1 |
commit: 81618852a1f9d12b4aeea8a85b9d0f37f81f05b9 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jun 19 16:06:14 2017 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jun 19 16:06:32 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81618852 |
7 |
|
8 |
mail-mta/exim: Rev bump to add patch for CVE-2017-1000369 (bug #622212) |
9 |
|
10 |
Package-Manager: Portage-2.3.5, Repoman-2.3.2 |
11 |
|
12 |
mail-mta/exim/exim-4.89-r1.ebuild | 529 +++++++++++++++++++++ |
13 |
.../exim/files/exim-4.89-CVE-2017-1000369.patch | 58 +++ |
14 |
2 files changed, 587 insertions(+) |
15 |
|
16 |
diff --git a/mail-mta/exim/exim-4.89-r1.ebuild b/mail-mta/exim/exim-4.89-r1.ebuild |
17 |
new file mode 100644 |
18 |
index 00000000000..0d1ab8856b6 |
19 |
--- /dev/null |
20 |
+++ b/mail-mta/exim/exim-4.89-r1.ebuild |
21 |
@@ -0,0 +1,529 @@ |
22 |
+# Copyright 1999-2017 Gentoo Foundation |
23 |
+# Distributed under the terms of the GNU General Public License v2 |
24 |
+ |
25 |
+EAPI="6" |
26 |
+ |
27 |
+inherit eutils toolchain-funcs multilib pam systemd |
28 |
+ |
29 |
+IUSE="dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls ipv6 ldap libressl lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs ssl syslog tcpd tpda X elibc_glibc" |
30 |
+REQUIRED_USE=" |
31 |
+ dane? ( !gnutls ) |
32 |
+ dmarc? ( spf dkim ) |
33 |
+ pkcs11? ( gnutls ) |
34 |
+ spf? ( exiscan-acl ) |
35 |
+ srs? ( exiscan-acl ) |
36 |
+" |
37 |
+ |
38 |
+COMM_URI="ftp://ftp.exim.org/pub/exim/exim4$([[ ${PV} == *_rc* ]] && echo /test)" |
39 |
+ |
40 |
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail" |
41 |
+SRC_URI="${COMM_URI}/${P//rc/RC}.tar.bz2 |
42 |
+ mirror://gentoo/system_filter.exim.gz |
43 |
+ doc? ( ${COMM_URI}/${PN}-pdf-${PV//rc/RC}.tar.bz2 )" |
44 |
+HOMEPAGE="http://www.exim.org/" |
45 |
+ |
46 |
+SLOT="0" |
47 |
+LICENSE="GPL-2" |
48 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~x86-solaris" |
49 |
+ |
50 |
+COMMON_DEPEND=">=sys-apps/sed-4.0.5 |
51 |
+ >=sys-libs/db-3.2:= |
52 |
+ dev-libs/libpcre |
53 |
+ perl? ( dev-lang/perl:= ) |
54 |
+ pam? ( virtual/pam ) |
55 |
+ tcpd? ( sys-apps/tcp-wrappers ) |
56 |
+ ssl? ( |
57 |
+ !libressl? ( dev-libs/openssl:0= ) |
58 |
+ libressl? ( dev-libs/libressl:= ) |
59 |
+ ) |
60 |
+ gnutls? ( net-libs/gnutls[pkcs11?] |
61 |
+ dev-libs/libtasn1 ) |
62 |
+ ldap? ( >=net-nds/openldap-2.0.7 ) |
63 |
+ nis? ( elibc_glibc? ( || ( |
64 |
+ <sys-libs/glibc-2.23 |
65 |
+ >=sys-libs/glibc-2.23[rpc] |
66 |
+ ) ) ) |
67 |
+ mysql? ( virtual/libmysqlclient ) |
68 |
+ postgres? ( dev-db/postgresql:= ) |
69 |
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) |
70 |
+ redis? ( dev-libs/hiredis ) |
71 |
+ spf? ( >=mail-filter/libspf2-1.2.5-r1 ) |
72 |
+ dmarc? ( mail-filter/opendmarc ) |
73 |
+ srs? ( mail-filter/libsrs_alt ) |
74 |
+ X? ( x11-proto/xproto |
75 |
+ x11-libs/libX11 |
76 |
+ x11-libs/libXmu |
77 |
+ x11-libs/libXt |
78 |
+ x11-libs/libXaw |
79 |
+ ) |
80 |
+ sqlite? ( dev-db/sqlite ) |
81 |
+ radius? ( net-dialup/freeradius-client ) |
82 |
+ virtual/libiconv |
83 |
+ " |
84 |
+ # added X check for #57206 |
85 |
+DEPEND="${COMMON_DEPEND} |
86 |
+ virtual/pkgconfig" |
87 |
+RDEPEND="${COMMON_DEPEND} |
88 |
+ !mail-mta/courier |
89 |
+ !mail-mta/esmtp |
90 |
+ !mail-mta/mini-qmail |
91 |
+ !<mail-mta/msmtp-1.4.19-r1 |
92 |
+ !>=mail-mta/msmtp-1.4.19-r1[mta] |
93 |
+ !mail-mta/netqmail |
94 |
+ !mail-mta/nullmailer |
95 |
+ !mail-mta/postfix |
96 |
+ !mail-mta/qmail-ldap |
97 |
+ !mail-mta/sendmail |
98 |
+ !mail-mta/opensmtpd |
99 |
+ !<mail-mta/ssmtp-2.64-r2 |
100 |
+ !>=mail-mta/ssmtp-2.64-r2[mta] |
101 |
+ !net-mail/mailwrapper |
102 |
+ >=net-mail/mailbase-0.00-r5 |
103 |
+ virtual/logger |
104 |
+ dcc? ( mail-filter/dcc ) |
105 |
+ selinux? ( sec-policy/selinux-exim ) |
106 |
+ " |
107 |
+ |
108 |
+S=${WORKDIR}/${P//rc/RC} |
109 |
+ |
110 |
+src_prepare() { |
111 |
+ epatch "${FILESDIR}"/exim-4.14-tail.patch |
112 |
+ epatch "${FILESDIR}"/exim-4.74-localscan_dlopen.patch |
113 |
+ epatch "${FILESDIR}"/exim-4.69-r1.27021.patch |
114 |
+ epatch "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 |
115 |
+ epatch "${FILESDIR}"/exim-4.82-makefile-freebsd.patch # 235785 |
116 |
+ epatch "${FILESDIR}"/exim-4.89-as-needed-ldflags.patch # 352265, 391279 |
117 |
+ epatch "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 |
118 |
+ epatch "${FILESDIR}"/exim-4.89-CVE-2017-1000369.patch # 622212 |
119 |
+ |
120 |
+ if use maildir ; then |
121 |
+ epatch "${FILESDIR}"/exim-4.20-maildir.patch |
122 |
+ else |
123 |
+ epatch "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 |
124 |
+ fi |
125 |
+ |
126 |
+ eapply_user |
127 |
+ |
128 |
+ # user Exim believes it should be |
129 |
+ MAILUSER=mail |
130 |
+ MAILGROUP=mail |
131 |
+ if use prefix && [[ ${EUID} != 0 ]] ; then |
132 |
+ MAILUSER=$(id -un) |
133 |
+ MAILGROUP=$(id -gn) |
134 |
+ fi |
135 |
+} |
136 |
+ |
137 |
+src_configure() { |
138 |
+ # general config and paths |
139 |
+ |
140 |
+ sed -i.orig \ |
141 |
+ -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${EPREFIX}/etc/mail/aliases'" \ |
142 |
+ "${S}"/src/configure.default || die |
143 |
+ |
144 |
+ sed -i -e 's/^buildname=.*/buildname=exim-gentoo/g' Makefile || die |
145 |
+ |
146 |
+ sed -e "48i\CFLAGS=${CFLAGS}" \ |
147 |
+ -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ |
148 |
+ -e "s:EXIM_USER=:EXIM_USER=${MAILUSER}:" \ |
149 |
+ -e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=${EPREFIX}/etc/exim/exim.conf:" \ |
150 |
+ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ |
151 |
+ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ |
152 |
+ src/EDITME > Local/Makefile |
153 |
+ |
154 |
+ if use elibc_musl; then |
155 |
+ sed -e 's/^LIBS = -lnsl/LIBS =/g' \ |
156 |
+ -i OS/Makefile-Linux |
157 |
+ fi |
158 |
+ |
159 |
+ cd Local |
160 |
+ |
161 |
+ cat >> Makefile <<- EOC |
162 |
+ INFO_DIRECTORY=${EPREFIX}/usr/share/info |
163 |
+ PID_FILE_PATH=${EPREFIX}/run/exim.pid |
164 |
+ SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim |
165 |
+ HAVE_ICONV=yes |
166 |
+ EOC |
167 |
+ |
168 |
+ # if we use libiconv, now is the time to tell so |
169 |
+ use !elibc_glibc && use !elibc_musl && echo "EXTRALIBS_EXIM=-liconv" >> Makefile |
170 |
+ |
171 |
+ # support for IPv6 |
172 |
+ if use ipv6; then |
173 |
+ cat >> Makefile <<- EOC |
174 |
+ HAVE_IPV6=YES |
175 |
+ EOC |
176 |
+ fi |
177 |
+ |
178 |
+ # |
179 |
+ # mail storage formats |
180 |
+ |
181 |
+ # mailstore is Exim's traditional storage format |
182 |
+ cat >> Makefile <<- EOC |
183 |
+ SUPPORT_MAILSTORE=yes |
184 |
+ EOC |
185 |
+ |
186 |
+ # mbox |
187 |
+ if use mbx; then |
188 |
+ cat >> Makefile <<- EOC |
189 |
+ SUPPORT_MBX=yes |
190 |
+ EOC |
191 |
+ fi |
192 |
+ |
193 |
+ # maildir |
194 |
+ if use maildir; then |
195 |
+ cat >> Makefile <<- EOC |
196 |
+ SUPPORT_MAILDIR=yes |
197 |
+ EOC |
198 |
+ fi |
199 |
+ |
200 |
+ # |
201 |
+ # lookup methods |
202 |
+ |
203 |
+ # use the "native" interfaces to the DBM and CDB libraries, support |
204 |
+ # passwd and directory lookups by default |
205 |
+ cat >> Makefile <<- EOC |
206 |
+ USE_DB=yes |
207 |
+ DBMLIB=-ldb |
208 |
+ LOOKUP_CDB=yes |
209 |
+ LOOKUP_PASSWD=yes |
210 |
+ LOOKUP_DSEARCH=yes |
211 |
+ EOC |
212 |
+ |
213 |
+ if ! use dnsdb; then |
214 |
+ # DNSDB lookup is enabled by default |
215 |
+ sed -i "s:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:" Makefile |
216 |
+ fi |
217 |
+ |
218 |
+ if use ldap; then |
219 |
+ cat >> Makefile <<- EOC |
220 |
+ LOOKUP_LDAP=yes |
221 |
+ LDAP_LIB_TYPE=OPENLDAP2 |
222 |
+ LOOKUP_INCLUDE += -I"${EROOT}"usr/include/ldap |
223 |
+ LOOKUP_LIBS += -lldap -llber |
224 |
+ EOC |
225 |
+ fi |
226 |
+ |
227 |
+ if use mysql; then |
228 |
+ cat >> Makefile <<- EOC |
229 |
+ LOOKUP_MYSQL=yes |
230 |
+ LOOKUP_INCLUDE += $(mysql_config --include) |
231 |
+ LOOKUP_LIBS += $(mysql_config --libs) |
232 |
+ EOC |
233 |
+ fi |
234 |
+ |
235 |
+ if use nis; then |
236 |
+ cat >> Makefile <<- EOC |
237 |
+ LOOKUP_NIS=yes |
238 |
+ LOOKUP_NISPLUS=yes |
239 |
+ EOC |
240 |
+ fi |
241 |
+ |
242 |
+ if use postgres; then |
243 |
+ cat >> Makefile <<- EOC |
244 |
+ LOOKUP_PGSQL=yes |
245 |
+ LOOKUP_INCLUDE += -I$(pg_config --includedir) |
246 |
+ LOOKUP_LIBS += -L$(pg_config --libdir) -lpq |
247 |
+ EOC |
248 |
+ fi |
249 |
+ |
250 |
+ if use sqlite; then |
251 |
+ cat >> Makefile <<- EOC |
252 |
+ LOOKUP_SQLITE=yes |
253 |
+ LOOKUP_SQLITE_PC=sqlite3 |
254 |
+ EOC |
255 |
+ fi |
256 |
+ |
257 |
+ if use redis; then |
258 |
+ cat >> Makefile <<- EOC |
259 |
+ LOOKUP_REDIS=yes |
260 |
+ LOOKUP_LIBS += -lhiredis |
261 |
+ EOC |
262 |
+ fi |
263 |
+ |
264 |
+ # |
265 |
+ # Exim monitor, enabled by default, controlled via X USE-flag, |
266 |
+ # disable if not requested, bug #46778 |
267 |
+ if use X; then |
268 |
+ cp ../exim_monitor/EDITME eximon.conf || die |
269 |
+ else |
270 |
+ sed -i -e '/^EXIM_MONITOR=/s/^/# /' Makefile |
271 |
+ fi |
272 |
+ |
273 |
+ # |
274 |
+ # features |
275 |
+ |
276 |
+ # content scanning support |
277 |
+ if use exiscan-acl; then |
278 |
+ cat >> Makefile <<- EOC |
279 |
+ WITH_CONTENT_SCAN=yes |
280 |
+ WITH_OLD_DEMIME=yes |
281 |
+ EOC |
282 |
+ fi |
283 |
+ |
284 |
+ # DomainKeys Identified Mail, RFC4871 |
285 |
+ if ! use dkim; then |
286 |
+ # DKIM is enabled by default |
287 |
+ cat >> Makefile <<- EOC |
288 |
+ DISABLE_DKIM=yes |
289 |
+ EOC |
290 |
+ fi |
291 |
+ |
292 |
+ # Per-Recipient-Data-Response |
293 |
+ if ! use prdr; then |
294 |
+ # PRDR is enabled by default |
295 |
+ cat >> Makefile <<- EOC |
296 |
+ DISABLE_PRDR=yes |
297 |
+ EOC |
298 |
+ fi |
299 |
+ |
300 |
+ # log to syslog |
301 |
+ if use syslog; then |
302 |
+ sed -i "s:LOG_FILE_PATH=/var/log/exim/exim_%s.log:LOG_FILE_PATH=syslog:" Makefile |
303 |
+ cat >> Makefile <<- EOC |
304 |
+ LOG_FILE_PATH=syslog |
305 |
+ EOC |
306 |
+ else |
307 |
+ cat >> Makefile <<- EOC |
308 |
+ LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log |
309 |
+ EOC |
310 |
+ fi |
311 |
+ |
312 |
+ # starttls support (ssl) |
313 |
+ if use ssl; then |
314 |
+ echo "SUPPORT_TLS=yes" >> Makefile |
315 |
+ if use gnutls; then |
316 |
+ echo "USE_GNUTLS=yes" >> Makefile |
317 |
+ echo "USE_GNUTLS_PC=gnutls" >> Makefile |
318 |
+ use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile |
319 |
+ else |
320 |
+ echo "USE_OPENSSL_PC=openssl" >> Makefile |
321 |
+ fi |
322 |
+ fi |
323 |
+ |
324 |
+ # TCP wrappers |
325 |
+ if use tcpd; then |
326 |
+ cat >> Makefile <<- EOC |
327 |
+ USE_TCP_WRAPPERS=yes |
328 |
+ EXTRALIBS_EXIM += -lwrap |
329 |
+ EOC |
330 |
+ fi |
331 |
+ |
332 |
+ # Light Mail Transport Protocol |
333 |
+ if use lmtp; then |
334 |
+ cat >> Makefile <<- EOC |
335 |
+ TRANSPORT_LMTP=yes |
336 |
+ EOC |
337 |
+ fi |
338 |
+ |
339 |
+ # embedded Perl |
340 |
+ if use perl; then |
341 |
+ cat >> Makefile <<- EOC |
342 |
+ EXIM_PERL=perl.o |
343 |
+ EOC |
344 |
+ fi |
345 |
+ |
346 |
+ # dlfunc |
347 |
+ if use dlfunc; then |
348 |
+ cat >> Makefile <<- EOC |
349 |
+ EXPAND_DLFUNC=yes |
350 |
+ EOC |
351 |
+ fi |
352 |
+ |
353 |
+ # |
354 |
+ # experimental features |
355 |
+ |
356 |
+ # DANE |
357 |
+ if use dane; then |
358 |
+ cat >> Makefile <<- EOC |
359 |
+ EXPERIMENTAL_DANE=yes |
360 |
+ EOC |
361 |
+ fi |
362 |
+ |
363 |
+ # Distributed Checksum Clearinghouse |
364 |
+ if use dcc; then |
365 |
+ echo "EXPERIMENTAL_DCC=yes">> Makefile |
366 |
+ fi |
367 |
+ |
368 |
+ # Sender Policy Framework |
369 |
+ if use spf; then |
370 |
+ cat >> Makefile <<- EOC |
371 |
+ EXPERIMENTAL_SPF=yes |
372 |
+ EXTRALIBS_EXIM += -lspf2 |
373 |
+ EOC |
374 |
+ fi |
375 |
+ |
376 |
+ # Sender Rewriting Scheme |
377 |
+ if use srs; then |
378 |
+ cat >> Makefile <<- EOC |
379 |
+ EXPERIMENTAL_SRS=yes |
380 |
+ EXTRALIBS_EXIM += -lsrs_alt |
381 |
+ EOC |
382 |
+ fi |
383 |
+ |
384 |
+ # DMARC |
385 |
+ if use dmarc; then |
386 |
+ cat >> Makefile <<- EOC |
387 |
+ EXPERIMENTAL_DMARC=yes |
388 |
+ EXTRALIBS_EXIM += -lopendmarc |
389 |
+ EOC |
390 |
+ fi |
391 |
+ |
392 |
+ # Transport post-delivery actions |
393 |
+ if use tpda; then |
394 |
+ cat >> Makefile <<- EOC |
395 |
+ EXPERIMENTAL_EVENT=yes |
396 |
+ EOC |
397 |
+ fi |
398 |
+ |
399 |
+ # Proxy Protocol |
400 |
+ if use proxy; then |
401 |
+ cat >> Makefile <<- EOC |
402 |
+ EXPERIMENTAL_PROXY=yes |
403 |
+ EOC |
404 |
+ fi |
405 |
+ |
406 |
+ # Delivery Sender Notifications |
407 |
+ if use dsn; then |
408 |
+ cat >> Makefile <<- EOC |
409 |
+ EXPERIMENTAL_DSN=yes |
410 |
+ EOC |
411 |
+ fi |
412 |
+ |
413 |
+ # |
414 |
+ # authentication (SMTP AUTH) |
415 |
+ |
416 |
+ # standard bits |
417 |
+ cat >> Makefile <<- EOC |
418 |
+ AUTH_SPA=yes |
419 |
+ AUTH_CRAM_MD5=yes |
420 |
+ AUTH_PLAINTEXT=yes |
421 |
+ EOC |
422 |
+ |
423 |
+ # Cyrus SASL |
424 |
+ if use sasl; then |
425 |
+ cat >> Makefile <<- EOC |
426 |
+ CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux |
427 |
+ AUTH_CYRUS_SASL=yes |
428 |
+ AUTH_LIBS += -lsasl2 |
429 |
+ EOC |
430 |
+ fi |
431 |
+ |
432 |
+ # Dovecot |
433 |
+ if use dovecot-sasl; then |
434 |
+ cat >> Makefile <<- EOC |
435 |
+ AUTH_DOVECOT=yes |
436 |
+ EOC |
437 |
+ fi |
438 |
+ |
439 |
+ # Pluggable Authentication Modules |
440 |
+ if use pam; then |
441 |
+ cat >> Makefile <<- EOC |
442 |
+ SUPPORT_PAM=yes |
443 |
+ AUTH_LIBS += -lpam |
444 |
+ EOC |
445 |
+ fi |
446 |
+ |
447 |
+ # Radius |
448 |
+ if use radius; then |
449 |
+ cat >> Makefile <<- EOC |
450 |
+ RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf |
451 |
+ RADIUS_LIB_TYPE=RADIUSCLIENTNEW |
452 |
+ AUTH_LIBS += -lfreeradius-client |
453 |
+ EOC |
454 |
+ fi |
455 |
+} |
456 |
+ |
457 |
+src_compile() { |
458 |
+ emake CC="$(tc-getCC)" HOSTCC="$(tc-getCC $CBUILD)" \ |
459 |
+ AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' \ |
460 |
+ || die "make failed" |
461 |
+} |
462 |
+ |
463 |
+src_install () { |
464 |
+ cd "${S}"/build-exim-gentoo || die |
465 |
+ dosbin exim |
466 |
+ if use X; then |
467 |
+ dosbin eximon.bin |
468 |
+ dosbin eximon |
469 |
+ fi |
470 |
+ fperms 4755 /usr/sbin/exim |
471 |
+ |
472 |
+ dosym exim /usr/sbin/sendmail |
473 |
+ dosym exim /usr/sbin/rsmtp |
474 |
+ dosym exim /usr/sbin/rmail |
475 |
+ dosym /usr/sbin/exim /usr/bin/mailq |
476 |
+ dosym /usr/sbin/exim /usr/bin/newaliases |
477 |
+ dosym /usr/sbin/sendmail /usr/lib/sendmail |
478 |
+ |
479 |
+ for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ |
480 |
+ exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ |
481 |
+ convert4r3 convert4r4 exipick |
482 |
+ do |
483 |
+ dosbin $i |
484 |
+ done |
485 |
+ |
486 |
+ dodoc "${S}"/doc/* |
487 |
+ doman "${S}"/doc/exim.8 |
488 |
+ use dsn && dodoc "${S}"/README.DSN |
489 |
+ use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf |
490 |
+ |
491 |
+ # conf files |
492 |
+ insinto /etc/exim |
493 |
+ newins "${S}"/src/configure.default exim.conf.dist |
494 |
+ if use exiscan-acl; then |
495 |
+ newins "${S}"/src/configure.default exim.conf.exiscan-acl |
496 |
+ fi |
497 |
+ doins "${WORKDIR}"/system_filter.exim |
498 |
+ doins "${FILESDIR}"/auth_conf.sub |
499 |
+ |
500 |
+ pamd_mimic system-auth exim auth account |
501 |
+ |
502 |
+ # headers, #436406 |
503 |
+ if use dlfunc ; then |
504 |
+ # fixup includes so they actually can be found when including |
505 |
+ sed -i \ |
506 |
+ -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \ |
507 |
+ local_scan.h || die |
508 |
+ insinto /usr/include/exim |
509 |
+ doins {config,local_scan}.h ../src/{mytypes,store}.h |
510 |
+ fi |
511 |
+ |
512 |
+ insinto /etc/logrotate.d |
513 |
+ newins "${FILESDIR}/exim.logrotate" exim |
514 |
+ |
515 |
+ newinitd "${FILESDIR}"/exim.rc10 exim |
516 |
+ newconfd "${FILESDIR}"/exim.confd exim |
517 |
+ |
518 |
+ systemd_dounit "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} |
519 |
+ systemd_newunit "${FILESDIR}"/exim_at.service 'exim@.service' |
520 |
+ systemd_newunit "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' |
521 |
+ |
522 |
+ diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} |
523 |
+ dodir /var/log/${PN} |
524 |
+} |
525 |
+ |
526 |
+pkg_postinst() { |
527 |
+ if [[ ! -f ${EROOT}etc/exim/exim.conf ]] ; then |
528 |
+ einfo "${EROOT}etc/exim/system_filter.exim is a sample system_filter." |
529 |
+ einfo "${EROOT}etc/exim/auth_conf.sub contains the configuration sub for using smtp auth." |
530 |
+ einfo "Please create ${EROOT}etc/exim/exim.conf from ${EROOT}etc/exim/exim.conf.dist." |
531 |
+ fi |
532 |
+ use dane && einfo "DANE support is experimental" |
533 |
+ if use dcc ; then |
534 |
+ einfo "DCC support is experimental, you can find some limited" |
535 |
+ einfo "documentation at the bottom of this prerelease message:" |
536 |
+ einfo "http://article.gmane.org/gmane.mail.exim.devel/3579" |
537 |
+ fi |
538 |
+ use spf && einfo "SPF support is experimental" |
539 |
+ use srs && einfo "SRS support is experimental" |
540 |
+ if use dmarc ; then |
541 |
+ einfo "DMARC support is experimental. See global settings to" |
542 |
+ einfo "configure DMARC, for usage see the documentation at " |
543 |
+ einfo "experimental-spec.txt." |
544 |
+ fi |
545 |
+ use tpda && einfo "TPDA/EVENT support is experimental" |
546 |
+ use proxy && einfo "proxy support is experimental" |
547 |
+ use dsn && einfo "DSN support is experimental" |
548 |
+ elog "The obsolete acl condition 'demime' is removed, the replacements" |
549 |
+ elog "are the ACLs acl_smtp_mime and acl_not_smtp_mime" |
550 |
+} |
551 |
|
552 |
diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch |
553 |
new file mode 100644 |
554 |
index 00000000000..c3d976a2b90 |
555 |
--- /dev/null |
556 |
+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-1000369.patch |
557 |
@@ -0,0 +1,58 @@ |
558 |
+CVE-2017-1000369 |
559 |
+ |
560 |
+https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21 |
561 |
+ |
562 |
+--- a/doc/exim.8 |
563 |
++++ b/doc/exim.8 |
564 |
+@@ -1350,7 +1350,7 @@ option sets the received protocol value that is stored in |
565 |
+ or \fB\-bs\fP is used. For \fB\-bh\fP, the protocol is forced to one of the standard |
566 |
+ SMTP protocol names. For \fB\-bs\fP, the protocol is always "local\-" followed by |
567 |
+ one of those same names. For \fB\-bS\fP (batched SMTP) however, the protocol can |
568 |
+-be set by \fB\-oMr\fP. |
569 |
++be set by \fB\-oMr\fP. Repeated use of this option is not supported. |
570 |
+ .TP 10 |
571 |
+ \fB\-oMs\fP <\fIhost name\fP> |
572 |
+ See \fB\-oMa\fP above for general remarks about the \fB\-oM\fP options. The \fB\-oMs\fP |
573 |
+@@ -1418,6 +1418,7 @@ host name and its colon can be omitted when only the protocol is to be set. |
574 |
+ Note the Exim already has two private options, \fB\-pd\fP and \fB\-ps\fP, that refer |
575 |
+ to embedded Perl. It is therefore impossible to set a protocol value of d |
576 |
+ or s using this option (but that does not seem a real limitation). |
577 |
++Repeated use of this option is not supported. |
578 |
+ .TP 10 |
579 |
+ \fB\-q\fP |
580 |
+ This option is normally restricted to admin users. However, there is a |
581 |
+--- a/src/exim.c |
582 |
++++ b/src/exim.c |
583 |
+@@ -3092,7 +3092,14 @@ for (i = 1; i < argc; i++) |
584 |
+ |
585 |
+ /* -oMr: Received protocol */ |
586 |
+ |
587 |
+- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; |
588 |
++ else if (Ustrcmp(argrest, "Mr") == 0) |
589 |
++ |
590 |
++ if (received_protocol) |
591 |
++ { |
592 |
++ fprintf(stderr, "received_protocol is set already\n"); |
593 |
++ exit(EXIT_FAILURE); |
594 |
++ } |
595 |
++ else received_protocol = argv[++i]; |
596 |
+ |
597 |
+ /* -oMs: Set sender host name */ |
598 |
+ |
599 |
+@@ -3188,7 +3195,15 @@ for (i = 1; i < argc; i++) |
600 |
+ |
601 |
+ if (*argrest != 0) |
602 |
+ { |
603 |
+- uschar *hn = Ustrchr(argrest, ':'); |
604 |
++ uschar *hn; |
605 |
++ |
606 |
++ if (received_protocol) |
607 |
++ { |
608 |
++ fprintf(stderr, "received_protocol is set already\n"); |
609 |
++ exit(EXIT_FAILURE); |
610 |
++ } |
611 |
++ |
612 |
++ hn = Ustrchr(argrest, ':'); |
613 |
+ if (hn == NULL) |
614 |
+ { |
615 |
+ received_protocol = argrest; |