diff options
author | Fabian Groffen <grobian@gentoo.org> | 2024-01-12 12:56:22 +0100 |
---|---|---|
committer | Fabian Groffen <grobian@gentoo.org> | 2024-01-12 12:56:22 +0100 |
commit | c11d2a7a9507bd2392e0c8c83e6719debbf18ab1 (patch) | |
tree | 3a61239bdb9f99f8bb7091b7fad49ad12026726b /mail-mta | |
parent | profiles/arch: drop obsolete USE=mpx entries (diff) | |
download | gentoo-c11d2a7a9507bd2392e0c8c83e6719debbf18ab1.tar.gz gentoo-c11d2a7a9507bd2392e0c8c83e6719debbf18ab1.tar.bz2 gentoo-c11d2a7a9507bd2392e0c8c83e6719debbf18ab1.zip |
mail-mta/exim: cleanup vulnerable
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Diffstat (limited to 'mail-mta')
-rw-r--r-- | mail-mta/exim/Manifest | 5 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.96-r4.ebuild | 655 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.96.2-r1.ebuild | 656 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.96.2.ebuild | 655 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch | 145 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch | 14 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.95-localscan_dlopen.patch | 221 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch | 265 |
8 files changed, 0 insertions, 2616 deletions
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest index 9553d4d46a0a..d87f52e906c4 100644 --- a/mail-mta/exim/Manifest +++ b/mail-mta/exim/Manifest @@ -1,8 +1,3 @@ -DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db -DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed -DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e DIST exim-4.97.1.tar.xz 1919308 BLAKE2B ea41bf851185c7330e648c7757f2bf0b0aea3133e399630a40d220f5f542e9055e3ed0cd67c9ee5dcede281ccc17919a4ac328abd8f05d4d828e0381f10df0b8 SHA512 eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc -DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74 -DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1 DIST exim-pdf-4.97.1.tar.xz 2139688 BLAKE2B baadbb6ca7b88b11ea88f6b5ce0c96d9d713a1f5b358e4dfb52647ccc2bb1a9a6f74e75341839a8ee7df327f2f5645dbf223e4e5923631b02aa53a777701b436 SHA512 6aa733b1d48b6237f458939ff53e484e702f47a0c10ba781ba101db404d39667bd2ddc876af4f597deda1991e534d5b8b874c549e6a86b5325ebd624a6713183 DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 diff --git a/mail-mta/exim/exim-4.96-r4.ebuild b/mail-mta/exim/exim-4.96-r4.ebuild deleted file mode 100644 index c3bb1a1d477e..000000000000 --- a/mail-mta/exim/exim-4.96-r4.ebuild +++ /dev/null @@ -1,655 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit db-use toolchain-funcs pam systemd - -IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl -dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx -mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux -socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" -REQUIRED_USE=" - arc? ( dkim spf ) - dane? ( ssl !gnutls ) - dmarc? ( dkim spf ) - dkim? ( ssl !gnutls ) - gnutls? ( ssl ) - pkcs11? ( ssl ) - || ( berkdb gdbm tdb ) -" -# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked -# for x86 and amd64 only, due to this, repoman won't allow depending on -# gnutls[dane] for all else. Because we cannot express USE=dane when -# USE=gnutls is in effect only in package.use.mask, the only option we -# have left is to a) ignore the dependency (but that results in bug -# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are -# incorrect, but b) is the only "correct" view from repoman. -# We cannot express a required use for berkdb/gdbm/tdb correctly because -# berkdb and gdbm are both enabled in base profile - -SDIR=$([[ ${PV} == *_rc* ]] && echo /test - [[ ${PV} == *.*.*.* ]] && echo /fixes) -COMM_URI="https://downloads.exim.org/exim4${SDIR}" - -GPV="r0" -DESCRIPTION="A highly configurable, drop-in replacement for sendmail" -SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz - https://dev.gentoo.org/~grobian/distfiles/${P}-gentoo-patches-${GPV}.tar.xz - mirror://gentoo/system_filter.exim.gz - doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" -HOMEPAGE="https://www.exim.org/" - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="x86" - -COMMON_DEPEND=">=sys-apps/sed-4.0.5 - dev-libs/libpcre2:= - tdb? ( sys-libs/tdb:= ) - !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) ) - !tdb? ( !berkdb? ( sys-libs/gdbm:= ) ) - idn? ( net-dns/libidn:= net-dns/libidn2:= ) - perl? ( dev-lang/perl:= ) - pam? ( sys-libs/pam ) - tcpd? ( sys-apps/tcp-wrappers ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[pkcs11?] - dev-libs/libtasn1 - ) - !gnutls? ( - dev-libs/openssl:0= - ) - ) - ldap? ( >=net-nds/openldap-2.0.7:= ) - elibc_glibc? ( - net-libs/libnsl:= - nis? ( - net-libs/libtirpc:= - >=net-libs/libnsl-1:= - ) - ) - mysql? ( dev-db/mysql-connector-c:= ) - postgres? ( dev-db/postgresql:= ) - sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) - redis? ( dev-libs/hiredis:= ) - spf? ( >=mail-filter/libspf2-1.2.5-r1 ) - dmarc? ( mail-filter/opendmarc:= ) - X? ( - x11-libs/libX11 - x11-libs/libXmu - x11-libs/libXt - x11-libs/libXaw - ) - sqlite? ( dev-db/sqlite ) - radius? ( net-dialup/freeradius-client ) - virtual/libcrypt:= - virtual/libiconv - " - # added X check for #57206 -BDEPEND="virtual/pkgconfig" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND} - !mail-mta/courier - !mail-mta/esmtp - !mail-mta/msmtp[mta] - !mail-mta/netqmail - !mail-mta/nullmailer - !mail-mta/postfix - !mail-mta/sendmail - !mail-mta/opensmtpd - !mail-mta/ssmtp[mta] - >=net-mail/mailbase-0.00-r5 - virtual/logger - dcc? ( mail-filter/dcc ) - selinux? ( sec-policy/selinux-exim ) - " - -S=${WORKDIR}/${P//_rc/-RC} - -src_prepare() { - # Legacy patches which need a respin for -p1 - eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch - eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 - eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279 - eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 - eapply "${FILESDIR}"/exim-4.69-r1.27021.patch - eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch - - # Upstream post-release fixes :( - local GPVDIR=${WORKDIR}/${P}-gentoo-patches-${GPV} - eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr - eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr - eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr - eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr - eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr - eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr - - # oddity, they disable berkdb as hack, and then throw an error when - # berkdb isn't enabled - sed -i \ - -e 's/_DB_/_DONTMESS_/' \ - -e 's/define DB void/define DONTMESS void/' \ - src/auths/call_radius.c || die - - # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be - # used, but 1.3 has a CVE and Gentoo (like most downstreams) only - # has 1.4 available - eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch - - if use maildir ; then - eapply "${FILESDIR}"/exim-4.94-maildir.patch - else - eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 - fi - - eapply_user - - # user Exim believes it should be - MAILUSER=mail - MAILGROUP=mail - if use prefix && [[ ${EUID} != 0 ]] ; then - MAILUSER=$(id -un) - MAILGROUP=$(id -gn) - fi -} - -src_configure() { - # general config and paths - - local aliases="${EPREFIX}/etc/mail/aliases" - sed -i \ - -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \ - src/configure.default || die - - sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die - - if use elibc_musl; then - sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die - fi - - local conffile="${EPREFIX}/etc/exim/exim.conf" - sed -e "48i\CFLAGS=${CFLAGS}" \ - -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ - -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \ - -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ - -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ - -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ - src/EDITME > Local/Makefile || die - - # work on Local/Makefile from now on - cd Local - - cat >> Makefile <<- EOC - INFO_DIRECTORY=${EPREFIX}/usr/share/info - PID_FILE_PATH=${EPREFIX}/run/exim.pid - SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim - HAVE_ICONV=yes - WITH_CONTENT_SCAN=yes - EOC - - # configure db implementation, Exim always needs one for its hints - # database, we prefer tdb and gdbm, since bdb is kind of getting - # less and less support - if use tdb ; then - cat >> Makefile <<- EOC - USE_TDB=yes - DBMLIB = -ltdb - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - elif use gdbm ; then - cat >> Makefile <<- EOC - USE_GDBM=yes - DBMLIB = -lgdbm - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - else # must be berkdb via required_use - # use the "native" interfaces to the DBM and CDB libraries, support - # passwd and directory lookups by default - local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" - cat >> Makefile <<- EOC - USE_DB=yes - # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h - CFLAGS += -I$(db_includedir ${DB_VERS}) - DBMLIB = -l$(db_libname ${DB_VERS}) - EOC - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - fi - - # if we use libiconv, now is the time to tell so - if use !elibc_glibc && use !elibc_musl ; then - cat >> Makefile <<- EOC - EXTRALIBS_EXIM=-liconv - EOC - fi - - # support for IPv6 - if use ipv6; then - cat >> Makefile <<- EOC - HAVE_IPV6=YES - EOC - fi - - # support i18n/IDNA - if use idn; then - cat >> Makefile <<- EOC - SUPPORT_I18N=yes - SUPPORT_I18N_2008=yes - EXTRALIBS_EXIM += -lidn -lidn2 - EOC - fi - - # - # mail storage formats - # - - # mailstore is Exim's traditional storage format - cat >> Makefile <<- EOC - SUPPORT_MAILSTORE=yes - EOC - - # mbox - if use mbx; then - cat >> Makefile <<- EOC - SUPPORT_MBX=yes - EOC - fi - - # maildir - if use maildir; then - cat >> Makefile <<- EOC - SUPPORT_MAILDIR=yes - EOC - fi - - # - # lookup methods - # - - # support passwd and directory lookups by default - cat >> Makefile <<- EOC - LOOKUP_CDB=yes - LOOKUP_PASSWD=yes - LOOKUP_DSEARCH=yes - EOC - - if ! use dnsdb; then - # DNSDB lookup is enabled by default - sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die - fi - - if use ldap; then - cat >> Makefile <<- EOC - LOOKUP_LDAP=yes - LDAP_LIB_TYPE=OPENLDAP2 - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap - LOOKUP_LIBS += -lldap -llber - EOC - fi - - if use mysql; then - cat >> Makefile <<- EOC - LOOKUP_MYSQL=yes - LOOKUP_INCLUDE += $(mysql_config --include) - LOOKUP_LIBS += $(mysql_config --libs) - EOC - fi - - if use nis; then - cat >> Makefile <<- EOC - LOOKUP_NIS=yes - LOOKUP_NISPLUS=yes - EOC - if use elibc_glibc ; then - cat >> Makefile <<- EOC - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc - LOOKUP_LIBS += -lnsl - EOC - fi - fi - - if use postgres; then - cat >> Makefile <<- EOC - LOOKUP_PGSQL=yes - LOOKUP_INCLUDE += -I$(pg_config --includedir) - LOOKUP_LIBS += -L$(pg_config --libdir) -lpq - EOC - fi - - if use sqlite; then - cat >> Makefile <<- EOC - LOOKUP_SQLITE=yes - LOOKUP_SQLITE_PC=sqlite3 - EOC - fi - - if use redis; then - cat >> Makefile <<- EOC - LOOKUP_REDIS=yes - LOOKUP_LIBS += -lhiredis - EOC - fi - - # Exim monitor, enabled by default, controlled via X USE-flag, - # disable if not requested, bug #46778 - if use X; then - cp ../exim_monitor/EDITME eximon.conf || die - cat >> Makefile <<- EOC - EXIM_MONITOR=eximon.bin - EOC - fi - - # - # features - # - - # DomainKeys Identified Mail, RFC4871 - if ! use dkim; then - # DKIM is enabled by default - cat >> Makefile <<- EOC - DISABLE_DKIM=yes - EOC - fi - - # Per-Recipient-Data-Response - if ! use prdr; then - # PRDR is enabled by default - cat >> Makefile <<- EOC - DISABLE_PRDR=yes - EOC - fi - - # Transport post-delivery actions - if use !tpda && use !dane; then - # EVENT is enabled by default - cat >> Makefile <<- EOC - DISABLE_EVENT=yes - EOC - fi - - # log to syslog - if use syslog; then - local eximlog="${EPREFIX}/var/log/exim/exim_%s.log" - sed -i \ - -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \ - Makefile || die - cat >> Makefile <<- EOC - LOG_FILE_PATH=syslog - EOC - else - cat >> Makefile <<- EOC - LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log - EOC - fi - - # starttls support (ssl) - if use ssl; then - if use gnutls; then - echo "USE_GNUTLS=yes" >> Makefile - echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \ - >> Makefile - use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile - else - echo "USE_OPENSSL=yes" >> Makefile - echo "USE_OPENSSL_PC=openssl" >> Makefile - fi - else - echo "DISABLE_TLS=yes" >> Makefile - fi - - # TCP wrappers - if use tcpd; then - cat >> Makefile <<- EOC - USE_TCP_WRAPPERS=yes - EXTRALIBS_EXIM += -lwrap - EOC - fi - - # Light Mail Transport Protocol - if use lmtp; then - cat >> Makefile <<- EOC - TRANSPORT_LMTP=yes - EOC - fi - - # embedded Perl - if use perl; then - cat >> Makefile <<- EOC - EXIM_PERL=perl.o - EOC - fi - - # dlfunc - if use dlfunc; then - cat >> Makefile <<- EOC - EXPAND_DLFUNC=yes - HAVE_LOCAL_SCAN=yes - DLOPEN_LOCAL_SCAN=yes - EOC - fi - - # Proxy Protocol - if use proxy; then - cat >> Makefile <<- EOC - SUPPORT_PROXY=yes - EOC - fi - - # SOCKS5 (outbound) proxy support - if use socks5; then - cat >> Makefile <<- EOC - SUPPORT_SOCKS=yes - EOC - fi - - # DANE - if use !dane; then - # DANE is enabled by default - sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die - fi - - # DMARC - if use dmarc; then - cat >> Makefile <<- EOC - SUPPORT_DMARC=yes - EXTRALIBS_EXIM += -lopendmarc - EOC - fi - - # Sender Policy Framework - if use spf; then - cat >> Makefile <<- EOC - SUPPORT_SPF=yes - EXTRALIBS_EXIM += -lspf2 - EOC - fi - - # - # experimental features - # - - # Authenticated Receive Chain - if use arc; then - echo "EXPERIMENTAL_ARC=yes">> Makefile - fi - - # Distributed Checksum Clearinghouse - if use dcc; then - echo "EXPERIMENTAL_DCC=yes">> Makefile - fi - - # Sender Rewriting Scheme - if use srs; then - # this one is the default/supported variant since 4.95, and the - # only variant available since 4.96 - cat >> Makefile <<- EOC - SUPPORT_SRS=yes - EOC - fi - - # Delivery Sender Notifications extra information in fail message - if use dsn; then - cat >> Makefile <<- EOC - EXPERIMENTAL_DSN_INFO=yes - EOC - fi - - # - # authentication (SMTP AUTH) - # - - # standard bits - cat >> Makefile <<- EOC - AUTH_SPA=yes - AUTH_CRAM_MD5=yes - AUTH_PLAINTEXT=yes - EOC - - # Cyrus SASL - if use sasl; then - cat >> Makefile <<- EOC - CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux - AUTH_CYRUS_SASL=yes - AUTH_LIBS += -lsasl2 - EOC - fi - - # Dovecot - if use dovecot-sasl; then - cat >> Makefile <<- EOC - AUTH_DOVECOT=yes - EOC - fi - - # Pluggable Authentication Modules - if use pam; then - cat >> Makefile <<- EOC - SUPPORT_PAM=yes - AUTH_LIBS += -lpam - EOC - fi - - # Radius - if use radius; then - cat >> Makefile <<- EOC - RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf - RADIUS_LIB_TYPE=RADIUSCLIENTNEW - AUTH_LIBS += -lfreeradius-client - EOC - fi -} - -src_compile() { - emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \ - AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' -} - -src_install() { - cd "${S}"/build-exim-gentoo || die - dosbin exim - if use X; then - dosbin eximon.bin - dosbin eximon - fi - fperms 4755 /usr/sbin/exim - - dosym exim /usr/sbin/sendmail - dosym exim /usr/sbin/rsmtp - dosym exim /usr/sbin/rmail - dosym ../sbin/exim /usr/bin/mailq - dosym ../sbin/exim /usr/bin/newaliases - dosym ../sbin/sendmail /usr/lib/sendmail - - for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ - exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ - convert4r3 convert4r4 exipick - do - dosbin $i - done - - dodoc -r "${S}"/doc/. - doman "${S}"/doc/exim.8 - use dsn && dodoc "${S}"/README.DSN - use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf - - # conf files - insinto /etc/exim - newins "${S}"/src/configure.default exim.conf.dist - doins "${WORKDIR}"/system_filter.exim - doins "${FILESDIR}"/auth_conf.sub - - if use pam; then - pamd_mimic system-auth exim auth account - fi - - # headers, #436406 - if use dlfunc ; then - # fixup includes so they actually can be found when including - sed -i \ - -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \ - local_scan.h || die - insinto /usr/include/exim - doins {config,local_scan}.h ../src/{mytypes,store}.h - fi - - insinto /etc/logrotate.d - newins "${FILESDIR}/exim.logrotate" exim - - newinitd "${FILESDIR}"/exim.rc10 exim - newconfd "${FILESDIR}"/exim.confd exim - - systemd_dounit \ - "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} - systemd_newunit \ - "${FILESDIR}"/exim_at.service 'exim@.service' - systemd_newunit \ - "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' - - diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} - keepdir /var/log/${PN} -} - -pkg_postinst() { - if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then - einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter." - einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub" - einfo "for using smtp auth." - einfo "Please create ${EROOT}/etc/exim/exim.conf from" - einfo " ${EROOT}/etc/exim/exim.conf.dist." - fi - if use berkdb && ( use gdbm || use tdb ) ; then - ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!" - fi - if use dmarc ; then - einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" - einfo "you can populate this file with the contents downloaded from" - einfo " https://publicsuffix.org/list/public_suffix_list.dat" - fi - if use dcc ; then - einfo "DCC support is experimental, you can find some limited" - einfo "documentation at the bottom of this prerelease message:" - einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" - fi - if use srs; then - einfo "SRS support using libsrs_alt was dropped in this" - einfo "release of Exim, you are now using the native SRS implementation" - fi - use dsn && einfo "extra information in fail DSN message is experimental" - einfo - elog "Note that this release contains a tainted variable check that" - elog "is likely to break your configuration used with Exim 4.93 and before." - elog "Please check your transports for occurences of \$local_part, and" - elog "use a replacement like \$local_part_data where possible." -} diff --git a/mail-mta/exim/exim-4.96.2-r1.ebuild b/mail-mta/exim/exim-4.96.2-r1.ebuild deleted file mode 100644 index f31266dbaa83..000000000000 --- a/mail-mta/exim/exim-4.96.2-r1.ebuild +++ /dev/null @@ -1,656 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit db-use toolchain-funcs pam systemd - -IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl -dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx -mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux -socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" -REQUIRED_USE=" - arc? ( dkim spf ) - dane? ( ssl !gnutls ) - dmarc? ( dkim spf ) - dkim? ( ssl !gnutls ) - gnutls? ( ssl ) - pkcs11? ( ssl ) - || ( berkdb gdbm tdb ) -" -# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked -# for x86 and amd64 only, due to this, repoman won't allow depending on -# gnutls[dane] for all else. Because we cannot express USE=dane when -# USE=gnutls is in effect only in package.use.mask, the only option we -# have left is to a) ignore the dependency (but that results in bug -# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are -# incorrect, but b) is the only "correct" view from repoman. -# We cannot express a required use for berkdb/gdbm/tdb correctly because -# berkdb and gdbm are both enabled in base profile - -SDIR=$([[ ${PV} == *_rc* ]] && echo /test - [[ ${PV} == *.*.*.* ]] && echo /fixes) -COMM_URI="https://downloads.exim.org/exim4${SDIR}" - -GPV="r0" -DESCRIPTION="A highly configurable, drop-in replacement for sendmail" -SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz - https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz - mirror://gentoo/system_filter.exim.gz - doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" -HOMEPAGE="https://www.exim.org/" - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" - -COMMON_DEPEND=">=sys-apps/sed-4.0.5 - dev-libs/libpcre2:= - tdb? ( sys-libs/tdb:= ) - !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) ) - !tdb? ( !berkdb? ( sys-libs/gdbm:= ) ) - idn? ( net-dns/libidn:= net-dns/libidn2:= ) - perl? ( dev-lang/perl:= ) - pam? ( sys-libs/pam ) - tcpd? ( sys-apps/tcp-wrappers ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[pkcs11?] - dev-libs/libtasn1 - ) - !gnutls? ( - dev-libs/openssl:0= - ) - ) - ldap? ( >=net-nds/openldap-2.0.7:= ) - elibc_glibc? ( - net-libs/libnsl:= - nis? ( - net-libs/libtirpc:= - >=net-libs/libnsl-1:= - ) - ) - mysql? ( dev-db/mysql-connector-c:= ) - postgres? ( dev-db/postgresql:= ) - sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) - redis? ( dev-libs/hiredis:= ) - spf? ( >=mail-filter/libspf2-1.2.5-r1 ) - dmarc? ( mail-filter/opendmarc:= ) - X? ( - x11-libs/libX11 - x11-libs/libXmu - x11-libs/libXt - x11-libs/libXaw - ) - sqlite? ( dev-db/sqlite ) - radius? ( net-dialup/freeradius-client ) - virtual/libcrypt:= - virtual/libiconv - " - # added X check for #57206 -BDEPEND="virtual/pkgconfig" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND} - !mail-mta/courier - !mail-mta/esmtp - !mail-mta/msmtp[mta] - !mail-mta/netqmail - !mail-mta/nullmailer - !mail-mta/postfix - !mail-mta/sendmail - !mail-mta/opensmtpd - !mail-mta/ssmtp[mta] - >=net-mail/mailbase-0.00-r5 - virtual/logger - dcc? ( mail-filter/dcc ) - selinux? ( sec-policy/selinux-exim ) - " - -S=${WORKDIR}/${P//_rc/-RC} - -src_prepare() { - # Legacy patches which need a respin for -p1 - eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch - eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 - eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279 - eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 - eapply "${FILESDIR}"/exim-4.69-r1.27021.patch - eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch - eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063 - - # Upstream post-release fixes :( - local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV} - eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr - eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr - eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr - eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr - eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr - eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr - - # oddity, they disable berkdb as hack, and then throw an error when - # berkdb isn't enabled - sed -i \ - -e 's/_DB_/_DONTMESS_/' \ - -e 's/define DB void/define DONTMESS void/' \ - src/auths/call_radius.c || die - - # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be - # used, but 1.3 has a CVE and Gentoo (like most downstreams) only - # has 1.4 available - eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch - - if use maildir ; then - eapply "${FILESDIR}"/exim-4.94-maildir.patch - else - eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 - fi - - eapply_user - - # user Exim believes it should be - MAILUSER=mail - MAILGROUP=mail - if use prefix && [[ ${EUID} != 0 ]] ; then - MAILUSER=$(id -un) - MAILGROUP=$(id -gn) - fi -} - -src_configure() { - # general config and paths - - local aliases="${EPREFIX}/etc/mail/aliases" - sed -i \ - -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \ - src/configure.default || die - - sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die - - if use elibc_musl; then - sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die - fi - - local conffile="${EPREFIX}/etc/exim/exim.conf" - sed -e "48i\CFLAGS=${CFLAGS}" \ - -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ - -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \ - -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ - -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ - -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ - src/EDITME > Local/Makefile || die - - # work on Local/Makefile from now on - cd Local - - cat >> Makefile <<- EOC - INFO_DIRECTORY=${EPREFIX}/usr/share/info - PID_FILE_PATH=${EPREFIX}/run/exim.pid - SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim - HAVE_ICONV=yes - WITH_CONTENT_SCAN=yes - EOC - - # configure db implementation, Exim always needs one for its hints - # database, we prefer tdb and gdbm, since bdb is kind of getting - # less and less support - if use tdb ; then - cat >> Makefile <<- EOC - USE_TDB=yes - DBMLIB = -ltdb - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - elif use gdbm ; then - cat >> Makefile <<- EOC - USE_GDBM=yes - DBMLIB = -lgdbm - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - else # must be berkdb via required_use - # use the "native" interfaces to the DBM and CDB libraries, support - # passwd and directory lookups by default - local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" - cat >> Makefile <<- EOC - USE_DB=yes - # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h - CFLAGS += -I$(db_includedir ${DB_VERS}) - DBMLIB = -l$(db_libname ${DB_VERS}) - EOC - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - fi - - # if we use libiconv, now is the time to tell so - if use !elibc_glibc && use !elibc_musl ; then - cat >> Makefile <<- EOC - EXTRALIBS_EXIM=-liconv - EOC - fi - - # support for IPv6 - if use ipv6; then - cat >> Makefile <<- EOC - HAVE_IPV6=YES - EOC - fi - - # support i18n/IDNA - if use idn; then - cat >> Makefile <<- EOC - SUPPORT_I18N=yes - SUPPORT_I18N_2008=yes - EXTRALIBS_EXIM += -lidn -lidn2 - EOC - fi - - # - # mail storage formats - # - - # mailstore is Exim's traditional storage format - cat >> Makefile <<- EOC - SUPPORT_MAILSTORE=yes - EOC - - # mbox - if use mbx; then - cat >> Makefile <<- EOC - SUPPORT_MBX=yes - EOC - fi - - # maildir - if use maildir; then - cat >> Makefile <<- EOC - SUPPORT_MAILDIR=yes - EOC - fi - - # - # lookup methods - # - - # support passwd and directory lookups by default - cat >> Makefile <<- EOC - LOOKUP_CDB=yes - LOOKUP_PASSWD=yes - LOOKUP_DSEARCH=yes - EOC - - if ! use dnsdb; then - # DNSDB lookup is enabled by default - sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die - fi - - if use ldap; then - cat >> Makefile <<- EOC - LOOKUP_LDAP=yes - LDAP_LIB_TYPE=OPENLDAP2 - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap - LOOKUP_LIBS += -lldap -llber - EOC - fi - - if use mysql; then - cat >> Makefile <<- EOC - LOOKUP_MYSQL=yes - LOOKUP_INCLUDE += $(mysql_config --include) - LOOKUP_LIBS += $(mysql_config --libs) - EOC - fi - - if use nis; then - cat >> Makefile <<- EOC - LOOKUP_NIS=yes - LOOKUP_NISPLUS=yes - EOC - if use elibc_glibc ; then - cat >> Makefile <<- EOC - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc - LOOKUP_LIBS += -lnsl - EOC - fi - fi - - if use postgres; then - cat >> Makefile <<- EOC - LOOKUP_PGSQL=yes - LOOKUP_INCLUDE += -I$(pg_config --includedir) - LOOKUP_LIBS += -L$(pg_config --libdir) -lpq - EOC - fi - - if use sqlite; then - cat >> Makefile <<- EOC - LOOKUP_SQLITE=yes - LOOKUP_SQLITE_PC=sqlite3 - EOC - fi - - if use redis; then - cat >> Makefile <<- EOC - LOOKUP_REDIS=yes - LOOKUP_LIBS += -lhiredis - EOC - fi - - # Exim monitor, enabled by default, controlled via X USE-flag, - # disable if not requested, bug #46778 - if use X; then - cp ../exim_monitor/EDITME eximon.conf || die - cat >> Makefile <<- EOC - EXIM_MONITOR=eximon.bin - EOC - fi - - # - # features - # - - # DomainKeys Identified Mail, RFC4871 - if ! use dkim; then - # DKIM is enabled by default - cat >> Makefile <<- EOC - DISABLE_DKIM=yes - EOC - fi - - # Per-Recipient-Data-Response - if ! use prdr; then - # PRDR is enabled by default - cat >> Makefile <<- EOC - DISABLE_PRDR=yes - EOC - fi - - # Transport post-delivery actions - if use !tpda && use !dane; then - # EVENT is enabled by default - cat >> Makefile <<- EOC - DISABLE_EVENT=yes - EOC - fi - - # log to syslog - if use syslog; then - local eximlog="${EPREFIX}/var/log/exim/exim_%s.log" - sed -i \ - -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \ - Makefile || die - cat >> Makefile <<- EOC - LOG_FILE_PATH=syslog - EOC - else - cat >> Makefile <<- EOC - LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log - EOC - fi - - # starttls support (ssl) - if use ssl; then - if use gnutls; then - echo "USE_GNUTLS=yes" >> Makefile - echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \ - >> Makefile - use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile - else - echo "USE_OPENSSL=yes" >> Makefile - echo "USE_OPENSSL_PC=openssl" >> Makefile - fi - else - echo "DISABLE_TLS=yes" >> Makefile - fi - - # TCP wrappers - if use tcpd; then - cat >> Makefile <<- EOC - USE_TCP_WRAPPERS=yes - EXTRALIBS_EXIM += -lwrap - EOC - fi - - # Light Mail Transport Protocol - if use lmtp; then - cat >> Makefile <<- EOC - TRANSPORT_LMTP=yes - EOC - fi - - # embedded Perl - if use perl; then - cat >> Makefile <<- EOC - EXIM_PERL=perl.o - EOC - fi - - # dlfunc - if use dlfunc; then - cat >> Makefile <<- EOC - EXPAND_DLFUNC=yes - HAVE_LOCAL_SCAN=yes - DLOPEN_LOCAL_SCAN=yes - EOC - fi - - # Proxy Protocol - if use proxy; then - cat >> Makefile <<- EOC - SUPPORT_PROXY=yes - EOC - fi - - # SOCKS5 (outbound) proxy support - if use socks5; then - cat >> Makefile <<- EOC - SUPPORT_SOCKS=yes - EOC - fi - - # DANE - if use !dane; then - # DANE is enabled by default - sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die - fi - - # DMARC - if use dmarc; then - cat >> Makefile <<- EOC - SUPPORT_DMARC=yes - EXTRALIBS_EXIM += -lopendmarc - EOC - fi - - # Sender Policy Framework - if use spf; then - cat >> Makefile <<- EOC - SUPPORT_SPF=yes - EXTRALIBS_EXIM += -lspf2 - EOC - fi - - # - # experimental features - # - - # Authenticated Receive Chain - if use arc; then - echo "EXPERIMENTAL_ARC=yes">> Makefile - fi - - # Distributed Checksum Clearinghouse - if use dcc; then - echo "EXPERIMENTAL_DCC=yes">> Makefile - fi - - # Sender Rewriting Scheme - if use srs; then - # this one is the default/supported variant since 4.95, and the - # only variant available since 4.96 - cat >> Makefile <<- EOC - SUPPORT_SRS=yes - EOC - fi - - # Delivery Sender Notifications extra information in fail message - if use dsn; then - cat >> Makefile <<- EOC - EXPERIMENTAL_DSN_INFO=yes - EOC - fi - - # - # authentication (SMTP AUTH) - # - - # standard bits - cat >> Makefile <<- EOC - AUTH_SPA=yes - AUTH_CRAM_MD5=yes - AUTH_PLAINTEXT=yes - EOC - - # Cyrus SASL - if use sasl; then - cat >> Makefile <<- EOC - CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux - AUTH_CYRUS_SASL=yes - AUTH_LIBS += -lsasl2 - EOC - fi - - # Dovecot - if use dovecot-sasl; then - cat >> Makefile <<- EOC - AUTH_DOVECOT=yes - EOC - fi - - # Pluggable Authentication Modules - if use pam; then - cat >> Makefile <<- EOC - SUPPORT_PAM=yes - AUTH_LIBS += -lpam - EOC - fi - - # Radius - if use radius; then - cat >> Makefile <<- EOC - RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf - RADIUS_LIB_TYPE=RADIUSCLIENTNEW - AUTH_LIBS += -lfreeradius-client - EOC - fi -} - -src_compile() { - emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \ - AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' -} - -src_install() { - cd "${S}"/build-exim-gentoo || die - dosbin exim - if use X; then - dosbin eximon.bin - dosbin eximon - fi - fperms 4755 /usr/sbin/exim - - dosym exim /usr/sbin/sendmail - dosym exim /usr/sbin/rsmtp - dosym exim /usr/sbin/rmail - dosym ../sbin/exim /usr/bin/mailq - dosym ../sbin/exim /usr/bin/newaliases - dosym ../sbin/sendmail /usr/lib/sendmail - - for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ - exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ - convert4r3 convert4r4 exipick - do - dosbin $i - done - - dodoc -r "${S}"/doc/. - doman "${S}"/doc/exim.8 - use dsn && dodoc "${S}"/README.DSN - use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf - - # conf files - insinto /etc/exim - newins "${S}"/src/configure.default exim.conf.dist - doins "${WORKDIR}"/system_filter.exim - doins "${FILESDIR}"/auth_conf.sub - - if use pam; then - pamd_mimic system-auth exim auth account - fi - - # headers, #436406 - if use dlfunc ; then - # fixup includes so they actually can be found when including - sed -i \ - -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \ - local_scan.h || die - insinto /usr/include/exim - doins {config,local_scan}.h ../src/{mytypes,store}.h - fi - - insinto /etc/logrotate.d - newins "${FILESDIR}/exim.logrotate" exim - - newinitd "${FILESDIR}"/exim.rc10 exim - newconfd "${FILESDIR}"/exim.confd exim - - systemd_dounit \ - "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} - systemd_newunit \ - "${FILESDIR}"/exim_at.service 'exim@.service' - systemd_newunit \ - "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' - - diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} - keepdir /var/log/${PN} -} - -pkg_postinst() { - if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then - einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter." - einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub" - einfo "for using smtp auth." - einfo "Please create ${EROOT}/etc/exim/exim.conf from" - einfo " ${EROOT}/etc/exim/exim.conf.dist." - fi - if use berkdb && ( use gdbm || use tdb ) ; then - ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!" - fi - if use dmarc ; then - einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" - einfo "you can populate this file with the contents downloaded from" - einfo " https://publicsuffix.org/list/public_suffix_list.dat" - fi - if use dcc ; then - einfo "DCC support is experimental, you can find some limited" - einfo "documentation at the bottom of this prerelease message:" - einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" - fi - if use srs; then - einfo "SRS support using libsrs_alt was dropped in this" - einfo "release of Exim, you are now using the native SRS implementation" - fi - use dsn && einfo "extra information in fail DSN message is experimental" - einfo - elog "Note that this release contains a tainted variable check that" - elog "is likely to break your configuration used with Exim 4.93 and before." - elog "Please check your transports for occurences of \$local_part, and" - elog "use a replacement like \$local_part_data where possible." -} diff --git a/mail-mta/exim/exim-4.96.2.ebuild b/mail-mta/exim/exim-4.96.2.ebuild deleted file mode 100644 index 1a6f85e5b4ec..000000000000 --- a/mail-mta/exim/exim-4.96.2.ebuild +++ /dev/null @@ -1,655 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit db-use toolchain-funcs pam systemd - -IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl -dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx -mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux -socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" -REQUIRED_USE=" - arc? ( dkim spf ) - dane? ( ssl !gnutls ) - dmarc? ( dkim spf ) - dkim? ( ssl !gnutls ) - gnutls? ( ssl ) - pkcs11? ( ssl ) - || ( berkdb gdbm tdb ) -" -# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked -# for x86 and amd64 only, due to this, repoman won't allow depending on -# gnutls[dane] for all else. Because we cannot express USE=dane when -# USE=gnutls is in effect only in package.use.mask, the only option we -# have left is to a) ignore the dependency (but that results in bug -# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are -# incorrect, but b) is the only "correct" view from repoman. -# We cannot express a required use for berkdb/gdbm/tdb correctly because -# berkdb and gdbm are both enabled in base profile - -SDIR=$([[ ${PV} == *_rc* ]] && echo /test - [[ ${PV} == *.*.*.* ]] && echo /fixes) -COMM_URI="https://downloads.exim.org/exim4${SDIR}" - -GPV="r0" -DESCRIPTION="A highly configurable, drop-in replacement for sendmail" -SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz - https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz - mirror://gentoo/system_filter.exim.gz - doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" -HOMEPAGE="https://www.exim.org/" - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 sparc ~x86" - -COMMON_DEPEND=">=sys-apps/sed-4.0.5 - dev-libs/libpcre2:= - tdb? ( sys-libs/tdb:= ) - !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) ) - !tdb? ( !berkdb? ( sys-libs/gdbm:= ) ) - idn? ( net-dns/libidn:= net-dns/libidn2:= ) - perl? ( dev-lang/perl:= ) - pam? ( sys-libs/pam ) - tcpd? ( sys-apps/tcp-wrappers ) - ssl? ( - gnutls? ( - net-libs/gnutls:0=[pkcs11?] - dev-libs/libtasn1 - ) - !gnutls? ( - dev-libs/openssl:0= - ) - ) - ldap? ( >=net-nds/openldap-2.0.7:= ) - elibc_glibc? ( - net-libs/libnsl:= - nis? ( - net-libs/libtirpc:= - >=net-libs/libnsl-1:= - ) - ) - mysql? ( dev-db/mysql-connector-c:= ) - postgres? ( dev-db/postgresql:= ) - sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) - redis? ( dev-libs/hiredis:= ) - spf? ( >=mail-filter/libspf2-1.2.5-r1 ) - dmarc? ( mail-filter/opendmarc:= ) - X? ( - x11-libs/libX11 - x11-libs/libXmu - x11-libs/libXt - x11-libs/libXaw - ) - sqlite? ( dev-db/sqlite ) - radius? ( net-dialup/freeradius-client ) - virtual/libcrypt:= - virtual/libiconv - " - # added X check for #57206 -BDEPEND="virtual/pkgconfig" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND} - !mail-mta/courier - !mail-mta/esmtp - !mail-mta/msmtp[mta] - !mail-mta/netqmail - !mail-mta/nullmailer - !mail-mta/postfix - !mail-mta/sendmail - !mail-mta/opensmtpd - !mail-mta/ssmtp[mta] - >=net-mail/mailbase-0.00-r5 - virtual/logger - dcc? ( mail-filter/dcc ) - selinux? ( sec-policy/selinux-exim ) - " - -S=${WORKDIR}/${P//_rc/-RC} - -src_prepare() { - # Legacy patches which need a respin for -p1 - eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch - eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 - eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279 - eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 - eapply "${FILESDIR}"/exim-4.69-r1.27021.patch - eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch - - # Upstream post-release fixes :( - local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV} - eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr - eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr - eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr - eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr - eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr - eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr - eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr - eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr - - # oddity, they disable berkdb as hack, and then throw an error when - # berkdb isn't enabled - sed -i \ - -e 's/_DB_/_DONTMESS_/' \ - -e 's/define DB void/define DONTMESS void/' \ - src/auths/call_radius.c || die - - # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be - # used, but 1.3 has a CVE and Gentoo (like most downstreams) only - # has 1.4 available - eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch - - if use maildir ; then - eapply "${FILESDIR}"/exim-4.94-maildir.patch - else - eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 - fi - - eapply_user - - # user Exim believes it should be - MAILUSER=mail - MAILGROUP=mail - if use prefix && [[ ${EUID} != 0 ]] ; then - MAILUSER=$(id -un) - MAILGROUP=$(id -gn) - fi -} - -src_configure() { - # general config and paths - - local aliases="${EPREFIX}/etc/mail/aliases" - sed -i \ - -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \ - src/configure.default || die - - sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die - - if use elibc_musl; then - sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die - fi - - local conffile="${EPREFIX}/etc/exim/exim.conf" - sed -e "48i\CFLAGS=${CFLAGS}" \ - -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ - -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \ - -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ - -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ - -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ - src/EDITME > Local/Makefile || die - - # work on Local/Makefile from now on - cd Local - - cat >> Makefile <<- EOC - INFO_DIRECTORY=${EPREFIX}/usr/share/info - PID_FILE_PATH=${EPREFIX}/run/exim.pid - SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim - HAVE_ICONV=yes - WITH_CONTENT_SCAN=yes - EOC - - # configure db implementation, Exim always needs one for its hints - # database, we prefer tdb and gdbm, since bdb is kind of getting - # less and less support - if use tdb ; then - cat >> Makefile <<- EOC - USE_TDB=yes - DBMLIB = -ltdb - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - elif use gdbm ; then - cat >> Makefile <<- EOC - USE_GDBM=yes - DBMLIB = -lgdbm - EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - else # must be berkdb via required_use - # use the "native" interfaces to the DBM and CDB libraries, support - # passwd and directory lookups by default - local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" - cat >> Makefile <<- EOC - USE_DB=yes - # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h - CFLAGS += -I$(db_includedir ${DB_VERS}) - DBMLIB = -l$(db_libname ${DB_VERS}) - EOC - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die - fi - - # if we use libiconv, now is the time to tell so - if use !elibc_glibc && use !elibc_musl ; then - cat >> Makefile <<- EOC - EXTRALIBS_EXIM=-liconv - EOC - fi - - # support for IPv6 - if use ipv6; then - cat >> Makefile <<- EOC - HAVE_IPV6=YES - EOC - fi - - # support i18n/IDNA - if use idn; then - cat >> Makefile <<- EOC - SUPPORT_I18N=yes - SUPPORT_I18N_2008=yes - EXTRALIBS_EXIM += -lidn -lidn2 - EOC - fi - - # - # mail storage formats - # - - # mailstore is Exim's traditional storage format - cat >> Makefile <<- EOC - SUPPORT_MAILSTORE=yes - EOC - - # mbox - if use mbx; then - cat >> Makefile <<- EOC - SUPPORT_MBX=yes - EOC - fi - - # maildir - if use maildir; then - cat >> Makefile <<- EOC - SUPPORT_MAILDIR=yes - EOC - fi - - # - # lookup methods - # - - # support passwd and directory lookups by default - cat >> Makefile <<- EOC - LOOKUP_CDB=yes - LOOKUP_PASSWD=yes - LOOKUP_DSEARCH=yes - EOC - - if ! use dnsdb; then - # DNSDB lookup is enabled by default - sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die - fi - - if use ldap; then - cat >> Makefile <<- EOC - LOOKUP_LDAP=yes - LDAP_LIB_TYPE=OPENLDAP2 - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap - LOOKUP_LIBS += -lldap -llber - EOC - fi - - if use mysql; then - cat >> Makefile <<- EOC - LOOKUP_MYSQL=yes - LOOKUP_INCLUDE += $(mysql_config --include) - LOOKUP_LIBS += $(mysql_config --libs) - EOC - fi - - if use nis; then - cat >> Makefile <<- EOC - LOOKUP_NIS=yes - LOOKUP_NISPLUS=yes - EOC - if use elibc_glibc ; then - cat >> Makefile <<- EOC - LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc - LOOKUP_LIBS += -lnsl - EOC - fi - fi - - if use postgres; then - cat >> Makefile <<- EOC - LOOKUP_PGSQL=yes - LOOKUP_INCLUDE += -I$(pg_config --includedir) - LOOKUP_LIBS += -L$(pg_config --libdir) -lpq - EOC - fi - - if use sqlite; then - cat >> Makefile <<- EOC - LOOKUP_SQLITE=yes - LOOKUP_SQLITE_PC=sqlite3 - EOC - fi - - if use redis; then - cat >> Makefile <<- EOC - LOOKUP_REDIS=yes - LOOKUP_LIBS += -lhiredis - EOC - fi - - # Exim monitor, enabled by default, controlled via X USE-flag, - # disable if not requested, bug #46778 - if use X; then - cp ../exim_monitor/EDITME eximon.conf || die - cat >> Makefile <<- EOC - EXIM_MONITOR=eximon.bin - EOC - fi - - # - # features - # - - # DomainKeys Identified Mail, RFC4871 - if ! use dkim; then - # DKIM is enabled by default - cat >> Makefile <<- EOC - DISABLE_DKIM=yes - EOC - fi - - # Per-Recipient-Data-Response - if ! use prdr; then - # PRDR is enabled by default - cat >> Makefile <<- EOC - DISABLE_PRDR=yes - EOC - fi - - # Transport post-delivery actions - if use !tpda && use !dane; then - # EVENT is enabled by default - cat >> Makefile <<- EOC - DISABLE_EVENT=yes - EOC - fi - - # log to syslog - if use syslog; then - local eximlog="${EPREFIX}/var/log/exim/exim_%s.log" - sed -i \ - -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \ - Makefile || die - cat >> Makefile <<- EOC - LOG_FILE_PATH=syslog - EOC - else - cat >> Makefile <<- EOC - LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log - EOC - fi - - # starttls support (ssl) - if use ssl; then - if use gnutls; then - echo "USE_GNUTLS=yes" >> Makefile - echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \ - >> Makefile - use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile - else - echo "USE_OPENSSL=yes" >> Makefile - echo "USE_OPENSSL_PC=openssl" >> Makefile - fi - else - echo "DISABLE_TLS=yes" >> Makefile - fi - - # TCP wrappers - if use tcpd; then - cat >> Makefile <<- EOC - USE_TCP_WRAPPERS=yes - EXTRALIBS_EXIM += -lwrap - EOC - fi - - # Light Mail Transport Protocol - if use lmtp; then - cat >> Makefile <<- EOC - TRANSPORT_LMTP=yes - EOC - fi - - # embedded Perl - if use perl; then - cat >> Makefile <<- EOC - EXIM_PERL=perl.o - EOC - fi - - # dlfunc - if use dlfunc; then - cat >> Makefile <<- EOC - EXPAND_DLFUNC=yes - HAVE_LOCAL_SCAN=yes - DLOPEN_LOCAL_SCAN=yes - EOC - fi - - # Proxy Protocol - if use proxy; then - cat >> Makefile <<- EOC - SUPPORT_PROXY=yes - EOC - fi - - # SOCKS5 (outbound) proxy support - if use socks5; then - cat >> Makefile <<- EOC - SUPPORT_SOCKS=yes - EOC - fi - - # DANE - if use !dane; then - # DANE is enabled by default - sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die - fi - - # DMARC - if use dmarc; then - cat >> Makefile <<- EOC - SUPPORT_DMARC=yes - EXTRALIBS_EXIM += -lopendmarc - EOC - fi - - # Sender Policy Framework - if use spf; then - cat >> Makefile <<- EOC - SUPPORT_SPF=yes - EXTRALIBS_EXIM += -lspf2 - EOC - fi - - # - # experimental features - # - - # Authenticated Receive Chain - if use arc; then - echo "EXPERIMENTAL_ARC=yes">> Makefile - fi - - # Distributed Checksum Clearinghouse - if use dcc; then - echo "EXPERIMENTAL_DCC=yes">> Makefile - fi - - # Sender Rewriting Scheme - if use srs; then - # this one is the default/supported variant since 4.95, and the - # only variant available since 4.96 - cat >> Makefile <<- EOC - SUPPORT_SRS=yes - EOC - fi - - # Delivery Sender Notifications extra information in fail message - if use dsn; then - cat >> Makefile <<- EOC - EXPERIMENTAL_DSN_INFO=yes - EOC - fi - - # - # authentication (SMTP AUTH) - # - - # standard bits - cat >> Makefile <<- EOC - AUTH_SPA=yes - AUTH_CRAM_MD5=yes - AUTH_PLAINTEXT=yes - EOC - - # Cyrus SASL - if use sasl; then - cat >> Makefile <<- EOC - CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux - AUTH_CYRUS_SASL=yes - AUTH_LIBS += -lsasl2 - EOC - fi - - # Dovecot - if use dovecot-sasl; then - cat >> Makefile <<- EOC - AUTH_DOVECOT=yes - EOC - fi - - # Pluggable Authentication Modules - if use pam; then - cat >> Makefile <<- EOC - SUPPORT_PAM=yes - AUTH_LIBS += -lpam - EOC - fi - - # Radius - if use radius; then - cat >> Makefile <<- EOC - RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf - RADIUS_LIB_TYPE=RADIUSCLIENTNEW - AUTH_LIBS += -lfreeradius-client - EOC - fi -} - -src_compile() { - emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \ - AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' -} - -src_install() { - cd "${S}"/build-exim-gentoo || die - dosbin exim - if use X; then - dosbin eximon.bin - dosbin eximon - fi - fperms 4755 /usr/sbin/exim - - dosym exim /usr/sbin/sendmail - dosym exim /usr/sbin/rsmtp - dosym exim /usr/sbin/rmail - dosym ../sbin/exim /usr/bin/mailq - dosym ../sbin/exim /usr/bin/newaliases - dosym ../sbin/sendmail /usr/lib/sendmail - - for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ - exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ - convert4r3 convert4r4 exipick - do - dosbin $i - done - - dodoc -r "${S}"/doc/. - doman "${S}"/doc/exim.8 - use dsn && dodoc "${S}"/README.DSN - use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf - - # conf files - insinto /etc/exim - newins "${S}"/src/configure.default exim.conf.dist - doins "${WORKDIR}"/system_filter.exim - doins "${FILESDIR}"/auth_conf.sub - - if use pam; then - pamd_mimic system-auth exim auth account - fi - - # headers, #436406 - if use dlfunc ; then - # fixup includes so they actually can be found when including - sed -i \ - -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \ - local_scan.h || die - insinto /usr/include/exim - doins {config,local_scan}.h ../src/{mytypes,store}.h - fi - - insinto /etc/logrotate.d - newins "${FILESDIR}/exim.logrotate" exim - - newinitd "${FILESDIR}"/exim.rc10 exim - newconfd "${FILESDIR}"/exim.confd exim - - systemd_dounit \ - "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} - systemd_newunit \ - "${FILESDIR}"/exim_at.service 'exim@.service' - systemd_newunit \ - "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' - - diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} - keepdir /var/log/${PN} -} - -pkg_postinst() { - if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then - einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter." - einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub" - einfo "for using smtp auth." - einfo "Please create ${EROOT}/etc/exim/exim.conf from" - einfo " ${EROOT}/etc/exim/exim.conf.dist." - fi - if use berkdb && ( use gdbm || use tdb ) ; then - ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!" - fi - if use dmarc ; then - einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" - einfo "you can populate this file with the contents downloaded from" - einfo " https://publicsuffix.org/list/public_suffix_list.dat" - fi - if use dcc ; then - einfo "DCC support is experimental, you can find some limited" - einfo "documentation at the bottom of this prerelease message:" - einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" - fi - if use srs; then - einfo "SRS support using libsrs_alt was dropped in this" - einfo "release of Exim, you are now using the native SRS implementation" - fi - use dsn && einfo "extra information in fail DSN message is experimental" - einfo - elog "Note that this release contains a tainted variable check that" - elog "is likely to break your configuration used with Exim 4.93 and before." - elog "Please check your transports for occurences of \$local_part, and" - elog "use a replacement like \$local_part_data where possible." -} diff --git a/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch b/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch deleted file mode 100644 index 3b3ea4628174..000000000000 --- a/mail-mta/exim/files/exim-4.93-as-needed-ldflags.patch +++ /dev/null @@ -1,145 +0,0 @@ -https://bugs.gentoo.org/show_bug.cgi?id=352265 - -Make sure LDFLAGS comes first, such that all libraries are considered, -and not discarded when --as-needed is in effect. - -https://bugs.gentoo.org/show_bug.cgi?id=391279 - -Use LDFLAGS for all targets, not just the exim binary, such that ---as-needed works as well. - - ---- a/OS/Makefile-Base -+++ b/OS/Makefile-Base -@@ -496,12 +496,12 @@ - buildrouters buildtransports \ - $(OBJ_EXIM) version.o - @echo "$(LNCC) -o exim" -- $(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \ -+ $(FE)$(PURIFY) $(LNCC) -o exim $(LDFLAGS) $(OBJ_EXIM) version.o \ - routers/routers.a transports/transports.a lookups/lookups.a \ - auths/auths.a pdkim/pdkim.a \ - $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \ - $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \ -- $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS) -+ $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LFLAGS) - @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ - echo $(STRIP_COMMAND) exim; \ - $(STRIP_COMMAND) exim; \ -@@ -517,8 +517,8 @@ - - exim_dumpdb: $(OBJ_DUMPDB) - @echo "$(LNCC) -o exim_dumpdb" -- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \ -- $(LIBS) $(EXTRALIBS) $(DBMLIB) -+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LDFLAGS) $(OBJ_DUMPDB) \ -+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS) - @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ - echo $(STRIP_COMMAND) exim_dumpdb; \ - $(STRIP_COMMAND) exim_dumpdb; \ -@@ -532,8 +532,8 @@ - - exim_fixdb: $(OBJ_FIXDB) - @echo "$(LNCC) -o exim_fixdb" -- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \ -- $(LIBS) $(EXTRALIBS) $(DBMLIB) -+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LDFLAGS) $(OBJ_FIXDB) \ -+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS) - @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ - echo $(STRIP_COMMAND) exim_fixdb; \ - $(STRIP_COMMAND) exim_fixdb; \ -@@ -547,8 +547,8 @@ - - exim_tidydb: $(OBJ_TIDYDB) - @echo "$(LNCC) -o exim_tidydb" -- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \ -- $(LIBS) $(EXTRALIBS) $(DBMLIB) -+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LDFLAGS) $(OBJ_TIDYDB) \ -+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS) - @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ - echo $(STRIP_COMMAND) exim_tidydb; \ - $(STRIP_COMMAND) exim_tidydb; \ -@@ -560,8 +560,8 @@ - - exim_dbmbuild: exim_dbmbuild.o - @echo "$(LNCC) -o exim_dbmbuild" -- $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \ -- $(LIBS) $(EXTRALIBS) $(DBMLIB) -+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LDFLAGS) exim_dbmbuild.o \ -+ $(LIBS) $(EXTRALIBS) $(DBMLIB) $(LFLAGS) - @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ - echo $(STRIP_COMMAND) exim_dbmbuild; \ - $(STRIP_COMMAND) exim_dbmbuild; \ -@@ -575,8 +575,8 @@ - @echo "$(CC) exim_lock.c" - $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c - @echo "$(LNCC) -o exim_lock" -- $(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o \ -- $(LIBS) $(EXTRALIBS) -+ $(FE)$(LNCC) -o exim_lock $(LDFLAGS) exim_lock.o \ -+ $(LIBS) $(EXTRALIBS) $(LFLAGS) - @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ - echo $(STRIP_COMMAND) exim_lock; \ - $(STRIP_COMMAND) exim_lock; \ -@@ -612,9 +612,9 @@ - $(FE)$(CC) -o em_version.o -c \ - $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c - @echo "$(LNCC) -o eximon.bin" -- $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \ -+ $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LDFLAGS) $(XLFLAGS) \ - $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \ -- $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc -+ $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc $(LFLAGS) - @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ - echo $(STRIP_COMMAND) eximon.bin; \ - $(STRIP_COMMAND) eximon.bin; \ -@@ -947,9 +947,9 @@ - string.o tod.o version.o utf8.o - $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c - $(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c -- $(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \ -+ $(LNCC) -o test_dbfn $(LDFLAGS) dbfn.o \ - dummies.o sa-globals.o sa-os.o store.o string.o \ -- tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS) -+ tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LFLAGS) - rm -f dbfn.o store.o - - test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \ -@@ -958,29 +958,29 @@ - $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c - $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c - $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c -- $(LNCC) -o test_host $(LFLAGS) \ -+ $(LNCC) -o test_host $(LDFLAGS) \ - host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \ -- tod.o tree.o $(LIBS) $(LIBRESOLV) -+ tod.o tree.o $(LIBS) $(LIBRESOLV) $(LFLAGS) - rm -f child.o dummies.o host.o dns.o - - test_os: os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o - $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c -- $(LNCC) -o test_os $(LFLAGS) os.o dummies.o \ -- sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS) -+ $(LNCC) -o test_os $(LDFLAGS) os.o dummies.o \ -+ sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LFLAGS) - rm -f os.o - - test_parse: config.h parse.c dummies.o sa-globals.o \ - store.o string.o tod.o version.o utf8.o - $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c -- $(LNCC) -o test_parse $(LFLAGS) parse.o \ -+ $(LNCC) -o test_parse $(LDFLAGS) parse.o \ - dummies.o sa-globals.o store.o string.o tod.o version.o \ -- utf8.o $(LDFLAGS) -+ utf8.o $(LFLAGS) - rm -f parse.o - - test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o - $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c -- $(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \ -- dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS) -+ $(LNCC) -o test_string $(LDFLAGS) -DSTAND_ALONE string.o \ -+ dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LFLAGS) - rm -f string.o - - # End diff --git a/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch b/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch deleted file mode 100644 index d37c320d1592..000000000000 --- a/mail-mta/exim/files/exim-4.94-opendmarc-1.4.patch +++ /dev/null @@ -1,14 +0,0 @@ -https://bugs.exim.org/show_bug.cgi?id=2728 - - ---- a/src/dmarc.c -+++ b/src/dmarc.c -@@ -446,7 +446,7 @@ - vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : - DMARC_POLICY_DKIM_OUTCOME_NONE; - libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain, -- dkim_result, US""); -+ sig->selector, dkim_result, US""); - DEBUG(D_receive) - debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); - if (libdm_status != DMARC_PARSE_OKAY) diff --git a/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch deleted file mode 100644 index 320cc9936da9..000000000000 --- a/mail-mta/exim/files/exim-4.95-localscan_dlopen.patch +++ /dev/null @@ -1,221 +0,0 @@ -Only in exim-4.95: dlopen.patch -diff -aur exim-4.95.orig/src/config.h.defaults exim-4.95/src/config.h.defaults ---- exim-4.95.orig/src/config.h.defaults 2021-09-28 10:24:46.000000000 +0200 -+++ exim-4.95/src/config.h.defaults 2021-09-29 08:20:03.677883649 +0200 -@@ -35,6 +35,8 @@ - - #define AUTH_VARS 4 - -+#define DLOPEN_LOCAL_SCAN -+ - #define BIN_DIRECTORY - - #define CONFIGURE_FILE -Only in exim-4.95/src: config.h.defaults.orig -diff -aur exim-4.95.orig/src/EDITME exim-4.95/src/EDITME ---- exim-4.95.orig/src/EDITME 2021-09-28 10:24:46.000000000 +0200 -+++ exim-4.95/src/EDITME 2021-09-29 08:20:03.678883649 +0200 -@@ -883,6 +883,24 @@ - - - #------------------------------------------------------------------------------ -+# On systems which support dynamic loading of shared libraries, Exim can -+# load a local_scan function specified in its config file instead of having -+# to be recompiled with the desired local_scan function. For a full -+# description of the API to this function, see the Exim specification. -+ -+#DLOPEN_LOCAL_SCAN=yes -+ -+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the -+# linker flags. Without it, the loaded .so won't be able to access any -+# functions from exim. -+ -+LFLAGS = -rdynamic -+ifeq ($(OSTYPE),Linux) -+LFLAGS += -ldl -+endif -+ -+ -+#------------------------------------------------------------------------------ - # The default distribution of Exim contains only the plain text form of the - # documentation. Other forms are available separately. If you want to install - # the documentation in "info" format, first fetch the Texinfo documentation -Only in exim-4.95/src: EDITME.orig -diff -aur exim-4.95.orig/src/globals.c exim-4.95/src/globals.c ---- exim-4.95.orig/src/globals.c 2021-09-28 10:24:46.000000000 +0200 -+++ exim-4.95/src/globals.c 2021-09-29 08:20:03.679883649 +0200 -@@ -42,6 +42,10 @@ - - uschar *no_aliases = NULL; - -+#ifdef DLOPEN_LOCAL_SCAN -+uschar *local_scan_path = NULL; -+#endif -+ - - /* For comments on these variables, see globals.h. I'm too idle to - duplicate them here... */ -Only in exim-4.95/src: globals.c.orig -diff -aur exim-4.95.orig/src/globals.h exim-4.95/src/globals.h ---- exim-4.95.orig/src/globals.h 2021-09-28 10:24:46.000000000 +0200 -+++ exim-4.95/src/globals.h 2021-09-29 08:20:03.680883648 +0200 -@@ -170,6 +170,9 @@ - extern int (*receive_ferror)(void); - extern BOOL (*receive_smtp_buffered)(void); - -+#ifdef DLOPEN_LOCAL_SCAN -+extern uschar *local_scan_path; /* Path to local_scan() library */ -+#endif - - /* For clearing, saving, restoring address expansion variables. We have to have - the size of this vector set explicitly, because it is referenced from more than -Only in exim-4.95/src: globals.h.orig -diff -aur exim-4.95.orig/src/local_scan.c exim-4.95/src/local_scan.c ---- exim-4.95.orig/src/local_scan.c 2021-09-28 10:24:46.000000000 +0200 -+++ exim-4.95/src/local_scan.c 2021-09-29 08:23:33.756785663 +0200 -@@ -54,10 +54,130 @@ - is used in the rejection message. - */ - -+#ifdef DLOPEN_LOCAL_SCAN -+# include <stdlib.h> -+# include <dlfcn.h> -+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; -+static int load_local_scan_library(void); -+extern uschar *local_scan_path; /* Path to local_scan() library */ -+#endif -+ - int - local_scan(int fd, uschar **return_text) - { --return LOCAL_SCAN_ACCEPT; -+#ifdef DLOPEN_LOCAL_SCAN -+/* local_scan_path is defined AND not the empty string */ -+if (local_scan_path && *local_scan_path) -+ { -+ if (!local_scan_fn) -+ { -+ if (!load_local_scan_library()) -+ { -+ char *base_msg , *error_msg , *final_msg ; -+ int final_length = -1 ; -+ -+ base_msg=US"Local configuration error - local_scan() library failure\n"; -+ error_msg = dlerror() ; -+ -+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ; -+ final_msg = (char*)malloc( final_length*sizeof(char) ) ; -+ *final_msg = '\0' ; -+ -+ strcat( final_msg , base_msg ) ; -+ strcat( final_msg , error_msg ) ; -+ -+ *return_text = final_msg ; -+ return LOCAL_SCAN_TEMPREJECT; -+ } -+ } -+ return local_scan_fn(fd, return_text); -+ } -+else -+#endif -+ return LOCAL_SCAN_ACCEPT; -+} -+ -+#ifdef DLOPEN_LOCAL_SCAN -+ -+static int load_local_scan_library(void) -+{ -+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */ -+void *local_scan_lib = NULL; -+int (*local_scan_version_fn)(void); -+int vers_maj; -+int vers_min; -+ -+local_scan_lib = dlopen(local_scan_path, RTLD_NOW); -+if (!local_scan_lib) -+ { -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - " -+ "message temporarily rejected"); -+ return FALSE; -+ } -+ -+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major"); -+if (!local_scan_version_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan_version_major() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+/* The major number is increased when the ABI is changed in a non -+ backward compatible way. */ -+vers_maj = local_scan_version_fn(); -+ -+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor"); -+if (!local_scan_version_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan_version_minor() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+/* The minor number is increased each time a new feature is added (in a -+ way that doesn't break backward compatibility) -- Marc */ -+vers_min = local_scan_version_fn(); -+ -+ -+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR) -+ { -+ dlclose(local_scan_lib); -+ local_scan_lib = NULL; -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major" -+ "version number, you need to recompile your module for this version" -+ "of exim (The module was compiled for version %d.%d and this exim provides" -+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, -+ LOCAL_SCAN_ABI_VERSION_MINOR); -+ return FALSE; -+ } -+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR) -+ { -+ dlclose(local_scan_lib); -+ local_scan_lib = NULL; -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor" -+ "version number, you need to recompile your module for this version" -+ "of exim (The module was compiled for version %d.%d and this exim provides" -+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, -+ LOCAL_SCAN_ABI_VERSION_MINOR); -+ return FALSE; -+ } -+ -+local_scan_fn = dlsym(local_scan_lib, "local_scan"); -+if (!local_scan_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+return TRUE; - } - -+#endif /* DLOPEN_LOCAL_SCAN */ -+ -+ - /* End of local_scan.c */ -diff -aur exim-4.95.orig/src/readconf.c exim-4.95/src/readconf.c ---- exim-4.95.orig/src/readconf.c 2021-09-28 10:24:46.000000000 +0200 -+++ exim-4.95/src/readconf.c 2021-09-29 08:20:03.682883647 +0200 -@@ -215,6 +215,9 @@ - { "local_from_prefix", opt_stringptr, {&local_from_prefix} }, - { "local_from_suffix", opt_stringptr, {&local_from_suffix} }, - { "local_interfaces", opt_stringptr, {&local_interfaces} }, -+#ifdef DLOPEN_LOCAL_SCAN -+ { "local_scan_path", opt_stringptr, {&local_scan_path} }, -+#endif - #ifdef HAVE_LOCAL_SCAN - { "local_scan_timeout", opt_time, {&local_scan_timeout} }, - #endif -Only in exim-4.95/src: readconf.c.orig diff --git a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch deleted file mode 100644 index 7eed4eb1855f..000000000000 --- a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch +++ /dev/null @@ -1,265 +0,0 @@ -https://nvd.nist.gov/vuln/detail/CVE-2023-51766 - - -From cf1376206284f2a4f11e32d931d4aade34c206c5 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Fri, 22 Dec 2023 23:57:05 +0000 -Subject: [PATCH] Reject "dot, LF" as ending data phase. Bug 3063 - -From 5bb786d5ad568a88d50d15452aacc8404047e5ca Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Sat, 23 Dec 2023 17:42:57 +0000 -Subject: [PATCH] Reject "dot, LF" as ending data phase (pt. 2). Bug 3063 - -reduced to source changes only for Gentoo - - - -diff --git a/src/src/receive.c b/src/src/receive.c -index e35400aec..c6f612832 100644 ---- a/src/src/receive.c -+++ b/src/src/receive.c -@@ -836,93 +842,101 @@ - */ - - static int --read_message_data_smtp(FILE *fout) -+read_message_data_smtp(FILE * fout, BOOL strict_crlf) - { --int ch_state = 0; --int ch; --int linelength = 0; -+enum { s_linestart, s_normal, s_had_cr, s_had_nl_dot, s_had_dot_cr } ch_state = -+ s_linestart; -+int linelength = 0, ch; - - while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) - { - if (ch == 0) body_zerocount++; - switch (ch_state) - { -- case 0: /* After LF or CRLF */ -- if (ch == '.') -- { -- ch_state = 3; -- continue; /* Don't ever write . after LF */ -- } -- ch_state = 1; -+ case s_linestart: /* After LF or CRLF */ -+ if (ch == '.') -+ { -+ ch_state = s_had_nl_dot; -+ continue; /* Don't ever write . after LF */ -+ } -+ ch_state = s_normal; - -- /* Else fall through to handle as normal uschar. */ -+ /* Else fall through to handle as normal uschar. */ - -- case 1: /* Normal state */ -- if (ch == '\n') -- { -- ch_state = 0; -- body_linecount++; -+ case s_normal: /* Normal state */ -+ if (ch == '\r') -+ { -+ ch_state = s_had_cr; -+ continue; /* Don't write the CR */ -+ } -+ if (ch == '\n') /* Bare LF at end of line */ -+ if (strict_crlf) -+ ch = ' '; /* replace LF with space */ -+ else -+ { /* treat as line ending */ -+ ch_state = s_linestart; -+ body_linecount++; -+ if (linelength > max_received_linelength) -+ max_received_linelength = linelength; -+ linelength = -1; -+ } -+ break; -+ -+ case s_had_cr: /* After (unwritten) CR */ -+ body_linecount++; /* Any char ends line */ - if (linelength > max_received_linelength) -- max_received_linelength = linelength; -+ max_received_linelength = linelength; - linelength = -1; -- } -- else if (ch == '\r') -- { -- ch_state = 2; -- continue; -- } -- break; -+ if (ch == '\n') /* proper CRLF */ -+ ch_state = s_linestart; -+ else -+ { -+ message_size++; /* convert the dropped CR to a stored NL */ -+ if (fout && fputc('\n', fout) == EOF) return END_WERROR; -+ cutthrough_data_put_nl(); -+ if (ch == '\r') /* CR; do not write */ -+ continue; -+ ch_state = s_normal; /* not LF or CR; process as standard */ -+ } -+ break; - -- case 2: /* After (unwritten) CR */ -- body_linecount++; -- if (linelength > max_received_linelength) -- max_received_linelength = linelength; -- linelength = -1; -- if (ch == '\n') -- { -- ch_state = 0; -- } -- else -- { -- message_size++; -- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR; -- cutthrough_data_put_nl(); -- if (ch != '\r') ch_state = 1; else continue; -- } -- break; -+ case s_had_nl_dot: /* After [CR] LF . */ -+ if (ch == '\n') /* [CR] LF . LF */ -+ if (strict_crlf) -+ ch = ' '; /* replace LF with space */ -+ else -+ return END_DOT; -+ else if (ch == '\r') /* [CR] LF . CR */ -+ { -+ ch_state = s_had_dot_cr; -+ continue; /* Don't write the CR */ -+ } -+ /* The dot was removed on reaching s_had_nl_dot. For a doubled dot, here, -+ reinstate it to cutthrough. The current ch, dot or not, is passed both to -+ cutthrough and to file below. */ -+ else if (ch == '.') -+ { -+ uschar c = ch; -+ cutthrough_data_puts(&c, 1); -+ } -+ ch_state = s_normal; -+ break; - -- case 3: /* After [CR] LF . */ -- if (ch == '\n') -- return END_DOT; -- if (ch == '\r') -- { -- ch_state = 4; -- continue; -- } -- /* The dot was removed at state 3. For a doubled dot, here, reinstate -- it to cutthrough. The current ch, dot or not, is passed both to cutthrough -- and to file below. */ -- if (ch == '.') -- { -- uschar c= ch; -- cutthrough_data_puts(&c, 1); -- } -- ch_state = 1; -- break; -+ case s_had_dot_cr: /* After [CR] LF . CR */ -+ if (ch == '\n') -+ return END_DOT; /* Preferred termination */ - -- case 4: /* After [CR] LF . CR */ -- if (ch == '\n') return END_DOT; -- message_size++; -- body_linecount++; -- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR; -- cutthrough_data_put_nl(); -- if (ch == '\r') -- { -- ch_state = 2; -- continue; -- } -- ch_state = 1; -- break; -+ message_size++; /* convert the dropped CR to a stored NL */ -+ body_linecount++; -+ if (fout && fputc('\n', fout) == EOF) return END_WERROR; -+ cutthrough_data_put_nl(); -+ if (ch == '\r') -+ { -+ ch_state = s_had_cr; -+ continue; /* CR; do not write */ -+ } -+ ch_state = s_normal; -+ break; - } - - /* Add the character to the spool file, unless skipping; then loop for the -@@ -1140,7 +1152,7 @@ receive_swallow_smtp(void) - { - if (message_ended >= END_NOTENDED) - message_ended = chunking_state <= CHUNKING_OFFERED -- ? read_message_data_smtp(NULL) -+ ? read_message_data_smtp(NULL, FALSE) - : read_message_bdat_smtp_wire(NULL); - } - -@@ -1960,8 +1960,10 @@ for (;;) - - if (ch == '\n') - { -- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE; -- else if (first_line_ended_crlf) receive_ungetc(' '); -+ if (first_line_ended_crlf == TRUE_UNSET) -+ first_line_ended_crlf = FALSE; -+ else if (first_line_ended_crlf) -+ receive_ungetc(' '); - goto EOL; - } - -@@ -1977,7 +1980,11 @@ for (;;) - if (f.dot_ends && ptr == 0 && ch == '.') - { - ch = (receive_getc)(GETC_BUFFER_UNLIMITED); -- if (ch == '\r') -+ if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ ) -+ /* dot, LF but we are in CRLF mode. Attack? */ -+ ch = ' '; /* replace the LF with a space */ -+ -+ else if (ch == '\r') - { - ch = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (ch != '\n') -@@ -2013,7 +2020,8 @@ for (;;) - ch = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (ch == '\n') - { -- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE; -+ if (first_line_ended_crlf == TRUE_UNSET) -+ first_line_ended_crlf = TRUE; - goto EOL; - } - -@@ -3241,7 +3253,7 @@ if (!ferror(spool_data_file) && !(receive_feof)() && message_ended != END_DOT) - if (smtp_input) - { - message_ended = chunking_state <= CHUNKING_OFFERED -- ? read_message_data_smtp(spool_data_file) -+ ? read_message_data_smtp(spool_data_file, first_line_ended_crlf) - : spool_wireformat - ? read_message_bdat_smtp_wire(spool_data_file) - : read_message_bdat_smtp(spool_data_file); -diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c -index e19c86ff8..aeaffeb37 100644 ---- a/src/src/smtp_in.c -+++ b/src/src/smtp_in.c -@@ -5112,7 +5112,10 @@ while (done <= 0) - to get the DATA command sent. */ - - if (!acl_smtp_predata && cutthrough.cctx.sock < 0) -+ { -+ if (!check_sync()) goto SYNC_FAILURE; - rc = OK; -+ } - else - { - uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept"; |