[gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
Date:	Mon, 19 Jun 2017 16:06:57
Message-Id:	`1497888392.81618852a1f9d12b4aeea8a85b9d0f37f81f05b9.whissi@gentoo`

1

commit:     81618852a1f9d12b4aeea8a85b9d0f37f81f05b9

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Mon Jun 19 16:06:14 2017 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Mon Jun 19 16:06:32 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81618852

7

8

mail-mta/exim: Rev bump to add patch for CVE-2017-1000369 (bug #622212)

9

10

Package-Manager: Portage-2.3.5, Repoman-2.3.2

11

12

 mail-mta/exim/exim-4.89-r1.ebuild                  | 529 +++++++++++++++++++++

13

 .../exim/files/exim-4.89-CVE-2017-1000369.patch    |  58 +++

14

 2 files changed, 587 insertions(+)

15

16

diff --git a/mail-mta/exim/exim-4.89-r1.ebuild b/mail-mta/exim/exim-4.89-r1.ebuild

17

new file mode 100644

18

index 00000000000..0d1ab8856b6

19

--- /dev/null

20

+++ b/mail-mta/exim/exim-4.89-r1.ebuild

21

@@ -0,0 +1,529 @@

22

+# Copyright 1999-2017 Gentoo Foundation

23

+# Distributed under the terms of the GNU General Public License v2

24

+

25

+EAPI="6"

26

+

27

+inherit eutils toolchain-funcs multilib pam systemd

28

+

29

+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"

30

+REQUIRED_USE="

31

+	dane? ( !gnutls )

32

+	dmarc? ( spf dkim )

33

+	pkcs11? ( gnutls )

34

+	spf? ( exiscan-acl )

35

+	srs? ( exiscan-acl )

36

+"

37

+

38

+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)"

39

+

40

+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"

41

+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2

42

+	mirror://gentoo/system_filter.exim.gz

43

+	doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"

44

+HOMEPAGE="http://www.exim.org/"

45

+

46

+SLOT="0"

47

+LICENSE="GPL-2"

48

+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"

49

+

50

+COMMON_DEPEND=">=sys-apps/sed-4.0.5

51

+	>=sys-libs/db-3.2:=

52

+	dev-libs/libpcre

53

+	perl? ( dev-lang/perl:= )

54

+	pam? ( virtual/pam )

55

+	tcpd? ( sys-apps/tcp-wrappers )

56

+	ssl? (

57

+		!libressl? ( dev-libs/openssl:0= )

58

+		libressl? ( dev-libs/libressl:= )

59

+	)

60

+	gnutls? ( net-libs/gnutls[pkcs11?]

61

+			  dev-libs/libtasn1 )

62

+	ldap? ( >=net-nds/openldap-2.0.7 )

63

+	nis? ( elibc_glibc? ( || (

64

+		<sys-libs/glibc-2.23

65

+		>=sys-libs/glibc-2.23[rpc]

66

+	) ) )

67

+	mysql? ( virtual/libmysqlclient )

68

+	postgres? ( dev-db/postgresql:= )

69

+	sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )

70

+	redis? ( dev-libs/hiredis )

71

+	spf? ( >=mail-filter/libspf2-1.2.5-r1 )

72

+	dmarc? ( mail-filter/opendmarc )

73

+	srs? ( mail-filter/libsrs_alt )

74

+	X? ( x11-proto/xproto

75

+		x11-libs/libX11

76

+		x11-libs/libXmu

77

+		x11-libs/libXt

78

+		x11-libs/libXaw

79

+	)

80

+	sqlite? ( dev-db/sqlite )

81

+	radius? ( net-dialup/freeradius-client )

82

+	virtual/libiconv

83

+	"

84

+	# added X check for #57206

85

+DEPEND="${COMMON_DEPEND}

86

+	virtual/pkgconfig"

87

+RDEPEND="${COMMON_DEPEND}

88

+	!mail-mta/courier

89

+	!mail-mta/esmtp

90

+	!mail-mta/mini-qmail

91

+	!<mail-mta/msmtp-1.4.19-r1

92

+	!>=mail-mta/msmtp-1.4.19-r1[mta]

93

+	!mail-mta/netqmail

94

+	!mail-mta/nullmailer

95

+	!mail-mta/postfix

96

+	!mail-mta/qmail-ldap

97

+	!mail-mta/sendmail

98

+	!mail-mta/opensmtpd

99

+	!<mail-mta/ssmtp-2.64-r2

100

+	!>=mail-mta/ssmtp-2.64-r2[mta]

101

+	!net-mail/mailwrapper

102

+	>=net-mail/mailbase-0.00-r5

103

+	virtual/logger

104

+	dcc? ( mail-filter/dcc )

105

+	selinux? ( sec-policy/selinux-exim )

106

+	"

107

+

108

+S=${WORKDIR}/${P//rc/RC}

109

+

110

+src_prepare() {

111

+	epatch "${FILESDIR}"/exim-4.14-tail.patch

112

+	epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch

113

+	epatch "${FILESDIR}"/exim-4.69-r1.27021.patch

114

+	epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426

115

+	epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785

116

+	epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279

117

+	epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591

118

+	epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212

119

+

120

+	if use maildir ; then

121

+		epatch "${FILESDIR}"/exim-4.20-maildir.patch

122

+	else

123

+		epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606

124

+	fi

125

+

126

+	eapply_user

127

+

128

+	# user Exim believes it should be

129

+	MAILUSER=mail

130

+	MAILGROUP=mail

131

+	if use prefix && [[ ${EUID} != 0 ]] ; then

132

+		MAILUSER=$(id -un)

133

+		MAILGROUP=$(id -gn)

134

+	fi

135

+}

136

+

137

+src_configure() {

138

+	# general config and paths

139

+

140

+	sed -i.orig \

141

+		-e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \

142

+		"${S}"/src/configure.default || die

143

+

144

+	sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die

145

+

146

+	sed -e "48i\CFLAGS=${CFLAGS}" \

147

+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \

148

+		-e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \

149

+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \

150

+		-e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \

151

+		-e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \

152

+		src/EDITME > Local/Makefile

153

+

154

+	if use elibc_musl; then

155

+		sed -e 's/^LIBS = -lnsl/LIBS =/g' \

156

+		-i OS/Makefile-Linux

157

+	fi

158

+

159

+	cd Local

160

+

161

+	cat >> Makefile <<- EOC

162

+		INFO_DIRECTORY=${EPREFIX}/usr/share/info

163

+		PID_FILE_PATH=${EPREFIX}/run/exim.pid

164

+		SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim

165

+		HAVE_ICONV=yes

166

+	EOC

167

+

168

+	# if we use libiconv, now is the time to tell so

169

+	use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile

170

+

171

+	# support for IPv6

172

+	if use ipv6; then

173

+		cat >> Makefile <<- EOC

174

+			HAVE_IPV6=YES

175

+		EOC

176

+	fi

177

+

178

+	#

179

+	# mail storage formats

180

+

181

+	# mailstore is Exim's traditional storage format

182

+	cat >> Makefile <<- EOC

183

+		SUPPORT_MAILSTORE=yes

184

+	EOC

185

+

186

+	# mbox

187

+	if use mbx; then

188

+		cat >> Makefile <<- EOC

189

+			SUPPORT_MBX=yes

190

+		EOC

191

+	fi

192

+

193

+	# maildir

194

+	if use maildir; then

195

+		cat >> Makefile <<- EOC

196

+			SUPPORT_MAILDIR=yes

197

+		EOC

198

+	fi

199

+

200

+	#

201

+	# lookup methods

202

+

203

+	# use the "native" interfaces to the DBM and CDB libraries, support

204

+	# passwd and directory lookups by default

205

+	cat >> Makefile <<- EOC

206

+		USE_DB=yes

207

+		DBMLIB=-ldb

208

+		LOOKUP_CDB=yes

209

+		LOOKUP_PASSWD=yes

210

+		LOOKUP_DSEARCH=yes

211

+	EOC

212

+

213

+	if ! use dnsdb; then

214

+		# DNSDB lookup is enabled by default

215

+		sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile

216

+	fi

217

+

218

+	if use ldap; then

219

+		cat >> Makefile <<- EOC

220

+			LOOKUP_LDAP=yes

221

+			LDAP_LIB_TYPE=OPENLDAP2

222

+			LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap

223

+			LOOKUP_LIBS += -lldap -llber

224

+		EOC

225

+	fi

226

+

227

+	if use mysql; then

228

+		cat >> Makefile <<- EOC

229

+			LOOKUP_MYSQL=yes

230

+			LOOKUP_INCLUDE += $(mysql_config --include)

231

+			LOOKUP_LIBS += $(mysql_config --libs)

232

+		EOC

233

+	fi

234

+

235

+	if use nis; then

236

+		cat >> Makefile <<- EOC

237

+			LOOKUP_NIS=yes

238

+			LOOKUP_NISPLUS=yes

239

+		EOC

240

+	fi

241

+

242

+	if use postgres; then

243

+		cat >> Makefile <<- EOC

244

+			LOOKUP_PGSQL=yes

245

+			LOOKUP_INCLUDE += -I$(pg_config --includedir)

246

+			LOOKUP_LIBS += -L$(pg_config --libdir) -lpq

247

+		EOC

248

+	fi

249

+

250

+	if use sqlite; then

251

+		cat >> Makefile <<- EOC

252

+			LOOKUP_SQLITE=yes

253

+			LOOKUP_SQLITE_PC=sqlite3

254

+		EOC

255

+	fi

256

+

257

+	if use redis; then

258

+		cat >> Makefile <<- EOC

259

+			LOOKUP_REDIS=yes

260

+			LOOKUP_LIBS += -lhiredis

261

+		EOC

262

+	fi

263

+

264

+	#

265

+	# Exim monitor, enabled by default, controlled via X USE-flag,

266

+	# disable if not requested, bug #46778

267

+	if use X; then

268

+		cp ../exim_monitor/EDITME eximon.conf || die

269

+	else

270

+		sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile

271

+	fi

272

+

273

+	#

274

+	# features

275

+

276

+	# content scanning support

277

+	if use exiscan-acl; then

278

+		cat >> Makefile <<- EOC

279

+			WITH_CONTENT_SCAN=yes

280

+			WITH_OLD_DEMIME=yes

281

+		EOC

282

+	fi

283

+

284

+	# DomainKeys Identified Mail, RFC4871

285

+	if ! use dkim; then

286

+		# DKIM is enabled by default

287

+		cat >> Makefile <<- EOC

288

+			DISABLE_DKIM=yes

289

+		EOC

290

+	fi

291

+

292

+	# Per-Recipient-Data-Response

293

+	if ! use prdr; then

294

+		# PRDR is enabled by default

295

+		cat >> Makefile <<- EOC

296

+			DISABLE_PRDR=yes

297

+		EOC

298

+	fi

299

+

300

+	# log to syslog

301

+	if use syslog; then

302

+		sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile

303

+		cat >> Makefile <<- EOC

304

+			LOG_FILE_PATH=syslog

305

+		EOC

306

+	else

307

+		cat >> Makefile <<- EOC

308

+			LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log

309

+		EOC

310

+	fi

311

+

312

+	# starttls support (ssl)

313

+	if use ssl; then

314

+		echo "SUPPORT_TLS=yes" >> Makefile

315

+		if use gnutls; then

316

+			echo "USE_GNUTLS=yes" >> Makefile

317

+			echo "USE_GNUTLS_PC=gnutls" >> Makefile

318

+			use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile

319

+		else

320

+			echo "USE_OPENSSL_PC=openssl" >> Makefile

321

+		fi

322

+	fi

323

+

324

+	# TCP wrappers

325

+	if use tcpd; then

326

+		cat >> Makefile <<- EOC

327

+			USE_TCP_WRAPPERS=yes

328

+			EXTRALIBS_EXIM += -lwrap

329

+		EOC

330

+	fi

331

+

332

+	# Light Mail Transport Protocol

333

+	if use lmtp; then

334

+		cat >> Makefile <<- EOC

335

+			TRANSPORT_LMTP=yes

336

+		EOC

337

+	fi

338

+

339

+	# embedded Perl

340

+	if use perl; then

341

+		cat >> Makefile <<- EOC

342

+			EXIM_PERL=perl.o

343

+		EOC

344

+	fi

345

+

346

+	# dlfunc

347

+	if use dlfunc; then

348

+		cat >> Makefile <<- EOC

349

+			EXPAND_DLFUNC=yes

350

+		EOC

351

+	fi

352

+

353

+	#

354

+	# experimental features

355

+

356

+	# DANE

357

+	if use dane; then

358

+		cat >> Makefile <<- EOC

359

+			EXPERIMENTAL_DANE=yes

360

+		EOC

361

+	fi

362

+

363

+	# Distributed Checksum Clearinghouse

364

+	if use dcc; then

365

+		echo "EXPERIMENTAL_DCC=yes">> Makefile

366

+	fi

367

+

368

+	# Sender Policy Framework

369

+	if use spf; then

370

+		cat >> Makefile <<- EOC

371

+			EXPERIMENTAL_SPF=yes

372

+			EXTRALIBS_EXIM += -lspf2

373

+		EOC

374

+	fi

375

+

376

+	# Sender Rewriting Scheme

377

+	if use srs; then

378

+		cat >> Makefile <<- EOC

379

+			EXPERIMENTAL_SRS=yes

380

+			EXTRALIBS_EXIM += -lsrs_alt

381

+		EOC

382

+	fi

383

+

384

+	# DMARC

385

+	if use dmarc; then

386

+		cat >> Makefile <<- EOC

387

+			EXPERIMENTAL_DMARC=yes

388

+			EXTRALIBS_EXIM += -lopendmarc

389

+		EOC

390

+	fi

391

+

392

+	# Transport post-delivery actions

393

+	if use tpda; then

394

+		cat >> Makefile <<- EOC

395

+			EXPERIMENTAL_EVENT=yes

396

+		EOC

397

+	fi

398

+

399

+	# Proxy Protocol

400

+	if use proxy; then

401

+		cat >> Makefile <<- EOC

402

+			EXPERIMENTAL_PROXY=yes

403

+		EOC

404

+	fi

405

+

406

+	# Delivery Sender Notifications

407

+	if use dsn; then

408

+		cat >> Makefile <<- EOC

409

+			EXPERIMENTAL_DSN=yes

410

+		EOC

411

+	fi

412

+

413

+	#

414

+	# authentication (SMTP AUTH)

415

+

416

+	# standard bits

417

+	cat >> Makefile <<- EOC

418

+		AUTH_SPA=yes

419

+		AUTH_CRAM_MD5=yes

420

+		AUTH_PLAINTEXT=yes

421

+	EOC

422

+

423

+	# Cyrus SASL

424

+	if use sasl; then

425

+		cat >> Makefile <<- EOC

426

+			CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux

427

+			AUTH_CYRUS_SASL=yes

428

+			AUTH_LIBS += -lsasl2

429

+		EOC

430

+	fi

431

+

432

+	# Dovecot

433

+	if use dovecot-sasl; then

434

+		cat >> Makefile <<- EOC

435

+			AUTH_DOVECOT=yes

436

+		EOC

437

+	fi

438

+

439

+	# Pluggable Authentication Modules

440

+	if use pam; then

441

+		cat >> Makefile <<- EOC

442

+			SUPPORT_PAM=yes

443

+			AUTH_LIBS += -lpam

444

+		EOC

445

+	fi

446

+

447

+	# Radius

448

+	if use radius; then

449

+		cat >> Makefile <<- EOC

450

+			RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf

451

+			RADIUS_LIB_TYPE=RADIUSCLIENTNEW

452

+			AUTH_LIBS += -lfreeradius-client

453

+		EOC

454

+	fi

455

+}

456

+

457

+src_compile() {

458

+	emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \

459

+		AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \

460

+		|| die "make failed"

461

+}

462

+

463

+src_install () {

464

+	cd "${S}"/build-exim-gentoo || die

465

+	dosbin exim

466

+	if use X; then

467

+		dosbin eximon.bin

468

+		dosbin eximon

469

+	fi

470

+	fperms 4755 /usr/sbin/exim

471

+

472

+	dosym exim /usr/sbin/sendmail

473

+	dosym exim /usr/sbin/rsmtp

474

+	dosym exim /usr/sbin/rmail

475

+	dosym /usr/sbin/exim /usr/bin/mailq

476

+	dosym /usr/sbin/exim /usr/bin/newaliases

477

+	dosym /usr/sbin/sendmail /usr/lib/sendmail

478

+

479

+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \

480

+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \

481

+		convert4r3 convert4r4 exipick

482

+	do

483

+		dosbin $i

484

+	done

485

+

486

+	dodoc "${S}"/doc/*

487

+	doman "${S}"/doc/exim.8

488

+	use dsn && dodoc "${S}"/README.DSN

489

+	use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf

490

+

491

+	# conf files

492

+	insinto /etc/exim

493

+	newins "${S}"/src/configure.default exim.conf.dist

494

+	if use exiscan-acl; then

495

+		newins "${S}"/src/configure.default exim.conf.exiscan-acl

496

+	fi

497

+	doins "${WORKDIR}"/system_filter.exim

498

+	doins "${FILESDIR}"/auth_conf.sub

499

+

500

+	pamd_mimic system-auth exim auth account

501

+

502

+	# headers, #436406

503

+	if use dlfunc ; then

504

+		# fixup includes so they actually can be found when including

505

+		sed -i \

506

+			-e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \

507

+			local_scan.h || die

508

+		insinto /usr/include/exim

509

+		doins {config,local_scan}.h ../src/{mytypes,store}.h

510

+	fi

511

+

512

+	insinto /etc/logrotate.d

513

+	newins "${FILESDIR}/exim.logrotate" exim

514

+

515

+	newinitd "${FILESDIR}"/exim.rc10 exim

516

+	newconfd "${FILESDIR}"/exim.confd exim

517

+

518

+	systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}

519

+	systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'

520

+	systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'

521

+

522

+	diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}

523

+	dodir /var/log/${PN}

524

+}

525

+

526

+pkg_postinst() {

527

+	if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then

528

+		einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."

529

+		einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."

530

+		einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."

531

+	fi

532

+	use dane && einfo "DANE support is experimental"

533

+	if use dcc ; then

534

+		einfo "DCC support is experimental, you can find some limited"

535

+		einfo "documentation at the bottom of this prerelease message:"

536

+		einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"

537

+	fi

538

+	use spf && einfo "SPF support is experimental"

539

+	use srs && einfo "SRS support is experimental"

540

+	if use dmarc ; then

541

+		einfo "DMARC support is experimental.  See global settings to"

542

+		einfo "configure DMARC, for usage see the documentation at "

543

+		einfo "experimental-spec.txt."

544

+	fi

545

+	use tpda && einfo "TPDA/EVENT support is experimental"

546

+	use proxy && einfo "proxy support is experimental"

547

+	use dsn && einfo "DSN support is experimental"

548

+	elog "The obsolete acl condition 'demime' is removed, the replacements"

549

+	elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"

550

+}

551

552

diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch

553

new file mode 100644

554

index 00000000000..c3d976a2b90

555

--- /dev/null

556

+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch

557

@@ -0,0 +1,58 @@

558

+CVE-2017-1000369

559

+

560

+https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21

561

+

562

+--- a/doc/exim.8

563

++++ b/doc/exim.8

564

+@@ -1350,7 +1350,7 @@ option sets the received protocol value that is stored in

565

+ or \fB\-bs\fP is used. For \fB\-bh\fP, the protocol is forced to one of the standard

566

+ SMTP protocol names. For \fB\-bs\fP, the protocol is always "local\-" followed by

567

+ one of those same names. For \fB\-bS\fP (batched SMTP) however, the protocol can

568

+-be set by \fB\-oMr\fP.

569

++be set by \fB\-oMr\fP. Repeated use of this option is not supported.

570

+ .TP 10

571

+ \fB\-oMs\fP <\fIhost name\fP>

572

+ See \fB\-oMa\fP above for general remarks about the \fB\-oM\fP options. The \fB\-oMs\fP

573

+@@ -1418,6 +1418,7 @@ host name and its colon can be omitted when only the protocol is to be set.

574

+ Note the Exim already has two private options, \fB\-pd\fP and \fB\-ps\fP, that refer

575

+ to embedded Perl. It is therefore impossible to set a protocol value of d

576

+ or s using this option (but that does not seem a real limitation).

577

++Repeated use of this option is not supported.

578

+ .TP 10

579

+ \fB\-q\fP

580

+ This option is normally restricted to admin users. However, there is a

581

+--- a/src/exim.c

582

++++ b/src/exim.c

583

+@@ -3092,7 +3092,14 @@ for (i = 1; i < argc; i++)

584

+

585

+       /* -oMr: Received protocol */

586

+

587

+-      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];

588

++      else if (Ustrcmp(argrest, "Mr") == 0)

589

++

590

++        if (received_protocol)

591

++          {

592

++          fprintf(stderr, "received_protocol is set already\n");

593

++          exit(EXIT_FAILURE);

594

++          }

595

++        else received_protocol = argv[++i];

596

+

597

+       /* -oMs: Set sender host name */

598

+

599

+@@ -3188,7 +3195,15 @@ for (i = 1; i < argc; i++)

600

+

601

+     if (*argrest != 0)

602

+       {

603

+-      uschar *hn = Ustrchr(argrest, ':');

604

++      uschar *hn;

605

++

606

++      if (received_protocol)

607

++        {

608

++        fprintf(stderr, "received_protocol is set already\n");

609

++        exit(EXIT_FAILURE);

610

++        }

611

++

612

++      hn = Ustrchr(argrest, ':');

613

+       if (hn == NULL)

614

+         {

615

+         received_protocol = argrest;

1	commit: 81618852a1f9d12b4aeea8a85b9d0f37f81f05b9
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Mon Jun 19 16:06:14 2017 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Mon Jun 19 16:06:32 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81618852
7
8	mail-mta/exim: Rev bump to add patch for CVE-2017-1000369 (bug #622212)
9
10	Package-Manager: Portage-2.3.5, Repoman-2.3.2
11
12	mail-mta/exim/exim-4.89-r1.ebuild \| 529 +++++++++++++++++++++
13	.../exim/files/exim-4.89-CVE-2017-1000369.patch \| 58 +++
14	2 files changed, 587 insertions(+)
15
16	diff --git a/mail-mta/exim/exim-4.89-r1.ebuild b/mail-mta/exim/exim-4.89-r1.ebuild
17	new file mode 100644
18	index 00000000000..0d1ab8856b6
19	--- /dev/null
20	+++ b/mail-mta/exim/exim-4.89-r1.ebuild
21	@@ -0,0 +1,529 @@
22	+# Copyright 1999-2017 Gentoo Foundation
23	+# Distributed under the terms of the GNU General Public License v2
24	+
25	+EAPI="6"
26	+
27	+inherit eutils toolchain-funcs multilib pam systemd
28	+
29	+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc"
30	+REQUIRED_USE="
31	+ dane? ( !gnutls )
32	+ dmarc? ( spf dkim )
33	+ pkcs11? ( gnutls )
34	+ spf? ( exiscan-acl )
35	+ srs? ( exiscan-acl )
36	+"
37	+
38	+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == _rc ]] && echo /test)"
39	+
40	+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
41	+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2
42	+ mirror://gentoo/system_filter.exim.gz
43	+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )"
44	+HOMEPAGE="http://www.exim.org/"
45	+
46	+SLOT="0"
47	+LICENSE="GPL-2"
48	+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris"
49	+
50	+COMMON_DEPEND=">=sys-apps/sed-4.0.5
51	+ >=sys-libs/db-3.2:=
52	+ dev-libs/libpcre
53	+ perl? ( dev-lang/perl:= )
54	+ pam? ( virtual/pam )
55	+ tcpd? ( sys-apps/tcp-wrappers )
56	+ ssl? (
57	+ !libressl? ( dev-libs/openssl:0= )
58	+ libressl? ( dev-libs/libressl:= )
59	+ )
60	+ gnutls? ( net-libs/gnutls[pkcs11?]
61	+ dev-libs/libtasn1 )
62	+ ldap? ( >=net-nds/openldap-2.0.7 )
63	+ nis? ( elibc_glibc? ( \|\| (
64	+ <sys-libs/glibc-2.23
65	+ >=sys-libs/glibc-2.23[rpc]
66	+ ) ) )
67	+ mysql? ( virtual/libmysqlclient )
68	+ postgres? ( dev-db/postgresql:= )
69	+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 )
70	+ redis? ( dev-libs/hiredis )
71	+ spf? ( >=mail-filter/libspf2-1.2.5-r1 )
72	+ dmarc? ( mail-filter/opendmarc )
73	+ srs? ( mail-filter/libsrs_alt )
74	+ X? ( x11-proto/xproto
75	+ x11-libs/libX11
76	+ x11-libs/libXmu
77	+ x11-libs/libXt
78	+ x11-libs/libXaw
79	+ )
80	+ sqlite? ( dev-db/sqlite )
81	+ radius? ( net-dialup/freeradius-client )
82	+ virtual/libiconv
83	+ "
84	+ # added X check for #57206
85	+DEPEND="${COMMON_DEPEND}
86	+ virtual/pkgconfig"
87	+RDEPEND="${COMMON_DEPEND}
88	+ !mail-mta/courier
89	+ !mail-mta/esmtp
90	+ !mail-mta/mini-qmail
91	+ !<mail-mta/msmtp-1.4.19-r1
92	+ !>=mail-mta/msmtp-1.4.19-r1[mta]
93	+ !mail-mta/netqmail
94	+ !mail-mta/nullmailer
95	+ !mail-mta/postfix
96	+ !mail-mta/qmail-ldap
97	+ !mail-mta/sendmail
98	+ !mail-mta/opensmtpd
99	+ !<mail-mta/ssmtp-2.64-r2
100	+ !>=mail-mta/ssmtp-2.64-r2[mta]
101	+ !net-mail/mailwrapper
102	+ >=net-mail/mailbase-0.00-r5
103	+ virtual/logger
104	+ dcc? ( mail-filter/dcc )
105	+ selinux? ( sec-policy/selinux-exim )
106	+ "
107	+
108	+S=${WORKDIR}/${P//rc/RC}
109	+
110	+src_prepare() {
111	+ epatch "${FILESDIR}"/exim-4.14-tail.patch
112	+ epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch
113	+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch
114	+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426
115	+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785
116	+ epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279
117	+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591
118	+ epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212
119	+
120	+ if use maildir ; then
121	+ epatch "${FILESDIR}"/exim-4.20-maildir.patch
122	+ else
123	+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606
124	+ fi
125	+
126	+ eapply_user
127	+
128	+ # user Exim believes it should be
129	+ MAILUSER=mail
130	+ MAILGROUP=mail
131	+ if use prefix && [[ ${EUID} != 0 ]] ; then
132	+ MAILUSER=$(id -un)
133	+ MAILGROUP=$(id -gn)
134	+ fi
135	+}
136	+
137	+src_configure() {
138	+ # general config and paths
139	+
140	+ sed -i.orig \
141	+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \
142	+ "${S}"/src/configure.default \|\| die
143	+
144	+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile \|\| die
145	+
146	+ sed -e "48i\CFLAGS=${CFLAGS}" \
147	+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \
148	+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \
149	+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \
150	+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \
151	+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \
152	+ src/EDITME > Local/Makefile
153	+
154	+ if use elibc_musl; then
155	+ sed -e 's/^LIBS = -lnsl/LIBS =/g' \
156	+ -i OS/Makefile-Linux
157	+ fi
158	+
159	+ cd Local
160	+
161	+ cat >> Makefile <<- EOC
162	+ INFO_DIRECTORY=${EPREFIX}/usr/share/info
163	+ PID_FILE_PATH=${EPREFIX}/run/exim.pid
164	+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim
165	+ HAVE_ICONV=yes
166	+ EOC
167	+
168	+ # if we use libiconv, now is the time to tell so
169	+ use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile
170	+
171	+ # support for IPv6
172	+ if use ipv6; then
173	+ cat >> Makefile <<- EOC
174	+ HAVE_IPV6=YES
175	+ EOC
176	+ fi
177	+
178	+ #
179	+ # mail storage formats
180	+
181	+ # mailstore is Exim's traditional storage format
182	+ cat >> Makefile <<- EOC
183	+ SUPPORT_MAILSTORE=yes
184	+ EOC
185	+
186	+ # mbox
187	+ if use mbx; then
188	+ cat >> Makefile <<- EOC
189	+ SUPPORT_MBX=yes
190	+ EOC
191	+ fi
192	+
193	+ # maildir
194	+ if use maildir; then
195	+ cat >> Makefile <<- EOC
196	+ SUPPORT_MAILDIR=yes
197	+ EOC
198	+ fi
199	+
200	+ #
201	+ # lookup methods
202	+
203	+ # use the "native" interfaces to the DBM and CDB libraries, support
204	+ # passwd and directory lookups by default
205	+ cat >> Makefile <<- EOC
206	+ USE_DB=yes
207	+ DBMLIB=-ldb
208	+ LOOKUP_CDB=yes
209	+ LOOKUP_PASSWD=yes
210	+ LOOKUP_DSEARCH=yes
211	+ EOC
212	+
213	+ if ! use dnsdb; then
214	+ # DNSDB lookup is enabled by default
215	+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile
216	+ fi
217	+
218	+ if use ldap; then
219	+ cat >> Makefile <<- EOC
220	+ LOOKUP_LDAP=yes
221	+ LDAP_LIB_TYPE=OPENLDAP2
222	+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap
223	+ LOOKUP_LIBS += -lldap -llber
224	+ EOC
225	+ fi
226	+
227	+ if use mysql; then
228	+ cat >> Makefile <<- EOC
229	+ LOOKUP_MYSQL=yes
230	+ LOOKUP_INCLUDE += $(mysql_config --include)
231	+ LOOKUP_LIBS += $(mysql_config --libs)
232	+ EOC
233	+ fi
234	+
235	+ if use nis; then
236	+ cat >> Makefile <<- EOC
237	+ LOOKUP_NIS=yes
238	+ LOOKUP_NISPLUS=yes
239	+ EOC
240	+ fi
241	+
242	+ if use postgres; then
243	+ cat >> Makefile <<- EOC
244	+ LOOKUP_PGSQL=yes
245	+ LOOKUP_INCLUDE += -I$(pg_config --includedir)
246	+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq
247	+ EOC
248	+ fi
249	+
250	+ if use sqlite; then
251	+ cat >> Makefile <<- EOC
252	+ LOOKUP_SQLITE=yes
253	+ LOOKUP_SQLITE_PC=sqlite3
254	+ EOC
255	+ fi
256	+
257	+ if use redis; then
258	+ cat >> Makefile <<- EOC
259	+ LOOKUP_REDIS=yes
260	+ LOOKUP_LIBS += -lhiredis
261	+ EOC
262	+ fi
263	+
264	+ #
265	+ # Exim monitor, enabled by default, controlled via X USE-flag,
266	+ # disable if not requested, bug #46778
267	+ if use X; then
268	+ cp ../exim_monitor/EDITME eximon.conf \|\| die
269	+ else
270	+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile
271	+ fi
272	+
273	+ #
274	+ # features
275	+
276	+ # content scanning support
277	+ if use exiscan-acl; then
278	+ cat >> Makefile <<- EOC
279	+ WITH_CONTENT_SCAN=yes
280	+ WITH_OLD_DEMIME=yes
281	+ EOC
282	+ fi
283	+
284	+ # DomainKeys Identified Mail, RFC4871
285	+ if ! use dkim; then
286	+ # DKIM is enabled by default
287	+ cat >> Makefile <<- EOC
288	+ DISABLE_DKIM=yes
289	+ EOC
290	+ fi
291	+
292	+ # Per-Recipient-Data-Response
293	+ if ! use prdr; then
294	+ # PRDR is enabled by default
295	+ cat >> Makefile <<- EOC
296	+ DISABLE_PRDR=yes
297	+ EOC
298	+ fi
299	+
300	+ # log to syslog
301	+ if use syslog; then
302	+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile
303	+ cat >> Makefile <<- EOC
304	+ LOG_FILE_PATH=syslog
305	+ EOC
306	+ else
307	+ cat >> Makefile <<- EOC
308	+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log
309	+ EOC
310	+ fi
311	+
312	+ # starttls support (ssl)
313	+ if use ssl; then
314	+ echo "SUPPORT_TLS=yes" >> Makefile
315	+ if use gnutls; then
316	+ echo "USE_GNUTLS=yes" >> Makefile
317	+ echo "USE_GNUTLS_PC=gnutls" >> Makefile
318	+ use pkcs11 \|\| echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile
319	+ else
320	+ echo "USE_OPENSSL_PC=openssl" >> Makefile
321	+ fi
322	+ fi
323	+
324	+ # TCP wrappers
325	+ if use tcpd; then
326	+ cat >> Makefile <<- EOC
327	+ USE_TCP_WRAPPERS=yes
328	+ EXTRALIBS_EXIM += -lwrap
329	+ EOC
330	+ fi
331	+
332	+ # Light Mail Transport Protocol
333	+ if use lmtp; then
334	+ cat >> Makefile <<- EOC
335	+ TRANSPORT_LMTP=yes
336	+ EOC
337	+ fi
338	+
339	+ # embedded Perl
340	+ if use perl; then
341	+ cat >> Makefile <<- EOC
342	+ EXIM_PERL=perl.o
343	+ EOC
344	+ fi
345	+
346	+ # dlfunc
347	+ if use dlfunc; then
348	+ cat >> Makefile <<- EOC
349	+ EXPAND_DLFUNC=yes
350	+ EOC
351	+ fi
352	+
353	+ #
354	+ # experimental features
355	+
356	+ # DANE
357	+ if use dane; then
358	+ cat >> Makefile <<- EOC
359	+ EXPERIMENTAL_DANE=yes
360	+ EOC
361	+ fi
362	+
363	+ # Distributed Checksum Clearinghouse
364	+ if use dcc; then
365	+ echo "EXPERIMENTAL_DCC=yes">> Makefile
366	+ fi
367	+
368	+ # Sender Policy Framework
369	+ if use spf; then
370	+ cat >> Makefile <<- EOC
371	+ EXPERIMENTAL_SPF=yes
372	+ EXTRALIBS_EXIM += -lspf2
373	+ EOC
374	+ fi
375	+
376	+ # Sender Rewriting Scheme
377	+ if use srs; then
378	+ cat >> Makefile <<- EOC
379	+ EXPERIMENTAL_SRS=yes
380	+ EXTRALIBS_EXIM += -lsrs_alt
381	+ EOC
382	+ fi
383	+
384	+ # DMARC
385	+ if use dmarc; then
386	+ cat >> Makefile <<- EOC
387	+ EXPERIMENTAL_DMARC=yes
388	+ EXTRALIBS_EXIM += -lopendmarc
389	+ EOC
390	+ fi
391	+
392	+ # Transport post-delivery actions
393	+ if use tpda; then
394	+ cat >> Makefile <<- EOC
395	+ EXPERIMENTAL_EVENT=yes
396	+ EOC
397	+ fi
398	+
399	+ # Proxy Protocol
400	+ if use proxy; then
401	+ cat >> Makefile <<- EOC
402	+ EXPERIMENTAL_PROXY=yes
403	+ EOC
404	+ fi
405	+
406	+ # Delivery Sender Notifications
407	+ if use dsn; then
408	+ cat >> Makefile <<- EOC
409	+ EXPERIMENTAL_DSN=yes
410	+ EOC
411	+ fi
412	+
413	+ #
414	+ # authentication (SMTP AUTH)
415	+
416	+ # standard bits
417	+ cat >> Makefile <<- EOC
418	+ AUTH_SPA=yes
419	+ AUTH_CRAM_MD5=yes
420	+ AUTH_PLAINTEXT=yes
421	+ EOC
422	+
423	+ # Cyrus SASL
424	+ if use sasl; then
425	+ cat >> Makefile <<- EOC
426	+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux
427	+ AUTH_CYRUS_SASL=yes
428	+ AUTH_LIBS += -lsasl2
429	+ EOC
430	+ fi
431	+
432	+ # Dovecot
433	+ if use dovecot-sasl; then
434	+ cat >> Makefile <<- EOC
435	+ AUTH_DOVECOT=yes
436	+ EOC
437	+ fi
438	+
439	+ # Pluggable Authentication Modules
440	+ if use pam; then
441	+ cat >> Makefile <<- EOC
442	+ SUPPORT_PAM=yes
443	+ AUTH_LIBS += -lpam
444	+ EOC
445	+ fi
446	+
447	+ # Radius
448	+ if use radius; then
449	+ cat >> Makefile <<- EOC
450	+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf
451	+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW
452	+ AUTH_LIBS += -lfreeradius-client
453	+ EOC
454	+ fi
455	+}
456	+
457	+src_compile() {
458	+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \
459	+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \
460	+ \|\| die "make failed"
461	+}
462	+
463	+src_install () {
464	+ cd "${S}"/build-exim-gentoo \|\| die
465	+ dosbin exim
466	+ if use X; then
467	+ dosbin eximon.bin
468	+ dosbin eximon
469	+ fi
470	+ fperms 4755 /usr/sbin/exim
471	+
472	+ dosym exim /usr/sbin/sendmail
473	+ dosym exim /usr/sbin/rsmtp
474	+ dosym exim /usr/sbin/rmail
475	+ dosym /usr/sbin/exim /usr/bin/mailq
476	+ dosym /usr/sbin/exim /usr/bin/newaliases
477	+ dosym /usr/sbin/sendmail /usr/lib/sendmail
478	+
479	+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
480	+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \
481	+ convert4r3 convert4r4 exipick
482	+ do
483	+ dosbin $i
484	+ done
485	+
486	+ dodoc "${S}"/doc/*
487	+ doman "${S}"/doc/exim.8
488	+ use dsn && dodoc "${S}"/README.DSN
489	+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf
490	+
491	+ # conf files
492	+ insinto /etc/exim
493	+ newins "${S}"/src/configure.default exim.conf.dist
494	+ if use exiscan-acl; then
495	+ newins "${S}"/src/configure.default exim.conf.exiscan-acl
496	+ fi
497	+ doins "${WORKDIR}"/system_filter.exim
498	+ doins "${FILESDIR}"/auth_conf.sub
499	+
500	+ pamd_mimic system-auth exim auth account
501	+
502	+ # headers, #436406
503	+ if use dlfunc ; then
504	+ # fixup includes so they actually can be found when including
505	+ sed -i \
506	+ -e '/#include "\(config\\|store\\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \
507	+ local_scan.h \|\| die
508	+ insinto /usr/include/exim
509	+ doins {config,local_scan}.h ../src/{mytypes,store}.h
510	+ fi
511	+
512	+ insinto /etc/logrotate.d
513	+ newins "${FILESDIR}/exim.logrotate" exim
514	+
515	+ newinitd "${FILESDIR}"/exim.rc10 exim
516	+ newconfd "${FILESDIR}"/exim.confd exim
517	+
518	+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket}
519	+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service'
520	+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service'
521	+
522	+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP}
523	+ dodir /var/log/${PN}
524	+}
525	+
526	+pkg_postinst() {
527	+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then
528	+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter."
529	+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth."
530	+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist."
531	+ fi
532	+ use dane && einfo "DANE support is experimental"
533	+ if use dcc ; then
534	+ einfo "DCC support is experimental, you can find some limited"
535	+ einfo "documentation at the bottom of this prerelease message:"
536	+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579"
537	+ fi
538	+ use spf && einfo "SPF support is experimental"
539	+ use srs && einfo "SRS support is experimental"
540	+ if use dmarc ; then
541	+ einfo "DMARC support is experimental. See global settings to"
542	+ einfo "configure DMARC, for usage see the documentation at "
543	+ einfo "experimental-spec.txt."
544	+ fi
545	+ use tpda && einfo "TPDA/EVENT support is experimental"
546	+ use proxy && einfo "proxy support is experimental"
547	+ use dsn && einfo "DSN support is experimental"
548	+ elog "The obsolete acl condition 'demime' is removed, the replacements"
549	+ elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime"
550	+}
551
552	diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch
553	new file mode 100644
554	index 00000000000..c3d976a2b90
555	--- /dev/null
556	+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch
557	@@ -0,0 +1,58 @@
558	+CVE-2017-1000369
559	+
560	+https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
561	+
562	+--- a/doc/exim.8
563	++++ b/doc/exim.8
564	+@@ -1350,7 +1350,7 @@ option sets the received protocol value that is stored in
565	+ or \fB\-bs\fP is used. For \fB\-bh\fP, the protocol is forced to one of the standard
566	+ SMTP protocol names. For \fB\-bs\fP, the protocol is always "local\-" followed by
567	+ one of those same names. For \fB\-bS\fP (batched SMTP) however, the protocol can
568	+-be set by \fB\-oMr\fP.
569	++be set by \fB\-oMr\fP. Repeated use of this option is not supported.
570	+ .TP 10
571	+ \fB\-oMs\fP <\fIhost name\fP>
572	+ See \fB\-oMa\fP above for general remarks about the \fB\-oM\fP options. The \fB\-oMs\fP
573	+@@ -1418,6 +1418,7 @@ host name and its colon can be omitted when only the protocol is to be set.
574	+ Note the Exim already has two private options, \fB\-pd\fP and \fB\-ps\fP, that refer
575	+ to embedded Perl. It is therefore impossible to set a protocol value of d
576	+ or s using this option (but that does not seem a real limitation).
577	++Repeated use of this option is not supported.
578	+ .TP 10
579	+ \fB\-q\fP
580	+ This option is normally restricted to admin users. However, there is a
581	+--- a/src/exim.c
582	++++ b/src/exim.c
583	+@@ -3092,7 +3092,14 @@ for (i = 1; i < argc; i++)
584	+
585	+ /* -oMr: Received protocol */
586	+
587	+- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
588	++ else if (Ustrcmp(argrest, "Mr") == 0)
589	++
590	++ if (received_protocol)
591	++ {
592	++ fprintf(stderr, "received_protocol is set already\n");
593	++ exit(EXIT_FAILURE);
594	++ }
595	++ else received_protocol = argv[++i];
596	+
597	+ /* -oMs: Set sender host name */
598	+
599	+@@ -3188,7 +3195,15 @@ for (i = 1; i < argc; i++)
600	+
601	+ if (*argrest != 0)
602	+ {
603	+- uschar *hn = Ustrchr(argrest, ':');
604	++ uschar *hn;
605	++
606	++ if (received_protocol)
607	++ {
608	++ fprintf(stderr, "received_protocol is set already\n");
609	++ exit(EXIT_FAILURE);
610	++ }
611	++
612	++ hn = Ustrchr(argrest, ':');
613	+ if (hn == NULL)
614	+ {
615	+ received_protocol = argrest;

Gentoo Archives: gentoo-commits