1 |
commit: e3acd4d22b48eca30b27ce4694e4ae1de51fba40 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Feb 1 01:18:17 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Feb 1 01:18:17 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3acd4d2 |
7 |
|
8 |
net-mail/dovecot: bump, fixup for problem caused by patch for CVE-2017-15132 |
9 |
|
10 |
Dovecot login process would crash after few minutes of idle after |
11 |
consecutive aborted logins when patch for CVE-2017-15132 was applied. |
12 |
|
13 |
Bug: https://bugs.gentoo.org/644214 |
14 |
Package-Manager: Portage-2.3.21, Repoman-2.3.6 |
15 |
|
16 |
net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild | 292 +++++++++++++++++++++ |
17 |
net-mail/dovecot/dovecot-2.3.0-r3.ebuild | 289 ++++++++++++++++++++ |
18 |
.../dovecot-2.2.33.2-CVE-2017-15132-fixup.patch | 37 +++ |
19 |
3 files changed, 618 insertions(+) |
20 |
|
21 |
diff --git a/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild b/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild |
22 |
new file mode 100644 |
23 |
index 00000000000..3ff57c442d7 |
24 |
--- /dev/null |
25 |
+++ b/net-mail/dovecot/dovecot-2.2.33.2-r2.ebuild |
26 |
@@ -0,0 +1,292 @@ |
27 |
+# Copyright 1999-2018 Gentoo Foundation |
28 |
+# Distributed under the terms of the GNU General Public License v2 |
29 |
+ |
30 |
+EAPI=6 |
31 |
+inherit ssl-cert systemd user versionator |
32 |
+ |
33 |
+MY_P="${P/_/.}" |
34 |
+major_minor="$(get_version_component_range 1-2)" |
35 |
+sieve_version="0.4.21" |
36 |
+if [[ ${PV} == *_rc* ]] ; then |
37 |
+ rc_dir="rc/" |
38 |
+else |
39 |
+ rc_dir="" |
40 |
+fi |
41 |
+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz |
42 |
+ sieve? ( |
43 |
+ https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz |
44 |
+ ) |
45 |
+ managesieve? ( |
46 |
+ https://pigeonhole.dovecot.org/releases/${major_minor}/${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz |
47 |
+ ) " |
48 |
+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind" |
49 |
+HOMEPAGE="http://www.dovecot.org/" |
50 |
+ |
51 |
+SLOT="0" |
52 |
+LICENSE="LGPL-2.1 MIT" |
53 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86" |
54 |
+ |
55 |
+IUSE_DOVECOT_AUTH="kerberos ldap mysql pam postgres sqlite vpopmail" |
56 |
+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib" |
57 |
+IUSE_DOVECOT_OTHER="caps doc ipv6 libressl lucene managesieve selinux sieve solr +ssl static-libs suid tcpd textcat" |
58 |
+ |
59 |
+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}" |
60 |
+ |
61 |
+DEPEND="bzip2? ( app-arch/bzip2 ) |
62 |
+ caps? ( sys-libs/libcap ) |
63 |
+ kerberos? ( virtual/krb5 ) |
64 |
+ ldap? ( net-nds/openldap ) |
65 |
+ lucene? ( >=dev-cpp/clucene-2.3 ) |
66 |
+ lzma? ( app-arch/xz-utils ) |
67 |
+ lz4? ( app-arch/lz4 ) |
68 |
+ mysql? ( virtual/mysql ) |
69 |
+ pam? ( virtual/pam ) |
70 |
+ postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] ) |
71 |
+ selinux? ( sec-policy/selinux-dovecot ) |
72 |
+ solr? ( net-misc/curl dev-libs/expat ) |
73 |
+ sqlite? ( dev-db/sqlite:* ) |
74 |
+ ssl? ( |
75 |
+ !libressl? ( dev-libs/openssl:0 ) |
76 |
+ libressl? ( dev-libs/libressl ) |
77 |
+ ) |
78 |
+ tcpd? ( sys-apps/tcp-wrappers ) |
79 |
+ textcat? ( app-text/libexttextcat ) |
80 |
+ vpopmail? ( net-mail/vpopmail ) |
81 |
+ zlib? ( sys-libs/zlib ) |
82 |
+ virtual/libiconv |
83 |
+ dev-libs/icu:=" |
84 |
+ |
85 |
+RDEPEND="${DEPEND} |
86 |
+ net-mail/mailbase" |
87 |
+ |
88 |
+# Dovecot does not support building without ssl. Force it for now |
89 |
+REQUIRED_USE="ssl" |
90 |
+ |
91 |
+S=${WORKDIR}/${MY_P} |
92 |
+ |
93 |
+pkg_setup() { |
94 |
+ if use managesieve && ! use sieve; then |
95 |
+ ewarn "managesieve USE flag selected but sieve USE flag unselected" |
96 |
+ ewarn "sieve USE flag will be turned on" |
97 |
+ fi |
98 |
+ # default internal user |
99 |
+ enewgroup dovecot 97 |
100 |
+ enewuser dovecot 97 -1 /dev/null dovecot |
101 |
+ # default login user |
102 |
+ enewuser dovenull -1 -1 /dev/null |
103 |
+ # add "mail" group for suid'ing. Better security isolation. |
104 |
+ if use suid; then |
105 |
+ enewgroup mail |
106 |
+ fi |
107 |
+} |
108 |
+ |
109 |
+src_prepare() { |
110 |
+ eapply -p0 "${FILESDIR}/${PN}-10-ssl.patch" |
111 |
+ eapply "${FILESDIR}/${PN}-2.2.33.2-CVE-2017-15132.patch" |
112 |
+ eapply "${FILESDIR}/${PN}-2.2.33.2-CVE-2017-15132-fixup.patch" |
113 |
+ eapply_user |
114 |
+} |
115 |
+ |
116 |
+src_configure() { |
117 |
+ local conf="" |
118 |
+ |
119 |
+ if use postgres || use mysql || use sqlite; then |
120 |
+ conf="${conf} --with-sql" |
121 |
+ fi |
122 |
+ |
123 |
+ # turn valgrind tests off. Bug #340791 |
124 |
+ VALGRIND=no econf \ |
125 |
+ --localstatedir="${EPREFIX}/var" \ |
126 |
+ --runstatedir="${EPREFIX}/run" \ |
127 |
+ --with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \ |
128 |
+ --without-stemmer \ |
129 |
+ --disable-rpath \ |
130 |
+ --with-icu \ |
131 |
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ |
132 |
+ $( use_with bzip2 bzlib ) \ |
133 |
+ $( use_with caps libcap ) \ |
134 |
+ $( use_with kerberos gssapi ) \ |
135 |
+ $( use_with ldap ) \ |
136 |
+ $( use_with lucene ) \ |
137 |
+ $( use_with lz4 ) \ |
138 |
+ $( use_with lzma ) \ |
139 |
+ $( use_with mysql ) \ |
140 |
+ $( use_with pam ) \ |
141 |
+ $( use_with postgres pgsql ) \ |
142 |
+ $( use_with sqlite ) \ |
143 |
+ $( use_with solr ) \ |
144 |
+ $( use_with ssl ) \ |
145 |
+ $( use_with tcpd libwrap ) \ |
146 |
+ $( use_with textcat ) \ |
147 |
+ $( use_with vpopmail ) \ |
148 |
+ $( use_with zlib ) \ |
149 |
+ $( use_enable static-libs static ) \ |
150 |
+ ${conf} |
151 |
+ |
152 |
+ if use sieve || use managesieve ; then |
153 |
+ # The sieve plugin needs this file to be build to determine the plugin |
154 |
+ # directory and the list of libraries to link to. |
155 |
+ emake dovecot-config |
156 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
157 |
+ econf \ |
158 |
+ $( use_enable static-libs static ) \ |
159 |
+ --localstatedir="${EPREFIX}/var" \ |
160 |
+ --enable-shared \ |
161 |
+ --with-dovecot="../${MY_P}" \ |
162 |
+ $( use_with managesieve ) |
163 |
+ fi |
164 |
+} |
165 |
+ |
166 |
+src_compile() { |
167 |
+ default |
168 |
+ if use sieve || use managesieve ; then |
169 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
170 |
+ emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" |
171 |
+ fi |
172 |
+} |
173 |
+ |
174 |
+src_test() { |
175 |
+ default |
176 |
+ if use sieve || use managesieve ; then |
177 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
178 |
+ default |
179 |
+ fi |
180 |
+} |
181 |
+ |
182 |
+src_install () { |
183 |
+ default |
184 |
+ |
185 |
+ # insecure: |
186 |
+ # use suid && fperms u+s /usr/libexec/dovecot/deliver |
187 |
+ # better: |
188 |
+ if use suid;then |
189 |
+ einfo "Changing perms to allow deliver to be suided" |
190 |
+ fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda" |
191 |
+ fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda" |
192 |
+ fi |
193 |
+ |
194 |
+ newinitd "${FILESDIR}"/dovecot.init-r4 dovecot |
195 |
+ |
196 |
+ rm -rf "${ED}"/usr/share/doc/dovecot |
197 |
+ |
198 |
+ dodoc AUTHORS NEWS README TODO |
199 |
+ dodoc doc/*.{txt,cnf,xml,sh} |
200 |
+ docinto example-config |
201 |
+ dodoc doc/example-config/*.{conf,ext} |
202 |
+ docinto example-config/conf.d |
203 |
+ dodoc doc/example-config/conf.d/*.{conf,ext} |
204 |
+ docinto wiki |
205 |
+ dodoc doc/wiki/* |
206 |
+ doman doc/man/*.{1,7} |
207 |
+ |
208 |
+ # Create the dovecot.conf file from the dovecot-example.conf file that |
209 |
+ # the dovecot folks nicely left for us.... |
210 |
+ local conf="${ED}/etc/dovecot/dovecot.conf" |
211 |
+ local confd="${ED}/etc/dovecot/conf.d" |
212 |
+ |
213 |
+ insinto /etc/dovecot |
214 |
+ doins doc/example-config/*.{conf,ext} |
215 |
+ insinto /etc/dovecot/conf.d |
216 |
+ doins doc/example-config/conf.d/*.{conf,ext} |
217 |
+ fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext |
218 |
+ rm -f "${confd}/../README" |
219 |
+ |
220 |
+ # .maildir is the Gentoo default |
221 |
+ local mail_location="maildir:~/.maildir" |
222 |
+ sed -i -e \ |
223 |
+ "s|#mail_location =|mail_location = ${mail_location}|" \ |
224 |
+ "${confd}/10-mail.conf" \ |
225 |
+ || die "failed to update mail location settings in 10-mail.conf" |
226 |
+ |
227 |
+ # We're using pam files (imap and pop3) provided by mailbase |
228 |
+ if use pam; then |
229 |
+ sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \ |
230 |
+ "${confd}/auth-system.conf.ext" \ |
231 |
+ || die "failed to update PAM settings in auth-system.conf.ext" |
232 |
+ # mailbase does not provide a sieve pam file |
233 |
+ use managesieve && dosym imap /etc/pam.d/sieve |
234 |
+ sed -i -e \ |
235 |
+ 's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \ |
236 |
+ "${confd}/10-auth.conf" \ |
237 |
+ || die "failed to update PAM settings in 10-auth.conf" |
238 |
+ fi |
239 |
+ |
240 |
+ # Disable ipv6 if necessary |
241 |
+ if ! use ipv6; then |
242 |
+ sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \ |
243 |
+ || die "failed to update listen settings in dovecot.conf" |
244 |
+ fi |
245 |
+ |
246 |
+ # Update ssl cert locations |
247 |
+ if use ssl; then |
248 |
+ sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \ |
249 |
+ || die "ssl conf failed" |
250 |
+ sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \ |
251 |
+ -e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \ |
252 |
+ "${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf" |
253 |
+ fi |
254 |
+ |
255 |
+ # Install SQL configuration |
256 |
+ if use mysql || use postgres; then |
257 |
+ sed -i -e \ |
258 |
+ 's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \ |
259 |
+ "${confd}/10-auth.conf" || die "failed to update SQL settings in \ |
260 |
+ 10-auth.conf" |
261 |
+ fi |
262 |
+ |
263 |
+ # Install LDAP configuration |
264 |
+ if use ldap; then |
265 |
+ sed -i -e \ |
266 |
+ 's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \ |
267 |
+ "${confd}/10-auth.conf" \ |
268 |
+ || die "failed to update ldap settings in 10-auth.conf" |
269 |
+ fi |
270 |
+ |
271 |
+ if use vpopmail; then |
272 |
+ sed -i -e \ |
273 |
+ 's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \ |
274 |
+ "${confd}/10-auth.conf" \ |
275 |
+ || die "failed to update vpopmail settings in 10-auth.conf" |
276 |
+ fi |
277 |
+ |
278 |
+ if use sieve || use managesieve ; then |
279 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
280 |
+ emake DESTDIR="${ED}" install |
281 |
+ sed -i -e \ |
282 |
+ 's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \ |
283 |
+ || die "failed to update sieve settings in 15-lda.conf" |
284 |
+ rm -rf "${ED}"/usr/share/doc/dovecot |
285 |
+ docinto example-config/conf.d |
286 |
+ dodoc doc/example-config/conf.d/*.conf |
287 |
+ insinto /etc/dovecot/conf.d |
288 |
+ doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf |
289 |
+ use managesieve && doins doc/example-config/conf.d/20-managesieve.conf |
290 |
+ docinto sieve/rfc |
291 |
+ dodoc doc/rfc/*.txt |
292 |
+ docinto sieve/devel |
293 |
+ dodoc doc/devel/DESIGN |
294 |
+ docinto plugins |
295 |
+ dodoc doc/plugins/*.txt |
296 |
+ docinto extensions |
297 |
+ dodoc doc/extensions/*.txt |
298 |
+ docinto locations |
299 |
+ dodoc doc/locations/*.txt |
300 |
+ doman doc/man/*.{1,7} |
301 |
+ fi |
302 |
+ |
303 |
+ use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete |
304 |
+} |
305 |
+ |
306 |
+pkg_postinst() { |
307 |
+ if use ssl; then |
308 |
+ # Let's not make a new certificate if we already have one |
309 |
+ if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \ |
310 |
+ -e "${ROOT}"/etc/ssl/dovecot/server.key ]]; then |
311 |
+ einfo "Creating SSL certificate" |
312 |
+ SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}" |
313 |
+ install_cert /etc/ssl/dovecot/server |
314 |
+ fi |
315 |
+ fi |
316 |
+ |
317 |
+ elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes." |
318 |
+} |
319 |
|
320 |
diff --git a/net-mail/dovecot/dovecot-2.3.0-r3.ebuild b/net-mail/dovecot/dovecot-2.3.0-r3.ebuild |
321 |
new file mode 100644 |
322 |
index 00000000000..df9749698c3 |
323 |
--- /dev/null |
324 |
+++ b/net-mail/dovecot/dovecot-2.3.0-r3.ebuild |
325 |
@@ -0,0 +1,289 @@ |
326 |
+# Copyright 1999-2018 Gentoo Foundation |
327 |
+# Distributed under the terms of the GNU General Public License v2 |
328 |
+ |
329 |
+EAPI=6 |
330 |
+# do not add a ssl USE flag. ssl is mandatory |
331 |
+SSL_DEPS_SKIP=1 |
332 |
+inherit ssl-cert systemd user versionator |
333 |
+ |
334 |
+MY_P="${P/_/.}" |
335 |
+MY_S="${PN}-ce-${PV}" |
336 |
+major_minor="$(get_version_component_range 1-2)" |
337 |
+sieve_version="0.5.0.1" |
338 |
+if [[ ${PV} == *_rc* ]] ; then |
339 |
+ rc_dir="rc/" |
340 |
+else |
341 |
+ rc_dir="" |
342 |
+fi |
343 |
+SRC_URI="https://dovecot.org/releases/${major_minor}/${rc_dir}${MY_P}.tar.gz |
344 |
+ sieve? ( |
345 |
+ https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz |
346 |
+ ) |
347 |
+ managesieve? ( |
348 |
+ https://pigeonhole.dovecot.org/releases/${major_minor}/${rc_dir}${PN}-${major_minor}-pigeonhole-${sieve_version}.tar.gz |
349 |
+ ) " |
350 |
+DESCRIPTION="An IMAP and POP3 server written with security primarily in mind" |
351 |
+HOMEPAGE="http://www.dovecot.org/" |
352 |
+ |
353 |
+SLOT="0" |
354 |
+LICENSE="LGPL-2.1 MIT" |
355 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86" |
356 |
+ |
357 |
+IUSE_DOVECOT_AUTH="kerberos ldap lua mysql pam postgres sqlite vpopmail" |
358 |
+IUSE_DOVECOT_COMPRESS="bzip2 lzma lz4 zlib" |
359 |
+IUSE_DOVECOT_OTHER="argon2 caps doc ipv6 libressl lucene managesieve selinux sieve solr static-libs suid tcpd textcat" |
360 |
+ |
361 |
+IUSE="${IUSE_DOVECOT_AUTH} ${IUSE_DOVECOT_STORAGE} ${IUSE_DOVECOT_COMPRESS} ${IUSE_DOVECOT_OTHER}" |
362 |
+ |
363 |
+DEPEND="argon2? ( dev-libs/libsodium ) |
364 |
+ bzip2? ( app-arch/bzip2 ) |
365 |
+ caps? ( sys-libs/libcap ) |
366 |
+ kerberos? ( virtual/krb5 ) |
367 |
+ ldap? ( net-nds/openldap ) |
368 |
+ lua? ( dev-lang/lua:* ) |
369 |
+ lucene? ( >=dev-cpp/clucene-2.3 ) |
370 |
+ lzma? ( app-arch/xz-utils ) |
371 |
+ lz4? ( app-arch/lz4 ) |
372 |
+ mysql? ( virtual/mysql ) |
373 |
+ pam? ( virtual/pam ) |
374 |
+ postgres? ( dev-db/postgresql:* !dev-db/postgresql[ldap,threads] ) |
375 |
+ selinux? ( sec-policy/selinux-dovecot ) |
376 |
+ solr? ( net-misc/curl dev-libs/expat ) |
377 |
+ sqlite? ( dev-db/sqlite:* ) |
378 |
+ !libressl? ( dev-libs/openssl:0 ) |
379 |
+ libressl? ( dev-libs/libressl ) |
380 |
+ tcpd? ( sys-apps/tcp-wrappers ) |
381 |
+ textcat? ( app-text/libexttextcat ) |
382 |
+ vpopmail? ( net-mail/vpopmail ) |
383 |
+ zlib? ( sys-libs/zlib ) |
384 |
+ virtual/libiconv |
385 |
+ dev-libs/icu:=" |
386 |
+ |
387 |
+RDEPEND="${DEPEND} |
388 |
+ net-mail/mailbase" |
389 |
+ |
390 |
+PATCHES=( |
391 |
+ "${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132.patch |
392 |
+ "${FILESDIR}"/${PN}-2.2.33.2-CVE-2017-15132-fixup.patch |
393 |
+) |
394 |
+ |
395 |
+S=${WORKDIR}/${MY_S} |
396 |
+ |
397 |
+pkg_setup() { |
398 |
+ if use managesieve && ! use sieve; then |
399 |
+ ewarn "managesieve USE flag selected but sieve USE flag unselected" |
400 |
+ ewarn "sieve USE flag will be turned on" |
401 |
+ fi |
402 |
+ # default internal user |
403 |
+ enewgroup dovecot 97 |
404 |
+ enewuser dovecot 97 -1 /dev/null dovecot |
405 |
+ # default login user |
406 |
+ enewuser dovenull -1 -1 /dev/null |
407 |
+ # add "mail" group for suid'ing. Better security isolation. |
408 |
+ if use suid; then |
409 |
+ enewgroup mail |
410 |
+ fi |
411 |
+} |
412 |
+ |
413 |
+src_configure() { |
414 |
+ local conf="" |
415 |
+ |
416 |
+ if use postgres || use mysql || use sqlite; then |
417 |
+ conf="${conf} --with-sql" |
418 |
+ fi |
419 |
+ |
420 |
+ # turn valgrind tests off. Bug #340791 |
421 |
+ VALGRIND=no econf \ |
422 |
+ --with-rundir="${EPREFIX}/run/dovecot" \ |
423 |
+ --with-statedir="${EPREFIX}/var/lib/dovecot" \ |
424 |
+ --with-moduledir="${EPREFIX}/usr/$(get_libdir)/dovecot" \ |
425 |
+ --without-stemmer \ |
426 |
+ --disable-rpath \ |
427 |
+ --without-libbsd \ |
428 |
+ --with-icu \ |
429 |
+ --with-ssl \ |
430 |
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \ |
431 |
+ $( use_with argon2 sodium ) \ |
432 |
+ $( use_with bzip2 bzlib ) \ |
433 |
+ $( use_with caps libcap ) \ |
434 |
+ $( use_with kerberos gssapi ) \ |
435 |
+ $( use_with lua ) \ |
436 |
+ $( use_with ldap ) \ |
437 |
+ $( use_with lucene ) \ |
438 |
+ $( use_with lz4 ) \ |
439 |
+ $( use_with lzma ) \ |
440 |
+ $( use_with mysql ) \ |
441 |
+ $( use_with pam ) \ |
442 |
+ $( use_with postgres pgsql ) \ |
443 |
+ $( use_with sqlite ) \ |
444 |
+ $( use_with solr ) \ |
445 |
+ $( use_with tcpd libwrap ) \ |
446 |
+ $( use_with textcat ) \ |
447 |
+ $( use_with vpopmail ) \ |
448 |
+ $( use_with zlib ) \ |
449 |
+ $( use_enable static-libs static ) \ |
450 |
+ ${conf} |
451 |
+ |
452 |
+ if use sieve || use managesieve ; then |
453 |
+ # The sieve plugin needs this file to be build to determine the plugin |
454 |
+ # directory and the list of libraries to link to. |
455 |
+ emake dovecot-config |
456 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
457 |
+ econf \ |
458 |
+ $( use_enable static-libs static ) \ |
459 |
+ --localstatedir="${EPREFIX}/var" \ |
460 |
+ --enable-shared \ |
461 |
+ --with-dovecot="../${MY_S}" \ |
462 |
+ $( use_with managesieve ) |
463 |
+ fi |
464 |
+} |
465 |
+ |
466 |
+src_compile() { |
467 |
+ default |
468 |
+ if use sieve || use managesieve ; then |
469 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
470 |
+ emake CC="$(tc-getCC)" CFLAGS="${CFLAGS}" |
471 |
+ fi |
472 |
+} |
473 |
+ |
474 |
+src_test() { |
475 |
+ default |
476 |
+ if use sieve || use managesieve ; then |
477 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
478 |
+ default |
479 |
+ fi |
480 |
+} |
481 |
+ |
482 |
+src_install () { |
483 |
+ default |
484 |
+ |
485 |
+ # insecure: |
486 |
+ # use suid && fperms u+s /usr/libexec/dovecot/deliver |
487 |
+ # better: |
488 |
+ if use suid;then |
489 |
+ einfo "Changing perms to allow deliver to be suided" |
490 |
+ fowners root:mail "${EPREFIX}/usr/libexec/dovecot/dovecot-lda" |
491 |
+ fperms 4750 "${EPREFIX}/usr/libexec/dovecot/dovecot-lda" |
492 |
+ fi |
493 |
+ |
494 |
+ newinitd "${FILESDIR}"/dovecot.init-r4 dovecot |
495 |
+ |
496 |
+ rm -rf "${ED}"/usr/share/doc/dovecot |
497 |
+ |
498 |
+ dodoc AUTHORS NEWS README TODO |
499 |
+ dodoc doc/*.{txt,cnf,xml,sh} |
500 |
+ docinto example-config |
501 |
+ dodoc doc/example-config/*.{conf,ext} |
502 |
+ docinto example-config/conf.d |
503 |
+ dodoc doc/example-config/conf.d/*.{conf,ext} |
504 |
+ docinto wiki |
505 |
+ dodoc doc/wiki/* |
506 |
+ doman doc/man/*.{1,7} |
507 |
+ |
508 |
+ # Create the dovecot.conf file from the dovecot-example.conf file that |
509 |
+ # the dovecot folks nicely left for us.... |
510 |
+ local conf="${ED}/etc/dovecot/dovecot.conf" |
511 |
+ local confd="${ED}/etc/dovecot/conf.d" |
512 |
+ |
513 |
+ insinto /etc/dovecot |
514 |
+ doins doc/example-config/*.{conf,ext} |
515 |
+ insinto /etc/dovecot/conf.d |
516 |
+ doins doc/example-config/conf.d/*.{conf,ext} |
517 |
+ fperms 0600 "${EPREFIX}"/etc/dovecot/dovecot-{ldap,sql}.conf.ext |
518 |
+ rm -f "${confd}/../README" |
519 |
+ |
520 |
+ # .maildir is the Gentoo default |
521 |
+ local mail_location="maildir:~/.maildir" |
522 |
+ sed -i -e \ |
523 |
+ "s|#mail_location =|mail_location = ${mail_location}|" \ |
524 |
+ "${confd}/10-mail.conf" \ |
525 |
+ || die "failed to update mail location settings in 10-mail.conf" |
526 |
+ |
527 |
+ # We're using pam files (imap and pop3) provided by mailbase |
528 |
+ if use pam; then |
529 |
+ sed -i -e '/driver = pam/,/^[ \t]*}/ s|#args = dovecot|args = "\*"|' \ |
530 |
+ "${confd}/auth-system.conf.ext" \ |
531 |
+ || die "failed to update PAM settings in auth-system.conf.ext" |
532 |
+ # mailbase does not provide a sieve pam file |
533 |
+ use managesieve && dosym imap /etc/pam.d/sieve |
534 |
+ sed -i -e \ |
535 |
+ 's/#!include auth-system.conf.ext/!include auth-system.conf.ext/' \ |
536 |
+ "${confd}/10-auth.conf" \ |
537 |
+ || die "failed to update PAM settings in 10-auth.conf" |
538 |
+ fi |
539 |
+ |
540 |
+ # Disable ipv6 if necessary |
541 |
+ if ! use ipv6; then |
542 |
+ sed -i -e 's/^#listen = \*, ::/listen = \*/g' "${conf}" \ |
543 |
+ || die "failed to update listen settings in dovecot.conf" |
544 |
+ fi |
545 |
+ |
546 |
+ # Update ssl cert locations |
547 |
+ sed -i -e 's:^#ssl = yes:ssl = yes:' "${confd}/10-ssl.conf" \ |
548 |
+ || die "ssl conf failed" |
549 |
+ sed -i -e 's:^ssl_cert =.*:ssl_cert = </etc/ssl/dovecot/server.pem:' \ |
550 |
+ -e 's:^ssl_key =.*:ssl_key = </etc/ssl/dovecot/server.key:' \ |
551 |
+ "${confd}/10-ssl.conf" || die "failed to update SSL settings in 10-ssl.conf" |
552 |
+ |
553 |
+ # Install SQL configuration |
554 |
+ if use mysql || use postgres; then |
555 |
+ sed -i -e \ |
556 |
+ 's/#!include auth-sql.conf.ext/!include auth-sql.conf.ext/' \ |
557 |
+ "${confd}/10-auth.conf" || die "failed to update SQL settings in \ |
558 |
+ 10-auth.conf" |
559 |
+ fi |
560 |
+ |
561 |
+ # Install LDAP configuration |
562 |
+ if use ldap; then |
563 |
+ sed -i -e \ |
564 |
+ 's/#!include auth-ldap.conf.ext/!include auth-ldap.conf.ext/' \ |
565 |
+ "${confd}/10-auth.conf" \ |
566 |
+ || die "failed to update ldap settings in 10-auth.conf" |
567 |
+ fi |
568 |
+ |
569 |
+ if use vpopmail; then |
570 |
+ sed -i -e \ |
571 |
+ 's/#!include auth-vpopmail.conf.ext/!include auth-vpopmail.conf.ext/' \ |
572 |
+ "${confd}/10-auth.conf" \ |
573 |
+ || die "failed to update vpopmail settings in 10-auth.conf" |
574 |
+ fi |
575 |
+ |
576 |
+ if use sieve || use managesieve ; then |
577 |
+ cd "../dovecot-${major_minor}-pigeonhole-${sieve_version}" || die "cd failed" |
578 |
+ emake DESTDIR="${ED}" install |
579 |
+ sed -i -e \ |
580 |
+ 's/^[[:space:]]*#mail_plugins = $mail_plugins/mail_plugins = sieve/' "${confd}/15-lda.conf" \ |
581 |
+ || die "failed to update sieve settings in 15-lda.conf" |
582 |
+ rm -rf "${ED}"/usr/share/doc/dovecot |
583 |
+ docinto example-config/conf.d |
584 |
+ dodoc doc/example-config/conf.d/*.conf |
585 |
+ insinto /etc/dovecot/conf.d |
586 |
+ doins doc/example-config/conf.d/90-sieve{,-extprograms}.conf |
587 |
+ use managesieve && doins doc/example-config/conf.d/20-managesieve.conf |
588 |
+ docinto sieve/rfc |
589 |
+ dodoc doc/rfc/*.txt |
590 |
+ docinto sieve/devel |
591 |
+ dodoc doc/devel/DESIGN |
592 |
+ docinto plugins |
593 |
+ dodoc doc/plugins/*.txt |
594 |
+ docinto extensions |
595 |
+ dodoc doc/extensions/*.txt |
596 |
+ docinto locations |
597 |
+ dodoc doc/locations/*.txt |
598 |
+ doman doc/man/*.{1,7} |
599 |
+ fi |
600 |
+ |
601 |
+ use static-libs || find "${ED}"/usr/lib* -name '*.la' -delete |
602 |
+} |
603 |
+ |
604 |
+pkg_postinst() { |
605 |
+ # Let's not make a new certificate if we already have one |
606 |
+ if ! [[ -e "${ROOT}"/etc/ssl/dovecot/server.pem && \ |
607 |
+ -e "${ROOT}"/etc/ssl/dovecot/server.key ]]; then |
608 |
+ einfo "Creating SSL certificate" |
609 |
+ SSL_ORGANIZATION="${SSL_ORGANIZATION:-Dovecot IMAP Server}" |
610 |
+ install_cert /etc/ssl/dovecot/server |
611 |
+ fi |
612 |
+ |
613 |
+ elog "Please read http://wiki2.dovecot.org/Upgrading/ for upgrade notes." |
614 |
+} |
615 |
|
616 |
diff --git a/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch |
617 |
new file mode 100644 |
618 |
index 00000000000..c30acf1fd6e |
619 |
--- /dev/null |
620 |
+++ b/net-mail/dovecot/files/dovecot-2.2.33.2-CVE-2017-15132-fixup.patch |
621 |
@@ -0,0 +1,37 @@ |
622 |
+Upstream: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22 |
623 |
+ |
624 |
+Link: http://seclists.org/oss-sec/2018/q1/119 |
625 |
+ |
626 |
+--- a/src/lib-auth/auth-client-request.c |
627 |
++++ b/src/lib-auth/auth-client-request.c |
628 |
+@@ -186,6 +186,8 @@ void auth_client_request_abort(struct auth_client_request **_request) |
629 |
+ |
630 |
+ auth_client_send_cancel(request->conn->client, request->id); |
631 |
+ call_callback(request, AUTH_REQUEST_STATUS_ABORT, NULL, NULL); |
632 |
++ /* remove the request */ |
633 |
++ auth_server_connection_remove_request(request->conn, request->id); |
634 |
+ pool_unref(&request->pool); |
635 |
+ } |
636 |
+ |
637 |
+--- a/src/lib-auth/auth-server-connection.c |
638 |
++++ b/src/lib-auth/auth-server-connection.c |
639 |
+@@ -483,3 +483,10 @@ auth_server_connection_add_request(struct auth_server_connection *conn, |
640 |
+ hash_table_insert(conn->requests, POINTER_CAST(id), request); |
641 |
+ return id; |
642 |
+ } |
643 |
++ |
644 |
++void auth_server_connection_remove_request(struct auth_server_connection *conn, |
645 |
++ unsigned int id) |
646 |
++{ |
647 |
++ i_assert(conn->handshake_received); |
648 |
++ hash_table_remove(conn->requests, POINTER_CAST(id)); |
649 |
++} |
650 |
+--- a/src/lib-auth/auth-server-connection.h |
651 |
++++ b/src/lib-auth/auth-server-connection.h |
652 |
+@@ -40,4 +40,6 @@ void auth_server_connection_disconnect(struct auth_server_connection *conn, |
653 |
+ unsigned int |
654 |
+ auth_server_connection_add_request(struct auth_server_connection *conn, |
655 |
+ struct auth_client_request *request); |
656 |
++void auth_server_connection_remove_request(struct auth_server_connection *conn, |
657 |
++ unsigned int id); |
658 |
+ #endif |