mail-mta/netqmail-1.06-r13: revbump for CVE-2005-1513, CVE-2005-1514, CVE-2005-1515

Bug: https://bugs.gentoo.org/721566
Signed-off-by: Rolf Eike Beer <kde@opensource.sf-tec.de>
Closes: https://github.com/gentoo/gentoo/pull/15881
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

5 files changed, 595 insertions, 0 deletions

diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch
new file mode 100644
index 000000000000..58af5a9cee11
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1513.patch
@@ -0,0 +1,66 @@
+From bb92ea678c2a2a524d2ee6e9d598275a659168d2 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Mon, 11 May 2020 18:30:13 +0200
+Subject: [PATCH 3/4] mimimum fix for CVE-2005-1513
+
+The first allocation at the tail of the function is not changed as that
+one starts with a small number of elements and grows only on
+subsequent call.s
+---
+ gen_allocdefs.h | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+diff --git a/gen_allocdefs.h b/gen_allocdefs.h
+index 783a9b1..0588441 100644
+--- a/gen_allocdefs.h
++++ b/gen_allocdefs.h
+@@ -4,24 +4,41 @@
+ #define GEN_ALLOC_ready(ta,type,field,len,a,i,n,x,base,ta_ready) \
+ int ta_ready(x,n) register ta *x; register unsigned int n; \
+ { register unsigned int i; \
++  unsigned int nlen; \
+   if (x->field) { \
+     i = x->a; \
+     if (n > i) { \
+-      x->a = base + n + (n >> 3); \
+-      if (alloc_re(&x->field,i * sizeof(type),x->a * sizeof(type))) return 1; \
++      unsigned int nnum; \
++      if (__builtin_add_overflow(base, n, &nlen)) \
++        return 0; \
++      if (__builtin_add_overflow(nlen, n >> 3, &nlen)) \
++        return 0; \
++      if (__builtin_mul_overflow(nlen, sizeof(type), &nnum)) \
++        return 0; \
++      x->a = nlen; \
++      if (alloc_re(&x->field,i * sizeof(type),nnum)) return 1; \
+       x->a = i; return 0; } \
+     return 1; } \
+   x->len = 0; \
+   return !!(x->field = (type *) alloc((x->a = n) * sizeof(type))); }
+ 
+ #define GEN_ALLOC_readyplus(ta,type,field,len,a,i,n,x,base,ta_rplus) \
+-int ta_rplus(x,n) register ta *x; register unsigned int n; \
++int ta_rplus(x,n) register ta *x; unsigned int n; \
+ { register unsigned int i; \
+   if (x->field) { \
+     i = x->a; n += x->len; \
++    if (__builtin_add_overflow(n, x->len, &n)) \
++      return 0; \
+     if (n > i) { \
+-      x->a = base + n + (n >> 3); \
+-      if (alloc_re(&x->field,i * sizeof(type),x->a * sizeof(type))) return 1; \
++      unsigned int nlen, nnum; \
++      if (__builtin_add_overflow(base, n, &nlen)) \
++        return 0; \
++      if (__builtin_add_overflow(nlen, n >> 3, &nlen)) \
++        return 0; \
++      if (__builtin_mul_overflow(nlen, sizeof(type), &nnum)) \
++        return 0; \
++      x->a = nlen; \
++      if (alloc_re(&x->field,i * sizeof(type),nnum)) return 1; \
+       x->a = i; return 0; } \
+     return 1; } \
+   x->len = 0; \
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch
new file mode 100644
index 000000000000..3876c290b676
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1514.patch
@@ -0,0 +1,39 @@
+From dc617a2f2d31e4c448b806791b3f8736cf9d1ffb Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Tue, 12 May 2020 20:06:38 +0200
+Subject: [PATCH 2/4] fix possible signed integer overflow in commands()
+ (CVE-2005-1514)
+
+Fix it as suggested by the Qualys Security Advisory team.
+---
+ commands.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/commands.c b/commands.c
+index b0d3f61..90a50c9 100644
+--- a/commands.c
++++ b/commands.c
+@@ -10,16 +10,17 @@ int commands(ss,c)
+ substdio *ss;
+ struct commands *c;
+ {
+-  int i;
++  unsigned int i;
+   char *arg;
+ 
+   for (;;) {
+     if (!stralloc_copys(&cmd,"")) return -1;
+ 
+     for (;;) {
++      int j;
+       if (!stralloc_readyplus(&cmd,1)) return -1;
+-      i = substdio_get(ss,cmd.s + cmd.len,1);
+-      if (i != 1) return i;
++      j = substdio_get(ss,cmd.s + cmd.len,1);
++      if (j != 1) return j;
+       if (cmd.s[cmd.len] == '\n') break;
+       ++cmd.len;
+     }
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1515.patch b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1515.patch
new file mode 100644
index 000000000000..f1df70022e17
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-CVE-2005-1515.patch
@@ -0,0 +1,64 @@
+From 5540e1b47ac043033e6661b4e04dcaf958db0110 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Mon, 11 May 2020 18:55:11 +0200
+Subject: [PATCH 1/4] fix signedness wraparound in substdio_put()
+ (CVE-2005-1515)
+
+---
+ qmail.c   |  2 +-
+ substdo.c | 14 ++++++++------
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/qmail.c b/qmail.c
+index 186c092..7c86a04 100644
+--- a/qmail.c
++++ b/qmail.c
+@@ -61,7 +61,7 @@ void qmail_fail(qq) struct qmail *qq;
+   qq->flagerr = 1;
+ }
+ 
+-void qmail_put(qq,s,len) struct qmail *qq; char *s; int len;
++void qmail_put(qq,s,len) struct qmail *qq; char *s; unsigned int len;
+ {
+   if (!qq->flagerr) if (substdio_put(&qq->ss,s,len) == -1) qq->flagerr = 1;
+ }
+diff --git a/substdo.c b/substdo.c
+index fb616f7..bccf0d6 100644
+--- a/substdo.c
++++ b/substdo.c
+@@ -7,7 +7,7 @@ static int allwrite(op,fd,buf,len)
+ register int (*op)();
+ register int fd;
+ register char *buf;
+-register int len;
++register unsigned int len;
+ {
+   register int w;
+ 
+@@ -55,16 +55,18 @@ register int len;
+ int substdio_put(s,buf,len)
+ register substdio *s;
+ register char *buf;
+-register int len;
++register unsigned int len;
+ {
+-  register int n;
++  register unsigned int n = s->n; /* how many bytes to write in next chunk */
+  
+-  n = s->n;
+-  if (len > n - s->p) {
++  /* check if the input would fit in the buffer without flushing */
++  if (len > n - (unsigned int)s->p) {
+     if (substdio_flush(s) == -1) return -1;
+     /* now s->p == 0 */
+     if (n < SUBSTDIO_OUTSIZE) n = SUBSTDIO_OUTSIZE;
+-    while (len > s->n) {
++    /* as long as the remainder would not fit into s->x write it directly
++     * from buf to s->fd. */
++    while (len > (unsigned int)s->n) {
+       if (n > len) n = len;
+       if (allwrite(s->op,s->fd,buf,n) == -1) return -1;
+       buf += n;
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/files/netqmail-1.06-overflows.patch b/mail-mta/netqmail/files/netqmail-1.06-overflows.patch
new file mode 100644
index 000000000000..d9932df972c4
--- /dev/null
+++ b/mail-mta/netqmail/files/netqmail-1.06-overflows.patch
@@ -0,0 +1,223 @@
+From e8a1e037afc8729bd65d4bda36dedf444f301c0f Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eike@sf-mail.de>
+Date: Mon, 11 May 2020 18:30:13 +0200
+Subject: [PATCH 4/4] fix additional length overflows
+
+---
+ Makefile        |  6 +++---
+ alloc.c         | 21 ++++++++++++++-------
+ qmail-local.c   |  3 ++-
+ qmail-pop3d.c   |  3 ++-
+ quote.c         | 10 +++++++++-
+ stralloc_catb.c |  8 +++++++-
+ stralloc_opyb.c |  8 +++++++-
+ substdo.c       |  4 ++--
+ 8 files changed, 46 insertions(+), 17 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 0f0e31a..4b592c6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1673,7 +1673,7 @@ qsutil.h
+ 	./compile qsutil.c
+ 
+ quote.o: \
+-compile quote.c stralloc.h gen_alloc.h str.h quote.h
++compile quote.c stralloc.h gen_alloc.h str.h quote.h error.h
+ 	./compile quote.c
+ 
+ rcpthosts.o: \
+@@ -1965,7 +1965,7 @@ compile stralloc_cat.c byte.h stralloc.h gen_alloc.h
+ 	./compile stralloc_cat.c
+ 
+ stralloc_catb.o: \
+-compile stralloc_catb.c stralloc.h gen_alloc.h byte.h
++compile stralloc_catb.c stralloc.h gen_alloc.h byte.h error.h
+ 	./compile stralloc_catb.c
+ 
+ stralloc_cats.o: \
+@@ -1982,7 +1982,7 @@ gen_allocdefs.h
+ 	./compile stralloc_eady.c
+ 
+ stralloc_opyb.o: \
+-compile stralloc_opyb.c stralloc.h gen_alloc.h byte.h
++compile stralloc_opyb.c stralloc.h gen_alloc.h byte.h error.h
+ 	./compile stralloc_opyb.c
+ 
+ stralloc_opys.o: \
+diff --git a/alloc.c b/alloc.c
+index c661453..3ab5f6f 100644
+--- a/alloc.c
++++ b/alloc.c
+@@ -1,7 +1,6 @@
++#include <stdlib.h>
+ #include "alloc.h"
+ #include "error.h"
+-extern char *malloc();
+-extern void free();
+ 
+ #define ALIGNMENT 16 /* XXX: assuming that this alignment is enough */
+ #define SPACE 4096 /* must be multiple of ALIGNMENT */
+@@ -11,15 +10,23 @@ static aligned realspace[SPACE / ALIGNMENT];
+ #define space ((char *) realspace)
+ static unsigned int avail = SPACE; /* multiple of ALIGNMENT; 0<=avail<=SPACE */
+ 
++static char *m_alloc(unsigned int n)
++{
++  char *x = malloc(n);
++  if (!x) errno = error_nomem;
++  return x;
++}
++
+ /*@null@*//*@out@*/char *alloc(n)
+ unsigned int n;
+ {
+-  char *x;
+-  n = ALIGNMENT + n - (n & (ALIGNMENT - 1)); /* XXX: could overflow */
++  if (n >= SPACE)
++    return m_alloc(n);
++  /* Round it up to the next multiple of alignment. Could overflow if n is
++   * close to 2**32, but by the check above this is already ruled out. */
++  n = ALIGNMENT + n - (n & (ALIGNMENT - 1));
+   if (n <= avail) { avail -= n; return space + avail; }
+-  x = malloc(n);
+-  if (!x) errno = error_nomem;
+-  return x;
++  return m_alloc(n);
+ }
+ 
+ void alloc_free(x)
+diff --git a/qmail-local.c b/qmail-local.c
+index 6fec288..f5e33fd 100644
+--- a/qmail-local.c
++++ b/qmail-local.c
+@@ -1,5 +1,6 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <stdlib.h>
+ #include "readwrite.h"
+ #include "sig.h"
+ #include "env.h"
+@@ -633,7 +634,7 @@ char **argv;
+      i = j + 1;
+     }
+ 
+- recips = (char **) alloc((numforward + 1) * sizeof(char *));
++ recips = (char **) calloc(numforward + 1, sizeof(char *));
+  if (!recips) temp_nomem();
+  numforward = 0;
+ 
+diff --git a/qmail-pop3d.c b/qmail-pop3d.c
+index 0ca4f9c..1916433 100644
+--- a/qmail-pop3d.c
++++ b/qmail-pop3d.c
+@@ -1,5 +1,6 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <stdlib.h>
+ #include "commands.h"
+ #include "sig.h"
+ #include "getln.h"
+@@ -131,7 +132,7 @@ void getlist()
+   if (maildir_scan(&pq,&filenames,1,1) == -1) die_scan();
+  
+   numm = pq.p ? pq.len : 0;
+-  m = (struct message *) alloc(numm * sizeof(struct message));
++  m = (struct message *) calloc(numm, sizeof(struct message));
+   if (!m) die_nomem();
+  
+   for (i = 0;i < numm;++i) {
+diff --git a/quote.c b/quote.c
+index 659cfcd..73b7214 100644
+--- a/quote.c
++++ b/quote.c
+@@ -1,3 +1,4 @@
++#include "error.h"
+ #include "stralloc.h"
+ #include "str.h"
+ #include "quote.h"
+@@ -23,8 +24,15 @@ stralloc *sain;
+  char ch;
+  int i;
+  int j;
++ unsigned int nlen;
+ 
+- if (!stralloc_ready(saout,sain->len * 2 + 2)) return 0;
++ /* make sure the size calculation below does not overflow */
++ if (__builtin_mul_overflow(sain->len, 2, &nlen) ||
++     __builtin_add_overflow(nlen, 2, &nlen)) {
++   errno = error_nomem;
++   return 0;
++ }
++ if (!stralloc_ready(saout,nlen)) return 0;
+  j = 0;
+  saout->s[j++] = '"';
+  for (i = 0;i < sain->len;++i)
+diff --git a/stralloc_catb.c b/stralloc_catb.c
+index 67dbcc0..a315810 100644
+--- a/stralloc_catb.c
++++ b/stralloc_catb.c
+@@ -1,13 +1,19 @@
+ #include "stralloc.h"
+ #include "byte.h"
++#include "error.h"
+ 
+ int stralloc_catb(sa,s,n)
+ stralloc *sa;
+ char *s;
+ unsigned int n;
+ {
++  unsigned int i;
+   if (!sa->s) return stralloc_copyb(sa,s,n);
+-  if (!stralloc_readyplus(sa,n + 1)) return 0;
++  if (__builtin_add_overflow(n, 1, &i)) {
++    errno = error_nomem;
++    return 0;
++  }
++  if (!stralloc_readyplus(sa,i)) return 0;
+   byte_copy(sa->s + sa->len,n,s);
+   sa->len += n;
+   sa->s[sa->len] = 'Z'; /* ``offensive programming'' */
+diff --git a/stralloc_opyb.c b/stralloc_opyb.c
+index ac258b3..8a6f305 100644
+--- a/stralloc_opyb.c
++++ b/stralloc_opyb.c
+@@ -1,12 +1,18 @@
+ #include "stralloc.h"
+ #include "byte.h"
++#include "error.h"
+ 
+ int stralloc_copyb(sa,s,n)
+ stralloc *sa;
+ char *s;
+ unsigned int n;
+ {
+-  if (!stralloc_ready(sa,n + 1)) return 0;
++  unsigned int i;
++  if (__builtin_add_overflow(n, 1, &i)) {
++    errno = error_nomem;
++    return 0;
++  }
++  if (!stralloc_ready(sa,i)) return 0;
+   byte_copy(sa->s,n,s);
+   sa->len = n;
+   sa->s[n] = 'Z'; /* ``offensive programming'' */
+diff --git a/substdo.c b/substdo.c
+index bccf0d6..ad7232a 100644
+--- a/substdo.c
++++ b/substdo.c
+@@ -38,9 +38,9 @@ register substdio *s;
+ int substdio_bput(s,buf,len)
+ register substdio *s;
+ register char *buf;
+-register int len;
++register unsigned int len;
+ {
+-  register int n;
++  register unsigned int n;
+  
+   while (len > (n = s->n - s->p)) {
+     byte_copy(s->x + s->p,n,buf); s->p += n; buf += n; len -= n;
+-- 
+2.26.1
+
diff --git a/mail-mta/netqmail/netqmail-1.06-r13.ebuild b/mail-mta/netqmail/netqmail-1.06-r13.ebuild
new file mode 100644
index 000000000000..56be4e1891ca
--- /dev/null
+++ b/mail-mta/netqmail/netqmail-1.06-r13.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+GENQMAIL_PV=20191010
+QMAIL_SPP_PV=0.42
+
+QMAIL_TLS_PV=20190114
+QMAIL_TLS_F=${PN}-1.05-tls-smtpauth-${QMAIL_TLS_PV}.patch
+QMAIL_TLS_CVE=vu555316.patch
+
+QMAIL_BIGTODO_PV=103
+QMAIL_BIGTODO_F=big-todo.${QMAIL_BIGTODO_PV}.patch
+
+QMAIL_LARGE_DNS='qmail-103.patch'
+
+QMAIL_SMTPUTF8='qmail-smtputf8.patch'
+
+inherit qmail
+
+DESCRIPTION="qmail -- a secure, reliable, efficient, simple message transfer agent"
+HOMEPAGE="
+	http://netqmail.org
+	https://cr.yp.to/qmail.html
+	http://qmail.org
+"
+SRC_URI="mirror://qmail/${P}.tar.gz
+	https://github.com/DerDakon/genqmail/releases/download/genqmail-${GENQMAIL_PV}/${GENQMAIL_F}
+	https://www.ckdhr.com/ckd/${QMAIL_LARGE_DNS}
+	!vanilla? (
+		highvolume? ( mirror://qmail/${QMAIL_BIGTODO_F} )
+		qmail-spp? ( mirror://sourceforge/qmail-spp/${QMAIL_SPP_F} )
+		ssl? (
+			https://mirror.alexh.name/qmail/netqmail/${QMAIL_TLS_F}
+			http://inoa.net/qmail-tls/${QMAIL_TLS_CVE}
+			https://arnt.gulbrandsen.priv.no/qmail/qmail-smtputf8.patch
+		)
+	)
+"
+
+LICENSE="public-domain"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 sparc ~x86"
+IUSE="authcram gencertdaily highvolume libressl pop3 qmail-spp ssl vanilla"
+REQUIRED_USE="vanilla? ( !ssl !qmail-spp !highvolume )"
+RESTRICT="test"
+
+DEPEND="
+	acct-group/nofiles
+	acct-group/qmail
+	acct-user/alias
+	acct-user/qmaild
+	acct-user/qmaill
+	acct-user/qmailp
+	acct-user/qmailq
+	acct-user/qmailr
+	acct-user/qmails
+	net-dns/libidn2
+	net-mail/queue-repair
+	sys-apps/gentoo-functions
+	sys-apps/groff
+	ssl? (
+		!libressl? ( >=dev-libs/openssl-1.1:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+"
+RDEPEND="${DEPEND}
+	sys-apps/ucspi-tcp
+	virtual/checkpassword
+	virtual/daemontools
+	authcram? ( >=net-mail/cmd5checkpw-0.30 )
+	ssl? (
+		pop3? ( sys-apps/ucspi-ssl )
+	)
+	!mail-mta/courier
+	!mail-mta/esmtp
+	!mail-mta/exim
+	!mail-mta/mini-qmail
+	!mail-mta/msmtp[mta]
+	!mail-mta/nullmailer
+	!mail-mta/opensmtpd
+	!mail-mta/postfix
+	!mail-mta/qmail-ldap
+	!mail-mta/sendmail
+	!mail-mta/ssmtp[mta]
+"
+
+pkg_setup() {
+	if [[ -n "${QMAIL_PATCH_DIR}" ]]; then
+		eerror
+		eerror "The QMAIL_PATCH_DIR variable for custom patches"
+		eerror "has been removed from ${PN}. If you need custom patches"
+		eerror "see 'user patches' in the portage manual."
+		eerror
+		die "QMAIL_PATCH_DIR is not supported anymore"
+	fi
+}
+
+src_unpack() {
+	genqmail_src_unpack
+	use qmail-spp && qmail_spp_src_unpack
+
+	unpack ${P}.tar.gz
+}
+
+PATCHES=(
+	"${FILESDIR}/${PV}-exit.patch"
+	"${FILESDIR}/${PV}-readwrite.patch"
+	"${DISTDIR}/${QMAIL_LARGE_DNS}"
+	"${FILESDIR}/${PV}-fbsd-utmpx.patch"
+	"${FILESDIR}/${P}-ipme-multiple.patch"
+	"${FILESDIR}/${P}-any-to-cname.patch"
+	"${FILESDIR}/${P}-CVE-2005-1513.patch"
+	"${FILESDIR}/${P}-CVE-2005-1514.patch"
+	"${FILESDIR}/${P}-CVE-2005-1515.patch"
+	"${FILESDIR}/${P}-overflows.patch"
+)
+
+src_prepare() {
+	if ! use vanilla; then
+		if use ssl; then
+			# This patch contains relative paths and needs to be cleaned up.
+			sed 's~^--- \.\./\.\./~--- ~g' \
+				< "${DISTDIR}"/${QMAIL_TLS_F} \
+				> "${T}"/${QMAIL_TLS_F} || die
+			PATCHES+=( "${T}/${QMAIL_TLS_F}"
+				"${DISTDIR}/${QMAIL_TLS_CVE}"
+				"${FILESDIR}/qmail-smtputf8.patch"
+				"${FILESDIR}/qmail-smtputf8-crlf-fix.patch"
+			)
+		fi
+		if use highvolume; then
+			PATCHES+=( "${DISTDIR}/${QMAIL_BIGTODO_F}" )
+		fi
+
+		if use qmail-spp; then
+			if use ssl; then
+				SPP_PATCH="${QMAIL_SPP_S}/qmail-spp-smtpauth-tls-20060105.diff"
+			else
+				SPP_PATCH="${QMAIL_SPP_S}/netqmail-spp.diff"
+			fi
+			# make the patch work with "-p1"
+			sed -e 's#^--- \([Mq]\)#--- a/\1#' -e 's#^+++ \([Mq]\)#+++ b/\1#' -i ${SPP_PATCH} || die
+
+			PATCHES+=( "${SPP_PATCH}" )
+		fi
+	fi
+
+	default
+
+	qmail_src_postunpack
+
+	# Fix bug #33818 but for netqmail (Bug 137015)
+	if ! use authcram; then
+		einfo "Disabled CRAM_MD5 support"
+		sed -e 's,^#define CRAM_MD5$,/*&*/,' -i "${S}"/qmail-smtpd.c || die
+	else
+		einfo "Enabled CRAM_MD5 support"
+	fi
+
+	ht_fix_file Makefile*
+}
+
+src_compile() {
+	qmail_src_compile
+	use qmail-spp && qmail_spp_src_compile
+}
+
+src_install() {
+	qmail_src_install
+}
+
+pkg_postinst() {
+	qmail_queue_setup
+	qmail_rootmail_fixup
+	qmail_tcprules_build
+
+	qmail_config_notice
+	qmail_supervise_config_notice
+	elog
+	elog "If you are looking for documentation, check those links:"
+	elog "https://wiki.gentoo.org/wiki/Virtual_mail_hosting_with_qmail"
+	elog "  -- qmail/vpopmail Virtual Mail Hosting System Guide"
+	elog "http://www.lifewithqmail.com/"
+	elog "  -- Life with qmail"
+	elog
+}
+
+pkg_preinst() {
+	qmail_tcprules_fixup
+}
+
+pkg_config() {
+	# avoid some weird locale problems
+	export LC_ALL=C
+
+	qmail_config_fast
+	qmail_tcprules_config
+	qmail_tcprules_build
+
+	use ssl && qmail_ssl_generate
+}