summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans de Graaff <graaff@gentoo.org>2019-07-15 07:09:51 +0200
committerHans de Graaff <graaff@gentoo.org>2019-07-15 07:10:38 +0200
commit1ea0eb3d0c4f9085d7dcd4a333d5a094f9eae9a7 (patch)
tree451a7a583400c8506fd3c5524d6b16d08451b6e9 /mail-mta/sendmail
parentapp-editors/ghex: add a new line at the end of the build. (diff)
downloadgentoo-1ea0eb3d0c4f9085d7dcd4a333d5a094f9eae9a7.tar.gz
gentoo-1ea0eb3d0c4f9085d7dcd4a333d5a094f9eae9a7.tar.bz2
gentoo-1ea0eb3d0c4f9085d7dcd4a333d5a094f9eae9a7.zip
mail-mta/sendmail: fix openssl 1.1.x compatibility
Patch provided by Attila Tóth. Fixes: https://bugs.gentoo.org/673986 Signed-off-by: Hans de Graaff <graaff@gentoo.org> Package-Manager: Portage-2.3.66, Repoman-2.3.11
Diffstat (limited to 'mail-mta/sendmail')
-rw-r--r--mail-mta/sendmail/files/sendmail-8.15.2-openssl-1.1.0-fix.patch182
-rw-r--r--mail-mta/sendmail/sendmail-8.15.2-r1.ebuild207
2 files changed, 389 insertions, 0 deletions
diff --git a/mail-mta/sendmail/files/sendmail-8.15.2-openssl-1.1.0-fix.patch b/mail-mta/sendmail/files/sendmail-8.15.2-openssl-1.1.0-fix.patch
new file mode 100644
index 00000000000..54a67548941
--- /dev/null
+++ b/mail-mta/sendmail/files/sendmail-8.15.2-openssl-1.1.0-fix.patch
@@ -0,0 +1,182 @@
+--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100
++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100
+@@ -63,14 +63,28 @@ static unsigned char dh512_g[] =
+ static DH *
+ get_dh512()
+ {
+- DH *dh = NULL;
++ DH *dh;
++ BIGNUM *p, *g;
+
+ if ((dh = DH_new()) == NULL)
+ return NULL;
+- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
++ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
++ if (p == NULL || g == NULL)
++ {
++ BN_free(p);
++ BN_free(g);
++ DH_free(dh);
+ return NULL;
++ }
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ DH_set0_pqg(dh, p, NULL, g);
++#else
++ dh->p = p;
++ dh->g = g;
++#endif
++
+ return dh;
+ }
+
+@@ -117,16 +131,27 @@ get_dh2048()
+ };
+ static unsigned char dh2048_g[]={ 0x02, };
+ DH *dh;
++ BIGNUM *p, *g;
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
+- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
++ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
++ if (p == NULL || g == NULL)
+ {
++ BN_free(p);
++ BN_free(g);
+ DH_free(dh);
+- return(NULL);
++ return NULL;
+ }
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ DH_set0_pqg(dh, p, NULL, g);
++#else
++ dh->p = p;
++ dh->g = g;
++#endif
++
+ return(dh);
+ }
+ # endif /* !NO_DH */
+@@ -715,6 +740,54 @@ static char server_session_id_context[]
+ # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0
+ #endif
+
++static RSA *
++generate_rsa_key(bits, e)
++ int bits;
++ unsigned long e;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++ return RSA_generate_key(bits, e, NULL, NULL);
++#else
++ BIGNUM *bne;
++ RSA *rsa = NULL;
++
++ bne = BN_new();
++ if (bne && BN_set_word(bne, e) != 1)
++ rsa = RSA_new();
++ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1)
++ {
++ RSA_free(rsa);
++ rsa = NULL;
++ }
++ BN_free(bne);
++ return rsa;
++#endif
++}
++
++static DSA *
++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret)
++ int bits;
++ unsigned char *seed;
++ int seed_len;
++ int *counter_ret;
++ unsigned long *h_ret;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++ return DSA_generate_parameters(bits, seed, seed_len, counter_ret,
++ h_ret, NULL, NULL);
++#else
++ DSA *dsa = DSA_new();
++
++ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len,
++ counter_ret, h_ret, NULL) != 1)
++ {
++ DSA_free(dsa);
++ dsa = NULL;
++ }
++ return dsa;
++#endif
++}
++
+ bool
+ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
+ SSL_CTX **ctx;
+@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile
+ {
+ /* get a pointer to the current certificate validation store */
+ store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
+- crl_file = BIO_new(BIO_s_file_internal());
++ crl_file = BIO_new(BIO_s_file());
+ if (crl_file != NULL)
+ {
+ if (BIO_read_filename(crl_file, CRLFile) >= 0)
+@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile
+ if (bitset(TLS_I_RSA_TMP, req)
+ # if SM_CONF_SHM
+ && ShmId != SM_SHM_NO_ID &&
+- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
+- NULL)) == NULL
++ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL
+ # else /* SM_CONF_SHM */
+ && 0 /* no shared memory: no need to generate key now */
+ # endif /* SM_CONF_SHM */
+@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile
+ sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
+
+ /* this takes a while! */
+- dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
+- NULL, 0, NULL);
++ dsa = generate_dsa_parameters(bits, NULL, 0, NULL,
++ NULL);
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ }
+@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength)
+
+ if (rsa_tmp != NULL)
+ RSA_free(rsa_tmp);
+- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
++ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4);
+ if (rsa_tmp == NULL)
+ {
+ if (LogLevel > 0)
+@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx)
+ {
+ if (LogLevel > 13)
+ tls_verify_log(ok, ctx, "x509");
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (X509_STORE_CTX_get_error(ctx) ==
++ X509_V_ERR_UNABLE_TO_GET_CRL)
++ {
++ X509_STORE_CTX_set_error(ctx, 0);
++ return 1; /* override it */
++ }
++#else
+ if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+ {
+ ctx->error = 0;
+ return 1; /* override it */
+ }
++#endif
+ }
+ return ok;
+ }
diff --git a/mail-mta/sendmail/sendmail-8.15.2-r1.ebuild b/mail-mta/sendmail/sendmail-8.15.2-r1.ebuild
new file mode 100644
index 00000000000..b4933bf7435
--- /dev/null
+++ b/mail-mta/sendmail/sendmail-8.15.2-r1.ebuild
@@ -0,0 +1,207 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit multilib systemd toolchain-funcs user
+
+DESCRIPTION="Widely-used Mail Transport Agent (MTA)"
+HOMEPAGE="http://www.sendmail.org/"
+SRC_URI="ftp://ftp.sendmail.org/pub/${PN}/${PN}.${PV}.tar.gz"
+
+LICENSE="Sendmail GPL-2" # GPL-2 is here for initscript
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ssl ldap libressl sasl tcpd mbox ipv6 nis sockets"
+
+DEPEND="net-mail/mailbase
+ sys-devel/m4
+ sasl? ( >=dev-libs/cyrus-sasl-2.1.10 )
+ tcpd? ( sys-apps/tcp-wrappers )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:= )
+ )
+ ldap? ( net-nds/openldap )
+ >=sys-libs/db-3.2
+ !net-mail/vacation
+ "
+RDEPEND="${DEPEND}
+ >=net-mail/mailbase-0.00
+ !mail-mta/courier
+ !mail-mta/esmtp
+ !mail-mta/exim
+ !mail-mta/mini-qmail
+ !mail-mta/msmtp[mta]
+ !mail-mta/netqmail
+ !mail-mta/nullmailer
+ !mail-mta/postfix
+ !mail-mta/opensmtpd
+ !mail-mta/qmail-ldap
+ !<mail-mta/ssmtp-2.64-r2
+ !>=mail-mta/ssmtp-2.64-r2[mta]"
+
+PDEPEND="!mbox? ( mail-filter/procmail )"
+
+# libmilter library is part of sendmail, but it does not share the version number with it.
+# In order to find the right libmilter version number, check SMFI_VERSION definition
+# that can be found in ${S}/include/libmilter/mfapi.h (see also SM_LM_VRS_* defines).
+# For example, version 1.0.1 has a SMFI_VERSION of 0x01000001.
+LIBMILTER_VER=1.0.2
+
+pkg_setup() {
+ enewgroup smmsp 209
+ enewuser smmsp 209 -1 /var/spool/mqueue smmsp
+}
+
+src_prepare() {
+ eapply "${FILESDIR}"/"${PN}"-8.14.6-build-system.patch
+ eapply -p0 "${FILESDIR}"/sendmail-delivered_hdr.patch
+ eapply "${FILESDIR}"/libmilter-sharedlib.patch
+ eapply -p0 "${FILESDIR}"/sendmail-starttls-multi-crl.patch
+ eapply "${FILESDIR}"/${P}-openssl-1.1.0-fix.patch
+
+ local confCC="$(tc-getCC)"
+ local confCCOPTS="${CFLAGS}"
+ local confLDOPTS="${LDFLAGS}"
+ local confMAPDEF="-DMAP_REGEX"
+ local conf_sendmail_LIBS=""
+ use sasl && confLIBS="${confLIBS} -lsasl2" \
+ && confENVDEF="${confENVDEF} -DSASL=2" \
+ && confCCOPTS="${confCCOPTS} -I/usr/include/sasl" \
+ && conf_sendmail_LIBS="${conf_sendmail_LIBS} -lsasl2"
+ use tcpd && confENVDEF="${confENVDEF} -DTCPWRAPPERS" \
+ && confLIBS="${confLIBS} -lwrap"
+ use ssl && confENVDEF="${confENVDEF} -DSTARTTLS -D_FFR_DEAL_WITH_ERROR_SSL" \
+ && confENVDEF="${confENVDEF} -D_FFR_TLS_1" \
+ && confLIBS="${confLIBS} -lssl -lcrypto" \
+ && conf_sendmail_LIBS="${conf_sendmail_LIBS} -lssl -lcrypto"
+ use ldap && confMAPDEF="${confMAPDEF} -DLDAPMAP" \
+ && confLIBS="${confLIBS} -lldap -llber"
+ use ipv6 && confENVDEF="${confENVDEF} -DNETINET6"
+ use nis && confENVDEF="${confENVDEF} -DNIS"
+ use sockets && confENVDEF="${confENVDEF} -DSOCKETMAP"
+ sed -e "s:@@confCCOPTS@@:${confCCOPTS}:" \
+ -e "s/@@confLDOPTS@@/${confLDOPTS}/" \
+ -e "s/@@confCC@@/${confCC}/" \
+ -e "s/@@confMAPDEF@@/${confMAPDEF}/" \
+ -e "s/@@confENVDEF@@/${confENVDEF}/" \
+ -e "s/@@confLIBS@@/${confLIBS}/" \
+ -e "s/@@conf_sendmail_LIBS@@/${conf_sendmail_LIBS}/" \
+ "${FILESDIR}"/site.config.m4 > devtools/Site/site.config.m4
+
+ eapply_user
+}
+
+src_compile() {
+ sh Build AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" || die "compilation failed in main Build script"
+ pushd libmilter
+ sh Build AR="$(tc-getAR)" RANLIB="$(tc-getRANLIB)" MILTER_SOVER=${LIBMILTER_VER} || die "libmilter compilation failed"
+ popd
+}
+
+src_install () {
+ local MY_LIBDIR=/usr/$(get_libdir)
+ local MY_OBJDIR="obj.`uname -s`.`uname -r`.`uname -m`"
+ dodir /usr/bin ${MY_LIBDIR} /usr/include/libmilter
+ dodir /usr/share/man/man{1,5,8} /usr/sbin /var/log /usr/share/sendmail-cf
+ dodir /var/spool/{mqueue,clientmqueue} /etc/conf.d
+ keepdir /var/spool/{clientmqueue,mqueue}
+ for dir in libsmutil sendmail mailstats praliases smrsh makemap vacation editmap
+ do
+ make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \
+ SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
+ MANOWN=root MANGRP=root INCOWN=root INCGRP=root \
+ LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \
+ MSPQOWN=root CFOWN=root CFGRP=root \
+ install -C "${MY_OBJDIR}/${dir}" \
+ || die "install failed"
+ done
+ for dir in rmail mail.local
+ do
+ make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \
+ SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
+ MANOWN=root MANGRP=root INCOWN=root INCGRP=root \
+ LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \
+ MSPQOWN=root CFOWN=root CFGRP=root \
+ force-install -C "${MY_OBJDIR}/${dir}" \
+ || die "install failed"
+ done
+
+ make DESTDIR="${D}" LIBDIR="${MY_LIBDIR}" MANROOT=/usr/share/man/man \
+ SBINOWN=root SBINGRP=root UBINOWN=root UBINGRP=root \
+ MANOWN=root MANGRP=root INCOWN=root INCGRP=root \
+ LIBOWN=root LIBGRP=root GBINOWN=root GBINGRP=root \
+ MSPQOWN=root CFOWN=root CFGRP=root \
+ MILTER_SOVER=${LIBMILTER_VER} \
+ install -C "${MY_OBJDIR}/libmilter" \
+ || die "install failed"
+
+ fowners root:smmsp /usr/sbin/sendmail
+ fperms 2555 /usr/sbin/sendmail
+ fowners smmsp:smmsp /var/spool/clientmqueue
+ fperms 770 /var/spool/clientmqueue
+ fperms 700 /var/spool/mqueue
+ dosym /usr/sbin/makemap /usr/bin/makemap
+ dodoc FAQ KNOWNBUGS README RELEASE_NOTES doc/op/op.ps
+ newdoc sendmail/README README.sendmail
+ newdoc sendmail/SECURITY SECURITY
+ newdoc sendmail/TUNING TUNING
+ newdoc smrsh/README README.smrsh
+ newdoc libmilter/README README.libmilter
+
+ newdoc cf/README README.cf
+ newdoc cf/cf/README README.install-cf
+ cp -pPR cf/* "${D}"/usr/share/sendmail-cf
+
+ docinto contrib
+ dodoc contrib/*
+
+ insinto /etc/mail
+ if use mbox
+ then
+ newins "${FILESDIR}"/sendmail.mc-r1 sendmail.mc
+ else
+ newins "${FILESDIR}"/sendmail-procmail.mc sendmail.mc
+ fi
+ m4 "${D}"/usr/share/sendmail-cf/m4/cf.m4 "${D}"/etc/mail/sendmail.mc \
+ > "${D}"/etc/mail/sendmail.cf
+ echo "include(\`/usr/share/sendmail-cf/m4/cf.m4')dnl" \
+ > "${D}"/etc/mail/submit.mc
+ cat "${D}"/usr/share/sendmail-cf/cf/submit.mc >> "${D}"/etc/mail/submit.mc
+ echo "# local-host-names - include all aliases for your machine here" \
+ > "${D}"/etc/mail/local-host-names
+ cat <<- EOF > "${D}"/etc/mail/trusted-users
+ # trusted-users - users that can send mail as others without a warning
+ # apache, mailman, majordomo, uucp are good candidates
+ EOF
+ cat <<- EOF > "${D}"/etc/mail/access
+ # Check the /usr/share/doc/sendmail/README.cf file for a description
+ # of the format of this file. (search for access_db in that file)
+ # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
+ # package.
+ #
+
+ EOF
+ cat <<- EOF > "${D}"/etc/conf.d/sendmail
+ # Config file for /etc/init.d/sendmail
+ # add start-up options here
+ SENDMAIL_OPTS="-bd -q30m -L sm-mta" # default daemon mode
+ CLIENTMQUEUE_OPTS="-Ac -q30m -L sm-cm" # clientmqueue
+ KILL_OPTS="" # add -9/-15/your favorite evil SIG level here
+
+ EOF
+ if use sasl; then
+ dodir /etc/sasl2
+ cat <<- EOF > "${D}"/etc/sasl2/Sendmail.conf
+ pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
+
+ EOF
+ fi
+
+ doinitd "${FILESDIR}"/sendmail
+ systemd_dounit "${FILESDIR}"/sendmail.service
+ systemd_dounit "${FILESDIR}"/sm-client.service
+
+ keepdir /usr/adm/sm.bin
+}