Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Jason A. Donenfeld" <zx2c4@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: profiles/, mail-mta/opensmtpd/, mail-mta/opensmtpd/files/
Date: Sat, 07 Mar 2020 00:32:59
Message-Id: 1583541151.ea5bd9d4206b4e0c2c75a03337509e0d6d72ef51.zx2c4@gentoo
1 commit: ea5bd9d4206b4e0c2c75a03337509e0d6d72ef51
2 Author: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
3 AuthorDate: Sat Mar 7 00:30:24 2020 +0000
4 Commit: Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
5 CommitDate: Sat Mar 7 00:32:31 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea5bd9d4
7
8 mail-mta/opensmtpd: remove ancient ~6.0.3_p1 version
9
10 Closes: https://bugs.gentoo.org/710754
11 Package-Manager: Portage-2.3.88, Repoman-2.3.20
12 Signed-off-by: Jason A. Donenfeld <zx2c4 <AT> gentoo.org>
13
14 mail-mta/opensmtpd/Manifest | 1 -
15 .../opensmtpd-6.0.3_p1-fix-crash-on-auth.patch | 43 --
16 .../files/opensmtpd-6.0.3_p1-openssl_1.1.patch | 722 ---------------------
17 .../files/opensmtpd-6.0.3_p1-security-fixes.patch | 123 ----
18 mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild | 78 ---
19 profiles/package.mask | 8 -
20 6 files changed, 975 deletions(-)
21
22 diff --git a/mail-mta/opensmtpd/Manifest b/mail-mta/opensmtpd/Manifest
23 index 0c001fb94e6..ef56b7e6d94 100644
24 --- a/mail-mta/opensmtpd/Manifest
25 +++ b/mail-mta/opensmtpd/Manifest
26 @@ -1,2 +1 @@
27 -DIST opensmtpd-6.0.3p1.tar.gz 699702 BLAKE2B 49f08e8329adc049a562b6ef7efa4c0a39cbcfe8a158cb905cfc726a7302ffe9833ccfb52041340767d55d0f2ae2087e8eac92b7359016c6c76b4d963a334558 SHA512 e579818a0ddbe637deb5a4e40f43eaf797783903ceac18fd89a57581b135b9e407d424e1a70ff7b4b06a0ee50bafb6e8ab2451371917887904b06ff1b55d320f
28 DIST opensmtpd-6.6.4p1.tar.gz 790754 BLAKE2B 18cc19569ae764eff3d672cbfb87df7bd00afcce93705ad128e935c0a47a246c3a6166fca7b6f844c0dd5e728492d8aeb7e0f8a8c1f5a756bf356ae9afb80852 SHA512 267307c91f4fcf21624b0897dfb1f5638b77da7b8d9a02211d734ed2cc5bd39ea7542ae7f200255e2945518fbe7609a0e5aa4e5c6dcb8146014f08b3845c108b
29
30 diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch
31 deleted file mode 100644
32 index c20b5e0a0ef..00000000000
33 --- a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-fix-crash-on-auth.patch
34 +++ /dev/null
35 @@ -1,43 +0,0 @@
36 -From 9b5f70b93e038df5446bd37a4adac5a0380748e7 Mon Sep 17 00:00:00 2001
37 -From: johannes <johannes.brechtmann@×××××.com>
38 -Date: Wed, 21 Feb 2018 23:57:11 +0100
39 -Subject: [PATCH] crypt_checkpass: include HAVE_CRYPT_H definition, add NULL
40 - check
41 -
42 ----
43 - openbsd-compat/crypt_checkpass.c | 9 ++++++++-
44 - 1 file changed, 8 insertions(+), 1 deletion(-)
45 -
46 -diff --git a/openbsd-compat/crypt_checkpass.c b/openbsd-compat/crypt_checkpass.c
47 -index dafd2dae..d10b3a57 100644
48 ---- a/openbsd-compat/crypt_checkpass.c
49 -+++ b/openbsd-compat/crypt_checkpass.c
50 -@@ -1,5 +1,6 @@
51 - /* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
52 -
53 -+#include "includes.h"
54 - #include <errno.h>
55 - #ifdef HAVE_CRYPT_H
56 - #include <crypt.h>
57 -@@ -10,6 +11,8 @@
58 - int
59 - crypt_checkpass(const char *pass, const char *goodhash)
60 - {
61 -+ char *c;
62 -+
63 - if (goodhash == NULL)
64 - goto fail;
65 -
66 -@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
67 - if (strlen(goodhash) == 0 && strlen(pass) == 0)
68 - return 0;
69 -
70 -- if (strcmp(crypt(pass, goodhash), goodhash) == 0)
71 -+ c = crypt(pass, goodhash);
72 -+ if (c == NULL)
73 -+ goto fail;
74 -+
75 -+ if (strcmp(c, goodhash) == 0)
76 - return 0;
77 -
78 - fail:
79
80 diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch
81 deleted file mode 100644
82 index 40a62ae9251..00000000000
83 --- a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-openssl_1.1.patch
84 +++ /dev/null
85 @@ -1,722 +0,0 @@
86 -Description: Enable support for OpenSSL 1.1
87 -Author: Sebastian Andrzej Siewior <sebastian@××××××××××.cc>
88 - Ryan Kavanagh <rak@××××××.org>
89 -Origin: Debian
90 -Bug: https://github.com/OpenSMTPD/OpenSMTPD/issues/738
91 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859544
92 -Forwarded: https://github.com/OpenSMTPD/OpenSMTPD/pull/825
93 -Last-Update: 2018-03-18
94 ----
95 -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
96 -diff --git a/openbsd-compat/libressl.c b/openbsd-compat/libressl.c
97 -index f4f2b52e..d06e006f 100644
98 ---- a/openbsd-compat/libressl.c
99 -+++ b/openbsd-compat/libressl.c
100 -@@ -81,14 +81,14 @@ SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len)
101 - x = ca = NULL;
102 -
103 - if ((in = BIO_new_mem_buf(buf, len)) == NULL) {
104 -- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
105 -+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
106 - goto end;
107 - }
108 -
109 - if ((x = PEM_read_bio_X509(in, NULL,
110 -- ctx->default_passwd_callback,
111 -- ctx->default_passwd_callback_userdata)) == NULL) {
112 -- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
113 -+ SSL_CTX_get_default_passwd_cb(ctx),
114 -+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) == NULL) {
115 -+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
116 - goto end;
117 - }
118 -
119 -@@ -99,14 +99,11 @@ SSL_CTX_use_certificate_chain(SSL_CTX *ctx, char *buf, off_t len)
120 - * the CA certificates.
121 - */
122 -
123 -- if (ctx->extra_certs != NULL) {
124 -- sk_X509_pop_free(ctx->extra_certs, X509_free);
125 -- ctx->extra_certs = NULL;
126 -- }
127 -+ SSL_CTX_clear_extra_chain_certs(ctx);
128 -
129 - while ((ca = PEM_read_bio_X509(in, NULL,
130 -- ctx->default_passwd_callback,
131 -- ctx->default_passwd_callback_userdata)) != NULL) {
132 -+ SSL_CTX_get_default_passwd_cb(ctx),
133 -+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) {
134 -
135 - if (!SSL_CTX_add_extra_chain_cert(ctx, ca))
136 - goto end;
137 -diff --git a/smtpd/ca.c b/smtpd/ca.c
138 -index e383c6a1..29a44b9b 100644
139 ---- a/smtpd/ca.c
140 -+++ b/smtpd/ca.c
141 -@@ -170,6 +170,190 @@ ca_verify_cb(int ok, X509_STORE_CTX *ctx)
142 - return ok;
143 - }
144 -
145 -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
146 -+
147 -+static int RSA_meth_get_flags(RSA_METHOD *meth)
148 -+{
149 -+ return meth->flags;
150 -+}
151 -+
152 -+static int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
153 -+{
154 -+ meth->flags = flags;
155 -+ return 1;
156 -+}
157 -+
158 -+static void *RSA_meth_get0_app_data(const RSA_METHOD *meth)
159 -+{
160 -+ return meth->app_data;
161 -+}
162 -+
163 -+static int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
164 -+{
165 -+ meth->app_data = app_data;
166 -+ return 1;
167 -+}
168 -+
169 -+static int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
170 -+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
171 -+{
172 -+ return meth->rsa_pub_enc;
173 -+}
174 -+
175 -+static int RSA_meth_set_pub_enc(RSA_METHOD *meth,
176 -+ int (*pub_enc) (int flen, const unsigned char *from,
177 -+ unsigned char *to, RSA *rsa,
178 -+ int padding))
179 -+{
180 -+ meth->rsa_pub_enc = pub_enc;
181 -+ return 1;
182 -+}
183 -+
184 -+static int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
185 -+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
186 -+{
187 -+ return meth->rsa_pub_dec;
188 -+}
189 -+
190 -+static int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
191 -+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
192 -+{
193 -+ return meth->rsa_priv_enc;
194 -+}
195 -+
196 -+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
197 -+ int (*priv_enc) (int flen, const unsigned char *from,
198 -+ unsigned char *to, RSA *rsa, int padding))
199 -+{
200 -+ meth->rsa_priv_enc = priv_enc;
201 -+ return 1;
202 -+}
203 -+
204 -+static int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
205 -+(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)
206 -+{
207 -+ return meth->rsa_priv_dec;
208 -+}
209 -+
210 -+static int RSA_meth_set_priv_dec(RSA_METHOD *meth,
211 -+ int (*priv_dec) (int flen, const unsigned char *from,
212 -+ unsigned char *to, RSA *rsa, int padding))
213 -+{
214 -+ meth->rsa_priv_dec = priv_dec;
215 -+ return 1;
216 -+}
217 -+
218 -+static int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
219 -+ (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
220 -+{
221 -+ return meth->rsa_mod_exp;
222 -+}
223 -+
224 -+static int RSA_meth_set_mod_exp(RSA_METHOD *meth,
225 -+ int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx))
226 -+{
227 -+ meth->rsa_mod_exp = mod_exp;
228 -+ return 1;
229 -+}
230 -+
231 -+static int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
232 -+(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
233 -+{
234 -+ return meth->bn_mod_exp;
235 -+}
236 -+
237 -+static int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, int (*bn_mod_exp)
238 -+ (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
239 -+ BN_CTX *ctx, BN_MONT_CTX *m_ctx))
240 -+{
241 -+ meth->bn_mod_exp = bn_mod_exp;
242 -+ return 1;
243 -+}
244 -+
245 -+static int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)
246 -+{
247 -+ return meth->init;
248 -+}
249 -+
250 -+static int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
251 -+{
252 -+ meth->init = init;
253 -+ return 1;
254 -+}
255 -+
256 -+static int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
257 -+{
258 -+ return meth->finish;
259 -+}
260 -+
261 -+static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
262 -+{
263 -+ meth->finish = finish;
264 -+ return 1;
265 -+}
266 -+
267 -+static int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
268 -+ (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
269 -+{
270 -+ return meth->rsa_keygen;
271 -+}
272 -+
273 -+static int RSA_meth_set_keygen(RSA_METHOD *meth, int (*keygen)
274 -+ (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb))
275 -+{
276 -+ meth->rsa_keygen = keygen;
277 -+ return 1;
278 -+}
279 -+
280 -+static int (*RSA_meth_get_verify(const RSA_METHOD *meth))
281 -+ (int dtype, const unsigned char *m,
282 -+ unsigned int m_length, const unsigned char *sigbuf,
283 -+ unsigned int siglen, const RSA *rsa)
284 -+{
285 -+ if (meth->flags & RSA_FLAG_SIGN_VER)
286 -+ return meth->rsa_verify;
287 -+ return NULL;
288 -+}
289 -+
290 -+static int (*RSA_meth_get_sign(const RSA_METHOD *meth))
291 -+ (int type,
292 -+ const unsigned char *m, unsigned int m_length,
293 -+ unsigned char *sigret, unsigned int *siglen,
294 -+ const RSA *rsa)
295 -+{
296 -+ if (meth->flags & RSA_FLAG_SIGN_VER)
297 -+ return meth->rsa_sign;
298 -+ return NULL;
299 -+}
300 -+
301 -+static int RSA_meth_set_pub_dec(RSA_METHOD *meth,
302 -+ int (*pub_dec) (int flen, const unsigned char *from,
303 -+ unsigned char *to, RSA *rsa, int padding))
304 -+{
305 -+ meth->rsa_pub_dec = pub_dec;
306 -+ return 1;
307 -+}
308 -+
309 -+static RSA_METHOD *RSA_meth_new(const char *name, int flags)
310 -+{
311 -+ RSA_METHOD *meth = malloc(sizeof(*meth));
312 -+
313 -+ if (meth != NULL) {
314 -+ memset(meth, 0, sizeof(*meth));
315 -+ meth->flags = flags;
316 -+
317 -+ meth->name = strdup(name);
318 -+ if (meth->name != NULL)
319 -+ return meth;
320 -+
321 -+ free(meth);
322 -+ }
323 -+
324 -+ return NULL;
325 -+}
326 -+
327 -+#endif
328 -+
329 - int
330 - ca_X509_verify(void *certificate, void *chain, const char *CAfile,
331 - const char *CRLfile, const char **errstr)
332 -@@ -201,7 +385,7 @@ end:
333 - *errstr = NULL;
334 - if (ret != 1) {
335 - if (xsc)
336 -- *errstr = X509_verify_cert_error_string(xsc->error);
337 -+ *errstr = X509_verify_cert_error_string(X509_STORE_CTX_get_error(xsc));
338 - else if (ERR_peek_last_error())
339 - *errstr = ERR_error_string(ERR_peek_last_error(), NULL);
340 - }
341 -@@ -302,24 +486,9 @@ ca_imsg(struct mproc *p, struct imsg *imsg)
342 - * RSA privsep engine (called from unprivileged processes)
343 - */
344 -
345 --const RSA_METHOD *rsa_default = NULL;
346 --
347 --static RSA_METHOD rsae_method = {
348 -- "RSA privsep engine",
349 -- rsae_pub_enc,
350 -- rsae_pub_dec,
351 -- rsae_priv_enc,
352 -- rsae_priv_dec,
353 -- rsae_mod_exp,
354 -- rsae_bn_mod_exp,
355 -- rsae_init,
356 -- rsae_finish,
357 -- 0,
358 -- NULL,
359 -- NULL,
360 -- NULL,
361 -- rsae_keygen
362 --};
363 -+static const RSA_METHOD *rsa_default = NULL;
364 -+
365 -+static const char *rsae_method_name = "RSA privsep engine";
366 -
367 - static int
368 - rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
369 -@@ -404,7 +573,7 @@ rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa,
370 - int padding)
371 - {
372 - log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
373 -- return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding));
374 -+ return (RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding));
375 - }
376 -
377 - static int
378 -@@ -412,7 +581,7 @@ rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa,
379 - int padding)
380 - {
381 - log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
382 -- return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding));
383 -+ return (RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding));
384 - }
385 -
386 - static int
387 -@@ -424,7 +593,7 @@ rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
388 - return (rsae_send_imsg(flen, from, to, rsa, padding,
389 - IMSG_CA_PRIVENC));
390 - }
391 -- return (rsa_default->rsa_priv_enc(flen, from, to, rsa, padding));
392 -+ return (RSA_meth_get_priv_enc(rsa_default)(flen, from, to, rsa, padding));
393 - }
394 -
395 - static int
396 -@@ -436,14 +605,14 @@ rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
397 - return (rsae_send_imsg(flen, from, to, rsa, padding,
398 - IMSG_CA_PRIVDEC));
399 - }
400 -- return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding));
401 -+ return (RSA_meth_get_priv_dec(rsa_default)(flen, from, to, rsa, padding));
402 - }
403 -
404 - static int
405 - rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
406 - {
407 - log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
408 -- return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx));
409 -+ return (RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx));
410 - }
411 -
412 - static int
413 -@@ -451,34 +620,36 @@ rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
414 - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
415 - {
416 - log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
417 -- return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx));
418 -+ return (RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx));
419 - }
420 -
421 - static int
422 - rsae_init(RSA *rsa)
423 - {
424 - log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
425 -- if (rsa_default->init == NULL)
426 -+ if (RSA_meth_get_init(rsa_default) == NULL)
427 - return (1);
428 -- return (rsa_default->init(rsa));
429 -+ return (RSA_meth_get_init(rsa_default)(rsa));
430 - }
431 -
432 - static int
433 - rsae_finish(RSA *rsa)
434 - {
435 - log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
436 -- if (rsa_default->finish == NULL)
437 -+ if (RSA_meth_get_finish(rsa_default) == NULL)
438 - return (1);
439 -- return (rsa_default->finish(rsa));
440 -+ return (RSA_meth_get_finish(rsa_default)(rsa));
441 - }
442 -
443 - static int
444 - rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
445 - {
446 - log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
447 -- return (rsa_default->rsa_keygen(rsa, bits, e, cb));
448 -+ return (RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb));
449 - }
450 -
451 -+static RSA_METHOD *rsae_method;
452 -+
453 - void
454 - ca_engine_init(void)
455 - {
456 -@@ -490,7 +661,7 @@ ca_engine_init(void)
457 - errstr = "ENGINE_new";
458 - goto fail;
459 - }
460 -- if (!ENGINE_set_name(e, rsae_method.name)) {
461 -+ if (!ENGINE_set_name(e, rsae_method_name)) {
462 - errstr = "ENGINE_set_name";
463 - goto fail;
464 - }
465 -@@ -503,25 +674,58 @@ ca_engine_init(void)
466 - goto fail;
467 - }
468 -
469 -+ rsae_method = RSA_meth_new(rsae_method_name, 0);
470 -+ if (!rsae_method) {
471 -+ errstr = "RSA_meth_new";
472 -+ goto fail;
473 -+ }
474 -+
475 - if ((name = ENGINE_get_name(e)) == NULL)
476 - name = "unknown RSA engine";
477 -
478 - log_debug("debug: %s: using %s", __func__, name);
479 -
480 -- if (rsa_default->flags & RSA_FLAG_SIGN_VER)
481 -+ if (RSA_meth_get_sign(rsa_default) ||
482 -+ RSA_meth_get_verify(rsa_default))
483 - fatalx("unsupported RSA engine");
484 -
485 -- if (rsa_default->rsa_mod_exp == NULL)
486 -- rsae_method.rsa_mod_exp = NULL;
487 -- if (rsa_default->bn_mod_exp == NULL)
488 -- rsae_method.bn_mod_exp = NULL;
489 -- if (rsa_default->rsa_keygen == NULL)
490 -- rsae_method.rsa_keygen = NULL;
491 -- rsae_method.flags = rsa_default->flags |
492 -- RSA_METHOD_FLAG_NO_CHECK;
493 -- rsae_method.app_data = rsa_default->app_data;
494 --
495 -- if (!ENGINE_set_RSA(e, &rsae_method)) {
496 -+ errstr = "Setting callback";
497 -+ if (!RSA_meth_set_pub_enc(rsae_method, rsae_pub_enc))
498 -+ goto fail;
499 -+ if (!RSA_meth_set_pub_dec(rsae_method, rsae_pub_dec))
500 -+ goto fail;
501 -+ if (!RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc))
502 -+ goto fail;
503 -+ if (!RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec))
504 -+ goto fail;
505 -+
506 -+ if (RSA_meth_get_mod_exp(rsa_default)) {
507 -+ if (!RSA_meth_set_mod_exp(rsae_method, rsae_mod_exp))
508 -+ goto fail;
509 -+ }
510 -+
511 -+ if (RSA_meth_get_bn_mod_exp(rsa_default))
512 -+ if (!RSA_meth_set_bn_mod_exp(rsae_method, rsae_bn_mod_exp))
513 -+ goto fail;
514 -+ if (!RSA_meth_set_init(rsae_method, rsae_init))
515 -+ goto fail;
516 -+ if (!RSA_meth_set_finish(rsae_method, rsae_finish))
517 -+ goto fail;
518 -+
519 -+ if (RSA_meth_get_keygen(rsa_default)) {
520 -+ if (!RSA_meth_set_keygen(rsae_method, rsae_keygen))
521 -+ goto fail;
522 -+ }
523 -+
524 -+ if (!RSA_meth_set_flags(rsae_method,
525 -+ RSA_meth_get_flags(rsa_default) |
526 -+ RSA_METHOD_FLAG_NO_CHECK))
527 -+ goto fail;
528 -+
529 -+ if (!RSA_meth_set0_app_data(rsae_method, RSA_meth_get0_app_data(rsa_default)))
530 -+ goto fail;
531 -+
532 -+ if (!ENGINE_set_RSA(e, rsae_method)) {
533 - errstr = "ENGINE_set_RSA";
534 - goto fail;
535 - }
536 -diff --git a/smtpd/crypto.c b/smtpd/crypto.c
537 -index 76f98807..01452851 100644
538 ---- a/smtpd/crypto.c
539 -+++ b/smtpd/crypto.c
540 -@@ -64,7 +64,7 @@ crypto_setup(const char *key, size_t len)
541 - int
542 - crypto_encrypt_file(FILE * in, FILE * out)
543 - {
544 -- EVP_CIPHER_CTX ctx;
545 -+ EVP_CIPHER_CTX *ctx;
546 - uint8_t ibuf[CRYPTO_BUFFER_SIZE];
547 - uint8_t obuf[CRYPTO_BUFFER_SIZE];
548 - uint8_t iv[IV_SIZE];
549 -@@ -91,12 +91,14 @@ crypto_encrypt_file(FILE * in, FILE * out)
550 - if ((w = fwrite(iv, 1, sizeof iv, out)) != sizeof iv)
551 - return 0;
552 -
553 -- EVP_CIPHER_CTX_init(&ctx);
554 -- EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
555 -+ ctx = EVP_CIPHER_CTX_new();
556 -+ if (!ctx)
557 -+ return 0;
558 -+ EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
559 -
560 - /* encrypt until end of file */
561 - while ((r = fread(ibuf, 1, CRYPTO_BUFFER_SIZE, in)) != 0) {
562 -- if (!EVP_EncryptUpdate(&ctx, obuf, &len, ibuf, r))
563 -+ if (!EVP_EncryptUpdate(ctx, obuf, &len, ibuf, r))
564 - goto end;
565 - if (len && (w = fwrite(obuf, len, 1, out)) != 1)
566 - goto end;
567 -@@ -105,13 +107,13 @@ crypto_encrypt_file(FILE * in, FILE * out)
568 - goto end;
569 -
570 - /* finalize and write last chunk if any */
571 -- if (!EVP_EncryptFinal_ex(&ctx, obuf, &len))
572 -+ if (!EVP_EncryptFinal_ex(ctx, obuf, &len))
573 - goto end;
574 - if (len && (w = fwrite(obuf, len, 1, out)) != 1)
575 - goto end;
576 -
577 - /* get and append tag */
578 -- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
579 -+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
580 - if ((w = fwrite(tag, sizeof tag, 1, out)) != 1)
581 - goto end;
582 -
583 -@@ -119,14 +121,14 @@ crypto_encrypt_file(FILE * in, FILE * out)
584 - ret = 1;
585 -
586 - end:
587 -- EVP_CIPHER_CTX_cleanup(&ctx);
588 -+ EVP_CIPHER_CTX_free(ctx);
589 - return ret;
590 - }
591 -
592 - int
593 - crypto_decrypt_file(FILE * in, FILE * out)
594 - {
595 -- EVP_CIPHER_CTX ctx;
596 -+ EVP_CIPHER_CTX *ctx;
597 - uint8_t ibuf[CRYPTO_BUFFER_SIZE];
598 - uint8_t obuf[CRYPTO_BUFFER_SIZE];
599 - uint8_t iv[IV_SIZE];
600 -@@ -171,11 +173,13 @@ crypto_decrypt_file(FILE * in, FILE * out)
601 - sz -= sizeof tag;
602 -
603 -
604 -- EVP_CIPHER_CTX_init(&ctx);
605 -- EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
606 -+ ctx = EVP_CIPHER_CTX_new();
607 -+ if (!ctx)
608 -+ return 0;
609 -+ EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
610 -
611 - /* set expected tag */
612 -- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
613 -+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
614 -
615 - /* decrypt until end of ciphertext */
616 - while (sz) {
617 -@@ -185,7 +189,7 @@ crypto_decrypt_file(FILE * in, FILE * out)
618 - r = fread(ibuf, 1, sz, in);
619 - if (!r)
620 - break;
621 -- if (!EVP_DecryptUpdate(&ctx, obuf, &len, ibuf, r))
622 -+ if (!EVP_DecryptUpdate(ctx, obuf, &len, ibuf, r))
623 - goto end;
624 - if (len && (w = fwrite(obuf, len, 1, out)) != 1)
625 - goto end;
626 -@@ -195,7 +199,7 @@ crypto_decrypt_file(FILE * in, FILE * out)
627 - goto end;
628 -
629 - /* finalize, write last chunk if any and perform authentication check */
630 -- if (!EVP_DecryptFinal_ex(&ctx, obuf, &len))
631 -+ if (!EVP_DecryptFinal_ex(ctx, obuf, &len))
632 - goto end;
633 - if (len && (w = fwrite(obuf, len, 1, out)) != 1)
634 - goto end;
635 -@@ -204,14 +208,14 @@ crypto_decrypt_file(FILE * in, FILE * out)
636 - ret = 1;
637 -
638 - end:
639 -- EVP_CIPHER_CTX_cleanup(&ctx);
640 -+ EVP_CIPHER_CTX_free(ctx);
641 - return ret;
642 - }
643 -
644 - size_t
645 - crypto_encrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
646 - {
647 -- EVP_CIPHER_CTX ctx;
648 -+ EVP_CIPHER_CTX *ctx;
649 - uint8_t iv[IV_SIZE];
650 - uint8_t tag[GCM_TAG_SIZE];
651 - uint8_t version = API_VERSION;
652 -@@ -239,33 +243,35 @@ crypto_encrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
653 - memcpy(out + len, iv, sizeof iv);
654 - len += sizeof iv;
655 -
656 -- EVP_CIPHER_CTX_init(&ctx);
657 -- EVP_EncryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
658 -+ ctx = EVP_CIPHER_CTX_new();
659 -+ if (!ctx)
660 -+ return 0;
661 -+ EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
662 -
663 - /* encrypt buffer */
664 -- if (!EVP_EncryptUpdate(&ctx, out + len, &olen, in, inlen))
665 -+ if (!EVP_EncryptUpdate(ctx, out + len, &olen, in, inlen))
666 - goto end;
667 - len += olen;
668 -
669 - /* finalize and write last chunk if any */
670 -- if (!EVP_EncryptFinal_ex(&ctx, out + len, &olen))
671 -+ if (!EVP_EncryptFinal_ex(ctx, out + len, &olen))
672 - goto end;
673 - len += olen;
674 -
675 - /* get and append tag */
676 -- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
677 -+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, sizeof tag, tag);
678 - memcpy(out + len, tag, sizeof tag);
679 - ret = len + sizeof tag;
680 -
681 - end:
682 -- EVP_CIPHER_CTX_cleanup(&ctx);
683 -+ EVP_CIPHER_CTX_cleanup(ctx);
684 - return ret;
685 - }
686 -
687 - size_t
688 - crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
689 - {
690 -- EVP_CIPHER_CTX ctx;
691 -+ EVP_CIPHER_CTX *ctx;
692 - uint8_t iv[IV_SIZE];
693 - uint8_t tag[GCM_TAG_SIZE];
694 - int olen;
695 -@@ -292,24 +298,26 @@ crypto_decrypt_buffer(const char *in, size_t inlen, char *out, size_t outlen)
696 - inlen -= sizeof iv;
697 - in += sizeof iv;
698 -
699 -- EVP_CIPHER_CTX_init(&ctx);
700 -- EVP_DecryptInit_ex(&ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
701 -+ ctx = EVP_CIPHER_CTX_new();
702 -+ if (!ctx)
703 -+ return 0;
704 -+ EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, cp.key, iv);
705 -
706 - /* set expected tag */
707 -- EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
708 -+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof tag, tag);
709 -
710 - /* decrypt buffer */
711 -- if (!EVP_DecryptUpdate(&ctx, out, &olen, in, inlen))
712 -+ if (!EVP_DecryptUpdate(ctx, out, &olen, in, inlen))
713 - goto end;
714 - len += olen;
715 -
716 - /* finalize, write last chunk if any and perform authentication check */
717 -- if (!EVP_DecryptFinal_ex(&ctx, out + len, &olen))
718 -+ if (!EVP_DecryptFinal_ex(ctx, out + len, &olen))
719 - goto end;
720 - ret = len + olen;
721 -
722 - end:
723 -- EVP_CIPHER_CTX_cleanup(&ctx);
724 -+ EVP_CIPHER_CTX_cleanup(ctx);
725 - return ret;
726 - }
727 -
728 -diff --git a/smtpd/libressl.c b/smtpd/libressl.c
729 -index 57d74389..db78d943 100644
730 ---- a/smtpd/libressl.c
731 -+++ b/smtpd/libressl.c
732 -@@ -94,10 +94,10 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
733 -
734 - ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
735 -
736 -- x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
737 -- ctx->default_passwd_callback_userdata);
738 -+ x = PEM_read_bio_X509_AUX(in, NULL, SSL_CTX_get_default_passwd_cb(ctx),
739 -+ SSL_CTX_get_default_passwd_cb_userdata(ctx));
740 - if (x == NULL) {
741 -- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
742 -+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
743 - goto end;
744 - }
745 -
746 -@@ -115,14 +115,11 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
747 - int r;
748 - unsigned long err;
749 -
750 -- if (ctx->extra_certs != NULL) {
751 -- sk_X509_pop_free(ctx->extra_certs, X509_free);
752 -- ctx->extra_certs = NULL;
753 -- }
754 -+ SSL_CTX_clear_extra_chain_certs(ctx);
755 -
756 - while ((ca = PEM_read_bio_X509(in, NULL,
757 -- ctx->default_passwd_callback,
758 -- ctx->default_passwd_callback_userdata)) != NULL) {
759 -+ SSL_CTX_get_default_passwd_cb(ctx),
760 -+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) {
761 - r = SSL_CTX_add_extra_chain_cert(ctx, ca);
762 - if (!r) {
763 - X509_free(ca);
764 -@@ -160,7 +157,7 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
765 -
766 - in = BIO_new_mem_buf(buf, len);
767 - if (in == NULL) {
768 -- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
769 -+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
770 - goto end;
771 - }
772 -
773 -diff --git a/smtpd/ssl.c b/smtpd/ssl.c
774 -index b88360eb..0c93d87e 100644
775 ---- a/smtpd/ssl.c
776 -+++ b/smtpd/ssl.c
777 -@@ -425,7 +425,7 @@ ssl_ctx_fake_private_key(SSL_CTX *ctx, const void *data, size_t datalen,
778 - */
779 - ret = SSL_CTX_use_PrivateKey(ctx, pkey);
780 - if (!ret)
781 -- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SSL_LIB);
782 -+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_SYS_LIB);
783 -
784 - if (pkeyptr != NULL)
785 - *pkeyptr = pkey;
786 -diff --git a/smtpd/ssl.h b/smtpd/ssl.h
787 -index 90f018d0..553120d4 100644
788 ---- a/smtpd/ssl.h
789 -+++ b/smtpd/ssl.h
790 -@@ -73,3 +73,17 @@ void SSL_CTX_set_ecdh_auto(SSL_CTX *, int);
791 - void SSL_CTX_set_dh_auto(SSL_CTX *, int);
792 - #endif
793 - int SSL_CTX_use_certificate_chain_mem(SSL_CTX *, void *, int);
794 -+
795 -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
796 -+
797 -+static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
798 -+{
799 -+ return ctx->default_passwd_callback;
800 -+}
801 -+
802 -+static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
803 -+{
804 -+ return ctx->default_passwd_callback_userdata;
805 -+}
806 -+
807 -+#endif
808
809 diff --git a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch b/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch
810 deleted file mode 100644
811 index b22f3af1fbe..00000000000
812 --- a/mail-mta/opensmtpd/files/opensmtpd-6.0.3_p1-security-fixes.patch
813 +++ /dev/null
814 @@ -1,123 +0,0 @@
815 -diff -ru OpenSMTPD-opensmtpd-6.0.3/smtpd/mta_session.c OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/mta_session.c
816 ---- OpenSMTPD-opensmtpd-6.0.3/smtpd/mta_session.c 2018-01-04 23:24:01.000000000 +0100
817 -+++ OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/mta_session.c 2020-01-29 09:47:24.607457717 +0100
818 -@@ -1290,40 +1290,20 @@
819 - break;
820 -
821 - case IO_ERROR:
822 -+ case IO_TLSERROR:
823 - log_debug("debug: mta: %p: IO error: %s", s, io_error(io));
824 -- if (!s->ready) {
825 -- mta_error(s, "IO Error: %s", io_error(io));
826 -- mta_connect(s);
827 -- break;
828 -- }
829 -- else if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
830 -- /* error in non-strict SSL negotiation, downgrade to plain */
831 -- if (s->flags & MTA_TLS) {
832 -- log_info("smtp-out: Error on session %016"PRIx64
833 -- ": opportunistic TLS failed, "
834 -- "downgrading to plain", s->id);
835 -- s->flags &= ~MTA_TLS;
836 -- s->flags |= MTA_DOWNGRADE_PLAIN;
837 -- mta_connect(s);
838 -- break;
839 -- }
840 -- }
841 -- mta_error(s, "IO Error: %s", io_error(io));
842 -- mta_free(s);
843 -- break;
844 -
845 -- case IO_TLSERROR:
846 -- log_debug("debug: mta: %p: TLS IO error: %s", s, io_error(io));
847 -- if (!(s->flags & (MTA_FORCE_TLS|MTA_FORCE_SMTPS|MTA_FORCE_ANYSSL))) {
848 -+ if (s->state == MTA_STARTTLS && s->use_smtp_tls) {
849 - /* error in non-strict SSL negotiation, downgrade to plain */
850 -- log_info("smtp-out: TLS Error on session %016"PRIx64
851 -- ": TLS failed, "
852 -+ log_info("smtp-out: Error on session %016"PRIx64
853 -+ ": opportunistic TLS failed, "
854 - "downgrading to plain", s->id);
855 - s->flags &= ~MTA_TLS;
856 - s->flags |= MTA_DOWNGRADE_PLAIN;
857 - mta_connect(s);
858 - break;
859 - }
860 -+
861 - mta_error(s, "IO Error: %s", io_error(io));
862 - mta_free(s);
863 - break;
864 -diff -ru OpenSMTPD-opensmtpd-6.0.3/smtpd/smtp_session.c OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/smtp_session.c
865 ---- OpenSMTPD-opensmtpd-6.0.3/smtpd/smtp_session.c 2018-01-04 23:24:01.000000000 +0100
866 -+++ OpenSMTPD-opensmtpd-6.0.3-fixed/smtpd/smtp_session.c 2020-01-29 09:47:24.610791335 +0100
867 -@@ -2004,25 +2004,23 @@
868 - memmove(maddr->user, p, strlen(p) + 1);
869 - }
870 -
871 -- if (!valid_localpart(maddr->user) ||
872 -- !valid_domainpart(maddr->domain)) {
873 -- /* accept empty return-path in MAIL FROM, required for bounces */
874 -- if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
875 -- return (1);
876 -+ /* accept empty return-path in MAIL FROM, required for bounces */
877 -+ if (mailfrom && maddr->user[0] == '\0' && maddr->domain[0] == '\0')
878 -+ return (1);
879 -
880 -- /* no user-part, reject */
881 -- if (maddr->user[0] == '\0')
882 -- return (0);
883 --
884 -- /* no domain, local user */
885 -- if (maddr->domain[0] == '\0') {
886 -- (void)strlcpy(maddr->domain, domain,
887 -- sizeof(maddr->domain));
888 -- return (1);
889 -- }
890 -+ /* no or invalid user-part, reject */
891 -+ if (maddr->user[0] == '\0' || !valid_localpart(maddr->user))
892 - return (0);
893 -+
894 -+ /* no domain part, local user */
895 -+ if (maddr->domain[0] == '\0') {
896 -+ (void)strlcpy(maddr->domain, domain,
897 -+ sizeof(maddr->domain));
898 - }
899 -
900 -+ if (!valid_domainpart(maddr->domain))
901 -+ return (0);
902 -+
903 - return (1);
904 - }
905 -
906 -diff -ru opensmtpd-6.0.3p1/smtpd/mta_session.c opensmtpd-6.0.3p1-modified/smtpd/mta_session.c
907 ---- opensmtpd-6.0.3p1/smtpd/mta_session.c 2018-01-10 21:06:40.000000000 +0800
908 -+++ opensmtpd-6.0.3p1-modified/smtpd/mta_session.c 2020-02-25 09:57:04.624147227 +0800
909 -@@ -1214,7 +1214,7 @@
910 - if (cont) {
911 - if (s->replybuf[0] == '\0')
912 - (void)strlcat(s->replybuf, line, sizeof s->replybuf);
913 -- else {
914 -+ else if (len > 4) {
915 - line = line + 4;
916 - if (isdigit((int)*line) && *(line + 1) == '.' &&
917 - isdigit((int)*line+2) && *(line + 3) == '.' &&
918 -@@ -1229,7 +1229,9 @@
919 - /* last line of a reply, check if we're on a continuation to parse out status and ESC.
920 - * if we overflow reply buffer or are not on continuation, log entire last line.
921 - */
922 -- if (s->replybuf[0] != '\0') {
923 -+ if (s->replybuf[0] == '\0')
924 -+ (void)strlcat(s->replybuf, line, sizeof s->replybuf);
925 -+ else if (len > 4) {
926 - p = line + 4;
927 - if (isdigit((int)*p) && *(p + 1) == '.' &&
928 - isdigit((int)*p+2) && *(p + 3) == '.' &&
929 -@@ -1238,8 +1240,6 @@
930 - if (strlcat(s->replybuf, p, sizeof s->replybuf) >= sizeof s->replybuf)
931 - (void)strlcpy(s->replybuf, line, sizeof s->replybuf);
932 - }
933 -- else
934 -- (void)strlcpy(s->replybuf, line, sizeof s->replybuf);
935 -
936 - if (s->state == MTA_QUIT) {
937 - log_info("%016"PRIx64" mta event=closed reason=quit messages=%zu",
938
939 diff --git a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild b/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild
940 deleted file mode 100644
941 index 14d9fa69ea4..00000000000
942 --- a/mail-mta/opensmtpd/opensmtpd-6.0.3_p1-r3.ebuild
943 +++ /dev/null
944 @@ -1,78 +0,0 @@
945 -# Copyright 1999-2020 Gentoo Authors
946 -# Distributed under the terms of the GNU General Public License v2
947 -
948 -EAPI=7
949 -
950 -inherit pam toolchain-funcs systemd
951 -
952 -DESCRIPTION="Lightweight but featured SMTP daemon from OpenBSD"
953 -HOMEPAGE="https://www.opensmtpd.org"
954 -SRC_URI="https://www.opensmtpd.org/archives/${P/_}.tar.gz"
955 -
956 -LICENSE="ISC BSD BSD-1 BSD-2 BSD-4"
957 -SLOT="0"
958 -KEYWORDS="~amd64 ~arm ~arm64 ~x86"
959 -IUSE="libressl pam +mta"
960 -
961 -DEPEND="
962 - acct-user/smtpd
963 - acct-user/smtpq
964 - !libressl? ( dev-libs/openssl:0= )
965 - libressl? ( dev-libs/libressl:0= )
966 - elibc_musl? ( sys-libs/fts-standalone )
967 - sys-libs/zlib
968 - pam? ( sys-libs/pam )
969 - sys-libs/db:=
970 - dev-libs/libevent
971 - app-misc/ca-certificates
972 - net-mail/mailbase
973 - net-libs/libasr
974 - !mail-mta/courier
975 - !mail-mta/esmtp
976 - !mail-mta/exim
977 - !mail-mta/mini-qmail
978 - !mail-mta/msmtp[mta]
979 - !mail-mta/netqmail
980 - !mail-mta/nullmailer
981 - !mail-mta/postfix
982 - !mail-mta/qmail-ldap
983 - !mail-mta/sendmail
984 - !mail-mta/ssmtp[mta]
985 -"
986 -RDEPEND="${DEPEND}"
987 -
988 -S=${WORKDIR}/${P/_}
989 -PATCHES=(
990 - "${FILESDIR}/${P}-fix-crash-on-auth.patch"
991 - "${FILESDIR}/${P}-openssl_1.1.patch"
992 - "${FILESDIR}/${P}-security-fixes.patch"
993 -)
994 -
995 -src_configure() {
996 - tc-export AR
997 - AR="$(which "$AR")" econf \
998 - --with-table-db \
999 - --with-user-smtpd=smtpd \
1000 - --with-user-queue=smtpq \
1001 - --with-group-queue=smtpq \
1002 - --with-path-socket=/run \
1003 - --with-path-CAfile=/etc/ssl/certs/ca-certificates.crt \
1004 - --sysconfdir=/etc/opensmtpd \
1005 - $(use_with pam auth-pam)
1006 -}
1007 -
1008 -src_install() {
1009 - default
1010 - newinitd "${FILESDIR}"/smtpd.initd smtpd
1011 - systemd_dounit "${FILESDIR}"/smtpd.{service,socket}
1012 - use pam && newpamd "${FILESDIR}"/smtpd.pam smtpd
1013 - dosym smtpctl /usr/sbin/makemap
1014 - dosym smtpctl /usr/sbin/newaliases
1015 - if use mta ; then
1016 - dodir /usr/sbin
1017 - dosym smtpctl /usr/sbin/sendmail
1018 - dosym ../sbin/smtpctl /usr/bin/sendmail
1019 - mkdir -p "${ED}"/usr/$(get_libdir) || die
1020 - ln -s --relative "${ED}"/usr/sbin/smtpctl "${ED}"/usr/$(get_libdir)/sendmail || die
1021 - fi
1022 -}
1023
1024 diff --git a/profiles/package.mask b/profiles/package.mask
1025 index d5a4bc79b9e..5ef30fbb59c 100644
1026 --- a/profiles/package.mask
1027 +++ b/profiles/package.mask
1028 @@ -109,14 +109,6 @@ sci-misc/pythoncad
1029 # Last release in 2013, bug #710164, masked for removal in 30 days.
1030 sci-electronics/gresistor
1031
1032 -# Jason A. Donenfeld <zx2c4@g.o> (2020-02-24)
1033 -# Unsupported upstream version, likely has security bugs. Not removed
1034 -# immediately because of backwards incompatible configuration changes
1035 -# with the newer version in the tree.
1036 -#
1037 -# Removal in 14 days. Bug #710754.
1038 -~mail-mta/opensmtpd-6.0.3_p1
1039 -
1040 # Marek Szuba <marecki@g.o> (2020-02-24)
1041 # Deprecated upstream in Q1'2018 in favour of dev-libs/intel-neo and
1042 # while it officially remains the recommended solution for "legacy HW
Report Message
Find on MARC Find on Google Groups