diff options
| author |   Andrej Kacian <ticho@gentoo.org> | 2005-07-10 23:25:28 +0000 |
|---|---|---|
| committer | Andrej Kacian <ticho@gentoo.org> | 2005-07-10 23:25:28 +0000 |
| commit | dc55c68716d69dfae8d7595cd131135fb9466efc (patch) | |
| tree | bcfaeb2de4f508e43a5a041962d8d38917ef82b9 /mail-mta | |
| parent | Marked ppc stable. (diff) | |
| download | gentoo-2-dc55c68716d69dfae8d7595cd131135fb9466efc.tar.gz gentoo-2-dc55c68716d69dfae8d7595cd131135fb9466efc.tar.bz2 gentoo-2-dc55c68716d69dfae8d7595cd131135fb9466efc.zip | |
A bump to fix security bug #97915.
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'mail-mta')
| -rw-r--r-- | mail-mta/courier/ChangeLog | 9 | ||||
| -rw-r--r-- | mail-mta/courier/Manifest | 15 | ||||
| -rw-r--r-- | mail-mta/courier/courier-0.48.1-r1.ebuild | 271 | ||||
| -rw-r--r-- | mail-mta/courier/files/courier-0.48.1-spf-error-handling.patch | 11 | ||||
| -rw-r--r-- | mail-mta/courier/files/digest-courier-0.48.1-r1 | 1 |
5 files changed, 295 insertions, 12 deletions
diff --git a/mail-mta/courier/ChangeLog b/mail-mta/courier/ChangeLog index 3d4e843d1d48..b7045e47c664 100644 --- a/mail-mta/courier/ChangeLog +++ b/mail-mta/courier/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for mail-mta/courier # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/mail-mta/courier/ChangeLog,v 1.57 2005/07/10 21:37:58 ticho Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/courier/ChangeLog,v 1.58 2005/07/10 23:25:28 ticho Exp $ + +*courier-0.48.1-r1 (10 Jul 2005) + + 10 Jul 2005; Andrej Kacian <ticho@gentoo.org> + +files/courier-0.48.1-spf-error-handling.patch, +courier-0.48.1-r1.ebuild: + Bumped 0.48.1 because of security bug #97915 with a patch to fix it. Also + fixed sandbox access violation on subsequent merge. 10 Jul 2005; Andrej Kacian <ticho@gentoo.org> +files/mailer.conf, +courier-0.50.1.ebuild: diff --git a/mail-mta/courier/Manifest b/mail-mta/courier/Manifest index 5f4181f384f6..97d2082a3a00 100644 --- a/mail-mta/courier/Manifest +++ b/mail-mta/courier/Manifest @@ -1,20 +1,20 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - MD5 34312418fdc6c5037592fa0cb0bccf8c courier-0.48.2.20050224.ebuild 10500 MD5 113c9a1725a437cf9aea85f9fa662fda courier-0.49.0.ebuild 10498 MD5 e43ff2b2b410fe1cab3ba04c3bc19dfe courier-0.50.1.ebuild 11199 +MD5 6c0a1aaeac889db90cca0c8f2d1cf2dc courier-0.48.1-r1.ebuild 8952 MD5 8de8434ea05e6a76656ba7f1d08fecb5 courier-0.48.1.ebuild 8510 MD5 9e00ca77d50c701246cbeb7807cbede4 courier-0.50.0.ebuild 10501 MD5 52b9e1c79d37a4168e98834570a20839 courier-0.49.0.20050405.ebuild 10507 -MD5 5d19bb655b2b919a5444ec308fae65fc ChangeLog 20329 +MD5 15cd5afb2d527eef243435d51fb4e3d3 ChangeLog 20619 MD5 b287829e2f9edbcf1ff7bb349055e77e metadata.xml 392 MD5 52f032e570c6f5f9f69b4e4bdfa562a1 files/password.dist 247 MD5 a546a21f960e4f921e71f614f719a2ce files/bofh 23 MD5 80dd58e050ca3d9071ddaf741857cf5a files/digest-courier-0.49.0.20050405 77 +MD5 6f47a6ec3b49ab38118513207c008eac files/digest-courier-0.48.1-r1 68 MD5 098e16e61446aceb242735b1ca70509a files/norewrite.patch 489 MD5 cc4c7fbf5c664bea35e209920137bf7a files/digest-courier-0.48.2.20050224 77 MD5 d8967dea60963b1c0abaccbb2c57ea64 files/apache-sqwebmail.inc 347 +MD5 810650e3b52f7d93e59fd987e235381e files/courier-0.48.1-spf-error-handling.patch 318 MD5 d41d8cd98f00b204e9800998ecf8427e files/locallowercase 0 MD5 6f47a6ec3b49ab38118513207c008eac files/digest-courier-0.48.1 68 MD5 9d17c84c8f8fbd96f3f51f81336a3ef6 files/digest-courier-0.49.0 68 @@ -24,10 +24,3 @@ MD5 9d570961b398a1a8e3724947c7205943 files/courier-init 5182 MD5 e3a4ab031bd750b7ce2c7b85fee83d8e files/set-mime 741 MD5 9bd0825e1ea931d82349ec13d74df657 files/mailer.conf 199 MD5 4eb96413bfbc91629bdf43526716cd1e files/dot_courier 26 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.1 (GNU/Linux) - -iD8DBQFC0ZVIQlM6RnzZP+IRAmSOAJwJ/tl5DDv7FyZI0GWsIxR6dSVuzQCfadhX -d0R7MYthAzZo+Uc+lsLZUZc= -=A1tA ------END PGP SIGNATURE----- diff --git a/mail-mta/courier/courier-0.48.1-r1.ebuild b/mail-mta/courier/courier-0.48.1-r1.ebuild new file mode 100644 index 000000000000..afc236bf2b79 --- /dev/null +++ b/mail-mta/courier/courier-0.48.1-r1.ebuild @@ -0,0 +1,271 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/mail-mta/courier/courier-0.48.1-r1.ebuild,v 1.1 2005/07/10 23:25:28 ticho Exp $ + +inherit eutils + +DESCRIPTION="An MTA designed specifically for maildirs" +[ -z "${PV/?.??/}" ] && SRC_URI="mirror://sourceforge/courier/${P}.tar.bz2" +[ -z "${PV/?.??.?/}" ] && SRC_URI="mirror://sourceforge/courier/${P}.tar.bz2" +[ -z "${SRC_URI}" ] && SRC_URI="http://www.courier-mta.org/beta/courier/${P%%_pre}.tar.bz2" +HOMEPAGE="http://www.courier-mta.org/" +S="${WORKDIR}/${P%%_pre}" + +SLOT="0" +LICENSE="GPL-2" +# not in keywords due to missing dependencies: ~arm ~s390 ~ppc64 +KEYWORDS="x86 alpha amd64 hppa ia64 ~mips ppc sparc" +IUSE="postgres ldap mysql pam nls ipv6 spell fax crypt norewrite mailwrapper" + +PROVIDE="virtual/mta + virtual/mda + virtual/imapd" + +DEPEND="virtual/libc + net-libs/courier-authlib + >=dev-libs/openssl-0.9.6 + >=sys-libs/gdbm-1.8.0 + || ( app-misc/mime-types net-www/apache ) + fax? ( >=media-libs/netpbm-9.12 virtual/ghostscript >=net-dialup/mgetty-1.1.28 ) + pam? ( >=sys-libs/pam-0.75 ) + mysql? ( >=dev-db/mysql-3.23.36 ) + ldap? ( >=net-nds/openldap-1.2.11 ) + postgres? ( >=dev-db/postgresql-7.1.3 ) + spell? ( virtual/aspell-dict ) + !mailwrapper? ( !virtual/mta ) + !virtual/imapd" + +RDEPEND="${DEPEND} + virtual/fam + dev-lang/perl + sys-process/procps" + +PDEPEND="mailwrapper? ( >=net-mail/mailwrapper-0.2 ) + crypt? ( >=app-crypt/gnupg-1.0.4 )" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/${P}-spf-error-handling.patch || die "epatch failed" + use norewrite && epatch ${FILESDIR}/norewrite.patch + use elibc_uclibc && sed -i -e 's:linux-gnu\*:linux-gnu\*\ \|\ linux-uclibc:' config.sub +} + +src_compile() { + local myconf + myconf="`use_with spell ispell` `use_with ipv6` \ + `use_with ldap ldapaliasd` `use_enable ldap maildropldap` \ + `use_enable nls` `use_enable nls unicode ${ENABLE_UNICODE}`" + use ldap && myconf="${myconf} --with-ldapconfig=/etc/courier/maildropldap.conf" + + [ -e /etc/apache/conf/mime.types ] && \ + myconf="${myconf} --enable-mimetypes=/etc/apache/conf/mime.types" + [ -e /etc/apache2/conf/mime.types ] && \ + myconf="${myconf} --enable-mimetypes=/etc/apache2/conf/mime.types" + [ -e /etc/mime.types ] && \ + myconf="${myconf} --enable-mimetypes=/etc/mime.types" + + einfo "Configuring courier: `echo ${myconf} | xargs echo`" + econf \ + --prefix=/usr \ + --disable-root-check \ + --mandir=/usr/share/man \ + --sysconfdir=/etc/courier \ + --libexecdir=/usr/$(get_libdir)/courier \ + --datadir=/usr/share/courier \ + --sharedstatedir=/var/lib/courier/com \ + --localstatedir=/var/lib/courier \ + --with-piddir=/var/run/courier \ + --with-authdaemonvar=/var/lib/courier/authdaemon \ + --with-mailuser=mail \ + --with-mailgroup=mail \ + --with-paranoid-smtpext \ + --with-db=gdbm \ + --disable-autorenamesent \ + --cache-file=${S}/configuring.cache \ + --host=${CHOST} ${myconf} debug=true || die "./configure" + sed -e'/^install-perms-local:/a\ sed -e\"s|^|'${D}'|g\" -i permissions.dat' -i Makefile + emake || die "Compile problem" +} + +etc_courier() { + # Import existing /etc/courier/file if it exists. + # Add option only if it was not already set or even commented out + file="${1}" ; word="`echo \"${2}\" | sed -e\"s|=.*$||\" -e\"s|^.*opt ||\"`" + [ ! -e "${D}/etc/courier/${file}" ] && [ -e "/etc/courier/${file}" ] && \ + cp "/etc/courier/${file}" "${D}/etc/courier/${file}" + grep -q "${word}" "${D}/etc/courier/${file}" || \ + echo "${2}" >> "${D}/etc/courier/${file}" +} + +etc_courier_chg() { + file="${1}" ; key="${2}" ; value="${3}" + grep -q "${key}" "${file}" && einfo "Changing ${file}: ${key} to ${value}" + sed -i -e"/\#\#NAME: ${key}/,+20 s|${key}=.*|${key}=\"${value}\"|g" ${file} +} + +set_maildir() { + local f ; local files=$* + origmaildir='Maildir' + newmaildir='.maildir' + for f in ${files} ; do + grep -q "${origmaildir}" "${f}" && \ + einfo "Changing ${origmaildir} in ${f} to ${newmaildir}" + sed -i -e"/^[^\#]/ s/${origmaildir}/${newmaildir}/g" ${f} + done +} + +src_install() { + local f + dodir /etc/pam.d + + einfo "Setting up maildirs in the account skeleton ..." + diropts -m 755 -o root -g root + dodir /etc/skel + ${S}/maildir/maildirmake ${D}/etc/skel/.maildir + keepdir /etc/skel/.maildir + + diropts -o mail -g mail + dodir /var/lib/courier + dodir /var/run/courier + make install DESTDIR=${D} || die "install" + make install-configure || die "install-configure" + + exeinto /etc/init.d + newexe ${FILESDIR}/courier-init courier + + cd ${D}/etc/courier + insinto /etc/courier + newins ${FILESDIR}/apache-sqwebmail.inc apache-sqwebmail.inc + mv imapd.authpam imap.authpam ; mv pop3d.authpam pop3.authpam + for f in *.authpam ; do mv "${f}" "${D}/etc/pam.d/${f%%.authpam}" ; done + for f in *.dist ; do cp ${f} ${f%%.dist} ; done + [ -e ldapaliasrc ] && chown mail:root ldapaliasrc + set_maildir courierd imapd imapd-ssl pop3d pop3d-ssl sqwebmaild *.dist + + ( [ -e /etc/courier/sizelimit ] && cat /etc/courier/sizelimit || echo 0 ) \ + > ${D}/etc/courier/sizelimit + etc_courier maildroprc "" + etc_courier esmtproutes "" + etc_courier backuprelay "" + etc_courier locallowercase "" + etc_courier bofh "opt BOFHBADMIME=accept" + etc_courier bofh "opt BOFHSPFTRUSTME=1" + etc_courier bofh "opt BOFHSPFHELO=pass,neutral,unknown,none,error,softfail,fail" + etc_courier bofh "opt BOFHSPFHELO=pass,neutral,unknown,none" + etc_courier bofh "opt BOFHSPFFROM=all" + etc_courier bofh "opt BOFHSPFMAILFROM=all" + etc_courier bofh "#opt BOFHSPFHARDERROR=fail" + etc_courier esmtpd "BOFHBADMIME=accept" + etc_courier esmtpd-ssl "BOFHBADMIME=accept" + etc_courier esmtpd-msa "BOFHBADMIME=accept" + etc_courier_chg esmtpd ESMTPDSTART YES + etc_courier_chg esmtpd-msa ESMTPDSTART YES + etc_courier_chg esmtpd-ssl ESMTPDSSLSTART YES + etc_courier_chg imapd IMAPDSTART YES + etc_courier_chg imapd-ssl IMAPDSSLSTART YES + etc_courier_chg pop3d POP3DSTART YES + etc_courier_chg pop3d-ssl POP3DSSLSTART YES + + # Fix for a sandbox violation on subsequential merges + # - ticho@gentoo.org, 2005-07-10 + rm ${D}/usr/sbin/{pop3d,imapd}{,-ssl} + dosym /usr/share/courier/pop3d /usr/sbin/courier-pop3d + dosym /usr/share/courier/pop3d-ssl /usr/sbin/courier-pop3d-ssl + dosym /usr/share/courier/imapd /usr/sbin/courier-imapd + dosym /usr/share/courier/imapd-ssl /usr/sbin/courier-imapd-ssl + + cd ${S} + cp imap/README README.imap + use nls && cp unicode/README README.unicode + dodoc AUTHORS BENCHMARKS COPYING* ChangeLog* INSTALL NEWS README* TODO courier/doc/*.txt + dodoc tcpd/README.couriertls + echo "See /usr/share/courier/htmldoc/index.html for docs in html format" \ + >> ${D}/usr/share/doc/${P}/README.htmldocs + + insinto /usr/$(get_libdir)/courier/courier + insopts -m 755 -o mail -g mail + doins ${S}/courier/webmaild + insinto /etc/courier/webadmin + insopts -m 400 -o mail -g mail + doins ${FILESDIR}/password.dist + + # avoid name collisions in /usr/sbin, make webadmin match + cd ${D}/usr/sbin + for f in imapd imapd-ssl pop3d pop3d-ssl ; do mv ${f} courier-${f} ; done + sed -i -e 's:\$sbindir\/imapd:\$sbindir\/courier-imapd:g' \ + -e 's:\$sbindir\/imapd-ssl:\$sbindir\/courier-imapd-ssl:g' \ + ${D}/usr/share/courier/courierwebadmin/admin-40imap.pl \ + || ewarn "failed to fix webadmin" + sed -i -e 's:\$sbindir\/pop3d:\$sbindir\/courier-pop3d:g' \ + -e 's:\$sbindir\/pop3d-ssl:\$sbindir\/courier-pop3d-ssl:g' \ + ${D}/usr/share/courier/courierwebadmin/admin-45pop3.pl \ + || ewarn "failed to fix webadmin" + + if use mailwrapper ; then + mv ${D}/usr/bin/sendmail ${D}/usr/bin/sendmail.courier + rm ${D}/usr/bin/rmail + insinto /etc/mail + doins ${FILESDIR}/mailer.conf + else + dosym /usr/bin/sendmail /usr/sbin/sendmail + fi +} + +pkg_config() { + mailhost=`hostname` + export mailhost + + domainname=`domainname` + if [ "x$domainname" = "x(none)" ] ; then + domainname=`echo ${mailhost} | sed -e "s/[^\.]*\.\(.*\)/\1/"` + fi + export domainname + + + if [ ${ROOT} = "/" ] ; then + file=${ROOT}/etc/courier/locals + if [ ! -f ${file} ] ; then + echo "localhost" > ${file}; + echo ${domainname} >> ${file}; + fi + file=${ROOT}/etc/courier/esmtpacceptmailfor.dir/${domainname} + if [ ! -f ${file} ] ; then + echo ${domainname} > ${file} + /usr/sbin/makeacceptmailfor + fi + + file=${ROOT}/etc/courier/smtpaccess/${domainname} + if [ ! -f ${file} ] + then + netstat -nr | grep "^[1-9]" | while read network gateway netmask rest + do + i=1 + net="" + TIFS=${IFS} + IFS="." + for o in ${netmask} + do + if [ ${o} == "255" ] + then + [ "_${net}" == "_" ] || net="${net}." + t=`echo ${network} | cut -d " " -f ${i}` + net="${net}${t}" + fi + i=$((${i} + 1)) + done + IFS=${TIFS} + echo "doing configuration - relay control for the network ${net} !" + echo "${net} allow,RELAYCLIENT" >> ${file} + done + /usr/sbin/makesmtpaccess + fi + fi + + echo "creating cert for esmtpd-ssl:" + /usr/sbin/mkesmtpdcert + echo "creating cert for imapd-ssl:" + /usr/sbin/mkpop3dcert + echo "creating cert for pop3d-ssl:" + /usr/sbin/mkimapdcert +} diff --git a/mail-mta/courier/files/courier-0.48.1-spf-error-handling.patch b/mail-mta/courier/files/courier-0.48.1-spf-error-handling.patch new file mode 100644 index 000000000000..9ccaa9b87183 --- /dev/null +++ b/mail-mta/courier/files/courier-0.48.1-spf-error-handling.patch @@ -0,0 +1,11 @@ +--- courier-0.50.0/rfc1035/spf.c 2004-08-24 02:43:30.000000000 +0200 ++++ courier-0.50.1/rfc1035/spf.c 2005-07-03 06:19:39.000000000 +0200 +@@ -771,7 +771,7 @@ + + free(domain_spec); + +- if (rc < 0) ++ if (rc != 0) + { + set_err_msg(info->errmsg_buf, info->errmsg_buf_size, + "IP address lookup failed.\n"); diff --git a/mail-mta/courier/files/digest-courier-0.48.1-r1 b/mail-mta/courier/files/digest-courier-0.48.1-r1 new file mode 100644 index 000000000000..b908dae9b3bd --- /dev/null +++ b/mail-mta/courier/files/digest-courier-0.48.1-r1 @@ -0,0 +1 @@ +MD5 a8bf9c8187344fb63449c0b1abf44eb9 courier-0.48.1.tar.bz2 5875035 |