="bzip2? ( app-arch/bzip2 )

62

+	caps? ( sys-libs/libcap )

63

+	kerberos? ( virtual/krb5 )

64

+	ldap? ( net-nds/openldap )

65

+	lucene? ( >=dev-cpp/clucene-2.3 )

66

+	lzma? ( app-arch/xz-utils )

67

+	lz4? ( app-arch/lz4 )

68

+	mysql? ( virtual/mysql )

69

+	pam? ( virtual/pam )

70

+	postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] )

71

+	selinux? ( sec-policy/selinux-dovecot )

72

+	solr? ( net-misc/curl dev-libs/expat )

73

+	sqlite? ( dev-db/sqlite:* )

74

+	ssl? (

75

+		!libressl? ( dev-libs/openssl:0 )

76

+		libressl? ( dev-libs/libressl )

77

+	)

78

+	tcpd? ( sys-apps/tcp-wrappers )

79

+	textcat? ( app-text/libexttextcat )

80

+	vpopmail? ( net-mail/vpopmail )

81

+	zlib? ( sys-libs/zlib )

82

+	virtual/libiconv

83

+	dev-libs/icu:="

84

+

85

+RDEPEND="${DEPEND}

86

+	net-mail/mailbase"

87

+

88

+# Dovecot does not support building without ssl.  Force it for now

89

+REQUIRED_USE="ssl"

90

+

91

+S=${WORKDIR}/${MY_P}

92

+

93

+pkg_setup() {

94

+	if use managesieve && ! use sieve; then

95

+		ewarn "managesieve USE flag selected but sieve USE flag unselected"

96

+		ewarn "sieve USE flag will be turned on"

97

+	fi

98

+	# default internal user

99

+	enewgroup dovecot 97

100

+	enewuser dovecot 97 -1 /dev/null dovecot

101

+	# default login user

102

+	enewuser dovenull -1 -1 /dev/null

103

+	# add "mail" group for suid'ing. Better security isolation.

104

+	if use suid; then

105

+		enewgroup mail

106

+	fi

107

+}

108

+

109

+src_prepare() {

110

+	eapply -p0 "${FILESDIR}/${PN}-10-ssl.patch"

111

+	eapply "${FILESDIR}/${PN}-2.2.33.2-CVE-2017-15132.patch"

112

+	eapply "${FILESDIR}/${PN}-2.2.33.2-CVE-2017-15132-fixup.patch"

113

+	eapply_user

114

+}

115

+

116

+src_configure() {

117

+	local conf=""

118

+

119

+	if use postgres || use mysql || use sqlite; then

120

+		conf="${conf} --with-sql"

121

+	fi

122

+

123

+	# turn valgrind tests off. Bug #340791

124

+	VALGRIND=no econf \

125

+		--localstatedir="${EPREFIX}/var" \

126

+		--runstatedir="${EPREFIX}/run" \

127

+		--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \

128

+		--without-stemmer \

129

+		--disable-rpath \

130

+		--with-icu \

131

+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \

132

+		$( use_with bzip2 bzlib ) \

133

+		$( use_with caps libcap ) \

134

+		$( use_with kerberos gssapi ) \

135

+		$( use_with ldap ) \

136

+		$( use_with lucene ) \

137

+		$( use_with lz4 ) \

138

+		$( use_with lzma ) \

139

+		$( use_with mysql ) \

140

+		$( use_with pam ) \

141

+		$( use_with postgres pgsql ) \

142

+		$( use_with sqlite ) \

143

+		$( use_with solr ) \

144

+		$( use_with ssl ) \

145

+		$( use_with tcpd libwrap ) \

146

+		$( use_with textcat ) \

147

+		$( use_with vpopmail ) \

148

+		$( use_with zlib ) \

149

+		$( use_enable static-libs static ) \

150

+		${conf}

151

+

152

+	if use sieve || use managesieve ; then

153

+		# The sieve plugin needs this file to be build to determine the plugin

154

+		# directory and the list of libraries to link to.

155

+		emake dovecot-config

156

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

157

+		econf \

158

+			$( use_enable static-libs static ) \

159

+			--localstatedir="${EPREFIX}/var" \

160

+			--enable-shared \

161

+			--with-dovecot="../${MY_P}" \

162

+			$( use_with managesieve )

163

+	fi

164

+}

165

+

166

+src_compile() {

167

+	default

168

+	if use sieve || use managesieve ; then

169

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

170

+		emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"

171

+	fi

172

+}

173

+

174

+src_test() {

175

+	default

176

+	if use sieve || use managesieve ; then

177

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

178

+		default

179

+	fi

180

+}

181

+

182

+src_install () {

183

+	default

184

+

185

+	# insecure:

186

+	# use suid && fperms u+s /usr/libexec/dovecot/deliver

187

+	# better:

188

+	if use suid;then

189

+		einfo "Changing perms to allow deliver to be suided"

190

+		fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"

191

+		fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"

192

+	fi

193

+

194

+	newinitd "${FILESDIR}"/dovecot.init-r4 dovecot

195

+

196

+	rm -rf "${ED}"/usr/share/doc/dovecot

197

+

198

+	dodoc AUTHORS NEWS README TODO

199

+	dodoc doc/*.{txt,cnf,xml,sh}

200

+	docinto example-config

201

+	dodoc doc/example-config/*.{conf,ext}

202

+	docinto example-config/conf.d

203

+	dodoc doc/example-config/conf.d/*.{conf,ext}

204

+	docinto wiki

205

+	dodoc doc/wiki/*

206

+	doman doc/man/*.{1,7}

207

+

208

+	# Create the dovecot.conf file from the dovecot-example.conf file that

209

+	# the dovecot folks nicely left for us....

210

+	local conf="${ED}/etc/dovecot/dovecot.conf"

211

+	local confd="${ED}/etc/dovecot/conf.d"

212

+

213

+	insinto /etc/dovecot

214

+	doins doc/example-config/*.{conf,ext}

215

+	insinto /etc/dovecot/conf.d

216

+	doins doc/example-config/conf.d/*.{conf,ext}

217

+	fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext

218

+	rm -f "${confd}/../README"

219

+

220

+	# .maildir is the Gentoo default

221

+	local mail_location="maildir:~/.maildir"

222

+	sed -i -e \

223

+		"s|#mail_location =|mail_location = ${mail_location}|" \

224

+		"${confd}/10-mail.conf" \

225

+		|| die "failed to update mail location settings in 10-mail.conf"

226

+

227

+	# We're using pam files (imap and pop3) provided by mailbase

228

+	if use pam; then

229

+		sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \

230

+			"${confd}/auth-system.conf.ext" \

231

+			|| die "failed to update PAM settings in auth-system.conf.ext"

232

+		# mailbase does not provide a sieve pam file

233

+		use managesieve && dosym imap /etc/pam.d/sieve

234

+		sed -i -e \

235

+			's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \

236

+			"${confd}/10-auth.conf" \

237

+			|| die "failed to update PAM settings in 10-auth.conf"

238

+	fi

239

+

240

+	# Disable ipv6 if necessary

241

+	if ! use ipv6; then

242

+		sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \

243

+			|| die "failed to update listen settings in dovecot.conf"

244

+	fi

245

+

246

+	# Update ssl cert locations

247

+	if use ssl; then

248

+		sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \

249

+		|| die "ssl conf failed"

250

+		sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \

251

+			-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \

252

+			"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"

253

+	fi

254

+

255

+	# Install SQL configuration

256

+	if use mysql || use postgres; then

257

+		sed -i -e \

258

+			's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \

259

+			"${confd}/10-auth.conf" || die "failed to update SQL settings in \

260

+			10-auth.conf"

261

+	fi

262

+

263

+	# Install LDAP configuration

264

+	if use ldap; then

265

+		sed -i -e \

266

+			's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \

267

+			"${confd}/10-auth.conf" \

268

+			|| die "failed to update ldap settings in 10-auth.conf"

269

+	fi

270

+

271

+	if use vpopmail; then

272

+		sed -i -e \

273

+			's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \

274

+			"${confd}/10-auth.conf" \

275

+			|| die "failed to update vpopmail settings in 10-auth.conf"

276

+	fi

277

+

278

+	if use sieve || use managesieve ; then

279

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

280

+		emake DESTDIR="${ED}" install

281

+		sed -i -e \

282

+			's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \

283

+			|| die "failed to update sieve settings in 15-lda.conf"

284

+		rm -rf "${ED}"/usr/share/doc/dovecot

285

+		docinto example-config/conf.d

286

+		dodoc doc/example-config/conf.d/*.conf

287

+		insinto /etc/dovecot/conf.d

288

+		doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf

289

+		use managesieve && doins doc/example-config/conf.d/20-managesieve.conf

290

+		docinto sieve/rfc

291

+		dodoc doc/rfc/*.txt

292

+		docinto sieve/devel

293

+		dodoc doc/devel/DESIGN

294

+		docinto plugins

295

+		dodoc doc/plugins/*.txt

296

+		docinto extensions

297

+		dodoc doc/extensions/*.txt

298

+		docinto locations

299

+		dodoc doc/locations/*.txt

300

+		doman doc/man/*.{1,7}

301

+	fi

302

+

303

+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete

304

+}

305

+

306

+pkg_postinst() {

307

+	if use ssl; then

308

+	# Let's not make a new certificate if we already have one

309

+		if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \

310

+		-e "${ROOT}"/etc/ssl/dovecot/server.key ]];	then

311

+			einfo "Creating SSL	certificate"

312

+			SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"

313

+			install_cert /etc/ssl/dovecot/server

314

+		fi

315

+	fi

316

+

317

+	elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes."

318

+}

319

320

diff --git a/net-mail/dovecot/dovecot-2.3.0-r3.ebuild b/net-mail/dovecot/dovecot-2.3.0-r3.ebuild

321

new file mode 100644

322

index 00000000000..df9749698c3

323

--- /dev/null

324

+++ b/net-mail/dovecot/dovecot-2.3.0-r3.ebuild

325

@@ -0,0 +1,289 @@

326

+# Copyright 1999-2018 Gentoo Foundation

327

+# Distributed under the terms of the GNU General Public License v2

328

+

329

+EAPI=6

330

+# do not add a ssl USE flag.  ssl is mandatory

331

+SSL_DEPS_SKIP=1

332

+inherit ssl-cert systemd user versionator

333

+

334

+MY_P="${P/_/.}"

335

+MY_S="${PN}-ce-${PV}"

336

+major_minor="$(get_version_component_range 1-2)"

337

+sieve_version="0.5.0.1"

338

+if [[ ${PV} == *_rc* ]] ; then

339

+	rc_dir="rc/"

340

+else

341

+	rc_dir=""

342

+fi

343

+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz

344

+	sieve? (

345

+	https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz

346

+	)

347

+	managesieve? (

348

+	https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz

349

+	) "

350

+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind"

351

+HOMEPAGE="http://www.dovecot.org/"

352

+

353

+SLOT="0"

354

+LICENSE="LGPL-2.1 MIT"

355

+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86"

356

+

357

+IUSE_DOVECOT_AUTH="kerberos ldap lua mysql pam postgres sqlite vpopmail"

358

+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib"

359

+IUSE_DOVECOT_OTHER="argon2 caps doc ipv6 libressl lucene managesieve selinux sieve solr static-libs suid tcpd textcat"

360

+

361

+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}"

362

+

363

+DEPEND="argon2? ( dev-libs/libsodium )

364

+	bzip2? ( app-arch/bzip2 )

365

+	caps? ( sys-libs/libcap )

366

+	kerberos? ( virtual/krb5 )

367

+	ldap? ( net-nds/openldap )

368

+	lua? ( dev-lang/lua:* )

369

+	lucene? ( >=dev-cpp/clucene-2.3 )

370

+	lzma? ( app-arch/xz-utils )

371

+	lz4? ( app-arch/lz4 )

372

+	mysql? ( virtual/mysql )

373

+	pam? ( virtual/pam )

374

+	postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] )

375

+	selinux? ( sec-policy/selinux-dovecot )

376

+	solr? ( net-misc/curl dev-libs/expat )

377

+	sqlite? ( dev-db/sqlite:* )

378

+	!libressl? ( dev-libs/openssl:0 )

379

+	libressl? ( dev-libs/libressl )

380

+	tcpd? ( sys-apps/tcp-wrappers )

381

+	textcat? ( app-text/libexttextcat )

382

+	vpopmail? ( net-mail/vpopmail )

383

+	zlib? ( sys-libs/zlib )

384

+	virtual/libiconv

385

+	dev-libs/icu:="

386

+

387

+RDEPEND="${DEPEND}

388

+	net-mail/mailbase"

389

+

390

+PATCHES=(

391

+	"${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132.patch

392

+	"${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132-fixup.patch

393

+)

394

+

395

+S=${WORKDIR}/${MY_S}

396

+

397

+pkg_setup() {

398

+	if use managesieve && ! use sieve; then

399

+		ewarn "managesieve USE flag selected but sieve USE flag unselected"

400

+		ewarn "sieve USE flag will be turned on"

401

+	fi

402

+	# default internal user

403

+	enewgroup dovecot 97

404

+	enewuser dovecot 97 -1 /dev/null dovecot

405

+	# default login user

406

+	enewuser dovenull -1 -1 /dev/null

407

+	# add "mail" group for suid'ing. Better security isolation.

408

+	if use suid; then

409

+		enewgroup mail

410

+	fi

411

+}

412

+

413

+src_configure() {

414

+	local conf=""

415

+

416

+	if use postgres || use mysql || use sqlite; then

417

+		conf="${conf} --with-sql"

418

+	fi

419

+

420

+	# turn valgrind tests off. Bug #340791

421

+	VALGRIND=no econf \

422

+		--with-rundir="${EPREFIX}/run/dovecot" \

423

+		--with-statedir="${EPREFIX}/var/lib/dovecot" \

424

+		--with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \

425

+		--without-stemmer \

426

+		--disable-rpath \

427

+		--without-libbsd \

428

+		--with-icu \

429

+		--with-ssl \

430

+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \

431

+		$( use_with argon2 sodium ) \

432

+		$( use_with bzip2 bzlib ) \

433

+		$( use_with caps libcap ) \

434

+		$( use_with kerberos gssapi ) \

435

+		$( use_with lua ) \

436

+		$( use_with ldap ) \

437

+		$( use_with lucene ) \

438

+		$( use_with lz4 ) \

439

+		$( use_with lzma ) \

440

+		$( use_with mysql ) \

441

+		$( use_with pam ) \

442

+		$( use_with postgres pgsql ) \

443

+		$( use_with sqlite ) \

444

+		$( use_with solr ) \

445

+		$( use_with tcpd libwrap ) \

446

+		$( use_with textcat ) \

447

+		$( use_with vpopmail ) \

448

+		$( use_with zlib ) \

449

+		$( use_enable static-libs static ) \

450

+		${conf}

451

+

452

+	if use sieve || use managesieve ; then

453

+		# The sieve plugin needs this file to be build to determine the plugin

454

+		# directory and the list of libraries to link to.

455

+		emake dovecot-config

456

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

457

+		econf \

458

+			$( use_enable static-libs static ) \

459

+			--localstatedir="${EPREFIX}/var" \

460

+			--enable-shared \

461

+			--with-dovecot="../${MY_S}" \

462

+			$( use_with managesieve )

463

+	fi

464

+}

465

+

466

+src_compile() {

467

+	default

468

+	if use sieve || use managesieve ; then

469

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

470

+		emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}"

471

+	fi

472

+}

473

+

474

+src_test() {

475

+	default

476

+	if use sieve || use managesieve ; then

477

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

478

+		default

479

+	fi

480

+}

481

+

482

+src_install () {

483

+	default

484

+

485

+	# insecure:

486

+	# use suid && fperms u+s /usr/libexec/dovecot/deliver

487

+	# better:

488

+	if use suid;then

489

+		einfo "Changing perms to allow deliver to be suided"

490

+		fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"

491

+		fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda"

492

+	fi

493

+

494

+	newinitd "${FILESDIR}"/dovecot.init-r4 dovecot

495

+

496

+	rm -rf "${ED}"/usr/share/doc/dovecot

497

+

498

+	dodoc AUTHORS NEWS README TODO

499

+	dodoc doc/*.{txt,cnf,xml,sh}

500

+	docinto example-config

501

+	dodoc doc/example-config/*.{conf,ext}

502

+	docinto example-config/conf.d

503

+	dodoc doc/example-config/conf.d/*.{conf,ext}

504

+	docinto wiki

505

+	dodoc doc/wiki/*

506

+	doman doc/man/*.{1,7}

507

+

508

+	# Create the dovecot.conf file from the dovecot-example.conf file that

509

+	# the dovecot folks nicely left for us....

510

+	local conf="${ED}/etc/dovecot/dovecot.conf"

511

+	local confd="${ED}/etc/dovecot/conf.d"

512

+

513

+	insinto /etc/dovecot

514

+	doins doc/example-config/*.{conf,ext}

515

+	insinto /etc/dovecot/conf.d

516

+	doins doc/example-config/conf.d/*.{conf,ext}

517

+	fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext

518

+	rm -f "${confd}/../README"

519

+

520

+	# .maildir is the Gentoo default

521

+	local mail_location="maildir:~/.maildir"

522

+	sed -i -e \

523

+		"s|#mail_location =|mail_location = ${mail_location}|" \

524

+		"${confd}/10-mail.conf" \

525

+		|| die "failed to update mail location settings in 10-mail.conf"

526

+

527

+	# We're using pam files (imap and pop3) provided by mailbase

528

+	if use pam; then

529

+		sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \

530

+			"${confd}/auth-system.conf.ext" \

531

+			|| die "failed to update PAM settings in auth-system.conf.ext"

532

+		# mailbase does not provide a sieve pam file

533

+		use managesieve && dosym imap /etc/pam.d/sieve

534

+		sed -i -e \

535

+			's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \

536

+			"${confd}/10-auth.conf" \

537

+			|| die "failed to update PAM settings in 10-auth.conf"

538

+	fi

539

+

540

+	# Disable ipv6 if necessary

541

+	if ! use ipv6; then

542

+		sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \

543

+			|| die "failed to update listen settings in dovecot.conf"

544

+	fi

545

+

546

+	# Update ssl cert locations

547

+	sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \

548

+		|| die "ssl conf failed"

549

+	sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \

550

+		-e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \

551

+		"${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf"

552

+

553

+	# Install SQL configuration

554

+	if use mysql || use postgres; then

555

+		sed -i -e \

556

+			's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \

557

+			"${confd}/10-auth.conf" || die "failed to update SQL settings in \

558

+			10-auth.conf"

559

+	fi

560

+

561

+	# Install LDAP configuration

562

+	if use ldap; then

563

+		sed -i -e \

564

+			's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \

565

+			"${confd}/10-auth.conf" \

566

+			|| die "failed to update ldap settings in 10-auth.conf"

567

+	fi

568

+

569

+	if use vpopmail; then

570

+		sed -i -e \

571

+			's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \

572

+			"${confd}/10-auth.conf" \

573

+			|| die "failed to update vpopmail settings in 10-auth.conf"

574

+	fi

575

+

576

+	if use sieve || use managesieve ; then

577

+		cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed"

578

+		emake DESTDIR="${ED}" install

579

+		sed -i -e \

580

+			's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \

581

+			|| die "failed to update sieve settings in 15-lda.conf"

582

+		rm -rf "${ED}"/usr/share/doc/dovecot

583

+		docinto example-config/conf.d

584

+		dodoc doc/example-config/conf.d/*.conf

585

+		insinto /etc/dovecot/conf.d

586

+		doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf

587

+		use managesieve && doins doc/example-config/conf.d/20-managesieve.conf

588

+		docinto sieve/rfc

589

+		dodoc doc/rfc/*.txt

590

+		docinto sieve/devel

591

+		dodoc doc/devel/DESIGN

592

+		docinto plugins

593

+		dodoc doc/plugins/*.txt

594

+		docinto extensions

595

+		dodoc doc/extensions/*.txt

596

+		docinto locations

597

+		dodoc doc/locations/*.txt

598

+		doman doc/man/*.{1,7}

599

+	fi

600

+

601

+	use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete

602

+}

603

+

604

+pkg_postinst() {

605

+	# Let's not make a new certificate if we already have one

606

+	if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \

607

+		-e "${ROOT}"/etc/ssl/dovecot/server.key ]];	then

608

+		einfo "Creating SSL	certificate"

609

+		SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}"

610

+		install_cert /etc/ssl/dovecot/server

611

+	fi

612

+

613

+	elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes."

614

+}

615

616

diff --git a/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch

617

new file mode 100644

618

index 00000000000..c30acf1fd6e

619

--- /dev/null

620

+++ b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch

621

@@ -0,0 +1,37 @@

622

+Upstream: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22

623

+

624

+Link: http://seclists.org/oss-sec/2018/q1/119

625

+

626

+--- a/src/lib-auth/auth-client-request.c

627

++++ b/src/lib-auth/auth-client-request.c

628

+@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request)

629

+

630

+ 	auth_client_send_cancel(request->conn->client, request->id);

631

+ 	call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL);

632

++	/* remove the request */

633

++	auth_server_connection_remove_request(request->conn, request->id);

634

+ 	pool_unref(&request->pool);

635

+ }

636

+

637

+--- a/src/lib-auth/auth-server-connection.c

638

++++ b/src/lib-auth/auth-server-connection.c

639

+@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn,

640

+ 	hash_table_insert(conn->requests, POINTER_CAST(id), request);

641

+ 	return id;

642

+ }

643

++

644

++void auth_server_connection_remove_request(struct auth_server_connection *conn,

645

++					   unsigned int id)

646

++{

647

++	i_assert(conn->handshake_received);

648

++	hash_table_remove(conn->requests, POINTER_CAST(id));

649

++}

650

+--- a/src/lib-auth/auth-server-connection.h

651

++++ b/src/lib-auth/auth-server-connection.h

652

+@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn,

653

+ unsigned int

654

+ auth_server_connection_add_request(struct auth_server_connection *conn,

655

+ 				   struct auth_client_request *request);

656

++void auth_server_connection_remove_request(struct auth_server_connection *conn,

657

++					   unsigned int id);

658

+ #endif

Gentoo Archives: gentoo-commits